Merge branch '2.0-development' into feature/helm-chart-releaser

.gitignore

@@ -257,6 +257,11 @@ Pipfile.lock
 
 .vscode/
 
+###
+### Vim
+###
+.swp
+
 ###
 ### MacOS
 ###

demo/vue/Dockerfile

@@ -1,10 +1,9 @@
-FROM docker.io/node:16.15.0-alpine
-
+FROM docker.io/node:16-buster
 ENV NO_UPDATE_NOTIFIER=true
 WORKDIR /opt/app-root/src/app
 COPY . /opt/app-root/src
 RUN npm run all:ci \
   && npm run all:build \
-  && npm run frontend:purge 
+  && npm run frontend:purge
 EXPOSE 8000
-CMD ["npm", "run", "start"]
+CMD ["npm", "run", "start"]

docker/docker-compose-ngrok.yaml

@@ -3,11 +3,11 @@ services:
   controller-ngrok:
     image: ngrok/ngrok
     environment:
-      - CONTROLLER_SERVICE_PORT=5000
+      - CONTROLLER_SERVICE_PORT=${CONTROLLER_SERVICE_PORT}
       - NGROK_AUTHTOKEN=${NGROK_AUTHTOKEN}
     ports:
       - 4056:4040
-    command: http controller:5000 --log stdout
+    command: http controller:${CONTROLLER_SERVICE_PORT} --log stdout
     networks:
       - vc_auth
 

docker/docker-compose.yaml

@@ -49,22 +49,26 @@ services:
       - vc_auth
 
   keycloak:
-    image: jboss/keycloak:16.0.0
+    image: quay.io/keycloak/keycloak:22.0
+    command: start-dev --import-realm --http-relative-path=/auth
     ports:
       - 8880:8080
     volumes:
-      - ./keycloak/config:/tmp
+      - ./keycloak/config:/opt/keycloak/data/import
     environment:
-      DB_VENDOR: ${KEYCLOAK_DB_VENDOR}
-      DB_ADDR: ${KEYCLOAK_DB_ADDR}
-      DB_DATABASE: ${KEYCLOAK_DB_NAME}
-      DB_USER: ${KEYCLOAK_DB_USER}
-      DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
-      KEYCLOAK_USER: ${KEYCLOAK_USER}
-      KEYCLOAK_PASSWORD: ${KEYCLOAK_PASSWORD}
-      KEYCLOAK_LOGLEVEL: ${KEYCLOAK_LOGLEVEL}
-      ROOT_LOGLEVEL: ${KEYCLOAK_ROOT_LOGLEVEL}
-      KEYCLOAK_IMPORT: ${KEYCLOAK_IMPORT}
+      KC_DB: ${KEYCLOAK_DB_VENDOR}
+      KC_DB_URL: jdbc:postgresql://${KEYCLOAK_DB_ADDR}/keycloak
+      # DB_DATABASE: ${KEYCLOAK_DB_NAME}
+      KC_DB_USERNAME: ${KEYCLOAK_DB_USER}
+      KC_DB_PASSWORD: ${KEYCLOAK_DB_PASSWORD}
+      KEYCLOAK_ADMIN: ${KEYCLOAK_USER}
+      KEYCLOAK_ADMIN_PASSWORD: ${KEYCLOAK_PASSWORD}
+      # KEYCLOAK_LOGLEVEL: ${KEYCLOAK_LOGLEVEL}
+      # ROOT_LOGLEVEL: ${KEYCLOAK_ROOT_LOGLEVEL}
+      #
+      # The following parameter addresses a redirect error on logout in later (post KC 16 at least).
+      # It may be fixable by updating the vue app as well -- google "keycloak error Invalid parameter: redirect_uri"
+      KC_SPI_LOGIN_PROTOCOL_OPENID_CONNECT_LEGACY_LOGOUT_REDIRECT_URI: true
     depends_on:
       - keycloak-db
     networks:
@@ -82,7 +86,7 @@ services:
       - vc_auth
 
   aca-py:
-    image: bcgovimages/aries-cloudagent:py36-1.16-1_0.8.1
+    image: ghcr.io/hyperledger/aries-cloudagent-python:py3.9-0.9.0
     environment:
       - ACAPY_LABEL=${AGENT_NAME}
       - ACAPY_ENDPOINT=${AGENT_ENDPOINT}

docker/keycloak/config/keycloak_import.json

@@ -28,7 +28,7 @@
   "oauth2DeviceCodeLifespan": 600,
   "oauth2DevicePollingInterval": 5,
   "enabled": true,
-  "sslRequired": "external",
+  "sslRequired": "none",
   "registrationAllowed": false,
   "registrationEmailAsUsername": false,
   "rememberMe": false,

docker/manage

@@ -157,7 +157,7 @@ configureEnvironment() {
 
 
   # controller
-  export CONTROLLER_SERVICE_PORT=5000
+  export CONTROLLER_SERVICE_PORT=${CONTROLLER_SERVICE_PORT:-5000}
   export CONTROLLER_URL="${CONTROLLER_URL:-http://controller:5000}"
   export CONTROLLER_WEB_HOOK_URL=${CONTROLLER_WEB_HOOK_URL:-${CONTROLLER_URL}/webhooks}
   if [ ! -z "${CONTROLLER_API_KEY}" ]; then
@@ -199,11 +199,10 @@ configureEnvironment() {
   export KEYCLOAK_DB_PASSWORD="keycloak"
 
   # keycloak
-  export KEYCLOAK_DB_VENDOR="POSTGRES"
+  export KEYCLOAK_DB_VENDOR="postgres"
   export KEYCLOAK_DB_ADDR="keycloak-db"
   export KEYCLOAK_USER="admin"
   export KEYCLOAK_PASSWORD="admin"
-  export KEYCLOAK_IMPORT="/tmp/keycloak_import.json"
   export KEYCLOAK_LOGLEVEL="WARN"
   export KEYCLOAK_ROOT_LOGLEVEL="WARN"
 
@@ -275,6 +274,13 @@ initializeUserPrompts() {
   fi
   ######
 
+  # Set CONTROLLER_SERVICE_PORT for the ngrok service to use
+  if [ ! -z "$CONTROLLER_SERVICE_PORT" ]; then
+    echo "CONTROLLER_SERVICE_PORT=${CONTROLLER_SERVICE_PORT}" >> .env
+  else
+    echo "CONTROLLER_SERVICE_PORT=5000" >> .env
+  fi
+
   PS3="Is your agent single-tenant or multi-tenant? "
   select opt in "Single-Tenant" "Multi-Tenant/Traction" "Quit"; do
     case $REPLY in
@@ -346,27 +352,51 @@ function setNgrokEndpoints() {
   fi
 
   echoInfo "Determining ngrok url for controller service..."
-  docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:4056/api/tunnels > controller-ngrok.json
-  NGROK_CONTROLLER_URL=$(docker run --rm -i stedolan/jq < controller-ngrok.json --raw-output '.tunnels | map(select(.name=="command_line")) | .[0] | .public_url')
-  if [ -z "$NGROK_CONTROLLER_URL" ]; then
-    echoError "It was not possible to establish a connection with ngrok, please check the ngrok container logs for errors."
-    exit 1
-  fi
+  getNgrokUrl http://${DOCKERHOST}:4056/api/tunnels controller-ngrok.json NGROK_CONTROLLER_URL
   export CONTROLLER_URL=${NGROK_CONTROLLER_URL}
   echoSuccess "The controller url is: ${NGROK_CONTROLLER_URL}"
 
   echoInfo "Determining ngrok url for agent service..."
-  docker run --rm curlimages/curl -L -s http://${DOCKERHOST}:${NGROK_AGENT_PORT}/api/tunnels > agent-ngrok.json
-  NGROK_AGENT_URL=$(docker run --rm -i stedolan/jq < agent-ngrok.json --raw-output '.tunnels | map(select(.name=="command_line")) | .[0] | .public_url')
-  if [ -z "$NGROK_AGENT_URL" ]; then
-    echoError "It was not possible to establish a connection with ngrok, please check the ngrok container logs for errors."
-    exit 1
-  fi
+  getNgrokUrl http://${DOCKERHOST}:${NGROK_AGENT_PORT}/api/tunnels agent-ngrok.json NGROK_AGENT_URL
   export AGENT_ENDPOINT=${NGROK_AGENT_URL}
   echoSuccess "The agent url is: ${NGROK_AGENT_URL}"
+}
+
+function getNgrokUrl() {
+  _url=$1
+  _output_file=$2
+  _target_variable=$3
 
-  rm *-ngrok.json
+  function extractUrl() {
+    docker run --rm curlimages/curl -L -s $_url > $_output_file
+    NGROK_URL=$(docker run --rm -i ghcr.io/jqlang/jq:1.7rc1 < $_output_file --raw-output '.tunnels | map(select(.name=="command_line")) | .[0] | .public_url')
+
+    if [ -z "${NGROK_URL}" ] || [ "null" = "${NGROK_URL}" ]; then
+      return 1
+    else
+      return 0
+    fi
+  }
+
+  local startTime=${SECONDS}
+  local timeout=${TIMEOUT:-60}
+  while ! extractUrl; do
+    printf "."
+    local duration=$(($SECONDS - $startTime))
+    if (( ${duration} >= ${timeout} )); then
+      echoError "It was not possible to establish a connection with ngrok, please check ${_output_file} and the ngrok container logs for errors."
+      rtnCd=1
+      break
+    fi
+    sleep 1
+  done
+
+  rm $_output_file
+
+  # assign value to target variable
+  printf -v "$_target_variable" "%s" "$NGROK_URL"
 }
+
 # =================================================================================================================
 
 pushd ${SCRIPT_HOME} >/dev/null

docs/2_0_ConfigurationGuid.md

@@ -3,3 +3,6 @@
 | ------------------------ | ---- | ---------------------------------------------- |-|
 | SET_NON_REVOKED          | bool | if True, the `non_revoked` attributed  will be added to each of the present-proof request `requested_attribute` and `requested_predicate` with 'from=0' and'to=`int(time.time())`||
 | USE_OOB_PRESENT_PROOF    | bool | if True, the present-proof request will be provided as a an [out of band](https://github.com/hyperledger/aries-rfcs/tree/main/features/0434-outofband) invitation with a [present-proof](https://github.com/hyperledger/aries-rfcs/tree/main/features/0037-present-proof) request inside. If False, the present-proof request will be use the [service-decorator](https://github.com/hyperledger/aries-rfcs/tree/main/features/0056-service-decorator)|**TRUE:** BC Wallet supports our OOB Message with a minor glitch, BiFold, Lissi, Trinsic, and Estatus all read the QR code as 'Invalid' **FALSE:** Works with|
+| LOG_WITH_JSON            | bool | If True, logging output should printed as JSON if False it will be pretty printed.| Default behavior will print as JSON. |
+| LOG_TIMESTAMP_FORMAT     | string | determines the timestamp formatting used in logs | Default is "iso" |
+| LOG_LEVEL                | "DEBUG", "INFO", "WARNING", or "ERROR" | sets the minimum log level that will be printed to standard out| Defaults to DEBUG |

oidc-controller/api/authSessions/crud.py

@@ -1,4 +1,4 @@
-import logging
+import structlog
 
 from typing import Union
 from pymongo import ReturnDocument
@@ -16,7 +16,7 @@
 from api.db.session import COLLECTION_NAMES
 
 
-logger = logging.getLogger(__name__)
+logger: structlog.typing.FilteringBoundLogger = structlog.getLogger(__name__)
 
 
 class AuthSessionCRUD:

oidc-controller/api/clientConfigurations/crud.py

@@ -1,4 +1,4 @@
-import logging
+import structlog
 
 from typing import List
 from pymongo import ReturnDocument
@@ -17,7 +17,7 @@
 from api.core.oidc.provider import init_provider
 
 
-logger = logging.getLogger(__name__)
+logger: structlog.typing.FilteringBoundLogger = structlog.getLogger(__name__)
 
 
 class ClientConfigurationCRUD:

oidc-controller/api/clientConfigurations/tests/test_cc_crud.py

@@ -10,6 +10,8 @@
 
 from mongomock import MongoClient
 from typing import Callable
+import structlog
+logger = structlog.getLogger(__name__)
 
 
 def test_answer():
@@ -66,22 +68,32 @@ async def test_client_config_delete(db_client: Callable[[], MongoClient]):
     ).find_one({"client_id": test_client_config.client_id})
     assert not document
 
+@pytest.fixture(name="log_output")
+def fixture_log_output():
+    return structlog.testing.LogCapture()
+
+@pytest.fixture(autouse=True)
+def fixture_configure_structlog(log_output):
+    structlog.configure(
+        processors=[log_output]
+    )
 
 @pytest.mark.asyncio
-async def test_client_config_patch(db_client: Callable[[], MongoClient]):
+async def test_client_config_patch(db_client: Callable[[], MongoClient], log_output):
     client = db_client()
     crud = ClientConfigurationCRUD(client.db)
 
     client.db.get_collection(COLLECTION_NAMES.CLIENT_CONFIGURATIONS).insert_one(
         test_client_config.dict()
     )
 
+    assert log_output.entries == []
+
     result = await crud.patch(
         test_client_config.client_id,
         ClientConfigurationPatch(client_secret="patched_client_secret"),
     )
     assert result
-
     document = client.db.get_collection(
         COLLECTION_NAMES.CLIENT_CONFIGURATIONS
     ).find_one({"client_id": test_client_config.client_id})

oidc-controller/api/core/acapy/client.py

@@ -1,14 +1,14 @@
 import requests
 import json
-import logging
+import structlog
 from typing import Optional, Union
 from uuid import UUID
 from .models import WalletDid, CreatePresentationResponse
 from ..config import settings
 from .config import AgentConfig, MultiTenantAcapy, SingleTenantAcapy
 
 _client = None
-logger = logging.getLogger(__name__)
+logger = structlog.getLogger(__name__)
 
 WALLET_DID_URI = "/wallet/did"
 PUBLIC_WALLET_DID_URI = "/wallet/did/public"

oidc-controller/api/core/acapy/config.py

@@ -1,13 +1,13 @@
 import requests
-import logging
+import structlog
 import json
 
 from functools import cache
 from typing import Dict, Protocol
 
 from ..config import settings
 
-logger = logging.getLogger(__name__)
+logger = structlog.getLogger(__name__)
 
 
 class AgentConfig(Protocol):