Merge pull request #121 from swcurran/main

main for 1.0.0rc4

docs/CONTRIBUTING.md

@@ -19,7 +19,7 @@ Contributions are made pursuant to the Developer's Certificate of Origin, availa
 
 A configuration for [pre-commit](https://pre-commit.com/) is included in this repository. This is an optional tool to help contributors commit code that follows the formatting requirements enforced by the CI pipeline. Additionally, it can be used to help contributors write descriptive commit messages that can be parsed by changelog generators.
 
-On each commit, pre-commit hooks will run that verify the committed code complies with ruff and is formatted with black. To install the ruff and black checks:
+On each commit, pre-commit hooks will run that verify the committed code complies and formats with ruff. To install the ruff checks:
 
 ```bash
 pre-commit install

docs/deploying/ContainerImagesAndGithubActions.md

@@ -22,22 +22,18 @@ Multiple variants are available; see [Tags](#tags).
 
 ACA-Py is a foundation for building decentralized identity applications; to this
 end, there are multiple variants of ACA-Py built to suit the needs of a variety
-of environments and workflows. There are currently two main variants:
+of environments and workflows. The following variants exist:
 
 - "Standard" - The default configuration of ACA-Py, including:
   - Aries Askar for secure storage
   - Indy VDR for Indy ledger communication
   - Indy Shared Libraries for AnonCreds
-- "Indy" - The legacy configuration of ACA-Py, including:
-  - Indy SDK Wallet for secure storage
-  - Indy SDK Ledger for Indy ledger communication
-  - Indy SDK for AnonCreds
 
-These two image variants are largely distinguished by providers for Indy Network
-and AnonCreds support. The Standard variant is recommended for new projects.
-Migration from an Indy based image (whether the new Indy image variant or the
-original BC Gov images) to the Standard image is outside of the scope of this
-document.
+In the past, two image variants were published. These two variants are largely
+distinguished by providers for Indy Network and AnonCreds support. The Standard
+variant is recommended for new projects. Migration from an Indy based image
+(whether the new Indy image variant or the original BC Gov images) to the
+Standard image is outside of the scope of this document.
 
 The ACA-Py images built by this project are tagged to indicate which of the
 above variants it is. Other tags may also be generated for use by developers.
@@ -48,8 +44,6 @@ Tag                     | Variant  | Example                  | Description
 ------------------------|----------|--------------------------|-------------------------------------------------------------------------------------------------|
 py3.9-X.Y.Z             | Standard | py3.9-0.7.4              | Standard image variant built on Python 3.9 for ACA-Py version X.Y.Z                             |
 py3.10-X.Y.Z            | Standard | py3.10-0.7.4             | Standard image variant built on Python 3.10 for ACA-Py version X.Y.Z                            |
-py3.9-indy-A.B.C-X.Y.Z  | Indy     | py3.9-indy-1.16.0-0.7.4  | Standard image variant built on Python 3.9 for ACA-Py version X.Y.Z and Indy SDK Version A.B.C  |
-py3.10-indy-A.B.C-X.Y.Z | Indy     | py3.10-indy-1.16.0-0.7.4 | Standard image variant built on Python 3.10 for ACA-Py version X.Y.Z and Indy SDK Version A.B.C |
 
 ### Image Comparison
 
@@ -63,7 +57,7 @@ variants and between the BC Gov ACA-Py images.
   - Uses container's system python environment rather than `pyenv`
   - Askar and Indy Shared libraries are installed as dependencies of ACA-Py through pip from pre-compiled binaries included in the python wrappers
   - Built from repo contents
-- Indy Image
+- Indy Image (no longer produced but included here for clarity)
   - Based on slim variant of Debian
   - Built from multi-stage build step (`indy-base` in the Dockerfile) which includes Indy dependencies; this could be replaced with an explicit `indy-python` image from the Indy SDK repo
   - Includes `libindy` but does **NOT** include the Indy CLI
@@ -86,24 +80,19 @@ variants and between the BC Gov ACA-Py images.
 
 - Tests (`.github/workflows/tests.yml`) - A reusable workflow that runs tests
   for the Standard ACA-Py variant for a given python version.
-- Tests (Indy) (`.github/workflows/tests-indy.yml`) - A reusable workflow that
-  runs tests for the Indy ACA-Py variant for a given python and indy version.
 - PR Tests (`.github/workflows/pr-tests.yml`) - Run on pull requests; runs tests
-  for the Standard and Indy ACA-Py variants for a "default" python version.
-  Check this workflow for the current default python and Indy versions in use.
+  for the Standard ACA-Py variant for a "default" python version.
+  Check this workflow for the current default python version in use.
 - Nightly Tests (`.github/workflows/nightly-tests.yml`) - Run nightly; runs
-  tests for the Standard and Indy ACA-Py variants for all currently supported
+  tests for the Standard ACA-Py variant for all currently supported
   python versions. Check this workflow for the set of currently supported
-  versions and Indy version(s) in use.
+  versions in use.
 - Publish (`.github/workflows/publish.yml`) - Run on new release published or
   when manually triggered; builds and pushes the Standard ACA-Py variant to the
   Github Container Registry.
-- Publish (Indy) (`.github/workflows/publish-indy.yml`) - Run on new release
-  published or when manually triggered; builds and pushes the Indy ACA-Py
-  variant to the Github Container Registry.
 - Integration Tests (`.github/workflows/integrationtests.yml`) - Run on pull
   requests (to the hyperledger fork only); runs BDD integration tests.
-- Black Format (`.github/workflows/blackformat.yml`) - Run on pull requests;
+- Format (`.github/workflows/format.yml`) - Run on pull requests;
   checks formatting of files modified by the PR.
 - CodeQL (`.github/workflows/codeql.yml`) - Run on pull requests; performs
   CodeQL analysis.

docs/design/UpgradeViaApi.md

@@ -0,0 +1,103 @@
+# Upgrade via API Design
+
+#### To isolate an upgrade process and trigger it via API the following pattern was designed to handle multitenant scenarios. It includes an is_upgrading record in the wallet(DB) and a middleware to prevent requests during the upgrade process.
+
+#### The diagam below descripes the sequence of events for the anoncreds upgrade process which it was designed for, but the architecture can be used for any upgrade process.
+
+```mermaid
+sequenceDiagram
+    participant A1 as Agent 1
+    participant M1 as Middleware
+    participant IAS1 as IsAnoncredsSingleton Set
+    participant UIPS1 as UpgradeInProgressSingleton Set
+    participant W as Wallet (DB)
+    participant UIPS2 as UpgradeInProgressSingleton Set
+    participant IAS2 as IsAnoncredsSingleton Set
+    participant M2 as Middleware
+    participant A2 as Agent 2
+
+    Note over A1,A2: Start upgrade for non-anoncreds wallet
+    A1->>M1: POST /anoncreds/wallet/upgrade
+    M1-->>IAS1: check if wallet is in set
+    IAS1-->>M1: wallet is not in set
+    M1-->>UIPS1: check if wallet is in set
+    UIPS1-->>M1: wallet is not in set
+    M1->>A1: OK
+    A1-->>W: Add is_upgrading = anoncreds_in_progress record
+    A1->>A1: Upgrade wallet
+    A1-->>UIPS1: Add wallet to set
+
+    Note over A1,A2: Attempted Requests During Upgrade
+
+    Note over A1: Attempted Request
+    A1->>M1: GET /any-endpoint
+    M1-->>IAS1: check if wallet is in set
+    IAS1-->>M1: wallet is not in set
+    M1-->>UIPS1: check if wallet is in set
+    UIPS1-->>M1: wallet is in set
+    M1->>A1: 503 Service Unavailable
+
+    Note over A2: Attempted Request
+    A2->>M2: GET /any-endpoint
+    M2-->>IAS2: check if wallet is in set
+    IAS2->>M2: wallet is not in set
+    M2-->>UIPS2: check if wallet is in set
+    UIPS2-->>M2: wallet is not in set
+    A2-->>W: Query is_upgrading = anoncreds_in_progress record
+    W-->>A2: record = anoncreds_in_progress
+    A2->>A2: Loop until upgrade is finished in seperate process
+    A2-->>UIPS2: Add wallet to set
+    M2->>A2: 503 Service Unavailable
+
+    Note over A1,A2: Agent Restart During Upgrade
+    A1-->>W: Get is_upgrading record for wallet or all subwallets
+    W-->>A1: 
+    A1->>A1: Resume upgrade if in progress
+    A1-->>UIPS1: Add wallet to set
+
+    Note over A2: Same as Agent 1
+
+    Note over A1,A2: Upgrade Completes
+
+    Note over A1: Finish Upgrade
+    A1-->>W: set is_upgrading = anoncreds_finished
+    A1-->>UIPS1: Remove wallet from set
+    A1-->>IAS1: Add wallet to set
+    A1->>A1: update subwallet or restart
+
+    Note over A2: Detect Upgrade Complete
+    A2-->>W: Check is_upgrading = anoncreds_finished
+    W-->>A2: record = anoncreds_in_progress
+    A2->>A2: Wait 1 second
+    A2-->>W: Check is_upgrading = anoncreds_finished
+    W-->>A2: record = anoncreds_finished
+    A2-->>UIPS2: Remove wallet from set
+    A2-->>IAS2: Add wallet to set
+    A2->>A2: update subwallet or restart
+
+    Note over A1,A2: Restarted Agents After Upgrade
+
+    A1-->W: Get is_upgrading record for wallet or all subwallets
+    W-->>A1: 
+    A1->>IAS1: Add wallet to set if record = anoncreds_finished
+
+    Note over A2: Same as Agent 1
+
+    Note over A1,A2: Attempted Requests After Upgrade
+
+    Note over A1: Attempted Request
+    A1->>M1: GET /any-endpoint
+    M1-->>IAS1: check if wallet is in set
+    IAS1-->>M1: wallet is in set
+    M1-->>A1: OK
+
+    Note over A2: Same as Agent 1
+```
+
+
+##### An example of the implementation can be found via the anoncreds upgrade components.
+    - `aries_cloudagent/wallet/routes.py` in the `upgrade_anoncreds` controller 
+    - the upgrade code in `wallet/anoncreds_upgrade.py`
+    - the middleware in `admin/server.py` in the `upgrade_middleware` function
+    - the singleton sets in `wallet/singletons.py`
+    - the startup process in `core/conductor.py` in the `check_for_wallet_upgrades_in_progress` function