Update essential services delivery instances to use ACA-Py 0.7.3(-rc0 or not) and two ledgers about essential-services-delivery HOT 7 CLOSED

Apparently these are all issuer services (issue only no verify) so not sure if adding multi-ledger support makes sense.

The verifier service (that will need the multi-ledger configuration) is here: https://github.com/bcgov/a2a-trust-over-ip-configurations (I believe, @esune ?)

from essential-services-delivery.

Regarding multitenancy, I think you'd need a controller to manage the issuer instances within the multi-tenant aca-py, so a bigger task than just updating some configurations, probably worth a discussion to make sure we're all on the same page regarding the required work etc.

On the plus side you'd be able to (via the new controller) add a new issuer instance fairly easily ...

from essential-services-delivery.

Apparently these are all issuer services (issue only no verify) so not sure if adding multi-ledger support makes sense.

The verifier service (that will need the multi-ledger configuration) is here: https://github.com/bcgov/a2a-trust-over-ip-configurations (I believe, @esune ?)

This is correct: these are just issuer services, so it doesn't make much sense to add multi-ledger support - I think it will just turn into a headache.

Verification is obtained for all these services through vc-authn as part of an OIDC authentication flow. It makes sense to support multi-ledger on those verifiers, for which the configurations are at the link above by @ianco .

The agent and agent-rev configurations can be updated to both use the new aca-py image (see #108 for details on how to do that) and would then be updated to pick up the ledger list from a file. To do this:

1. I would recommend using the environment variables rather than the start command parameters to specify the path to the file containing the configuration.
2. The file will need to be used to generate a configmap that is then mounted to the pod: this needs to be added to the deployment configuration, an example of this is in the essential-services api configuration.
   2.1 An overrides.sh file is used to generate the configmap template, based on files in a named-profile configuration folder (like this one).
   2.2 A volume definition and a matching volumeMount definition will be created to mount the configmap on the running pod.

If possible, I would recommend updating both the profiles (agent and agent-rev) so that they are kept in sync (due to how wallets handle revocation, we need two verifier agents to handle proof-requests with and without revocation).

from essential-services-delivery.

Regarding multitenancy, I think you'd need a controller to manage the issuer instances within the multi-tenant aca-py, so a bigger task than just updating some configurations, probably worth a discussion to make sure we're all on the same page regarding the required work etc.

On the plus side you'd be able to (via the new controller) add a new issuer instance fairly easily ...

I agree it is not a trivial change as it requires more than just configurations (e.g.: issuer-kit needs to be updated to support multi-tenant agents rather than one agent per issuer).

from essential-services-delivery.

Got it about the verifiers -- ignore the comment on the other issue I made a few minutes ago.

The multi-tenancy angle was meant as a thought experiment, not a "please do it" request. I suspect that we wouldn't want to, but it would be good as we go into the Traction Agency work, what it would take. As you mention, probably not a lot less effort -- just that the deployment is just the controller and UI, and the rest of the infrastructure is just a pointer to the Agency. Something like that..??

from essential-services-delivery.

Yes, assuming the code supported already the correct headers to authenticate with the appropriate tenant on a deployed agent, controller + web frontend (and supporting services like the db, if not shared) is what would need to be deployed.

from essential-services-delivery.

The agents have been updated to 0.7.3-RC0

from essential-services-delivery.