-
Notifications
You must be signed in to change notification settings - Fork 516
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BREAKING: VCHolder multitenant binding #3391
Conversation
@jamshale the missing tenant auth would be on me as I added this route. As for the soft binding I'm not aware of it's concept and seems to be at another layer in the code. Great find |
The goal of the "soft binding" was to enable binding a separate vc holder implementation to, for example, delegate storage of credentials to an external service. This was a need that we had but it would seem I didn't consider implications on multi-tenancy deeply enough. |
I'd like to take just a bit of time to understand how the soft binding caused this behavior. I'll report back very soon or else we can go ahead and merge with Patrick's approval. |
No problem, let's wait a bit then. |
Signed-off-by: jamshale <jamiehalebc@gmail.com>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Discussed in discord but for posterity's sake recording the discussion here. I pulled down Jamie's changes and dug around a bit and came up with a solution that enable us to retain the soft binding while making sure the correct profile was being used with the VC Holder interface. I also did a bit of tuning on the VC routes open api, building off of the updates Jamie had already made, correcting a few more things that were causing the OpenAPI to not accurately reflect what the endpoints expected. One of those changes included making the return value of This does technically constitute a breaking change and also means that this endpoint no longer perfectly aligns with https://w3c-ccg.github.io/vc-api/#get-credentials. @PatStLouis recommended we go ahead with this change regardless. |
Signed-off-by: Daniel Bluhm <dbluhm@pm.me>
Quality Gate failedFailed conditions |
I will suggest the same change to the vc-api group so we maintain alignment. |
@@ -153,7 +160,7 @@ async def store_credential_route(request: web.BaseRequest): | |||
options = LDProofVCOptions.deserialize(options) | |||
|
|||
await manager.verify_credential(vc) | |||
await manager.store_credential(vc, options, cred_id) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The intention here was to enable the controller to set tags and pass them through options if they want to build a custom tag querying integration. This can be revisited at a later time, and we would likely provide the tags directly to the store_credential function instead of the options object.
Can someone please put into a comment a paragraph about the breaking change.
|
I'm going to squash and merge this soon. I can look into the backports after. |
We can safely ignore Sonar Cloud's complaint; most of the lines it's complaining about are just OpenAPI schemas and the remainder are covered by the scenario testing. |
Prepping the 0.12.lts release -- what has the bug that resulted in this change being made? The impact is clear, but not the why the change had to be made. Would also like to characterize what kind of ACA-Py deployment would be impacted. I think it is just those using VC-LD, right? |
@daniel can probably explain better but this was causing issues anywhere the I think multitenancy holders aren't a very common use case. Likely why it wasn't tested and didn't get reported/found until now. |
We need to do the other patch releases as well. Wanted to do the oldest/hardest one first. |
I think it is that a VC received into one tenant wallet, and as a result was visible in all tenant wallets. Right? |
Yes. Kind of. The VC would end up in the admin wallet. It was visible to the admin wallet. Not all wallets. It looked like it was available to all wallets in admin insecure mode. |
It was actually getting issued to the admin wallet instead of the tenant wallet. |
I know this
"soft binding"
was done for a reason, but it appears the multitenant storage issue is happening because of it. It was causing credentials to be stored in the base wallet. It's the only class with the soft binding.Also for some reason the tenant authentication method was missing on this endpoint for some reason and had no openapi examples :/
@dbluhm Do you have insight into the soft_binding? I can't really remember what it's for.