diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index e1b81befda..ed283fffc3 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -16,8 +16,6 @@ RUN curl -sSL https://install.python-poetry.org | python3 - \ && echo "fpath+=~/.zfunc\nautoload -Uz compinit && compinit" >> /home/vscode/.zshrc COPY pyproject.toml poetry.lock ./ -# we do not want the packages defined for this install, comment out the line. -RUN sed -i 's/^[^#]*packages/#&/' pyproject.toml RUN poetry config virtualenvs.create false \ - && poetry install --no-interaction --all-extras \ + && poetry install --no-root --no-interaction --all-extras \ && rm -rf /root/.cache/pypoetry \ No newline at end of file diff --git a/.devcontainer/post-install.sh b/.devcontainer/post-install.sh index ef655e7585..359914cd9d 100644 --- a/.devcontainer/post-install.sh +++ b/.devcontainer/post-install.sh @@ -9,4 +9,7 @@ python -m pip install --upgrade pip pip3 install -r demo/requirements.txt -r demo/requirements.behave.txt # install black for formatting -pip3 install black \ No newline at end of file +pip3 install black + +# install a version of aries-cloudagent so the pytests can pick up a version +pip3 install aries-cloudagent \ No newline at end of file diff --git a/.dockerignore b/.dockerignore index 7ea06888de..c4b697151c 100644 --- a/.dockerignore +++ b/.dockerignore @@ -9,3 +9,4 @@ test-reports .python-version docker env +.venv diff --git a/.vscode-sample/launch.json b/.vscode-sample/launch.json index f3af717a1b..2eae0a1f9f 100644 --- a/.vscode-sample/launch.json +++ b/.vscode-sample/launch.json @@ -16,34 +16,37 @@ ] }, { - "name": "flake8 - aries_cloudagent", + "name": "ruff - aries_cloudagent", "type": "python", "request": "launch", - "module": "flake8", + "module": "ruff", "console": "integratedTerminal", + "sudo": true, "justMyCode": true, "cwd": "${workspaceFolder}/aries_cloudagent", - "args": [ - "--max-line-length=90", - "--exclude=*/tests/**", - "--extend-ignore=D202,W503", - "--per-file-ignores=*/__init__.py:D104" - ], + "args": ["check", "."], }, { - "name": "flake8 - current file", + "name": "ruff fix - aries_cloudagent", "type": "python", "request": "launch", - "module": "flake8", + "module": "ruff", "console": "integratedTerminal", + "sudo": true, "justMyCode": true, - "args": [ - "--max-line-length=90", - "--exclude=*/tests/**", - "--extend-ignore=D202,W503", - "--per-file-ignores=*/__init__.py:D104", - "${file}" - ], + "cwd": "${workspaceFolder}/aries_cloudagent", + "args": ["check", ".", "--fix"], + }, + { + "name": "ruff - current file", + "type": "python", + "request": "launch", + "module": "ruff", + "console": "integratedTerminal", + "sudo": true, + "justMyCode": true, + "cwd": "${workspaceFolder}/aries_cloudagent", + "args": ["check", ".", "${file}"], }, { "name": "black (check) - aries_cloudagent", diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 51d59a2c0b..c428e49f90 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -19,7 +19,7 @@ Contributions are made pursuant to the Developer's Certificate of Origin, availa A configuration for [pre-commit](https://pre-commit.com/) is included in this repository. This is an optional tool to help contributors commit code that follows the formatting requirements enforced by the CI pipeline. Additionally, it can be used to help contributors write descriptive commit messages that can be parsed by changelog generators. -On each commit, pre-commit hooks will run that verify the committed code complies with flake8 and is formatted with black. To install the flake8 and black checks: +On each commit, pre-commit hooks will run that verify the committed code complies with ruff and is formatted with black. To install the ruff and black checks: ``` $ pre-commit install diff --git a/DevReadMe.md b/DevReadMe.md index db1262054a..3a50a02b2e 100644 --- a/DevReadMe.md +++ b/DevReadMe.md @@ -211,7 +211,7 @@ The `manage` script is described in detail [here](https://github.com/hyperledger ## Development Workflow -We use [Flake8](http://flake8.pycqa.org/en/latest/) to enforce a coding style guide. +We use [Ruff](https://github.com/astral-sh/ruff) to enforce a coding style guide. We use [Black](https://black.readthedocs.io/en/stable/) to automatically format code. diff --git a/aries_cloudagent/ledger/indy.py b/aries_cloudagent/ledger/indy.py index 34e216339a..e21178f01f 100644 --- a/aries_cloudagent/ledger/indy.py +++ b/aries_cloudagent/ledger/indy.py @@ -981,7 +981,11 @@ def taa_rough_timestamp(self) -> int: Anything more accurate is a privacy concern. """ - return int(datetime.combine(date.today(), datetime.min.time()).timestamp()) + return int( + datetime.combine( + date.today(), datetime.min.time(), datetime.timezone.utc + ).timestamp() + ) async def accept_txn_author_agreement( self, taa_record: dict, mechanism: str, accept_time: int = None diff --git a/aries_cloudagent/ledger/indy_vdr.py b/aries_cloudagent/ledger/indy_vdr.py index c6a3da3b1b..1ac34a3c99 100644 --- a/aries_cloudagent/ledger/indy_vdr.py +++ b/aries_cloudagent/ledger/indy_vdr.py @@ -921,7 +921,11 @@ def taa_rough_timestamp(self) -> int: Anything more accurate is a privacy concern. """ - return int(datetime.combine(date.today(), datetime.min.time()).timestamp()) + return int( + datetime.combine( + date.today(), datetime.min.time(), datetime.timezone.utc + ).timestamp() + ) async def accept_txn_author_agreement( self, taa_record: dict, mechanism: str, accept_time: int = None diff --git a/aries_cloudagent/messaging/valid.py b/aries_cloudagent/messaging/valid.py index 52fb123f35..08bf05f8a7 100644 --- a/aries_cloudagent/messaging/valid.py +++ b/aries_cloudagent/messaging/valid.py @@ -792,10 +792,10 @@ def __call__(self, value): if "id" in subject: uri_validator = Uri() try: - uri_validator(value["id"]) + uri_validator(subject["id"]) except ValidationError: raise ValidationError( - f"credential subject id {value[0]} must be URI" + f'credential subject id {subject["id"]} must be URI' ) from None return value diff --git a/devcontainer.md b/devcontainer.md index 2d9d42ca78..48f86386e7 100644 --- a/devcontainer.md +++ b/devcontainer.md @@ -75,7 +75,7 @@ In VS Code, open a Terminal, you should be able to run the following commands: ``` python -m aries_cloudagent -v cd aries_cloudagent -flake8 --max-line-length=90 --exclude=*/tests/** --extend-ignore=D202,W503 --per-file-ignores=*/__init__.py:D104 +ruff check . black . --check ``` diff --git a/docker/Dockerfile.test b/docker/Dockerfile.test index 94c05cfc8c..02e56380a3 100644 --- a/docker/Dockerfile.test +++ b/docker/Dockerfile.test @@ -12,8 +12,9 @@ WORKDIR /usr/src/app RUN pip install --no-cache-dir poetry ADD ./README.md pyproject.toml ./poetry.lock ./ +RUN mkdir aries_cloudagent && touch aries_cloudagent/__init__.py -RUN poetry install --no-root --no-directory -E "askar bbs" +RUN poetry install --no-directory -E "askar bbs" --with=dev ADD . . diff --git a/docs/GettingStartedAriesDev/CredentialRevocation.md b/docs/GettingStartedAriesDev/CredentialRevocation.md index 46f9426fe5..1967a68822 100644 --- a/docs/GettingStartedAriesDev/CredentialRevocation.md +++ b/docs/GettingStartedAriesDev/CredentialRevocation.md @@ -246,7 +246,7 @@ thread ID and comment is emitted to registered webhook urls. ## Manually Creating Revocation Registries -> NOTE: This capability is deprecated and will likely be removed entirely in an upcoming release of ACA-Py. +> NOTE: This capability is deprecated and will likely be removed entirely in an upcoming release of ACA-Py. The process for creating revocation registries is completely automated - when you create a Credential Definition with revocation enabled, a revocation registry is automatically created (in fact 2 registries are created), and when a registry fills up, a new one is automatically created. @@ -276,14 +276,16 @@ There are several endpoints that must be called, and they must be called in this - the tails server will check that the registry definition is already written to the ledger -## Revocation Registry Rotation +5. Post the initial accumulator value to the ledger `POST /revocation/registry/{rev_reg_id}/entry` -From time to time an Issuer may want to issue credentials from a new Revocation Registry. That can be done by changing the Credential Definition, but that could impact verifiers. -Revocation Registries go through a series of state changes: `init`, `generated`, `posted`, `active`, `full`, `decommissioned`. When issuing revocable credentials, the work is done with the `active` registry record. There are always 2 `active` registry records: one for tracking revocation until it is full, and the second to act as a "hot swap" in case issuance is done when the primary is full and being replaced. This ensures that there is always an `active` registry. When rotating, all registry records (except records in `init` state) are `decommissioned` and a new pair of `active` registry records are created. - -Issuers can rotate their Credential Definition Revocation Registry records with a simple call: `POST /revocation/active-registry/{cred_def_id}/rotate` + - if you are an author (i.e. have a DID with restricted ledger write access) then this transaction may need to go through an endorser + - this operation **MUST** be performed on the the new revoc registry def **BEFORE** any revocation operations are performed -It is advised that Issuers ensure the active registry is ready by calling `GET /revocation/active-registry/{cred_def_id}` after rotation and before issuance (if possible). +## Revocation Registry Rotation +From time to time an Issuer may want to issue credentials from a new Revocation Registry. That can be done by changing the Credential Definition, but that could impact verifiers. +Revocation Registries go through a series of state changes: `init`, `generated`, `posted`, `active`, `full`, `decommissioned`. When issuing revocable credentials, the work is done with the `active` registry record. There are always 2 `active` registry records: one for tracking revocation until it is full, and the second to act as a "hot swap" in case issuance is done when the primary is full and being replaced. This ensures that there is always an `active` registry. When rotating, all registry records (except records in `init` state) are `decommissioned` and a new pair of `active` registry records are created. +Issuers can rotate their Credential Definition Revocation Registry records with a simple call: `POST /revocation/active-registry/{cred_def_id}/rotate` +It is advised that Issuers ensure the active registry is ready by calling `GET /revocation/active-registry/{cred_def_id}` after rotation and before issuance (if possible).