# Part 1 - Exploring Sub Wallet Management

This agent has been initialised using the multitenant flag. This means a single ACA-Py instance can be used to manage multiple subwallets. Each tenant gets their own encrypted data storage for managing their own connections, credentials and interactions etc. 

A mutli-tenant ACA-Py instance contains a base wallet that is only capable of managing the creation and deletion of subwallets. Subwallets then must authenticate to the ACA-Py agent using a JWT Token generated when the subwallet is created. A tenant agent can do all funcationality of a standard ACA-Py instance.

### Useful links

* [What is mult-tenancy](https://whatis.techtarget.com/definition/multi-tenancy)
* [ACA-Py mult-tenant documentation](https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md)



### Tutorial Structure

1. Create a subwallet for Alice (this notebook)
2. Authenticate as Alice using the tenant_jwt and configure a mediator
3. Issue Alice a Credential from an External Agent
4. Alice Issues a Credential to the External Agent

### Initialise the multitenant agent controller

In [1]:
%autoawait
import time
import asyncio
import pprint

from aries_basic_controller.aries_controller import AriesAgentController
    
# Create a small utility to print json formatted outout more human-readable    
pp = pprint.PrettyPrinter(indent=4)
    
WEBHOOK_HOST = "0.0.0.0"
WEBHOOK_BASE = ""

WEBHOOK_PORT = 8022
ADMIN_URL = "http://multitenant-agent:8021"

IPython autoawait is `on`, and set to use `asyncio`


In [2]:
# Based on the aca-py agent you wish to control
agent_controller = AriesAgentController(webhook_host=WEBHOOK_HOST, webhook_port=WEBHOOK_PORT,
                                       webhook_base=WEBHOOK_BASE, admin_url=ADMIN_URL, multitenant=True, api_key="password")

### Check for subwallets on the agent

This should yield an empty result, but not error. That means we successfully asked the base wallet of the multitenant agent about subwallets it has stored. ACA-Py instances not in the multitenant configuration will not have access to this API.

In [3]:
response = await agent_controller.multitenant.query_subwallets()
pp.pprint(response)


{'results': []}


### Let's create a subwallet for Alice

Below is an example payload to achieve this. These properties should be fairly familiar to you if you have been through the other tutorials and looked in the manage file before.

A key different is the `key_management_mode` which is this case is set to `managed`. The base wallet, is managing the keys of Alice's agent. Alice is dependent on them to do this trustworthily

In [4]:
## First let's create the payload

payload = {
  "image_url": "https://aries.ca/images/sample.png",
  "key_management_mode": "managed",
  "label": "Alice",
  "wallet_dispatch_type": "default",
  "wallet_key": "MySecretKey123",
  "wallet_name": "AlicesWallet",
  "wallet_type": "indy",
  "wallet_webhook_urls": [
    "http://localhost:8022/webhooks"
  ]
}

In [5]:
## Now, we create the wallet on the agent 
response_alice = await agent_controller.multitenant.create_subwallet(payload)
pp.pprint(response_alice)

{   'created_at': '2021-03-25 16:35:10.755203Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Alice',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': 'b41c01c5-bbc8-4af7-8d0e-71d9366b4fdd',
                    'wallet.name': 'AlicesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': ['http://localhost:8022/webhooks']},
    'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJiNDFjMDFjNS1iYmM4LTRhZjctOGQwZS03MWQ5MzY2YjRmZGQifQ.txXcuMsKleGAY6aW54BUXp54DJ71XqvL5GimOt6rJC8',
    'updated_at': '2021-03-25 16:35:10.755203Z',
    'wallet_id': 'b41c01c5-bbc8-4af7-8d0e-71d9366b4fdd'}


### Let's create another wallet for Joe

Note, that here we have changed the `label` and the `wallet_name` values. The `wallet_name` has to be unique. If you were to try and create another subwallet with the same wallet name, you would receive an error, because wallet names are unique identifiers.

In [6]:
## First let's create the payload

payload = {
  "image_url": "https://aries.ca/images/sample.png",
  "key_management_mode": "managed",
  "label": "Joe",
  "wallet_dispatch_type": "default",
  "wallet_key": "MySecretKey123",
  "wallet_name": "JoesWallet",
  "wallet_type": "indy",
  "wallet_webhook_urls": [
    "http://localhost:8022/webhooks/joe"
  ]
}

In [7]:
## Now, we create the wallet on the agent 

response_joe = await agent_controller.multitenant.create_subwallet(payload)
pp.pprint(response_joe)

{   'created_at': '2021-03-25 16:35:18.054519Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Joe',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': '5f64cb96-363f-486c-aad3-dabc81682080',
                    'wallet.name': 'JoesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': [   'http://localhost:8022/webhooks/joe']},
    'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI1ZjY0Y2I5Ni0zNjNmLTQ4NmMtYWFkMy1kYWJjODE2ODIwODAifQ.O9RqYw_eSHDC9HWntKNWQ1JX4YCK7eY_0THJ30u9L0w',
    'updated_at': '2021-03-25 16:35:18.054519Z',
    'wallet_id': '5f64cb96-363f-486c-aad3-dabc81682080'}


### Extract the wallet ID

The wallet id is a unique identifier created by the ACA-Py instance to identify a particular tenant wallet instance. The base wallet controller can use this when interacting with subwallets through the multitenant API.

In [8]:
wallet_id_alice = response_alice['wallet_id']
wallet_id_joe = response_joe['wallet_id']

print("Alice's ID: " + wallet_id_alice)
print("Joe's ID: "  + wallet_id_joe)

Alice's ID: b41c01c5-bbc8-4af7-8d0e-71d9366b4fdd
Joe's ID: 5f64cb96-363f-486c-aad3-dabc81682080



### Update a single subwallet

Let's update Joe's wallet label to Joeseph via the controller

In [9]:
request_body = {
  "image_url": "https://aries.ca/images/sample.png",
  "label": "Joeseph",
  "wallet_dispatch_type": "default",
  "wallet_webhook_urls": [
    "http://localhost:8022/webhooks"
  ]
}

response = await agent_controller.multitenant.update_subwallet_by_id(request_body, wallet_id_joe)
pp.pprint(response)

{   'created_at': '2021-03-25 16:35:18.054519Z',
    'key_management_mode': 'managed',
    'settings': {   'default_label': 'Joeseph',
                    'image_url': 'https://aries.ca/images/sample.png',
                    'wallet.dispatch_type': 'default',
                    'wallet.id': '5f64cb96-363f-486c-aad3-dabc81682080',
                    'wallet.name': 'JoesWallet',
                    'wallet.type': 'indy',
                    'wallet.webhook_urls': ['http://localhost:8022/webhooks']},
    'updated_at': '2021-03-25 16:35:23.102560Z',
    'wallet_id': '5f64cb96-363f-486c-aad3-dabc81682080'}


### Remove the subwallet from the agent 

We can easily use the controller to remove the subwallets. Note that Joe has no immediate control over the decision of the base wallet controller to remove their wallet. Again Joe trusts the Base controller of the multitenant agent to manage his wallet in good faith, or in line with some contractual agreement etc.

Let's go ahead and remove Joe's wallets from the base wallet.

In [10]:
response_joe = await agent_controller.multitenant.remove_subwallet_by_id(wallet_id_joe)

pp.pprint(response_joe)

{}


### Check Joe's wallet has been removed

This should now give a result only containing Alice's wallet

In [11]:
response_all_wallets = await agent_controller.multitenant.query_subwallets()
# response_single_wallet = await agent_controller.multitenant.get_single_subwallet_by_id(wallet_id)

# print(response_single_wallet)
pp.pprint(response_all_wallets)

{   'results': [   {   'created_at': '2021-03-25 16:35:10.755203Z',
                       'key_management_mode': 'managed',
                       'settings': {   'default_label': 'Alice',
                                       'image_url': 'https://aries.ca/images/sample.png',
                                       'wallet.dispatch_type': 'default',
                                       'wallet.id': 'b41c01c5-bbc8-4af7-8d0e-71d9366b4fdd',
                                       'wallet.name': 'AlicesWallet',
                                       'wallet.type': 'indy',
                                       'wallet.webhook_urls': [   'http://localhost:8022/webhooks']},
                       'updated_at': '2021-03-25 16:35:10.755203Z',
                       'wallet_id': 'b41c01c5-bbc8-4af7-8d0e-71d9366b4fdd'}]}


### Get the auth token for a  subwallet

Subwallets have unique authentication tokens that can be obtained via the controller

In [12]:
response_alice = await agent_controller.multitenant.get_subwallet_authtoken_by_id(wallet_id_alice)

pp.pprint(response_alice)

{   'token': 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJiNDFjMDFjNS1iYmM4LTRhZjctOGQwZS03MWQ5MzY2YjRmZGQifQ.txXcuMsKleGAY6aW54BUXp54DJ71XqvL5GimOt6rJC8'}


## Store Alice's JWT for use in later tutorials

The % is a magic method to store variables from a notebook to the jupyter runtime

In [13]:
alice_jwt = response_alice["token"]
%store alice_jwt

Stored 'alice_jwt' (str)


### Terminate the controller

Let's alos terminate the controller.

In [14]:
response = await agent_controller.terminate()
print(response)

None


### Continue to [Part 2](http://localhost:8888/lab/tree/Alice/Part%202%20-%20Mediation%20of%20communication%20-%20Alice.ipynb) where you will learn how to interact with the ACA-Py instance as Alice