Reduce impact of tags in non-secrets

aries_cloudagent/config/logging.py

@@ -60,7 +60,8 @@ def configure(
 
         log_config = load_resource(config_path, "utf-8")
         if log_config:
-            fileConfig(log_config, disable_existing_loggers=False)
+            with log_config:
+                fileConfig(log_config, disable_existing_loggers=False)
         else:
             logging.basicConfig(level=logging.WARNING)
             logging.root.warning(f"Logging config file not found: {config_path}")

aries_cloudagent/holder/tests/test_indy.py

@@ -13,7 +13,7 @@
 import pytest
 
 from ...messaging.issue_credential.v1_0.messages.inner.credential_preview import (
-    CredentialPreview
+    CredentialPreview,
 )
 
 
@@ -73,7 +73,7 @@ async def test_get_credential_attrs_mime_types(self, mock_nonsec_get_wallet_reco
             "type": IndyHolder.RECORD_TYPE_MIME_TYPES,
             "id": cred_id,
             "value": "value",
-            "tags": dummy_tags
+            "tags": dummy_tags,
         }
         mock_nonsec_get_wallet_record.return_value = json.dumps(dummy_rec)
 
@@ -88,12 +88,8 @@ async def test_get_credential_attrs_mime_types(self, mock_nonsec_get_wallet_reco
             dummy_rec["type"],
             f"{IndyHolder.RECORD_TYPE_MIME_TYPES}::{dummy_rec['id']}",
             json.dumps(
-                {
-                    "retrieveType": True,
-                    "retrieveValue": True,
-                    "retrieveTags": True
-                }
-            )
+                {"retrieveType": False, "retrieveValue": True, "retrieveTags": True}
+            ),
         )
 
         assert mime_types == dummy_tags
@@ -106,7 +102,7 @@ async def test_get_credential_attr_mime_type(self, mock_nonsec_get_wallet_record
             "type": IndyHolder.RECORD_TYPE_MIME_TYPES,
             "id": cred_id,
             "value": "value",
-            "tags": dummy_tags
+            "tags": dummy_tags,
         }
         mock_nonsec_get_wallet_record.return_value = json.dumps(dummy_rec)
 
@@ -121,12 +117,8 @@ async def test_get_credential_attr_mime_type(self, mock_nonsec_get_wallet_record
             dummy_rec["type"],
             f"{IndyHolder.RECORD_TYPE_MIME_TYPES}::{dummy_rec['id']}",
             json.dumps(
-                {
-                    "retrieveType": True,
-                    "retrieveValue": True,
-                    "retrieveTags": True
-                }
-            )
+                {"retrieveType": False, "retrieveValue": True, "retrieveTags": True}
+            ),
         )
 
         assert a_mime_type == dummy_tags["a"]
@@ -233,7 +225,7 @@ async def test_delete_credential(
         self,
         mock_nonsec_del_wallet_record,
         mock_nonsec_get_wallet_record,
-        mock_prover_del_cred
+        mock_prover_del_cred,
     ):
         mock_wallet = async_mock.MagicMock()
         holder = IndyHolder(mock_wallet)
@@ -242,18 +234,14 @@ async def test_delete_credential(
                 "type": "typ",
                 "id": "ident",
                 "value": "value",
-                "tags": {
-                    "a": json.dumps("1"),
-                    "b": json.dumps("2")
-                }
+                "tags": {"a": json.dumps("1"), "b": json.dumps("2")},
             }
         )
 
         credential = await holder.delete_credential("credential_id")
 
         mock_prover_del_cred.assert_called_once_with(
-            mock_wallet.handle,
-            "credential_id"
+            mock_wallet.handle, "credential_id"
         )
 
     @async_mock.patch("indy.anoncreds.prover_create_proof")

aries_cloudagent/messaging/connections/models/connection_record.py

@@ -32,6 +32,12 @@ class Meta:
     WEBHOOK_TOPIC_ACTIVITY = "connections_activity"
     LOG_STATE_FLAG = "debug.connections"
     CACHE_ENABLED = True
+    TAG_NAMES = {
+        "my_did",
+        "their_did",
+        "request_id",
+        "invitation_key",
+    }
 
     RECORD_TYPE = "connection"
     RECORD_TYPE_ACTIVITY = "connection_activity"
@@ -108,26 +114,19 @@ def connection_id(self) -> str:
     @property
     def record_value(self) -> dict:
         """Accessor to for the JSON record value properties for this connection."""
-        return {"error_msg": self.error_msg, "their_label": self.their_label}
-
-    @property
-    def record_tags(self) -> dict:
-        """Accessor for the record tags generated for this connection."""
         return {
             prop: getattr(self, prop)
             for prop in (
-                "my_did",
-                "their_did",
+                "initiator",
                 "their_role",
                 "inbound_connection_id",
-                "initiator",
-                "invitation_key",
-                "request_id",
-                "state",
                 "routing_state",
                 "accept",
                 "invitation_mode",
                 "alias",
+                "error_msg",
+                "their_label",
+                "state",
             )
         }
 
@@ -152,9 +151,10 @@ async def retrieve_by_did(
             tag_filter["their_did"] = their_did
         if my_did:
             tag_filter["my_did"] = my_did
+        post_filter = {}
         if initiator:
-            tag_filter["initiator"] = initiator
-        return await cls.retrieve_by_tag_filter(context, tag_filter)
+            post_filter["initiator"] = initiator
+        return await cls.retrieve_by_tag_filter(context, tag_filter, post_filter)
 
     @classmethod
     async def retrieve_by_invitation_key(
@@ -167,10 +167,11 @@ async def retrieve_by_invitation_key(
             invitation_key: The key on the originating invitation
             initiator: Filter by the initiator value
         """
-        tag_filter = {"invitation_key": invitation_key, "state": cls.STATE_INVITATION}
+        tag_filter = {"invitation_key": invitation_key}
+        post_filter = {"state": cls.STATE_INVITATION}
         if initiator:
-            tag_filter["initiator"] = initiator
-        return await cls.retrieve_by_tag_filter(context, tag_filter)
+            post_filter["initiator"] = initiator
+        return await cls.retrieve_by_tag_filter(context, tag_filter, post_filter)
 
     @classmethod
     async def retrieve_by_request_id(
@@ -378,29 +379,21 @@ class Meta:
         model_class = ConnectionRecord
 
     connection_id = fields.Str(
-        required=False,
-        description="Connection identifier",
-        example=UUIDFour.EXAMPLE,
+        required=False, description="Connection identifier", example=UUIDFour.EXAMPLE
     )
     my_did = fields.Str(
-        required=False,
-        description="Our DID for connection",
-        **INDY_DID
+        required=False, description="Our DID for connection", **INDY_DID
     )
     their_did = fields.Str(
-        required=False,
-        description="Their DID for connection",
-        **INDY_DID
+        required=False, description="Their DID for connection", **INDY_DID
     )
     their_label = fields.Str(
-        required=False,
-        description="Their label for connection",
-        example="Bob"
+        required=False, description="Their label for connection", example="Bob"
     )
     their_role = fields.Str(
         required=False,
         description="Their assigned role for connection",
-        example="Point of contact"
+        example="Point of contact",
     )
     inbound_connection_id = fields.Str(
         required=False,
@@ -414,9 +407,7 @@ class Meta:
         validate=OneOf(["self", "external", "multiuse"]),
     )
     invitation_key = fields.Str(
-        required=False,
-        description="Public key for connection",
-        **INDY_RAW_PUBLIC_KEY
+        required=False, description="Public key for connection", **INDY_RAW_PUBLIC_KEY
     )
     request_id = fields.Str(
         required=False,
@@ -443,7 +434,7 @@ class Meta:
         required=False,
         description="Invitation mode: once or multi",
         example=ConnectionRecord.INVITATION_MODE_ONCE,
-        validate=OneOf(["once", "multi"])
+        validate=OneOf(["once", "multi"]),
     )
     alias = fields.Str(
         required=False,

aries_cloudagent/messaging/connections/routes.py

@@ -125,17 +125,23 @@ async def connections_list(request: web.BaseRequest):
     context = request.app["request_context"]
     tag_filter = {}
     for param_name in (
-        "alias",
-        "initiator",
         "invitation_id",
         "my_did",
-        "state",
         "their_did",
-        "their_role",
+        "request_id",
     ):
         if param_name in request.query and request.query[param_name] != "":
             tag_filter[param_name] = request.query[param_name]
-    records = await ConnectionRecord.query(context, tag_filter)
+    post_filter = {}
+    for param_name in (
+        "alias",
+        "initiator",
+        "state",
+        "their_role",
+    ):
+        if param_name in request.query and request.query[param_name] != "":
+            post_filter[param_name] = request.query[param_name]
+    records = await ConnectionRecord.query(context, tag_filter, post_filter)
     results = []
     for record in records:
         row = record.serialize()

aries_cloudagent/messaging/credentials/manager.py

@@ -340,12 +340,10 @@ async def receive_request(self, credential_request_message: CredentialRequest):
 
         credential_request = json.loads(credential_request_message.request)
 
-        credential_exchange_record = await CredentialExchange.retrieve_by_tag_filter(
-            self.context,
-            tag_filter={
-                "thread_id": credential_request_message._thread_id,
-                "initiator": "self",
-            },
+        (
+            credential_exchange_record
+        ) = await CredentialExchange.retrieve_by_thread_and_initiator(
+            self.context, credential_request_message._thread_id, "self"
         )
         credential_exchange_record.credential_request = credential_request
         credential_exchange_record.state = CredentialExchange.STATE_REQUEST_RECEIVED
@@ -441,12 +439,8 @@ async def receive_credential(self, credential_message: CredentialIssue):
         try:
             (
                 credential_exchange_record
-            ) = await CredentialExchange.retrieve_by_tag_filter(
-                self.context,
-                tag_filter={
-                    "thread_id": credential_message._thread_id,
-                    "initiator": "external",
-                },
+            ) = await CredentialExchange.retrieve_by_thread_and_initiator(
+                self.context, credential_message._thread_id, "external"
             )
         except StorageNotFoundError:
 
@@ -460,12 +454,8 @@ async def receive_credential(self, credential_message: CredentialIssue):
             # credential_request_metadata
             (
                 credential_exchange_record
-            ) = await CredentialExchange.retrieve_by_tag_filter(
-                self.context,
-                tag_filter={
-                    "thread_id": credential_message._thread.pthid,
-                    "initiator": "external",
-                },
+            ) = await CredentialExchange.retrieve_by_thread_and_initiator(
+                self.context, credential_message._thread.pthid, "external"
             )
 
             # Copy values from parent but create new record on save (no id)
@@ -581,12 +571,10 @@ async def credential_stored(self, credential_stored_message: CredentialStored):
         """
 
         # Get current exchange record by thread id
-        credential_exchange_record = await CredentialExchange.retrieve_by_tag_filter(
-            self.context,
-            tag_filter={
-                "thread_id": credential_stored_message._thread_id,
-                "initiator": "self",
-            },
+        (
+            credential_exchange_record
+        ) = await CredentialExchange.retrieve_by_thread_and_initiator(
+            self.context, credential_stored_message._thread_id, "self"
         )
 
         credential_exchange_record.state = CredentialExchange.STATE_STORED