Add identity manager and API input matrix logic

[peterbroadhurst]

Work in progress on https://github.com/hyperledger-labs/firefly/issues/187

Key proposals in this code so far - building with Unit Tests

• New Identity Manager [Im] component
  • This is not a plugin, instead a consistent component to do all identity mapping
  • This would be expected to be where plugins would attach in the future
  • Implementation includes testing of the various matrix options
  • Implementation includes wiring this into Orchestrator
  • Implementation includes changing imports on calling packages
  • TODO (in this PR): Fix all the code that that currently calls Resolve on the now defunct Identity Interface
• New fftypes.Identity sub-object
  • Intended to replace single author field with author+key fields
  • Pass pointer to this part of the struct to the new im.ResolveInputIdentity function
  • TODO (in this PR): Embed this into all objects that can contain identity
• Stubbing out the Identity Interface [Ii] plugin for now
  • Still retained onchain key for config compatibility
  • Removed all methods from interface
  • Changed implementation to TBD for now in the code
• Organizations and Nodes still use the signing identity
• For now the intention is that Node.Owner and Organization.Identity remain the signing addresses
• We should move these to be DIDs, but that will mean migration issues
• Per https://github.com/hyperledger-labs/firefly/issues/187#issuecomment-919649333 we need to consider this before acting

The next step here is e2e testing, and working through various scenarios to test.
I have only done build+UT so far.

[codecov-commenter]

Codecov Report

Merging #192 (22c7847) into main (9841abd) will increase coverage by 0.02%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##             main      #192      +/-   ##
===========================================
+ Coverage   99.97%   100.00%   +0.02%     
===========================================
  Files         201       202       +1     
  Lines       10974     11084     +110     
===========================================
+ Hits        10971     11084     +113     
+ Misses          2         0       -2     
+ Partials        1         0       -1     

Impacted Files	Coverage Δ
pkg/fftypes/batch.go	100.00% <ø> (ø)
pkg/fftypes/message.go	100.00% <ø> (ø)
internal/assets/manager.go	100.00% <100.00%> (ø)
internal/batch/batch_manager.go	100.00% <100.00%> (ø)
internal/batch/batch_processor.go	100.00% <100.00%> (ø)
internal/batchpin/batchpin.go	100.00% <100.00%> (ø)
internal/blockchain/ethereum/ethereum.go	100.00% <100.00%> (ø)
internal/broadcast/datatype.go	100.00% <100.00%> (ø)
internal/broadcast/definition.go	100.00% <100.00%> (ø)
internal/broadcast/manager.go	100.00% <100.00%> (ø)
... and 26 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9841abd...22c7847. Read the comment docs.

[nguyer]

@peterbroadhurst I'm not sure if this is right. This block of code was giving me trouble so I had it commented out for most of time while I was working on this PR. My gut tells me it shouldn't be removed though.

[peterbroadhurst]

Yes, this check does need re-instating with a tweak. Doing that now

[peterbroadhurst]

This is back now - checking that in the case of a child org:

• The parent org is known
• The transaction is signed by the parent org identity

[awrichar]

🤩

[awrichar]

There's no way to make this NOT NULL in sqlite due to the migration path, is there? 😞

[peterbroadhurst]

Yeah, that's I conclusion I came to.

[awrichar]

😢

[peterbroadhurst]

k, seems this needs to be solved before merge

[awrichar]

If it makes sense for me to be the one that does this, I'm happy to stick a commit on the end after other elements are stabilized.

[awrichar]

Is it necessary to manually Extend each time we fetch? Shouldn't this be handled transparently by the LRU cache?

[peterbroadhurst]

I didn't find clear docs on this (the code you describe is elsewhere in FireFly).

Digging into the code here...
https://github.com/karlseguin/ccache/blob/ef4bd54683f611ad3df9ba84689234c78243c464/cache.go#L101-L117

Then here...
https://github.com/karlseguin/ccache/blob/ef4bd54683f611ad3df9ba84689234c78243c464/cache.go#L394-L410

It seems the behavior if you don't extend, is that it will end up in the purge list, for LRU deletion.
While Get alone will make it less likely to be the thing that's deleted, that's not the same as ensuring it's retained for a period after being explicitly accessed.

I guess my vote is to leave the pattern as it is for the moment in this PR, then consider a wrapper around the caching framework in a separate PR that handles optimization of the logic... based on some testing. Maybe that means removing use of expiry altogether? Or maybe only using expiry in the case of a cache miss (kind of as proposed here I think).

[awrichar]

I see that this resolution always goes to the blockchain plugin. In the context of tokens, I'm wondering how identities need to be expressed. For instance, as of #211, pool creation includes an operation to the token connector and an operation to the blockchain connector. It's not guaranteed that these connectors are talking to the same blockchain, so is it possible we'd need to resolve two keys via the two plugins? Maybe a question to ponder with @peterbroadhurst...

[peterbroadhurst]

I do think this is incompletely thought through for Tokens in this PR.
My suggestion is to address the token specifics in #215

[awrichar]

Yes, fine by me

[awrichar]

I noted this in the identity code below too, but feels like we're ultimately going to need to support 2 "author" identities here (1 for the token pool connector and 1 for the blockchain). They're likely to be the same in simple cases (ie Ethereum+ERC1155), but we'll need to allow them to be specified differently in the input payload if needed.

[peterbroadhurst]

Agreed. Let's accept that this PR leaves things in a "still broken" state before+after for tokens, and address in #215 after merge.

[awrichar]

This is mostly a note to myself, but this is where the resolved key for the token connector needs to propagate into the REST call. Opened hyperledger/firefly-tokens-erc1155#30 to hopefully enable that to happen.

[awrichar]

I guess it's now assumed that the identity has been pre-verified before invoking this helper?

[peterbroadhurst]

Yes. It comes from the messages in the batch which must each have been resolved, and will be verified by all members processing the batch, so doing an additional pre-submission check here does not seem efficient.

[awrichar]

I can't see where this is used...?

[peterbroadhurst]

removed 👍

[awrichar]

Can't find where this method is used...

[peterbroadhurst]

Agreed, pulling it out. Think this became unnecessary in some of the updates @nguyer made

[awrichar]

Personally I don't like when bits of a method are enabled/disabled with a boolean flag - feels like it should just be a separate method that you invoke beforehand if you need it.

Side note, after this block executes, the identity is resolved, right? So it's odd that the boolean is propagated on line 75 & 86 rather than being flipped to true.

[peterbroadhurst]

Think this is because the BroadcastRootOrgDefinition method was separated out, which is missing coverage.
Addressing this.

[awrichar]

This comment feels like a note to the developer and maybe not something that should be committed... or at least it should be cleaned up before being committed.

[awrichar]

typo

[awrichar]

For consistency in terminology, isn't this what we're calling a "key" (ie an Ethereum address)? Seems like the word "author" has evolved to mean a higher level FireFly/DID string.

[peterbroadhurst]

Was transposed to signingIdentity below anyway, so using that consistently.

[peterbroadhurst]

Think there might have been some earlier confusion that the pins table should contain resolved identities, whereas it is intentional that pins are just references to a pin received and validated that it matched the signing identity in the transaction object.

[awrichar]

This comment feels like it can be removed. Don't think there's any need to reference OLD CODE vs NEW CODE, but we should note if there's a specific contract coming into a method (ie the identity must/must not be resolved when calling this).

[awrichar]

Should we have a helper for getting the org key, which checks both the new and deprecated key? Seems like this pattern is repeated in a few places.

[peterbroadhurst]

helper, mock, and test updates added

[awrichar]

Not your change, but there's a typo in this method name.

[peterbroadhurst]

fixed

[awrichar]

Did this become retryable?

[peterbroadhurst]

No - will resolve this

[awrichar]

This feels...weird. Should we be tagging these messages in some special way? Unpacking all the data of every message in every batch to look for this special situation just feels very brute-force.

[peterbroadhurst]

ok - think there's an issue in the code, where it should be doing this only in the case where we get an error verifying the identity.

[peterbroadhurst]

ok - that's resolved now

[awrichar]

Can reuse orgName here instead of fetching again from config.

[awrichar]

I left a lot of comments, but they're mostly in the category of cleanup rather than functional changes.

I think the functionality looks good, although I'll confess it's difficult to follow exactly what the new rules are for when identities are resolved in each possible flow (some documentation to lay those down would be helpful). I'm relying largely on the E2E tests to assert that no major flows have been broken here =)

[peterbroadhurst]

Submitted PR for coverage and code duplication, continuing review.

[peterbroadhurst]

Yes. It comes from the messages in the batch which must each have been resolved, and will be verified by all members processing the batch, so doing an additional pre-submission check here does not seem efficient.

[peterbroadhurst]

Agreed, pulling it out. Think this became unnecessary in some of the updates @nguyer made

[peterbroadhurst]

Think this is because the BroadcastRootOrgDefinition method was separated out, which is missing coverage.
Addressing this.

[peterbroadhurst]

@awrichar - believe I've addressed all the comments now.

[peterbroadhurst]

Was transposed to signingIdentity below anyway, so using that consistently.

[peterbroadhurst]

Think there might have been some earlier confusion that the pins table should contain resolved identities, whereas it is intentional that pins are just references to a pin received and validated that it matched the signing identity in the transaction object.

[peterbroadhurst]

No - will resolve this

[peterbroadhurst]

There is no error return from this function, removing.

[peterbroadhurst]

ok - that's resolved now

[peterbroadhurst]

helper, mock, and test updates added

[peterbroadhurst]

fixed

[peterbroadhurst]

removed 👍

[codecov-commenter]

Codecov Report

Merging #192 (0880ed5) into main (f435cbf) will not change coverage.
The diff coverage is 100.00%.

❗ Current head 0880ed5 differs from pull request most recent head 6f62a4a. Consider uploading reports for the commit 6f62a4a to get more accurate results

@@            Coverage Diff             @@
##              main      #192    +/-   ##
==========================================
  Coverage   100.00%   100.00%            
==========================================
  Files          206       207     +1     
  Lines        11163     11318   +155     
==========================================
+ Hits         11163     11318   +155     

Impacted Files	Coverage Δ
pkg/fftypes/batch.go	100.00% <ø> (ø)
pkg/fftypes/message.go	100.00% <ø> (ø)
pkg/fftypes/tokenpool.go	100.00% <ø> (ø)
pkg/wsclient/wstestserver.go	100.00% <ø> (ø)
internal/assets/manager.go	100.00% <100.00%> (ø)
internal/assets/token_pool_created.go	100.00% <100.00%> (ø)
internal/batch/batch_manager.go	100.00% <100.00%> (ø)
internal/batch/batch_processor.go	100.00% <100.00%> (ø)
internal/batchpin/batchpin.go	100.00% <100.00%> (ø)
internal/blockchain/ethereum/config.go	100.00% <100.00%> (ø)
... and 40 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f435cbf...6f62a4a. Read the comment docs.

[jimthematrix]

feels like Identifier would be a better name here, since the identity is used in more scenarios than sending/broadcasting messages, such as an org's Identity that's solely used to endorse other identities

[jimthematrix]

never mind this one, was from an earlier thought (days ago) that has since been discarded, but neglected to delete the comment

[jimthematrix]

the empty string should be delimited by single quotes instead of double quotes, otherwise you'd get the following error during startup:

FF10163: Database migration failed: FF10163: Database migration failed: migration failed: zero-length delimited identifier at or near """" (column 28) in line 4: BEGIN;

ALTER TABLE batches ADD "key" VARCHAR(1024);
UPDATE batches SET "key" = "";
ALTER TABLE batches ALTER COLUMN "key" SET NOT NULL;

ALTER TABLE messages ADD "key" VARCHAR(1024);
UPDATE messages SET "key" = "";
ALTER TABLE messages ALTER COLUMN "key" SET NOT NULL;

ALTER TABLE tokenpool ADD "key" VARCHAR(1024);
UPDATE tokenpool SET "key" = "";
ALTER TABLE tokenpool ALTER COLUMN "key" SET NOT NULL;

[jimthematrix]

same as above, single quotes instead of double quotes