-
Notifications
You must be signed in to change notification settings - Fork 242
FIR-9: Identity enhancements #549
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
71 commits
Select commit
Hold shift + click to select a range
8fc3049
Initial migration work
peterbroadhurst 0431c35
Merge branch 'main' of github.com:hyperledger/firefly into identityv2
peterbroadhurst 07d8b89
More work on migrations
peterbroadhurst 233cc94
Merge branch 'main' of github.com:hyperledger/firefly into identityv2
peterbroadhurst 8ba8944
Updated migrations an initial typedefs
peterbroadhurst deed601
Merge branch 'main' of github.com:hyperledger/firefly into identityv2
peterbroadhurst dacb4bd
Merge branch 'main' of github.com:hyperledger/firefly into identityv2
peterbroadhurst 77d0f19
Add identity SQL table
peterbroadhurst 6616a4b
Verifier DTO
peterbroadhurst bcb739b
Interim commit
peterbroadhurst d3c568d
Identity manager lookup functions implemented
peterbroadhurst 74ac994
Add message references to identity object/tables
peterbroadhurst aa948e8
Update identity object for claims/verifications
peterbroadhurst 6418856
Add chain verification function for identities
peterbroadhurst ca88c9d
Interface impl for Definitions
peterbroadhurst 73e9981
Commit before find/replace
peterbroadhurst bdda63e
Broadcast migrated
peterbroadhurst eac3554
Progress on networkmap
peterbroadhurst cbbeae4
Network map registration
peterbroadhurst 94c8cc4
Add generic identity query support
peterbroadhurst a5c3bbb
Merge with main
peterbroadhurst 3b87b55
Handle new identity structure for root check
peterbroadhurst 34616f5
Identity profile update
peterbroadhurst 59dde9b
Clean up DX interface - no need for separate ID
peterbroadhurst 769187b
Updates to private messaging
peterbroadhurst 2d90e68
Progress on Pm
peterbroadhurst 38de541
UT complete on private messaging
peterbroadhurst 9c68ec7
Move to single copy of IsRootOrgBroadcast logic in IM
peterbroadhurst a0002fc
Intermediate commit with events migration
peterbroadhurst 07f4486
Up to definitions
peterbroadhurst 2444848
Move various utilities to common identitymanager pkg
peterbroadhurst b7d0b30
Update Definitions interface to allow pending confirms to be checked
peterbroadhurst 7378617
Events coverage
peterbroadhurst 7857b1f
Remove IsRootOrgBroadcast as no longer required
peterbroadhurst 4db351f
Verification then claim custom identity test
peterbroadhurst 2e5f9ea
Verification claim tests with custom identities
peterbroadhurst 4f22609
Merge branch 'main' of github.com:hyperledger/firefly into identityv2
peterbroadhurst f0f6082
Deprecated org/node tests
peterbroadhurst fe3408d
Coverage complete on definitions
peterbroadhurst 47bae25
Orchestrator updates for identity
peterbroadhurst 29a227c
Identity APIs
peterbroadhurst e13538c
E2E test compiling
peterbroadhurst 596fc8a
E2E passing
peterbroadhurst fed88b2
Allow asset manager to be configured with/without key resolution
peterbroadhurst 8b1b94a
Only do DB lookups in sync/async for in-flight requests
peterbroadhurst 70249c1
Emit events for identity confirmation/update
peterbroadhurst 991f5bd
Identity created/updated events and making confirm wait for identity …
peterbroadhurst c09a149
Add fix for timing related UT failure
peterbroadhurst d65741a
Various refinement from E2E identity testing
peterbroadhurst e1514dc
Fix disconnecting
peterbroadhurst a05cc1a
Update CLI to avoid unlock
peterbroadhurst 0505ffb
Improvements to suite
peterbroadhurst b1559ce
Add DID Document endpoint
peterbroadhurst f551f46
Correct query factory
peterbroadhurst 875e881
Add private test to custom identities
peterbroadhurst 4be2d61
Tweaks to private test
peterbroadhurst 5461898
Undo disable of test
peterbroadhurst 65952c2
Fix test custom2 identity parent
peterbroadhurst 02e6221
Need `requestConflictEmptyResult` for all upsert optimization cases
peterbroadhurst bf3a2bb
Wrong type of quotes for PSQL
peterbroadhurst 37b54a6
Added namespace to verifiers requires migration change
peterbroadhurst 0618e13
Fix migrations to the new constant names
peterbroadhurst 0c991fe
Move verifiers to be identitied deterministically across nodes via hash
peterbroadhurst 2959263
Update to key normalization internally within the identity manager
peterbroadhurst ee3686d
Update to key normalization in blockchain plugin interface
peterbroadhurst 802b309
Combine Action and CustomCorrelator into HandlerResult
peterbroadhurst 1145279
Address review comments
peterbroadhurst c6614aa
Tweaks from review
peterbroadhurst 75f63be
Swagger
peterbroadhurst 88da6d6
PSQL requires UUID to text
peterbroadhurst 0bda768
Double up UUIDs to fill 32b hash values in migration
peterbroadhurst File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
97 changes: 97 additions & 0 deletions
97
db/migrations/postgres/000063_create_identities_table.down.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,97 @@ | ||
| BEGIN; | ||
|
|
||
| CREATE TABLE orgs ( | ||
| seq SERIAL PRIMARY KEY, | ||
| id UUID NOT NULL, | ||
| message_id UUID NOT NULL, | ||
| name VARCHAR(64) NOT NULL, | ||
| parent VARCHAR(1024), | ||
| identity VARCHAR(1024) NOT NULL, | ||
| description VARCHAR(4096) NOT NULL, | ||
| profile TEXT, | ||
| created BIGINT NOT NULL | ||
| ); | ||
|
|
||
| CREATE UNIQUE INDEX orgs_id ON orgs(id); | ||
| CREATE UNIQUE INDEX orgs_identity ON orgs(identity); | ||
| CREATE UNIQUE INDEX orgs_name ON orgs(name); | ||
|
|
||
| CREATE TABLE nodes ( | ||
| seq SERIAL PRIMARY KEY, | ||
| id UUID NOT NULL, | ||
| message_id UUID NOT NULL, | ||
| owner VARCHAR(1024) NOT NULL, | ||
| name VARCHAR(64) NOT NULL, | ||
| description VARCHAR(4096) NOT NULL, | ||
| dx_peer VARCHAR(256), | ||
| dx_endpoint TEXT, | ||
| created BIGINT NOT NULL | ||
| ); | ||
|
|
||
| CREATE UNIQUE INDEX nodes_id ON nodes(id); | ||
| CREATE UNIQUE INDEX nodes_owner ON nodes(owner,name); | ||
| CREATE UNIQUE INDEX nodes_peer ON nodes(dx_peer); | ||
|
|
||
| -- We only reconstitute orgs that were dropped during the original up migration. | ||
| -- These have the UUID of the verifier set to the same UUID as the org. | ||
| INSERT INTO orgs ( | ||
| id, | ||
| parent, | ||
| message_id, | ||
| name, | ||
| description, | ||
| profile, | ||
| created, | ||
| identity | ||
| ) SELECT | ||
| i.id, | ||
| COALESCE(pv.value, '') as parent, | ||
| i.messages_claim, | ||
| i.name, | ||
| i.description, | ||
| i.profile, | ||
| i.created, | ||
| v.value as identity | ||
| FROM identities as i | ||
| LEFT JOIN verifiers v ON v.hash = REPLACE(i.id::text,'-','') || REPLACE(i.id::text,'-','') | ||
| LEFT JOIN verifiers pv ON pv.hash = REPLACE(i.parent::text,'-','') || REPLACE(i.parent::text,'-','') | ||
| WHERE i.did LIKE 'did:firefly:org/%' AND v.hash IS NOT NULL; | ||
|
|
||
| -- We only reconstitute nodes that were dropped during the original up migration. | ||
| -- These have the Hash of the verifier set to the bytes from the UUID of the node (by taking the string and removing the dashes). | ||
| INSERT INTO nodes ( | ||
| id, | ||
| owner, | ||
| message_id, | ||
| name, | ||
| description, | ||
| dx_endpoint, | ||
| created, | ||
| dx_peer | ||
| ) SELECT | ||
| i.id, | ||
| COALESCE(pv.value, '') as owner, | ||
| i.messages_claim, | ||
| i.name, | ||
| i.description, | ||
| i.profile, | ||
| i.created, | ||
| v.value as dx_peer | ||
| FROM identities as i | ||
| LEFT JOIN verifiers v ON v.hash = REPLACE(i.id::text,'-','') || REPLACE(i.id::text,'-','') | ||
| LEFT JOIN verifiers pv ON pv.hash = REPLACE(i.parent::text,'-','') || REPLACE(i.parent::text,'-','') | ||
| WHERE i.did LIKE 'did:firefly:node/%' AND v.hash IS NOT NULL; | ||
|
|
||
| DROP INDEX identities_id; | ||
| DROP INDEX identities_did; | ||
| DROP INDEX identities_name; | ||
|
|
||
| DROP TABLE IF EXISTS identities; | ||
|
|
||
| DROP INDEX verifiers_hash; | ||
| DROP INDEX verifiers_value; | ||
| DROP INDEX verifiers_identity; | ||
|
|
||
| DROP TABLE IF EXISTS verifiers; | ||
|
|
||
| COMMIT; |
143 changes: 143 additions & 0 deletions
143
db/migrations/postgres/000063_create_identities_table.up.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,143 @@ | ||
| BEGIN; | ||
|
|
||
| CREATE TABLE identities ( | ||
| seq SERIAL PRIMARY KEY, | ||
| id UUID NOT NULL, | ||
| did VARCHAR(256) NOT NULL, | ||
| parent UUID, | ||
| messages_claim UUID NOT NULL, | ||
| messages_verification UUID, | ||
| messages_update UUID, | ||
| itype VARCHAR(64) NOT NULL, | ||
| namespace VARCHAR(64) NOT NULL, | ||
| name VARCHAR(64) NOT NULL, | ||
| description VARCHAR(4096) NOT NULL, | ||
| profile TEXT, | ||
| created BIGINT NOT NULL, | ||
| updated BIGINT NOT NULL | ||
| ); | ||
|
|
||
| CREATE UNIQUE INDEX identities_id ON identities(id); | ||
| CREATE UNIQUE INDEX identities_did ON identities(did); | ||
| CREATE UNIQUE INDEX identities_name ON identities(itype, namespace, name); | ||
|
|
||
| CREATE TABLE verifiers ( | ||
| seq SERIAL PRIMARY KEY, | ||
| hash CHAR(64) NOT NULL, | ||
| identity UUID NOT NULL, | ||
awrichar marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| vtype VARCHAR(256) NOT NULL, | ||
| namespace VARCHAR(64) NOT NULL, | ||
| value TEXT NOT NULL, | ||
| created BIGINT NOT NULL | ||
| ); | ||
|
|
||
| CREATE UNIQUE INDEX verifiers_hash ON verifiers(hash); | ||
| CREATE UNIQUE INDEX verifiers_value ON verifiers(vtype, namespace, value); | ||
| CREATE INDEX verifiers_identity ON verifiers(identity); | ||
|
|
||
| INSERT INTO identities ( | ||
awrichar marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| id, | ||
| did, | ||
| parent, | ||
| messages_claim, | ||
| itype, | ||
| namespace, | ||
| name, | ||
| description, | ||
| profile, | ||
| created, | ||
| updated | ||
| ) SELECT | ||
| o1.id, | ||
| 'did:firefly:org/' || o1.name, | ||
| o2.id, | ||
| o1.message_id, | ||
| 'org', | ||
| 'ff_system', | ||
| o1.name, | ||
| o1.description, | ||
| o1.profile, | ||
| o1.created, | ||
| o1.created | ||
| FROM orgs as o1 | ||
| LEFT JOIN orgs o2 ON o2.identity = o1.parent; | ||
|
|
||
| INSERT INTO identities ( | ||
| id, | ||
| did, | ||
| parent, | ||
| messages_claim, | ||
| itype, | ||
| namespace, | ||
| name, | ||
| description, | ||
| profile, | ||
| created, | ||
| updated | ||
| ) SELECT | ||
| n.id, | ||
| 'did:firefly:node/' || n.name, | ||
| o.id, | ||
| n.message_id, | ||
| 'node', | ||
| 'ff_system', | ||
| n.name, | ||
| n.description, | ||
| n.dx_endpoint, | ||
| n.created, | ||
| n.created | ||
| FROM nodes as n | ||
| LEFT JOIN orgs o ON o.identity = n.owner; | ||
|
|
||
| INSERT INTO verifiers ( | ||
| hash, | ||
| namespace, | ||
| identity, | ||
| vtype, | ||
| value, | ||
| created | ||
| ) SELECT | ||
| REPLACE(o.id::text, '-', '') || REPLACE(o.id::text, '-', ''), -- to avoid the need for hashing in the migration, use the convenient fact the UUID is known hex - have to write it twice to fill the 32B -- | ||
| 'ff_system', | ||
| o.id, | ||
| 'ethereum_address', | ||
| o.identity, | ||
| o.created | ||
| FROM orgs as o WHERE o.identity LIKE '0x%'; | ||
|
|
||
| INSERT INTO verifiers ( | ||
| hash, | ||
| namespace, | ||
| identity, | ||
| vtype, | ||
| value, | ||
| created | ||
| ) SELECT | ||
| REPLACE(o.id::text, '-', '') || REPLACE(o.id::text, '-', ''), -- to avoid the need for hashing in the migration, use the convenient fact the UUID is known hex - have to write it twice to fill the 32B -- | ||
| 'ff_system', | ||
| o.id, | ||
| 'fabric_msp_id', | ||
| o.identity, | ||
| o.created | ||
| FROM orgs as o WHERE o.identity NOT LIKE '0x%'; | ||
|
|
||
| INSERT INTO verifiers ( | ||
| hash, | ||
| namespace, | ||
| identity, | ||
| vtype, | ||
| value, | ||
| created | ||
| ) SELECT | ||
| REPLACE(n.id::text, '-', '') || REPLACE(n.id::text, '-', ''), -- to avoid the need for hashing in the migration, use the convenient fact the UUID is known hex - have to write it twice to fill the 32B -- | ||
| 'ff_system', | ||
| n.id, | ||
| 'dx_peer_id', | ||
| n.dx_peer, | ||
| n.created | ||
| FROM nodes as n; | ||
|
|
||
| DROP TABLE orgs; | ||
| DROP TABLE nodes; | ||
|
|
||
| COMMIT; | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| -- No down migration for this one |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| BEGIN; | ||
|
|
||
| ALTER TABLE data ALTER COLUMN value DROP NOT NULL; | ||
|
|
||
| COMMIT; |
4 changes: 4 additions & 0 deletions
4
db/migrations/postgres/000065_pin_signer_event_correlator.down.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| BEGIN; | ||
| ALTER TABLE pins DROP COLUMN signer; | ||
| ALTER TABLE events DROP COLUMN cid; | ||
| COMMIT; |
6 changes: 6 additions & 0 deletions
6
db/migrations/postgres/000065_pin_signer_event_correlator.up.sql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| BEGIN; | ||
| ALTER TABLE pins ADD COLUMN signer TEXT; | ||
| UPDATE pins SET signer = ''; | ||
|
|
||
| ALTER TABLE events ADD COLUMN cid UUID; | ||
awrichar marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| COMMIT; | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.