aries-cloudagent-python icon indicating copy to clipboard operation
aries-cloudagent-python copied to clipboard

Published 20 hours ago verified publisher icon hyperledger

--read-only-ledger command line option is either useless or buggy in provision mode

Open mloepfe opened this issue 3 years ago • 5 comments

I'm trying to provision (create wallet) an aca-py agent and tried to set the ledger to read-only. According to the --help output and the respective code, in provision mode there is the generic --read-only-ledger option.

In the settings the flag is named 'read_only_ledger'. In the ledger code it is queried as 'ledger.read_only'.

In aries_cloudagent/commands/start.py there is an explicit assignment from the first to the second.

# set ledger to read only if explicitely specified
settings["ledger.read_only"] = settings.get("read_only_ledger", False)

In aries_cloudagent/commands/provision.py this code is missing but replaced by the comment:

# provision needs write access to the ledger
# (override if specified otherwise)
settings["ledger.read_only"] = False

That means this command line option should NOT be existing in provision mode or (in my opinion) should be supported exactly like in start mode. Because if you use auto-provisioning read-only-ledger is supported.

I found this inconsistency because I try to create an agent in AUTHOR (not ENDORSER) mode.

What do you think?

mloepfe avatar Jul 14 '21 12:07 mloepfe

Provisioning and starting the agent are two different tasks, and that is why there may be the need to have ledger access. @andrewwhitehead and/or @ianco might have better explanations for the reasons this is necessary.

About your need to provision an AUTHOR: you should not set the agent as read-only, as it will be writing to the ledger - just not independently, but via endorsed transactions (another agent endorses it, the author can then write to the ledger).

esune avatar Jul 14 '21 16:07 esune

As much as I know, there are two ways to write endorsed trx to the ledger, one by the author and the other by the endorser. What I had in mind, was the second way, where the endorser directly writes the endorsed trx to the ledger.

mloepfe avatar Jul 14 '21 21:07 mloepfe

@mloepfe you are right, however I believe the AUTHOR agent still needs to be in "write mode" in order to update their keys/metadata on the ledger (e.g.: endpoint). I am not 100% clear on this so rather than going on a goose chase I'll let the people I tagged above chime in on this.

esune avatar Jul 15 '21 15:07 esune

I don't think the --read-only-ledger option makes sense in "provision" mode, it should probably be removed.

Also I believe @mloepfe is right an Author can ask the Endorser to write the transaction to the ledger. (With the caveat that we don't have 100% of the transactions converted for Endorser support yet.)

ianco avatar Jul 15 '21 15:07 ianco

The trigger, why I tried to use the read-only option, was the hope to get rid of the error reported because the TAA could not be handled because there is no interactive terminal (in docker) available. The workaround I take now is to run it in 'start' mode with read-only and auto-provisioning option enabled just for provisioning. It's not nice, but works.

mloepfe avatar Jul 16 '21 14:07 mloepfe