Issue permits as vc with mdt

openshift/pipeline/config-dev.groovy

@@ -223,6 +223,7 @@ app {
                             'NRIS_API_URL': "${vars.modules.'mds-nris-backend'.HOST}${vars.modules.'mds-nris-backend'.PATH}",
                             'DOCUMENT_MANAGER_URL': "${vars.modules.'mds-docman-backend'.HOST}${vars.modules.'mds-docman-backend'.PATH}",
                             'DOCUMENT_GENERATOR_URL': "${vars.modules.'mds-docgen-api'.HOST}",
+                            'VCR_ISSUER_URL':"${vars.modules.'mds-vc-issuer-api'.HOST}",
                     ]
                 ],
                 [
@@ -496,6 +497,9 @@ environments {
                 'mds-docgen-api' {
                     HOST = "http://docgen${vars.deployment.suffix}:3030"
                 }
+                'mds-vc-issuer-api'{
+                    HOST = "https://mines-permitting-issuer-a3e512-dev.apps.silver.devops.gov.bc.ca/"
+                }
                 'filesystem-provider' {
                     HOST = "http://filesystem-provider${vars.deployment.suffix}:8080"
                     PATH = "/${vars.git.changeId}/file-api"

openshift/pipeline/config-prod.groovy

@@ -223,6 +223,8 @@ app {
                             'NRIS_API_URL': "${vars.modules.'mds-nris-backend'.HOST}${vars.modules.'mds-nris-backend'.PATH}",
                             'DOCUMENT_MANAGER_URL': "${vars.modules.'mds-docman-backend'.HOST}${vars.modules.'mds-docman-backend'.PATH}",
                             'DOCUMENT_GENERATOR_URL': "${vars.modules.'mds-docgen-api'.HOST}",
+                            'VCR_ISSUER_URL':"${vars.modules.'mds-vc-issuer-api'.HOST}",
+
                     ]
                 ],
                 [
@@ -545,6 +547,9 @@ environments {
                 'mds-docgen-api' {
                     HOST = "http://docgen${vars.deployment.suffix}:3030"
                 }
+                'mds-vc-issuer-api'{
+                    HOST = "https://mines-permitting-issuer-a3e512-prod.apps.silver.devops.gov.bc.ca/"
+                }
                 'schemaspy' {
                     HOST = "mds-schemaspy-${vars.deployment.namespace}.pathfinder.gov.bc.ca"
                 }

openshift/pipeline/config-test.groovy

@@ -189,6 +189,8 @@ app {
                             'NRIS_API_URL': "${vars.modules.'mds-nris-backend'.HOST}${vars.modules.'mds-nris-backend'.PATH}",
                             'DOCUMENT_MANAGER_URL': "${vars.modules.'mds-docman-backend'.HOST}${vars.modules.'mds-docman-backend'.PATH}",
                             'DOCUMENT_GENERATOR_URL': "${vars.modules.'mds-docgen-api'.HOST}",
+                            'VCR_ISSUER_URL':"${vars.modules.'mds-vc-issuer-api'.HOST}",
+
                     ]
                 ],
                 [
@@ -505,6 +507,9 @@ environments {
                 'mds-docgen-api' {
                     HOST = "http://docgen${vars.deployment.suffix}:3030"
                 }
+                'mds-vc-issuer-api'{
+                    HOST = "https://mines-permitting-issuer-a3e512-test.apps.silver.devops.gov.bc.ca/"
+                }
                 'schemaspy' {
                     HOST = "mds-schemaspy-${vars.deployment.namespace}.pathfinder.gov.bc.ca"
                 }

openshift/templates/_python36.dc.json

@@ -68,6 +68,11 @@
       "required": false,
       "value": "template.mds-vfcbc-client-service"
     },
+    {
+      "name": "VCR_ISSUER_API_SECRET",
+      "required": false,
+      "value": "template.mds-issuer-api-secret"
+    },
     {
       "name": "MDS_NRIS_API_SECRET",
       "required": false,
@@ -149,6 +154,10 @@
       "name": "NRIS_API_URL",
       "required": true
     },
+    {
+      "name": "VCR_ISSUER_URL",
+      "required": true
+    },
     {
       "name": "DOCUMENT_MANAGER_URL",
       "required": true
@@ -551,6 +560,19 @@
                         "key": "password"
                       }
                     }
+                  },
+                  {
+                    "name": "VCR_ISSUER_URL",
+                    "value": "${VCR_ISSUER_URL}"
+                  },
+                  {
+                    "name": "VCR_ISSUER_SECRET_KEY",
+                    "valueFrom": {
+                      "secretKeyRef": {
+                        "name": "${VCR_ISSUER_API_SECRET}",
+                        "key": "vcr-issuer-secret-key"
+                      }
+                    }
                   }
                 ],
                 "resources": {

services/core-api/app/__init__.py

@@ -26,7 +26,8 @@
 
 from app.commands import register_commands
 from app.config import Config
-from app.extensions import db, jwt, api, cache
+#alias api to avoid confusion with api folder (speifically on unittest.mock.patch calls)
+from app.extensions import db, jwt, api as root_api_namespace, cache
 from app.api.utils.setup_marshmallow import setup_marshmallow
 
 
@@ -52,12 +53,12 @@ def create_app(test_config=None):
 
 def register_extensions(app):
 
-    api.app = app
+    root_api_namespace.app = app
 
     # Overriding swaggerUI base path to serve content under a prefix
     apidoc.apidoc.static_url_path = '{}/swaggerui'.format(Config.BASE_PATH)
 
-    api.init_app(app)
+    root_api_namespace.init_app(app)
 
     try:
         jwt.init_app(app)
@@ -77,30 +78,30 @@ def register_routes(app):
     # Set URL rules for resources
     app.add_url_rule('/', endpoint='index')
 
-    api.add_namespace(compliance_api)
-    api.add_namespace(mines_api)
-    api.add_namespace(parties_api)
-    api.add_namespace(download_token_api)
-    api.add_namespace(users_api)
-    api.add_namespace(search_api)
-    api.add_namespace(variances_api)
-    api.add_namespace(incidents_api)
-    api.add_namespace(reporting_api)
-    api.add_namespace(now_sub_api)
-    api.add_namespace(now_app_api)
-    api.add_namespace(exports_api)
-    api.add_namespace(doc_gen_api)
-    api.add_namespace(securities_api)
-    api.add_namespace(verify_api)
-    api.add_namespace(orgbook_api)
+    root_api_namespace.add_namespace(compliance_api)
+    root_api_namespace.add_namespace(mines_api)
+    root_api_namespace.add_namespace(parties_api)
+    root_api_namespace.add_namespace(download_token_api)
+    root_api_namespace.add_namespace(users_api)
+    root_api_namespace.add_namespace(search_api)
+    root_api_namespace.add_namespace(variances_api)
+    root_api_namespace.add_namespace(incidents_api)
+    root_api_namespace.add_namespace(reporting_api)
+    root_api_namespace.add_namespace(now_sub_api)
+    root_api_namespace.add_namespace(now_app_api)
+    root_api_namespace.add_namespace(exports_api)
+    root_api_namespace.add_namespace(doc_gen_api)
+    root_api_namespace.add_namespace(securities_api)
+    root_api_namespace.add_namespace(verify_api)
+    root_api_namespace.add_namespace(orgbook_api)
 
     # Healthcheck endpoint
-    @api.route('/health')
+    @root_api_namespace.route('/health')
     class Healthcheck(Resource):
         def get(self):
             return {'status': 'pass'}
 
-    @api.errorhandler(AuthError)
+    @root_api_namespace.errorhandler(AuthError)
     def jwt_oidc_auth_error_handler(error):
         app.logger.error(str(error))
         app.logger.error('REQUEST\n' + str(request))
@@ -110,7 +111,7 @@ def jwt_oidc_auth_error_handler(error):
             'message': str(error),
         }, getattr(error, 'status_code', 401)
 
-    @api.errorhandler(Forbidden)
+    @root_api_namespace.errorhandler(Forbidden)
     def forbidden_error_handler(error):
         app.logger.error(str(error))
         app.logger.error('REQUEST\n' + str(request))
@@ -120,7 +121,7 @@ def forbidden_error_handler(error):
             'message': str(error),
         }, getattr(error, 'status_code', 403)
 
-    @api.errorhandler(AssertionError)
+    @root_api_namespace.errorhandler(AssertionError)
     def assertion_error_handler(error):
         app.logger.error(str(error))
         return {
@@ -139,14 +140,14 @@ def sqlalchemy_error_handler(error):
 
     def _add_sqlalchemy_error_handlers(classname):
         for subclass in classname.__subclasses__():
-            (api.errorhandler(subclass))(sqlalchemy_error_handler)
+            (root_api_namespace.errorhandler(subclass))(sqlalchemy_error_handler)
 
             if len(subclass.__subclasses__()) != 0:
                 _add_sqlalchemy_error_handlers(subclass)
 
     _add_sqlalchemy_error_handlers(SQLAlchemyError)
 
-    @api.errorhandler(Exception)
+    @root_api_namespace.errorhandler(Exception)
     def default_error_handler(error):
         app.logger.error(str(error))
         return {

services/core-api/app/api/mines/namespace.py

@@ -16,6 +16,7 @@
 from app.api.mines.permits.permit.resources.permit_status_code import PermitStatusCodeResource
 from app.api.mines.permits.permit_amendment.resources.permit_amendment import PermitAmendmentResource, PermitAmendmentListResource
 from app.api.mines.permits.permit_amendment.resources.permit_amendment_document import PermitAmendmentDocumentListResource, PermitAmendmentDocumentResource
+from app.api.mines.permits.permit_amendment.resources.permit_amendment_issue_vc import PermitAmendmentIssueVCResource
 from app.api.mines.permits.permit.resources.permit_document_upload import PermitDocumentUploadInitializationResource
 from app.api.mines.region.resources.region import MineRegionResource
 from app.api.mines.reports.resources.mine_report_document import MineReportDocumentListResource
@@ -111,6 +112,11 @@
     PermitAmendmentResource,
     '/<string:mine_guid>/permits/<string:permit_guid>/amendments/<string:permit_amendment_guid>')
 
+api.add_resource(
+    PermitAmendmentIssueVCResource,
+    '/<string:mine_guid>/permits/<string:permit_guid>/amendments/<string:permit_amendment_guid>/issue-vc-to-orgbook'
+)
+
 api.add_resource(
     PermitAmendmentDocumentListResource,
     '/<string:mine_guid>/permits/<string:permit_guid>/amendments/<string:permit_amendment_guid>/documents',

services/core-api/app/api/mines/permits/permit_amendment/resources/permit_amendment_issue_vc.py

@@ -0,0 +1,25 @@
+from datetime import datetime
+from flask import request, current_app
+from flask_restplus import Resource, reqparse
+from werkzeug.exceptions import BadRequest
+
+from app.api.mines.permits.permit_amendment.models.permit_amendment import PermitAmendment
+
+from app.extensions import api
+from app.api.utils.access_decorators import requires_role_mine_admin
+from app.api.utils.resources_mixins import UserMixin
+
+from app.api.services.issue_to_orgbook_service import OrgBookIssuerService
+
+
+class PermitAmendmentIssueVCResource(Resource, UserMixin):
+    @requires_role_mine_admin
+    @api.response(200, "VC Issued to OrgBook, no local data created")
+    def post(self, mine_guid, permit_guid, permit_amendment_guid):
+        permit_amendment = PermitAmendment.find_by_permit_amendment_guid(permit_amendment_guid)
+
+        response = OrgBookIssuerService().issue_permit_amendment_vc(permit_amendment)
+        if not response:
+            raise BadRequest(
+                "Credential Not Issued, ensure permittee is associated with OrgBook Entity")
+        return

services/core-api/app/api/now_applications/resources/now_application_status_resource.py

@@ -14,6 +14,8 @@
 from app.api.mines.permits.permit_amendment.models.permit_amendment import PermitAmendment
 from app.api.mines.permits.permit_amendment.models.permit_amendment_document import PermitAmendmentDocument
 from app.api.parties.party_appt.models.mine_party_appt import MinePartyAppointment
+
+from app.api.services.issue_to_orgbook_service import OrgBookIssuerService
 from werkzeug.exceptions import BadRequest, NotFound, NotImplemented
 
 
@@ -141,6 +143,17 @@ def put(self, application_guid):
 
                 permit_amendment.save()
 
+                #Issue Permit as Verifiable Credential to OrgBook
+                try:
+                    OrgBookIssuerService().issue_permit_amendment_vc(permit_amendment)
+                except AssertionError as e:
+                    #non-blocking failure
+                    current_app.logger.info('VC Not issued due to non-200 status code')
+                    current_app.logger.debug(str(e))
+                except Exception as ex:
+                    current_app.logger.warning('VC Not issued due to unknown error')
+                    current_app.logger.info(str(e))
+
                 #create contacts
                 for contact in now_application_identity.now_application.contacts:
                     if contact.mine_party_appt_type_code == 'PMT' or contact.mine_party_appt_type_code == 'MMG':

services/core-api/app/api/services/issue_to_orgbook_service.py

@@ -0,0 +1,102 @@
+import requests, json, pprint, time, threading
+
+from dateutil.relativedelta import relativedelta
+from datetime import datetime, timedelta
+from flask import request, current_app
+from app.config import Config
+
+
+class OrgBookIssuerService():
+    """This class is used to connect to an issuer controller, which handles the nuance and handshakes involved with issuing
+    verifiable credentials to a Verifiable Credential Registry (VRC), OrgBook is an instance of aries-vrc (https://github.com/bcgov/aries-vcr).
+    Mines-Digital-Trust has stood up an Issuer Controller API (https://github.com/bcgov/aries-vcr-issuer-controller) to serve CORE to issue 
+    Mines Act Permits as VC's."""
+
+    issuer_controller_url = Config.VCR_ISSUER_URL    #FROM DeployConfig
+    issuer_secret_key = Config.VCR_ISSUER_SECRET_KEY #FROM SECRET
+    vc_schema_name = "bcgov-mines-act-permit.bcgov-mines-permitting"
+    vc_schema_version = "0.2.0"
+    issuer_controller_ready = False
+
+    def __init__(self):
+        retry_count = 0
+        while retry_count < 5:
+            retry_count += 1
+            response = requests.get(self.issuer_controller_url + 'liveness')
+            if response.status_code != 200:
+                current_app.logger.warning('Issuer Controller not live: ' +
+                                           str(response.status_code))
+                time.sleep(.500 * retry_count)
+                continue
+            #check api key
+            response = requests.get(
+                self.issuer_controller_url + 'status',
+                headers={
+                    'issuer_secret_key': self.issuer_secret_key,
+                })
+            if response.status_code == 200:
+                self.issuer_controller_ready = True
+                current_app.logger.info('Issuer Controller ready and secret-key correct!')
+                return
+            elif response.status_code != 503:
+                current_app.logger.error('Livenesscheck failed: ' + str(response.status_code))
+            time.sleep(.500 * retry_count)
+        current_app.logger.error('Issuer Controller liveness check failed, nothing will be issued')
+
+    def publish_schema(self, new_schema, new_schema_version):
+        raise NotImplementedError(
+            """The MDT issuer controller publishes schema on init, to update your VC schema,
+                send them a message. This can be done dynamically in the future once MDT implements it"""
+        )
+
+    def inspect_current_schema(self):
+        raise NotImplementedError(
+            """Hopefully this exists, the MDT issuer controller should be able to inspect
+                and return the current schema it is expecting/allowing. 
+
+                Inspecting old schemas can be done by looking at the hyperledger directly
+                production -> http://prod.bcovrin.vonx.io/browse/domain?page=1&query=&txn_type=101
+                test - http://test.bcovrin.vonx.io/browse/domain?page=1&query=&txn_type=101
+                dev  - http://dev.bcovrin.vonx.io/browse/domain?page=1&query=&txn_type=101
+                """)
+
+    def issue_permit_amendment_vc(self, permit_amendment):
+        if not self.issuer_controller_ready:
+            current_app.logger.warning(
+                'Issuer Controller liveness check failed on init, this call did nothing')
+        permittee_orgbook_entity = permit_amendment.permit.permittee_appointments[
+            0].party.party_orgbook_entity
+        if not permittee_orgbook_entity:
+            current_app.logger.warning(
+                'skipping issue_permit_amendment_vc, permittee not link to orgbook business')
+            return
+
+        payload = json.dumps([{
+            "schema": self.vc_schema_name,
+            "version": self.vc_schema_version,
+            "attributes": {
+                "permit_id": str(permit_amendment.permit_guid),
+                "registration_id": permittee_orgbook_entity.registration_id,
+                "permit_no": permit_amendment.permit.permit_no,
+                "mine_no": permit_amendment.mine.mine_no,
+                "mine_class": 'major' if permit_amendment.mine.major_mine_ind else 'regional',
+                "latitude": str(permit_amendment.mine.latitude),
+                "longitude": str(permit_amendment.mine.longitude),
+                "issued_date": str(permit_amendment.issue_date),
+                "effective_date": str(permit_amendment.issue_date),
+                "authorization_end_date": str(permit_amendment.authorization_end_date),
+                "inspector_name": "Best Inspector"
+            }
+        }])
+        current_app.logger.debug('issuing-credential to OrgBook business \'' +
+                                 permittee_orgbook_entity.registration_id + ',' +
+                                 permittee_orgbook_entity.name_text + '\'')
+        response = requests.post(
+            self.issuer_controller_url + 'issue-credential',
+            data=payload,
+            headers={
+                'issuer_secret_key': self.issuer_secret_key,
+                'Content-Type': 'application/json'
+            })
+        current_app.logger.debug('issue-credential call returned successfully')
+        return response

services/core-api/app/config.py

@@ -125,6 +125,12 @@ def JWT_ROLE_CALLBACK(jwt_dict):
     # OrgBook
     ORGBOOK_API_URL = os.environ.get('ORGBOOK_API_URL', 'https://orgbook.gov.bc.ca/api/v2/')
 
+    # MDT-Issuer-Controller
+    VCR_ISSUER_URL = os.environ.get(
+        'VCR_ISSUER_URL',
+        'https://mines-permitting-issuer-a3e512-dev.apps.silver.devops.gov.bc.ca/')
+    VCR_ISSUER_SECRET_KEY = os.environ.get('VCR_ISSUER_SECRET_KEY', 'super-secret-key')
+
 
 class TestConfig(Config):
     # The following configs are for testing purposes and all variables and keys are generated using dummy data.