bcgov / essential-services-delivery Goto Github PK
View Code? Open in Web Editor NEWEssential Services credentials for workers to manage risks around entry to controlled facilities
License: Apache License 2.0
Essential Services credentials for workers to manage risks around entry to controlled facilities
License: Apache License 2.0
Following the recent updates to vc-visual-verifier, we should update the deployment configurations so that content from a configmap can be mounted on the container to customize the landing page.
The pattern to follow would be similar to what we already do for the components deployed using issuer-kit
code, allowing the overrides to be defined by profile.
Add configuration to enable optional help text in issuer-web
components.
Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.
It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.
I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)
This issue is a kind reminder that your repository has been inactive for 181 days. Some repositories are maintained in accordance with business requirements that infrequently change thus appearing inactive, and some repositories are inactive because they are unmaintained.
To help differentiate products that are unmaintained from products that do not require frequent maintenance, repomountie will open an issue whenever a repository has not been updated in 180 days.
dormant
or retired
life cycle badge.Thank you for your help ensuring effective governance of our open-source ecosystem!
This issue is a kind reminder that your repository has been inactive for 180 days. Some repositories are maintained in accordance with business requirements that infrequently change thus appearing inactive, and some repositories are inactive because they are unmaintained.
To help differentiate products that are unmaintained from products that do not require frequent maintenance, repomountie will open an issue whenever a repository has not been updated in 180 days.
dormant
or retired
life cycle badge.Thank you for your help ensuring effective governance of our open-source ecosystem!
Several of the issuer agent instances are being throttled at >50% on average. Review and adjust the CPU resource allocations, primarily the CPU limit to reduce or eliminate the throttling. The goal should be to reduce throttling to <25% on average. For production an even lower average may be desirable.
These metrics can be easily reviewed using the Namespace Monitoring dashboard available through Grafana in our new monitoring stack.
Affected instances:
Open VP
Open VP CANdy
Ui6HA36FvN83cEtmYYHxrn
rooted on CANdy-DevCANdy - Unverified Person Issuer (Dev)
XZQpyaFa9hBUdJXfKHUvVg
rooted on CANdy-Dev
HTkhhCW1bAXWnxC1u3YVoa
rooted on CANdy-TestACAPY_READ_ONLY_LEDGER=true
CANdy - Unverified Person Issuer (Test)
9wVuYYDEDtpZ6CYMqSiWop
rooted on CANdy-Dev
4eCXHS79ykiMv2PoBxPK23
rooted on CANdy-TestACAPY_READ_ONLY_LEDGER=true
CANdy - Unverified Person Issuer (Prod)
XZQpyaFa9hBUdJXfKHUvVg
=> HTkhhCW1bAXWnxC1u3YVoa
Code references: https://github.com/search?q=org%3Abcgov+XZQpyaFa9hBUdJXfKHUvVg&type=code
Discussions: https://github.com/search?q=org%3Abcgov+XZQpyaFa9hBUdJXfKHUvVg&type=discussions
9wVuYYDEDtpZ6CYMqSiWop
=> 4eCXHS79ykiMv2PoBxPK23
Code references: https://github.com/search?q=org%3Abcgov+9wVuYYDEDtpZ6CYMqSiWop&type=code
Discussions: https://github.com/search?q=org%3Abcgov+XZQpyaFa9hBUdJXfKHUvVg&type=discussions
This issue is a kind reminder that your repository has been inactive for 483 days. Some repositories are maintained in accordance with business requirements that infrequently change thus appearing inactive, and some repositories are inactive because they are unmaintained.
To help differentiate products that are unmaintained from products that do not require frequent maintenance, repomountie will open an issue whenever a repository has not been updated in 180 days.
dormant
or retired
life cycle badge.Thank you for your help ensuring effective governance of our open-source ecosystem!
The deployment configurations for the API component need to be updated to match the new configurations used in identity-kit/issuer-kit.
Agent deployments in the namespace seem to be affected by reaching the compute - long running
quota, which causes new deployments to not roll-out.
Review and adjust resources as necessary.
<This is a work in progress -- details are still being added>
We need to deploy three standard issuers and a verifier in sequence as a stand in for the BC Registries issuer as part of the ISED Business Banking Initiative. That initiative has a business owner receiving three credentials about their business from BC Registries and then using those credentials to open a business bank account.
@esune -- I'll describe this using features we have today, but something to consider. Can we have the issuing happen from a single issuer using the same connection? No problem if not, but that would be neat :-)
The flow we'll be using is the following:
The VCs we can start with are all defined here: https://github.com/bcgov/von-bc-registries-agent/blob/master/bcreg-aca/config/schemas.yml. We want to use:
For a first cut, the Visual Verifier can grab interesting ones from all three -- registration_id, entity_name, entity_status (registration), First Name, Last Name, email address, phone number (verfied person) and Registration ID, Associated registration name, relationship_description, relationship_status (verified person relationship).
The services need to be deployed to the prod
namespace.
Wallets need to be migrated over from the OCP3 namespace, and for services using a *.vonx.io
vanity URL DNS migration and certificate installation needs to be performed as well.
@wadeking98 please proceed with deploying all the issuers in read only
mode, using the wallets and secret values from OCP3.
Once ready, coordinate with @WadeBarnes to add the vonx.io
routes and certificates, and switch the DNS entry to point to the new cluster.
Please deploy a new instance of the Unverified Person instance of Identity Kit, but anchored on the CANdy Dev network.
We will need to get an Endorser DID for this, and ideally have an automated way to create and execute transactions. However, for now, we can manually endorse (e.g., have Wade B do them with the Indy CLI) create, endorse and execute the necessary transactions.
For the URL, I suggest that we use "unvp-candy.dev" and then plan on later having a test versions of the URL.
Let me know what else is needed to get this done.
The project contains a number of deployments of both issuer-web
and visual-verifier
that use vc-authn
directly as authentication method.
Please update the configurations (either value in a secret or config.json
) to use the new OCP4 URLs, paying attention to use the correct instance of vc-authn
for each one.
Please update the "essential services" delivery instances to all use two ledgers for reading - Sovrin Staging (current) and CANdy-Dev (new). All of the existing instances should continue to write to Sovrin Staging (if necessary at all -- only those with revocation should need that). In doing this, all instances of ACA-Py need to be upgraded to 0.7.3-RC0 (for now) and 0.7.3 when available.
Per #108 -- please add a new deployment to this repo for a new unverified person, where that instance using both Sovrin Staging and CANdy-Dev (per the others), but that writes to CANdy-Dev.
In implementing these changes, please consider what improvements could be made to the management. What would change if we use a multi-tenant ACA-Py instance? What if we were using the (being designed) Traction API?
The test
and "prod"
OpenVP-CANdy issuer services have been migrated to their respective ledgers now that we have a full set of CANdy ledgers and not just dev
.
The migration included creating new DIDs for the services. The old DIDs and any credentials issued by those DIDs are still valid, so references to the existing credentials should be retained.
Details of the new (and old) DIDs can be found here; #124
Affects:
Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).
In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means its critical that we work to make our content as discoverable as possible; Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.
Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca
email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic
.
That's in, you're done!!!
Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz
to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.
If your org is not in the list below, or the table contains errors, please create an issue here.
While you're doing this, add additional topics
that would help someone searching for "something". These can be the language used javascript
or R
; something like opendata
or data
for data only repos; or any other key words that are useful.
Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.
If your application is live, add the production URL.
Short Code | Organization Name |
---|---|
AEST | Advanced Education, Skills & Training |
AGRI | Agriculture |
ALC | Agriculture Land Commission |
AG | Attorney General |
MCF | Children & Family Development |
CITZ | Citizens' Services |
DBC | Destination BC |
EMBC | Emergency Management BC |
EAO | Environmental Assessment Office |
EDUC | Education |
EMPR | Energy, Mines & Petroleum Resources |
ENV | Environment & Climate Change Strategy |
FIN | Finance |
FLNR | Forests, Lands, Natural Resource Operations & Rural Development |
HLTH | Health |
FLNR | Indigenous Relations & Reconciliation |
JEDC | Jobs, Economic Development & Competitiveness |
LBR | Labour Policy & Legislation |
LDB | BC Liquor Distribution Branch |
MMHA | Mental Health & Addictions |
MAH | Municipal Affairs & Housing |
BCPC | Pension Corporation |
PSA | Public Safety & Solicitor General & Emergency B.C. |
SDPR | Social Development & Poverty Reduction |
TCA | Tourism, Arts & Culture |
TRAN | Transportation & Infrastructure |
NOTE See an error or omission? Please create an issue here to get it remedied.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.