Support adding/removing services and keys to an ion DID

[andresuribe87]

Overview

Support adding/removing services and keys to an ion DID. Must be custodied.

Description

This is the last part on #340. Most of the complexity comes from needing to ensure concurrent updates work.

Note that this PR uses the same abstractions from the SDK.

How Has This Been Tested?

Wrote a unit test.

[codecov-commenter]

Codecov Report

Merging #562 (1b19f92) into main (5710ace) will decrease coverage by 1.21%.
The diff coverage is 7.31%.

@@            Coverage Diff             @@
##             main     #562      +/-   ##
==========================================
- Coverage   26.64%   25.44%   -1.21%     
==========================================
  Files          55       55              
  Lines        5855     6198     +343     
==========================================
+ Hits         1560     1577      +17     
- Misses       4023     4346     +323     
- Partials      272      275       +3     

Files Changed	Coverage Δ
integration/common.go	2.20% <0.00%> (-0.03%)	⬇️
pkg/server/router/did.go	2.79% <0.00%> (-0.66%)	⬇️
pkg/service/did/service.go	0.00% <0.00%> (ø)
pkg/service/did/ion.go	30.39% <8.96%> (-31.93%)	⬇️
pkg/server/server.go	70.91% <100.00%> (+0.11%)	⬆️

[decentralgabe]

this works until we support update for other methods, then we'll probably want to reconsider this API

[andresuribe87]

I agree. Since we don't have other examples, I think this makes sense for now.

[decentralgabe]

I think this logic is better suited for the service layer, though it is OK to duplicate it

[andresuribe87]

The service layer method is called UpdateIONDID, to which you pass in an UpdateIONDIDRequest object. By design, it's not possible to call that method without an ION did.

The external facing API is open for evolution. The internal is specific so it's more clear and it's easier to maintain.

[decentralgabe]

this could work better (but also maybe premature optimization) to have this be a generic UpdateDID method, and then check if the method is ION. This helps us maintain a consistent abstraction between the router (just focused on http) and service (focused on all DID methods here)

[andresuribe87]

I do think it's premature. I propose we wait for when we have at least 2 methods for which we'll support updates.

Currently, it's only did:ion and I don't foresee others in the pipeline either.

[decentralgabe]

nit:

Suggested change

	func StoreDID(ctx context.Context, did StoredDID, tx storage.Tx) error {
	func StoreDID(ctx context.Context, tx storage.Tx, did StoredDID) error {

[andresuribe87]

Done

[decentralgabe]

could check to see whether any of the updates are set to make sure it's not a no-op

[andresuribe87]

I added this validation to ionHandler.UpdateDID. Could validate in both places, but the ionHandler one seems more appropriate in case other endpoints end up calling that method.

[decentralgabe]

sounds good

[decentralgabe]

could this be inverted to reduce nesting?

[decentralgabe]

or consider using a switch and 3 helper methods for readability

[andresuribe87]

I don't think it can be inverted. This works like a state machine. When all updates succeed, status will reflect all 3 states within the same call.

When there are failures in the middle, the last state is kept. This is done to ensure that our version of a DID is kept in sync with what was anchored.

[decentralgabe]

this should be blocked until 539 is in, no?

[andresuribe87]

Depends on how much pushback there will be for #539 :)

[decentralgabe]

why not call https://github.com/TBD54566975/ssi-sdk/blob/main/did/ion/operations.go#L175 instead

[andresuribe87]

I wasn't able to find a way in which I could create an instance of ion.DID with a custom update key. The only way to create an instance of that struct is by calling NewIONDID, which creates new update keys.

I agree that it would be desirable, but didn't want to block this PR on an SDK update.

[decentralgabe]

ok fair

[andresuribe87]

I agree. Since we don't have other examples, I think this makes sense for now.

[andresuribe87]

The service layer method is called UpdateIONDID, to which you pass in an UpdateIONDIDRequest object. By design, it's not possible to call that method without an ION did.

The external facing API is open for evolution. The internal is specific so it's more clear and it's easier to maintain.

[andresuribe87]

I added this validation to ionHandler.UpdateDID. Could validate in both places, but the ionHandler one seems more appropriate in case other endpoints end up calling that method.

[andresuribe87]

I don't think it can be inverted. This works like a state machine. When all updates succeed, status will reflect all 3 states within the same call.

When there are failures in the middle, the last state is kept. This is done to ensure that our version of a DID is kept in sync with what was anchored.

[andresuribe87]

I wasn't able to find a way in which I could create an instance of ion.DID with a custom update key. The only way to create an instance of that struct is by calling NewIONDID, which creates new update keys.

I agree that it would be desirable, but didn't want to block this PR on an SDK update.

[andresuribe87]

Depends on how much pushback there will be for #539 :)

[andresuribe87]

I do think it's premature. I propose we wait for when we have at least 2 methods for which we'll support updates.

Currently, it's only did:ion and I don't foresee others in the pipeline either.

[andresuribe87]

Done

[andresuribe87]

@decentralgabe could you help pointing me to the type of error that I would get if I send an operation to an ION node which has already been applied?

[decentralgabe]

I'm not sure to be honest, maybe @thehenrytsai would know

[nitro-neal]

is this the right error message?

[andresuribe87]

Fixed

[nitro-neal]

if we remove pub keys / add other pub keys, and the private keys are not in the system, this will be like a "gimp" did if I'm understanding this correctly

It wont be able to do things like issue a vc and stuff, I think we already have good error messages that would explain that if you try to do something like that.

[decentralgabe]

@andresuribe87 can we push this through?