feat: add feature flag to enable/disable support for Anoncred (backend job and API) #1491

cloud-agent/service/server/src/main/resources/application.conf

@@ -9,6 +9,11 @@ prismNode {
   }
 }
 
+featureFlag {
+  enableAnomcred = false
+  enableAnomcred = ${?ENABLE_ANOMCRED}
+}
+
 pollux {
   database {
     host = "localhost"

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/MainApp.scala

@@ -149,6 +149,12 @@ object MainApp extends ZIOAppDefault {
         .ignore
 
       appConfig <- ZIO.service[AppConfig].provide(SystemModule.configLayer)
+      flags = appConfig.featureFlag
+      _ <- Console.printLine(s"""### Feature Flags: ####
+         | - Support for the credential type JWT VC is ${if (flags.enableJWT) "ENABLED" else "DISABLED"}
+         | - Support for the credential type SD JWT VC is ${if (flags.enableSDJWT) "ENABLED" else "DISABLED"}
+         | - Support for the credential type  Anomcred is ${if (flags.enableAnomcred) "ENABLED" else "DISABLED"}
+         |""")
       // these services are added to any DID document by default when they are created.
       defaultDidDocumentServices = Set(
         DidDocumentService(

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/config/AppConfig.scala

@@ -7,6 +7,7 @@ import org.hyperledger.identus.shared.db.DbConfig
 import org.hyperledger.identus.shared.messaging.MessagingServiceConfig
 import zio.config.magnolia.*
 import zio.Config
+import zio.ZIO
 
 import java.net.URL
 import java.time.Duration
@@ -17,6 +18,7 @@ final case class AppConfig(
     agent: AgentConfig,
     connect: ConnectConfig,
     prismNode: PrismNodeConfig,
+    featureFlag: FeatureFlagConfig
 ) {
   def validate: Either[String, Unit] =
     for {
@@ -39,6 +41,33 @@ object AppConfig {
 
 }
 
+final case class FeatureFlagConfig(
+    enableAnomcred: Boolean
+) {
+  def enableJWT: Boolean = true // Hardcoded for now // TODO FeatureNotImplemented
+  def enableSDJWT: Boolean = true // Hardcoded for now // TODO FeatureNotImplemented
+
+  def ifJWTIsEnabled[R, E, A](program: ZIO[R, E, A]) =
+    if (enableJWT) program else ZIO.logWarning(FeatureFlagConfig.messageIfDisableForJWT)
+  def ifSDJWTIsEnabled[R, E, A](program: ZIO[R, E, A]) =
+    if (enableSDJWT) program else ZIO.logWarning(FeatureFlagConfig.messageIfDisableForSDJWT)
+  def ifAnomcredIsEnabled[R, E, A](program: ZIO[R, E, A]) =
+    if (enableAnomcred) program else ZIO.logWarning(FeatureFlagConfig.messageIfDisableForAnomcred)
+
+  def ifJWTIsDisable[R, E, A](program: ZIO[R, E, A]) =
+    if (!enableJWT) ZIO.logWarning(FeatureFlagConfig.messageIfDisableForJWT) *> program else ZIO.unit
+  def ifSDJWTIsDisable[R, E, A](program: ZIO[R, E, A]) =
+    if (!enableSDJWT) ZIO.logWarning(FeatureFlagConfig.messageIfDisableForSDJWT) *> program else ZIO.unit
+  def ifAnomcredIsDisable[R, E, A](program: ZIO[R, E, A]) =
+    if (!enableAnomcred) ZIO.logWarning(FeatureFlagConfig.messageIfDisableForAnomcred) *> program else ZIO.unit
+}
+
+object FeatureFlagConfig {
+  def messageIfDisableForJWT = "Feature Disabled: Credential format JWT VC"
+  def messageIfDisableForSDJWT = "Feature Disabled: Credential format SD JWT VC"
+  def messageIfDisableForAnomcred = "Feature Disabled: Credential format Anomcred"
+}
+
 final case class VaultConfig(
     address: String,
     token: Option[String],

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/jobs/IssueBackgroundJobs.scala

@@ -273,17 +273,20 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
               _
             ) =>
           val holderPendingToGeneratedFlow = for {
-            walletAccessContext <- ZIO
-              .fromOption(offer.to)
-              .mapError(_ => CredentialServiceError.CredentialOfferMissingField(id.value, "recipient"))
-              .flatMap(buildWalletAccessContextLayer)
-            result <- for {
-              credentialService <- ZIO.service[CredentialService]
-              _ <- credentialService
-                .generateJWTCredentialRequest(id)
-                .provideSomeLayer(ZLayer.succeed(walletAccessContext))
-            } yield ()
-          } yield result
+            flags <- ZIO.service[AppConfig].map(_.featureFlag)
+            ret <- flags.ifJWTIsEnabled(
+              for {
+                walletAccessContext <- ZIO
+                  .fromOption(offer.to)
+                  .mapError(_ => CredentialServiceError.CredentialOfferMissingField(id.value, "recipient"))
+                  .flatMap(buildWalletAccessContextLayer)
+                credentialService <- ZIO.service[CredentialService]
+                _ <- credentialService
+                  .generateJWTCredentialRequest(id)
+                  .provideSomeLayer(ZLayer.succeed(walletAccessContext))
+              } yield ()
+            )
+          } yield ret
 
           holderPendingToGeneratedFlow @@ HolderPendingToGeneratedSuccess.trackSuccess
             @@ HolderPendingToGeneratedFailed.trackError
@@ -319,18 +322,20 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
               _
             ) =>
           val holderPendingToGeneratedFlow = for {
-            walletAccessContext <- ZIO
-              .fromOption(offer.to)
-              .mapError(_ => CredentialServiceError.CredentialOfferMissingField(id.value, "recipient"))
-              .flatMap(buildWalletAccessContextLayer)
-            result <- for {
-              credentialService <- ZIO.service[CredentialService]
-              _ <- credentialService
-                .generateSDJWTCredentialRequest(id)
-                .provideSomeLayer(ZLayer.succeed(walletAccessContext))
-            } yield ()
-          } yield result
-
+            flags <- ZIO.service[AppConfig].map(_.featureFlag)
+            ret <- flags.ifSDJWTIsEnabled(
+              for {
+                walletAccessContext <- ZIO
+                  .fromOption(offer.to)
+                  .mapError(_ => CredentialServiceError.CredentialOfferMissingField(id.value, "recipient"))
+                  .flatMap(buildWalletAccessContextLayer)
+                credentialService <- ZIO.service[CredentialService]
+                _ <- credentialService
+                  .generateSDJWTCredentialRequest(id)
+                  .provideSomeLayer(ZLayer.succeed(walletAccessContext))
+              } yield ()
+            )
+          } yield ret
           holderPendingToGeneratedFlow @@ HolderPendingToGeneratedSuccess.trackSuccess
             @@ HolderPendingToGeneratedFailed.trackError
             @@ HolderPendingToGeneratedAll
@@ -365,19 +370,20 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
               _
             ) =>
           val holderPendingToGeneratedFlow = for {
-            walletAccessContext <- ZIO
-              .fromOption(offer.to)
-              .mapError(_ => CredentialServiceError.CredentialOfferMissingField(id.value, "recipient"))
-              .flatMap(buildWalletAccessContextLayer)
-
-            result <- for {
-              credentialService <- ZIO.service[CredentialService]
-              _ <- credentialService
-                .generateAnonCredsCredentialRequest(id)
-                .provideSomeLayer(ZLayer.succeed(walletAccessContext))
-            } yield ()
-          } yield result
-
+            flags <- ZIO.service[AppConfig].map(_.featureFlag)
+            ret <- flags.ifAnomcredIsEnabled(
+              for {
+                walletAccessContext <- ZIO
+                  .fromOption(offer.to)
+                  .mapError(_ => CredentialServiceError.CredentialOfferMissingField(id.value, "recipient"))
+                  .flatMap(buildWalletAccessContextLayer)
+                credentialService <- ZIO.service[CredentialService]
+                _ <- credentialService
+                  .generateAnonCredsCredentialRequest(id)
+                  .provideSomeLayer(ZLayer.succeed(walletAccessContext))
+              } yield ()
+            )
+          } yield ret
           holderPendingToGeneratedFlow @@ HolderPendingToGeneratedSuccess.trackSuccess
             @@ HolderPendingToGeneratedFailed.trackError
             @@ HolderPendingToGeneratedAll
@@ -517,15 +523,18 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
           // Set ProtocolState to CredentialGenerated
           // TODO Move all logic to service
           val issuerPendingToGeneratedFlow = for {
-            walletAccessContext <- buildWalletAccessContextLayer(issue.from)
-            result <- (for {
-              credentialService <- ZIO.service[CredentialService]
-              config <- ZIO.service[AppConfig]
-              _ <- credentialService
-                .generateJWTCredential(id, config.pollux.statusListRegistry.publicEndpointUrl.toExternalForm)
-                .provideSomeLayer(ZLayer.succeed(walletAccessContext))
-            } yield ()).mapError(e => (walletAccessContext, e))
-          } yield result
+            config <- ZIO.service[AppConfig]
+            ret <- config.featureFlag.ifJWTIsEnabled(
+              for {
+                walletAccessContext <- buildWalletAccessContextLayer(issue.from)
+                credentialService <- ZIO.service[CredentialService]
+                _ <- credentialService
+                  .generateJWTCredential(id, config.pollux.statusListRegistry.publicEndpointUrl.toExternalForm)
+                  .provideSomeLayer(ZLayer.succeed(walletAccessContext))
+                  .mapError(e => (walletAccessContext, e))
+              } yield ()
+            )
+          } yield ret
 
           issuerPendingToGeneratedFlow @@ IssuerPendingToGeneratedSuccess.trackSuccess
             @@ IssuerPendingToGeneratedFailed.trackError
@@ -565,15 +574,20 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
           // Set ProtocolState to CredentialGenerated
           // TODO Move all logic to service
           val issuerPendingToGeneratedFlow = for {
-            walletAccessContext <- buildWalletAccessContextLayer(issue.from)
-            result <- (for {
-              credentialService <- ZIO.service[CredentialService]
-              config <- ZIO.service[AppConfig]
-              _ <- credentialService
-                .generateSDJWTCredential(id, config.pollux.credentialSdJwtExpirationTime)
-                .provideSomeLayer(ZLayer.succeed(walletAccessContext))
-            } yield ()).mapError(e => (walletAccessContext, e))
-          } yield result
+            config <- ZIO.service[AppConfig]
+            ret <- config.featureFlag.ifSDJWTIsEnabled(
+              for {
+                walletAccessContext <- buildWalletAccessContextLayer(issue.from)
+                result <- (for {
+                  credentialService <- ZIO.service[CredentialService]
+                  config <- ZIO.service[AppConfig]
+                  _ <- credentialService
+                    .generateSDJWTCredential(id, config.pollux.credentialSdJwtExpirationTime)
+                    .provideSomeLayer(ZLayer.succeed(walletAccessContext))
+                } yield ()).mapError(e => (walletAccessContext, e))
+              } yield result
+            )
+          } yield ret
 
           issuerPendingToGeneratedFlow @@ IssuerPendingToGeneratedSuccess.trackSuccess
             @@ IssuerPendingToGeneratedFailed.trackError
@@ -609,14 +623,20 @@ object IssueBackgroundJobs extends BackgroundJobsHelper {
               _,
             ) =>
           val issuerPendingToGeneratedFlow = for {
-            walletAccessContext <- buildWalletAccessContextLayer(issue.from)
-            result <- (for {
-              credentialService <- ZIO.service[CredentialService]
-              _ <- credentialService
-                .generateAnonCredsCredential(id)
-                .provideSomeLayer(ZLayer.succeed(walletAccessContext))
-            } yield ()).mapError(e => (walletAccessContext, e))
-          } yield result
+            config <- ZIO.service[AppConfig]
+            ret <-
+              config.featureFlag.ifAnomcredIsEnabled(
+                for {
+                  walletAccessContext <- buildWalletAccessContextLayer(issue.from)
+                  result <- (for {
+                    credentialService <- ZIO.service[CredentialService]
+                    _ <- credentialService
+                      .generateAnonCredsCredential(id)
+                      .provideSomeLayer(ZLayer.succeed(walletAccessContext))
+                  } yield ()).mapError(e => (walletAccessContext, e))
+                } yield result
+              )
+          } yield ret
 
           issuerPendingToGeneratedFlow @@ IssuerPendingToGeneratedSuccess.trackSuccess
             @@ IssuerPendingToGeneratedFailed.trackError

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/agent/server/jobs/PresentBackgroundJobs.scala

@@ -658,16 +658,21 @@ object PresentBackgroundJobs extends BackgroundJobsHelper {
           requestPresentation: RequestPresentation,
           credentialFormat: CredentialFormat
       ): ZIO[
-        CredentialService & DIDService & COMMON_RESOURCES,
+        AppConfig & CredentialService & DIDService & COMMON_RESOURCES,
         ERROR,
         Unit
       ] = {
-        val result =
-          credentialFormat match {
-            case CredentialFormat.JWT       => handle_JWT_VC(id, credentialsToUse, requestPresentation)
-            case CredentialFormat.SDJWT     => handle_SD_JWT_VC(id, credentialsToUse, requestPresentation)
-            case CredentialFormat.AnonCreds => handleAnoncred(id, maybeCredentialsToUseJson, requestPresentation)
+        val result = for {
+          flags <- ZIO.service[AppConfig].map(_.featureFlag)
+          ret <- credentialFormat match {
+            case CredentialFormat.JWT =>
+              flags.ifJWTIsEnabled(handle_JWT_VC(id, credentialsToUse, requestPresentation))
+            case CredentialFormat.SDJWT =>
+              flags.ifSDJWTIsEnabled(handle_SD_JWT_VC(id, credentialsToUse, requestPresentation))
+            case CredentialFormat.AnonCreds =>
+              flags.ifSDJWTIsEnabled(handleAnoncred(id, maybeCredentialsToUseJson, requestPresentation))
           }
+        } yield ret
         result @@ metric
       }
 
@@ -1067,12 +1072,17 @@ object PresentBackgroundJobs extends BackgroundJobsHelper {
         Failure,
         Unit
       ] = {
-        val result =
-          credentialFormat match {
-            case CredentialFormat.JWT       => handleJWT(id, requestPresentation, presentation, invitation)
-            case CredentialFormat.SDJWT     => handleSDJWT(id, presentation, invitation)
-            case CredentialFormat.AnonCreds => handleAnoncred(id, requestPresentation, presentation, invitation)
+        val result = for {
+          flags <- ZIO.service[AppConfig].map(_.featureFlag)
+          ret <- credentialFormat match {
+            case CredentialFormat.JWT =>
+              flags.ifJWTIsEnabled(handleJWT(id, requestPresentation, presentation, invitation))
+            case CredentialFormat.SDJWT =>
+              flags.ifSDJWTIsEnabled(handleSDJWT(id, presentation, invitation))
+            case CredentialFormat.AnonCreds =>
+              flags.ifAnomcredIsEnabled(handleAnoncred(id, requestPresentation, presentation, invitation))
           }
+        } yield ret
         result @@ metric
       }
 

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/api/http/ErrorResponse.scala

@@ -111,6 +111,14 @@ object ErrorResponse {
       detail = detail
     )
 
+  def badRequestDisabled(detail: String) =
+    ErrorResponse(
+      StatusCode.BadRequest.code,
+      `type` = "BadRequest",
+      title = "BadRequest_FeatureDisabled",
+      detail = Some(detail)
+    )
+
   def unprocessableEntity(title: String = "UnprocessableEntity", detail: Option[String] = None) =
     ErrorResponse(
       StatusCode.UnprocessableEntity.code,

cloud-agent/service/server/src/main/scala/org/hyperledger/identus/issue/controller/IssueControllerImpl.scala

@@ -1,6 +1,7 @@
 package org.hyperledger.identus.issue.controller
 
 import org.hyperledger.identus.agent.server.config.AppConfig
+import org.hyperledger.identus.agent.server.config.FeatureFlagConfig
 import org.hyperledger.identus.agent.server.ControllerHelper
 import org.hyperledger.identus.agent.walletapi.model.PublicationState
 import org.hyperledger.identus.agent.walletapi.model.PublicationState.{Created, PublicationPending, Published}
@@ -46,6 +47,22 @@ class IssueControllerImpl(
       expirationDuration: Option[Duration]
   )
 
+  private def checkFeatureFlag(credentialFormat: CredentialFormat) = for {
+    _ <- credentialFormat match // Fail if feature is disabled
+      case JWT =>
+        appConfig.featureFlag.ifJWTIsDisable(
+          ZIO.fail(ErrorResponse.badRequestDisabled(FeatureFlagConfig.messageIfDisableForJWT))
+        )
+      case SDJWT =>
+        appConfig.featureFlag.ifSDJWTIsDisable(
+          ZIO.fail(ErrorResponse.badRequestDisabled(FeatureFlagConfig.messageIfDisableForSDJWT))
+        )
+      case AnonCreds =>
+        appConfig.featureFlag.ifAnomcredIsDisable(
+          ZIO.fail(ErrorResponse.badRequestDisabled(FeatureFlagConfig.messageIfDisableForAnomcred))
+        )
+  } yield ()
+
   private def createCredentialOfferRecord(
       request: CreateIssueCredentialRecordRequest,
       offerContext: OfferContext
@@ -59,6 +76,7 @@ class IssueControllerImpl(
       credentialFormat <- ZIO.succeed(
         request.credentialFormat.map(CredentialFormat.valueOf).getOrElse(CredentialFormat.JWT)
       )
+      _ <- checkFeatureFlag(credentialFormat)
       outcome <-
         credentialFormat match
           case JWT =>
@@ -185,6 +203,7 @@ class IssueControllerImpl(
       connectionId <- ZIO
         .fromOption(request.connectionId)
         .mapError(_ => ErrorResponse.badRequest(detail = Some("Missing connectionId for credential offer")))
+      _ <- checkFeatureFlag(request.credentialFormat.map(CredentialFormat.valueOf).getOrElse(CredentialFormat.JWT))
       didIdPair <- getPairwiseDIDs(connectionId).provideSomeLayer(ZLayer.succeed(connectionService))
       offerContext = OfferContext(
         pairwiseIssuerDID = didIdPair.myDID,
@@ -202,6 +221,7 @@ class IssueControllerImpl(
   )(implicit rc: RequestContext): ZIO[WalletAccessContext, ErrorResponse, IssueCredentialRecord] = {
     for {
       peerDid <- managedDIDService.createAndStorePeerDID(appConfig.agent.didCommEndpoint.publicEndpointUrl)
+      _ <- checkFeatureFlag(request.credentialFormat.map(CredentialFormat.valueOf).getOrElse(CredentialFormat.JWT))
       offerContext = OfferContext(
         pairwiseIssuerDID = peerDid.did,
         pairwiseHolderDID = None,