Creating Organizations

This procedure describes how to create and manage Pike organizations and agents using Grid’s command-line interface.

Each Grid item such as a schema or product requires an owning organization and at least one active agent with permissions to create and update those Grid items.

Prerequisites

  • For Grid on Sawtooth:

    • A working Grid node. This procedure includes verification steps on a second Grid node, but all steps can be performed on a single node.

  • For Grid on Splinter:

    • Two or more working Grid nodes. (See Running Grid on Splinter for the procedure to set up and run Grid in Docker containers.) The examples in this procedure show two nodes, alpha-node-000 and beta-node-000, that are running in a Docker environment.

    • An approved Splinter circuit with two or more member nodes. (See Creating Splinter Circuits for more information.) This procedure assumes that there is a circuit with alpha-node-000 and beta-node-000 as members.

    • A fully qualified service ID for the scabbard service on this circuit, in the format CircuitID::ServiceString. (See Determine the Service ID for the commands to display this information.) This procedure uses the example ID 01234-ABCDE::gsAA.

  • The Grid daemon’s endpoint (URL and port) on one or both nodes. This procedure uses https://localhost:8080.

Important Notes

The examples in this procedure use the node hostnames, container names, node IDs, and URLs that are defined in the example docker-compose file, examples/splinter/docker-compose.yaml. If you are not using this example environment, replace these items with the actual values for your nodes.

Procedure

Connect to a Grid Node

  1. Start a bash session in your node’s gridd Docker container (such as gridd-alpha). You will use this container to run Grid commands on the node (for example, alpha-node-000).

    $ docker exec -it gridd-alpha bash
    root@gridd-alpha:/#
    

Generate Agent Keys

  1. Generate a secp256k1 key pair for the organization’s agent on the alpha node. This key will be used to sign the Grid transactions that create organizations and set agent permissions.

    This example uses the base name alpha-agent to indicate that you will be acting as your organization’s agent to add products and other Grid items from the alpha node.

    root@gridd-alpha:/# grid keygen alpha-agent
    Writing /root/.grid/keys/alpha-agent.priv
    Writing /root/.grid/keys/alpha-agent.pub
    

Set Environment Variables

Set the following Grid environment variables to simplify entering the grid commands in this procedure.

  1. Set GRID_DAEMON_KEY to the base name of the agent’s public/private key files (such as alpha-agent). This environment variable replaces the -k option on the grid command line.

    Tip: If you’re using this example docker-compose environment, this variable is already defined for the gridd-alpha and gridd-beta containers.

    root@gridd-alpha:/# export GRID_DAEMON_KEY="alpha-agent"
    

    Note: Although this variable has “daemon” in the name, it should reference the user key files in $HOME/.grid/keys, not the Grid daemon’s key files in /etc/grid/keys.

  2. Set GRID_DAEMON_ENDPOINT to the endpoint for the node’s gridd container (such as https://localhost:8080). This environment variable replaces the --url option on the grid command line.

    Tip: If you’re using this example docker-compose environment, this variable is already defined for the gridd-alpha and gridd-beta containers.

    root@gridd-alpha:/# export GRID_DAEMON_ENDPOINT="https://localhost:8080"
    
  3. For Grid on Splinter: Set GRID_SERVICE_ID to the fully qualified service ID for the scabbard service on this circuit (such as 01234-ABCDE::gsAA). This environment variable replaces the --service_id option on the grid command line.

    root@gridd-alpha:/# export GRID_SERVICE_ID=01234-ABCDE::gsAA
    

Create an Organization

  1. Create a new organization by specifying a unique organization ID, the organization’s name and street address, and optional metadata (as key-value strings).

    This example uses the ID 314156, the name myorg, an imaginary street address, and GS1-specific metadata to note that the ID is a GS1 company prefix.

    root@gridd-alpha:/# grid organization create \
    314156 myorg '123 main street' \
    --metadata gs1_company_prefixes=314156
    

    This command creates and submits a transaction to create a new Pike organization with the data you supplied, as well as a new Pike agent with the admin role and active status.

    The transaction is signed with the agent’s private key, as derived from the base name specified by GRID_DAEMON_KEY (or with the -k option on the command line). The agent’s public key is used as the agent ID.

    Note: This command doesn’t display any output. Instead, check the log messages (in the terminal window where you started the Grid Docker environment) for the success or failure of this operation.

Set Agent Permissions

A newly created agent does not have any permissions, which means the agent cannot make Grid-related changes on behalf of the organization. The following steps show how to set the appropriate permissions (also called “Pike roles”) for products, schemas, and other Grid features.

Note: An agent belongs to only one organization. All agent permissions apply only to this organization.

  1. Verify that the agent’s public key file exists in ~/.grid/keys/alpha-agent.pub. If not, you must specify contents of the public key file in the next command.

  2. Set the appropriate permissions (also called “Pike roles”) for the agent. The following command requires the organization ID (such as 314156) and the agent’s public key string.

    This example allows the agent to create schemas and to create, update, and delete products.

    root@gridd-alpha:/# grid agent update \
    314156 $(cat ~/.grid/keys/alpha-agent.pub) \
    --active \
    --role can_create_schema \
    --role can_create_product \
    --role can_update_product \
    --role can_delete_product \
    --role admin
    

    Note: You must specify --active and --role admin, even though the previous command automatically enabled these settings. The grid CLI requires these options to ensure that these important settings are not accidentally changed.

Display Organizations and Agents

The Grid REST API provides the /organization and /agent endpoints to query the distributed ledger for organization and agent information. You can use curl to submit requests to the Grid REST API from the command line.

The following examples show how to run these commands on your host system, because the curl command is not available by default in the gridd container in the example environment.

  1. In the Grid node’s gridd container, display the fully qualified service ID and copy it to use in the following curl commands.

    root@gridd-alpha:/# echo $GRID_SERVICE_ID
    01234-ABCDE::gsAA
    

    Note: Because requests to the Grid REST API are handled by the scabbard service on an existing circuit, a fully qualified service ID is required.

  2. Request the list of organizations (from a system with curl installed).

    $ echo curl https://localhost:8080/organization?service_id=01234-ABCDE::gsAA
    
  3. Request the list of agents.

    $ echo curl http://localhost:8080/agent?service_id=01234-ABCDE::gsAA
    

Next Steps

Once you have an organization and one or more agents with schema and product permissions, you can define a product schema and create products. For more information, see Using Grid Features.