fix: extract data-plane-iam module from data-plane-core

eclipse-edc · Aug 12, 2024 · fb7f8b3 · fb7f8b3
1 parent 7f51a3d
commit fb7f8b3
Show file tree

Hide file tree

Showing 24 changed files with 207 additions and 86 deletions.
diff --git a/core/data-plane/data-plane-core/build.gradle.kts b/core/data-plane/data-plane-core/build.gradle.kts
@@ -24,11 +24,8 @@ dependencies {
 
     implementation(project(":spi:common:token-spi"))
     implementation(project(":core:common:lib:store-lib"))
-    implementation(project(":core:common:token-core")) // for the JwtGenerationService
-    implementation(project(":core:common:boot"))
     implementation(project(":core:common:lib:util-lib"))
     implementation(project(":core:data-plane:data-plane-util"))
-    implementation(project(":extensions:common:http"))
     implementation(project(":core:common:lib:state-machine-lib"))
 
     implementation(libs.opentelemetry.instrumentation.annotations)

diff --git a/...java/org/eclipse/edc/connector/dataplane/framework/DataPlaneDefaultServicesExtension.java b/...java/org/eclipse/edc/connector/dataplane/framework/DataPlaneDefaultServicesExtension.java
@@ -18,6 +18,8 @@
 import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceSelectionStrategy;
 import org.eclipse.edc.connector.dataplane.framework.store.InMemoryAccessTokenDataStore;
 import org.eclipse.edc.connector.dataplane.framework.store.InMemoryDataPlaneStore;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
+import org.eclipse.edc.connector.dataplane.spi.iam.NoOpDataPlaneAuthorizationService;
 import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
 import org.eclipse.edc.connector.dataplane.spi.store.AccessTokenDataStore;
@@ -70,4 +72,10 @@ public PipelineService pipelineService(ServiceExtensionContext context) {
     public PublicEndpointGeneratorService publicEndpointGenerator() {
         return new PublicEndpointGeneratorServiceImpl();
     }
+
+    @Provider(isDefault = true)
+    public DataPlaneAuthorizationService dataPlaneAuthorizationService(ServiceExtensionContext context) {
+        context.getMonitor().info("No proper DataPlaneAuthorizationService provided. The data-plane won't support PULL transfer types.");
+        return new NoOpDataPlaneAuthorizationService();
+    }
 }
diff --git a/.../main/java/org/eclipse/edc/connector/dataplane/framework/DataPlaneFrameworkExtension.java b/.../main/java/org/eclipse/edc/connector/dataplane/framework/DataPlaneFrameworkExtension.java
@@ -15,14 +15,10 @@
 package org.eclipse.edc.connector.dataplane.framework;
 
 import org.eclipse.edc.connector.controlplane.api.client.spi.transferprocess.TransferProcessApiClient;
-import org.eclipse.edc.connector.dataplane.framework.iam.DataPlaneAuthorizationServiceImpl;
 import org.eclipse.edc.connector.dataplane.framework.manager.DataPlaneManagerImpl;
 import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceRegistryImpl;
 import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceSelectionStrategy;
-import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
-import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
-import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
 import org.eclipse.edc.connector.dataplane.spi.manager.DataPlaneManager;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.DataTransferExecutorServiceContainer;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
@@ -110,12 +106,6 @@ public class DataPlaneFrameworkExtension implements ServiceExtension {
     @Inject
     private PipelineService pipelineService;
     @Inject
-    private DataPlaneAccessTokenService accessTokenService;
-    @Inject
-    private DataPlaneAccessControlService accessControlService;
-    @Inject
-    private PublicEndpointGeneratorService endpointGenerator;
-
     private DataPlaneAuthorizationService authorizationService;
 
     @Override
@@ -144,7 +134,6 @@ public void initialize(ServiceExtensionContext context) {
                 .transferServiceRegistry(transferServiceRegistry)
                 .store(store)
                 .transferProcessClient(transferProcessApiClient)
-                .authorizationService(authorizationService(context))
                 .monitor(monitor)
                 .telemetry(telemetry)
                 .build();
@@ -172,14 +161,6 @@ public DataTransferExecutorServiceContainer dataTransferExecutorServiceContainer
                 executorInstrumentation.instrument(executorService, "Data plane transfers"));
     }
 
-    @Provider
-    public DataPlaneAuthorizationService authorizationService(ServiceExtensionContext context) {
-        if (authorizationService == null) {
-            authorizationService = new DataPlaneAuthorizationServiceImpl(accessTokenService, endpointGenerator, accessControlService, context.getParticipantId(), clock);
-        }
-        return authorizationService;
-    }
-
     @NotNull
     private EntityRetryProcessConfiguration getEntityRetryProcessConfiguration(ServiceExtensionContext context) {
         var retryLimit = context.getSetting(DATAPLANE_SEND_RETRY_LIMIT, DEFAULT_SEND_RETRY_LIMIT);

diff --git a/...ane-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/...ane-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
@@ -1,3 +1,2 @@
 org.eclipse.edc.connector.dataplane.framework.DataPlaneFrameworkExtension
 org.eclipse.edc.connector.dataplane.framework.DataPlaneDefaultServicesExtension
-org.eclipse.edc.connector.dataplane.framework.DataPlaneDefaultIamServicesExtension
diff --git a/...sql/configuration/DataSourceNameTest.java → ...sql/configuration/DataSourceNameTest.java b/...sql/configuration/DataSourceNameTest.java → ...sql/configuration/DataSourceNameTest.java
diff --git a/extensions/control-plane/api/control-plane-api-client/build.gradle.kts b/extensions/control-plane/api/control-plane-api-client/build.gradle.kts
@@ -31,6 +31,7 @@ dependencies {
     testImplementation(project(":extensions:control-plane:api:control-plane-api"))
     testImplementation(project(":extensions:common:api:control-api-configuration"))
     testImplementation(project(":extensions:common:auth:auth-tokenbased"))
+    testImplementation(project(":extensions:common:http"))
     testImplementation(project(":extensions:common:json-ld"))
     testImplementation(project(":extensions:data-plane:data-plane-signaling:data-plane-signaling-client"))
     testImplementation(testFixtures(project(":core:common:lib:http-lib")))

diff --git a/...tor/controlplane/api/client/transferprocess/TransferProcessHttpClientIntegrationTest.java b/...tor/controlplane/api/client/transferprocess/TransferProcessHttpClientIntegrationTest.java
@@ -82,9 +82,7 @@ void setUp(RuntimeExtension extension) {
                 "web.http.control.port", String.valueOf(port),
                 "web.http.control.path", "/control",
                 "edc.core.retry.retries.max", "0",
-                "edc.dataplane.send.retry.limit", "0",
-                "edc.transfer.proxy.token.verifier.publickey.alias", "alias",
-                "edc.transfer.proxy.token.signer.privatekey.alias", "alias"
+                "edc.dataplane.send.retry.limit", "0"
         ));
 
         extension.registerSystemExtension(ServiceExtension.class, new TransferServiceMockExtension(service));

diff --git a/...tp/src/test/java/org/eclipse/edc/connector/dataplane/http/DataPlaneHttpExtensionTest.java b/...tp/src/test/java/org/eclipse/edc/connector/dataplane/http/DataPlaneHttpExtensionTest.java
@@ -30,7 +30,6 @@
 import org.mockserver.integration.ClientAndServer;
 import org.mockserver.model.HttpResponse;
 
-import java.util.Map;
 import java.util.UUID;
 
 import static java.util.Collections.emptyMap;
@@ -52,10 +51,6 @@ public class DataPlaneHttpExtensionTest {
 
     @RegisterExtension
     private static final RuntimeExtension RUNTIME = new RuntimePerClassExtension()
-            .setConfiguration(Map.of(
-                    "edc.transfer.proxy.token.verifier.publickey.alias", "alias",
-                    "edc.transfer.proxy.token.signer.privatekey.alias", "alias"
-            ))
             .registerServiceMock(TransferProcessApiClient.class, mock());
 
     @BeforeAll

diff --git a/extensions/data-plane/data-plane-iam/build.gradle.kts b/extensions/data-plane/data-plane-iam/build.gradle.kts
@@ -0,0 +1,44 @@
+/*
+ *  Copyright (c) 2022 Contributors to the Eclipse Foundation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Contributors to the Eclipse Foundation - initial API and implementation
+ *
+ */
+
+plugins {
+    `java-library`
+}
+
+dependencies {
+//    api(project(":spi:common:core-spi"))
+//    api(project(":spi:control-plane:control-plane-api-client-spi"))
+    api(project(":spi:common:jwt-spi"))
+    api(project(":spi:common:jwt-signer-spi"))
+    api(project(":spi:common:token-spi"))
+    api(project(":spi:data-plane:data-plane-spi"))
+//
+//    implementation(project(":spi:common:token-spi"))
+//    implementation(project(":core:common:lib:store-lib"))
+    implementation(project(":core:common:token-core"))
+//    implementation(project(":core:common:boot"))
+//    implementation(project(":core:common:lib:util-lib"))
+//    implementation(project(":core:data-plane:data-plane-util"))
+//    implementation(project(":extensions:common:http"))
+//    implementation(project(":core:common:lib:state-machine-lib"))
+//
+//    implementation(libs.opentelemetry.instrumentation.annotations)
+//
+//    testImplementation(project(":core:common:lib:query-lib"))
+    testImplementation(project(":core:common:junit"))
+//    testImplementation(libs.awaitility)
+//    testImplementation(testFixtures(project(":spi:data-plane:data-plane-spi")))
+}
+
+
diff --git a/...DataPlaneDefaultIamServicesExtension.java → ...DataPlaneIamDefaultServicesExtension.java b/...DataPlaneDefaultIamServicesExtension.java → ...DataPlaneIamDefaultServicesExtension.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *  Copyright (c) 2024 Contributors to the Eclipse Foundation
  *
  *  This program and the accompanying materials are made available under the
  *  terms of the Apache License, Version 2.0 which is available at
@@ -8,19 +8,18 @@
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Contributors:
- *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *       Contributors to the Eclipse Foundation - initial API and implementation
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework;
+package org.eclipse.edc.connector.dataplane.iam;
 
-import org.eclipse.edc.connector.dataplane.framework.iam.DefaultDataPlaneAccessTokenServiceImpl;
+import org.eclipse.edc.connector.dataplane.iam.service.DefaultDataPlaneAccessTokenServiceImpl;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
 import org.eclipse.edc.connector.dataplane.spi.store.AccessTokenDataStore;
 import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
 import org.eclipse.edc.keys.spi.LocalPublicKeyService;
-import org.eclipse.edc.keys.spi.PrivateKeyResolver;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Provider;
@@ -31,13 +30,10 @@
 import org.eclipse.edc.token.JwtGenerationService;
 import org.eclipse.edc.token.spi.TokenValidationService;
 
-import java.util.function.Supplier;
+@Extension(value = DataPlaneIamDefaultServicesExtension.NAME)
+public class DataPlaneIamDefaultServicesExtension implements ServiceExtension {
 
-
-@Extension(value = DataPlaneDefaultIamServicesExtension.NAME)
-public class DataPlaneDefaultIamServicesExtension implements ServiceExtension {
-
-    public static final String NAME = "Data Plane Framework Default IAM Services";
+    public static final String NAME = "Data Plane Default IAM Services";
 
     @Setting(value = "Alias of private key used for signing tokens, retrieved from private key resolver")
     public static final String TOKEN_SIGNER_PRIVATE_KEY_ALIAS = "edc.transfer.proxy.token.signer.privatekey.alias";
@@ -49,8 +45,6 @@ public class DataPlaneDefaultIamServicesExtension implements ServiceExtension {
     @Inject
     private TokenValidationService tokenValidationService;
     @Inject
-    private PrivateKeyResolver privateKeyResolver;
-    @Inject
     private LocalPublicKeyService localPublicKeyService;
     @Inject
     private JwsSignerProvider jwsSignerProvider;
@@ -72,12 +66,10 @@ public DataPlaneAccessTokenService defaultAccessTokenService(ServiceExtensionCon
         var tokenSignerPrivateKeyAlias = context.getConfig().getString(TOKEN_SIGNER_PRIVATE_KEY_ALIAS);
         var monitor = context.getMonitor().withPrefix("DataPlane IAM");
         return new DefaultDataPlaneAccessTokenServiceImpl(new JwtGenerationService(jwsSignerProvider),
-                accessTokenDataStore, monitor, () -> tokenSignerPrivateKeyAlias,
-                publicKeyIdSupplier(tokenVerifierPublicKeyAlias), tokenValidationService, localPublicKeyService);
-    }
-
-    private Supplier<String> publicKeyIdSupplier(String tokenVerifierPublicKeyAlias) {
-        return () -> tokenVerifierPublicKeyAlias;
+                accessTokenDataStore, monitor,
+                () -> tokenSignerPrivateKeyAlias,
+                () -> tokenVerifierPublicKeyAlias,
+                tokenValidationService, localPublicKeyService);
     }
 
 }
diff --git a/...lane-iam/src/main/java/org/eclipse/edc/connector/dataplane/iam/DataPlaneIamExtension.java b/...lane-iam/src/main/java/org/eclipse/edc/connector/dataplane/iam/DataPlaneIamExtension.java
@@ -0,0 +1,54 @@
+/*
+ *  Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Contributors to the Eclipse Foundation - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.dataplane.iam;
+
+import org.eclipse.edc.connector.dataplane.iam.service.DataPlaneAuthorizationServiceImpl;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
+import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
+import org.eclipse.edc.runtime.metamodel.annotation.Extension;
+import org.eclipse.edc.runtime.metamodel.annotation.Inject;
+import org.eclipse.edc.runtime.metamodel.annotation.Provider;
+import org.eclipse.edc.spi.system.ServiceExtension;
+import org.eclipse.edc.spi.system.ServiceExtensionContext;
+
+import java.time.Clock;
+
+@Extension(value = DataPlaneIamExtension.NAME)
+public class DataPlaneIamExtension implements ServiceExtension {
+
+    public static final String NAME = "Data Plane IAM";
+
+    @Inject
+    private Clock clock;
+    @Inject
+    private DataPlaneAccessTokenService accessTokenService;
+    @Inject
+    private DataPlaneAccessControlService accessControlService;
+    @Inject
+    private PublicEndpointGeneratorService endpointGenerator;
+
+    @Override
+    public String name() {
+        return NAME;
+    }
+
+    @Provider
+    public DataPlaneAuthorizationService authorizationService(ServiceExtensionContext context) {
+        return new DataPlaneAuthorizationServiceImpl(accessTokenService, endpointGenerator, accessControlService, context.getParticipantId(), clock);
+    }
+
+}
diff --git a/...am/DataPlaneAuthorizationServiceImpl.java → ...ce/DataPlaneAuthorizationServiceImpl.java b/...am/DataPlaneAuthorizationServiceImpl.java → ...ce/DataPlaneAuthorizationServiceImpl.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *  Copyright (c) 2024 Contributors to the Eclipse Foundation
  *
  *  This program and the accompanying materials are made available under the
  *  terms of the Apache License, Version 2.0 which is available at
@@ -8,11 +8,11 @@
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Contributors:
- *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *       Contributors to the Eclipse Foundation - initial API and implementation
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework.iam;
+package org.eclipse.edc.connector.dataplane.iam.service;
 
 import org.eclipse.edc.connector.dataplane.spi.Endpoint;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;

diff --git a/...faultDataPlaneAccessTokenServiceImpl.java → ...faultDataPlaneAccessTokenServiceImpl.java b/...faultDataPlaneAccessTokenServiceImpl.java → ...faultDataPlaneAccessTokenServiceImpl.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *  Copyright (c) 2024 Contributors to the Eclipse Foundation
  *
  *  This program and the accompanying materials are made available under the
  *  terms of the Apache License, Version 2.0 which is available at
@@ -8,11 +8,11 @@
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Contributors:
- *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *       Contributors to the Eclipse Foundation - initial API and implementation
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework.iam;
+package org.eclipse.edc.connector.dataplane.iam.service;
 
 import org.eclipse.edc.connector.dataplane.spi.AccessTokenData;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
@@ -123,16 +123,15 @@ public Result<TokenRepresentation> obtainToken(TokenParameters parameters, DataA
 
     @Override
     public Result<AccessTokenData> resolve(String token) {
-        var validationResult = tokenValidationService.validate(token, publicKeyResolver, DATAPLANE_ACCESS_TOKEN_RULES);
-        if (validationResult.failed()) {
-            return validationResult.mapTo();
-        }
-        var tokenId = validationResult.getContent().getStringClaim(TOKEN_ID);
-        var existingAccessToken = accessTokenDataStore.getById(tokenId);
-
-        return existingAccessToken == null ?
-                Result.failure("AccessTokenData with ID '%s' does not exist.".formatted(tokenId)) :
-                Result.success(existingAccessToken);
+        return tokenValidationService.validate(token, publicKeyResolver, DATAPLANE_ACCESS_TOKEN_RULES)
+                .map(claimToken -> claimToken.getStringClaim(TOKEN_ID))
+                .compose(tokenId -> {
+                    var existingAccessToken = accessTokenDataStore.getById(tokenId);
+
+                    return existingAccessToken == null ?
+                            Result.failure("AccessTokenData with ID '%s' does not exist.".formatted(tokenId)) :
+                            Result.success(existingAccessToken);
+                });
     }
 
     @Override

diff --git a/...plane/framework/iam/TokenIdDecorator.java → ...taplane/iam/service/TokenIdDecorator.java b/...plane/framework/iam/TokenIdDecorator.java → ...taplane/iam/service/TokenIdDecorator.java
@@ -1,5 +1,5 @@
 /*
- *  Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *  Copyright (c) 2024 Contributors to the Eclipse Foundation
  *
  *  This program and the accompanying materials are made available under the
  *  terms of the Apache License, Version 2.0 which is available at
@@ -8,16 +8,16 @@
  *  SPDX-License-Identifier: Apache-2.0
  *
  *  Contributors:
- *       Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
+ *       Contributors to the Eclipse Foundation - initial API and implementation
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework.iam;
+package org.eclipse.edc.connector.dataplane.iam.service;
 
 import org.eclipse.edc.spi.iam.TokenParameters;
 import org.eclipse.edc.token.spi.TokenDecorator;
 
-import static org.eclipse.edc.connector.dataplane.framework.iam.DefaultDataPlaneAccessTokenServiceImpl.TOKEN_ID;
+import static org.eclipse.edc.connector.dataplane.iam.service.DefaultDataPlaneAccessTokenServiceImpl.TOKEN_ID;
 
 public class TokenIdDecorator implements TokenDecorator {
     private final String tokenId;

diff --git a/...lane-iam/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/...lane-iam/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
@@ -0,0 +1,2 @@
+org.eclipse.edc.connector.dataplane.iam.DataPlaneIamExtension
+org.eclipse.edc.connector.dataplane.iam.DataPlaneIamDefaultServicesExtension