diff --git a/.github/workflows/verify.yaml b/.github/workflows/verify.yaml
index 889bb277876..c9208704407 100644
--- a/.github/workflows/verify.yaml
+++ b/.github/workflows/verify.yaml
@@ -63,30 +63,7 @@ jobs:
with:
command: ./gradlew test jacocoTestReport
- Aws-Integration-Tests:
- runs-on: ubuntu-latest
-
- env:
- S3_ACCESS_KEY_ID: root
- S3_SECRET_ACCESS_KEY: password
-
- services:
- minio:
- image: bitnami/minio:latest
- ports:
- - 9000:9000
- env:
- MINIO_ROOT_USER: root
- MINIO_ROOT_PASSWORD: password
- steps:
- - uses: actions/checkout@v3
- - uses: ./.github/actions/setup-build
-
- - name: AWS Tests
- uses: ./.github/actions/run-tests
- with:
- command: ./gradlew -p extensions test -DincludeTags="AwsS3IntegrationTest"
Daps-Integration-Tests:
runs-on: ubuntu-latest
diff --git a/extensions/common/aws/aws-s3-core/README.md b/extensions/common/aws/aws-s3-core/README.md
deleted file mode 100644
index ad7d1c0ec85..00000000000
--- a/extensions/common/aws/aws-s3-core/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# S3 Core
-
-This extension registers an AWS credentials provider that can be used by all the S3 related extensions.
-
-The credentials lookup works in this order:
-- vault (through the keys specified in the [Configuration](#configuration))
-- if there are no vault keys, the AWS `DefaultCredentialProvider` will look at:
-> 1. Java System Properties - aws.accessKeyId and aws.secretAccessKey
-> 2. Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
-> 3. Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
-> 4. Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" environment variable is set and security manager has permission to access the variable,
-> 5. Instance profile credentials delivered through the Amazon EC2 metadata service
-
-## Configuration
-
-| Parameter name | Description | Mandatory | Default value |
-|-----------------------------------------|------------------------------------------------------------------|-----------|---------------|
-| `edc.aws.access.key` | The key of the secret where the AWS Access Key Id is stored. | false | null |
-| `edc.aws.secret.access.key` | The key of the secret where the AWS Secret Access Key is stored. | false | 5 |
-| `edc.aws.endpoint.override` | If valued, the AWS clients will point to the specified endpoint. | false | null |
-| `edc.aws.client.async.thread-pool-size` | The size of the thread pool used for the async clients. | false | 50 |
diff --git a/extensions/common/aws/aws-s3-core/build.gradle.kts b/extensions/common/aws/aws-s3-core/build.gradle.kts
deleted file mode 100644
index 289a4a38d5c..00000000000
--- a/extensions/common/aws/aws-s3-core/build.gradle.kts
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-plugins {
- `java-library`
-}
-
-dependencies {
- api(project(":spi:control-plane:transfer-spi"))
-
- api(libs.failsafe.core)
-
- api(libs.aws.iam)
- api(libs.aws.s3)
- api(libs.aws.sts)
-}
-
-
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProvider.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProvider.java
deleted file mode 100644
index abec4f65d31..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProvider.java
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
- * Copyright (c) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - Initial implementation
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-import org.eclipse.edc.connector.transfer.spi.types.SecretToken;
-import org.eclipse.edc.runtime.metamodel.annotation.ExtensionPoint;
-import software.amazon.awssdk.services.iam.IamAsyncClient;
-import software.amazon.awssdk.services.s3.S3AsyncClient;
-import software.amazon.awssdk.services.s3.S3Client;
-import software.amazon.awssdk.services.sts.StsAsyncClient;
-
-/**
- * Provide various AWS client shapes
- *
- * Caching by region:
- * - S3Client
- * - S3AsyncClient
- * - StsAsyncClient
- *
- * Single instance for the aws-global region:
- * - IamAsyncClient
- *
- * Instantiated on-fly given a SecretToken:
- * - S3Client
- */
-@ExtensionPoint
-public interface AwsClientProvider {
-
- /**
- * Returns the client for the specified region with the secret token credentials
- */
- S3Client s3Client(String region, SecretToken secretToken);
-
- /**
- * Returns the s3 client for the specified region
- */
- S3Client s3Client(String region);
-
- /**
- * Returns the s3 async client for the specified region
- */
- S3AsyncClient s3AsyncClient(String region);
-
- /**
- * Returns the iam async client for the global region
- */
- IamAsyncClient iamAsyncClient();
-
- /**
- * Returns the sts async client for the specified region
- */
- StsAsyncClient stsAsyncClient(String region);
-
- /**
- * Releases resources used by the provider.
- */
- void shutdown();
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProviderConfiguration.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProviderConfiguration.java
deleted file mode 100644
index 7b1ff853285..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProviderConfiguration.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*
- * Copyright (c) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-
-import java.net.URI;
-import java.util.Objects;
-
-public class AwsClientProviderConfiguration {
-
- static final int DEFAULT_AWS_ASYNC_CLIENT_THREAD_POOL_SIZE = 50;
-
- private AwsCredentialsProvider credentialsProvider;
- private URI endpointOverride;
- private int threadPoolSize = DEFAULT_AWS_ASYNC_CLIENT_THREAD_POOL_SIZE;
-
- private AwsClientProviderConfiguration() {
-
- }
-
- public AwsCredentialsProvider getCredentialsProvider() {
- return credentialsProvider;
- }
-
- public URI getEndpointOverride() {
- return endpointOverride;
- }
-
- public int getThreadPoolSize() {
- return threadPoolSize;
- }
-
- public static class Builder {
-
- private final AwsClientProviderConfiguration configuration = new AwsClientProviderConfiguration();
-
- private Builder() {
-
- }
-
- public static Builder newInstance() {
- return new Builder();
- }
-
- public Builder credentialsProvider(AwsCredentialsProvider credentialsProvider) {
- configuration.credentialsProvider = credentialsProvider;
- return this;
- }
-
- public Builder endpointOverride(URI endpointOverride) {
- configuration.endpointOverride = endpointOverride;
- return this;
- }
-
- public Builder threadPoolSize(int threadPoolSize) {
- configuration.threadPoolSize = threadPoolSize;
- return this;
- }
-
- public AwsClientProviderConfiguration build() {
- Objects.requireNonNull(configuration.credentialsProvider, "AWS Credentials Provider is mandatory");
-
- return configuration;
- }
- }
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProviderImpl.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProviderImpl.java
deleted file mode 100644
index 4a4fbaea24f..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsClientProviderImpl.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Copyright (c) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - Initial implementation
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-import org.eclipse.edc.connector.transfer.spi.types.SecretToken;
-import org.eclipse.edc.spi.EdcException;
-import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
-import software.amazon.awssdk.auth.credentials.AwsCredentials;
-import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-import software.amazon.awssdk.auth.credentials.AwsSessionCredentials;
-import software.amazon.awssdk.auth.credentials.StaticCredentialsProvider;
-import software.amazon.awssdk.core.client.builder.SdkClientBuilder;
-import software.amazon.awssdk.regions.Region;
-import software.amazon.awssdk.services.iam.IamAsyncClient;
-import software.amazon.awssdk.services.s3.S3AsyncClient;
-import software.amazon.awssdk.services.s3.S3BaseClientBuilder;
-import software.amazon.awssdk.services.s3.S3Client;
-import software.amazon.awssdk.services.s3.S3ClientBuilder;
-import software.amazon.awssdk.services.s3.S3Configuration;
-import software.amazon.awssdk.services.sts.StsAsyncClient;
-import software.amazon.awssdk.utils.SdkAutoCloseable;
-import software.amazon.awssdk.utils.ThreadFactoryBuilder;
-
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.Executor;
-import java.util.concurrent.Executors;
-
-import static software.amazon.awssdk.core.client.config.SdkAdvancedAsyncClientOption.FUTURE_COMPLETION_EXECUTOR;
-
-public class AwsClientProviderImpl implements AwsClientProvider {
-
- private final AwsCredentialsProvider credentialsProvider;
- private final AwsClientProviderConfiguration configuration;
- private final Executor executor;
- private final Map s3Clients = new ConcurrentHashMap<>();
- private final Map s3AsyncClients = new ConcurrentHashMap<>();
- private final Map stsAsyncClients = new ConcurrentHashMap<>();
- private final IamAsyncClient iamAsyncClient;
-
- public AwsClientProviderImpl(AwsClientProviderConfiguration configuration) {
- this.credentialsProvider = configuration.getCredentialsProvider();
- this.configuration = configuration;
- this.executor = Executors.newFixedThreadPool(configuration.getThreadPoolSize(), new ThreadFactoryBuilder().threadNamePrefix("aws-client").build());
- this.iamAsyncClient = createIamAsyncClient();
- }
-
- @Override
- public S3Client s3Client(String region, SecretToken token) {
- if (token instanceof AwsTemporarySecretToken) {
- var temporary = (AwsTemporarySecretToken) token;
- var credentials = AwsSessionCredentials.create(temporary.getAccessKeyId(), temporary.getSecretAccessKey(), temporary.getSessionToken());
- return createS3Client(credentials, region);
- } else if (token instanceof AwsSecretToken) {
- var secretToken = (AwsSecretToken) token;
- var credentials = AwsBasicCredentials.create(secretToken.getAccessKeyId(), secretToken.getSecretAccessKey());
- return createS3Client(credentials, region);
- } else {
- throw new EdcException(String.format("SecretToken %s is not supported", token.getClass()));
- }
- }
-
- @Override
- public S3Client s3Client(String region) {
- return s3Clients.computeIfAbsent(region, this::createS3Client);
- }
-
- @Override
- public S3AsyncClient s3AsyncClient(String region) {
- return s3AsyncClients.computeIfAbsent(region, this::createS3AsyncClient);
- }
-
- @Override
- public IamAsyncClient iamAsyncClient() {
- return iamAsyncClient;
- }
-
- @Override
- public StsAsyncClient stsAsyncClient(String region) {
- return stsAsyncClients.computeIfAbsent(region, this::createStsClient);
- }
-
- @Override
- public void shutdown() {
- iamAsyncClient.close();
- s3Clients.values().forEach(SdkAutoCloseable::close);
- s3AsyncClients.values().forEach(SdkAutoCloseable::close);
- stsAsyncClients.values().forEach(SdkAutoCloseable::close);
- }
-
- private S3Client createS3Client(AwsCredentials credentials, String region) {
- var credentialsProvider = StaticCredentialsProvider.create(credentials);
- var builder = S3Client.builder()
- .credentialsProvider(credentialsProvider)
- .region(Region.of(region));
-
- handleBaseEndpointOverride(builder);
-
- return builder.build();
- }
-
- private S3Client createS3Client(String region) {
- S3ClientBuilder builder = S3Client.builder()
- .credentialsProvider(credentialsProvider)
- .region(Region.of(region));
-
- handleBaseEndpointOverride(builder);
-
- return builder.build();
- }
-
- private S3AsyncClient createS3AsyncClient(String region) {
- var builder = S3AsyncClient.builder()
- .asyncConfiguration(b -> b.advancedOption(FUTURE_COMPLETION_EXECUTOR, executor))
- .credentialsProvider(credentialsProvider)
- .region(Region.of(region));
-
- handleBaseEndpointOverride(builder);
-
- return builder.build();
- }
-
- private StsAsyncClient createStsClient(String region) {
- var builder = StsAsyncClient.builder()
- .asyncConfiguration(b -> b.advancedOption(FUTURE_COMPLETION_EXECUTOR, executor))
- .credentialsProvider(credentialsProvider)
- .region(Region.of(region));
-
- handleEndpointOverride(builder);
-
- return builder.build();
- }
-
- private IamAsyncClient createIamAsyncClient() {
- var builder = IamAsyncClient.builder()
- .asyncConfiguration(b -> b.advancedOption(FUTURE_COMPLETION_EXECUTOR, executor))
- .credentialsProvider(credentialsProvider)
- .region(Region.AWS_GLOBAL);
-
- handleEndpointOverride(builder);
-
- return builder.build();
- }
-
- private void handleBaseEndpointOverride(S3BaseClientBuilder builder) {
- var endpointOverride = configuration.getEndpointOverride();
- if (endpointOverride != null) {
- builder.serviceConfiguration(S3Configuration.builder().pathStyleAccessEnabled(true).build())
- .endpointOverride(endpointOverride);
- }
- }
-
- private void handleEndpointOverride(SdkClientBuilder builder) {
- var endpointOverride = configuration.getEndpointOverride();
- if (endpointOverride != null) {
- builder.endpointOverride(endpointOverride);
- }
- }
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsSecretToken.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsSecretToken.java
deleted file mode 100644
index 760a07f1df7..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsSecretToken.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import org.eclipse.edc.connector.transfer.spi.types.SecretToken;
-
-import java.util.Objects;
-
-public class AwsSecretToken implements SecretToken {
- private final String accessKeyId;
- private final String secretAccessKey;
-
- public AwsSecretToken(@JsonProperty("accessKeyId") String accessKeyId, @JsonProperty("secretAccessKey") String secretAccessKey) {
- this.accessKeyId = accessKeyId;
- this.secretAccessKey = secretAccessKey;
- }
-
- @Override
- public long getExpiration() {
- return 0;
- }
-
- public String getAccessKeyId() {
- return accessKeyId;
- }
-
- public String getSecretAccessKey() {
- return secretAccessKey;
- }
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
- AwsSecretToken that = (AwsSecretToken) o;
- return Objects.equals(accessKeyId, that.accessKeyId) && Objects.equals(secretAccessKey, that.secretAccessKey);
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(accessKeyId, secretAccessKey);
- }
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsTemporarySecretToken.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsTemporarySecretToken.java
deleted file mode 100644
index 0be4c457d6b..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/AwsTemporarySecretToken.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import org.eclipse.edc.connector.transfer.spi.types.SecretToken;
-
-public class AwsTemporarySecretToken implements SecretToken {
- private final String sessionToken;
- private final long expiration;
- private final String accessKeyId;
- private final String secretAccessKey;
-
- public AwsTemporarySecretToken(@JsonProperty("accessKeyId") String accessKeyId, @JsonProperty("secretAccessKey") String secretAccessKey, @JsonProperty("sessionToken") String sessionToken, @JsonProperty("expiration") long expiration) {
- this.sessionToken = sessionToken;
- this.expiration = expiration;
- this.accessKeyId = accessKeyId;
- this.secretAccessKey = secretAccessKey;
- }
-
- public String getSessionToken() {
- return sessionToken;
- }
-
- @Override
- public long getExpiration() {
- return expiration;
- }
-
- public String getAccessKeyId() {
- return accessKeyId;
- }
-
- public String getSecretAccessKey() {
- return secretAccessKey;
- }
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/S3BucketSchema.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/S3BucketSchema.java
deleted file mode 100644
index 2c47b60fca8..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/S3BucketSchema.java
+++ /dev/null
@@ -1,23 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-public interface S3BucketSchema {
- String TYPE = "AmazonS3";
- String REGION = "region";
- String BUCKET_NAME = "bucketName";
- String ACCESS_KEY_ID = "accessKeyId";
- String SECRET_ACCESS_KEY = "secretAccessKey";
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/S3CoreExtension.java b/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/S3CoreExtension.java
deleted file mode 100644
index 9fed0f5b26d..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/java/org/eclipse/edc/aws/s3/S3CoreExtension.java
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright (c) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
- *
- */
-
-package org.eclipse.edc.aws.s3;
-
-import org.eclipse.edc.runtime.metamodel.annotation.Extension;
-import org.eclipse.edc.runtime.metamodel.annotation.Inject;
-import org.eclipse.edc.runtime.metamodel.annotation.Provider;
-import org.eclipse.edc.runtime.metamodel.annotation.Setting;
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.security.Vault;
-import org.eclipse.edc.spi.system.ServiceExtension;
-import org.eclipse.edc.spi.system.ServiceExtensionContext;
-import org.jetbrains.annotations.NotNull;
-import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
-import software.amazon.awssdk.auth.credentials.AwsCredentialsProvider;
-import software.amazon.awssdk.auth.credentials.DefaultCredentialsProvider;
-
-import java.net.URI;
-import java.util.Optional;
-
-import static java.lang.String.format;
-import static org.eclipse.edc.aws.s3.AwsClientProviderConfiguration.DEFAULT_AWS_ASYNC_CLIENT_THREAD_POOL_SIZE;
-
-@Extension(value = S3CoreExtension.NAME)
-public class S3CoreExtension implements ServiceExtension {
-
- public static final String NAME = "S3";
- @Setting(value = "The key of the secret where the AWS Access Key Id is stored")
- private static final String AWS_ACCESS_KEY = "edc.aws.access.key";
- @Setting(value = "The key of the secret where the AWS Secret Access Key is stored")
- private static final String AWS_SECRET_KEY = "edc.aws.secret.access.key";
- @Setting(value = "If valued, the AWS clients will point to the specified endpoint")
- private static final String AWS_ENDPOINT_OVERRIDE = "edc.aws.endpoint.override";
- @Setting(value = "The size of the thread pool used for the async clients")
- private static final String AWS_ASYNC_CLIENT_THREAD_POOL_SIZE = "edc.aws.client.async.thread-pool-size";
- @Inject
- private Vault vault;
-
- @Inject
- private Monitor monitor;
-
- @Override
- public String name() {
- return NAME;
- }
-
- @Provider
- public AwsClientProvider awsClientProvider(ServiceExtensionContext context) {
- var endpointOverride = Optional.of(AWS_ENDPOINT_OVERRIDE)
- .map(key -> context.getSetting(key, null))
- .map(URI::create)
- .orElse(null);
-
- var threadPoolSize = context.getSetting(AWS_ASYNC_CLIENT_THREAD_POOL_SIZE, DEFAULT_AWS_ASYNC_CLIENT_THREAD_POOL_SIZE);
-
- var configuration = AwsClientProviderConfiguration.Builder.newInstance()
- .credentialsProvider(createCredentialsProvider(context))
- .endpointOverride(endpointOverride)
- .threadPoolSize(threadPoolSize)
- .build();
-
- return new AwsClientProviderImpl(configuration);
- }
-
- @NotNull
- private AwsCredentialsProvider createCredentialsProvider(ServiceExtensionContext context) {
- var accessKey = vault.resolveSecret(context.getSetting(AWS_ACCESS_KEY, AWS_ACCESS_KEY));
- var secretKey = vault.resolveSecret(context.getSetting(AWS_SECRET_KEY, AWS_SECRET_KEY));
-
- if (accessKey == null || secretKey == null) {
- monitor.info(format("S3: %s and %s were not found in the vault, DefaultCredentialsProvider will be used", AWS_ACCESS_KEY, AWS_SECRET_KEY));
- return DefaultCredentialsProvider.create();
- }
-
- return () -> AwsBasicCredentials.create(accessKey, secretKey);
- }
-
-}
diff --git a/extensions/common/aws/aws-s3-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/common/aws/aws-s3-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
deleted file mode 100644
index e63d7277986..00000000000
--- a/extensions/common/aws/aws-s3-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-# Copyright (c) 2022 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#
-# This program and the accompanying materials are made available under the
-# terms of the Apache License, Version 2.0 which is available at
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Contributors:
-# Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#
-#
-
-org.eclipse.edc.aws.s3.S3CoreExtension
-
diff --git a/extensions/common/aws/aws-s3-test/README.md b/extensions/common/aws/aws-s3-test/README.md
deleted file mode 100644
index b23c5adce51..00000000000
--- a/extensions/common/aws/aws-s3-test/README.md
+++ /dev/null
@@ -1,34 +0,0 @@
-# AWS Test
-
-## Local testing using MinIO
-
-To run AWS integration tests you will need a MinIO instance running:
-```
-docker run -d -p 9000:9000 -e MINIO_ROOT_USER=root -e MINIO_ROOT_PASSWORD=password bitnami/minio:latest
-```
-
-Then set the two environment variables:
-```
-S3_ACCESS_KEY_ID=root
-S3_SECRET_ACCESS_KEY=password
-```
-
-## Test using your AWS credential
-
-`IT_AWS_ENDPOINT` can be used to override [endpoint](https://docs.aws.amazon.com/general/latest/gr/s3.html) URI
-for running integration tests against AWS S3 by environment variable:
-
-```
-$ IT_AWS_ENDPOINT=https://s3.us-east-1.amazonaws.com/ \
- IT_AWS_REGION=us-east-1 \
- IT_AWS_PROFILE=myprofie \
- ./gradlew clean test -DincludeTags="AwsS3IntegrationTest" --tests '*S3StatusCheckerIntegrationTest'
-```
-
-`IT_AWS_REGION` must be set to your region code in order to avoid
-["A conflicting conditional operation is currently in progress against this resource." error](http://stackoverflow.com/questions/13898057/aws-error-message-a-conflicting-conditional-operation-is-currently-in-progress).
-
-`IT_AWS_PROFILE` can be used to specify
-[named profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html)
-referring your own credential.
-You can also use access key and secret access key by `S3_ACCESS_KEY_ID` and `S3_SECRET_ACCESS_KEY`.
diff --git a/extensions/common/aws/aws-s3-test/build.gradle.kts b/extensions/common/aws/aws-s3-test/build.gradle.kts
deleted file mode 100644
index 73a89ab01c6..00000000000
--- a/extensions/common/aws/aws-s3-test/build.gradle.kts
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-plugins {
- `java-library`
- `java-test-fixtures`
- `maven-publish`
-}
-
-dependencies {
- testFixturesApi(project(":core:common:junit"))
- testFixturesImplementation(project(":extensions:common:aws:aws-s3-core"))
-
- testFixturesImplementation(libs.awaitility)
- testFixturesImplementation(libs.assertj)
- testFixturesImplementation(libs.junit.jupiter.api)
- testFixturesRuntimeOnly(libs.junit.jupiter.engine)
- testFixturesApi(libs.aws.s3)
-}
-
-
diff --git a/extensions/common/aws/aws-s3-test/src/testFixtures/java/org/eclipse/edc/aws/s3/testfixtures/AbstractS3Test.java b/extensions/common/aws/aws-s3-test/src/testFixtures/java/org/eclipse/edc/aws/s3/testfixtures/AbstractS3Test.java
deleted file mode 100644
index 01981e85cd3..00000000000
--- a/extensions/common/aws/aws-s3-test/src/testFixtures/java/org/eclipse/edc/aws/s3/testfixtures/AbstractS3Test.java
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * Copyright (c) 2020 - 2022 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- * NTT DATA - added endpoint override
- *
- */
-
-package org.eclipse.edc.aws.s3.testfixtures;
-
-import okhttp3.Request;
-import org.eclipse.edc.aws.s3.AwsClientProvider;
-import org.eclipse.edc.aws.s3.AwsClientProviderConfiguration;
-import org.eclipse.edc.aws.s3.AwsClientProviderImpl;
-import org.jetbrains.annotations.NotNull;
-import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.BeforeEach;
-import software.amazon.awssdk.auth.credentials.AwsBasicCredentials;
-import software.amazon.awssdk.auth.credentials.AwsCredentials;
-import software.amazon.awssdk.auth.credentials.ProfileCredentialsProvider;
-import software.amazon.awssdk.core.async.AsyncRequestBody;
-import software.amazon.awssdk.regions.Region;
-import software.amazon.awssdk.services.s3.S3AsyncClient;
-import software.amazon.awssdk.services.s3.model.CreateBucketRequest;
-import software.amazon.awssdk.services.s3.model.DeleteBucketRequest;
-import software.amazon.awssdk.services.s3.model.DeleteObjectRequest;
-import software.amazon.awssdk.services.s3.model.HeadBucketRequest;
-import software.amazon.awssdk.services.s3.model.ListObjectsRequest;
-import software.amazon.awssdk.services.s3.model.NoSuchBucketException;
-import software.amazon.awssdk.services.s3.model.PutObjectRequest;
-import software.amazon.awssdk.services.s3.model.PutObjectResponse;
-
-import java.io.File;
-import java.io.IOException;
-import java.net.ConnectException;
-import java.net.URI;
-import java.time.Duration;
-import java.util.Objects;
-import java.util.UUID;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.CompletionException;
-import java.util.concurrent.TimeUnit;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.awaitility.Awaitility.await;
-import static org.eclipse.edc.junit.testfixtures.TestUtils.testHttpClient;
-import static org.eclipse.edc.util.configuration.ConfigurationFunctions.propOrEnv;
-import static org.junit.jupiter.api.Assertions.fail;
-
-/**
- * Base class for tests that need an S3 bucket created and deleted on every test run.
- */
-public abstract class AbstractS3Test {
-
- protected static final String REGION = propOrEnv("it.aws.region", Region.US_EAST_1.id());
- // Adding REGION to bucket prevents errors of
- // "A conflicting conditional operation is currently in progress against this resource."
- // when bucket is rapidly added/deleted and consistency propagation causes this error.
- // (Should not be necessary if REGION remains static, but added to prevent future frustration.)
- // [see http://stackoverflow.com/questions/13898057/aws-error-message-a-conflicting-conditional-operation-is-currently-in-progress]
- protected static final String MINIO_ENDPOINT = "http://localhost:9000";
- protected static final URI S3_ENDPOINT = URI.create(propOrEnv("it.aws.endpoint", MINIO_ENDPOINT));
- protected final UUID processId = UUID.randomUUID();
- protected String bucketName = createBucketName();
- protected S3AsyncClient s3AsyncClient;
- private final AwsClientProviderConfiguration configuration = AwsClientProviderConfiguration.Builder.newInstance()
- .credentialsProvider(this::getCredentials)
- .endpointOverride(S3_ENDPOINT)
- .build();
- protected AwsClientProvider clientProvider = new AwsClientProviderImpl(configuration);
-
- @BeforeAll
- static void prepareAll() {
- await().atLeast(Duration.ofSeconds(2))
- .atMost(Duration.ofSeconds(15))
- .with()
- .pollInterval(Duration.ofSeconds(2))
- .ignoreException(IOException.class) // thrown by pingMinio
- .ignoreException(ConnectException.class)
- .until(AbstractS3Test::isBackendAvailable);
- }
-
- private static boolean isBackendAvailable() throws IOException {
- if (isMinio()) {
- return isMinioAvailable();
- } else {
- return true;
- }
- }
-
- private static boolean isMinio() {
- return MINIO_ENDPOINT.equals(S3_ENDPOINT.toString());
- }
-
- /**
- * pings MinIO's health endpoint
- *
- * @return true if HTTP status [200..300[
- */
- private static boolean isMinioAvailable() throws IOException {
- var httpClient = testHttpClient();
- var healthRq = new Request.Builder().url(S3_ENDPOINT + "/minio/health/live").get().build();
- try (var response = httpClient.execute(healthRq)) {
- return response.isSuccessful();
- }
- }
-
- @BeforeEach
- public void setupClient() {
- s3AsyncClient = clientProvider.s3AsyncClient(REGION);
-
- createBucket(bucketName);
- }
-
- @AfterEach
- void cleanup() {
- deleteBucket(bucketName);
- }
-
- @NotNull
- protected String createBucketName() {
- return "test-bucket-" + processId + "-" + REGION;
- }
-
- protected void createBucket(String bucketName) {
- if (bucketExists(bucketName)) {
- fail("Bucket " + bucketName + " exists. Choose a different bucket name to continue test");
- }
-
- s3AsyncClient.createBucket(CreateBucketRequest.builder().bucket(bucketName).build()).join();
-
- if (!bucketExists(bucketName)) {
- fail("Setup incomplete, tests will fail");
- }
- }
-
- protected void deleteBucket(String bucketName) {
- try {
- if (s3AsyncClient == null) {
- return;
- }
-
- // Empty the bucket before deleting it, otherwise the AWS S3 API fails
- deleteBucketObjects(bucketName);
-
- s3AsyncClient.deleteBucket(DeleteBucketRequest.builder().bucket(bucketName).build()).join();
- } catch (Exception e) {
- System.err.println("Unable to delete bucket " + bucketName + e);
- }
-
- if (bucketExists(bucketName)) {
- fail("Incomplete teardown, subsequent tests might fail");
- }
- }
-
- protected CompletableFuture putTestFile(String key, File file, String bucketName) {
- return s3AsyncClient.putObject(PutObjectRequest.builder().bucket(bucketName).key(key).build(), file.toPath());
- }
-
- protected void putStringOnBucket(String bucketName, String key, String content) {
- var request = PutObjectRequest.builder().bucket(bucketName).key(key).build();
- var response = s3AsyncClient.putObject(request, AsyncRequestBody.fromString(content));
- assertThat(response).succeedsWithin(10, TimeUnit.SECONDS);
- }
-
- protected @NotNull AwsCredentials getCredentials() {
- var profile = propOrEnv("it.aws.profile", null);
- if (profile != null) {
- return ProfileCredentialsProvider.create(profile).resolveCredentials();
- }
-
- var accessKeyId = propOrEnv("S3_ACCESS_KEY_ID", null);
- Objects.requireNonNull(accessKeyId, "S3_ACCESS_KEY_ID cannot be null!");
- var secretKey = propOrEnv("S3_SECRET_ACCESS_KEY", null);
- Objects.requireNonNull(secretKey, "S3_SECRET_ACCESS_KEY cannot be null");
-
- return AwsBasicCredentials.create(accessKeyId, secretKey);
- }
-
- private void deleteBucketObjects(String bucketName) {
- var objectListing = s3AsyncClient.listObjects(ListObjectsRequest.builder().bucket(bucketName).build()).join();
-
- CompletableFuture.allOf(objectListing.contents().stream()
- .map(object -> s3AsyncClient.deleteObject(DeleteObjectRequest.builder().bucket(bucketName).key(object.key()).build()))
- .toArray(CompletableFuture[]::new)).join();
-
- for (var objectSummary : objectListing.contents()) {
- s3AsyncClient.deleteObject(DeleteObjectRequest.builder().bucket(bucketName).key(objectSummary.key()).build()).join();
- }
-
- if (objectListing.isTruncated()) {
- deleteBucketObjects(bucketName);
- }
- }
-
- private boolean bucketExists(String bucketName) {
- try {
- HeadBucketRequest request = HeadBucketRequest.builder().bucket(bucketName).build();
- return s3AsyncClient.headBucket(request).join()
- .sdkHttpResponse()
- .isSuccessful();
- } catch (CompletionException e) {
- if (e.getCause() instanceof NoSuchBucketException) {
- return false;
- } else {
- throw e;
- }
- }
- }
-
-}
diff --git a/extensions/common/aws/aws-s3-test/src/testFixtures/java/org/eclipse/edc/aws/s3/testfixtures/annotations/AwsS3IntegrationTest.java b/extensions/common/aws/aws-s3-test/src/testFixtures/java/org/eclipse/edc/aws/s3/testfixtures/annotations/AwsS3IntegrationTest.java
deleted file mode 100644
index 9a56e2532c0..00000000000
--- a/extensions/common/aws/aws-s3-test/src/testFixtures/java/org/eclipse/edc/aws/s3/testfixtures/annotations/AwsS3IntegrationTest.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Copyright (c) 2022 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-package org.eclipse.edc.aws.s3.testfixtures.annotations;
-
-import org.eclipse.edc.junit.annotations.IntegrationTest;
-import org.junit.jupiter.api.Tag;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- * Annotation for AWS S3 integration testing. It applies specific Junit Tag.
- */
-@Target({ ElementType.TYPE })
-@Retention(RetentionPolicy.RUNTIME)
-@IntegrationTest
-@Tag("AwsS3IntegrationTest")
-public @interface AwsS3IntegrationTest {
-}
diff --git a/extensions/common/vault/vault-aws/README.md b/extensions/common/vault/vault-aws/README.md
deleted file mode 100644
index 1d33084caec..00000000000
--- a/extensions/common/vault/vault-aws/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# AWS Secrets Manager Vault
-
-The vault-aws extension is an implementation of the Vault interface, which stores secrets in AWS Secrets Manager.
-Arbitrary key names are possible through the key sanitation feature.
-
-## Limitations
-- 50 TpS (Transactions per Second) for storing secrets and deleting secrets.
-- 10,000 TpS (Transactions per Second) for retrieving secrets.
-
-## Configuration
-
-### Credentials resolution
-The vault-aws extension uses the AWS SDK Secrets Manager client. Credentials for accessing Secrets Manager are resolved using the default credential provider chain.
-The default AWS credentials provider chain that looks for credentials in this order:
-
-1. Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY
-2. Java System Properties - aws.accessKeyId and aws.secretKey
-3. Web Identity Token credentials from the environment or container
-4. Credential profiles file at the default location (~/.aws/credentials) shared by all AWS SDKs and the AWS CLI
-5. Credentials delivered through the Amazon EC2 container service if AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set and security manager has permission to access the variable,
-6. Instance profile credentials delivered through the Amazon EC2 metadata service
-
-### Client retry behaviour
-The AWS SDK has retry behaviour built in. It can be controlled globally through the environment variables AWS_MAX_ATTEMPTS, AWS_RETRY_MODE.
-Please see [the SDK documentation](https://docs.aws.amazon.com/sdkref/latest/guide/feature-retry-behavior.html) for details.
-
-### Other configuration options
-
-| Parameter name | Description | Mandatory | Default value |
-|:----------------------------------------------------|:-----------------------------------|:----------|:---------------------------------------|
-| `edc.vault.aws.region` | AWS region for AWS Secrets Manager | true | |
-
-## Decisions
-- Use default credentials provider to be as flexible as possible in credentials resolution.
-- Secrets will not be overwritten if they exist to prevent potential leakage of credentials to third parties.
-- Keys strings are sanitized to comply with key requirements of AWS Secrets Manager. Sanitizing replaces all illegal characters with '-' and appends the hash code of the original key to minimize the risk of key collision after the transformation, because the replacement operation is a many-to-one function. A warning will be logged if the key contains illegal characters.
-
-## Change log
diff --git a/extensions/common/vault/vault-aws/build.gradle.kts b/extensions/common/vault/vault-aws/build.gradle.kts
deleted file mode 100644
index 475a4d6d312..00000000000
--- a/extensions/common/vault/vault-aws/build.gradle.kts
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Copyright (c) 2020, 2021, 2022 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - initial API and implementation
- *
- */
-
-plugins {
- `java-library`
-}
-
-dependencies {
- api(project(":spi:common:core-spi"))
- implementation(libs.aws.secretsmanager)
- implementation(project(":core:common:util"))
- testImplementation(libs.mockito.inline)
-}
diff --git a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVault.java b/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVault.java
deleted file mode 100644
index 3f60556b2ba..00000000000
--- a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVault.java
+++ /dev/null
@@ -1,108 +0,0 @@
-/*
- * Copyright (c) 2022 - 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - initial implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.result.Result;
-import org.eclipse.edc.spi.security.Vault;
-import org.jetbrains.annotations.Nullable;
-import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
-import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
-import software.amazon.awssdk.services.secretsmanager.model.DeleteSecretRequest;
-import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
-import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
-
-/**
- * Vault adapter for AWS Secrets Manager.
- */
-public class AwsSecretsManagerVault implements Vault {
-
- private final SecretsManagerClient smClient;
- private final Monitor monitor;
- private final AwsSecretsManagerVaultSanitationStrategy sanitizer;
-
- public AwsSecretsManagerVault(SecretsManagerClient smClient, Monitor monitor, AwsSecretsManagerVaultSanitationStrategy sanitizer) {
- this.smClient = smClient;
- this.monitor = monitor;
- this.sanitizer = sanitizer;
- }
-
- /**
- * Retrieves a secret. Any string can be used as a key. Keys that do not comply with AWS Secrets Managers requirements
- * will be transformed.
- *
- * @param key the key of the secret
- * @return the secret value or null if secret could not be found
- */
- @Override
- public @Nullable String resolveSecret(String key) {
- var sanitizedKey = sanitizer.sanitizeKey(key);
- var request = GetSecretValueRequest.builder().secretId(sanitizedKey).build();
- try {
- monitor.debug(String.format("Resolving secret '%s' from AWS Secrets manager", sanitizedKey));
- return smClient.getSecretValue(request).secretString();
- } catch (ResourceNotFoundException e) {
- monitor.debug(String.format("Couldn't resolve secret with key %s", sanitizedKey), e);
- } catch (RuntimeException serviceException) {
- monitor.severe(serviceException.getMessage(), serviceException);
- }
- return null;
- }
-
- /**
- * Creates a new secret. Does not overwrite secrets.
- *
- * @param key the secret key
- * @param value the serialized secret value
- * @return success or failure
- */
- @Override
- public Result storeSecret(String key, String value) {
- var sanitizedKey = sanitizer.sanitizeKey(key);
- var request = CreateSecretRequest.builder().name(sanitizedKey)
- .secretString(value).build();
- try {
- monitor.debug(String.format("Storing secret '%s' to AWS Secrets manager", sanitizedKey));
- smClient.createSecret(request);
- return Result.success();
- } catch (RuntimeException serviceException) {
- monitor.severe(serviceException.getMessage(), serviceException);
- return Result.failure(serviceException.getMessage());
- }
- }
-
- /**
- * Deletes a secret without the possibility of recovery.
- *
- * @param key the secret's key
- * @return success or failure
- */
- @Override
- public Result deleteSecret(String key) {
- var sanitizedKey = sanitizer.sanitizeKey(key);
- var request = DeleteSecretRequest.builder().secretId(sanitizedKey)
- .forceDeleteWithoutRecovery(true).build();
- try {
- monitor.debug(String.format("Deleting secret '%s' from AWS Secrets manager", sanitizedKey));
- smClient.deleteSecret(request);
- return Result.success();
- } catch (RuntimeException serviceException) {
- monitor.severe(serviceException.getMessage(), serviceException);
- return Result.failure(serviceException.getMessage());
- }
- }
-
-
-}
diff --git a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultDefaultSanitationStrategy.java b/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultDefaultSanitationStrategy.java
deleted file mode 100644
index 04e0c571aa8..00000000000
--- a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultDefaultSanitationStrategy.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Copyright (c) 2023 - 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - initial implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-import org.eclipse.edc.spi.monitor.Monitor;
-
-public class AwsSecretsManagerVaultDefaultSanitationStrategy implements AwsSecretsManagerVaultSanitationStrategy {
- private final Monitor monitor;
-
- public AwsSecretsManagerVaultDefaultSanitationStrategy(Monitor monitor) {
- this.monitor = monitor;
- }
-
- /**
- * Many-to-one mapping from all strings into set of strings that only contains valid AWS Secrets Manager key names.
- * The implementation replaces all illegal characters with '_' and attaches the hash code of the original string to
- * minimize the likelihood of key collisions.
- *
- * @param originalKey any key
- * @return Valid AWS Secrets Manager key
- */
- @Override
- public String sanitizeKey(String originalKey) {
- var key = originalKey;
- if (originalKey.length() > 500) {
- key = originalKey.substring(0, 500);
- }
- var sb = new StringBuilder();
- boolean replacedIllegalCharacters = false;
- for (int i = 0; i < key.length(); i++) {
- var c = key.charAt(i);
- if (!Character.isLetterOrDigit(c) && c != '/' && c != '_' && c != '+' && c != '.' && c != '@' && c != '-') {
- replacedIllegalCharacters = true;
- sb.append('-');
- } else {
- sb.append(c);
- }
- }
- var newKey = sb.append('_').append(originalKey.hashCode()).toString();
- if (replacedIllegalCharacters) {
- monitor.warning(String.format("AWS Secret Manager vault reduced length or replaced illegal characters " +
- "in original key name: %s. New name is %s", originalKey, newKey));
- }
- return newKey;
- }
-}
\ No newline at end of file
diff --git a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java b/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java
deleted file mode 100644
index 5939547f12c..00000000000
--- a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtension.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Copyright (c) 2023 - 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - initial implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-import org.eclipse.edc.runtime.metamodel.annotation.Extension;
-import org.eclipse.edc.runtime.metamodel.annotation.Provides;
-import org.eclipse.edc.runtime.metamodel.annotation.Setting;
-import org.eclipse.edc.spi.EdcException;
-import org.eclipse.edc.spi.security.CertificateResolver;
-import org.eclipse.edc.spi.security.PrivateKeyResolver;
-import org.eclipse.edc.spi.security.Vault;
-import org.eclipse.edc.spi.security.VaultCertificateResolver;
-import org.eclipse.edc.spi.security.VaultPrivateKeyResolver;
-import org.eclipse.edc.spi.system.ServiceExtension;
-import org.eclipse.edc.spi.system.ServiceExtensionContext;
-import software.amazon.awssdk.regions.Region;
-import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
-
-import static org.eclipse.edc.util.configuration.ConfigurationFunctions.propOrEnv;
-import static org.eclipse.edc.util.string.StringUtils.isNullOrEmpty;
-
-/**
- * This extension registers an implementation of the Vault interface for AWS Secrets Manager.
- * It also registers a VaultPrivateKeyResolver and VaultCertificateResolver, which store and retrieve certificates
- * using the AWS Secretes Manager Vault implementation.
- * The extension requires the "edc.vault.aws.region" parameter to be set to the AWS region in which secrets should be stored.
- */
-@Provides({ Vault.class, PrivateKeyResolver.class, CertificateResolver.class })
-@Extension(value = org.eclipse.edc.vault.aws.AwsSecretsManagerVaultExtension.NAME)
-public class AwsSecretsManagerVaultExtension implements ServiceExtension {
- public static final String NAME = "AWS Secrets Manager Vault";
-
- @Setting
- private static final String VAULT_AWS_REGION = "edc.vault.aws.region";
-
- @Override
- public String name() {
- return NAME;
- }
-
- @Override
- public void initialize(ServiceExtensionContext context) {
- var vaultRegion = getMandatorySetting(context, VAULT_AWS_REGION);
-
- var smClient = buildSmClient(vaultRegion);
- var vault = new AwsSecretsManagerVault(smClient, context.getMonitor(),
- new AwsSecretsManagerVaultDefaultSanitationStrategy(context.getMonitor()));
-
- context.registerService(Vault.class, vault);
- context.registerService(PrivateKeyResolver.class, new VaultPrivateKeyResolver(vault));
- context.registerService(CertificateResolver.class, new VaultCertificateResolver(vault));
- }
-
- private SecretsManagerClient buildSmClient(String vaultRegion) {
- var builder = SecretsManagerClient.builder()
- .region(Region.of(vaultRegion));
- return builder.build();
- }
-
- private String getMandatorySetting(ServiceExtensionContext context, String setting) {
- var value = context.getSetting(setting, null);
- if (isNullOrEmpty(value)) {
- value = propOrEnv(setting, null);
- if (isNullOrEmpty(value)) {
- throw new EdcException(String.format("'%s' must be supplied but was null", setting));
- }
- }
- return value;
- }
-
-}
diff --git a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultSanitationStrategy.java b/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultSanitationStrategy.java
deleted file mode 100644
index b85a58caf0b..00000000000
--- a/extensions/common/vault/vault-aws/src/main/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultSanitationStrategy.java
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright (c) 2023 - 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - initial implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-/**
- * Interface for key sanitation strategies.
- */
-public interface AwsSecretsManagerVaultSanitationStrategy {
-
- /**
- * Maps any string to a valid AWS Secrets Manager key.
- *
- * @param originalKey any key
- * @return Valid AWS Secrets Manager key
- */
- String sanitizeKey(String originalKey);
-}
diff --git a/extensions/common/vault/vault-aws/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/common/vault/vault-aws/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
deleted file mode 100644
index 66b5dfa4dcf..00000000000
--- a/extensions/common/vault/vault-aws/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
+++ /dev/null
@@ -1,15 +0,0 @@
-#
-# Copyright (c) 2023 Amazon Web Services
-#
-# This program and the accompanying materials are made available under the
-# terms of the Apache License, Version 2.0 which is available at
-# https://www.apache.org/licenses/LICENSE-2.0
-#
-# SPDX-License-Identifier: Apache-2.0
-#
-# Contributors:
-# Amazon Web Services - initial API and implementation
-#
-#
-
-org.eclipse.edc.vault.aws.AwsSecretsManagerVaultExtension
diff --git a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerDefaultKeySanitationStrategyTest.java b/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerDefaultKeySanitationStrategyTest.java
deleted file mode 100644
index 0130506b5b7..00000000000
--- a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerDefaultKeySanitationStrategyTest.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (c) 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - Initial Implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.junit.jupiter.api.Test;
-
-import java.util.List;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.Mockito.mock;
-
-
-class AwsSecretsManagerDefaultKeySanitationStrategyTest {
-
- private final Monitor monitor = mock(Monitor.class);
-
- private final AwsSecretsManagerVaultSanitationStrategy sanitizer =
- new AwsSecretsManagerVaultDefaultSanitationStrategy(monitor);
-
- @Test
- void resolveSecret_sanitizeKeyNameReplacesInvalidCharacters() {
- var key2 = "invalid#key";
-
- var sanitized = sanitizer.sanitizeKey(key2);
-
- assertThat(sanitized).isEqualTo("invalid-key" + "_" + key2.hashCode());
- }
-
- @Test
- void resolveSecret_sanitizeKeyNameDoesNotReplaceValidCharacters() {
- var sanitizer = new AwsSecretsManagerVaultDefaultSanitationStrategy(monitor);
- for (var validCharacter : List.of('_', '+', '-', '@', '/', '.')) {
- var validKey = "valid" + validCharacter + "key";
-
- assertThat(sanitizer.sanitizeKey(validKey)).isEqualTo(validKey + '_' + validKey.hashCode());
- }
- }
-
- @Test
- void resolveSecret_sanitizeKeyNameLimitsKeySize() {
- var key = "-".repeat(10000);
-
- var sanitized = sanitizer.sanitizeKey(key);
-
- assertThat(sanitized)
- .isEqualTo("-".repeat(500) + "_" + key.hashCode());
- assertThat(sanitized.length()).isEqualTo(512);
- }
-
- @Test
- void resolveSecret_sanitizeKeyNameLimitsKeySize2() {
- var key = "-".repeat(500);
-
- var sanitized = sanitizer.sanitizeKey(key);
-
- assertThat(sanitized)
- .isEqualTo("-".repeat(500) + "_" + key.hashCode());
- assertThat(sanitized.length()).isLessThanOrEqualTo(512);
- }
-
-}
\ No newline at end of file
diff --git a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java b/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java
deleted file mode 100644
index 437d2c0e4f8..00000000000
--- a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultExtensionTest.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Copyright (c) 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - Initial implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-import org.eclipse.edc.spi.EdcException;
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.system.ServiceExtensionContext;
-import org.junit.jupiter.api.Assertions;
-import org.junit.jupiter.api.Test;
-
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-class AwsSecretsManagerVaultExtensionTest {
-
- private final Monitor monitor = mock(Monitor.class);
- private final AwsSecretsManagerVaultExtension extension = new AwsSecretsManagerVaultExtension();
-
- @Test
- void configOptionRegionNotProvided_shouldThrowException() {
- ServiceExtensionContext invalidContext = mock(ServiceExtensionContext.class);
- when(invalidContext.getMonitor()).thenReturn(monitor);
-
- Assertions.assertThrows(EdcException.class, () -> extension.initialize(invalidContext));
- }
-
- @Test
- void configOptionRegionProvided_shouldNotThrowException() {
- ServiceExtensionContext validContext = mock(ServiceExtensionContext.class);
- when(validContext.getSetting("edc.vault.aws.region", null)).thenReturn("eu-west-1");
- when(validContext.getMonitor()).thenReturn(monitor);
-
- extension.initialize(validContext);
- }
-
-}
diff --git a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultTest.java b/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultTest.java
deleted file mode 100644
index 6905c212100..00000000000
--- a/extensions/common/vault/vault-aws/src/test/java/org/eclipse/edc/vault/aws/AwsSecretsManagerVaultTest.java
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Copyright (c) 2023 Amazon Web Services
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Amazon Web Services - Initial Implementation
- *
- */
-
-package org.eclipse.edc.vault.aws;
-
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.BeforeEach;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.TestInstance;
-import org.mockito.ArgumentMatchers;
-import software.amazon.awssdk.services.secretsmanager.SecretsManagerClient;
-import software.amazon.awssdk.services.secretsmanager.model.CreateSecretRequest;
-import software.amazon.awssdk.services.secretsmanager.model.DeleteSecretRequest;
-import software.amazon.awssdk.services.secretsmanager.model.GetSecretValueRequest;
-import software.amazon.awssdk.services.secretsmanager.model.ResourceNotFoundException;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.junit.jupiter.api.TestInstance.Lifecycle;
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.ArgumentMatchers.anyString;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.reset;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
-
-@TestInstance(Lifecycle.PER_CLASS)
-class AwsSecretsManagerVaultTest {
-
- private static final String KEY = "valid-key";
- private static final String SANITIZED_KEY = "valid-key-sanitized";
- private final Monitor monitor = mock(Monitor.class);
- private final SecretsManagerClient secretClient = mock(SecretsManagerClient.class);
- private final AwsSecretsManagerVaultSanitationStrategy sanitizer = mock(AwsSecretsManagerVaultSanitationStrategy.class);
- private final AwsSecretsManagerVault vault = new AwsSecretsManagerVault(secretClient, monitor,
- sanitizer);
-
- @BeforeAll
- void setup() {
- when(sanitizer.sanitizeKey(KEY)).thenReturn(SANITIZED_KEY);
- }
-
- @BeforeEach
- void resetMocks() {
- reset(monitor, secretClient);
- }
-
- @Test
- void storeSecret_shouldSanitizeKey() {
- var value = "value";
-
- vault.storeSecret(KEY, value);
-
- verify(secretClient).createSecret(CreateSecretRequest.builder().name(SANITIZED_KEY)
- .secretString(value).build());
- }
-
- @Test
- void storeSecret_shouldNotOverwriteSecrets() {
- var value = "value";
-
- vault.storeSecret(KEY, value);
-
- verify(secretClient).createSecret(CreateSecretRequest.builder().name(SANITIZED_KEY)
- .secretString(value).build());
- }
-
- @Test
- void resolveSecret_shouldSanitizeKey() {
- vault.resolveSecret(KEY);
-
- verify(secretClient).getSecretValue(GetSecretValueRequest.builder().secretId(SANITIZED_KEY)
- .build());
- }
-
- @Test
- void deleteSecret_shouldSanitizeKey() {
- vault.deleteSecret(KEY);
-
- verify(secretClient).deleteSecret(DeleteSecretRequest.builder().secretId(SANITIZED_KEY)
- .forceDeleteWithoutRecovery(true)
- .build());
- }
-
- @Test
- void resolveSecret_shouldNotLogSevereIfSecretNotFound() {
- when(secretClient.getSecretValue(GetSecretValueRequest.builder().secretId(SANITIZED_KEY)
- .build()))
- .thenThrow(ResourceNotFoundException.builder().build());
-
- var result = vault.resolveSecret(KEY);
-
- assertThat(result).isNull();
- verify(monitor, times(1))
- .debug(anyString());
-
- verify(monitor, times(1))
- .debug(anyString(), any());
- }
-
- @Test
- void resolveSecret_shouldReturnNullAndLogErrorOnGenericException() {
- when(secretClient.getSecretValue(GetSecretValueRequest.builder().secretId(SANITIZED_KEY)
- .build()))
- .thenThrow(new RuntimeException("test"));
-
- var result = vault.resolveSecret(KEY);
-
- assertThat(result).isNull();
- verify(monitor).debug(anyString());
- verify(monitor).severe(anyString(), ArgumentMatchers.isA(RuntimeException.class));
- }
-}
diff --git a/extensions/control-plane/provision/provision-aws-s3/build.gradle.kts b/extensions/control-plane/provision/provision-aws-s3/build.gradle.kts
deleted file mode 100644
index 73f67f90a28..00000000000
--- a/extensions/control-plane/provision/provision-aws-s3/build.gradle.kts
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-plugins {
- `java-library`
-}
-
-dependencies {
- api(project(":spi:control-plane:control-plane-spi"))
- api(project(":extensions:common:aws:aws-s3-core"))
-
- testImplementation(testFixtures(project(":extensions:common:aws:aws-s3-test")))
-}
-
-
diff --git a/extensions/control-plane/provision/provision-aws-s3/src/main/java/org/eclipse/edc/connector/provision/aws/s3/AwsProvisionExtension.java b/extensions/control-plane/provision/provision-aws-s3/src/main/java/org/eclipse/edc/connector/provision/aws/s3/AwsProvisionExtension.java
deleted file mode 100644
index 72ffc656621..00000000000
--- a/extensions/control-plane/provision/provision-aws-s3/src/main/java/org/eclipse/edc/connector/provision/aws/s3/AwsProvisionExtension.java
+++ /dev/null
@@ -1,100 +0,0 @@
-/*
- * Copyright (c) 2020, 2021 Microsoft Corporation
- *
- * This program and the accompanying materials are made available under the
- * terms of the Apache License, Version 2.0 which is available at
- * https://www.apache.org/licenses/LICENSE-2.0
- *
- * SPDX-License-Identifier: Apache-2.0
- *
- * Contributors:
- * Microsoft Corporation - initial API and implementation
- *
- */
-
-package org.eclipse.edc.connector.provision.aws.s3;
-
-import dev.failsafe.RetryPolicy;
-import org.eclipse.edc.aws.s3.AwsClientProvider;
-import org.eclipse.edc.aws.s3.AwsTemporarySecretToken;
-import org.eclipse.edc.aws.s3.S3BucketSchema;
-import org.eclipse.edc.connector.transfer.spi.provision.ProvisionManager;
-import org.eclipse.edc.connector.transfer.spi.provision.Provisioner;
-import org.eclipse.edc.connector.transfer.spi.provision.ResourceManifestGenerator;
-import org.eclipse.edc.connector.transfer.spi.status.StatusCheckerRegistry;
-import org.eclipse.edc.runtime.metamodel.annotation.Extension;
-import org.eclipse.edc.runtime.metamodel.annotation.Inject;
-import org.eclipse.edc.runtime.metamodel.annotation.Setting;
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.security.Vault;
-import org.eclipse.edc.spi.system.ServiceExtension;
-import org.eclipse.edc.spi.system.ServiceExtensionContext;
-import org.eclipse.edc.spi.types.TypeManager;
-
-/**
- * Provides data transfer {@link Provisioner}s backed by AWS services.
- */
-@Extension(value = AwsProvisionExtension.NAME)
-public class AwsProvisionExtension implements ServiceExtension {
-
- public static final String NAME = "AWS Provision";
- @Setting
- private static final String PROVISION_MAX_RETRY = "edc.aws.provision.retry.retries.max";
- @Setting
- private static final String PROVISION_MAX_ROLE_SESSION_DURATION = "edc.aws.provision.role.duration.session.max";
- @Inject
- private Vault vault;
- @Inject
- private Monitor monitor;
- @Inject
- private AwsClientProvider clientProvider;
-
- @Inject
- private TypeManager typeManager;
-
- @Override
- public String name() {
- return NAME;
- }
-
- @Override
- public void initialize(ServiceExtensionContext context) {
- monitor = context.getMonitor();
-
- var provisionManager = context.getService(ProvisionManager.class);
-
- var retryPolicy = (RetryPolicy