Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: extract data-plane-iam module from data-plane-core #4408

Merged
merged 4 commits into from
Aug 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions DEPENDENCIES
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
maven/mavencentral/com.apicatalog/carbon-did/0.3.0, Apache-2.0, approved, clearlydefined

Check warning on line 1 in DEPENDENCIES

View workflow job for this annotation

GitHub Actions / check / Dash-Verify-Licenses

Restricted Dependencies found

Some dependencies are marked 'restricted' - please review them
maven/mavencentral/com.apicatalog/copper-multibase/0.5.0, Apache-2.0, approved, #14501
maven/mavencentral/com.apicatalog/copper-multicodec/0.1.1, Apache-2.0, approved, #14500
maven/mavencentral/com.apicatalog/iron-ed25519-cryptosuite-2020/0.14.0, Apache-2.0, approved, #14503
Expand Down Expand Up @@ -306,19 +306,12 @@
maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.11.0, EPL-2.0, approved, #15935
maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711
maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.11.0, EPL-2.0, approved, #15939
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.3, EPL-2.0, approved, #15250
maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.11.0, EPL-2.0, approved, #15940
maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715
maven/mavencentral/org.junit.platform/junit-platform-commons/1.11.0, EPL-2.0, approved, #15936
maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709
maven/mavencentral/org.junit.platform/junit-platform-engine/1.11.0, EPL-2.0, approved, #15932
maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.3, EPL-2.0, approved, #15216
maven/mavencentral/org.junit.platform/junit-platform-launcher/1.11.0, EPL-2.0, approved, #15934
maven/mavencentral/org.junit/junit-bom/5.10.3, EPL-2.0, approved, #9844
maven/mavencentral/org.junit/junit-bom/5.11.0, , restricted, clearlydefined
maven/mavencentral/org.junit/junit-bom/5.9.2, EPL-2.0, approved, #4711
maven/mavencentral/org.jvnet.mimepull/mimepull/1.9.15, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ21484
Expand Down
18 changes: 2 additions & 16 deletions build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -20,36 +20,22 @@ plugins {
val javaVersion: String by project
val edcScmUrl: String by project
val edcScmConnection: String by project
val annotationProcessorVersion: String by project

buildscript {
dependencies {
val edcGradlePluginsVersion: String by project
classpath("org.eclipse.edc.edc-build:org.eclipse.edc.edc-build.gradle.plugin:${edcGradlePluginsVersion}")
val version: String by project
classpath("org.eclipse.edc.edc-build:org.eclipse.edc.edc-build.gradle.plugin:$version")
}
}

allprojects {
apply(plugin = "${group}.edc-build")

// configure which version of the annotation processor to use. defaults to the same version as the plugin
configure<org.eclipse.edc.plugins.autodoc.AutodocExtension> {
processorVersion.set(annotationProcessorVersion)
outputDirectory.set(project.layout.buildDirectory.asFile)
}

configure<org.eclipse.edc.plugins.edcbuild.extensions.BuildExtension> {
pom {
scmUrl.set(edcScmUrl)
scmConnection.set(edcScmConnection)
}
swagger {
title.set((project.findProperty("apiTitle") ?: "EDC REST API") as String)
description =
(project.findProperty("apiDescription") ?: "EDC REST APIs - merged by OpenApiMerger") as String
outputFilename.set(project.name)
outputDirectory.set(file("${rootProject.projectDir.path}/resources/openapi/yaml"))
}
}

configure<CheckstyleExtension> {
Expand Down
1 change: 0 additions & 1 deletion core/common/junit/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,6 @@ dependencies {

runtimeOnly(libs.junit.jupiter.engine)

implementation(libs.junit.pioneer)
implementation(libs.testcontainers.junit)
testImplementation(project(":core:common:connector-core"))

Expand Down
3 changes: 0 additions & 3 deletions core/data-plane/data-plane-core/build.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,8 @@ dependencies {

implementation(project(":spi:common:token-spi"))
implementation(project(":core:common:lib:store-lib"))
implementation(project(":core:common:token-core")) // for the JwtGenerationService
implementation(project(":core:common:boot"))
implementation(project(":core:common:lib:util-lib"))
implementation(project(":core:data-plane:data-plane-util"))
implementation(project(":extensions:common:http"))
implementation(project(":core:common:lib:state-machine-lib"))

implementation(libs.opentelemetry.instrumentation.annotations)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,8 @@
import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceSelectionStrategy;
import org.eclipse.edc.connector.dataplane.framework.store.InMemoryAccessTokenDataStore;
import org.eclipse.edc.connector.dataplane.framework.store.InMemoryDataPlaneStore;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
import org.eclipse.edc.connector.dataplane.spi.iam.NoOpDataPlaneAuthorizationService;
import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
import org.eclipse.edc.connector.dataplane.spi.store.AccessTokenDataStore;
Expand Down Expand Up @@ -70,4 +72,10 @@ public PipelineService pipelineService(ServiceExtensionContext context) {
public PublicEndpointGeneratorService publicEndpointGenerator() {
return new PublicEndpointGeneratorServiceImpl();
}

@Provider(isDefault = true)
public DataPlaneAuthorizationService dataPlaneAuthorizationService(ServiceExtensionContext context) {
context.getMonitor().info("No proper DataPlaneAuthorizationService provided. The data-plane won't support PULL transfer types.");
return new NoOpDataPlaneAuthorizationService();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,10 @@
package org.eclipse.edc.connector.dataplane.framework;

import org.eclipse.edc.connector.controlplane.api.client.spi.transferprocess.TransferProcessApiClient;
import org.eclipse.edc.connector.dataplane.framework.iam.DataPlaneAuthorizationServiceImpl;
import org.eclipse.edc.connector.dataplane.framework.manager.DataPlaneManagerImpl;
import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceRegistryImpl;
import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceSelectionStrategy;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
import org.eclipse.edc.connector.dataplane.spi.manager.DataPlaneManager;
import org.eclipse.edc.connector.dataplane.spi.pipeline.DataTransferExecutorServiceContainer;
import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
Expand Down Expand Up @@ -110,12 +106,6 @@ public class DataPlaneFrameworkExtension implements ServiceExtension {
@Inject
private PipelineService pipelineService;
@Inject
private DataPlaneAccessTokenService accessTokenService;
@Inject
private DataPlaneAccessControlService accessControlService;
@Inject
private PublicEndpointGeneratorService endpointGenerator;

private DataPlaneAuthorizationService authorizationService;

@Override
Expand Down Expand Up @@ -144,7 +134,6 @@ public void initialize(ServiceExtensionContext context) {
.transferServiceRegistry(transferServiceRegistry)
.store(store)
.transferProcessClient(transferProcessApiClient)
.authorizationService(authorizationService(context))
.monitor(monitor)
.telemetry(telemetry)
.build();
Expand Down Expand Up @@ -172,14 +161,6 @@ public DataTransferExecutorServiceContainer dataTransferExecutorServiceContainer
executorInstrumentation.instrument(executorService, "Data plane transfers"));
}

@Provider
public DataPlaneAuthorizationService authorizationService(ServiceExtensionContext context) {
if (authorizationService == null) {
authorizationService = new DataPlaneAuthorizationServiceImpl(accessTokenService, endpointGenerator, accessControlService, context.getParticipantId(), clock);
}
return authorizationService;
}

@NotNull
private EntityRetryProcessConfiguration getEntityRetryProcessConfiguration(ServiceExtensionContext context) {
var retryLimit = context.getSetting(DATAPLANE_SEND_RETRY_LIMIT, DEFAULT_SEND_RETRY_LIMIT);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
org.eclipse.edc.connector.dataplane.framework.DataPlaneFrameworkExtension
org.eclipse.edc.connector.dataplane.framework.DataPlaneDefaultServicesExtension
org.eclipse.edc.connector.dataplane.framework.DataPlaneDefaultIamServicesExtension
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ dependencies {
testImplementation(project(":extensions:control-plane:api:control-plane-api"))
testImplementation(project(":extensions:common:api:control-api-configuration"))
testImplementation(project(":extensions:common:auth:auth-tokenbased"))
testImplementation(project(":extensions:common:http"))
testImplementation(project(":extensions:common:json-ld"))
testImplementation(project(":extensions:data-plane:data-plane-signaling:data-plane-signaling-client"))
testImplementation(testFixtures(project(":core:common:lib:http-lib")))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -82,9 +82,7 @@ void setUp(RuntimeExtension extension) {
"web.http.control.port", String.valueOf(port),
"web.http.control.path", "/control",
"edc.core.retry.retries.max", "0",
"edc.dataplane.send.retry.limit", "0",
"edc.transfer.proxy.token.verifier.publickey.alias", "alias",
"edc.transfer.proxy.token.signer.privatekey.alias", "alias"
"edc.dataplane.send.retry.limit", "0"
));

extension.registerSystemExtension(ServiceExtension.class, new TransferServiceMockExtension(service));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@
import org.mockserver.integration.ClientAndServer;
import org.mockserver.model.HttpResponse;

import java.util.Map;
import java.util.UUID;

import static java.util.Collections.emptyMap;
Expand All @@ -52,10 +51,6 @@ public class DataPlaneHttpExtensionTest {

@RegisterExtension
private static final RuntimeExtension RUNTIME = new RuntimePerClassExtension()
.setConfiguration(Map.of(
"edc.transfer.proxy.token.verifier.publickey.alias", "alias",
"edc.transfer.proxy.token.signer.privatekey.alias", "alias"
))
.registerServiceMock(TransferProcessApiClient.class, mock());

@BeforeAll
Expand Down
30 changes: 30 additions & 0 deletions extensions/data-plane/data-plane-iam/build.gradle.kts
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
/*
* Copyright (c) 2022 Contributors to the Eclipse Foundation
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Contributors to the Eclipse Foundation - initial API and implementation
*
*/

plugins {
`java-library`
}

dependencies {
api(project(":spi:common:jwt-spi"))
api(project(":spi:common:jwt-signer-spi"))
api(project(":spi:common:token-spi"))
api(project(":spi:data-plane:data-plane-spi"))

implementation(project(":core:common:token-core"))

testImplementation(project(":core:common:junit"))
}


Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,14 @@
*
*/

package org.eclipse.edc.connector.dataplane.framework;
package org.eclipse.edc.connector.dataplane.iam;

import org.eclipse.edc.connector.dataplane.framework.iam.DefaultDataPlaneAccessTokenServiceImpl;
import org.eclipse.edc.connector.dataplane.iam.service.DefaultDataPlaneAccessTokenServiceImpl;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
import org.eclipse.edc.connector.dataplane.spi.store.AccessTokenDataStore;
import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
import org.eclipse.edc.keys.spi.LocalPublicKeyService;
import org.eclipse.edc.keys.spi.PrivateKeyResolver;
import org.eclipse.edc.runtime.metamodel.annotation.Extension;
import org.eclipse.edc.runtime.metamodel.annotation.Inject;
import org.eclipse.edc.runtime.metamodel.annotation.Provider;
Expand All @@ -31,13 +30,10 @@
import org.eclipse.edc.token.JwtGenerationService;
import org.eclipse.edc.token.spi.TokenValidationService;

import java.util.function.Supplier;
@Extension(value = DataPlaneIamDefaultServicesExtension.NAME)
public class DataPlaneIamDefaultServicesExtension implements ServiceExtension {


@Extension(value = DataPlaneDefaultIamServicesExtension.NAME)
public class DataPlaneDefaultIamServicesExtension implements ServiceExtension {

public static final String NAME = "Data Plane Framework Default IAM Services";
public static final String NAME = "Data Plane Default IAM Services";

@Setting(value = "Alias of private key used for signing tokens, retrieved from private key resolver")
public static final String TOKEN_SIGNER_PRIVATE_KEY_ALIAS = "edc.transfer.proxy.token.signer.privatekey.alias";
Expand All @@ -49,8 +45,6 @@ public class DataPlaneDefaultIamServicesExtension implements ServiceExtension {
@Inject
private TokenValidationService tokenValidationService;
@Inject
private PrivateKeyResolver privateKeyResolver;
@Inject
private LocalPublicKeyService localPublicKeyService;
@Inject
private JwsSignerProvider jwsSignerProvider;
Expand All @@ -72,12 +66,10 @@ public DataPlaneAccessTokenService defaultAccessTokenService(ServiceExtensionCon
var tokenSignerPrivateKeyAlias = context.getConfig().getString(TOKEN_SIGNER_PRIVATE_KEY_ALIAS);
var monitor = context.getMonitor().withPrefix("DataPlane IAM");
return new DefaultDataPlaneAccessTokenServiceImpl(new JwtGenerationService(jwsSignerProvider),
accessTokenDataStore, monitor, () -> tokenSignerPrivateKeyAlias,
publicKeyIdSupplier(tokenVerifierPublicKeyAlias), tokenValidationService, localPublicKeyService);
}

private Supplier<String> publicKeyIdSupplier(String tokenVerifierPublicKeyAlias) {
return () -> tokenVerifierPublicKeyAlias;
accessTokenDataStore, monitor,
() -> tokenSignerPrivateKeyAlias,
() -> tokenVerifierPublicKeyAlias,
tokenValidationService, localPublicKeyService);
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/*
* Copyright (c) 2024 Contributors to the Eclipse Foundation
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Contributors to the Eclipse Foundation - initial API and implementation
*
*/

package org.eclipse.edc.connector.dataplane.iam;

import org.eclipse.edc.connector.dataplane.iam.service.DataPlaneAuthorizationServiceImpl;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
import org.eclipse.edc.runtime.metamodel.annotation.Extension;
import org.eclipse.edc.runtime.metamodel.annotation.Inject;
import org.eclipse.edc.runtime.metamodel.annotation.Provider;
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;

import java.time.Clock;

@Extension(value = DataPlaneIamExtension.NAME)
public class DataPlaneIamExtension implements ServiceExtension {

public static final String NAME = "Data Plane IAM";

@Inject
private Clock clock;
@Inject
private DataPlaneAccessTokenService accessTokenService;
@Inject
private DataPlaneAccessControlService accessControlService;
@Inject
private PublicEndpointGeneratorService endpointGenerator;

@Override
public String name() {
return NAME;
}

@Provider
public DataPlaneAuthorizationService authorizationService(ServiceExtensionContext context) {
return new DataPlaneAuthorizationServiceImpl(accessTokenService, endpointGenerator, accessControlService, context.getParticipantId(), clock);
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.connector.dataplane.framework.iam;
package org.eclipse.edc.connector.dataplane.iam.service;

import org.eclipse.edc.connector.dataplane.spi.Endpoint;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
*
*/

package org.eclipse.edc.connector.dataplane.framework.iam;
package org.eclipse.edc.connector.dataplane.iam.service;

import org.eclipse.edc.connector.dataplane.spi.AccessTokenData;
import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
Expand Down Expand Up @@ -123,16 +123,15 @@ public Result<TokenRepresentation> obtainToken(TokenParameters parameters, DataA

@Override
public Result<AccessTokenData> resolve(String token) {
var validationResult = tokenValidationService.validate(token, publicKeyResolver, DATAPLANE_ACCESS_TOKEN_RULES);
if (validationResult.failed()) {
return validationResult.mapTo();
}
var tokenId = validationResult.getContent().getStringClaim(TOKEN_ID);
var existingAccessToken = accessTokenDataStore.getById(tokenId);

return existingAccessToken == null ?
Result.failure("AccessTokenData with ID '%s' does not exist.".formatted(tokenId)) :
Result.success(existingAccessToken);
return tokenValidationService.validate(token, publicKeyResolver, DATAPLANE_ACCESS_TOKEN_RULES)
.map(claimToken -> claimToken.getStringClaim(TOKEN_ID))
.compose(tokenId -> {
var existingAccessToken = accessTokenDataStore.getById(tokenId);

return existingAccessToken == null ?
Result.failure("AccessTokenData with ID '%s' does not exist.".formatted(tokenId)) :
Result.success(existingAccessToken);
});
}

@Override
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@
*
*/

package org.eclipse.edc.connector.dataplane.framework.iam;
package org.eclipse.edc.connector.dataplane.iam.service;

import org.eclipse.edc.spi.iam.TokenParameters;
import org.eclipse.edc.token.spi.TokenDecorator;

import static org.eclipse.edc.connector.dataplane.framework.iam.DefaultDataPlaneAccessTokenServiceImpl.TOKEN_ID;
import static org.eclipse.edc.connector.dataplane.iam.service.DefaultDataPlaneAccessTokenServiceImpl.TOKEN_ID;

public class TokenIdDecorator implements TokenDecorator {
private final String tokenId;
Expand Down
Loading
Loading