refactor: extract data-plane-iam module from data-plane-core (#4408)

* fix: extract data-plane-iam module from data-plane-core * pr remarks * Trigger build * Trigger build
eclipse-edc · Aug 20, 2024 · 3353b62 · 3353b62
1 parent 1b90092
commit 3353b62
Show file tree

Hide file tree

Showing 28 changed files with 183 additions and 101 deletions.
diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -306,19 +306,12 @@ maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearly
 maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clearlydefined
 maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857
-maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.3, EPL-2.0, approved, #9714
 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.11.0, EPL-2.0, approved, #15935
-maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.3, EPL-2.0, approved, #9711
 maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.11.0, EPL-2.0, approved, #15939
-maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.3, EPL-2.0, approved, #15250
 maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.11.0, EPL-2.0, approved, #15940
-maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.3, EPL-2.0, approved, #9715
 maven/mavencentral/org.junit.platform/junit-platform-commons/1.11.0, EPL-2.0, approved, #15936
-maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.3, EPL-2.0, approved, #9709
 maven/mavencentral/org.junit.platform/junit-platform-engine/1.11.0, EPL-2.0, approved, #15932
-maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.3, EPL-2.0, approved, #15216
 maven/mavencentral/org.junit.platform/junit-platform-launcher/1.11.0, EPL-2.0, approved, #15934
-maven/mavencentral/org.junit/junit-bom/5.10.3, EPL-2.0, approved, #9844
 maven/mavencentral/org.junit/junit-bom/5.11.0, , restricted, clearlydefined
 maven/mavencentral/org.junit/junit-bom/5.9.2, EPL-2.0, approved, #4711
 maven/mavencentral/org.jvnet.mimepull/mimepull/1.9.15, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ21484

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -20,36 +20,22 @@ plugins {
 val javaVersion: String by project
 val edcScmUrl: String by project
 val edcScmConnection: String by project
-val annotationProcessorVersion: String by project
 
 buildscript {
     dependencies {
-        val edcGradlePluginsVersion: String by project
-        classpath("org.eclipse.edc.edc-build:org.eclipse.edc.edc-build.gradle.plugin:${edcGradlePluginsVersion}")
+        val version: String by project
+        classpath("org.eclipse.edc.edc-build:org.eclipse.edc.edc-build.gradle.plugin:$version")
     }
 }
 
 allprojects {
     apply(plugin = "${group}.edc-build")
 
-    // configure which version of the annotation processor to use. defaults to the same version as the plugin
-    configure<org.eclipse.edc.plugins.autodoc.AutodocExtension> {
-        processorVersion.set(annotationProcessorVersion)
-        outputDirectory.set(project.layout.buildDirectory.asFile)
-    }
-
     configure<org.eclipse.edc.plugins.edcbuild.extensions.BuildExtension> {
         pom {
             scmUrl.set(edcScmUrl)
             scmConnection.set(edcScmConnection)
         }
-        swagger {
-            title.set((project.findProperty("apiTitle") ?: "EDC REST API") as String)
-            description =
-                (project.findProperty("apiDescription") ?: "EDC REST APIs - merged by OpenApiMerger") as String
-            outputFilename.set(project.name)
-            outputDirectory.set(file("${rootProject.projectDir.path}/resources/openapi/yaml"))
-        }
     }
 
     configure<CheckstyleExtension> {

diff --git a/core/common/junit/build.gradle.kts b/core/common/junit/build.gradle.kts
@@ -35,7 +35,6 @@ dependencies {
 
     runtimeOnly(libs.junit.jupiter.engine)
 
-    implementation(libs.junit.pioneer)
     implementation(libs.testcontainers.junit)
     testImplementation(project(":core:common:connector-core"))
 

diff --git a/core/data-plane/data-plane-core/build.gradle.kts b/core/data-plane/data-plane-core/build.gradle.kts
@@ -24,11 +24,8 @@ dependencies {
 
     implementation(project(":spi:common:token-spi"))
     implementation(project(":core:common:lib:store-lib"))
-    implementation(project(":core:common:token-core")) // for the JwtGenerationService
-    implementation(project(":core:common:boot"))
     implementation(project(":core:common:lib:util-lib"))
     implementation(project(":core:data-plane:data-plane-util"))
-    implementation(project(":extensions:common:http"))
     implementation(project(":core:common:lib:state-machine-lib"))
 
     implementation(libs.opentelemetry.instrumentation.annotations)

diff --git a/...java/org/eclipse/edc/connector/dataplane/framework/DataPlaneDefaultServicesExtension.java b/...java/org/eclipse/edc/connector/dataplane/framework/DataPlaneDefaultServicesExtension.java
@@ -18,6 +18,8 @@
 import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceSelectionStrategy;
 import org.eclipse.edc.connector.dataplane.framework.store.InMemoryAccessTokenDataStore;
 import org.eclipse.edc.connector.dataplane.framework.store.InMemoryDataPlaneStore;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
+import org.eclipse.edc.connector.dataplane.spi.iam.NoOpDataPlaneAuthorizationService;
 import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
 import org.eclipse.edc.connector.dataplane.spi.store.AccessTokenDataStore;
@@ -70,4 +72,10 @@ public PipelineService pipelineService(ServiceExtensionContext context) {
     public PublicEndpointGeneratorService publicEndpointGenerator() {
         return new PublicEndpointGeneratorServiceImpl();
     }
+
+    @Provider(isDefault = true)
+    public DataPlaneAuthorizationService dataPlaneAuthorizationService(ServiceExtensionContext context) {
+        context.getMonitor().info("No proper DataPlaneAuthorizationService provided. The data-plane won't support PULL transfer types.");
+        return new NoOpDataPlaneAuthorizationService();
+    }
 }
diff --git a/.../main/java/org/eclipse/edc/connector/dataplane/framework/DataPlaneFrameworkExtension.java b/.../main/java/org/eclipse/edc/connector/dataplane/framework/DataPlaneFrameworkExtension.java
@@ -15,14 +15,10 @@
 package org.eclipse.edc.connector.dataplane.framework;
 
 import org.eclipse.edc.connector.controlplane.api.client.spi.transferprocess.TransferProcessApiClient;
-import org.eclipse.edc.connector.dataplane.framework.iam.DataPlaneAuthorizationServiceImpl;
 import org.eclipse.edc.connector.dataplane.framework.manager.DataPlaneManagerImpl;
 import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceRegistryImpl;
 import org.eclipse.edc.connector.dataplane.framework.registry.TransferServiceSelectionStrategy;
-import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
-import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
-import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
 import org.eclipse.edc.connector.dataplane.spi.manager.DataPlaneManager;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.DataTransferExecutorServiceContainer;
 import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService;
@@ -110,12 +106,6 @@ public class DataPlaneFrameworkExtension implements ServiceExtension {
     @Inject
     private PipelineService pipelineService;
     @Inject
-    private DataPlaneAccessTokenService accessTokenService;
-    @Inject
-    private DataPlaneAccessControlService accessControlService;
-    @Inject
-    private PublicEndpointGeneratorService endpointGenerator;
-
     private DataPlaneAuthorizationService authorizationService;
 
     @Override
@@ -144,7 +134,6 @@ public void initialize(ServiceExtensionContext context) {
                 .transferServiceRegistry(transferServiceRegistry)
                 .store(store)
                 .transferProcessClient(transferProcessApiClient)
-                .authorizationService(authorizationService(context))
                 .monitor(monitor)
                 .telemetry(telemetry)
                 .build();
@@ -172,14 +161,6 @@ public DataTransferExecutorServiceContainer dataTransferExecutorServiceContainer
                 executorInstrumentation.instrument(executorService, "Data plane transfers"));
     }
 
-    @Provider
-    public DataPlaneAuthorizationService authorizationService(ServiceExtensionContext context) {
-        if (authorizationService == null) {
-            authorizationService = new DataPlaneAuthorizationServiceImpl(accessTokenService, endpointGenerator, accessControlService, context.getParticipantId(), clock);
-        }
-        return authorizationService;
-    }
-
     @NotNull
     private EntityRetryProcessConfiguration getEntityRetryProcessConfiguration(ServiceExtensionContext context) {
         var retryLimit = context.getSetting(DATAPLANE_SEND_RETRY_LIMIT, DEFAULT_SEND_RETRY_LIMIT);

diff --git a/...ane-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/...ane-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
@@ -1,3 +1,2 @@
 org.eclipse.edc.connector.dataplane.framework.DataPlaneFrameworkExtension
 org.eclipse.edc.connector.dataplane.framework.DataPlaneDefaultServicesExtension
-org.eclipse.edc.connector.dataplane.framework.DataPlaneDefaultIamServicesExtension
diff --git a/...sql/configuration/DataSourceNameTest.java → ...sql/configuration/DataSourceNameTest.java b/...sql/configuration/DataSourceNameTest.java → ...sql/configuration/DataSourceNameTest.java
diff --git a/extensions/control-plane/api/control-plane-api-client/build.gradle.kts b/extensions/control-plane/api/control-plane-api-client/build.gradle.kts
@@ -31,6 +31,7 @@ dependencies {
     testImplementation(project(":extensions:control-plane:api:control-plane-api"))
     testImplementation(project(":extensions:common:api:control-api-configuration"))
     testImplementation(project(":extensions:common:auth:auth-tokenbased"))
+    testImplementation(project(":extensions:common:http"))
     testImplementation(project(":extensions:common:json-ld"))
     testImplementation(project(":extensions:data-plane:data-plane-signaling:data-plane-signaling-client"))
     testImplementation(testFixtures(project(":core:common:lib:http-lib")))

diff --git a/...tor/controlplane/api/client/transferprocess/TransferProcessHttpClientIntegrationTest.java b/...tor/controlplane/api/client/transferprocess/TransferProcessHttpClientIntegrationTest.java
@@ -82,9 +82,7 @@ void setUp(RuntimeExtension extension) {
                 "web.http.control.port", String.valueOf(port),
                 "web.http.control.path", "/control",
                 "edc.core.retry.retries.max", "0",
-                "edc.dataplane.send.retry.limit", "0",
-                "edc.transfer.proxy.token.verifier.publickey.alias", "alias",
-                "edc.transfer.proxy.token.signer.privatekey.alias", "alias"
+                "edc.dataplane.send.retry.limit", "0"
         ));
 
         extension.registerSystemExtension(ServiceExtension.class, new TransferServiceMockExtension(service));

diff --git a/...tp/src/test/java/org/eclipse/edc/connector/dataplane/http/DataPlaneHttpExtensionTest.java b/...tp/src/test/java/org/eclipse/edc/connector/dataplane/http/DataPlaneHttpExtensionTest.java
@@ -30,7 +30,6 @@
 import org.mockserver.integration.ClientAndServer;
 import org.mockserver.model.HttpResponse;
 
-import java.util.Map;
 import java.util.UUID;
 
 import static java.util.Collections.emptyMap;
@@ -52,10 +51,6 @@ public class DataPlaneHttpExtensionTest {
 
     @RegisterExtension
     private static final RuntimeExtension RUNTIME = new RuntimePerClassExtension()
-            .setConfiguration(Map.of(
-                    "edc.transfer.proxy.token.verifier.publickey.alias", "alias",
-                    "edc.transfer.proxy.token.signer.privatekey.alias", "alias"
-            ))
             .registerServiceMock(TransferProcessApiClient.class, mock());
 
     @BeforeAll

diff --git a/extensions/data-plane/data-plane-iam/build.gradle.kts b/extensions/data-plane/data-plane-iam/build.gradle.kts
@@ -0,0 +1,30 @@
+/*
+ *  Copyright (c) 2022 Contributors to the Eclipse Foundation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Contributors to the Eclipse Foundation - initial API and implementation
+ *
+ */
+
+plugins {
+    `java-library`
+}
+
+dependencies {
+    api(project(":spi:common:jwt-spi"))
+    api(project(":spi:common:jwt-signer-spi"))
+    api(project(":spi:common:token-spi"))
+    api(project(":spi:data-plane:data-plane-spi"))
+
+    implementation(project(":core:common:token-core"))
+
+    testImplementation(project(":core:common:junit"))
+}
+
+
diff --git a/...DataPlaneDefaultIamServicesExtension.java → ...DataPlaneIamDefaultServicesExtension.java b/...DataPlaneDefaultIamServicesExtension.java → ...DataPlaneIamDefaultServicesExtension.java
@@ -12,15 +12,14 @@
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework;
+package org.eclipse.edc.connector.dataplane.iam;
 
-import org.eclipse.edc.connector.dataplane.framework.iam.DefaultDataPlaneAccessTokenServiceImpl;
+import org.eclipse.edc.connector.dataplane.iam.service.DefaultDataPlaneAccessTokenServiceImpl;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
 import org.eclipse.edc.connector.dataplane.spi.store.AccessTokenDataStore;
 import org.eclipse.edc.jwt.signer.spi.JwsSignerProvider;
 import org.eclipse.edc.keys.spi.LocalPublicKeyService;
-import org.eclipse.edc.keys.spi.PrivateKeyResolver;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Provider;
@@ -31,13 +30,10 @@
 import org.eclipse.edc.token.JwtGenerationService;
 import org.eclipse.edc.token.spi.TokenValidationService;
 
-import java.util.function.Supplier;
+@Extension(value = DataPlaneIamDefaultServicesExtension.NAME)
+public class DataPlaneIamDefaultServicesExtension implements ServiceExtension {
 
-
-@Extension(value = DataPlaneDefaultIamServicesExtension.NAME)
-public class DataPlaneDefaultIamServicesExtension implements ServiceExtension {
-
-    public static final String NAME = "Data Plane Framework Default IAM Services";
+    public static final String NAME = "Data Plane Default IAM Services";
 
     @Setting(value = "Alias of private key used for signing tokens, retrieved from private key resolver")
     public static final String TOKEN_SIGNER_PRIVATE_KEY_ALIAS = "edc.transfer.proxy.token.signer.privatekey.alias";
@@ -49,8 +45,6 @@ public class DataPlaneDefaultIamServicesExtension implements ServiceExtension {
     @Inject
     private TokenValidationService tokenValidationService;
     @Inject
-    private PrivateKeyResolver privateKeyResolver;
-    @Inject
     private LocalPublicKeyService localPublicKeyService;
     @Inject
     private JwsSignerProvider jwsSignerProvider;
@@ -72,12 +66,10 @@ public DataPlaneAccessTokenService defaultAccessTokenService(ServiceExtensionCon
         var tokenSignerPrivateKeyAlias = context.getConfig().getString(TOKEN_SIGNER_PRIVATE_KEY_ALIAS);
         var monitor = context.getMonitor().withPrefix("DataPlane IAM");
         return new DefaultDataPlaneAccessTokenServiceImpl(new JwtGenerationService(jwsSignerProvider),
-                accessTokenDataStore, monitor, () -> tokenSignerPrivateKeyAlias,
-                publicKeyIdSupplier(tokenVerifierPublicKeyAlias), tokenValidationService, localPublicKeyService);
-    }
-
-    private Supplier<String> publicKeyIdSupplier(String tokenVerifierPublicKeyAlias) {
-        return () -> tokenVerifierPublicKeyAlias;
+                accessTokenDataStore, monitor,
+                () -> tokenSignerPrivateKeyAlias,
+                () -> tokenVerifierPublicKeyAlias,
+                tokenValidationService, localPublicKeyService);
     }
 
 }
diff --git a/...lane-iam/src/main/java/org/eclipse/edc/connector/dataplane/iam/DataPlaneIamExtension.java b/...lane-iam/src/main/java/org/eclipse/edc/connector/dataplane/iam/DataPlaneIamExtension.java
@@ -0,0 +1,54 @@
+/*
+ *  Copyright (c) 2024 Contributors to the Eclipse Foundation
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Contributors to the Eclipse Foundation - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.connector.dataplane.iam;
+
+import org.eclipse.edc.connector.dataplane.iam.service.DataPlaneAuthorizationServiceImpl;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
+import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAuthorizationService;
+import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService;
+import org.eclipse.edc.runtime.metamodel.annotation.Extension;
+import org.eclipse.edc.runtime.metamodel.annotation.Inject;
+import org.eclipse.edc.runtime.metamodel.annotation.Provider;
+import org.eclipse.edc.spi.system.ServiceExtension;
+import org.eclipse.edc.spi.system.ServiceExtensionContext;
+
+import java.time.Clock;
+
+@Extension(value = DataPlaneIamExtension.NAME)
+public class DataPlaneIamExtension implements ServiceExtension {
+
+    public static final String NAME = "Data Plane IAM";
+
+    @Inject
+    private Clock clock;
+    @Inject
+    private DataPlaneAccessTokenService accessTokenService;
+    @Inject
+    private DataPlaneAccessControlService accessControlService;
+    @Inject
+    private PublicEndpointGeneratorService endpointGenerator;
+
+    @Override
+    public String name() {
+        return NAME;
+    }
+
+    @Provider
+    public DataPlaneAuthorizationService authorizationService(ServiceExtensionContext context) {
+        return new DataPlaneAuthorizationServiceImpl(accessTokenService, endpointGenerator, accessControlService, context.getParticipantId(), clock);
+    }
+
+}
diff --git a/...am/DataPlaneAuthorizationServiceImpl.java → ...ce/DataPlaneAuthorizationServiceImpl.java b/...am/DataPlaneAuthorizationServiceImpl.java → ...ce/DataPlaneAuthorizationServiceImpl.java
@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework.iam;
+package org.eclipse.edc.connector.dataplane.iam.service;
 
 import org.eclipse.edc.connector.dataplane.spi.Endpoint;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessControlService;

diff --git a/...faultDataPlaneAccessTokenServiceImpl.java → ...faultDataPlaneAccessTokenServiceImpl.java b/...faultDataPlaneAccessTokenServiceImpl.java → ...faultDataPlaneAccessTokenServiceImpl.java
@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework.iam;
+package org.eclipse.edc.connector.dataplane.iam.service;
 
 import org.eclipse.edc.connector.dataplane.spi.AccessTokenData;
 import org.eclipse.edc.connector.dataplane.spi.iam.DataPlaneAccessTokenService;
@@ -123,16 +123,15 @@ public Result<TokenRepresentation> obtainToken(TokenParameters parameters, DataA
 
     @Override
     public Result<AccessTokenData> resolve(String token) {
-        var validationResult = tokenValidationService.validate(token, publicKeyResolver, DATAPLANE_ACCESS_TOKEN_RULES);
-        if (validationResult.failed()) {
-            return validationResult.mapTo();
-        }
-        var tokenId = validationResult.getContent().getStringClaim(TOKEN_ID);
-        var existingAccessToken = accessTokenDataStore.getById(tokenId);
-
-        return existingAccessToken == null ?
-                Result.failure("AccessTokenData with ID '%s' does not exist.".formatted(tokenId)) :
-                Result.success(existingAccessToken);
+        return tokenValidationService.validate(token, publicKeyResolver, DATAPLANE_ACCESS_TOKEN_RULES)
+                .map(claimToken -> claimToken.getStringClaim(TOKEN_ID))
+                .compose(tokenId -> {
+                    var existingAccessToken = accessTokenDataStore.getById(tokenId);
+
+                    return existingAccessToken == null ?
+                            Result.failure("AccessTokenData with ID '%s' does not exist.".formatted(tokenId)) :
+                            Result.success(existingAccessToken);
+                });
     }
 
     @Override

diff --git a/...plane/framework/iam/TokenIdDecorator.java → ...taplane/iam/service/TokenIdDecorator.java b/...plane/framework/iam/TokenIdDecorator.java → ...taplane/iam/service/TokenIdDecorator.java
@@ -12,12 +12,12 @@
  *
  */
 
-package org.eclipse.edc.connector.dataplane.framework.iam;
+package org.eclipse.edc.connector.dataplane.iam.service;
 
 import org.eclipse.edc.spi.iam.TokenParameters;
 import org.eclipse.edc.token.spi.TokenDecorator;
 
-import static org.eclipse.edc.connector.dataplane.framework.iam.DefaultDataPlaneAccessTokenServiceImpl.TOKEN_ID;
+import static org.eclipse.edc.connector.dataplane.iam.service.DefaultDataPlaneAccessTokenServiceImpl.TOKEN_ID;
 
 public class TokenIdDecorator implements TokenDecorator {
     private final String tokenId;