Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StsClientConfigurationExtension doesn't resolve secret from Vault #1457

Closed
hemantxpatel opened this issue Jul 24, 2024 · 1 comment · Fixed by #1501
Closed

StsClientConfigurationExtension doesn't resolve secret from Vault #1457

hemantxpatel opened this issue Jul 24, 2024 · 1 comment · Fixed by #1501
Assignees
@wolf4ood
Labels
bug Something isn't working

Comments

@hemantxpatel
Copy link

Describe the bug

A clear and concise description of what the bug is.
StsClientConfigurationExtension.java expects a clientId / clientSecretAlias but doesn't resolve the secret from Vault.

tractusx-edc/edc-extensions/dcp/tx-dcp-sts-dim/src/main/java/org/eclipse/tractusx/edc/iam/dcp/sts/StsClientConfigurationExtension.java

Lines 62 to 74 in b618350

var clientSecretAlias = context.getConfig().getString(CLIENT_SECRET_ALIAS, null);
var monitor = context.getMonitor().withPrefix("STS Client for DIM");
if (tokenUrl == null) {
missingMandatoryProperty(monitor, TOKEN_URL);
}
if (clientId == null) {
missingMandatoryProperty(monitor, CLIENT_ID);
}
if (clientSecretAlias == null) {
missingMandatoryProperty(monitor, CLIENT_SECRET_ALIAS);
}
return new StsRemoteClientConfiguration(tokenUrl, clientId, clientSecretAlias);

To Reproduce

Steps to reproduce the behavior:

  1. Use STS Remote Client in EDC and make a query catalog request.
  2. Oauth Request to STS fails with 401 due to invalid client id / secret.

Expected behavior

A clear and concise description of what you expected to happen.
It should resolve secrets from vault. Similar configuration exists in eclipse-edc/Connector repo which resolves the secret from Vault.

StsRemoteClientConfigurationExtension.java#L61-L64

var clientSecret = vault.resolveSecret(clientSecretAlias);
Objects.requireNonNull(clientSecret, format("Client secret could not be retrieved from the vault with alias %s", clientSecretAlias));

return new StsRemoteClientConfiguration(tokenUrl, clientId, clientSecret);

Screenshots/Error Messages

If applicable, add screenshots and/or error messages to help explain your problem.

Context Information

Add any other context or information about the problem here.

  • Used version: [e.g. Commit Hash]
  • OS: [e.g. Mac OS (M1), Windows, Linux]
  • Docker Version: [e.g. 20.10.12]
  • java --version:

Possible Implementation

You already know the root cause of the erroneous state and how to fix it? Feel free to share your thoughts.
@hemantxpatel hemantxpatel added bug Something isn't working triage all new issues awaiting classification labels Jul 24, 2024
@lgblaumeiser lgblaumeiser removed the triage all new issues awaiting classification label Aug 13, 2024
@wolf4ood
Copy link
Contributor

Linking the upstream issue that will also solve this once implemented and incorporated.

eclipse-edc/Connector#4412

@wolf4ood wolf4ood mentioned this issue Aug 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@wolf4ood wolf4ood

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: applies STS remote refactor of upstream EDC wolf4ood/tractusx-edc
3 participants
@wolf4ood @lgblaumeiser @hemantxpatel