From 861bee7b45654618dbe18e75bdb7fa69a688e4d8 Mon Sep 17 00:00:00 2001 From: Glaucio Jannotti <111659831+jannotti-glaucio@users.noreply.github.com> Date: Wed, 25 Sep 2024 04:43:01 -0300 Subject: [PATCH] Migrating to EDC 0.7.2 (#77) * feat: migrating to edc 0.7.3 * feat: migrating to edc 0.7.2 * feat: migrating to edc 0.7.2 * feat: migrating to edc 0.7.2 * feat: migrating to edc 0.7.2 * feat: migrating to edc 0.7.2 --- .gitignore | 1 + deployment/README.md | 12 +- .../edc-ionos-s3/templates/configmap.yaml | 18 +- deployment/helm/edc-ionos-s3/values.yaml | 23 ++- deployment/terraform/clean-state.sh | 30 ++++ .../public-addresses.sh | 4 +- deployment/terraform/ionos-s3-deploy/main.tf | 9 +- ...stroy-services.sh => undeploy-services.sh} | 1 + deployment/terraform/vault-deploy/main.tf | 2 +- .../terraform/vault-init/certs/private.pem | 5 + .../terraform/vault-init/certs/public.pem | 4 + deployment/terraform/vault-init/vault-init.sh | 7 +- deployment/terraform/vault-keys.json | 3 - extensions/build.gradle.kts | 11 +- extensions/core-ionos-s3/build.gradle.kts | 1 + .../s3/configuration/IonosToken.java | 2 +- .../s3/schema/IonosBucketSchema.java | 6 +- .../data-plane-ionos-s3/build.gradle.kts | 16 +- .../ionos/s3/IonosDataSinkFactory.java | 10 +- .../ionos/s3/IonosDataSourceFactory.java | 10 +- .../ionos/s3/util/FileTransferHelperTest.java | 1 - .../provision-ionos-s3/build.gradle.kts | 12 +- .../provision/s3/IonosProvisionExtension.java | 14 +- ...S3ConsumerResourceDefinitionGenerator.java | 20 ++- .../s3/bucket/IonosS3ProvisionedResource.java | 2 +- .../s3/bucket/IonosS3Provisioner.java | 17 +- .../s3/bucket/IonosS3ResourceDefinition.java | 3 +- extensions/vault-hashicorp/README.md | 16 -- extensions/vault-hashicorp/build.gradle.kts | 67 ------- .../hashicorp/CreateEntryRequestPayload.java | 63 ------- .../CreateEntryRequestPayloadOptions.java | 50 ------ .../hashicorp/CreateEntryResponsePayload.java | 50 ------ .../edc/vault/hashicorp/EntryMetadata.java | 82 --------- .../hashicorp/GetEntryResponsePayload.java | 51 ------ ...EntryResponsePayloadGetVaultEntryData.java | 63 ------- .../edc/vault/hashicorp/HashicorpVault.java | 56 ------ .../vault/hashicorp/HashicorpVaultClient.java | 164 ------------------ .../vault/hashicorp/HashicorpVaultConfig.java | 59 ------- .../hashicorp/HashicorpVaultExtension.java | 101 ----------- ...rg.eclipse.edc.spi.system.ServiceExtension | 13 -- gradle.properties | 21 ++- hashicorp/README.md | 19 ++ hashicorp/certs/private.pem | 5 + hashicorp/certs/public.pem | 4 + hashicorp/docker-compose.yml | 4 +- launchers/base/connector/build.gradle.kts | 47 +++-- .../dev/connector-consumer/build.gradle.kts | 7 +- .../resources/config.properties | 11 +- .../dev/connector-provider/build.gradle.kts | 2 + .../resources/config.properties | 9 +- .../connector-persistence/build.gradle.kts | 6 +- .../connector-persistence/docker-compose.yml | 2 - .../resources/config.properties | 11 +- launchers/prod/connector/build.gradle.kts | 4 +- launchers/prod/connector/docker-compose.yml | 2 - .../connector/resources/config.properties | 11 +- settings.gradle.kts | 6 +- 57 files changed, 248 insertions(+), 1002 deletions(-) create mode 100755 deployment/terraform/clean-state.sh rename deployment/terraform/{destroy-services.sh => undeploy-services.sh} (97%) create mode 100644 deployment/terraform/vault-init/certs/private.pem create mode 100644 deployment/terraform/vault-init/certs/public.pem delete mode 100644 deployment/terraform/vault-keys.json delete mode 100644 extensions/vault-hashicorp/README.md delete mode 100644 extensions/vault-hashicorp/build.gradle.kts delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayload.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayloadOptions.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryResponsePayload.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/EntryMetadata.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayload.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayloadGetVaultEntryData.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVault.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultClient.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultConfig.java delete mode 100644 extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java delete mode 100644 extensions/vault-hashicorp/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension create mode 100644 hashicorp/certs/private.pem create mode 100644 hashicorp/certs/public.pem diff --git a/.gitignore b/.gitignore index 53ded747..825ff2c4 100644 --- a/.gitignore +++ b/.gitignore @@ -51,6 +51,7 @@ launchers/demo-e2e/edc-config.properties *.hprof **/vault-keys.json +**/vault-tokens.json runtime_settings.properties generated_backend.tf diff --git a/deployment/README.md b/deployment/README.md index 2aaa79cf..5cac45f7 100644 --- a/deployment/README.md +++ b/deployment/README.md @@ -110,21 +110,19 @@ This will allocate a public IP address to the Connector. You can then access it All commands paths are relative to the current directory where this readme is located. -### 1. Install the EDC Ionos S3 services +### 1. Deploy the services -To install the services run the script ```deploy-services.sh``` in ```terraform``` directory. +To deploy the services run the script ```deploy-services.sh``` in ```terraform``` directory. ```sh cd terraform ./deploy-services.sh ``` +### 2. Undeploy the services -### 2. Vault keys -After the services are installed you will have ```vault-keys.json``` file containing the vault keys in ```terraform``` directory. - -### 3. Destroy the services +To undeploy the services run the script ```undeploy-services.sh``` in ```terraform``` directory. ```sh cd terraform -./destroy-services.sh +./undeploy-services.sh ``` diff --git a/deployment/helm/edc-ionos-s3/templates/configmap.yaml b/deployment/helm/edc-ionos-s3/templates/configmap.yaml index af030c9b..d518cf68 100644 --- a/deployment/helm/edc-ionos-s3/templates/configmap.yaml +++ b/deployment/helm/edc-ionos-s3/templates/configmap.yaml @@ -4,6 +4,7 @@ metadata: name: {{ include "edc-ionos-s3.fullname" . }}-config data: config.properties: | + edc.participant.id={{ .Values.edc.participant.id }} web.http.port={{ .Values.web.http.port }} web.http.path={{ .Values.web.http.path }} web.http.management.port={{ .Values.web.http.management.port }} @@ -14,20 +15,19 @@ data: web.http.public.path={{ .Values.web.http.public.path }} web.http.control.port={{ .Values.web.http.control.port }} web.http.control.path={{ .Values.web.http.control.path }} + edc.dsp.callback.address={{ .Values.edc.dsp.callback.address }} + edc.dataplane.token.validation.endpoint={{ .Values.edc.dataplane.token.validation.endpoint }} + edc.dataplane.api.public.baseurl={{ .Values.edc.dataplane.api.public.baseurl }} edc.api.auth.key={{ .Values.edc.api.auth.key }} - edc.participant.id={{ .Values.edc.participant.id }} + edc.transfer.proxy.token.signer.privatekey.alias={{ .Values.edc.vault.certificates.privateKey.alias }} + edc.transfer.proxy.token.verifier.publickey.alias={{ .Values.edc.vault.certificates.publicKey.alias }} + edc.vault.hashicorp.url={{ .Values.edc.vault.hashicorp.url }} + edc.vault.hashicorp.token={{ .Values.edc.vault.hashicorp.token }} + edc.vault.hashicorp.timeout.seconds={{ .Values.edc.vault.hashicorp.timeout.seconds }} edc.ionos.access.key={{ .Values.edc.ionos.accessKey }} edc.ionos.secret.key={{ .Values.edc.ionos.secretKey }} edc.ionos.endpoint={{ .Values.edc.ionos.endpoint }} edc.ionos.token={{ .Values.edc.ionos.token }} - edc.vault.hashicorp.url={{ .Values.edc.vault.hashicorp.url }} - edc.vault.hashicorp.token={{ .Values.edc.vault.hashicorp.token }} - edc.vault.hashicorp.timeout.seconds={{ .Values.edc.vault.hashicorp.timeout.seconds }} - edc.ids.id={{ .Values.edc.ids.id }} - edc.dsp.callback.address={{ .Values.edc.dsp.callback.address }}:{{ .Values.web.http.protocol.port }}{{ .Values.web.http.protocol.path }} - edc.receiver.http.endpoint={{ .Values.edc.receiver.http.endpoint }}/receiver/{{ .Values.edc.ids.id }}/callback - edc.public.key.alias={{ .Values.edc.public.key.alias }} - edc.dataplane.token.validation.endpoint={{ .Values.edc.dataplane.token.validation.endpoint }}:{{ .Values.web.http.control.port }}{{ .Values.web.http.control.path }}/token {{- if eq .Values.edc.persistenceType "PostgreSQLaaS" }} edc.datasource.asset.name=asset diff --git a/deployment/helm/edc-ionos-s3/values.yaml b/deployment/helm/edc-ionos-s3/values.yaml index 0de447f3..13e5b172 100644 --- a/deployment/helm/edc-ionos-s3/values.yaml +++ b/deployment/helm/edc-ionos-s3/values.yaml @@ -113,16 +113,16 @@ edc: auth: key: password vault: - clientid: company1 - tenantid: 1 - certificate: /resources/ + certificates: + publicKey: + alias: edc.connector.public.key + privateKey: + alias: edc.connector.private.key hashicorp: url: http://vault:8200 token: timeout: seconds: 30 - ids: - id: urn:connector:provider ionos: endpoint: s3-eu-central-1.ionoscloud.com accessKey: notnull @@ -130,17 +130,14 @@ edc: token: notnull dsp: callback: - address: http://localhost - receiver: - http: - endpoint: http://localhost:4000 - public: - key: - alias: alias + address: http://localhost:8281/protocol dataplane: + api: + public: + baseurl: http://localhost:8282/public token: validation: - endpoint: http://localhost + endpoint: http://localhost:8283/control/token persistenceType: PostgreSQLaaS # 'PostgreSQLaaS', 'PostgreSQL' or 'None' postgresql: # Only used if persistenceType is 'PostgreSQLaaS' or 'PostgreSQL' host: postgresql diff --git a/deployment/terraform/clean-state.sh b/deployment/terraform/clean-state.sh new file mode 100755 index 00000000..3f92a6e3 --- /dev/null +++ b/deployment/terraform/clean-state.sh @@ -0,0 +1,30 @@ +#!/bin/bash + +# remove terraform state +rm -rf ./configure-public-address/.terraform +rm -f ./configure-public-address/terraform.tfstate +rm -f ./configure-public-address/.terraform.lock.hcl +rm -f ./configure-public-address/terraform.tfstate.backup + +rm -rf ./ionos-s3-deploy/.terraform +rm -f ./ionos-s3-deploy/terraform.tfstate +rm -f ./ionos-s3-deploy/.terraform.lock.hcl +rm -f ./ionos-s3-deploy/terraform.tfstate.backup + +rm -rf ./vault-init/.terraform +rm -f ./vault-init/terraform.tfstate +rm -f ./vault-init/.terraform.lock.hcl +rm -f ./vault-init/terraform.tfstate.backup + +rm -rf ./vault-deploy/.terraform +rm -f ./vault-deploy/terraform.tfstate +rm -f ./vault-deploy/.terraform.lock.hcl +rm -f ./vault-deploy/terraform.tfstate.backup + +rm -rf ./ionos-postgresqlaas/.terraform +rm -f ./ionos-postgresqlaas/terraform.tfstate +rm -f ./ionos-postgresqlaas/.terraform.lock.hcl +rm -f ./ionos-postgresqlaas/terraform.tfstate.backup + +rm -f vault-init/vault-keys.json +rm -f vault-init/vault-tokens.json diff --git a/deployment/terraform/configure-public-address/public-addresses.sh b/deployment/terraform/configure-public-address/public-addresses.sh index d293ddc9..bbd41ecd 100755 --- a/deployment/terraform/configure-public-address/public-addresses.sh +++ b/deployment/terraform/configure-public-address/public-addresses.sh @@ -12,9 +12,9 @@ fi # Change public address in the config.properties in the configmap kubectl --kubeconfig=$TF_VAR_kubeconfig -n $TF_VAR_namespace get configmap edc-ionos-s3-config -o yaml | sed "s/edc.dsp.callback.address=.*/edc.dsp.callback.address=http:\/\/$CONNECTOR_ADDRESS:8281\/protocol/g" | kubectl --kubeconfig=$TF_VAR_kubeconfig apply -f - -kubectl --kubeconfig=$TF_VAR_kubeconfig -n $TF_VAR_namespace get configmap edc-ionos-s3-config -o yaml | sed "s/edc.receiver.http.endpoint=.*/edc.receiver.http.endpoint=http:\/\/$CONNECTOR_ADDRESS:4000\/receiver\/urn:connector:provider\/callback/g" | kubectl --kubeconfig=$TF_VAR_kubeconfig apply -f - - kubectl --kubeconfig=$TF_VAR_kubeconfig -n $TF_VAR_namespace get configmap edc-ionos-s3-config -o yaml | sed "s/edc.dataplane.token.validation.endpoint=.*/edc.dataplane.token.validation.endpoint=http:\/\/$CONNECTOR_ADDRESS:8283\/control\/token/g" | kubectl --kubeconfig=$TF_VAR_kubeconfig apply -f - +kubectl --kubeconfig=$TF_VAR_kubeconfig -n $TF_VAR_namespace get configmap edc-ionos-s3-config -o yaml | sed "s/edc.dataplane.api.public.baseurl=.*/edc.dataplane.api.public.baseurl=http:\/\/$CONNECTOR_ADDRESS:8282\/public/g" | kubectl --kubeconfig=$TF_VAR_kubeconfig apply -f - + # Restart the pods kubectl --kubeconfig=$TF_VAR_kubeconfig -n $TF_VAR_namespace delete pod -l app.kubernetes.io/name=edc-ionos-s3 \ No newline at end of file diff --git a/deployment/terraform/ionos-s3-deploy/main.tf b/deployment/terraform/ionos-s3-deploy/main.tf index f568798c..5e7ab833 100644 --- a/deployment/terraform/ionos-s3-deploy/main.tf +++ b/deployment/terraform/ionos-s3-deploy/main.tf @@ -66,7 +66,7 @@ variable "vaultname" { } locals { - root_token = fileexists("../vault-init/vault-keys.json") ? "${jsondecode(file("../vault-init/vault-keys.json")).root_token}" : "" + vault_token = fileexists("../vault-init/vault-tokens.json") ? "${jsondecode(file("../vault-init/vault-tokens.json")).auth.client_token}" : "" } resource "helm_release" "edc-ionos-s3" { @@ -80,7 +80,7 @@ resource "helm_release" "edc-ionos-s3" { set { name = "edc.vault.hashicorp.token" - value = "${jsondecode(file("../vault-init/vault-keys.json")).root_token}" + value = local.vault_token } values = [ @@ -92,11 +92,6 @@ resource "helm_release" "edc-ionos-s3" { value = "http://${var.vaultname}:8200" } - set { - name = "edc.vault.hashicorp.token" - value = local.root_token - } - set { name = "edc.ionos.endpoint" value = var.s3_endpoint diff --git a/deployment/terraform/destroy-services.sh b/deployment/terraform/undeploy-services.sh similarity index 97% rename from deployment/terraform/destroy-services.sh rename to deployment/terraform/undeploy-services.sh index b7ba48a2..98ca353f 100755 --- a/deployment/terraform/destroy-services.sh +++ b/deployment/terraform/undeploy-services.sh @@ -55,5 +55,6 @@ rm -f ./ionos-postgresqlaas/.terraform.lock.hcl rm -f ./ionos-postgresqlaas/terraform.tfstate.backup rm -f vault-init/vault-keys.json +rm -f vault-init/vault-tokens.json helm uninstall postgres -n $TF_VAR_namespace kubectl --kubeconfig $TF_VAR_kubeconfig delete namespace $TF_VAR_namespace diff --git a/deployment/terraform/vault-deploy/main.tf b/deployment/terraform/vault-deploy/main.tf index 6ad0bc64..28c7d1d8 100644 --- a/deployment/terraform/vault-deploy/main.tf +++ b/deployment/terraform/vault-deploy/main.tf @@ -32,7 +32,7 @@ resource "helm_release" "vault" { repository = "https://helm.releases.hashicorp.com" chart = "vault" - version = "v0.19.0" + version = "v0.28.1" namespace = var.namespace create_namespace = true diff --git a/deployment/terraform/vault-init/certs/private.pem b/deployment/terraform/vault-init/certs/private.pem new file mode 100644 index 00000000..81c28bac --- /dev/null +++ b/deployment/terraform/vault-init/certs/private.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIARDUGJgKy1yzxkueIJ1k3MPUWQ/tbQWQNqW6TjyHpdcoAoGCCqGSM49 +AwEHoUQDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5roYnkAXuqCYfNK3ex+hMWFuiX +GUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/deployment/terraform/vault-init/certs/public.pem b/deployment/terraform/vault-init/certs/public.pem new file mode 100644 index 00000000..977a1957 --- /dev/null +++ b/deployment/terraform/vault-init/certs/public.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5r +oYnkAXuqCYfNK3ex+hMWFuiXGUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/deployment/terraform/vault-init/vault-init.sh b/deployment/terraform/vault-init/vault-init.sh index 73a7d0ec..4b87ca58 100755 --- a/deployment/terraform/vault-init/vault-init.sh +++ b/deployment/terraform/vault-init/vault-init.sh @@ -30,14 +30,19 @@ kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR # Login to Vault kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault login $(jq -r ".root_token" vault-keys.json) - if [[ "$INITIALIZED" == "false" ]]; then # Enable KV secrets engine kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault secrets enable -version=2 -path=secret kv fi +## Create connector token +kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault token create -policy=root -renewable=true -ttl=300s -format=json > vault-tokens.json + # Add secrets to Vault kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault kv put secret/edc.ionos.access.key content=$TF_VAR_s3_access_key kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault kv put secret/edc.ionos.secret.key content=$TF_VAR_s3_secret_key kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault kv put secret/edc.ionos.endpoint content=$TF_VAR_s3_endpoint kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault kv put secret/edc.ionos.token content=$TF_VAR_ionos_token + +kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault kv put secret/edc.connector.private.key content="$(cat ./certs/private.pem)" +kubectl --kubeconfig=$TF_VAR_kubeconfig exec --namespace $NAMESPACE -it "$TF_VAR_vaultname-0" -- vault kv put secret/edc.connector.public.key content="$(cat ./certs/public.pem)" diff --git a/deployment/terraform/vault-keys.json b/deployment/terraform/vault-keys.json deleted file mode 100644 index 7727a188..00000000 --- a/deployment/terraform/vault-keys.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "root_token": "" -} diff --git a/extensions/build.gradle.kts b/extensions/build.gradle.kts index f0bdea98..93af45b3 100644 --- a/extensions/build.gradle.kts +++ b/extensions/build.gradle.kts @@ -3,12 +3,6 @@ plugins { `maven-publish` } -repositories { - mavenLocal() - mavenCentral() - -} - configure { publications { withType(MavenPublication::class.java) { @@ -21,6 +15,11 @@ configure { } } developers { + developer { + id.set("jannotti-glaucio") + name.set("Glaucio Jannotti") + email.set("glaucio.jannotti@ionos.com") + } developer { id.set("paulolory-ionos") name.set("Paulo Lory") diff --git a/extensions/core-ionos-s3/build.gradle.kts b/extensions/core-ionos-s3/build.gradle.kts index 3051ff77..400e9524 100644 --- a/extensions/core-ionos-s3/build.gradle.kts +++ b/extensions/core-ionos-s3/build.gradle.kts @@ -22,6 +22,7 @@ dependencies { implementation("${edcGroup}:transfer-spi:${edcVersion}") implementation("io.minio:minio:${minIOVersion}") + testImplementation("${edcGroup}:junit:${edcVersion}") testImplementation("org.junit.jupiter:junit-jupiter-api:${junitVersion}") testImplementation("org.junit.jupiter:junit-jupiter-engine:${junitVersion}") } diff --git a/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/configuration/IonosToken.java b/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/configuration/IonosToken.java index 5396e595..dec4b030 100644 --- a/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/configuration/IonosToken.java +++ b/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/configuration/IonosToken.java @@ -17,7 +17,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonTypeName; -import org.eclipse.edc.connector.transfer.spi.types.SecretToken; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.SecretToken; @JsonTypeName("dataspaceconnector:ionostoken") public class IonosToken implements SecretToken { diff --git a/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/schema/IonosBucketSchema.java b/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/schema/IonosBucketSchema.java index 9b3460e2..4f783c2a 100644 --- a/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/schema/IonosBucketSchema.java +++ b/extensions/core-ionos-s3/src/main/java/com/ionos/edc/extension/s3/schema/IonosBucketSchema.java @@ -14,7 +14,9 @@ package com.ionos.edc.extension.s3.schema; -import static org.eclipse.edc.spi.CoreConstants.EDC_NAMESPACE; +import org.eclipse.edc.spi.types.domain.transfer.FlowType; + +import static org.eclipse.edc.spi.constants.CoreConstants.EDC_NAMESPACE; public interface IonosBucketSchema { String TYPE = "IonosS3"; @@ -27,5 +29,7 @@ public interface IonosBucketSchema { String ACCESS_KEY_ID = EDC_NAMESPACE + "accessKey"; String SECRET_ACCESS_KEY = EDC_NAMESPACE + "secretKey"; + String PUSH_TRANSFER_TYPE = TYPE + "-" + FlowType.PUSH; + String STORAGE_NAME_DEFAULT = "https://s3-eu-central-1.ionoscloud.com"; } diff --git a/extensions/data-plane-ionos-s3/build.gradle.kts b/extensions/data-plane-ionos-s3/build.gradle.kts index 3d166d94..0e11ae1a 100644 --- a/extensions/data-plane-ionos-s3/build.gradle.kts +++ b/extensions/data-plane-ionos-s3/build.gradle.kts @@ -3,9 +3,9 @@ plugins { `maven-publish` } -val javaVersion: String by project val edcGroup: String by project val edcVersion: String by project +val metaModelVersion: String by project val extensionsGroup: String by project val extensionsVersion: String by project val junitVersion: String by project @@ -17,16 +17,16 @@ val gitHubUser: String? by project val gitHubToken: String? by project dependencies { - api("${edcGroup}:data-plane-spi:${edcVersion}") + api("${edcGroup}:runtime-metamodel:${metaModelVersion}") - implementation(project(":extensions:core-ionos-s3")) - implementation("${edcGroup}:util:${edcVersion}") + implementation("${edcGroup}:util-lib:${edcVersion}") implementation("${edcGroup}:transfer-spi:${edcVersion}") - implementation("${edcGroup}:data-plane-util:${edcVersion}") - implementation("${edcGroup}:data-plane-core:${edcVersion}") - implementation("${edcGroup}:http:${edcVersion}") implementation("${edcGroup}:validator-spi:${edcVersion}") - + implementation("${edcGroup}:data-plane-util:${edcVersion}") + + implementation(project(":extensions:core-ionos-s3")) + + testImplementation("${edcGroup}:junit:${edcVersion}") testImplementation("org.junit.jupiter:junit-jupiter-api:${junitVersion}") testImplementation("org.junit.jupiter:junit-jupiter-engine:${junitVersion}") testImplementation("org.mockito:mockito-core:${mockitoVersion}") diff --git a/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSinkFactory.java b/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSinkFactory.java index 1b968dce..a1a59288 100644 --- a/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSinkFactory.java +++ b/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSinkFactory.java @@ -27,7 +27,7 @@ import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.types.TypeManager; import org.eclipse.edc.spi.types.domain.DataAddress; -import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; +import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; import org.eclipse.edc.validator.spi.Validator; import org.eclipse.edc.validator.spi.ValidationResult; import org.jetbrains.annotations.NotNull; @@ -57,18 +57,18 @@ public IonosDataSinkFactory(S3ConnectorApi s3Api, ExecutorService executorServic } @Override - public boolean canHandle(DataFlowRequest request) { - return IonosBucketSchema.TYPE.equals(request.getDestinationDataAddress().getType()); + public String supportedType() { + return IonosBucketSchema.TYPE; } @Override - public @NotNull Result validateRequest(DataFlowRequest request) { + public @NotNull Result validateRequest(DataFlowStartMessage request) { var destination = request.getDestinationDataAddress(); return validator.validate(destination).flatMap(ValidationResult::toResult); } @Override - public DataSink createSink(DataFlowRequest request) { + public DataSink createSink(DataFlowStartMessage request) { var validationResult = validateRequest(request); if (validationResult.failed()) { diff --git a/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSourceFactory.java b/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSourceFactory.java index 811afc63..2b2e4b80 100644 --- a/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSourceFactory.java +++ b/extensions/data-plane-ionos-s3/src/main/java/com/ionos/edc/dataplane/ionos/s3/IonosDataSourceFactory.java @@ -23,7 +23,7 @@ import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.result.Result; import org.eclipse.edc.spi.types.domain.DataAddress; -import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; +import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; import org.eclipse.edc.validator.spi.Validator; import org.eclipse.edc.validator.spi.ValidationResult; import org.jetbrains.annotations.NotNull; @@ -40,18 +40,18 @@ public IonosDataSourceFactory(S3ConnectorApi s3Api, Monitor monitor) { } @Override - public boolean canHandle(DataFlowRequest request) { - return IonosBucketSchema.TYPE.equals(request.getSourceDataAddress().getType()); + public String supportedType() { + return IonosBucketSchema.TYPE; } @Override - public @NotNull Result validateRequest(DataFlowRequest request) { + public @NotNull Result validateRequest(DataFlowStartMessage request) { var source = request.getSourceDataAddress(); return validator.validate(source).flatMap(ValidationResult::toResult); } @Override - public DataSource createSource(DataFlowRequest request) { + public DataSource createSource(DataFlowStartMessage request) { var validationResult = validateRequest(request); if (validationResult.failed()) { diff --git a/extensions/data-plane-ionos-s3/src/test/java/com/ionos/edc/dataplane/ionos/s3/util/FileTransferHelperTest.java b/extensions/data-plane-ionos-s3/src/test/java/com/ionos/edc/dataplane/ionos/s3/util/FileTransferHelperTest.java index 0d46d80c..798fd19e 100644 --- a/extensions/data-plane-ionos-s3/src/test/java/com/ionos/edc/dataplane/ionos/s3/util/FileTransferHelperTest.java +++ b/extensions/data-plane-ionos-s3/src/test/java/com/ionos/edc/dataplane/ionos/s3/util/FileTransferHelperTest.java @@ -1,6 +1,5 @@ package com.ionos.edc.dataplane.ionos.s3.util; -import com.ionos.edc.dataplane.ionos.s3.util.FileTransferHelper; import org.eclipse.edc.spi.EdcException; import org.junit.jupiter.api.Test; diff --git a/extensions/provision-ionos-s3/build.gradle.kts b/extensions/provision-ionos-s3/build.gradle.kts index 38478452..536cbca3 100644 --- a/extensions/provision-ionos-s3/build.gradle.kts +++ b/extensions/provision-ionos-s3/build.gradle.kts @@ -3,7 +3,6 @@ plugins { `maven-publish` } -val javaVersion: String by project val edcGroup: String by project val edcVersion: String by project val metaModelVersion: String by project @@ -19,8 +18,13 @@ val gitHubToken: String? by project dependencies { api("${edcGroup}:runtime-metamodel:${metaModelVersion}") - implementation(project(":extensions:core-ionos-s3")) implementation("${edcGroup}:transfer-spi:${edcVersion}") + + implementation(project(":extensions:core-ionos-s3")) + + testImplementation("${edcGroup}:junit:${edcVersion}") + testImplementation("org.junit.jupiter:junit-jupiter-api:${junitVersion}") + testImplementation("org.junit.jupiter:junit-jupiter-engine:${junitVersion}") } java { @@ -28,6 +32,10 @@ java { withSourcesJar() } +tasks.test { + useJUnitPlatform() +} + publishing { publications { create("maven") { diff --git a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/IonosProvisionExtension.java b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/IonosProvisionExtension.java index b59afd54..2e091473 100644 --- a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/IonosProvisionExtension.java +++ b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/IonosProvisionExtension.java @@ -21,11 +21,10 @@ import com.ionos.edc.provision.s3.bucket.IonosS3Provisioner; import com.ionos.edc.provision.s3.bucket.IonosS3ResourceDefinition; import dev.failsafe.RetryPolicy; -import org.eclipse.edc.connector.transfer.spi.provision.ProvisionManager; -import org.eclipse.edc.connector.transfer.spi.provision.ResourceManifestGenerator; +import org.eclipse.edc.connector.controlplane.transfer.spi.provision.ProvisionManager; +import org.eclipse.edc.connector.controlplane.transfer.spi.provision.ResourceManifestGenerator; import org.eclipse.edc.runtime.metamodel.annotation.Extension; import org.eclipse.edc.runtime.metamodel.annotation.Inject; -import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; @@ -44,12 +43,9 @@ public class IonosProvisionExtension implements ServiceExtension { @Inject private Vault vault; @Inject - private Monitor monitor; - @Inject private TypeManager typeManager; - @Inject - S3ConnectorApi clientApi; + private S3ConnectorApi clientApi; @Override public String name() { @@ -58,7 +54,7 @@ public String name() { @Override public void initialize(ServiceExtensionContext context) { - monitor = context.getMonitor(); + var monitor = context.getMonitor(); var keyValidationAttempts = context.getSetting(IONOS_KEY_VALIDATION_ATTEMPTS, IONOS_KEY_VALIDATION_ATTEMPTS_DEFAULT); var keyValidationDelay = context.getSetting(IONOS_KEY_VALIDATION_DELAY, IONOS_KEY_VALIDATION_DELAY_DEFAULT); @@ -67,7 +63,7 @@ public void initialize(ServiceExtensionContext context) { var provisionManager = context.getService(ProvisionManager.class); monitor.debug("IonosProvisionExtension" + "retryPolicy"); - var retryPolicy = (RetryPolicy) context.getService(RetryPolicy.class); + var retryPolicy = context.getService(RetryPolicy.class); monitor.debug("IonosProvisionExtension" + "s3BucketProvisioner"); var s3BucketProvisioner = new IonosS3Provisioner(monitor, retryPolicy, clientApi, keyValidationAttempts, keyValidationDelay); diff --git a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ConsumerResourceDefinitionGenerator.java b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ConsumerResourceDefinitionGenerator.java index 9c27e1e3..abc01231 100644 --- a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ConsumerResourceDefinitionGenerator.java +++ b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ConsumerResourceDefinitionGenerator.java @@ -18,22 +18,24 @@ import java.util.Objects; -import org.eclipse.edc.connector.transfer.spi.provision.ConsumerResourceDefinitionGenerator; -import org.eclipse.edc.connector.transfer.spi.types.DataRequest; -import org.eclipse.edc.connector.transfer.spi.types.ResourceDefinition; +import org.eclipse.edc.connector.controlplane.transfer.spi.provision.ConsumerResourceDefinitionGenerator; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.ResourceDefinition; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.TransferProcess; import org.eclipse.edc.policy.model.Policy; import com.ionos.edc.extension.s3.schema.IonosBucketSchema; import org.eclipse.edc.spi.EdcException; +import org.jetbrains.annotations.Nullable; public class IonosS3ConsumerResourceDefinitionGenerator implements ConsumerResourceDefinitionGenerator { @Override - public ResourceDefinition generate(DataRequest dataRequest, Policy policy) { - Objects.requireNonNull(dataRequest, "dataRequest must always be provided"); + public @Nullable ResourceDefinition generate(TransferProcess transferProcess, Policy policy) { + Objects.requireNonNull(transferProcess, "transferProcess must always be provided"); Objects.requireNonNull(policy, "policy must always be provided"); - var destination = dataRequest.getDataDestination(); + var destination = transferProcess.getDataDestination(); + Objects.requireNonNull(destination, "dataDestination must always be provided"); var path = destination.getStringProperty(IonosBucketSchema.PATH); if ((path != null) && !path.endsWith("/")) { @@ -59,11 +61,11 @@ public ResourceDefinition generate(DataRequest dataRequest, Policy policy) { } @Override - public boolean canGenerate(DataRequest dataRequest, Policy policy) { - Objects.requireNonNull(dataRequest, "dataRequest must always be provided"); + public boolean canGenerate(TransferProcess transferProcess, Policy policy) { + Objects.requireNonNull(transferProcess, "transferProcess must always be provided"); Objects.requireNonNull(policy, "policy must always be provided"); - return IonosBucketSchema.TYPE.equals(dataRequest.getDestinationType()); + return IonosBucketSchema.PUSH_TRANSFER_TYPE.equals(transferProcess.getTransferType()); } } diff --git a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ProvisionedResource.java b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ProvisionedResource.java index 9117ddcb..3a768d88 100644 --- a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ProvisionedResource.java +++ b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ProvisionedResource.java @@ -19,7 +19,7 @@ import com.fasterxml.jackson.databind.annotation.JsonDeserialize; import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; import com.ionos.edc.extension.s3.schema.IonosBucketSchema; -import org.eclipse.edc.connector.transfer.spi.types.ProvisionedDataDestinationResource; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.ProvisionedDataDestinationResource; import static com.ionos.edc.extension.s3.schema.IonosBucketSchema.*; diff --git a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3Provisioner.java b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3Provisioner.java index 2663305c..2417c18b 100644 --- a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3Provisioner.java +++ b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3Provisioner.java @@ -19,11 +19,12 @@ import com.ionos.edc.extension.s3.connector.ionosapi.S3AccessKey; import dev.failsafe.RetryPolicy; -import org.eclipse.edc.connector.transfer.spi.provision.Provisioner; -import org.eclipse.edc.connector.transfer.spi.types.DeprovisionedResource; -import org.eclipse.edc.connector.transfer.spi.types.ProvisionResponse; -import org.eclipse.edc.connector.transfer.spi.types.ProvisionedResource; -import org.eclipse.edc.connector.transfer.spi.types.ResourceDefinition; +import org.eclipse.edc.connector.controlplane.transfer.spi.provision.Provisioner; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.DeprovisionedResource; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.ProvisionResponse; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.ProvisionedResource; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.ResourceDefinition; +import org.eclipse.edc.policy.model.Policy; import org.eclipse.edc.spi.EdcException; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.response.StatusResult; @@ -60,8 +61,7 @@ public boolean canDeprovision(ProvisionedResource resourceDefinition) { } @Override - public CompletableFuture> provision(IonosS3ResourceDefinition resourceDefinition, - org.eclipse.edc.policy.model.Policy policy) { + public CompletableFuture> provision(IonosS3ResourceDefinition resourceDefinition, Policy policy) { String bucketName = resourceDefinition.getBucketName(); if (!s3Api.bucketExists(bucketName)) { @@ -98,8 +98,7 @@ public CompletableFuture> provision(IonosS3Resou } @Override - public CompletableFuture> deprovision( - IonosS3ProvisionedResource provisionedResource, org.eclipse.edc.policy.model.Policy policy) { + public CompletableFuture> deprovision(IonosS3ProvisionedResource provisionedResource, Policy policy) { return with(retryPolicy).runAsync(() -> s3Api.deleteAccessKey(provisionedResource.getAccessKeyID())) .thenApply(empty -> StatusResult.success(DeprovisionedResource.Builder.newInstance().provisionedResourceId(provisionedResource.getId()).build()) diff --git a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ResourceDefinition.java b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ResourceDefinition.java index 4d407d8a..a0c9decb 100644 --- a/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ResourceDefinition.java +++ b/extensions/provision-ionos-s3/src/main/java/com/ionos/edc/provision/s3/bucket/IonosS3ResourceDefinition.java @@ -18,10 +18,11 @@ import com.fasterxml.jackson.annotation.JsonCreator; import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import org.eclipse.edc.connector.transfer.spi.types.ResourceDefinition; +import org.eclipse.edc.connector.controlplane.transfer.spi.types.ResourceDefinition; @JsonDeserialize(as=IonosS3ResourceDefinition.class) public class IonosS3ResourceDefinition extends ResourceDefinition { + private String keyName; private String storage; private String bucketName; diff --git a/extensions/vault-hashicorp/README.md b/extensions/vault-hashicorp/README.md deleted file mode 100644 index 6debcbb3..00000000 --- a/extensions/vault-hashicorp/README.md +++ /dev/null @@ -1,16 +0,0 @@ -# [HashiCorp Vault](https://www.vaultproject.io/) Extension - -## Configuration - -| Key | Description | Mandatory | -|:---|:---|---| -| edc.vault.hashicorp.url | URL to connect to the HashiCorp Vault | X | -| edc.vault.hashicorp.token | Value for [Token Authentication](https://www.vaultproject.io/docs/auth/token) with the vault | X | -| edc.vault.hashicorp.timeout.seconds | Request timeout in seconds when contacting the vault (default: 30) | | - -## Setup vault for integration tests - -The integration tests rely on a vault running locally. -This can be achieved by starting a docker container with the following configuration. - -`docker run -e 'VAULT_DEV_ROOT_TOKEN_ID=test-token' -p "8200:8200" vault:1.9.7` diff --git a/extensions/vault-hashicorp/build.gradle.kts b/extensions/vault-hashicorp/build.gradle.kts deleted file mode 100644 index 798313f0..00000000 --- a/extensions/vault-hashicorp/build.gradle.kts +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ -plugins { - `java-library` - `maven-publish` -} - -val edcGroup: String by project -val edcVersion: String by project -val extensionsGroup: String by project -val extensionsVersion: String by project - -val gitHubPkgsName: String by project -val gitHubPkgsUrl: String by project -val gitHubUser: String? by project -val gitHubToken: String? by project - -dependencies { - api("${edcGroup}:core-spi:${edcVersion}") - api("${edcGroup}:http-spi:${edcVersion}") - - implementation("${edcGroup}:util:${edcVersion}") -} - - -java { - withJavadocJar() - withSourcesJar() -} - -publishing { - publications { - create("maven") { - groupId = extensionsGroup - artifactId = "vault-hashicorp" - version = extensionsVersion - - from(components["java"]) - - pom { - name.set("vault-hashicorp") - description.set("Extension to use Hashicorp Vault to store certificates and secrets") - } - } - } - repositories { - maven { - name = gitHubPkgsName - url = uri("https://maven.pkg.github.com/${project.properties["github_owner"]}/${project.properties["github_repo"]}") - credentials { - username = gitHubUser - password = gitHubToken - } - } - } -} \ No newline at end of file diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayload.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayload.java deleted file mode 100644 index aa0e0b9f..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayload.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; - -import java.util.Map; - -class CreateEntryRequestPayload { - - private CreateEntryRequestPayloadOptions options; - - private Map data; - - CreateEntryRequestPayload() {} - - public CreateEntryRequestPayloadOptions getOptions() { - return this.options; - } - - public Map getData() { - return this.data; - } - - @JsonPOJOBuilder(withPrefix = "") - public static class Builder { - private final CreateEntryRequestPayload createEntryRequestPayload; - - private Builder() { - createEntryRequestPayload = new CreateEntryRequestPayload(); - } - - public static Builder newInstance() { - return new Builder(); - } - - public Builder options(CreateEntryRequestPayloadOptions options) { - createEntryRequestPayload.options = options; - return this; - } - - public Builder data(Map data) { - createEntryRequestPayload.data = data; - return this; - } - - public CreateEntryRequestPayload build() { - return createEntryRequestPayload; - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayloadOptions.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayloadOptions.java deleted file mode 100644 index 2ac0f69a..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryRequestPayloadOptions.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; - -class CreateEntryRequestPayloadOptions { - - private Integer cas; - - CreateEntryRequestPayloadOptions() {} - - public Integer getCas() { - return this.cas; - } - - @JsonPOJOBuilder(withPrefix = "") - public static class Builder { - private final CreateEntryRequestPayloadOptions createEntryRequestPayloadOptions; - - private Builder() { - createEntryRequestPayloadOptions = new CreateEntryRequestPayloadOptions(); - } - - public static Builder newInstance() { - return new Builder(); - } - - public Builder cas(Integer cas) { - createEntryRequestPayloadOptions.cas = cas; - return this; - } - - public CreateEntryRequestPayloadOptions build() { - return createEntryRequestPayloadOptions; - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryResponsePayload.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryResponsePayload.java deleted file mode 100644 index c3187c03..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/CreateEntryResponsePayload.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; - -class CreateEntryResponsePayload { - - private EntryMetadata data; - - CreateEntryResponsePayload() {} - - public EntryMetadata getData() { - return this.data; - } - - @JsonPOJOBuilder(withPrefix = "") - public static class Builder { - private final CreateEntryResponsePayload createEntryResponsePayload; - - private Builder() { - createEntryResponsePayload = new CreateEntryResponsePayload(); - } - - public static Builder newInstance() { - return new Builder(); - } - - public Builder data(EntryMetadata data) { - createEntryResponsePayload.data = data; - return this; - } - - public CreateEntryResponsePayload build() { - return createEntryResponsePayload; - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/EntryMetadata.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/EntryMetadata.java deleted file mode 100644 index 9f743cfd..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/EntryMetadata.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import com.fasterxml.jackson.annotation.JsonCreator; -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.databind.annotation.JsonDeserialize; -import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; - -import java.util.Map; - -@JsonDeserialize(builder = EntryMetadata.Builder.class) -class EntryMetadata { - - @JsonProperty() - private Map customMetadata; - - @JsonProperty() - private Boolean destroyed; - - @JsonProperty() - private Integer version; - - EntryMetadata() {} - - public Map getCustomMetadata() { - return this.customMetadata; - } - - public Boolean getDestroyed() { - return this.destroyed; - } - - public Integer getVersion() { - return this.version; - } - - @JsonPOJOBuilder(withPrefix = "") - public static class Builder { - private final EntryMetadata entryMetadata; - - Builder() { - entryMetadata = new EntryMetadata(); - } - - @JsonCreator - public static Builder newInstance() { - return new Builder(); - } - - public Builder customMetadata(Map customMetadata) { - entryMetadata.customMetadata = customMetadata; - return this; - } - - public Builder destroyed(Boolean destroyed) { - entryMetadata.destroyed = destroyed; - return this; - } - - public Builder version(Integer version) { - entryMetadata.version = version; - return this; - } - - public EntryMetadata build() { - return entryMetadata; - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayload.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayload.java deleted file mode 100644 index 57129a4e..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayload.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; - -class GetEntryResponsePayload { - - private GetEntryResponsePayloadGetVaultEntryData data; - - GetEntryResponsePayload() { - } - - public GetEntryResponsePayloadGetVaultEntryData getData() { - return this.data; - } - - @JsonPOJOBuilder(withPrefix = "") - public static class Builder { - private final GetEntryResponsePayload getEntryResponsePayload; - - private Builder() { - getEntryResponsePayload = new GetEntryResponsePayload(); - } - - public static Builder newInstance() { - return new Builder(); - } - - public Builder data(GetEntryResponsePayloadGetVaultEntryData data) { - getEntryResponsePayload.data = data; - return this; - } - - public GetEntryResponsePayload build() { - return getEntryResponsePayload; - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayloadGetVaultEntryData.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayloadGetVaultEntryData.java deleted file mode 100644 index 2241a39a..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/GetEntryResponsePayloadGetVaultEntryData.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder; - -import java.util.Map; - -class GetEntryResponsePayloadGetVaultEntryData { - - private Map data; - - private EntryMetadata metadata; - - GetEntryResponsePayloadGetVaultEntryData() {} - - public Map getData() { - return this.data; - } - - public EntryMetadata getMetadata() { - return this.metadata; - } - - @JsonPOJOBuilder(withPrefix = "") - public static class Builder { - private final GetEntryResponsePayloadGetVaultEntryData getEntryResponsePayloadGetVaultEntryData; - - private Builder() { - getEntryResponsePayloadGetVaultEntryData = new GetEntryResponsePayloadGetVaultEntryData(); - } - - public static Builder newInstance() { - return new Builder(); - } - - public Builder data(Map data) { - getEntryResponsePayloadGetVaultEntryData.data = data; - return this; - } - - public Builder metadata(EntryMetadata metadata) { - getEntryResponsePayloadGetVaultEntryData.metadata = metadata; - return this; - } - - public GetEntryResponsePayloadGetVaultEntryData build() { - return getEntryResponsePayloadGetVaultEntryData; - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVault.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVault.java deleted file mode 100644 index 6063d30f..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVault.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.result.Result; -import org.eclipse.edc.spi.security.Vault; -import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; - -/** - * Implements a vault backed by Hashicorp Vault. - */ -class HashicorpVault implements Vault { - - @NotNull - private final HashicorpVaultClient hashicorpVaultClient; - @NotNull - private final Monitor monitor; - - HashicorpVault(@NotNull HashicorpVaultClient hashicorpVaultClient, @NotNull Monitor monitor) { - this.hashicorpVaultClient = hashicorpVaultClient; - this.monitor = monitor; - } - - @Override - public @Nullable String resolveSecret(String key) { - var result = hashicorpVaultClient.getSecretValue(key); - - return result.succeeded() ? result.getContent() : null; - } - - @Override - public Result storeSecret(String key, String value) { - var result = hashicorpVaultClient.setSecret(key, value); - - return result.succeeded() ? Result.success() : Result.failure(result.getFailureMessages()); - } - - @Override - public Result deleteSecret(String key) { - return hashicorpVaultClient.destroySecret(key); - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultClient.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultClient.java deleted file mode 100644 index 514e0020..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultClient.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import okhttp3.Headers; -import okhttp3.MediaType; -import okhttp3.Request; -import okhttp3.RequestBody; -import org.eclipse.edc.spi.http.EdcHttpClient; -import org.eclipse.edc.spi.result.Result; -import org.eclipse.edc.spi.types.TypeManager; -import org.jetbrains.annotations.NotNull; - -import java.io.IOException; -import java.net.URI; -import java.net.URLEncoder; -import java.nio.charset.StandardCharsets; -import java.util.Collections; -import java.util.Objects; - -public class HashicorpVaultClient { - static final String VAULT_DATA_ENTRY_NAME = "content"; - private static final String VAULT_TOKEN_HEADER = "X-Vault-Token"; - private static final String VAULT_REQUEST_HEADER = "X-Vault-Request"; - private static final MediaType MEDIA_TYPE_APPLICATION_JSON = MediaType.get("application/json"); - private static final String VAULT_API_VERSION = "v1"; - private static final String VAULT_SECRET_PATH = "secret"; - private static final String VAULT_SECRET_DATA_PATH = "data"; - private static final String VAULT_SECRET_METADATA_PATH = "metadata"; - private static final String CALL_UNSUCCESSFUL_ERROR_TEMPLATE = "[Hashicorp Vault] Call unsuccessful: %s"; - private static final int HTTP_CODE_404 = 404; - @NotNull - private final HashicorpVaultConfig hashicorpVaultConfig; - @NotNull - private final EdcHttpClient httpClient; - @NotNull - private final TypeManager typeManager; - - HashicorpVaultClient(@NotNull HashicorpVaultConfig hashicorpVaultConfig, @NotNull EdcHttpClient httpClient, - @NotNull TypeManager typeManager) { - this.hashicorpVaultConfig = hashicorpVaultConfig; - this.httpClient = httpClient; - this.typeManager = typeManager; - } - - public Result getSecretValue(@NotNull String key) { - var requestUri = getSecretUrl(key, VAULT_SECRET_DATA_PATH); - var headers = getHeaders(); - var request = new Request.Builder().url(requestUri).headers(headers).get().build(); - - try (var response = httpClient.execute(request)) { - - if (response.isSuccessful()) { - if (response.code() == HTTP_CODE_404) { - return Result.failure( - String.format(CALL_UNSUCCESSFUL_ERROR_TEMPLATE, "Secret not found")); - } - - var responseBody = response.body(); - if (responseBody == null) { - return Result.failure(String.format(CALL_UNSUCCESSFUL_ERROR_TEMPLATE, "Response body empty")); - } - var payload = typeManager.readValue(responseBody.string(), GetEntryResponsePayload.class); - var value = payload.getData().getData().get(VAULT_DATA_ENTRY_NAME); - - return Result.success(value); - } else { - return Result.failure(String.format(CALL_UNSUCCESSFUL_ERROR_TEMPLATE, response.code())); - } - - } catch (IOException e) { - return Result.failure(e.getMessage()); - } - } - - public Result setSecret( - @NotNull String key, @NotNull String value) { - var requestUri = getSecretUrl(key, VAULT_SECRET_DATA_PATH); - var headers = getHeaders(); - var requestPayload = - CreateEntryRequestPayload.Builder.newInstance() - .data(Collections.singletonMap(VAULT_DATA_ENTRY_NAME, value)) - .build(); - var request = - new Request.Builder() - .url(requestUri) - .headers(headers) - .post(createRequestBody(requestPayload)) - .build(); - - try (var response = httpClient.execute(request)) { - if (response.isSuccessful()) { - var responseBody = Objects.requireNonNull(response.body()).string(); - var responsePayload = - typeManager.readValue(responseBody, CreateEntryResponsePayload.class); - return Result.success(responsePayload); - } else { - return Result.failure(String.format(CALL_UNSUCCESSFUL_ERROR_TEMPLATE, response.code())); - } - } catch (IOException e) { - return Result.failure(e.getMessage()); - } - } - - public Result destroySecret(@NotNull String key) { - var requestUri = getSecretUrl(key, VAULT_SECRET_METADATA_PATH); - var headers = getHeaders(); - var request = new Request.Builder().url(requestUri).headers(headers).delete().build(); - - try (var response = httpClient.execute(request)) { - return response.isSuccessful() || response.code() == HTTP_CODE_404 - ? Result.success() - : Result.failure(String.format(CALL_UNSUCCESSFUL_ERROR_TEMPLATE, response.code())); - } catch (IOException e) { - return Result.failure(e.getMessage()); - } - } - - @NotNull - private Headers getHeaders() { - var headersBuilder = - new Headers.Builder().add(VAULT_REQUEST_HEADER, Boolean.toString(true)); - if (hashicorpVaultConfig.getVaultToken() != null) { - headersBuilder = headersBuilder.add(VAULT_TOKEN_HEADER, hashicorpVaultConfig.getVaultToken()); - } - return headersBuilder.build(); - } - - private String getBaseUrl() { - var baseUrl = hashicorpVaultConfig.getVaultUrl(); - - if (baseUrl.endsWith("/")) { - baseUrl = baseUrl.substring(0, baseUrl.length() - 1); - } - - return baseUrl; - } - - private String getSecretUrl(String key, String entryType) { - var encodedKey = URLEncoder.encode(key, StandardCharsets.UTF_8); - return URI.create( - String.format( - "%s/%s/%s/%s/%s", - getBaseUrl(), VAULT_API_VERSION, VAULT_SECRET_PATH, entryType, encodedKey)) - .toString(); - } - - private RequestBody createRequestBody(Object requestPayload) { - var jsonRepresentation = typeManager.writeValueAsString(requestPayload); - return RequestBody.create(jsonRepresentation, MEDIA_TYPE_APPLICATION_JSON); - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultConfig.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultConfig.java deleted file mode 100644 index 52c58e25..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultConfig.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -class HashicorpVaultConfig { - private final String vaultUrl; - private final String vaultToken; - - HashicorpVaultConfig(String vaultUrl, String vaultToken) { - this.vaultUrl = vaultUrl; - this.vaultToken = vaultToken; - } - - public String getVaultUrl() { - return this.vaultUrl; - } - - public String getVaultToken() { - return this.vaultToken; - } - - public static class Builder { - private String vaultUrl; - private String vaultToken; - - Builder() { - } - - public static Builder newInstance() { - return new Builder(); - } - - public Builder vaultUrl(String vaultUrl) { - this.vaultUrl = vaultUrl; - return this; - } - - public Builder vaultToken(String vaultToken) { - this.vaultToken = vaultToken; - return this; - } - - public HashicorpVaultConfig build() { - return new HashicorpVaultConfig(vaultUrl, vaultToken); - } - } -} diff --git a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java b/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java deleted file mode 100644 index 068ae052..00000000 --- a/extensions/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation - * - */ - -package org.eclipse.edc.vault.hashicorp; - -import org.eclipse.edc.runtime.metamodel.annotation.Extension; -import org.eclipse.edc.runtime.metamodel.annotation.Inject; -import org.eclipse.edc.runtime.metamodel.annotation.Provider; -import org.eclipse.edc.runtime.metamodel.annotation.Provides; -import org.eclipse.edc.runtime.metamodel.annotation.Setting; -import org.eclipse.edc.spi.EdcException; -import org.eclipse.edc.spi.http.EdcHttpClient; -import org.eclipse.edc.spi.security.CertificateResolver; -import org.eclipse.edc.spi.security.PrivateKeyResolver; -import org.eclipse.edc.spi.security.Vault; -import org.eclipse.edc.spi.security.VaultCertificateResolver; -import org.eclipse.edc.spi.security.VaultPrivateKeyResolver; -import org.eclipse.edc.spi.system.ServiceExtension; -import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.eclipse.edc.spi.types.TypeManager; - -@Provides({ Vault.class, PrivateKeyResolver.class, CertificateResolver.class }) -@Extension(value = HashicorpVaultExtension.NAME) -public class HashicorpVaultExtension implements ServiceExtension { - - @Setting(value = "The URL of the Hashicorp Vault", required = true) - public static final String VAULT_URL = "edc.vault.hashicorp.url"; - - @Setting(value = "The token used to access the Hashicorp Vault", required = true) - public static final String VAULT_TOKEN = "edc.vault.hashicorp.token"; - public static final String NAME = "Hashicorp Vault"; - - @Inject - private EdcHttpClient httpClient; - - private Vault vault; - - private PrivateKeyResolver privateKeyResolver; - - @Inject - private TypeManager typeManager; - - @Override - public String name() { - return NAME; - } - - @Provider - public Vault vault() { - return vault; - } - - // @Provider - // public PrivateKeyResolver privateKeyResolver() { - // return privateKeyResolver; - // } - - @Override - public void initialize(ServiceExtensionContext context) { - var config = loadHashicorpVaultClientConfig(context); - - var client = new HashicorpVaultClient(config, httpClient, typeManager); - - vault = new HashicorpVault(client, context.getMonitor()); - privateKeyResolver = new VaultPrivateKeyResolver(vault); - - // context.registerService(CertificateResolver.class, new VaultCertificateResolver(vault)); - } - - private HashicorpVaultConfig loadHashicorpVaultClientConfig( - ServiceExtensionContext context) { - - var vaultUrl = context.getSetting(VAULT_URL, null); - if (vaultUrl == null) { - throw new EdcException(String.format("Vault URL (%s) must be defined", VAULT_URL)); - } - - var vaultToken = context.getSetting(VAULT_TOKEN, null); - - if (vaultToken == null) { - throw new EdcException( - String.format("For Vault authentication [%s] is required", VAULT_TOKEN)); - } - - return HashicorpVaultConfig.Builder.newInstance() - .vaultUrl(vaultUrl) - .vaultToken(vaultToken) - .build(); - } -} diff --git a/extensions/vault-hashicorp/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/vault-hashicorp/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension deleted file mode 100644 index d6f1ee27..00000000 --- a/extensions/vault-hashicorp/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ /dev/null @@ -1,13 +0,0 @@ -# -# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Mercedes-Benz Tech Innovation GmbH - Initial ServiceExtension file -# -org.eclipse.edc.vault.hashicorp.HashicorpVaultExtension diff --git a/gradle.properties b/gradle.properties index 103f5177..ef368926 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,17 +1,16 @@ javaVersion=17 extensionsGroup=com.ionoscloud.edc -extensionsVersion=1.0.0 -postgresqlGroup=org.postgresql -postgresqlVersion=42.6.0 +extensionsVersion=2.3.0-SNAPSHOT + edcGroup=org.eclipse.edc -edcVersion=0.4.1 -metaModelVersion=0.0.1-SNAPSHOT -postgresVersion=42.6.0 -rsApi=3.1.0 -minIOVersion=8.5.8 -junitVersion=5.9.1 -mockitoVersion=5.2.0 -ionosDevelopersName=Paulo Lory, Paulo Cabrita +edcVersion=0.7.2 +metaModelVersion=0.7.2 + +minIOVersion=8.5.12 +junitVersion=5.11.0 +mockitoVersion=5.11.0 +postgresVersion=42.7.4 + gitHubPkgsName=GitHubPackages gitHubRpName=edc-ionos-s3 gitHubPkgsUrl=https://maven.pkg.github.com/Digital-Ecosystems/edc-ionos-s3 diff --git a/hashicorp/README.md b/hashicorp/README.md index f54ecaff..d2415bb1 100644 --- a/hashicorp/README.md +++ b/hashicorp/README.md @@ -83,3 +83,22 @@ kubectl exec -it vault-0 -- vault kv put secret/edc.ionos.token content= +vault login token= + +vault kv put secret/edc.connector.private.key content=@./certs/private.pem +vault kv put secret/edc.connector.public.key content=@./certs/public.pem +``` + +### Using kubectl +```bash +kubectl exec -it "vault-0" -- vault kv put secret/edc.connector.private.key content="$(cat ./certs/private.pem)" +kubectl exec -it "vault-0" -- vault kv put secret/edc.connector.public.key content="$(cat ./certs/public.pem)" +``` diff --git a/hashicorp/certs/private.pem b/hashicorp/certs/private.pem new file mode 100644 index 00000000..81c28bac --- /dev/null +++ b/hashicorp/certs/private.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIARDUGJgKy1yzxkueIJ1k3MPUWQ/tbQWQNqW6TjyHpdcoAoGCCqGSM49 +AwEHoUQDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5roYnkAXuqCYfNK3ex+hMWFuiX +GUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/hashicorp/certs/public.pem b/hashicorp/certs/public.pem new file mode 100644 index 00000000..977a1957 --- /dev/null +++ b/hashicorp/certs/public.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5r +oYnkAXuqCYfNK3ex+hMWFuiXGUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/hashicorp/docker-compose.yml b/hashicorp/docker-compose.yml index aa1f0e0f..41b61b83 100644 --- a/hashicorp/docker-compose.yml +++ b/hashicorp/docker-compose.yml @@ -1,9 +1,7 @@ -version: "3.9" - services: hashicorp-vault: container_name: hashicorp-vault - image: vault:1.9.7 + image: hashicorp/vault:1.17.2 ports: - "8200:8200" environment: diff --git a/launchers/base/connector/build.gradle.kts b/launchers/base/connector/build.gradle.kts index ce111b09..fa5c33ac 100644 --- a/launchers/base/connector/build.gradle.kts +++ b/launchers/base/connector/build.gradle.kts @@ -16,41 +16,40 @@ plugins { `java-library` } -repositories { - maven {// while runtime-metamodel dependency is still a snapshot - url = uri("https://oss.sonatype.org/content/repositories/snapshots/") - } - mavenCentral() - mavenLocal() -} - val edcGroup: String by project val edcVersion: String by project dependencies { - implementation("${edcGroup}:boot:${edcVersion}") - - // Control Plane - implementation("${edcGroup}:control-plane-core:${edcVersion}") - implementation("${edcGroup}:control-plane-api:${edcVersion}") - implementation("${edcGroup}:control-plane-api-client:${edcVersion}") - + // Core + implementation("${edcGroup}:connector-core:${edcVersion}") implementation("${edcGroup}:http:${edcVersion}") implementation("${edcGroup}:dsp:${edcVersion}") - implementation("${edcGroup}:auth-tokenbased:${edcVersion}") - implementation("${edcGroup}:configuration-filesystem:${edcVersion}") - - implementation("$edcGroup:management-api:$edcVersion") + implementation("${edcGroup}:management-api:${edcVersion}") implementation("${edcGroup}:api-observability:${edcVersion}") - implementation("${edcGroup}:vault-hashicorp:${edcVersion}") - + // Control Plane + implementation("${edcGroup}:control-plane-api-client:${edcVersion}") + implementation("${edcGroup}:control-plane-api:${edcVersion}") + implementation("${edcGroup}:control-plane-core:${edcVersion}") + implementation("${edcGroup}:control-api-configuration:${edcVersion}") + // Data Plane - implementation("${edcGroup}:data-plane-selector-client:${edcVersion}") + implementation("${edcGroup}:data-plane-selector-api:${edcVersion}") implementation("${edcGroup}:data-plane-selector-core:${edcVersion}") + implementation("${edcGroup}:data-plane-self-registration:${edcVersion}") + implementation("${edcGroup}:data-plane-control-api:${edcVersion}") + implementation("${edcGroup}:data-plane-public-api-v2:${edcVersion}") implementation("${edcGroup}:data-plane-core:${edcVersion}") - implementation("${edcGroup}:data-plane-client:${edcVersion}") - implementation("${edcGroup}:transfer-data-plane:${edcVersion}") + implementation("${edcGroup}:data-plane-http:${edcVersion}") + implementation("${edcGroup}:transfer-data-plane-signaling:${edcVersion}") + + // EDR Cache + implementation("${edcGroup}:edr-cache-api:${edcVersion}") + implementation("${edcGroup}:edr-store-core:${edcVersion}") + implementation("${edcGroup}:edr-store-receiver:${edcVersion}") + + // Validators + implementation("${edcGroup}:validator-data-address-http-data:${edcVersion}") // Ionos Extensions implementation(project(":extensions:provision-ionos-s3")) diff --git a/launchers/dev/connector-consumer/build.gradle.kts b/launchers/dev/connector-consumer/build.gradle.kts index ec655d34..4b34d51c 100644 --- a/launchers/dev/connector-consumer/build.gradle.kts +++ b/launchers/dev/connector-consumer/build.gradle.kts @@ -24,14 +24,11 @@ val edcVersion: String by project dependencies { implementation(project(":launchers:base:connector")) + implementation("${edcGroup}:configuration-filesystem:${edcVersion}") + implementation("${edcGroup}:vault-hashicorp:${edcVersion}") implementation("${edcGroup}:iam-mock:${edcVersion}") } application { mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") } - -java { - -} - diff --git a/launchers/dev/connector-consumer/resources/config.properties b/launchers/dev/connector-consumer/resources/config.properties index e6246173..22261f56 100644 --- a/launchers/dev/connector-consumer/resources/config.properties +++ b/launchers/dev/connector-consumer/resources/config.properties @@ -1,5 +1,4 @@ edc.participant.id=consumer -edc.dsp.callback.address=http://localhost:9292/protocol web.http.port=9191 web.http.path=/api web.http.management.port=9192 @@ -10,7 +9,13 @@ web.http.control.port=9293 web.http.control.path=/control web.http.public.port=9393 web.http.public.path=/public +edc.dsp.callback.address=http://localhost:9292/protocol +edc.dataplane.token.validation.endpoint=http://localhost:9293/control/token +edc.dataplane.api.public.baseurl=http://localhost:9393/public + edc.api.auth.key=password +edc.transfer.proxy.token.signer.privatekey.alias=edc.connector.private.key +edc.transfer.proxy.token.verifier.publickey.alias=edc.connector.public.key edc.vault.hashicorp.url=http://localhost:8200 edc.vault.hashicorp.token=test-token @@ -18,5 +23,5 @@ edc.vault.hashicorp.timeout.seconds=30 edc.ionos.access.key= edc.ionos.secret.key= -edc.ionos.endpoint=https://s3-eu-central-1.ionoscloud.com -edc.ionos.token= \ No newline at end of file +edc.ionos.endpoint= +edc.ionos.token= diff --git a/launchers/dev/connector-provider/build.gradle.kts b/launchers/dev/connector-provider/build.gradle.kts index 78106416..4319e3cb 100644 --- a/launchers/dev/connector-provider/build.gradle.kts +++ b/launchers/dev/connector-provider/build.gradle.kts @@ -24,6 +24,8 @@ val edcVersion: String by project dependencies { implementation(project(":launchers:base:connector")) + implementation("${edcGroup}:configuration-filesystem:${edcVersion}") + implementation("${edcGroup}:vault-hashicorp:${edcVersion}") implementation("${edcGroup}:iam-mock:${edcVersion}") } diff --git a/launchers/dev/connector-provider/resources/config.properties b/launchers/dev/connector-provider/resources/config.properties index e83e681b..c24f6764 100644 --- a/launchers/dev/connector-provider/resources/config.properties +++ b/launchers/dev/connector-provider/resources/config.properties @@ -1,5 +1,4 @@ edc.participant.id=provider -edc.dsp.callback.address=http://localhost:8282/protocol web.http.port=8181 web.http.path=/api web.http.management.port=8182 @@ -10,7 +9,13 @@ web.http.control.port=8283 web.http.control.path=/control web.http.public.port=8383 web.http.public.path=/public +edc.dsp.callback.address=http://localhost:8282/protocol +edc.dataplane.token.validation.endpoint=http://localhost:8283/control/token +edc.dataplane.api.public.baseurl=http://localhost:8383/public + edc.api.auth.key=password +edc.transfer.proxy.token.signer.privatekey.alias=edc.connector.private.key +edc.transfer.proxy.token.verifier.publickey.alias=edc.connector.public.key edc.vault.hashicorp.url=http://localhost:8200 edc.vault.hashicorp.token=test-token @@ -18,4 +23,4 @@ edc.vault.hashicorp.timeout.seconds=30 edc.ionos.access.key= edc.ionos.secret.key= -edc.ionos.endpoint=https://s3-eu-central-1.ionoscloud.com +edc.ionos.endpoint= diff --git a/launchers/prod/connector-persistence/build.gradle.kts b/launchers/prod/connector-persistence/build.gradle.kts index de89a350..6cc09e99 100644 --- a/launchers/prod/connector-persistence/build.gradle.kts +++ b/launchers/prod/connector-persistence/build.gradle.kts @@ -25,6 +25,10 @@ val postgresVersion: String by project dependencies { implementation(project(":launchers:base:connector")) + implementation("${edcGroup}:configuration-filesystem:${edcVersion}") + implementation("${edcGroup}:vault-hashicorp:${edcVersion}") + implementation("${edcGroup}:iam-mock:${edcVersion}") + implementation("org.postgresql:postgresql:$postgresVersion") implementation("${edcGroup}:sql-pool-apache-commons:$edcVersion") implementation("${edcGroup}:transaction-local:$edcVersion") @@ -35,8 +39,6 @@ dependencies { implementation("${edcGroup}:contract-definition-store-sql:$edcVersion") implementation("${edcGroup}:contract-negotiation-store-sql:$edcVersion") implementation("${edcGroup}:transfer-process-store-sql:$edcVersion") - - implementation("${edcGroup}:iam-mock:${edcVersion}") } application { diff --git a/launchers/prod/connector-persistence/docker-compose.yml b/launchers/prod/connector-persistence/docker-compose.yml index e85fa2e9..de030301 100644 --- a/launchers/prod/connector-persistence/docker-compose.yml +++ b/launchers/prod/connector-persistence/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.9" - services: connector: image: edc-ionos-s3 diff --git a/launchers/prod/connector-persistence/resources/config.properties b/launchers/prod/connector-persistence/resources/config.properties index f626f02a..d65abebb 100644 --- a/launchers/prod/connector-persistence/resources/config.properties +++ b/launchers/prod/connector-persistence/resources/config.properties @@ -1,3 +1,4 @@ +edc.participant.id=connector web.http.port=8181 web.http.path=/api web.http.management.port=8182 @@ -8,12 +9,14 @@ web.http.control.port=8283 web.http.control.path=/control web.http.public.port=8383 web.http.public.path=/public +edc.dsp.callback.address=http://localhost:8282/protocol +edc.dataplane.token.validation.endpoint=http://localhost:8283/control/token +edc.dataplane.api.public.baseurl=http://localhost:8383/public + edc.api.auth.key=password +edc.transfer.proxy.token.signer.privatekey.alias=edc.connector.private.key +edc.transfer.proxy.token.verifier.publickey.alias=edc.connector.public.key -edc.vault.clientid=company1 -edc.vault.tenantid=1 -edc.vault.certificate=/resources/ -edc.vault.name=ionos edc.vault.hashicorp.url=http://localhost:8200 edc.vault.hashicorp.token=test-token edc.vault.hashicorp.timeout.seconds=30 diff --git a/launchers/prod/connector/build.gradle.kts b/launchers/prod/connector/build.gradle.kts index 2fe35970..10ca5508 100644 --- a/launchers/prod/connector/build.gradle.kts +++ b/launchers/prod/connector/build.gradle.kts @@ -24,7 +24,9 @@ val edcVersion: String by project dependencies { implementation(project(":launchers:base:connector")) - implementation("${edcGroup}:iam-mock:${edcVersion}") + implementation("${edcGroup}:configuration-filesystem:${edcVersion}") + implementation("${edcGroup}:vault-hashicorp:${edcVersion}") + implementation("${edcGroup}:iam-mock:${edcVersion}") } application { diff --git a/launchers/prod/connector/docker-compose.yml b/launchers/prod/connector/docker-compose.yml index e85fa2e9..de030301 100644 --- a/launchers/prod/connector/docker-compose.yml +++ b/launchers/prod/connector/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.9" - services: connector: image: edc-ionos-s3 diff --git a/launchers/prod/connector/resources/config.properties b/launchers/prod/connector/resources/config.properties index 5586509e..6cb13c56 100644 --- a/launchers/prod/connector/resources/config.properties +++ b/launchers/prod/connector/resources/config.properties @@ -1,3 +1,4 @@ +edc.participant.id=connector web.http.port=8181 web.http.path=/api web.http.management.port=8182 @@ -8,12 +9,14 @@ web.http.control.port=8283 web.http.control.path=/control web.http.public.port=8383 web.http.public.path=/public +edc.dsp.callback.address=http://localhost:8282/protocol +edc.dataplane.token.validation.endpoint=http://localhost:8283/control/token +edc.dataplane.api.public.baseurl=http://localhost:8383/public + edc.api.auth.key=password +edc.transfer.proxy.token.signer.privatekey.alias=edc.connector.private.key +edc.transfer.proxy.token.verifier.publickey.alias=edc.connector.public.key -edc.vault.clientid=company1 -edc.vault.tenantid=1 -edc.vault.certificate=/resources/ -edc.vault.name=ionos edc.vault.hashicorp.url=http://localhost:8200 edc.vault.hashicorp.token=test-token edc.vault.hashicorp.timeout.seconds=30 diff --git a/settings.gradle.kts b/settings.gradle.kts index 2fcb8960..3e5448be 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -10,13 +10,14 @@ dependencyResolutionManagement { repositories { - mavenCentral() mavenLocal() } versionCatalogs { + val group = providers.gradleProperty("edcGroup") + val version = providers.gradleProperty("edcVersion") create("libs") { - from("org.eclipse.edc:edc-versions:0.1.2") + from(group.get() + ":edc-versions:" + version.get()) } } } @@ -24,7 +25,6 @@ dependencyResolutionManagement { include(":extensions:data-plane-ionos-s3") include(":extensions:provision-ionos-s3") include(":extensions:core-ionos-s3") -include(":extensions:vault-hashicorp") include(":launchers:base:connector") include(":launchers:dev:connector-consumer")