diff --git a/extensions/common/auth/auth-delegated/src/main/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtension.java b/extensions/common/auth/auth-delegated/src/main/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtension.java index 04ebd41c130..6465885f7ab 100644 --- a/extensions/common/auth/auth-delegated/src/main/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtension.java +++ b/extensions/common/auth/auth-delegated/src/main/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtension.java @@ -17,11 +17,11 @@ import org.eclipse.edc.api.auth.spi.ApiAuthenticationProvider; import org.eclipse.edc.api.auth.spi.AuthenticationService; import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationProviderRegistry; -import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry; import org.eclipse.edc.keys.spi.KeyParserRegistry; import org.eclipse.edc.runtime.metamodel.annotation.Extension; import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.runtime.metamodel.annotation.Setting; +import org.eclipse.edc.spi.EdcException; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.result.Result; import org.eclipse.edc.spi.system.ServiceExtension; @@ -45,29 +45,29 @@ @Extension(value = DelegatedAuthenticationExtension.NAME) public class DelegatedAuthenticationExtension implements ServiceExtension { - public static final int DEFAULT_VALIDATION_TOLERANCE = 5_000; public static final String NAME = "Delegating Authentication Service Extension"; + private static final int DEFAULT_VALIDATION_TOLERANCE = 5_000; + private static final String AUTH_KEY = "auth"; + private static final String CONFIG_ALIAS = WEB_HTTP_PREFIX + ".." + AUTH_KEY + "."; + private static final String DELEGATED_TYPE = "delegated"; + @Deprecated(since = "0.12.0", forRemoval = true) private static final String KEY_URL_PROPERTY = "edc.api.auth.dac.key.url"; + @Deprecated(since = "0.12.0", forRemoval = true) + private static final String DEPRECATED_AUTH_CACHE_VALIDITY = "edc.api.auth.dac.cache.validity"; - @Deprecated(since = "0.7.1") - @Setting(description = "Duration (in ms) that the internal key cache is valid", defaultValue = "" + DEFAULT_CACHE_TIME_TO_LIVE, key = "edc.api.auth.dac.cache.validity", required = false) - private long cacheValidityMs; - - @Deprecated(since = "0.7.1") - @Setting(description = "URL where the third-party IdP's public key(s) can be resolved", key = KEY_URL_PROPERTY, required = false, warnOnMissingConfig = true) - private String keyUrl; - - public static final String AUTH_KEY = "auth"; - public static final String CONFIG_ALIAS = WEB_HTTP_PREFIX + ".." + AUTH_KEY + "."; @Setting(context = CONFIG_ALIAS, description = "URL where the third-party IdP's public key(s) can be resolved for the configured ") public static final String AUTH_KEY_URL = "dac.key.url"; @Setting(context = CONFIG_ALIAS, description = "Duration (in ms) that the internal key cache is valid for the configured ", type = "Long", defaultValue = "" + DEFAULT_CACHE_TIME_TO_LIVE) public static final String AUTH_CACHE_VALIDITY_MS = "dac.cache.validity"; - public static final String DELEGATED_TYPE = "delegated"; @Setting(description = "Default token validation time tolerance (in ms), e.g. for nbf or exp claims", defaultValue = "" + DEFAULT_VALIDATION_TOLERANCE, key = "edc.api.auth.dac.validation.tolerance") private int validationTolerance; - @Inject - private ApiAuthenticationRegistry authenticationRegistry; + @Deprecated(since = "0.12.0", forRemoval = true) + @Setting(description = "Duration (in ms) that the internal key cache is valid", defaultValue = "" + DEFAULT_CACHE_TIME_TO_LIVE, key = DEPRECATED_AUTH_CACHE_VALIDITY, required = false) + private long cacheValidityMs; + @Deprecated(since = "0.12.0", forRemoval = true) + @Setting(description = "URL where the third-party IdP's public key(s) can be resolved", key = KEY_URL_PROPERTY, required = false) + private String keyUrl; + @Inject private ApiAuthenticationProviderRegistry providerRegistry; @Inject @@ -88,20 +88,17 @@ public String name() { public void initialize(ServiceExtensionContext context) { var monitor = context.getMonitor().withPrefix("Delegated API Authentication"); - if (keyUrl == null) { - monitor.warning("The '%s' setting was not provided, so the DelegatedAuthenticationService will NOT be registered. In this case, the TokenBasedAuthenticationService usually acts as fallback.".formatted(KEY_URL_PROPERTY)); - return; + if (keyUrl != null) { + var message = "Settings %s and %s have been removed".formatted(KEY_URL_PROPERTY, DEPRECATED_AUTH_CACHE_VALIDITY) + + ", to configure delegated authentication for management api please configure it properly through the " + + "`web.http.management.auth.%s` and `web.http.management.auth.%s` settings".formatted(AUTH_KEY_URL, AUTH_CACHE_VALIDITY_MS); + context.getMonitor().severe(message); + throw new EdcException(message); } - //todo: currently, only JWKS urls are supported - var resolver = JwksPublicKeyResolver.create(keyParserRegistry, keyUrl, monitor, cacheValidityMs); - tokenValidationRulesRegistry.addRule(MANAGEMENT_API_CONTEXT, new NotBeforeValidationRule(clock, validationTolerance, true)); tokenValidationRulesRegistry.addRule(MANAGEMENT_API_CONTEXT, new ExpirationIssuedAtValidationRule(clock, validationTolerance, true)); - // always register - this would potentially overwrite other services - authenticationRegistry.register("management-api", new DelegatedAuthenticationService(resolver, monitor, tokenValidationService, tokenValidationRulesRegistry)); - providerRegistry.register(DELEGATED_TYPE, (cfg) -> delegatedProvider(monitor, cfg)); } diff --git a/extensions/common/auth/auth-delegated/src/test/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtensionTest.java b/extensions/common/auth/auth-delegated/src/test/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtensionTest.java index 2a1502c8d89..c74976998f0 100644 --- a/extensions/common/auth/auth-delegated/src/test/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtensionTest.java +++ b/extensions/common/auth/auth-delegated/src/test/java/org/eclipse/edc/api/auth/delegated/DelegatedAuthenticationExtensionTest.java @@ -14,64 +14,32 @@ package org.eclipse.edc.api.auth.delegated; -import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry; -import org.eclipse.edc.boot.system.injection.ObjectFactory; import org.eclipse.edc.junit.extensions.DependencyInjectionExtension; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.spi.system.configuration.Config; -import org.eclipse.edc.spi.system.configuration.ConfigFactory; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; -import java.util.Map; - import static com.nimbusds.jose.jwk.source.JWKSourceBuilder.DEFAULT_CACHE_TIME_TO_LIVE; import static org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationExtension.AUTH_CACHE_VALIDITY_MS; import static org.eclipse.edc.api.auth.delegated.DelegatedAuthenticationExtension.AUTH_KEY_URL; import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat; import static org.mockito.ArgumentMatchers.anyString; -import static org.mockito.ArgumentMatchers.endsWith; -import static org.mockito.ArgumentMatchers.eq; -import static org.mockito.ArgumentMatchers.isA; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @ExtendWith(DependencyInjectionExtension.class) class DelegatedAuthenticationExtensionTest { - private final Monitor monitor = mock(Monitor.class); - private final ApiAuthenticationRegistry registry = mock(); + private final Monitor monitor = mock(); @BeforeEach void setUp(ServiceExtensionContext context) { when(monitor.withPrefix(anyString())).thenReturn(monitor); when(context.getMonitor()).thenReturn(monitor); - context.registerService(ApiAuthenticationRegistry.class, registry); - } - - @Test - void initialize(ServiceExtensionContext context, ObjectFactory factory) { - - var configMock = ConfigFactory.fromMap(Map.of("edc.api.auth.dac.key.url", "http://foo.bar/.well-known/jwks.json")); - when(context.getConfig()).thenReturn(configMock); - - var extension = factory.constructInstance(DelegatedAuthenticationExtension.class); - extension.initialize(context); - - verify(registry).register(eq("management-api"), isA(DelegatedAuthenticationService.class)); - } - - @Test - void initialize_noUrlGiven_shouldNotRegister(DelegatedAuthenticationExtension extension, ServiceExtensionContext context) { - - extension.initialize(context); - - verify(monitor).warning(endsWith("setting was not provided, so the DelegatedAuthenticationService will NOT be registered. In this case, the TokenBasedAuthenticationService usually acts as fallback.")); - verify(registry, never()).register(eq("management-api"), isA(DelegatedAuthenticationService.class)); } @Test @@ -89,4 +57,4 @@ public void delegatedProvider(DelegatedAuthenticationExtension extension) { verify(config).getLong(AUTH_CACHE_VALIDITY_MS, DEFAULT_CACHE_TIME_TO_LIVE); } -} \ No newline at end of file +} diff --git a/extensions/common/auth/auth-tokenbased/README.md b/extensions/common/auth/auth-tokenbased/README.md deleted file mode 100644 index a19a7200295..00000000000 --- a/extensions/common/auth/auth-tokenbased/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# Token Based Authentication Service - -The token based authentication service extension is used to secure connector APIs. These APIs are not protected by the `AuthenticationService` by default. To find out how a specific API is protected please consult its documentation. - -APIs, protected by this extension, require a client to authenticate by adding a authentication key to the request header. - -Authentication Header Example: -``` -curl --header "X-API-Key: " -``` - -## Configuration - -| Key | Description | Required | -|:-----------------------|:-------------------------------------------------------------|:---------| -| edc.api.auth.key | API Key Header Value | false | -| edc.api.auth.key.alias | Secret name of the API Key Header Value, stored in the vault | false | - -- If the API key is stored in the Vault _and_ in the configuration, the extension will take the key from the vault. - -- If no API key is defined, a random value is generated and printed out into the logs. \ No newline at end of file diff --git a/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtension.java b/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtension.java index fe9f004b3d3..277fa244ef8 100644 --- a/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtension.java +++ b/extensions/common/auth/auth-tokenbased/src/main/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtension.java @@ -19,10 +19,10 @@ import org.eclipse.edc.api.auth.spi.ApiAuthenticationProvider; import org.eclipse.edc.api.auth.spi.AuthenticationService; import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationProviderRegistry; -import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry; import org.eclipse.edc.runtime.metamodel.annotation.Extension; import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.runtime.metamodel.annotation.Setting; +import org.eclipse.edc.spi.EdcException; import org.eclipse.edc.spi.result.Result; import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.system.ServiceExtension; @@ -30,7 +30,6 @@ import org.eclipse.edc.spi.system.configuration.Config; import java.util.Optional; -import java.util.UUID; import static org.eclipse.edc.web.spi.configuration.WebServiceConfigurer.WEB_HTTP_PREFIX; @@ -42,25 +41,27 @@ public class TokenBasedAuthenticationExtension implements ServiceExtension { public static final String NAME = "Static token API Authentication"; - public static final String AUTH_KEY = "auth"; + private static final String AUTH_KEY = "auth"; + private static final String CONFIG_ALIAS = WEB_HTTP_PREFIX + ".." + AUTH_KEY + "."; + private static final String TOKENBASED_TYPE = "tokenbased"; + @Deprecated(since = "0.12.0", forRemoval = true) + private static final String AUTH_SETTING_APIKEY = "edc.api.auth.key"; + @Deprecated(since = "0.12.0", forRemoval = true) + private static final String AUTH_SETTING_APIKEY_ALIAS = "edc.api.auth.key.alias"; - public static final String CONFIG_ALIAS = WEB_HTTP_PREFIX + ".." + AUTH_KEY + "."; - @Setting(context = CONFIG_ALIAS, value = "The api key to use for the ") + @Setting(context = CONFIG_ALIAS, description = "The api key to use for the ") public static final String AUTH_API_KEY = "key"; - @Setting(context = CONFIG_ALIAS, value = "The vault api key alias to use for the ") + @Setting(context = CONFIG_ALIAS, description = "The vault api key alias to use for the ") public static final String AUTH_API_KEY_ALIAS = "key.alias"; - public static final String TOKENBASED_TYPE = "tokenbased"; - @Setting - @Deprecated(since = "0.7.1") - private static final String AUTH_SETTING_APIKEY = "edc.api.auth.key"; - @Setting - @Deprecated(since = "0.7.1") - private static final String AUTH_SETTING_APIKEY_ALIAS = "edc.api.auth.key.alias"; + @Setting(description = "DEPRECATED: auth key", key = AUTH_SETTING_APIKEY, required = false) + @Deprecated(since = "0.12.0", forRemoval = true) + private String deprecatedApiKey; + @Setting(description = "DEPRECATED: auth key alias", key = AUTH_SETTING_APIKEY_ALIAS, required = false) + @Deprecated(since = "0.12.0", forRemoval = true) + private String deprecatedApiKeyAlias; + @Inject private Vault vault; - @Inject - private ApiAuthenticationRegistry authenticationRegistry; - @Inject private ApiAuthenticationProviderRegistry providerRegistry; @@ -71,13 +72,12 @@ public String name() { @Override public void initialize(ServiceExtensionContext context) { - var apiKey = Optional.ofNullable(context.getSetting(AUTH_SETTING_APIKEY_ALIAS, null)) - .map(alias -> vault.resolveSecret(alias)) - .orElseGet(() -> context.getSetting(AUTH_SETTING_APIKEY, UUID.randomUUID().toString())); - - // only register as fallback, if no other has been registered - if (!authenticationRegistry.hasService("management-api")) { - authenticationRegistry.register("management-api", new TokenBasedAuthenticationService(apiKey)); + if (deprecatedApiKey != null || deprecatedApiKeyAlias != null) { + var message = "Settings %s and %s have been removed".formatted(AUTH_SETTING_APIKEY, AUTH_SETTING_APIKEY_ALIAS) + + ", to configure token based authentication for management api please configure it properly through the " + + "`web.http.management.auth.%s` or `web.http.management.auth.%s` settings".formatted(AUTH_API_KEY, AUTH_API_KEY_ALIAS); + context.getMonitor().severe(message); + throw new EdcException(message); } providerRegistry.register(TOKENBASED_TYPE, this::tokenBasedProvider); diff --git a/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtensionTest.java b/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtensionTest.java index 71903bad803..b35ad001561 100644 --- a/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtensionTest.java +++ b/extensions/common/auth/auth-tokenbased/src/test/java/org/eclipse/edc/api/auth/token/TokenBasedAuthenticationExtensionTest.java @@ -26,12 +26,7 @@ import static org.eclipse.edc.api.auth.token.TokenBasedAuthenticationExtension.AUTH_API_KEY; import static org.eclipse.edc.api.auth.token.TokenBasedAuthenticationExtension.AUTH_API_KEY_ALIAS; import static org.eclipse.edc.junit.assertions.AbstractResultAssert.assertThat; -import static org.mockito.ArgumentMatchers.isA; -import static org.mockito.Mockito.anyString; -import static org.mockito.Mockito.eq; -import static org.mockito.Mockito.isNull; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; @@ -39,8 +34,6 @@ @ExtendWith(DependencyInjectionExtension.class) public class TokenBasedAuthenticationExtensionTest { - private static final String AUTH_SETTING_APIKEY = "edc.api.auth.key"; - private static final String AUTH_SETTING_APIKEY_ALIAS = "edc.api.auth.key.alias"; private static final String VAULT_KEY = "foo"; private final Vault vault = mock(); @@ -54,40 +47,6 @@ void setup(ServiceExtensionContext context) { when(vault.resolveSecret(VAULT_KEY)).thenReturn("foo"); } - @Test - public void testPrimaryMethod_loadKeyFromVault(ServiceExtensionContext context, TokenBasedAuthenticationExtension extension) { - when(context.getSetting(eq(AUTH_SETTING_APIKEY_ALIAS), isNull())).thenReturn(VAULT_KEY); - when(context.getSetting(eq(AUTH_SETTING_APIKEY), anyString())).thenReturn("bar"); - - extension.initialize(context); - - verify(context, never()) - .getSetting(eq(AUTH_SETTING_APIKEY), anyString()); - - verify(context) - .getSetting(AUTH_SETTING_APIKEY_ALIAS, null); - - verify(vault).resolveSecret(VAULT_KEY); - verify(apiAuthenticationRegistry).register(eq("management-api"), isA(TokenBasedAuthenticationService.class)); - } - - @Test - public void testSecondaryMethod_loadKeyFromConfig(ServiceExtensionContext context, TokenBasedAuthenticationExtension extension) { - when(context.getSetting(eq(AUTH_SETTING_APIKEY_ALIAS), isNull())).thenReturn(null); - when(context.getSetting(eq(AUTH_SETTING_APIKEY), anyString())).thenReturn("bar"); - - extension.initialize(context); - - verify(context) - .getSetting(eq(AUTH_SETTING_APIKEY), anyString()); - - verify(context) - .getSetting(AUTH_SETTING_APIKEY_ALIAS, null); - - verify(vault, never()).resolveSecret(anyString()); - verify(apiAuthenticationRegistry).register(eq("management-api"), isA(TokenBasedAuthenticationService.class)); - } - @Test public void tokenBasedProvider(TokenBasedAuthenticationExtension extension) { var config = mock(Config.class); @@ -97,7 +56,6 @@ public void tokenBasedProvider(TokenBasedAuthenticationExtension extension) { .isSucceeded().isInstanceOf(TokenBasedAuthenticationService.class); verifyNoMoreInteractions(vault); - } @Test diff --git a/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/main/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtension.java b/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/main/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtension.java index a3d3e16d06d..cd29a6e3ff8 100644 --- a/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/main/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtension.java +++ b/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/main/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtension.java @@ -16,40 +16,35 @@ import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter; import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry; -import org.eclipse.edc.api.auth.token.TokenBasedAuthenticationService; import org.eclipse.edc.api.iam.identitytrust.sts.accounts.controller.StsAccountsApiController; import org.eclipse.edc.iam.identitytrust.sts.spi.service.StsAccountService; import org.eclipse.edc.runtime.metamodel.annotation.Extension; import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.runtime.metamodel.annotation.Setting; -import org.eclipse.edc.spi.security.Vault; +import org.eclipse.edc.spi.EdcException; import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.web.spi.WebService; import org.eclipse.edc.web.spi.configuration.ApiContext; -import static java.util.Optional.ofNullable; - @Extension(value = StsAccountsApiExtension.NAME, categories = { "sts", "dcp", "api" }) public class StsAccountsApiExtension implements ServiceExtension { public static final String NAME = "Secure Token Service Accounts API Extension"; public static final String STS_ACCOUNTS_API_CONTEXT = "sts-accounts-api"; - - @Setting(description = "API key (or Vault alias) for the STS Accounts API's default authentication mechanism (token-based).", key = "edc.api.accounts.key") + @Deprecated(since = "0.12.0", forRemoval = true) + private static final String EDC_API_ACCOUNTS_KEY = "edc.api.accounts.key"; + @Deprecated(since = "0.12.0", forRemoval = true) + @Setting(description = "API key (or Vault alias) for the STS Accounts API's default authentication mechanism (token-based).", key = EDC_API_ACCOUNTS_KEY, required = false) private String accountsApiKeyOrAlias; @Inject private StsAccountService clientService; - @Inject private WebService webService; @Inject private ApiAuthenticationRegistry authenticationRegistry; - @Inject - private Vault vault; - @Override public String name() { return NAME; @@ -57,18 +52,17 @@ public String name() { @Override public void initialize(ServiceExtensionContext context) { - - if (!authenticationRegistry.hasService(STS_ACCOUNTS_API_CONTEXT)) { - authenticationRegistry.register(STS_ACCOUNTS_API_CONTEXT, new TokenBasedAuthenticationService(resolveApiKey(context))); + if (accountsApiKeyOrAlias != null) { + var message = "Settings %s has been deprecated".formatted(EDC_API_ACCOUNTS_KEY) + + ", to configure authentication for sts-accounts api please configure it properly through the " + + "`web.http.sts-accounts.auth..` settings, refer to the documentation for details."; + context.getMonitor().severe(message); + throw new EdcException(message); } + var authenticationFilter = new AuthenticationRequestFilter(authenticationRegistry, STS_ACCOUNTS_API_CONTEXT); webService.registerResource(ApiContext.STS_ACCOUNTS, new StsAccountsApiController(clientService)); webService.registerResource(ApiContext.STS_ACCOUNTS, authenticationFilter); } - - private String resolveApiKey(ServiceExtensionContext context) { - return ofNullable(vault.resolveSecret(accountsApiKeyOrAlias)) - .orElse(accountsApiKeyOrAlias); - } } diff --git a/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/test/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtensionTest.java b/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/test/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtensionTest.java index dba1903f2a4..1de81368668 100644 --- a/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/test/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtensionTest.java +++ b/extensions/common/iam/identity-trust/identity-trust-sts/identity-trust-sts-accounts-api/src/test/java/org/eclipse/edc/api/iam/identitytrust/sts/accounts/StsAccountsApiExtensionTest.java @@ -15,86 +15,44 @@ package org.eclipse.edc.api.iam.identitytrust.sts.accounts; import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter; -import org.eclipse.edc.api.auth.spi.registry.ApiAuthenticationRegistry; -import org.eclipse.edc.api.auth.token.TokenBasedAuthenticationService; import org.eclipse.edc.api.iam.identitytrust.sts.accounts.controller.StsAccountsApiController; import org.eclipse.edc.junit.extensions.DependencyInjectionExtension; import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.eclipse.edc.spi.system.configuration.Config; import org.eclipse.edc.spi.system.configuration.ConfigFactory; import org.eclipse.edc.web.spi.WebService; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; -import java.util.Map; - -import static org.eclipse.edc.api.iam.identitytrust.sts.accounts.StsAccountsApiExtension.STS_ACCOUNTS_API_CONTEXT; +import static java.util.Collections.emptyMap; import static org.eclipse.edc.web.spi.configuration.ApiContext.STS_ACCOUNTS; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.ArgumentMatchers.isA; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; @ExtendWith(DependencyInjectionExtension.class) class StsAccountsApiExtensionTest { - private static final String STS_ACCOUNTS_API_KEY = "edc.api.accounts.key"; - private final ApiAuthenticationRegistry apiAuthenticationRegistry = mock(); private final WebService webService = mock(); private final Vault vault = mock(); @BeforeEach void setUp(ServiceExtensionContext context) { - context.registerService(ApiAuthenticationRegistry.class, apiAuthenticationRegistry); context.registerService(WebService.class, webService); context.registerService(Vault.class, vault); - var config = ConfigFactory.fromMap(Map.of(STS_ACCOUNTS_API_KEY, "test-api-key")); - when(context.getConfig()).thenReturn(config); - } - - @Test - void initialize_noAuthServicePresent_withApiKeyInVault(StsAccountsApiExtension extension, ServiceExtensionContext context) { - var config = mock(Config.class); - when(config.getString(eq(STS_ACCOUNTS_API_KEY))) - .thenReturn("test-api-key"); - when(context.getConfig()).thenReturn(config); - when(apiAuthenticationRegistry.hasService(eq(STS_ACCOUNTS_API_CONTEXT))).thenReturn(false); - - extension.initialize(context); - - verify(vault).resolveSecret(eq("test-api-key")); - verify(apiAuthenticationRegistry).register(eq(STS_ACCOUNTS_API_CONTEXT), isA(TokenBasedAuthenticationService.class)); - verify(webService).registerResource(eq(STS_ACCOUNTS), isA(StsAccountsApiController.class)); - verify(webService).registerResource(eq(STS_ACCOUNTS), isA(AuthenticationRequestFilter.class)); + when(context.getConfig()).thenReturn(ConfigFactory.fromMap(emptyMap())); } @Test - void initialize_noAuthServicePresent_withApiKeyInConfig(StsAccountsApiExtension extension, ServiceExtensionContext context) { - - when(apiAuthenticationRegistry.hasService(eq(STS_ACCOUNTS_API_CONTEXT))).thenReturn(false); - + void initialize(StsAccountsApiExtension extension, ServiceExtensionContext context) { extension.initialize(context); - verify(vault).resolveSecret(eq("test-api-key")); - verify(apiAuthenticationRegistry).register(eq(STS_ACCOUNTS_API_CONTEXT), isA(TokenBasedAuthenticationService.class)); verify(webService).registerResource(eq(STS_ACCOUNTS), isA(StsAccountsApiController.class)); verify(webService).registerResource(eq(STS_ACCOUNTS), isA(AuthenticationRequestFilter.class)); } - @Test - void initialize_otherAuthServicePresent_withApiKeyInConfig(StsAccountsApiExtension extension, ServiceExtensionContext context) { - when(apiAuthenticationRegistry.hasService(eq(STS_ACCOUNTS_API_CONTEXT))).thenReturn(true); - - extension.initialize(context); - - verify(apiAuthenticationRegistry).hasService(eq(STS_ACCOUNTS_API_CONTEXT)); - verify(webService).registerResource(eq(STS_ACCOUNTS), isA(StsAccountsApiController.class)); - verify(webService).registerResource(eq(STS_ACCOUNTS), isA(AuthenticationRequestFilter.class)); - verifyNoMoreInteractions(vault, apiAuthenticationRegistry); - } -} \ No newline at end of file +} diff --git a/system-tests/bom-tests/src/test/java/org/eclipse/edc/test/bom/BomSmokeTests.java b/system-tests/bom-tests/src/test/java/org/eclipse/edc/test/bom/BomSmokeTests.java index e680c272c87..7ba18de06d0 100644 --- a/system-tests/bom-tests/src/test/java/org/eclipse/edc/test/bom/BomSmokeTests.java +++ b/system-tests/bom-tests/src/test/java/org/eclipse/edc/test/bom/BomSmokeTests.java @@ -187,8 +187,7 @@ class StsFeature extends SmokeTest { "web.http.sts.port", String.valueOf(getFreePort()), "web.http.sts.path", "/api/sts", "web.http.accounts.port", String.valueOf(getFreePort()), - "web.http.accounts.path", "/api/sts/accounts", - "edc.api.accounts.key", "password"), + "web.http.accounts.path", "/api/sts/accounts"), ":dist:bom:sts-feature-bom" )); }