From 32cfbec9d7ec50c4c92d84a7358249c3203e1727 Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Fri, 21 Jul 2023 15:57:53 +0200 Subject: [PATCH] add token based auth on data plane consumer proxy --- .../edc-dataplane-base/build.gradle.kts | 1 + .../README.md | 21 +++++++++++++++++++ .../build.gradle.kts | 1 + .../DataPlaneProxyConsumerApiExtension.java | 6 ++++++ .../tractusx/edc/lifecycle/Participant.java | 1 + .../edc-dataplane-proxy-e2e/build.gradle.kts | 1 + .../proxy/e2e/DpfProxyEndToEndTest.java | 4 +++- 7 files changed, 34 insertions(+), 1 deletion(-) diff --git a/edc-dataplane/edc-dataplane-base/build.gradle.kts b/edc-dataplane/edc-dataplane-base/build.gradle.kts index 7847c2f9f..03a5ee3db 100644 --- a/edc-dataplane/edc-dataplane-base/build.gradle.kts +++ b/edc-dataplane/edc-dataplane-base/build.gradle.kts @@ -29,6 +29,7 @@ dependencies { runtimeOnly(project(":edc-extensions:dataplane-proxy:edc-dataplane-proxy-provider-core")) runtimeOnly(libs.edc.config.filesystem) + runtimeOnly(libs.edc.auth.tokenbased) runtimeOnly(libs.edc.dpf.awss3) runtimeOnly(libs.edc.dpf.oauth2) runtimeOnly(libs.edc.dpf.http) diff --git a/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/README.md b/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/README.md index c5a34edb9..ec590c1a2 100644 --- a/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/README.md +++ b/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/README.md @@ -17,6 +17,27 @@ The path is `/aas/request` and the body is something like this exa The body should contain the `assetId` or the `transferProcessId` which identify the data that we want to fetch and an `endpointUrl` which is the provider gateway on which the data is available. More info [here](../edc-dataplane-proxy-provider-api/README.md) on the gateway. +Alternatively if the `endpointUrl` is not known or the gateway on the provider side is not configured, it can be omitted and the `Edr#endpointUrl` +will be used. In this scenario if needed users can provide additional properties to the request for composing the final +url: + +- `pathSegments` sub path to append to the base url +- `queryParams` query parameters to add to the url + +Example with base url `http://localhost:8080/test` + +```json +{ + "assetId": "1", + "pathSegments": "/sub", + "queryParams": "foo=bar" +} +``` + +The final url will look like `http://localhost:8080/test/sub?foo=bar` composed by the DataPlane manager with the Http request flow, + +> Note: the endpoint is not protected with configured `AuthenticationService`, which most likely will be the token based (auth key) one. + ## Configuration | Key | Required | Default | Description | diff --git a/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/build.gradle.kts b/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/build.gradle.kts index 4cb349bca..fbe98c1a5 100644 --- a/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/build.gradle.kts +++ b/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/build.gradle.kts @@ -26,6 +26,7 @@ dependencies { implementation(libs.edc.dpf.framework) implementation(libs.edc.dpf.util) implementation(libs.edc.ext.http) + implementation(libs.edc.spi.auth) implementation(project(":spi:edr-spi")) diff --git a/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/DataPlaneProxyConsumerApiExtension.java b/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/DataPlaneProxyConsumerApiExtension.java index dffbd97a0..3abbecbbc 100644 --- a/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/DataPlaneProxyConsumerApiExtension.java +++ b/edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/src/main/java/org/eclipse/tractusx/edc/dataplane/proxy/consumer/api/DataPlaneProxyConsumerApiExtension.java @@ -14,6 +14,8 @@ package org.eclipse.tractusx.edc.dataplane.proxy.consumer.api; +import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter; +import org.eclipse.edc.api.auth.spi.AuthenticationService; import org.eclipse.edc.connector.dataplane.spi.manager.DataPlaneManager; import org.eclipse.edc.runtime.metamodel.annotation.Extension; import org.eclipse.edc.runtime.metamodel.annotation.Inject; @@ -63,6 +65,9 @@ public class DataPlaneProxyConsumerApiExtension implements ServiceExtension { @Inject private WebServiceConfigurer configurer; + @Inject + private AuthenticationService authenticationService; + @Inject private Monitor monitor; @@ -80,6 +85,7 @@ public void initialize(ServiceExtensionContext context) { executorService = newFixedThreadPool(context.getSetting(THREAD_POOL_SIZE, DEFAULT_THREAD_POOL)); + webService.registerResource(CONSUMER_API_ALIAS, new AuthenticationRequestFilter(authenticationService)); webService.registerResource(CONSUMER_API_ALIAS, new ClientErrorExceptionMapper()); webService.registerResource(CONSUMER_API_ALIAS, new ConsumerAssetRequestController(edrCache, dataPlaneManager, executorService, monitor)); } diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java index e96476812..8e6b9ac66 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java @@ -391,6 +391,7 @@ private String getProxyData(Map body) { private Response proxyRequest(Map body) { return given() .baseUri(proxyUrl) + .header("x-api-key", apiKey) .contentType("application/json") .body(body) .post(PROXY_SUBPATH); diff --git a/edc-tests/edc-dataplane-proxy-e2e/build.gradle.kts b/edc-tests/edc-dataplane-proxy-e2e/build.gradle.kts index 4dcda6a8f..eeb8473f3 100644 --- a/edc-tests/edc-dataplane-proxy-e2e/build.gradle.kts +++ b/edc-tests/edc-dataplane-proxy-e2e/build.gradle.kts @@ -24,6 +24,7 @@ dependencies { // test runtime config testImplementation(libs.edc.config.filesystem) testImplementation(libs.edc.dpf.http) + testImplementation(libs.edc.auth.tokenbased) testImplementation(project(":spi:edr-spi")) testImplementation(project(":core:edr-cache-core")) testImplementation(project(":edc-extensions:dataplane-proxy:edc-dataplane-proxy-consumer-api")) diff --git a/edc-tests/edc-dataplane-proxy-e2e/src/test/java/org/eclipse/tractusx/edc/dataplane/proxy/e2e/DpfProxyEndToEndTest.java b/edc-tests/edc-dataplane-proxy-e2e/src/test/java/org/eclipse/tractusx/edc/dataplane/proxy/e2e/DpfProxyEndToEndTest.java index 484cb67c2..588f6d698 100644 --- a/edc-tests/edc-dataplane-proxy-e2e/src/test/java/org/eclipse/tractusx/edc/dataplane/proxy/e2e/DpfProxyEndToEndTest.java +++ b/edc-tests/edc-dataplane-proxy-e2e/src/test/java/org/eclipse/tractusx/edc/dataplane/proxy/e2e/DpfProxyEndToEndTest.java @@ -74,6 +74,7 @@ public class DpfProxyEndToEndTest { private static final String REQUEST_TEMPLATE_TP = "{\"transferProcessId\": \"%s\", \"endpointUrl\" : \"http://localhost:%s/api/gateway/aas/test\"}"; private static final String REQUEST_TEMPLATE_ASSET = "{\"assetId\": \"%s\", \"endpointUrl\" : \"http://localhost:%s/api/gateway/aas/test\"}"; private static final String MOCK_ENDPOINT_200_BODY = "{\"message\":\"test\"}"; + private static final String API_KEY = "testkey"; @RegisterExtension static EdcRuntimeExtension consumer = new EdcRuntimeExtension( @@ -81,9 +82,9 @@ public class DpfProxyEndToEndTest { "consumer", baseConfig(Map.of( "web.http.port", valueOf(CONSUMER_HTTP_PORT), + "edc.api.auth.key", API_KEY, "tx.dpf.consumer.proxy.port", valueOf(CONSUMER_PROXY_PORT) ))); - @RegisterExtension static EdcRuntimeExtension provider = new EdcRuntimeExtension( LAUNCHER_MODULE, @@ -184,6 +185,7 @@ private RequestSpecification createSpecification(String body) { return given() .baseUri("http://localhost:" + CONSUMER_PROXY_PORT) .contentType("application/json") + .header("x-api-key", API_KEY) .body(body); }