Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: remove super-user creation #275

Merged
merged 2 commits into from
Feb 15, 2024
Merged

chore: remove super-user creation #275

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1f58f87
chore: remove super-user creation
paullatzelsperger Feb 15, 2024
93d23c1
create super-user in tests
paullatzelsperger Feb 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 10 additions & 7 deletions ...i-tests/src/test/java/org/eclipse/edc/identityhub/tests/DidManagementApiEndToEndTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,14 +79,14 @@ void publishDid_notOwner_expect403() {

@Test
void publishDid() {

var superUserKey = createSuperUser();
var subscriber = mock(EventSubscriber.class);
getService(EventRouter.class).registerSync(DidDocumentPublished.class, subscriber);

var user = "test-user";
var token = createParticipant(user);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> {
reset(subscriber);
RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
Expand Down Expand Up @@ -155,14 +155,14 @@ void unpublishDid_notOwner_expect403() {

@Test
void unpublishDid() {

var superUserKey = createSuperUser();
var subscriber = mock(EventSubscriber.class);
getService(EventRouter.class).registerSync(DidDocumentUnpublished.class, subscriber);

var user = "test-user";
var token = createParticipant(user);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> {
reset(subscriber);
RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
Expand Down Expand Up @@ -214,11 +214,12 @@ void getState_nowOwner_expect403() {

@Test
void getAll() {
var superUserKey = createSuperUser();
range(0, 20).forEach(i -> createParticipant("user-" + i));

var docs = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", getSuperUserApiKey()))
.header(new Header("x-api-key", superUserKey))
.get("/v1/dids")
.then()
.log().ifValidationFails()
Expand All @@ -230,11 +231,12 @@ void getAll() {

@Test
void getAll_withDefaultPaging() {
var superUserKey = createSuperUser();
range(0, 70).forEach(i -> createParticipant("user-" + i));

var docs = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", getSuperUserApiKey()))
.header(new Header("x-api-key", superUserKey))
.get("/v1/dids")
.then()
.log().ifValidationFails()
Expand All @@ -246,11 +248,12 @@ void getAll_withDefaultPaging() {

@Test
void getAll_withPaging() {
var superUserKey = createSuperUser();
range(0, 20).forEach(i -> createParticipant("user-" + i));

var docs = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", getSuperUserApiKey()))
.header(new Header("x-api-key", superUserKey))
.get("/v1/dids?offset=5&limit=10")
.then()
.log().ifValidationFails()
Expand Down
24 changes: 16 additions & 8 deletions ...tests/src/test/java/org/eclipse/edc/identityhub/tests/KeyPairResourceApiEndToEndTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,13 @@ void findById_notAuthorized() {

@Test
void findById() {
var superUserKey = createSuperUser();
var user1 = "user1";
var token = createParticipant(user1);

var key = createKeyPair(user1);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", t))
Expand Down Expand Up @@ -132,11 +133,12 @@ void findForParticipant_notAuthorized() {

@Test
void findForParticipant() {
var superUserKey = createSuperUser();
var user1 = "user1";
var token = createParticipant(user1);
createKeyPair(user1);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", t))
Expand All @@ -150,13 +152,14 @@ void findForParticipant() {

@Test
void addKeyPair() {
var superUserKey = createSuperUser();
var subscriber = mock(EventSubscriber.class);
getService(EventRouter.class).registerSync(KeyPairAdded.class, subscriber);

var user1 = "user1";
var token = createParticipant(user1);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> {
var keyDesc = createKeyDescriptor(user1).build();
RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
Expand Down Expand Up @@ -210,6 +213,7 @@ void addKeyPair_notAuthorized() {

@Test
void rotate() {
var superUserKey = createSuperUser();
var subscriber = mock(EventSubscriber.class);
getService(EventRouter.class).registerSync(KeyPairRotated.class, subscriber);
getService(EventRouter.class).registerSync(KeyPairAdded.class, subscriber);
Expand All @@ -219,7 +223,7 @@ void rotate() {

var keyId = createKeyPair(user1);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> {
reset(subscriber);
// attempt to publish user1's DID document, which should fail
Expand Down Expand Up @@ -287,12 +291,13 @@ void rotate_notAuthorized() {

@Test
void revoke() {
var superUserKey = createSuperUser();
var user1 = "user1";
var token = createParticipant(user1);

var keyId = createKeyPair(user1);

assertThat(Arrays.asList(token, getSuperUserApiKey()))
assertThat(Arrays.asList(token, superUserKey))
.allSatisfy(t -> {
var keyDesc = createKeyDescriptor(user1).build();
RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
Expand Down Expand Up @@ -335,14 +340,15 @@ void revoke_notAuthorized() {

@Test
void getAll() {
var superUserKey = createSuperUser();
range(0, 10)
.forEach(i -> {
var participantId = "user" + i;
createParticipant(participantId); // implicitly creates a keypair
});
var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", getSuperUserApiKey()))
.header(new Header("x-api-key", superUserKey))
.get("/v1/keypairs")
.then()
.log().ifValidationFails()
Expand All @@ -353,14 +359,15 @@ void getAll() {

@Test
void getAll_withPaging() {
var superUserKey = createSuperUser();
range(0, 10)
.forEach(i -> {
var participantId = "user" + i;
createParticipant(participantId); // implicitly creates a keypair
});
var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", getSuperUserApiKey()))
.header(new Header("x-api-key", superUserKey))
.get("/v1/keypairs?offset=2&limit=4")
.then()
.log().ifValidationFails()
Expand All @@ -371,14 +378,15 @@ void getAll_withPaging() {

@Test
void getAll_withDefaultPaging() {
var superUserKey = createSuperUser();
IntStream.range(0, 70)
.forEach(i -> {
var participantId = "user" + i;
createParticipant(participantId); // implicitly creates a keypair
});
var found = RUNTIME_CONFIGURATION.getManagementEndpoint().baseRequest()
.contentType(JSON)
.header(new Header("x-api-key", getSuperUserApiKey()))
.header(new Header("x-api-key", superUserKey))
.get("/v1/keypairs")
.then()
.log().ifValidationFails()
Expand Down
56 changes: 31 additions & 25 deletions .../api-tests/src/test/java/org/eclipse/edc/identityhub/tests/ManagementApiEndToEndTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import org.eclipse.edc.identithub.did.spi.DidDocumentService;
import org.eclipse.edc.identityhub.participantcontext.ApiTokenGenerator;
import org.eclipse.edc.identityhub.spi.ParticipantContextService;
import org.eclipse.edc.identityhub.spi.authentication.ServicePrincipal;
import org.eclipse.edc.identityhub.spi.model.KeyPairResource;
import org.eclipse.edc.identityhub.spi.model.participant.KeyDescriptor;
import org.eclipse.edc.identityhub.spi.model.participant.ParticipantContext;
Expand All @@ -34,6 +35,7 @@
import org.junit.jupiter.api.extension.RegisterExtension;

import java.util.Collection;
import java.util.List;
import java.util.Map;

/**
Expand All @@ -48,9 +50,23 @@ public abstract class ManagementApiEndToEndTest {
@RegisterExtension
protected static final EdcRuntimeExtension RUNTIME = new EdcRuntimeExtension(":launcher", "identity-hub", RUNTIME_CONFIGURATION.controlPlaneConfiguration());

protected String getSuperUserApiKey() {
var vault = RUNTIME.getContext().getService(Vault.class);
return vault.resolveSecret("super-user-apikey");
protected static ParticipantManifest createNewParticipant() {
var manifest = ParticipantManifest.Builder.newInstance()
.participantId("another-participant")
.active(false)
.did("did:web:another:participant")
.serviceEndpoint(new Service("test-service", "test-service-type", "https://test.com"))
.key(KeyDescriptor.Builder.newInstance()
.privateKeyAlias("another-alias")
.keyGeneratorParams(Map.of("algorithm", "EdDSA", "curve", "Ed25519"))
.keyId("another-keyid")
.build())
.build();
return manifest;
}

protected String createSuperUser() {
return createParticipant("super-user", List.of(ServicePrincipal.ROLE_ADMIN));
}

protected String storeParticipant(ParticipantContext pc) {
Expand All @@ -64,19 +80,7 @@ protected String storeParticipant(ParticipantContext pc) {
}

protected String createParticipant(String participantId) {
var manifest = ParticipantManifest.Builder.newInstance()
.participantId(participantId)
.active(true)
.serviceEndpoint(new Service("test-service-id", "test-type", "http://foo.bar.com"))
.did("did:web:" + participantId)
.key(KeyDescriptor.Builder.newInstance()
.privateKeyAlias(participantId + "-alias")
.keyId(participantId + "-key")
.keyGeneratorParams(Map.of("algorithm", "EC", "curve", "secp256r1"))
.build())
.build();
var srv = RUNTIME.getContext().getService(ParticipantContextService.class);
return srv.createParticipantContext(manifest).orElseThrow(f -> new EdcException(f.getFailureDetail()));
return createParticipant(participantId, List.of());
}

protected String createTokenFor(String userId) {
Expand Down Expand Up @@ -105,18 +109,20 @@ protected ParticipantContext getParticipant(String participantId) {
.orElseThrow(f -> new EdcException(f.getFailureDetail()));
}

protected static ParticipantManifest createNewParticipant() {
private String createParticipant(String participantId, List<String> roles) {
var manifest = ParticipantManifest.Builder.newInstance()
.participantId("another-participant")
.active(false)
.did("did:web:another:participant")
.serviceEndpoint(new Service("test-service", "test-service-type", "https://test.com"))
.participantId(participantId)
.active(true)
.roles(roles)
.serviceEndpoint(new Service("test-service-id", "test-type", "http://foo.bar.com"))
.did("did:web:" + participantId)
.key(KeyDescriptor.Builder.newInstance()
.privateKeyAlias("another-alias")
.keyGeneratorParams(Map.of("algorithm", "EdDSA", "curve", "Ed25519"))
.keyId("another-keyid")
.privateKeyAlias(participantId + "-alias")
.keyId(participantId + "-key")
.keyGeneratorParams(Map.of("algorithm", "EC", "curve", "secp256r1"))
.build())
.build();
return manifest;
var srv = RUNTIME.getContext().getService(ParticipantContextService.class);
return srv.createParticipantContext(manifest).orElseThrow(f -> new EdcException(f.getFailureDetail()));
}
}
Loading
Loading