Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: implement Remote STS Account provisioning #470

Merged
merged 10 commits into from
Oct 3, 2024
Merged

feat: implement Remote STS Account provisioning #470

merged 10 commits into from
Oct 3, 2024

Conversation

paullatzelsperger
Copy link
Member

@paullatzelsperger paullatzelsperger commented Oct 3, 2024
edited
Loading

What this PR changes/adds

This PR adds a RemoteStsAccountService which can be used in cases where the STS runs as standalone application. It uses the STS Account API to manage accounts.
Note that the StsAccountProvisioner was split up, so that the business logic remains the same, while STS accounts are managed "locally" (embedded) or "remotely" (using the STS Account API).

These services are implemented in a separate extension modules sts-account-service-local and sts-account-service-remote. If neither of these modules are on the runtime classpath then a NOOP service is used and a warning is logged.

The RemoteStsAccountService assumes that authentication against the STS Accounts API is done by adding a particular header, e.g. Authorization: XYZ or x-api-key: XYZ (default).

It does not yet support dynamic tokens, e.g. OAuth2. This is a known limitation!

Two new test runtimes have been added:

  • :e2e-tests:runtimes:sts: a minimal, standalone STS runtime
  • :e2e-tests:runtimes:identityhub-remote-sts: an IdentityHub that does not contain the STS but instead uses the RemoteStsAccountService
  • cleaned up some obsolete files

Why it does that

feature parity with standalone STS

Further notes

  • Authentication RemoteStsAccountService -> STS Accounts API is currently only possible using static tokens.

Linked Issue(s)

Closes #467

Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.

@paullatzelsperger paullatzelsperger added the enhancement New feature or request label Oct 3, 2024
@paullatzelsperger paullatzelsperger force-pushed the feat/remote_sts_accountprovisioner branch from 4f50391 to 84e431f Compare October 3, 2024 08:28
@paullatzelsperger paullatzelsperger merged commit 3762f6e into eclipse-edc:main Oct 3, 2024
16 checks passed
@paullatzelsperger paullatzelsperger deleted the feat/remote_sts_accountprovisioner branch October 3, 2024 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wolf4ood wolf4ood wolf4ood approved these changes

@jimmarino jimmarino jimmarino approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement a remote StsAccountProvisioner
3 participants
@paullatzelsperger @wolf4ood @jimmarino