Code review

core/control-plane/control-plane-aggregate-services/src/main/java/org/eclipse/edc/connector/controlplane/services/secret/SecretServiceImpl.java

@@ -16,13 +16,10 @@
 
 import org.eclipse.edc.connector.secret.spi.observe.SecretObservable;
 import org.eclipse.edc.connector.spi.service.SecretService;
-import org.eclipse.edc.spi.query.QuerySpec;
 import org.eclipse.edc.spi.result.ServiceResult;
 import org.eclipse.edc.spi.security.Vault;
 import org.eclipse.edc.spi.types.domain.secret.Secret;
 
-import java.util.List;
-
 import static java.util.Optional.ofNullable;
 import static org.eclipse.edc.spi.result.ServiceResult.badRequest;
 import static org.eclipse.edc.spi.result.ServiceResult.conflict;
@@ -48,11 +45,6 @@ public Secret findById(String secretId) {
                 .orElse(null);
     }
 
-    @Override
-    public ServiceResult<List<Secret>> search(QuerySpec query) {
-        throw new UnsupportedOperationException("Query operation is not supported for secrets");
-    }
-
     @Override
     public ServiceResult<Secret> create(Secret secret) {
         var existing = findById(secret.getId());

data-protocols/dsp/dsp-http-api-configuration/src/main/java/org/eclipse/edc/protocol/dsp/http/api/configuration/DspApiConfigurationExtension.java

@@ -36,10 +36,8 @@
 import org.eclipse.edc.transform.transformer.dspace.to.JsonObjectToDataAddressDspaceTransformer;
 import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromCriterionTransformer;
 import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromQuerySpecTransformer;
-import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromSecretTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToCriterionTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToQuerySpecTransformer;
-import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToSecretTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonValueToGenericTypeTransformer;
 import org.eclipse.edc.web.jersey.providers.jsonld.JerseyJsonLdInterceptor;
 import org.eclipse.edc.web.jersey.providers.jsonld.ObjectMapperProvider;
@@ -68,7 +66,7 @@
  * parameters.
  */
 @Extension(value = DspApiConfigurationExtension.NAME)
-@Provides({DspApiConfiguration.class, ProtocolWebhook.class})
+@Provides({ DspApiConfiguration.class, ProtocolWebhook.class })
 public class DspApiConfigurationExtension implements ServiceExtension {
 
     public static final String NAME = "Dataspace Protocol API Configuration Extension";
@@ -143,7 +141,6 @@ private void registerTransformers() {
         dspApiTransformerRegistry.register(new JsonObjectFromDataAddressDspaceTransformer(jsonBuilderFactory, mapper));
         dspApiTransformerRegistry.register(new JsonObjectFromQuerySpecTransformer(jsonBuilderFactory));
         dspApiTransformerRegistry.register(new JsonObjectFromCriterionTransformer(jsonBuilderFactory, mapper));
-        dspApiTransformerRegistry.register(new JsonObjectFromSecretTransformer(jsonBuilderFactory));
 
         // JSON-LD to EDC model transformers
         // ODRL Transformers
@@ -154,7 +151,6 @@ private void registerTransformers() {
         dspApiTransformerRegistry.register(new JsonObjectToQuerySpecTransformer());
         dspApiTransformerRegistry.register(new JsonObjectToCriterionTransformer());
         dspApiTransformerRegistry.register(new JsonObjectToDataAddressDspaceTransformer());
-        dspApiTransformerRegistry.register(new JsonObjectToSecretTransformer());
     }
 
 }

extensions/common/api/management-api-configuration/src/main/java/org/eclipse/edc/connector/api/management/configuration/ManagementApiConfigurationExtension.java

@@ -34,11 +34,9 @@
 import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromCriterionTransformer;
 import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromDataAddressTransformer;
 import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromQuerySpecTransformer;
-import org.eclipse.edc.transform.transformer.edc.from.JsonObjectFromSecretTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToCriterionTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToDataAddressTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToQuerySpecTransformer;
-import org.eclipse.edc.transform.transformer.edc.to.JsonObjectToSecretTransformer;
 import org.eclipse.edc.transform.transformer.edc.to.JsonValueToGenericTypeTransformer;
 import org.eclipse.edc.web.jersey.providers.jsonld.JerseyJsonLdInterceptor;
 import org.eclipse.edc.web.jersey.providers.jsonld.ObjectMapperProvider;
@@ -117,15 +115,12 @@ public void initialize(ServiceExtensionContext context) {
         managementApiTransformerRegistry.register(new JsonObjectFromPolicyTransformer(factory, participantIdMapper));
         managementApiTransformerRegistry.register(new JsonObjectFromQuerySpecTransformer(factory));
         managementApiTransformerRegistry.register(new JsonObjectFromCriterionTransformer(factory, jsonLdMapper));
-        managementApiTransformerRegistry.register(new JsonObjectFromSecretTransformer(factory));
 
         OdrlTransformersFactory.jsonObjectToOdrlTransformers(participantIdMapper).forEach(managementApiTransformerRegistry::register);
         managementApiTransformerRegistry.register(new JsonObjectToDataAddressTransformer());
         managementApiTransformerRegistry.register(new JsonObjectToQuerySpecTransformer());
         managementApiTransformerRegistry.register(new JsonObjectToCriterionTransformer());
         managementApiTransformerRegistry.register(new JsonObjectToAssetTransformer());
         managementApiTransformerRegistry.register(new JsonValueToGenericTypeTransformer(jsonLdMapper));
-        managementApiTransformerRegistry.register(new JsonObjectToSecretTransformer());
-
     }
 }

extensions/control-plane/api/management-api/secret-api/build.gradle.kts → extensions/control-plane/api/management-api/secrets-api/build.gradle.kts

@@ -24,10 +24,10 @@ dependencies {
     implementation(project(":extensions:common:api:api-core"))
     implementation(project(":extensions:common:api:management-api-configuration"))
     implementation(project(":core:common:lib:validator-lib"))
+    implementation(project(":core:common:lib:transform-lib"))
 
     implementation(libs.jakarta.rsApi)
 
-    testImplementation(project(":core:common:lib:transform-lib"))
     testImplementation(project(":core:control-plane:control-plane-core"))
     testImplementation(project(":core:data-plane-selector:data-plane-selector-core"))
     testImplementation(project(":extensions:common:http"))

extensions/control-plane/api/management-api/secret-api/src/main/java/org/eclipse/edc/connector/api/management/secret/SecretApi.java → extensions/control-plane/api/management-api/secrets-api/src/main/java/org/eclipse/edc/connector/api/management/secret/SecretsApi.java

@@ -23,7 +23,6 @@
 import io.swagger.v3.oas.annotations.parameters.RequestBody;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
 import io.swagger.v3.oas.annotations.tags.Tag;
-import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
 import org.eclipse.edc.api.model.ApiCoreSchema;
 
@@ -35,11 +34,12 @@
 import static org.eclipse.edc.spi.types.domain.secret.Secret.EDC_SECRET_VALUE;
 
 @OpenAPIDefinition(
-        info = @Info(description = "This contains the secret management API, which allows a participant to manage the API keys associated to the API they expose.", title = "Secret API"))
+        info = @Info(description = "This contains the secret management API, which allows to add, remove and update secrets in the Vault.", title = "Secret API"))
 @Tag(name = "Secret")
-public interface SecretApi {
+public interface SecretsApi {
 
-    @Operation(description = "Creates a new secret, as a key,value pair",
+    @Operation(description = "Creates a new secret.",
+            operationId = "createSecret",
             requestBody = @RequestBody(content = @Content(schema = @Schema(implementation = SecretInputSchema.class))),
             responses = {
                     @ApiResponse(responseCode = "200", description = "Secret was created successfully. Returns the secret Id and created timestamp",
@@ -51,19 +51,8 @@ public interface SecretApi {
     )
     JsonObject createSecret(JsonObject secret);
 
-    @Operation(description = "Request all secrets according to a particular query",
-            requestBody = @RequestBody(
-                    content = @Content(schema = @Schema(implementation = ApiCoreSchema.QuerySpecSchema.class))
-            ),
-            responses = {
-                    @ApiResponse(responseCode = "200", description = "The secrets matching the query",
-                            content = @Content(array = @ArraySchema(schema = @Schema(implementation = SecretOutputSchema.class)))),
-                    @ApiResponse(responseCode = "400", description = "Request body was malformed",
-                            content = @Content(array = @ArraySchema(schema = @Schema(implementation = ApiCoreSchema.ApiErrorDetailSchema.class))))
-            })
-    JsonArray requestSecrets(JsonObject querySpecJson);
-
     @Operation(description = "Gets a secret with the given ID",
+            operationId = "getSecret",
             responses = {
                     @ApiResponse(responseCode = "200", description = "The secret",
                             content = @Content(schema = @Schema(implementation = SecretOutputSchema.class))),
@@ -75,28 +64,25 @@ public interface SecretApi {
     )
     JsonObject getSecret(String id);
 
-    @Operation(description = "Removes a secret with the given ID if possible. Deleting a secret is only possible if that secret is not yet referenced " +
-            "by a contract agreement, in which case an error is returned. " +
-            "DANGER ZONE: Note that deleting secrets referenced by an asset may lead to unexpected behavior in the system.",
+    @Operation(description = "Removes a secret with the given ID if possible.",
+            operationId = "removeSecret",
             responses = {
                     @ApiResponse(responseCode = "204", description = "Secret was deleted successfully"),
                     @ApiResponse(responseCode = "400", description = "Request was malformed, e.g. id was null",
                             content = @Content(array = @ArraySchema(schema = @Schema(implementation = ApiCoreSchema.ApiErrorDetailSchema.class)))),
                     @ApiResponse(responseCode = "404", description = "A secret with the given ID does not exist",
-                            content = @Content(array = @ArraySchema(schema = @Schema(implementation = ApiCoreSchema.ApiErrorDetailSchema.class)))),
-                    // TODO: check if it makes sense to check id secret is referenced from any asset
-                    @ApiResponse(responseCode = "409", description = "The secret cannot be deleted, because it is referenced by an asset",
                             content = @Content(array = @ArraySchema(schema = @Schema(implementation = ApiCoreSchema.ApiErrorDetailSchema.class))))
             })
     void removeSecret(String id);
 
     @Operation(description = "Updates a secret with the given ID if it exists. If the secret is not found, no further action is taken. ",
+            operationId = "updateSecret",
             requestBody = @RequestBody(content = @Content(schema = @Schema(implementation = SecretInputSchema.class))),
             responses = {
                     @ApiResponse(responseCode = "204", description = "Secret was updated successfully"),
-                    @ApiResponse(responseCode = "404", description = "Secret could not be updated, because it does not exist."),
                     @ApiResponse(responseCode = "400", description = "Request was malformed, e.g. id was null",
                             content = @Content(array = @ArraySchema(schema = @Schema(implementation = ApiCoreSchema.ApiErrorDetailSchema.class)))),
+                    @ApiResponse(responseCode = "404", description = "Secret could not be updated, because it does not exist.")
             })
     void updateSecret(JsonObject secret);
 
@@ -115,7 +101,6 @@ record SecretInputSchema(
                 {
                     "@context": { "@vocab": "https://w3id.org/edc/v0.0.1/ns/" },
                     "@id": "secret-id",
-                    "key": "secret-key",
                     "value" : "secret-value"
                 }
                 """;
@@ -129,18 +114,14 @@ record SecretOutputSchema(
             @Schema(name = TYPE, example = EDC_SECRET_TYPE)
             String type,
             @Schema(name = EDC_SECRET_VALUE, requiredMode = REQUIRED)
-            String value,
-            long createdAt
+            String value
     ) {
-        // TODO: check key and value names
         public static final String SECRET_OUTPUT_EXAMPLE = """
                 {
                     "@context": { "@vocab": "https://w3id.org/edc/v0.0.1/ns/" },
                     "@id": "secret-id",
                     "@type": "https://w3id.org/edc/v0.0.1/ns/Secret",
-                    "key": "secret-key",
-                    "value": "secret-value",
-                    "createdAt": 1688465655
+                    "value": "secret-value"
                 }
                 """;
     }

extensions/control-plane/api/management-api/secret-api/src/main/java/org/eclipse/edc/connector/api/management/secret/SecretApiController.java → extensions/control-plane/api/management-api/secrets-api/src/main/java/org/eclipse/edc/connector/api/management/secret/SecretsApiController.java

@@ -14,7 +14,6 @@
 
 package org.eclipse.edc.connector.api.management.secret;
 
-import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.DELETE;
@@ -27,37 +26,29 @@
 import org.eclipse.edc.api.model.IdResponse;
 import org.eclipse.edc.connector.spi.service.SecretService;
 import org.eclipse.edc.spi.EdcException;
-import org.eclipse.edc.spi.monitor.Monitor;
-import org.eclipse.edc.spi.query.QuerySpec;
-import org.eclipse.edc.spi.result.Result;
 import org.eclipse.edc.spi.types.domain.secret.Secret;
 import org.eclipse.edc.transform.spi.TypeTransformerRegistry;
 import org.eclipse.edc.validator.spi.JsonObjectValidatorRegistry;
 import org.eclipse.edc.web.spi.exception.InvalidRequestException;
 import org.eclipse.edc.web.spi.exception.ObjectNotFoundException;
 import org.eclipse.edc.web.spi.exception.ValidationFailureException;
 
-import static jakarta.json.stream.JsonCollectors.toJsonArray;
 import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
 import static java.util.Optional.of;
-import static org.eclipse.edc.spi.query.QuerySpec.EDC_QUERY_SPEC_TYPE;
 import static org.eclipse.edc.spi.types.domain.secret.Secret.EDC_SECRET_TYPE;
 import static org.eclipse.edc.web.spi.exception.ServiceResultHandler.exceptionMapper;
 
 @Consumes(APPLICATION_JSON)
 @Produces(APPLICATION_JSON)
-@Path("/v3/secrets")
-public class SecretApiController implements SecretApi {
+@Path("/v1/secrets")
+public class SecretsApiController implements SecretsApi {
     private final TypeTransformerRegistry transformerRegistry;
     private final SecretService service;
-    private final Monitor monitor;
     private final JsonObjectValidatorRegistry validator;
 
-    public SecretApiController(SecretService service, TypeTransformerRegistry transformerRegistry,
-                               Monitor monitor, JsonObjectValidatorRegistry validator) {
+    public SecretsApiController(SecretService service, TypeTransformerRegistry transformerRegistry, JsonObjectValidatorRegistry validator) {
         this.transformerRegistry = transformerRegistry;
         this.service = service;
-        this.monitor = monitor;
         this.validator = validator;
     }
 
@@ -80,28 +71,6 @@ public JsonObject createSecret(JsonObject secretJson) {
                 .orElseThrow(f -> new EdcException(f.getFailureDetail()));
     }
 
-    @POST
-    @Path("/request")
-    @Override
-    public JsonArray requestSecrets(JsonObject querySpecJson) {
-        QuerySpec querySpec;
-        if (querySpecJson == null) {
-            querySpec = QuerySpec.Builder.newInstance().build();
-        } else {
-            validator.validate(EDC_QUERY_SPEC_TYPE, querySpecJson).orElseThrow(ValidationFailureException::new);
-
-            querySpec = transformerRegistry.transform(querySpecJson, QuerySpec.class)
-                    .orElseThrow(InvalidRequestException::new);
-        }
-
-        return service.search(querySpec).orElseThrow(exceptionMapper(QuerySpec.class, null)).stream()
-                .map(it -> transformerRegistry.transform(it, JsonObject.class))
-                .peek(r -> r.onFailure(f -> monitor.warning(f.getFailureDetail())))
-                .filter(Result::succeeded)
-                .map(Result::getContent)
-                .collect(toJsonArray());
-    }
-
     @GET
     @Path("{id}")
     @Override
@@ -112,7 +81,6 @@ public JsonObject getSecret(@PathParam("id") String id) {
 
         return transformerRegistry.transform(secret, JsonObject.class)
                 .orElseThrow(f -> new EdcException(f.getFailureDetail()));
-
     }
 
     @DELETE

extensions/control-plane/api/management-api/secret-api/src/main/java/org/eclipse/edc/connector/api/management/secret/SecretApiExtension.java → extensions/control-plane/api/management-api/secrets-api/src/main/java/org/eclipse/edc/connector/api/management/secret/SecretsApiExtension.java

@@ -14,8 +14,11 @@
 
 package org.eclipse.edc.connector.api.management.secret;
 
+import jakarta.json.Json;
 import org.eclipse.edc.connector.api.management.configuration.ManagementApiConfiguration;
-import org.eclipse.edc.connector.api.management.secret.validation.SecretValidator;
+import org.eclipse.edc.connector.api.management.secret.transform.JsonObjectFromSecretTransformer;
+import org.eclipse.edc.connector.api.management.secret.validation.JsonObjectToSecretTransformer;
+import org.eclipse.edc.connector.api.management.secret.validation.SecretsValidator;
 import org.eclipse.edc.connector.spi.service.SecretService;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
@@ -25,10 +28,12 @@
 import org.eclipse.edc.validator.spi.JsonObjectValidatorRegistry;
 import org.eclipse.edc.web.spi.WebService;
 
+import java.util.Map;
+
 import static org.eclipse.edc.spi.types.domain.secret.Secret.EDC_SECRET_TYPE;
 
-@Extension(value = SecretApiExtension.NAME)
-public class SecretApiExtension implements ServiceExtension {
+@Extension(value = SecretsApiExtension.NAME)
+public class SecretsApiExtension implements ServiceExtension {
 
     public static final String NAME = "Management API: Secret";
 
@@ -54,10 +59,15 @@ public String name() {
 
     @Override
     public void initialize(ServiceExtensionContext context) {
-        var monitor = context.getMonitor();
+        validator.register(EDC_SECRET_TYPE, SecretsValidator.instance());
+
+        var managementApiTransformerRegistry = transformerRegistry.forContext("management-api");
 
-        validator.register(EDC_SECRET_TYPE, SecretValidator.instance());
+        var jsonBuilderFactory = Json.createBuilderFactory(Map.of());
+        managementApiTransformerRegistry.register(new JsonObjectFromSecretTransformer(jsonBuilderFactory));
+        managementApiTransformerRegistry.register(new JsonObjectToSecretTransformer());
 
-        webService.registerResource(config.getContextAlias(), new SecretApiController(secretService, transformerRegistry, monitor, validator));
+        webService.registerResource(config.getContextAlias(), new SecretsApiController(secretService, managementApiTransformerRegistry, validator));
     }
+
 }

core/common/lib/transform-lib/src/main/java/org/eclipse/edc/transform/transformer/edc/from/JsonObjectFromSecretTransformer.java → extensions/control-plane/api/management-api/secrets-api/src/main/java/org/eclipse/edc/connector/api/management/secret/transform/JsonObjectFromSecretTransformer.java

@@ -12,7 +12,7 @@
  *
  */
 
-package org.eclipse.edc.transform.transformer.edc.from;
+package org.eclipse.edc.connector.api.management.secret.transform;
 
 import jakarta.json.JsonBuilderFactory;
 import jakarta.json.JsonObject;
@@ -22,9 +22,10 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
+import static org.eclipse.edc.jsonld.spi.JsonLdKeywords.ID;
 import static org.eclipse.edc.jsonld.spi.JsonLdKeywords.TYPE;
+import static org.eclipse.edc.spi.types.domain.secret.Secret.EDC_SECRET_TYPE;
 import static org.eclipse.edc.spi.types.domain.secret.Secret.EDC_SECRET_VALUE;
-import static org.eclipse.edc.spi.types.domain.secret.Secret.PROPERTY_ID;
 
 public class JsonObjectFromSecretTransformer extends AbstractJsonLdTransformer<Secret, JsonObject> {
 
@@ -38,8 +39,8 @@ public JsonObjectFromSecretTransformer(JsonBuilderFactory jsonFactory) {
     @Override
     public @Nullable JsonObject transform(@NotNull Secret secret, @NotNull TransformerContext context) {
         return jsonFactory.createObjectBuilder()
-                .add(PROPERTY_ID, secret.getId())
-                .add(TYPE, Secret.EDC_SECRET_TYPE)
+                .add(ID, secret.getId())
+                .add(TYPE, EDC_SECRET_TYPE)
                 .add(EDC_SECRET_VALUE, secret.getValue())
                 .build();
     }