Remove IAM references from storage service. (#1431)

* Remove IAM references from storage service. * Remove environment variables from storage config.
BlueBrain · Aug 14, 2020 · 321125b · 321125b
1 parent d27e274
commit 321125b
Show file tree

Hide file tree

Showing 13 changed files with 74 additions and 102 deletions.
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
@@ -34,6 +34,7 @@ jobs:
           echo ${{ secrets.DOCKER_PASS }} | docker login --username ${{ secrets.DOCKER_USER }} --password-stdin
           docker push bluebrain/nexus-cli:${{ env.VERSION }}
           docker push bluebrain/nexus-delta:${{ env.VERSION }}
+          docker push bluebrain/nexus-storage:${{ env.VERSION }}
       - name: RecordCoverage
         run: sbt -Dsbt.color=always -Dsbt.supershell=false clean coverage test coverageReport coverageAggregate
       - uses: codecov/codecov-action@v1

diff --git a/storage/src/main/resources/akka.conf b/storage/src/main/resources/akka.conf
@@ -4,35 +4,25 @@ akka {
     server {
       transparent-head-requests = off
       parsing.max-content-length = 10g
-      parsing.max-content-length = ${?AKKA_HTTP_MAX_CONTENT_LENGTH}
       request-timeout = 50 seconds
-      request-timeout = ${?AKKA_HTTP_SERVER_REQ_TIMEOUT}
     }
     server.parsing.max-content-length = 100g
-    server.parsing.max-content-length = ${?AKKA_HTTP_MAX_CONTENT_LENGTH}
     server.request-timeout = 20 seconds
-    server.request-timeout = ${?AKKA_HTTP_SERVER_REQUEST_TIMEOUT}
     host-connection-pool  {
       max-connections   = 16
-      max-connections   = ${?AKKA_HTTP_MAX_CONNECTIONS}
       max-open-requests = 64
-      max-open-requests = ${?AKKA_HTTP_MAX_OPEN_REQUESTS}
     }
     sse {
       # The maximum size for parsing server-sent events (96KiB).
       max-event-size = 98304
-      max-event-size = ${?AKKA_HTTP_SSE_MAX_EVENT_SIZE}
 
       # The maximum size for parsing lines of a server-sent event (48KiB).
       max-line-size = 49152
-      max-line-size = ${?AKKA_HTTP_SSE_MAX_LINE_SIZE}
     }
   }
 
   loggers = ["akka.event.slf4j.Slf4jLogger"]
   logging-filter = "akka.event.slf4j.Slf4jLoggingFilter"
   log-dead-letters = off
   loglevel = INFO
-  loglevel = ${?AKKA_LOG_LEVEL}
-
 }
diff --git a/storage/src/main/resources/app.conf b/storage/src/main/resources/app.conf
@@ -10,7 +10,6 @@ app {
   instance {
     # The default interface to bind to
     interface = 127.0.0.1
-    interface = ${?BIND_INTERFACE}
   }
 
   # Http binding settings
@@ -19,13 +18,10 @@ app {
     interface = ${app.instance.interface}
     # The port to bind to
     port = 8080
-    port = ${?BIND_PORT}
     # The default uri prefix
     prefix = "v1"
-    prefix = ${?HTTP_PREFIX}
     # The service public uri
     public-uri = "http://"${app.http.interface}":"${app.http.port}
-    public-uri = ${?PUBLIC_URI}
   }
 
   # Service runtime settings
@@ -38,59 +34,44 @@ app {
   storage {
     # the absolute path where the files are stored
     root-volume = "/tmp"
-    root-volume = ${?STORAGE_ROOT_VOLUME}
     # the relative path of the protected directory once the storage bucket is selected
     protected-directory = "nexus"
-    protected-directory = ${?STORAGE_PROTECTED_DIRECTORY}
     # permissions fixer
     fixer-enabled = false
-    fixer-enabled = ${?STORAGE_FIXER_ENABLED}
     fixer-command = []
-    fixer-command += ${?STORAGE_FIXER_COMMAND1}
-    fixer-command += ${?STORAGE_FIXER_COMMAND2}
   }
 
   digest {
     # the digest algorithm
     algorithm = "SHA-256"
-    algorithm = ${?DIGEST_FILE_ALGORITHM}
     # the maximum number of digests stored in memory
     max-in-memory = 10000
-    max-in-memory = ${?DIGEST_IN_MEMORY}
     # the maximum number of concurrent computations of digest
     concurrent-computations = 4
-    concurrent-computations = ${?DIGEST_CONCURRENT_COMPUTATIONS}
     # the maximum number of computations in queue to be computed
     max-in-queue = 10000
-    max-in-queue = ${?DIGEST_IN_QUEUE_COMPUTATIONS}
     # the amout of time after a digest which is still in the queue to be computed can be retrigger
     retrigger-after = 30 minutes
-    retrigger-after = ${?DIGEST_RETRIGGER_AFTER}
-
   }
 
   # Allowed subject to perform calls
   subject {
     # flag to decide whether or not the allowed subject is Anonymous or a User
     anonymous = false
-    anonymous = ${?SUBJECT_ANONYMOUS}
     # the user realm. It must be present when anonymous = false and it must be removed when anonymous = true
-    realm = ${?SUBJECT_REALM}
+    //realm = "realm"
     # the user name. It must be present when anonymous = false and it must be removed when anonymous = true
-    name = ${?SUBJECT_NAME}
+    //name = "username"
   }
 
-  # Iam client configuration
-  iam {
-    # The public iri to the iam service
+  # Delta client configuration
+  delta {
+    # The public iri to the Delta service
     public-iri = "http://localhost:8080"
-    public-iri = ${?IAM_PUBLIC_IRI}
-    # The internal iri to the iam service
+    # The internal iri to the Delta service
     internal-iri = "http://localhost:8080"
-    internal-iri = ${?IAM_INTERNAL_IRI}
     # The version prefix
     prefix = "v1"
-    prefix = ${?IAM_PREFIX}
 
     # The delay for retrying after completion on SSE
     sse-retry-delay = 1 second

diff --git a/...n/nexus/storage/IamIdentitiesClient.scala → ...nexus/storage/DeltaIdentitiesClient.scala b/...n/nexus/storage/IamIdentitiesClient.scala → ...nexus/storage/DeltaIdentitiesClient.scala
@@ -10,17 +10,17 @@ import akka.util.ByteString
 import cats.effect.{ContextShift, Effect, IO}
 import cats.implicits._
 import ch.epfl.bluebrain.nexus.rdf.implicits._
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient.Identity._
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient._
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClientError.IdentitiesSerializationError
-import ch.epfl.bluebrain.nexus.storage.config.IamClientConfig
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClient.Identity._
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClient._
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClientError.IdentitiesSerializationError
+import ch.epfl.bluebrain.nexus.storage.config.DeltaClientConfig
 import de.heikoseeberger.akkahttpcirce.ErrorAccumulatingCirceSupport.{DecodingFailures => AccDecodingFailures}
 import io.circe.Decoder.Result
 import io.circe.{Decoder, DecodingFailure, HCursor}
 
 import scala.concurrent.ExecutionContext
 
-class IamIdentitiesClient[F[_]](config: IamClientConfig)(implicit F: Effect[F], as: ActorSystem)
+class DeltaIdentitiesClient[F[_]](config: DeltaClientConfig)(implicit F: Effect[F], as: ActorSystem)
     extends JsonLdCirceSupport {
 
   private val um: FromEntityUnmarshaller[Caller]      = unmarshaller[Caller]
@@ -43,13 +43,13 @@ class IamIdentitiesClient[F[_]](config: IamClientConfig)(implicit F: Effect[F],
       else
         IO.fromFuture(IO(resp.entity.dataBytes.runFold(ByteString(""))(_ ++ _).map(_.utf8String)))
           .to[F]
-          .flatMap { err => F.raiseError(IamIdentitiesClientError.unsafe(resp.status, err)) }
+          .flatMap { err => F.raiseError(DeltaIdentitiesClientError.unsafe(resp.status, err)) }
     }
   }
 
 }
 
-object IamIdentitiesClient {
+object DeltaIdentitiesClient {
 
   /**
     * The client caller. It contains the subject and the list of identities (which contains the subject again)

diff --git a/...us/storage/IamIdentitiesClientError.scala → .../storage/DeltaIdentitiesClientError.scala b/...us/storage/IamIdentitiesClientError.scala → .../storage/DeltaIdentitiesClientError.scala
@@ -3,18 +3,18 @@ package ch.epfl.bluebrain.nexus.storage
 import akka.http.scaladsl.model.{StatusCode, StatusCodes}
 
 /**
-  * Enumeration of possible Iam identities Client errors.
+  * Enumeration of possible Delta Client errors.
   */
 @SuppressWarnings(Array("IncorrectlyNamedExceptions"))
-sealed abstract class IamIdentitiesClientError(val msg: String) extends Exception with Product with Serializable {
-  override def fillInStackTrace(): IamIdentitiesClientError = this
-  override def getMessage: String                           = msg
+sealed abstract class DeltaIdentitiesClientError(val msg: String) extends Exception with Product with Serializable {
+  override def fillInStackTrace(): DeltaIdentitiesClientError = this
+  override def getMessage: String                             = msg
 }
 
 @SuppressWarnings(Array("IncorrectlyNamedExceptions"))
-object IamIdentitiesClientError {
+object DeltaIdentitiesClientError {
 
-  final def unsafe(status: StatusCode, body: String): IamIdentitiesClientError =
+  final def unsafe(status: StatusCode, body: String): DeltaIdentitiesClientError =
     status match {
       case _ if status.isSuccess()       =>
         throw new IllegalArgumentException(s"Successful status code '$status' found, error expected.")
@@ -27,32 +27,32 @@ object IamIdentitiesClientError {
     * A serialization error when attempting to cast response.
     */
   final case class IdentitiesSerializationError(message: String)
-      extends IamIdentitiesClientError(
-        s"an IAM request to the identities endpoint could not be converted to 'Caller' type. Details '$message'"
+      extends DeltaIdentitiesClientError(
+        s"a Delta request to the identities endpoint could not be converted to 'Caller' type. Details '$message'"
       )
 
   /**
     * A Client status error (HTTP status codes 4xx).
     */
   final case class IdentitiesClientStatusError(code: StatusCodes.ClientError, message: String)
-      extends IamIdentitiesClientError(
-        s"an IAM request to the identities endpoint that should have been successful, returned the HTTP status code '$code'. Details '$message'"
+      extends DeltaIdentitiesClientError(
+        s"a Delta request to the identities endpoint that should have been successful, returned the HTTP status code '$code'. Details '$message'"
       )
 
   /**
     * A server status error (HTTP status codes 5xx).
     */
   final case class IdentitiesServerStatusError(code: StatusCodes.ServerError, message: String)
-      extends IamIdentitiesClientError(
-        s"an IAM request to the identities endpoint that should have been successful, returned the HTTP status code '$code'. Details '$message'"
+      extends DeltaIdentitiesClientError(
+        s"a Delta request to the identities endpoint that should have been successful, returned the HTTP status code '$code'. Details '$message'"
       )
 
   /**
     * Some other response error which is not 4xx nor 5xx
     */
   final case class IdentitiesUnexpectedStatusError(code: StatusCode, message: String)
-      extends IamIdentitiesClientError(
-        s"an IAM request to the identities endpoint that should have been successful, returned the HTTP status code '$code'. Details '$message'"
+      extends DeltaIdentitiesClientError(
+        s"a Delta request to the identities endpoint that should have been successful, returned the HTTP status code '$code'. Details '$message'"
       )
 
 }
diff --git a/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/Main.scala b/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/Main.scala
@@ -55,12 +55,12 @@ object Main {
 
     implicit val appConfig: AppConfig = Settings(config).appConfig
 
-    implicit val as: ActorSystem                          = ActorSystem(appConfig.description.fullName, config)
-    implicit val ec: ExecutionContext                     = as.dispatcher
-    implicit val eff: Effect[Task]                        = Task.catsEffect(Scheduler.global)
-    implicit val iamIdentities: IamIdentitiesClient[Task] = new IamIdentitiesClient[Task](appConfig.iam)
-    implicit val timeout                                  = Timeout(1.minute)
-    implicit val clock                                    = Clock.systemUTC
+    implicit val as: ActorSystem                              = ActorSystem(appConfig.description.fullName, config)
+    implicit val ec: ExecutionContext                         = as.dispatcher
+    implicit val eff: Effect[Task]                            = Task.catsEffect(Scheduler.global)
+    implicit val deltaIdentities: DeltaIdentitiesClient[Task] = new DeltaIdentitiesClient[Task](appConfig.delta)
+    implicit val timeout                                      = Timeout(1.minute)
+    implicit val clock                                        = Clock.systemUTC
 
     val storages: Storages[Task, AkkaSource] =
       new DiskStorage(appConfig.storage, appConfig.digest, AttributesCache[Task, AkkaSource])

diff --git a/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/config/AppConfig.scala b/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/config/AppConfig.scala
@@ -3,7 +3,7 @@ package ch.epfl.bluebrain.nexus.storage.config
 import java.nio.file.Path
 
 import akka.http.scaladsl.model.Uri
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient.Identity.{Anonymous, Subject, User}
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClient.Identity.{Anonymous, Subject, User}
 import ch.epfl.bluebrain.nexus.storage.JsonLdCirceSupport.OrderedKeys
 import ch.epfl.bluebrain.nexus.storage.config.AppConfig._
 
@@ -16,15 +16,15 @@ import scala.concurrent.duration.FiniteDuration
   * @param http        http interface configuration
   * @param storage     storages configuration
   * @param subject     allowed subject to perform calls to this service
-  * @param iam         iam client configuration
+  * @param delta       delta client configuration
   * @param digest      the digest configuration
   */
 final case class AppConfig(
     description: Description,
     http: HttpConfig,
     storage: StorageConfig,
     subject: SubjectConfig,
-    iam: IamClientConfig,
+    delta: DeltaClientConfig,
     digest: DigestConfig
 )
 
@@ -115,10 +115,10 @@ object AppConfig {
       retriggerAfter: FiniteDuration
   )
 
-  implicit def toStorage(implicit config: AppConfig): StorageConfig = config.storage
-  implicit def toHttp(implicit config: AppConfig): HttpConfig       = config.http
-  implicit def toIam(implicit config: AppConfig): IamClientConfig   = config.iam
-  implicit def toDigest(implicit config: AppConfig): DigestConfig   = config.digest
+  implicit def toStorage(implicit config: AppConfig): StorageConfig   = config.storage
+  implicit def toHttp(implicit config: AppConfig): HttpConfig         = config.http
+  implicit def toDelta(implicit config: AppConfig): DeltaClientConfig = config.delta
+  implicit def toDigest(implicit config: AppConfig): DigestConfig     = config.digest
 
   val orderedKeys: OrderedKeys = OrderedKeys(
     List(

diff --git a/...exus/storage/config/IamClientConfig.scala → ...us/storage/config/DeltaClientConfig.scala b/...exus/storage/config/IamClientConfig.scala → ...us/storage/config/DeltaClientConfig.scala
@@ -3,13 +3,13 @@ package ch.epfl.bluebrain.nexus.storage.config
 import ch.epfl.bluebrain.nexus.rdf.Iri.AbsoluteIri
 
 /**
-  * Configuration for IamClient identities endpoint.
+  * Configuration for DeltaClient identities endpoint.
   *
  * @param publicIri     base URL for all the identity IDs, excluding prefix.
   * @param internalIri   base URL for all the HTTP calls, excluding prefix.
   * @param prefix        the prefix
   */
-final case class IamClientConfig(
+final case class DeltaClientConfig(
     publicIri: AbsoluteIri,
     internalIri: AbsoluteIri,
     prefix: String

diff --git a/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/routes/AuthDirectives.scala b/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/routes/AuthDirectives.scala
@@ -5,9 +5,9 @@ import akka.http.scaladsl.model.headers.OAuth2BearerToken
 import akka.http.scaladsl.server.Directive1
 import akka.http.scaladsl.server.Directives._
 import akka.http.scaladsl.server.directives.FutureDirectives.onComplete
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient.{AccessToken, Caller}
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClientError.IdentitiesClientStatusError
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClient
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClient.{AccessToken, Caller}
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClientError.IdentitiesClientStatusError
 import ch.epfl.bluebrain.nexus.storage.StorageError._
 import com.typesafe.scalalogging.Logger
 import monix.eval.Task
@@ -32,7 +32,7 @@ object AuthDirectives {
   /**
     * Authenticates the requested with the provided ''token'' and returns the ''caller''
     */
-  def extractCaller(implicit identities: IamIdentitiesClient[Task], token: Option[AccessToken]): Directive1[Caller] =
+  def extractCaller(implicit identities: DeltaIdentitiesClient[Task], token: Option[AccessToken]): Directive1[Caller] =
     onComplete(identities().runToFuture).flatMap {
       case Success(caller)                                                   => provide(caller)
       case Failure(IdentitiesClientStatusError(StatusCodes.Unauthorized, _)) => failWith(AuthenticationFailed)

diff --git a/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/routes/Routes.scala b/storage/src/main/scala/ch/epfl/bluebrain/nexus/storage/routes/Routes.scala
@@ -3,14 +3,14 @@ package ch.epfl.bluebrain.nexus.storage.routes
 import akka.http.scaladsl.model.headers.{`WWW-Authenticate`, HttpChallenges}
 import akka.http.scaladsl.server.Directives._
 import akka.http.scaladsl.server.{ExceptionHandler, RejectionHandler, Route}
-import ch.epfl.bluebrain.nexus.storage.IamIdentitiesClient.Caller
+import ch.epfl.bluebrain.nexus.storage.DeltaIdentitiesClient.Caller
 import ch.epfl.bluebrain.nexus.storage.StorageError._
 import ch.epfl.bluebrain.nexus.storage.config.AppConfig
 import ch.epfl.bluebrain.nexus.storage.config.AppConfig._
 import ch.epfl.bluebrain.nexus.storage.routes.AuthDirectives._
 import ch.epfl.bluebrain.nexus.storage.routes.PrefixDirectives._
 import ch.epfl.bluebrain.nexus.storage.routes.instances._
-import ch.epfl.bluebrain.nexus.storage.{AkkaSource, IamIdentitiesClient, Rejection, StorageError, Storages}
+import ch.epfl.bluebrain.nexus.storage.{AkkaSource, DeltaIdentitiesClient, Rejection, StorageError, Storages}
 import com.typesafe.scalalogging.Logger
 import monix.eval.Task
 
@@ -81,7 +81,7 @@ object Routes {
     */
   def apply(
       storages: Storages[Task, AkkaSource]
-  )(implicit config: AppConfig, identities: IamIdentitiesClient[Task]): Route =
+  )(implicit config: AppConfig, identities: DeltaIdentitiesClient[Task]): Route =
     //TODO: Fetch Bearer token and verify identity
     wrap {
       concat(

diff --git a/storage/src/test/scala/ch/epfl/bluebrain/nexus/storage/routes/AppInfoRoutesSpec.scala b/storage/src/test/scala/ch/epfl/bluebrain/nexus/storage/routes/AppInfoRoutesSpec.scala
@@ -8,7 +8,7 @@ import akka.http.scaladsl.testkit.ScalatestRouteTest
 import ch.epfl.bluebrain.nexus.storage.config.{AppConfig, Settings}
 import ch.epfl.bluebrain.nexus.storage.routes.instances._
 import ch.epfl.bluebrain.nexus.storage.utils.Resources
-import ch.epfl.bluebrain.nexus.storage.{AkkaSource, IamIdentitiesClient, Storages}
+import ch.epfl.bluebrain.nexus.storage.{AkkaSource, DeltaIdentitiesClient, Storages}
 import io.circe.Json
 import monix.eval.Task
 import org.mockito.IdiomaticMockito
@@ -24,9 +24,9 @@ class AppInfoRoutesSpec
 
   "the app info routes" should {
 
-    implicit val config: AppConfig                        = Settings(system).appConfig
-    implicit val iamIdentities: IamIdentitiesClient[Task] = mock[IamIdentitiesClient[Task]]
-    val route: Route                                      = Routes(mock[Storages[Task, AkkaSource]])
+    implicit val config: AppConfig                            = Settings(system).appConfig
+    implicit val deltaIdentities: DeltaIdentitiesClient[Task] = mock[DeltaIdentitiesClient[Task]]
+    val route: Route                                          = Routes(mock[Storages[Task, AkkaSource]])
 
     "return application information" in {
       Get("/") ~> route ~> check {