feat: first E2E transfer with DCP (#23)

feat: first E2E transfer with DCP enabled

Author: wolf4ood

gradle/libs.versions.toml

@@ -60,6 +60,7 @@ edc-core-dataplane-signaling-transfer = { module = "org.eclipse.edc:transfer-dat
 # EDC Lib modules
 edc-lib-store = { module = "org.eclipse.edc:store-lib", version.ref = "edc" }
 edc-lib-query = { module = "org.eclipse.edc:query-lib", version.ref = "edc" }
+edc-lib-sql = { module = "org.eclipse.edc:sql-lib", version.ref = "edc" }
 edc-lib-jsonld = { module = "org.eclipse.edc:json-ld-lib", version.ref = "edc" }
 edc-lib-transform = { module = "org.eclipse.edc:transform-lib", version.ref = "edc" }
 edc-lib-controlplane-transform = { module = "org.eclipse.edc:control-plane-transform", version.ref = "edc" }
@@ -92,6 +93,13 @@ edc-bom-dataplane = { module = "org.eclipse.edc:dataplane-base-bom", version.ref
 ## EDC Fixtures
 edc-fixtures-sql = { module = "org.eclipse.edc:sql-test-fixtures", version.ref = "edc" }
 
+### IH for testing
+edc-ih-test-fixtures = { module = "org.eclipse.edc:identityhub-test-fixtures", version.ref = "edc" }
+edc-bom-identityhub = { module = "org.eclipse.edc:identityhub-bom", version.ref = "edc" }
+edc-bom-identityhub-sql = { module = "org.eclipse.edc:identityhub-feature-sql-bom", version.ref = "edc" }
+edc-bom-issuerservice = { module = "org.eclipse.edc:issuerservice-bom", version.ref = "edc" }
+edc-bom-issuerservice-sql = { module = "org.eclipse.edc:issuerservice-feature-sql-bom", version.ref = "edc" }
+
 # Other libraries
 awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility" }
 restAssured = { module = "io.rest-assured:rest-assured", version.ref = "restAssured" }

settings.gradle.kts

@@ -59,12 +59,16 @@ include(":system-tests:system-test-fixtures")
 include(":system-tests:runtimes:controlplane-base")
 include(":system-tests:runtimes:controlplane-memory")
 include(":system-tests:runtimes:controlplane-postgres")
+include(":system-tests:runtimes:issuer")
+include(":system-tests:runtimes:identity-hub")
 include(":system-tests:runtime-tests")
 include(":system-tests:dsp-tck-tests")
 include(":system-tests:extensions:v-tck-extension")
 include(":system-tests:runtimes:tck:tck-controlplane-memory")
 include(":system-tests:runtimes:tck:tck-controlplane-postgres")
 include(":system-tests:runtimes:e2e:e2e-controlplane-memory")
 include(":system-tests:runtimes:e2e:e2e-controlplane-postgres")
+include(":system-tests:runtimes:e2e:e2e-dcp-controlplane-postgres")
+
 
 

system-tests/runtime-tests/build.gradle.kts

@@ -20,14 +20,17 @@ dependencies {
     testImplementation(libs.awaitility)
     testImplementation(libs.edc.spi.dataplane)
     testImplementation(libs.edc.spi.jsonld)
+    testImplementation(libs.edc.spi.transaction.datasource)
     testImplementation(libs.edc.spi.control.plane)
     testImplementation(libs.edc.spi.participantcontext.config)
     testImplementation(libs.edc.lib.jsonld)
+    testImplementation(libs.edc.lib.sql)
     testImplementation(libs.edc.junit)
     testImplementation(libs.restAssured)
     testImplementation(testFixtures(libs.edc.fixtures.sql))
     testImplementation(testFixtures(project(":extensions:lib:nats-lib")))
     testImplementation(project(":system-tests:system-test-fixtures"))
+    testImplementation(testFixtures(libs.edc.ih.test.fixtures))
     testImplementation(libs.testcontainers.junit)
     testImplementation(libs.testcontainers.vault)
     testImplementation(libs.testcontainers.postgres)

system-tests/runtime-tests/src/test/java/org/eclipse/edc/virtualized/Runtimes.java

@@ -14,27 +14,19 @@
 
 package org.eclipse.edc.virtualized;
 
-import org.eclipse.edc.connector.controlplane.services.spi.asset.AssetService;
-import org.eclipse.edc.connector.controlplane.services.spi.catalog.CatalogService;
-import org.eclipse.edc.connector.controlplane.services.spi.contractdefinition.ContractDefinitionService;
-import org.eclipse.edc.connector.controlplane.services.spi.contractnegotiation.ContractNegotiationService;
-import org.eclipse.edc.connector.controlplane.services.spi.policydefinition.PolicyDefinitionService;
-import org.eclipse.edc.connector.controlplane.services.spi.transferprocess.TransferProcessService;
-import org.eclipse.edc.junit.extensions.ComponentRuntimeContext;
 import org.eclipse.edc.junit.utils.Endpoints;
-import org.eclipse.edc.participantcontext.spi.config.service.ParticipantContextConfigService;
-import org.eclipse.edc.participantcontext.spi.service.ParticipantContextService;
 import org.eclipse.edc.spi.system.configuration.Config;
 import org.eclipse.edc.spi.system.configuration.ConfigFactory;
-import org.eclipse.edc.virtualized.transfer.fixtures.VirtualConnector;
 
 import java.net.URI;
 import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
 
 import static org.eclipse.edc.util.io.Ports.getFreePort;
 
 public interface Runtimes {
-    
+
     interface ControlPlane {
         String NAME = "controlplane";
 
@@ -46,6 +38,10 @@ interface ControlPlane {
                 ":system-tests:runtimes:e2e:e2e-controlplane-postgres",
         };
 
+        String[] DCP_PG_MODULES = {
+                ":system-tests:runtimes:e2e:e2e-dcp-controlplane-postgres",
+        };
+
         Endpoints.Builder ENDPOINTS = Endpoints.Builder.newInstance()
                 .endpoint("control", () -> URI.create("http://localhost:" + getFreePort() + "/control"))
                 .endpoint("protocol", () -> URI.create("http://localhost:" + getFreePort() + "/protocol"));
@@ -58,19 +54,40 @@ static Config config() {
                 }
             });
         }
+    }
+
+    interface Issuer {
+        String NAME = "issuer";
+
+        String[] MODULES = {
+                ":system-tests:runtimes:issuer",
+        };
+    }
+
+    interface IdentityHub {
+        String NAME = "identityhub";
+
+        String[] MODULES = {
+                ":system-tests:runtimes:identity-hub",
+        };
+
+        static String didFor(Endpoints endpoints, String participantContextId) {
+            var didEndpoint = Objects.requireNonNull(endpoints.getEndpoint("did"));
+            String didLocation = String.format("%s%%3A%s", didEndpoint.get().getHost(), didEndpoint.get().getPort());
+            return String.format("did:web:%s:%s", didLocation, participantContextId);
+        }
 
-        static VirtualConnector connector(ComponentRuntimeContext ctx) {
-            return new VirtualConnector(
-                    ctx.getService(ParticipantContextService.class),
-                    ctx.getService(ParticipantContextConfigService.class),
-                    ctx.getService(AssetService.class),
-                    ctx.getService(PolicyDefinitionService.class),
-                    ctx.getService(ContractDefinitionService.class),
-                    ctx.getService(CatalogService.class),
-                    ctx.getService(ContractNegotiationService.class),
-                    ctx.getService(TransferProcessService.class),
-                    ctx.getEndpoint("protocol")
-            );
+        static Config dcpConfig(Endpoints endpoints, String participantContextId) {
+            var did = didFor(endpoints, participantContextId);
+            var stsEndpoint = Objects.requireNonNull(endpoints.getEndpoint("sts"));
+            return ConfigFactory.fromMap(Map.of(
+                    "edc.participant.id", did,
+                    "edc.iam.issuer.id", did,
+                    "edc.iam.sts.oauth.client.id", did,
+                    "edc.iam.sts.oauth.client.secret.alias", did + "-alias",
+                    "edc.iam.sts.oauth.token.url", stsEndpoint.get().toString() + "/token",
+                    "edc.iam.did.web.use.https", "false"
+            ));
         }
     }
 }

system-tests/runtime-tests/src/test/java/org/eclipse/edc/virtualized/extensions/DcpPatchExtension.java

@@ -0,0 +1,69 @@
+/*
+ *  Copyright (c) 2025 Metaform Systems, Inc.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Metaform Systems, Inc. - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.virtualized.extensions;
+
+import org.eclipse.edc.connector.controlplane.catalog.spi.policy.CatalogPolicyContext;
+import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext;
+import org.eclipse.edc.connector.controlplane.contract.spi.policy.TransferProcessPolicyContext;
+import org.eclipse.edc.policy.context.request.spi.RequestCatalogPolicyContext;
+import org.eclipse.edc.policy.context.request.spi.RequestContractNegotiationPolicyContext;
+import org.eclipse.edc.policy.context.request.spi.RequestTransferProcessPolicyContext;
+import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction;
+import org.eclipse.edc.policy.engine.spi.PolicyContext;
+import org.eclipse.edc.policy.engine.spi.PolicyEngine;
+import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry;
+import org.eclipse.edc.policy.model.Permission;
+import org.eclipse.edc.runtime.metamodel.annotation.Inject;
+import org.eclipse.edc.spi.system.ServiceExtension;
+import org.eclipse.edc.spi.system.ServiceExtensionContext;
+
+import java.util.Set;
+
+import static org.eclipse.edc.policy.model.OdrlNamespace.ODRL_SCHEMA;
+import static org.eclipse.edc.virtualized.extensions.MembershipCredentialEvaluationFunction.MEMBERSHIP_CONSTRAINT_KEY;
+
+/**
+ * Extension that provide configuration for testing DSP + DCP integration.
+ */
+public class DcpPatchExtension implements ServiceExtension {
+
+    @Inject
+    private PolicyEngine policyEngine;
+
+    @Inject
+    private RuleBindingRegistry ruleBindingRegistry;
+
+    @Override
+    public void initialize(ServiceExtensionContext context) {
+
+        var contextMappingFunction = new DefaultScopeMappingFunction(Set.of("org.eclipse.edc.vc.type:MembershipCredential:read"));
+
+        policyEngine.registerPostValidator(RequestCatalogPolicyContext.class, contextMappingFunction::apply);
+        policyEngine.registerPostValidator(RequestContractNegotiationPolicyContext.class, contextMappingFunction::apply);
+        policyEngine.registerPostValidator(RequestTransferProcessPolicyContext.class, contextMappingFunction::apply);
+
+        bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
+        bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
+        bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY);
+    }
+
+    private <C extends PolicyContext> void bindPermissionFunction(AtomicConstraintRuleFunction<Permission, C> function, Class<C> contextClass, String scope, String constraintType) {
+        ruleBindingRegistry.bind("use", scope);
+        ruleBindingRegistry.bind(ODRL_SCHEMA + "use", scope);
+        ruleBindingRegistry.bind(constraintType, scope);
+
+        policyEngine.registerFunction(contextClass, Permission.class, constraintType, function);
+    }
+}

system-tests/runtime-tests/src/test/java/org/eclipse/edc/virtualized/extensions/DefaultScopeMappingFunction.java

@@ -0,0 +1,41 @@
+/*
+ *  Copyright (c) 2025 Metaform Systems, Inc.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Metaform Systems, Inc. - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.virtualized.extensions;
+
+import org.eclipse.edc.policy.context.request.spi.RequestPolicyContext;
+import org.eclipse.edc.policy.engine.spi.PolicyValidatorRule;
+import org.eclipse.edc.policy.model.Policy;
+
+import java.util.HashSet;
+import java.util.Set;
+
+public class DefaultScopeMappingFunction implements PolicyValidatorRule<RequestPolicyContext> {
+    private final Set<String> defaultScopes;
+
+    public DefaultScopeMappingFunction(Set<String> defaultScopes) {
+        this.defaultScopes = defaultScopes;
+    }
+
+    @Override
+    public Boolean apply(Policy policy, RequestPolicyContext requestPolicyContext) {
+        var requestScopeBuilder = requestPolicyContext.requestScopeBuilder();
+        var rq = requestScopeBuilder.build();
+        var existingScope = rq.getScopes();
+        var newScopes = new HashSet<>(defaultScopes);
+        newScopes.addAll(existingScope);
+        requestScopeBuilder.scopes(newScopes);
+        return true;
+    }
+}

system-tests/runtime-tests/src/test/java/org/eclipse/edc/virtualized/extensions/MembershipCredentialEvaluationFunction.java

@@ -0,0 +1,94 @@
+/*
+ *  Copyright (c) 2025 Metaform Systems, Inc.
+ *
+ *  This program and the accompanying materials are made available under the
+ *  terms of the Apache License, Version 2.0 which is available at
+ *  https://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Contributors:
+ *       Metaform Systems, Inc. - initial API and implementation
+ *
+ */
+
+package org.eclipse.edc.virtualized.extensions;
+
+import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential;
+import org.eclipse.edc.participant.spi.ParticipantAgent;
+import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext;
+import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction;
+import org.eclipse.edc.policy.model.Operator;
+import org.eclipse.edc.policy.model.Permission;
+import org.eclipse.edc.spi.result.Result;
+
+import java.time.Instant;
+import java.util.List;
+import java.util.Map;
+
+public class MembershipCredentialEvaluationFunction<C extends ParticipantAgentPolicyContext> implements AtomicConstraintRuleFunction<Permission, C> {
+    public static final String MEMBERSHIP_CONSTRAINT_KEY = "MembershipCredential";
+    protected static final String MVD_NAMESPACE = "https://w3id.org/mvd/credentials/";
+    private static final String VC_CLAIM = "vc";
+    private static final String MEMBERSHIP_CLAIM = "membership";
+    private static final String SINCE_CLAIM = "since";
+    private static final String ACTIVE = "active";
+
+    private MembershipCredentialEvaluationFunction() {
+    }
+
+    public static <C extends ParticipantAgentPolicyContext> MembershipCredentialEvaluationFunction<C> create() {
+        return new MembershipCredentialEvaluationFunction<>() {
+        };
+    }
+
+    @SuppressWarnings("unchecked")
+    @Override
+    public boolean evaluate(Operator operator, Object rightOperand, Permission permission, C policyContext) {
+        if (!operator.equals(Operator.EQ)) {
+            policyContext.reportProblem("Invalid operator '%s', only accepts '%s'".formatted(operator, Operator.EQ));
+            return false;
+        }
+        if (!ACTIVE.equals(rightOperand)) {
+            policyContext.reportProblem("Right-operand must be equal to '%s', but was '%s'".formatted(ACTIVE, rightOperand));
+            return false;
+        }
+
+        var pa = policyContext.participantAgent();
+        if (pa == null) {
+            policyContext.reportProblem("No ParticipantAgent found on context.");
+            return false;
+        }
+        var credentialResult = getCredentialList(pa);
+        if (credentialResult.failed()) {
+            policyContext.reportProblem(credentialResult.getFailureDetail());
+            return false;
+        }
+
+        return credentialResult.getContent()
+                .stream()
+                .filter(vc -> vc.getType().stream().anyMatch(t -> t.endsWith(MEMBERSHIP_CONSTRAINT_KEY)))
+                .flatMap(vc -> vc.getCredentialSubject().stream().filter(cs -> cs.getClaims().containsKey(MEMBERSHIP_CLAIM)))
+                .anyMatch(credential -> {
+                    var membershipClaim = (Map<String, ?>) credential.getClaim(MVD_NAMESPACE, MEMBERSHIP_CLAIM);
+                    var membershipStartDate = Instant.parse(membershipClaim.get(SINCE_CLAIM).toString());
+                    return membershipStartDate.isBefore(Instant.now());
+                });
+    }
+
+    protected Result<List<VerifiableCredential>> getCredentialList(ParticipantAgent agent) {
+        var vcListClaim = agent.getClaims().get(VC_CLAIM);
+
+        if (vcListClaim == null) {
+            return Result.failure("ParticipantAgent did not contain a '%s' claim.".formatted(VC_CLAIM));
+        }
+        if (!(vcListClaim instanceof List)) {
+            return Result.failure("ParticipantAgent contains a '%s' claim, but the type is incorrect. Expected %s, received %s.".formatted(VC_CLAIM, List.class.getName(), vcListClaim.getClass().getName()));
+        }
+        var vcList = (List<VerifiableCredential>) vcListClaim;
+        if (vcList.isEmpty()) {
+            return Result.failure("ParticipantAgent contains a '%s' claim but it did not contain any VerifiableCredentials.".formatted(VC_CLAIM));
+        }
+        return Result.success(vcList);
+    }
+}