feat(technicalUser): add endpoint to create technicalUser for wallet

SAP · Apr 11, 2024 · 3d79211 · 3d79211
2 parents df6f041 + eb6b7a5
commit 3d79211
Show file tree

Hide file tree

Showing 36 changed files with 1,436 additions and 168 deletions.
diff --git a/charts/dim/templates/cronjob-processes.yaml b/charts/dim/templates/cronjob-processes.yaml
@@ -115,6 +115,19 @@ spec:
               value: "{{ .Values.processesworker.callback.tokenAddress }}"
             - name: "CALLBACK__BASEADDRESS"
               value: "{{ .Values.processesworker.callback.baseAddress }}"
+            - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGINDEX"
+              value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigIndex }}"
+            - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__INDEX"
+              value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.index }}"
+            - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ template "dim.secretName" . }}"
+                  key: "technicalusercreation-encryption-key0"
+            - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE"
+              value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.cipherMode }}"
+            - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE"
+              value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.paddingMode }}"
             ports:
             - name: http
               containerPort: {{ .Values.portContainer }}

diff --git a/charts/dim/templates/secret.yaml b/charts/dim/templates/secret.yaml
@@ -37,11 +37,13 @@ data:
   client-secret-cis-central: {{ coalesce ( .Values.processesworker.dim.clientSecretCisCentral | b64enc ) ( index $secret.data "client-secret-cis-central" ) | default ( randAlphaNum 32 ) | quote }}
   client-secret-cf: {{ coalesce ( .Values.processesworker.cf.clientSecret | b64enc ) ( index $secret.data "client-secret-cf" ) | default ( randAlphaNum 32 ) | quote }}
   client-secret-callback: {{ coalesce ( .Values.processesworker.callback.clientSecret | b64enc ) ( index $secret.data "client-secret-callback" ) | default ( randAlphaNum 32 ) | quote }}
+  technicalusercreation-encryption-key0: {{ coalesce ( .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "technicalusercreation-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
   client-secret-cis-central: {{ .Values.processesworker.dim.clientSecretCisCentral | default ( randAlphaNum 32 ) | quote }}
   client-secret-cf: {{ .Values.processesworker.cf.clientSecret | default ( randAlphaNum 32 ) | quote }}
   client-secret-callback: {{ .Values.processesworker.callback.clientSecret | default ( randAlphaNum 32 ) | quote }}
+  technicalusercreation-encryption-key0: {{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
 {{ end }}
 {{- end -}}
diff --git a/charts/dim/values.yaml b/charts/dim/values.yaml
@@ -106,6 +106,16 @@ processesworker:
     tokenAddress: ""
     # -- Url to the cf service api
     baseAddress: ""
+  technicalUserCreation:
+    encryptionConfigIndex: 0
+    encryptionConfigs:
+      index0:
+        index: 0
+        cipherMode: "CBC"
+        paddingMode: "PKCS7"
+        # -- EncryptionKey to encrypt the technical user client-secret. Secret-key 'technicalusercreation-encryption-key0'.
+        # Expected format is 256 bit (64 digits) hex.
+        encryptionKey: ""
 
 # -- Secret containing "client-secret-cis-central", "client-secret-cf" and "client-secret-callback"
 existingSecret: ""

diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml
@@ -85,7 +85,11 @@ processesworker:
     clientSecret: "<path:portal/data/dim/dev/callback#clientSecret>"
     tokenAddress: "http://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
     # -- Url to the cf service api
-    baseAddress: "https://portal-backend.dev.demo.catena-x.net/api/administration/registration/dim/"
+    baseAddress: "https://portal-backend.dev.demo.catena-x.net"
+  technicalUserCreation:
+    encryptionConfigs:
+      index0:
+        encryptionKey: "<<path:portal/data/dim/dev/technicaluser#technicalusercreation-encryption-key0>"
 
 idp:
   address: "https://centralidp.dev.demo.catena-x.net"

diff --git a/consortia/environments/values-int.yaml b/consortia/environments/values-int.yaml
@@ -76,7 +76,11 @@ processesworker:
     clientSecret: "<path:portal/data/dim/int/callback#clientSecret>"
     tokenAddress: "http://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
     # -- Url to the cf service api
-    baseAddress: "https://portal-backend.dev.demo.catena-x.net/api/administration/registration/dim/"
+    baseAddress: "https://portal-backend.dev.demo.catena-x.net"
+  technicalUserCreation:
+    encryptionConfigs:
+      index0:
+        encryptionKey: "<<path:portal/data/dim/int/technicaluser#technicalusercreation-encryption-key0>"
 
 idp:
   address: "https://centralidp.int.demo.catena-x.net"

diff --git a/src/clients/Dim.Clients/Api/Cf/CfClient.cs b/src/clients/Dim.Clients/Api/Cf/CfClient.cs
@@ -208,13 +208,13 @@ private async Task<Guid> GetServiceInstances(string tenantName, Guid? spaceId, C
         }
     }
 
-    public async Task CreateServiceInstanceBindings(string tenantName, Guid spaceId, CancellationToken cancellationToken)
+    public async Task CreateServiceInstanceBindings(string tenantName, string? keyName, Guid spaceId, CancellationToken cancellationToken)
     {
         var serviceInstanceId = await GetServiceInstances(tenantName, spaceId, cancellationToken).ConfigureAwait(false);
         var client = await _basicAuthTokenService.GetBasicAuthorizedLegacyClient<CfClient>(_settings, cancellationToken).ConfigureAwait(false);
         var data = new CreateServiceCredentialBindingRequest(
             "key",
-            $"{tenantName}-dim-key01",
+            $"{keyName ?? tenantName}-dim-key01",
             new ServiceCredentialRelationships(
                 new DimServiceInstance(new DimData(serviceInstanceId)))
         );

diff --git a/src/clients/Dim.Clients/Api/Cf/ICfClient.cs b/src/clients/Dim.Clients/Api/Cf/ICfClient.cs
@@ -26,7 +26,7 @@ public interface ICfClient
     Task<Guid> GetServicePlan(string servicePlanName, string servicePlanType, CancellationToken cancellationToken);
     Task<Guid> GetSpace(string tenantName, CancellationToken cancellationToken);
     Task CreateDimServiceInstance(string tenantName, Guid spaceId, Guid servicePlanId, CancellationToken cancellationToken);
-    Task CreateServiceInstanceBindings(string tenantName, Guid spaceId, CancellationToken cancellationToken);
+    Task CreateServiceInstanceBindings(string tenantName, string? keyName, Guid spaceId, CancellationToken cancellationToken);
     Task<Guid> GetServiceBinding(string tenantName, Guid spaceId, string bindingName, CancellationToken cancellationToken);
     Task<ServiceCredentialBindingDetailResponse> GetServiceBindingDetails(Guid id, CancellationToken cancellationToken);
 }
diff --git a/src/database/Dim.DbAccess/Repositories/ITenantRepository.cs b/src/database/Dim.DbAccess/Repositories/ITenantRepository.cs
@@ -35,4 +35,10 @@ public interface ITenantRepository
     Task<(Guid? DimInstanceId, string HostingUrl, bool IsIssuer)> GetDimInstanceIdAndHostingUrl(Guid tenantId);
     Task<(string? ApplicationId, Guid? CompanyId, Guid? DimInstanceId, bool IsIssuer)> GetApplicationAndCompanyId(Guid tenantId);
     Task<(bool Exists, Guid? CompanyId, Guid? InstanceId)> GetCompanyAndInstanceIdForBpn(string bpn);
+    Task<(bool Exists, Guid TenantId)> GetTenantForBpn(string bpn);
+    void CreateTenantTechnicalUser(Guid tenantId, string technicalUserName, Guid externalId, Guid processId);
+    void AttachAndModifyTechnicalUser(Guid technicalUserId, Action<TechnicalUser>? initialize, Action<TechnicalUser> modify);
+    Task<(bool Exists, Guid TechnicalUserId, string CompanyName, string Bpn)> GetTenantDataForTechnicalUserProcessId(Guid processId);
+    Task<(Guid? spaceId, string technicalUserName)> GetSpaceIdAndTechnicalUserName(Guid technicalUserId);
+    Task<(Guid ExternalId, string? TokenAddress, string? ClientId, byte[]? ClientSecret, byte[]? InitializationVector, int? EncryptionMode)> GetTechnicalUserCallbackData(Guid technicalUserId);
 }
diff --git a/src/database/Dim.DbAccess/Repositories/TenantRepository.cs b/src/database/Dim.DbAccess/Repositories/TenantRepository.cs
@@ -105,4 +105,44 @@ public void AttachAndModifyTenant(Guid tenantId, Action<Tenant>? initialize, Act
         _context.Tenants.Where(x => x.Bpn == bpn)
             .Select(x => new ValueTuple<bool, Guid?, Guid?>(true, x.CompanyId, x.DimInstanceId))
             .SingleOrDefaultAsync();
+
+    public void CreateTenantTechnicalUser(Guid tenantId, string technicalUserName, Guid externalId, Guid processId) =>
+        _context.TechnicalUsers.Add(new TechnicalUser(Guid.NewGuid(), tenantId, externalId, technicalUserName, processId));
+
+    public void AttachAndModifyTechnicalUser(Guid technicalUserId, Action<TechnicalUser>? initialize, Action<TechnicalUser> modify)
+    {
+        var technicalUser = new TechnicalUser(technicalUserId, Guid.Empty, Guid.Empty, null!, Guid.Empty);
+        initialize?.Invoke(technicalUser);
+        _context.TechnicalUsers.Attach(technicalUser);
+        modify(technicalUser);
+    }
+
+    public Task<(bool Exists, Guid TenantId)> GetTenantForBpn(string bpn) =>
+        _context.Tenants.Where(x => x.Bpn == bpn)
+            .Select(x => new ValueTuple<bool, Guid>(true, x.Id))
+            .SingleOrDefaultAsync();
+
+    public Task<(bool Exists, Guid TechnicalUserId, string CompanyName, string Bpn)> GetTenantDataForTechnicalUserProcessId(Guid processId) =>
+        _context.TechnicalUsers
+            .Where(x => x.ProcessId == processId)
+            .Select(x => new ValueTuple<bool, Guid, string, string>(true, x.Id, x.Tenant!.CompanyName, x.Tenant.Bpn))
+            .SingleOrDefaultAsync();
+
+    public Task<(Guid? spaceId, string technicalUserName)> GetSpaceIdAndTechnicalUserName(Guid technicalUserId) =>
+        _context.TechnicalUsers
+            .Where(x => x.Id == technicalUserId)
+            .Select(x => new ValueTuple<Guid?, string>(x.Tenant!.SpaceId, x.TechnicalUserName))
+            .SingleOrDefaultAsync();
+
+    public Task<(Guid ExternalId, string? TokenAddress, string? ClientId, byte[]? ClientSecret, byte[]? InitializationVector, int? EncryptionMode)> GetTechnicalUserCallbackData(Guid technicalUserId) =>
+        _context.TechnicalUsers
+            .Where(x => x.Id == technicalUserId)
+            .Select(x => new ValueTuple<Guid, string?, string?, byte[]?, byte[]?, int?>(
+                x.ExternalId,
+                x.TokenAddress,
+                x.ClientId,
+                x.ClientSecret,
+                x.InitializationVector,
+                x.EncryptionMode))
+            .SingleOrDefaultAsync();
 }
diff --git a/src/database/Dim.Entities/DimDbContext.cs b/src/database/Dim.Entities/DimDbContext.cs
@@ -40,6 +40,7 @@ public DimDbContext(DbContextOptions<DimDbContext> options)
     public virtual DbSet<ProcessStepType> ProcessStepTypes { get; set; } = default!;
     public virtual DbSet<ProcessType> ProcessTypes { get; set; } = default!;
     public virtual DbSet<Tenant> Tenants { get; set; } = default!;
+    public virtual DbSet<TechnicalUser> TechnicalUsers { get; set; } = default!;
 
     protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder)
     {
@@ -84,10 +85,25 @@ protected override void OnModelCreating(ModelBuilder modelBuilder)
                     .Select(e => new ProcessStepType(e))
             );
 
-        modelBuilder.Entity<Tenant>()
-            .HasOne(d => d.Process)
-            .WithMany(p => p.Tenants)
-            .HasForeignKey(d => d.ProcessId)
-            .OnDelete(DeleteBehavior.ClientSetNull);
+        modelBuilder.Entity<Tenant>(t =>
+            {
+                t.HasOne(d => d.Process)
+                    .WithMany(p => p.Tenants)
+                    .HasForeignKey(d => d.ProcessId)
+                    .OnDelete(DeleteBehavior.ClientSetNull);
+            });
+
+        modelBuilder.Entity<TechnicalUser>(tu =>
+        {
+            tu.HasOne(d => d.Process)
+                .WithMany(p => p.TechnicalUsers)
+                .HasForeignKey(d => d.ProcessId)
+                .OnDelete(DeleteBehavior.ClientSetNull);
+
+            tu.HasOne(t => t.Tenant)
+                .WithMany(t => t.TechnicalUsers)
+                .HasForeignKey(t => t.TenantId)
+                .OnDelete(DeleteBehavior.ClientSetNull);
+        });
     }
 }
diff --git a/src/database/Dim.Entities/Entities/Process.cs b/src/database/Dim.Entities/Entities/Process.cs
@@ -29,6 +29,7 @@ private Process()
     {
         ProcessSteps = new HashSet<ProcessStep>();
         Tenants = new HashSet<Tenant>();
+        TechnicalUsers = new HashSet<TechnicalUser>();
     }
 
     public Process(Guid id, ProcessTypeId processTypeId, Guid version) : this()
@@ -51,4 +52,5 @@ public Process(Guid id, ProcessTypeId processTypeId, Guid version) : this()
     public virtual ProcessType? ProcessType { get; set; }
     public virtual ICollection<ProcessStep> ProcessSteps { get; private set; }
     public virtual ICollection<Tenant> Tenants { get; private set; }
+    public virtual ICollection<TechnicalUser> TechnicalUsers { get; private set; }
 }
diff --git a/src/database/Dim.Entities/Entities/TechnicalUser.cs b/src/database/Dim.Entities/Entities/TechnicalUser.cs
@@ -0,0 +1,41 @@
+/********************************************************************************
+ * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors.
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+
+namespace Dim.Entities.Entities;
+
+public class TechnicalUser(
+    Guid id,
+    Guid tenantId,
+    Guid externalId,
+    string technicalUserName,
+    Guid processId)
+{
+    public Guid Id { get; set; } = id;
+    public Guid TenantId { get; set; } = tenantId;
+    public Guid ExternalId { get; set; } = externalId;
+    public string TechnicalUserName { get; set; } = technicalUserName;
+    public string? TokenAddress { get; set; }
+    public string? ClientId { get; set; }
+    public byte[]? ClientSecret { get; set; }
+    public byte[]? InitializationVector { get; set; }
+    public int? EncryptionMode { get; set; }
+    public Guid ProcessId { get; set; } = processId;
+    public virtual Tenant? Tenant { get; set; }
+    public virtual Process? Process { get; set; }
+}
diff --git a/src/database/Dim.Entities/Entities/Tenant.cs b/src/database/Dim.Entities/Entities/Tenant.cs
@@ -19,28 +19,24 @@
 
 namespace Dim.Entities.Entities;
 
-public class Tenant
+public class Tenant(
+    Guid id,
+    string companyName,
+    string bpn,
+    string didDocumentLocation,
+    bool isIssuer,
+    Guid processId,
+    Guid operatorId)
 {
-    public Tenant(Guid id, string companyName, string bpn, string didDocumentLocation, bool isIssuer, Guid processId, Guid operatorId)
-    {
-        Id = id;
-        CompanyName = companyName;
-        Bpn = bpn;
-        DidDocumentLocation = didDocumentLocation;
-        IsIssuer = isIssuer;
-        ProcessId = processId;
-        OperatorId = operatorId;
-    }
+    public Guid Id { get; set; } = id;
+    public string CompanyName { get; set; } = companyName;
+    public string Bpn { get; set; } = bpn;
 
-    public Guid Id { get; set; }
-    public string CompanyName { get; set; }
-    public string Bpn { get; set; }
+    public string DidDocumentLocation { get; set; } = didDocumentLocation;
 
-    public string DidDocumentLocation { get; set; }
+    public bool IsIssuer { get; set; } = isIssuer;
 
-    public bool IsIssuer { get; set; }
-
-    public Guid ProcessId { get; set; }
+    public Guid ProcessId { get; set; } = processId;
 
     public Guid? SubAccountId { get; set; }
 
@@ -56,6 +52,7 @@ public Tenant(Guid id, string companyName, string bpn, string didDocumentLocatio
     public string? ApplicationId { get; set; }
     public Guid? CompanyId { get; set; }
     public string? ApplicationKey { get; set; }
-    public Guid OperatorId { get; set; }
+    public Guid OperatorId { get; set; } = operatorId;
     public virtual Process? Process { get; set; }
+    public virtual ICollection<TechnicalUser> TechnicalUsers { get; private set; } = new HashSet<TechnicalUser>();
 }
diff --git a/src/database/Dim.Entities/Enums/ProcessStepTypeId.cs b/src/database/Dim.Entities/Enums/ProcessStepTypeId.cs
@@ -39,5 +39,10 @@ public enum ProcessStepTypeId
     CREATE_COMPANY_IDENTITY = 15,
     ASSIGN_COMPANY_APPLICATION = 16,
     CREATE_STATUS_LIST = 17,
-    SEND_CALLBACK = 18
+    SEND_CALLBACK = 18,
+
+    // Create Technical User
+    CREATE_TECHNICAL_USER = 100,
+    GET_TECHNICAL_USER_DATA = 101,
+    SEND_TECHNICAL_USER_CALLBACK = 102,
 }
diff --git a/src/database/Dim.Entities/Enums/ProcessTypeId.cs b/src/database/Dim.Entities/Enums/ProcessTypeId.cs
@@ -21,5 +21,6 @@ namespace Dim.Entities.Enums;
 
 public enum ProcessTypeId
 {
-    SETUP_DIM = 1
+    SETUP_DIM = 1,
+    CREATE_TECHNICAL_USER = 2
 }