partial integration-tests solved

Author: ponachte

aggregator-platform/values.yaml

@@ -1,5 +1,10 @@
 loglevel: info
 
+auth:
+  oidc: {}
+  client_credentials: {}
+  provision: {}
+
 spec:
   service_collection: /services
   transformation_catalog: /transformations

containers/aggregator-server/registration/registration_client_credentials.go

@@ -22,7 +22,8 @@ func handleClientCredentialsFlow(w http.ResponseWriter, req model.RegistrationRe
 	var inst *instance.AggregatorInstance
 	if isUpdate {
 		// Check if aggregator exists and user is authorized to update it
-		inst, err := instance.GetAggregatorInstance(req.AggregatorID)
+		var err error
+		inst, err = instance.GetAggregatorInstance(req.AggregatorID)
 		if err != nil {
 			logrus.WithError(err).Errorf("Failed to retrieve aggregator %s for update", req.AggregatorID)
 			http.Error(w, "Aggregator not found for update", http.StatusNotFound)
@@ -42,10 +43,6 @@ func handleClientCredentialsFlow(w http.ResponseWriter, req model.RegistrationRe
 		http.Error(w, "authorization_server is required", http.StatusBadRequest)
 		return
 	}
-	if req.WebID == "" {
-		http.Error(w, "webid is required", http.StatusBadRequest)
-		return
-	}
 	if req.ClientID == "" {
 		http.Error(w, "client_id is required", http.StatusBadRequest)
 		return
@@ -70,7 +67,9 @@ func handleClientCredentialsFlow(w http.ResponseWriter, req model.RegistrationRe
 	}
 
 	// Some IDPs support a webid parameter to specify which WebID to act as
-	tokenData.Set("webid", req.WebID)
+	if req.WebID != "" {
+		tokenData.Set("webid", req.WebID)
+	}
 
 	resp, err := doTokenRequest(
 		oidcConfig.TokenEndpoint,
@@ -133,7 +132,7 @@ func handleClientCredentialsFlow(w http.ResponseWriter, req model.RegistrationRe
 
 		// Deploy aggregator resources
 		aggregatorId, err := instance.DeployAggregator(
-			req.WebID,
+			id,
 			req.AuthorizationServer,
 			"",
 			ctx,
@@ -152,7 +151,11 @@ func handleClientCredentialsFlow(w http.ResponseWriter, req model.RegistrationRe
 			aggregatorId,
 		)
 
-		logrus.Infof("Aggregator created (client_credentials): %s for ID %s (acting as %s)", inst.AggregatorID, id, req.WebID)
+		if req.WebID != "" {
+			logrus.Infof("Aggregator created (client_credentials): %s for ID %s (acting as %s)", inst.AggregatorID, id, req.WebID)
+		} else {
+			logrus.Infof("Aggregator created (client_credentials): %s for ID %s", inst.AggregatorID, id)
+		}
 	}
 
 	// Return response

containers/aggregator/config/description.go

@@ -58,7 +58,7 @@ func handleAggregatorDescription(w http.ResponseWriter, r *http.Request) {
 
 	// TODO: semantic representations need to be added at some point
 	desc := AggregatorDescription{
-		ID:                    model.ID,
+		ID:                    model.ExternalBaseURL(),
 		CreatedAt:             createdAt,
 		LoginStatus:           loginStatus,
 		TransformationCatalog: model.ExternalBaseURL() + model.TransformationCatalog,

demo/kvasir/management.ts

@@ -101,7 +101,7 @@ export class KvasirManagement {
         method: "GET",
         headers: {
           "Content-Type": "text/turtle",
-          "Authorization": assigner,
+          "Authorization": `Bearer ${await this.auth.getAccessToken()}`,
         },
       });
 

demo/kvasir/policies.ts

@@ -9,7 +9,7 @@ interface PolicyOptions {
   assigner: string;
   target: string;
   scopes?: string[];
-  containerName?: string;
+  container?: boolean;
   client?: string;
 }
 
@@ -44,12 +44,12 @@ export async function createPolicies(policies: PolicyOptions[]): Promise<{ turtl
 }
 
 export function createPolicy(store: Store, options: PolicyOptions): string {
-  const { name, assignee, assigner, scopes = ["read"], target, containerName, client } = options;
+  const { name, assignee, assigner, scopes = ["read"], target, container, client } = options;
   const uuid = randomUUID();
   const baseIRI = `http://example.com/${uuid}#`;
 
   const policyNode = namedNode(`${baseIRI}${name}Policy`);
-  const permissionNode = blankNode();
+  const permissionNode = namedNode(`${baseIRI}${name}Permission`);
 
   // Policy triples
   store.addQuad(policyNode, namedNode("rdf:type"), namedNode("odrl:Agreement"));
@@ -65,23 +65,20 @@ export function createPolicy(store: Store, options: PolicyOptions): string {
   store.addQuad(permissionNode, namedNode("odrl:assigner"), namedNode(assigner));
 
   // Target triples
-  if (containerName) {
-    const containerNode = namedNode(`${baseIRI}${containerName}`);
+  if (container) {
+    const containerNode = namedNode(`collection:${target}:http://www.w3.org/ns/ldp#contains`);
     store.addQuad(permissionNode, namedNode("odrl:target"), containerNode);
-    store.addQuad(containerNode, namedNode("rdf:type"), namedNode("odrl:AssetCollection"));
-    store.addQuad(containerNode, namedNode("odrl:source"), namedNode(target));
-    store.addQuad(containerNode, namedNode("odrl_p:relation"), namedNode("ldp:contains"));
   } else {
     store.addQuad(permissionNode, namedNode("odrl:target"), namedNode(target));
   }
 
   // Client triples
   if (client) {
-    const constraintNode = blankNode();
+    const constraintNode = namedNode(`${baseIRI}${name}ClientConstraint`);
     store.addQuad(permissionNode, namedNode("odrl:constraint"), constraintNode);
     store.addQuad(constraintNode, namedNode("odrl:leftOperand"), namedNode("odrl:purpose"));
     store.addQuad(constraintNode, namedNode("odrl:operator"), namedNode("odrl:eq"));
-    store.addQuad(constraintNode, namedNode("odrl:rightOperand"), namedNode(`ex:${client}`));
+    store.addQuad(constraintNode, namedNode("odrl:rightOperand"), namedNode(`${client}`));
   }
 
   return policyNode.value;

demo/kvasir/setup-pod.ts

@@ -7,9 +7,9 @@ const IDP = "http://localhost:8280";
 const REALM = "quarkus";
 const CLIENT_ID = "demo-client";
 const CLIENT_UMA_ID = `http://example.com/id/${CLIENT_ID}`;
-const CLIENT_SECRET = "0XAqVqleHW96DIPzvSzsyfSUOqWv8n2y";
+const CLIENT_SECRET = "SsIyMNGjbKrbcJPHr8gWwc36DdqMGvvd";
 
-const USER_ID = "ed9ee96a-2572-4353-905f-e2495ee601c1";
+const USER_ID = "3744e254-9865-4c42-a1f0-ee03f866c186";
 const USER_UMA_ID = `http://example.com/id/${USER_ID}`;
 const USERNAME = "alice@example.com";
 const PASSWORD = "alice";
@@ -70,20 +70,20 @@ async function main() {
     console.log("▶ Delegating pod access control to UMA");
     await kvasir.delegatePodToUMA();
 
-    console.log("▶ Creating pod-management policy for owner…");
+    console.log("▶ Creating slice-management policy for owner…");
     // enable owner to create slices
     const {
       turtle: ownerPolicyTurtle,
       ids: ownerPolicyIds,
     } = await createPolicies([
       {
-        name: "owner_pod_management",
+        name: "owner_slice_management",
         assignee: USER_UMA_ID,
         assigner: USER_UMA_ID,
         scopes: ["read", "write", "delete"],
         target: POD_URL + "/",
-        containerName: "pod",
         client: CLIENT_UMA_ID,
+        container: true
       },
     ]);
 
@@ -144,14 +144,13 @@ async function main() {
     await kvasir.addData(slice, CONTEXT, "obs", generateObservation());
 
     console.log("▶ Setup complete.");
-    console.log("▶ Waiting for termination signal (Ctrl+C)…\n");
-
-    // Wait for SIGINT or SIGTERM
-    await waitForExitSignal();
-
   } catch (err) {
     console.error("❌ Error during setup:", err);
   } finally {
+    // Wait for SIGINT or SIGTERM
+    console.log("▶ Waiting for termination signal (Ctrl+C)…\n");
+    await waitForExitSignal();
+
     console.log("\n⏳ Cleaning up setup…");
 
     // delete slices

demo/kvasir/test-pod.ts

@@ -0,0 +1,27 @@
+import { createPolicies } from "./policies.js";
+import { KvasirManagement } from "./management.js";
+
+const POD_URL = "http://localhost:8080/alice";
+const AS_SERVER = "http://localhost:4000/uma"
+const IDP = "http://localhost:8280";
+const REALM = "quarkus";
+const CLIENT_ID = "demo-client";
+const CLIENT_UMA_ID = `http://example.com/id/${CLIENT_ID}`;
+const CLIENT_SECRET = "SsIyMNGjbKrbcJPHr8gWwc36DdqMGvvd";
+
+const USER_ID = "3744e254-9865-4c42-a1f0-ee03f866c186";
+const USER_UMA_ID = `http://example.com/id/${USER_ID}`;
+const USERNAME = "alice@example.com";
+const PASSWORD = "alice";
+const DOCTOR_ID = "7cbe4aea-f394-4907-969a-0387a9774273";
+const DOCTOR_UMA_ID = `http://example.com/id/${DOCTOR_ID}`
+
+const kvasir = new KvasirManagement(POD_URL, AS_SERVER);
+await kvasir.init(IDP, REALM);
+await kvasir.login(USERNAME, PASSWORD, CLIENT_ID, CLIENT_SECRET);
+
+async function test() {
+  await kvasir.readPolicies(USER_UMA_ID);
+}
+
+test()

demo/package.json

@@ -14,7 +14,8 @@
     "stream-service-demo": "tsc && node dist/stream-service-demo.js",
     "kv-create-pod": "tsc && node dist/kvasir/create-pod.js",
     "kv-delete-pod": "tsc && node dist/kvasir/delete-pod.js",
-    "kv-setup-pod": "tsc && node dist/kvasir/setup-pod.js"
+    "kv-setup-pod": "tsc && node dist/kvasir/setup-pod.js",
+    "kv-test-pod": "tsc && node dist/kvasir/test-pod.js"
   },
   "dependencies": {
     "@inrupt/solid-client-authn-core": "^3.1.0",

demo/pacsoi/create-service.ts

@@ -6,7 +6,7 @@ const df = new DataFactory();
 
 // Aggregator configuration
 const AGGREGATOR_SERVER = "https://aggregator.local:5443";
-const AGGREGATOR = "https://aggregator.local:5443/693819fa-2ef1-447f-8eea-64c2e7789825";
+const AGGREGATOR = "https://aggregator.local:5443/419d851a-a6ab-4273-815d-0e59b6b44db4";
 const TF = "/transformations";
 const SVC = "/services";
 
@@ -16,10 +16,10 @@ const TF_ID = "Pacsoi";
 const PARAMS = {};
 
 // Authz configuration
-const USERNAME = "alice@example.com";
+const USERNAME = "alice";
 const PASSWORD = "alice";
 const CLIENT_ID = "demo-client";
-const CLIENT_SECRET = "0XAqVqleHW96DIPzvSzsyfSUOqWv8n2y";
+const CLIENT_SECRET = "SsIyMNGjbKrbcJPHr8gWwc36DdqMGvvd";
 const IDP = "http://localhost:8280";
 const REALM = "quarkus";
 

demo/pacsoi/get-config.ts

@@ -1,13 +1,16 @@
 import { KeycloakOIDCAuth } from "../util.js";
 
-const IDP = "https://pacsoi-idp.faqir.org";
-const REALM = "kvasir";
-const USERNAME = "patient0@example.com";
-const PASSWORD = "1234";
-const CLIENT_ID = "moveup-backend";
-const CLIENT_SECRET = "GD7VyY29Eeim5BWfdTAFJ8FTDW7SeU2g";
-const AGGREGATOR = "https://aggregator.local/18739d56-85ab-4837-a60c-e07df93d6fff";
-const PATH = "/services"; // "", "/services", "/transformations"
+// Authz configuration
+const USERNAME = "alice";
+const PASSWORD = "alice";
+const CLIENT_ID = "demo-client";
+const CLIENT_SECRET = "SsIyMNGjbKrbcJPHr8gWwc36DdqMGvvd";
+const IDP = "http://localhost:8280";
+const REALM = "quarkus";
+
+// Aggregator
+const AGGREGATOR = "https://aggregator.local:5443/419d851a-a6ab-4273-815d-0e59b6b44db4";
+const PATH = "/transformations"; // "", "/services", "/transformations"
 
 async function main() {
   console.log("=== Initializing Keycloak Authentication ===");