diff --git a/client-cli/README.md b/client-cli/README.md index 83f9f2fe..4ded3db0 100644 --- a/client-cli/README.md +++ b/client-cli/README.md @@ -16,7 +16,7 @@ For example, to list dataspace participants: ``` java -jar client-cli/build/libs/registration-service-cli.jar \ - -s=http://localhost:8181/api \ + -s=http://localhost:8182/authority \ participants list ``` diff --git a/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/RegistrationServiceCli.java b/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/RegistrationServiceCli.java index 29e7047d..f5ac0d15 100644 --- a/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/RegistrationServiceCli.java +++ b/client-cli/src/main/java/org/eclipse/dataspaceconnector/registration/cli/RegistrationServiceCli.java @@ -25,7 +25,7 @@ ParticipantsCommand.class }) public class RegistrationServiceCli { - @CommandLine.Option(names = "-s", required = true, description = "Registration service URL", defaultValue = "http://localhost:8181/api") + @CommandLine.Option(names = "-s", required = true, description = "Registration service URL", defaultValue = "http://localhost:8182/authority") String service; RegistryApi registryApiClient; diff --git a/docker-compose.yml b/docker-compose.yml index f2403e68..82f474cb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,6 +8,8 @@ services: JVM_ARGS: "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005" environment: EDC_API_AUTH_KEY: ApiKeyDefaultValue + WEB_HTTP_AUTHORITY_PORT: 8182 + WEB_HTTP_AUTHORITY_PATH: /authority ports: - - "8181:8181" + - "8182:8182" - "5005:5005" diff --git a/docs/developer/decision-records/2022-06-29-http-ports/README.md b/docs/developer/decision-records/2022-06-29-http-ports/README.md new file mode 100644 index 00000000..3d9fe9b0 --- /dev/null +++ b/docs/developer/decision-records/2022-06-29-http-ports/README.md @@ -0,0 +1,27 @@ +# HTTP Ports + +## Decision + +The EDC `default` web context is deployed on HTTP port `8181`. This context contains the health endpoint at `http://localhost:8181/api/check/health`. + +The Registration Service REST Controller is deployed in a additional EDC web context named `authority`. + +The port mapping and REST URL path for this context must be specified in deployment. + +For example in Docker Compose: + +``` + environment: + WEB_HTTP_AUTHORITY_PORT: 8182 + WEB_HTTP_AUTHORITY_PATH: /authority +``` + +This makes the List Participants endpoint available at `http://localhost:8182/authority/registry/participants`. + +## Rationale + +DID-based JWS authentication will be used for the Registration Service controller, using a JAX-RS filter. + +However, for docker health check (used in `docker-compose up --wait` in CI to wait until containers have successfully started), we use `curl` to access the health endpoint, which is deployed in the EDC default context. Therefore, we do not want to apply our authentication filter to the `default` context, and need to introduce an additional context for the API controller. + +It is also good practice not to expose health and management endpoints to public access. Deploying them on a different ports allow deployments to expose their port on internal routes only. diff --git a/extensions/registration-service/src/main/java/org/eclipse/dataspaceconnector/registration/RegistrationServiceExtension.java b/extensions/registration-service/src/main/java/org/eclipse/dataspaceconnector/registration/RegistrationServiceExtension.java index dd4c0ffe..5ec19cf5 100644 --- a/extensions/registration-service/src/main/java/org/eclipse/dataspaceconnector/registration/RegistrationServiceExtension.java +++ b/extensions/registration-service/src/main/java/org/eclipse/dataspaceconnector/registration/RegistrationServiceExtension.java @@ -22,6 +22,7 @@ import org.eclipse.dataspaceconnector.registration.store.InMemoryParticipantStore; import org.eclipse.dataspaceconnector.registration.store.spi.ParticipantStore; import org.eclipse.dataspaceconnector.spi.WebService; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.eclipse.dataspaceconnector.spi.system.ExecutorInstrumentation; import org.eclipse.dataspaceconnector.spi.system.Inject; import org.eclipse.dataspaceconnector.spi.system.Provider; @@ -33,6 +34,11 @@ */ public class RegistrationServiceExtension implements ServiceExtension { + public static final String CONTEXT_ALIAS = "authority"; + + @Inject + private Monitor monitor; + @Inject private WebService webService; @@ -49,12 +55,11 @@ public class RegistrationServiceExtension implements ServiceExtension { @Override public void initialize(ServiceExtensionContext context) { - var monitor = context.getMonitor(); participantManager = new ParticipantManager(monitor, participantStore, credentialsVerifier, executorInstrumentation); var registrationService = new RegistrationService(monitor, participantStore); - webService.registerResource(new RegistrationApiController(registrationService)); + webService.registerResource(CONTEXT_ALIAS, new RegistrationApiController(registrationService)); } @Override diff --git a/launcher/Dockerfile b/launcher/Dockerfile index 68a4f2a6..3447cd4f 100644 --- a/launcher/Dockerfile +++ b/launcher/Dockerfile @@ -12,10 +12,10 @@ RUN apt update \ WORKDIR /app COPY ./build/libs/app.jar /app -EXPOSE 8181 +EXPOSE 8182 # health status is determined by the availability of the /health endpoint -HEALTHCHECK --interval=5s --timeout=5s --retries=10 CMD curl -H "X-Api-Key: $EDC_API_AUTH_KEY" --fail http://localhost:8181/api/check/health +HEALTHCHECK --interval=5s --timeout=5s --retries=10 CMD curl --fail http://localhost:8181/api/check/health ENV WEB_HTTP_PORT="8181" ENV WEB_HTTP_PATH="/api" diff --git a/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiClientTest.java b/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiClientTest.java index 42248148..c06d5cbf 100644 --- a/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiClientTest.java +++ b/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiClientTest.java @@ -23,7 +23,7 @@ @IntegrationTest public class RegistrationApiClientTest { - static final String API_URL = "http://localhost:8181/api"; + static final String API_URL = "http://localhost:8182/authority"; ApiClient apiClient = ApiClientFactory.createApiClient(API_URL); RegistryApi api = new RegistryApi(apiClient); diff --git a/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiCommandLineClientTest.java b/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiCommandLineClientTest.java index 9ab4213f..77d99afd 100644 --- a/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiCommandLineClientTest.java +++ b/system-tests/src/test/java/org/eclipse/dataspaceconnector/registration/client/RegistrationApiCommandLineClientTest.java @@ -31,8 +31,6 @@ @IntegrationTest public class RegistrationApiCommandLineClientTest { - static final String API_URL = "http://localhost:8181/api"; - static final ObjectMapper MAPPER = new ObjectMapper(); Participant participant = createParticipant(); @@ -44,7 +42,7 @@ void listParticipants() throws Exception { var request = MAPPER.writeValueAsString(participant); - var addCmdExitCode = cmd.execute("-s", API_URL, "participants", "add", "--request", request); + var addCmdExitCode = cmd.execute("participants", "add", "--request", request); assertThat(addCmdExitCode).isEqualTo(0); assertThat(getParticipants(cmd)).contains(participant); }