Add support for restricted data stores

- Also move the reusable security bits to a new module

Ref: wanaku-ai/wanaku#640

Author: orpiske

capabilities-bom/pom.xml

@@ -46,6 +46,11 @@
                 <artifactId>capabilities-services-client</artifactId>
                 <version>${project.version}</version>
             </dependency>
+            <dependency>
+                <groupId>ai.wanaku.sdk</groupId>
+                <artifactId>capabilities-security</artifactId>
+                <version>${project.version}</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

…onfig/DefaultDiscoveryServiceConfig.java …/common/config/DefaultServiceConfig.javacapabilities-discovery/src/main/java/ai/wanaku/capabilities/sdk/discovery/config/DefaultDiscoveryServiceConfig.java renamed to capabilities-common/src/main/java/ai/wanaku/capabilities/sdk/common/config/DefaultServiceConfig.java capabilities-discovery/src/main/java/ai/wanaku/capabilities/sdk/discovery/config/DefaultDiscoveryServiceConfig.java renamed to capabilities-common/src/main/java/ai/wanaku/capabilities/sdk/common/config/DefaultServiceConfig.java

@@ -1,13 +1,13 @@
-package ai.wanaku.capabilities.sdk.discovery.config;
+package ai.wanaku.capabilities.sdk.common.config;
 
 import ai.wanaku.capabilities.sdk.common.serializer.Serializer;
 
 /**
- * Default implementation of {@link DiscoveryServiceConfig} providing configuration
- * for the Discovery Service including authentication and serialization settings.
+ * Default implementation of {@link ServiceConfig} providing configuration
+ * for the services including authentication and serialization settings.
  * This class uses a builder pattern for easy instantiation.
  */
-public class DefaultDiscoveryServiceConfig implements DiscoveryServiceConfig {
+public class DefaultServiceConfig implements ServiceConfig {
 
     private final String baseUrl;
     private final Serializer serializer;
@@ -20,7 +20,7 @@ public class DefaultDiscoveryServiceConfig implements DiscoveryServiceConfig {
      *
      * @param builder The builder instance containing the configuration parameters.
      */
-    private DefaultDiscoveryServiceConfig(Builder builder) {
+    private DefaultServiceConfig(Builder builder) {
         this.baseUrl = builder.baseUrl;
         this.serializer = builder.serializer;
         this.clientId = builder.clientId;
@@ -63,7 +63,7 @@ public String getTokenEndpoint() {
     }
 
     /**
-     * Builder class for {@link DefaultDiscoveryServiceConfig}.
+     * Builder class for {@link DefaultServiceConfig}.
      */
     public static class Builder {
         private String baseUrl;
@@ -73,7 +73,7 @@ public static class Builder {
         private String tokenEndpoint;
 
         /**
-         * Sets the base URL for the Discovery Service.
+         * Sets the base URL for the Service.
          *
          * @param baseUrl The base URL.
          * @return The builder instance.
@@ -137,12 +137,12 @@ public static Builder newBuilder() {
         }
 
         /**
-         * Builds a {@link DefaultDiscoveryServiceConfig} instance with the configured parameters.
+         * Builds a {@link DefaultServiceConfig} instance with the configured parameters.
          *
-         * @return A new {@link DefaultDiscoveryServiceConfig} instance.
+         * @return A new {@link DefaultServiceConfig} instance.
          */
-        public DefaultDiscoveryServiceConfig build() {
-            return new DefaultDiscoveryServiceConfig(this);
+        public DefaultServiceConfig build() {
+            return new DefaultServiceConfig(this);
         }
     }
 }

…ervices/config/ServicesClientConfig.java …ies/sdk/common/config/ServiceConfig.javacapabilities-services-client/src/main/java/ai/wanaku/capabilities/sdk/services/config/ServicesClientConfig.java renamed to capabilities-common/src/main/java/ai/wanaku/capabilities/sdk/common/config/ServiceConfig.java capabilities-services-client/src/main/java/ai/wanaku/capabilities/sdk/services/config/ServicesClientConfig.java renamed to capabilities-common/src/main/java/ai/wanaku/capabilities/sdk/common/config/ServiceConfig.java

@@ -1,21 +1,21 @@
-package ai.wanaku.capabilities.sdk.services.config;
+package ai.wanaku.capabilities.sdk.common.config;
 
 import ai.wanaku.capabilities.sdk.common.serializer.Serializer;
+import ai.wanaku.capabilities.sdk.common.security.SecurityServiceConfig;
 
 /**
- * Configuration interface for the Services Client, defining essential parameters
+ * Configuration interface for the Discovery Service, defining essential parameters
  * like the base URL and the serializer to be used for communication.
  */
-public interface ServicesClientConfig {
+public interface ServiceConfig extends SecurityServiceConfig {
     /**
-     * Returns the base URL of the Wanaku Services API.
+     * Returns the base URL of the Discovery Service API.
      *
      * @return The base URL as a {@code String}.
      */
     String getBaseUrl();
-
     /**
-     * Returns the {@link Serializer} instance used for serializing data sent to the Services API.
+     * Returns the {@link Serializer} instance used for serializing data sent to the Discovery Service.
      *
      * @return The {@link Serializer} instance.
      */

capabilities-common/src/main/java/ai/wanaku/capabilities/sdk/common/security/SecurityServiceConfig.java

@@ -0,0 +1,28 @@
+package ai.wanaku.capabilities.sdk.common.security;
+
+/**
+ * Common Security configuration
+ */
+public interface SecurityServiceConfig {
+
+    /**
+     * Returns the client ID used for authentication with the Discovery Service.
+     *
+     * @return The client ID as a {@code String}.
+     */
+    String getClientId();
+
+    /**
+     * Returns the secret used for authentication with the Discovery Service.
+     *
+     * @return The secret as a {@code String}.
+     */
+    String getSecret();
+
+    /**
+     * Returns the URL for the OpenID Connect token endpoint (e.g., http://address/.well-known/openid-configuration).
+     *
+     * @return The OpenID Connect token endpoint as a {@code String}.
+     */
+    String getTokenEndpoint();
+}

capabilities-discovery/pom.xml

@@ -27,8 +27,9 @@
         </dependency>
 
         <dependency>
-            <groupId>com.nimbusds</groupId>
-            <artifactId>oauth2-oidc-sdk</artifactId>
+            <groupId>ai.wanaku.sdk</groupId>
+            <artifactId>capabilities-security</artifactId>
+            <version>${project.version}</version>
         </dependency>
     </dependencies>
 

capabilities-discovery/src/main/java/ai/wanaku/capabilities/sdk/discovery/DiscoveryServiceHttpClient.java

@@ -5,9 +5,10 @@
 import ai.wanaku.api.exceptions.WanakuException;
 import ai.wanaku.api.types.discovery.ServiceState;
 import ai.wanaku.api.types.providers.ServiceTarget;
-import ai.wanaku.capabilities.sdk.discovery.config.DiscoveryServiceConfig;
+import ai.wanaku.capabilities.sdk.common.config.ServiceConfig;
 import ai.wanaku.capabilities.sdk.discovery.exceptions.InvalidResponseDataException;
 import ai.wanaku.capabilities.sdk.common.serializer.Serializer;
+import ai.wanaku.capabilities.sdk.security.ServiceAuthenticator;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import java.io.IOException;
 import java.net.URI;
@@ -30,29 +31,29 @@ public class DiscoveryServiceHttpClient {
 
     private final String serviceBasePath = "/api/v1/management/discovery";
 
-    private final DiscoveryAuthenticator discoveryAuthenticator;
+    private final ServiceAuthenticator serviceAuthenticator;
 
     /**
      * Constructs a {@code DiscoveryServiceHttpClient} with the given configuration.
      *
-     * @param config The {@link DiscoveryServiceConfig} containing base URL and serializer.
+     * @param config The {@link ServiceConfig} containing base URL and serializer.
      */
-    public DiscoveryServiceHttpClient(DiscoveryServiceConfig config) {
+    public DiscoveryServiceHttpClient(ServiceConfig config) {
         this.httpClient = HttpClient.newHttpClient();
 
         this.baseUrl = sanitize(config);
         this.serializer = config.getSerializer();
 
-        discoveryAuthenticator = new DiscoveryAuthenticator(config);
+        serviceAuthenticator = new ServiceAuthenticator(config);
     }
 
     /**
      * Sanitizes the base URL from the configuration by removing a trailing slash if present.
      *
-     * @param config The {@link DiscoveryServiceConfig} to sanitize the base URL from.
+     * @param config The {@link ServiceConfig} to sanitize the base URL from.
      * @return The sanitized base URL.
      */
-    private static String sanitize(DiscoveryServiceConfig config) {
+    private static String sanitize(ServiceConfig config) {
         // Ensure baseUrl doesn't have a trailing slash to prevent double slashes
         return config.getBaseUrl() != null && config.getBaseUrl().endsWith("/") ?
                 config.getBaseUrl().substring(0, config.getBaseUrl().length() - 1) : config.getBaseUrl();
@@ -76,7 +77,7 @@ private HttpResponse<String> executePost(String operationPath, ServiceTarget ser
                     .uri(uri)
                     .header("Content-Type", MediaType.APPLICATION_JSON)
                     .header("Accept", MediaType.WILDCARD)
-                    .header("Authorization", discoveryAuthenticator.toHeaderValue())
+                    .header("Authorization", serviceAuthenticator.toHeaderValue())
                     .POST(HttpRequest.BodyPublishers.ofString(jsonRequestBody))
                     .build();
 
@@ -125,7 +126,7 @@ public HttpResponse<String> ping(String id) {
 
             HttpRequest request = HttpRequest.newBuilder()
                     .uri(uri)
-                    .header("Authorization", discoveryAuthenticator.toHeaderValue())
+                    .header("Authorization", serviceAuthenticator.toHeaderValue())
                     .POST(HttpRequest.BodyPublishers.ofString(id))
                     .build();
 
@@ -152,7 +153,7 @@ public HttpResponse<String> updateState(String id, ServiceState serviceState) {
                     .uri(uri)
                     .header("Content-Type", MediaType.APPLICATION_JSON)
                     .header("Accept", MediaType.WILDCARD)
-                    .header("Authorization", discoveryAuthenticator.toHeaderValue())
+                    .header("Authorization", serviceAuthenticator.toHeaderValue())
                     .POST(HttpRequest.BodyPublishers.ofString(jsonRequestBody))
                     .build();
 

capabilities-discovery/src/main/java/ai/wanaku/capabilities/sdk/discovery/config/DiscoveryServiceConfig.java

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>ai.wanaku.sdk</groupId>
+        <artifactId>capabilities-parent</artifactId>
+        <version>0.0.9-SNAPSHOT</version>
+        <relativePath>../capabilities-parent/pom.xml</relativePath>
+    </parent>
+
+    <artifactId>capabilities-security</artifactId>
+
+    <name>Wanaku Capabilities SDK :: Security</name>
+
+    <dependencies>
+        <dependency>
+            <groupId>ai.wanaku.sdk</groupId>
+            <artifactId>capabilities-common</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>com.nimbusds</groupId>
+            <artifactId>oauth2-oidc-sdk</artifactId>
+        </dependency>
+    </dependencies>
+</project>