Merge branch 'main' into oneOf

Author: CharlesDuboisSAP

.github/workflows/fosstars-report.yml

@@ -22,6 +22,12 @@ jobs:
           distribution: "temurin"
           java-version: ${{ env.JAVA_VERSION }}
           cache: 'maven'
+      - name: Restore CVE Database
+        uses: actions/cache/restore@v4
+        with:
+          path: ${{ env.CVE_CACHE_DIR }}
+          key: ${{ env.CVE_CACHE_KEY }}
+          fail-on-cache-miss: true
 
       - name: "Build SDK"
         run: |

.github/workflows/update-vulnerability-database.yaml

@@ -0,0 +1,62 @@
+name: Update Vulnerability Database
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '42 03 * * MON-FRI' # 03:42 on weekdays, a somewhat random time to avoid producing load spikes on the GH actions infrastructure
+
+env:
+  CVE_CACHE_REF: refs/heads/main
+  CVE_CACHE_KEY: cve-db
+  CVE_CACHE_DIR: ~/.m2/repository/org/owasp/dependency-check-data
+
+jobs:
+  update-vulnerability-database:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ env.CVE_CACHE_REF }}
+      - name: Restore Existing Cache
+        uses: actions/cache/restore@v4
+        with:
+          path: ${{ env.CVE_CACHE_DIR }}
+          key: ${{ env.CVE_CACHE_KEY }}
+
+      - name: Run Maven Plugin
+        run: |
+          mvn org.owasp:dependency-check-maven:10.0.4:update-only -DnvdMaxRetryCount=10 -DnvdApiDelay=15000 -DconnectionTimeout=60000
+        env:
+          NVD_API_KEY: ${{ secrets.NVD_API_KEY }}
+
+      - name: Delete Cache
+        run: |
+          CACHE_IDS=$(gh cache list --key "${{ env.CVE_CACHE_KEY }}" --ref "${{ env.CVE_CACHE_REF }}" --json id | jq -r '.[] | .id')
+          for CACHE_ID in $CACHE_IDS; do
+              echo "Deleting cache with ID: $CACHE_ID"
+              gh cache delete "${CACHE_ID}"
+          done
+        env:
+          GH_TOKEN: ${{ secrets.CLOUD_SDK_AT_SAP_ALL_ACCESS_PAT }}
+
+      - name: Cache CVE Database
+        uses: actions/cache/save@v4
+        with:
+          path: ${{ env.CVE_CACHE_DIR }}
+          key: ${{ env.CVE_CACHE_KEY }}
+
+      # - name: "Slack Notification"
+      #   if: failure()
+      #   uses: slackapi/[email protected]
+      #   with:
+      #     payload: |
+      #       {
+      #         "text": "⚠️ OWASP Update Failed! 😬 Please inspect & fix by clicking <https://github.com/SAP/ai-sdk-java/actions/runs/${{ github.run_id }}|here>"
+      #       }
+      #   env:
+      #     SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK }}
+      #     SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK
+
+

core/src/main/java/com/sap/ai/sdk/core/AiCoreCredentialsInvalidException.java

@@ -0,0 +1,7 @@
+package com.sap.ai.sdk.core;
+
+import lombok.experimental.StandardException;
+
+/** Exception thrown when the JSON AI Core service key is invalid. */
+@StandardException
+class AiCoreCredentialsInvalidException extends RuntimeException {}

core/src/main/java/com/sap/ai/sdk/core/AiCoreDeployment.java

@@ -1,6 +1,6 @@
 package com.sap.ai.sdk.core;
 
-import com.sap.cloud.sdk.cloudplatform.connectivity.Destination;
+import com.sap.cloud.sdk.cloudplatform.connectivity.HttpDestination;
 import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
 import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationNotFoundException;
 import com.sap.cloud.sdk.services.openapi.apiclient.ApiClient;
@@ -30,7 +30,8 @@ public AiCoreDeployment withResourceGroup(@Nonnull final String resourceGroup) {
 
   @Nonnull
   @Override
-  public Destination destination() throws DestinationAccessException, DestinationNotFoundException {
+  public HttpDestination destination()
+      throws DestinationAccessException, DestinationNotFoundException {
     aiCoreService.deploymentId = deploymentId.get();
     return aiCoreService.destination();
   }

core/src/main/java/com/sap/ai/sdk/core/AiCoreService.java

@@ -1,8 +1,5 @@
 package com.sap.ai.sdk.core;
 
-import static com.sap.ai.sdk.core.DestinationResolver.AI_CLIENT_TYPE_KEY;
-import static com.sap.ai.sdk.core.DestinationResolver.AI_CLIENT_TYPE_VALUE;
-
 import com.fasterxml.jackson.annotation.JsonAutoDetect;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.PropertyAccessor;
@@ -12,15 +9,14 @@
 import com.sap.cloud.sdk.cloudplatform.connectivity.DefaultHttpDestination;
 import com.sap.cloud.sdk.cloudplatform.connectivity.Destination;
 import com.sap.cloud.sdk.cloudplatform.connectivity.DestinationProperty;
+import com.sap.cloud.sdk.cloudplatform.connectivity.HttpDestination;
 import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
 import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationNotFoundException;
 import com.sap.cloud.sdk.services.openapi.apiclient.ApiClient;
-import io.github.cdimascio.dotenv.Dotenv;
 import java.util.NoSuchElementException;
 import java.util.function.BiFunction;
 import java.util.function.Function;
 import javax.annotation.Nonnull;
-import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import lombok.val;
 import org.springframework.http.client.BufferingClientHttpRequestFactory;
@@ -31,19 +27,21 @@
 
 /** Connectivity convenience methods for AI Core. */
 @Slf4j
-@RequiredArgsConstructor
 public class AiCoreService implements AiCoreDestination {
-
-  Function<AiCoreService, Destination> baseDestinationHandler;
-  final BiFunction<AiCoreService, Destination, ApiClient> clientHandler;
-  final BiFunction<AiCoreService, Destination, DefaultHttpDestination.Builder> builderHandler;
+  static final String AI_CLIENT_TYPE_KEY = "URL.headers.AI-Client-Type";
+  static final String AI_CLIENT_TYPE_VALUE = "AI SDK Java";
+  static final String AI_RESOURCE_GROUP = "URL.headers.AI-Resource-Group";
 
   private static final DeploymentCache DEPLOYMENT_CACHE = new DeploymentCache();
 
-  private static final String AI_RESOURCE_GROUP = "URL.headers.AI-Resource-Group";
+  @Nonnull private final DestinationResolver destinationResolver;
 
-  /** loads the .env file from the root of the project */
-  private static final Dotenv DOTENV = Dotenv.configure().ignoreIfMissing().load();
+  @Nonnull private Function<AiCoreService, HttpDestination> baseDestinationHandler;
+  @Nonnull private final BiFunction<AiCoreService, HttpDestination, ApiClient> clientHandler;
+
+  @Nonnull
+  private final BiFunction<AiCoreService, HttpDestination, DefaultHttpDestination.Builder>
+      builderHandler;
 
   /** The resource group is defined by AiCoreDeployment.withResourceGroup(). */
   @Nonnull String resourceGroup;
@@ -53,8 +51,16 @@ public class AiCoreService implements AiCoreDestination {
 
   /** The default constructor. */
   public AiCoreService() {
-    this(AiCoreService::getApiClient, AiCoreService::getDestinationBuilder, "default", "");
+    this(new DestinationResolver());
+  }
+
+  AiCoreService(@Nonnull final DestinationResolver destinationResolver) {
+    this.destinationResolver = destinationResolver;
     baseDestinationHandler = AiCoreService::getBaseDestination;
+    clientHandler = AiCoreService::buildApiClient;
+    builderHandler = AiCoreService::getDestinationBuilder;
+    resourceGroup = "default";
+    deploymentId = "";
   }
 
   @Nonnull
@@ -66,7 +72,7 @@ public ApiClient client() {
 
   @Nonnull
   @Override
-  public Destination destination() {
+  public HttpDestination destination() {
     val dest = baseDestinationHandler.apply(this);
     val builder = builderHandler.apply(this, dest);
     if (!deploymentId.isEmpty()) {
@@ -107,7 +113,7 @@ protected void destinationSetHeaders(@Nonnull final DefaultHttpDestination.Build
    * @return The AI Core Service based on the provided destination.
    */
   @Nonnull
-  public AiCoreService withDestination(@Nonnull final Destination destination) {
+  public AiCoreService withDestination(@Nonnull final HttpDestination destination) {
     baseDestinationHandler = service -> destination;
     return this;
   }
@@ -161,10 +167,9 @@ public AiCoreDeployment forDeploymentByScenario(@Nonnull final String scenarioId
    * @throws DestinationNotFoundException If the destination cannot be found.
    */
   @Nonnull
-  protected Destination getBaseDestination()
+  protected HttpDestination getBaseDestination()
       throws DestinationAccessException, DestinationNotFoundException {
-    val serviceKey = DOTENV.get("AICORE_SERVICE_KEY");
-    return DestinationResolver.getDestination(serviceKey);
+    return destinationResolver.getDestination();
   }
 
   /**
@@ -186,14 +191,13 @@ protected DefaultHttpDestination.Builder getDestinationBuilder(
   }
 
   /**
-   * Get a destination using the default service binding loading logic.
+   * Build an {@link ApiClient} that can be used for executing plain REST HTTP calls.
    *
-   * @return The destination.
-   * @throws DestinationAccessException If the destination cannot be accessed.
-   * @throws DestinationNotFoundException If the destination cannot be found.
+   * @param destination The destination to use as basis for the client.
+   * @return The new API client.
    */
   @Nonnull
-  protected ApiClient getApiClient(@Nonnull final Destination destination) {
+  protected ApiClient buildApiClient(@Nonnull final Destination destination) {
     val objectMapper =
         new Jackson2ObjectMapperBuilder()
             .modules(new JavaTimeModule())

core/src/main/java/com/sap/ai/sdk/core/AiCoreServiceKeyAccessor.java

@@ -0,0 +1,89 @@
+package com.sap.ai.sdk.core;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.sap.cloud.environment.servicebinding.api.DefaultServiceBindingBuilder;
+import com.sap.cloud.environment.servicebinding.api.ServiceBinding;
+import com.sap.cloud.environment.servicebinding.api.ServiceBindingAccessor;
+import com.sap.cloud.environment.servicebinding.api.ServiceIdentifier;
+import com.sap.cloud.environment.servicebinding.api.exception.ServiceBindingAccessException;
+import io.github.cdimascio.dotenv.Dotenv;
+import io.github.cdimascio.dotenv.DotenvBuilder;
+import io.vavr.Lazy;
+import java.util.HashMap;
+import java.util.List;
+import javax.annotation.Nonnull;
+import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import lombok.val;
+
+/**
+ * Loads an AI Core service key from the "AICORE_SERVICE_KEY" environment variable with support for
+ * .env files. Will ignore missing or malformed dotenv files.
+ */
+@Slf4j
+@AllArgsConstructor
+class AiCoreServiceKeyAccessor implements ServiceBindingAccessor {
+  static final String ENV_VAR_KEY = "AICORE_SERVICE_KEY";
+
+  private final Lazy<Dotenv> dotenv;
+
+  AiCoreServiceKeyAccessor() {
+    this(Dotenv.configure().ignoreIfMissing().ignoreIfMalformed());
+  }
+
+  AiCoreServiceKeyAccessor(@Nonnull final DotenvBuilder dotenvBuilder) {
+    dotenv = Lazy.of(dotenvBuilder::load);
+  }
+
+  @Nonnull
+  @Override
+  public List<ServiceBinding> getServiceBindings() throws ServiceBindingAccessException {
+    final String serviceKey;
+    try {
+      serviceKey = dotenv.get().get(ENV_VAR_KEY);
+    } catch (Exception e) {
+      throw new ServiceBindingAccessException("Failed to load service key from environment", e);
+    }
+    if (serviceKey == null) {
+      log.debug("No service key found in environment variable {}", ENV_VAR_KEY);
+      return List.of();
+    }
+    log.info(
+        """
+        Found a service key in environment variable {}.
+        Using a service key is recommended for local testing only.
+        Bind the AI Core service to the application for productive usage.
+        """,
+        ENV_VAR_KEY);
+
+    val binding = createServiceBinding(serviceKey);
+    return List.of(binding);
+  }
+
+  static ServiceBinding createServiceBinding(@Nonnull final String serviceKey)
+      throws ServiceBindingAccessException {
+    final HashMap<String, Object> credentials;
+    try {
+      credentials = new ObjectMapper().readValue(serviceKey, new TypeReference<>() {});
+    } catch (JsonProcessingException e) {
+      throw new ServiceBindingAccessException(
+          new AiCoreCredentialsInvalidException(
+              "Error in parsing service key from the " + ENV_VAR_KEY + " environment variable.",
+              e));
+    }
+    if (credentials.get("clientid") == null) {
+      // explicitly check for the client ID to improve the error message
+      // otherwise we get a rather generic DestinationNotFoundException error that none of the
+      // loaders matched the binding
+      throw new ServiceBindingAccessException(
+          new AiCoreCredentialsInvalidException("Missing clientid in service key"));
+    }
+
+    return new DefaultServiceBindingBuilder()
+        .withServiceIdentifier(ServiceIdentifier.AI_CORE)
+        .withCredentials(credentials)
+        .build();
+  }
+}