remove poc bits

Author: ikethecoder

src/controllers/sdx/v1/OrgKeysController.ts

@@ -26,7 +26,6 @@ import { CreateNamespaceForRuntimeGroup } from '../../../services/workflow/creat
 import { assertEqual } from '../../ioc/assert';
 import { KeystoneService } from '../../ioc/keystoneInjector';
 import { RuntimeGroupInput } from './types';
-import { context } from 'msw';
 
 /**
  * Runtime Group Controller

src/controllers/sdx/v1/OrgRuntimeGroupController.ts

@@ -148,7 +148,6 @@ for (const _list of [
   'Product',
   'RuntimeGroup',
   'ServiceAccess',
-  'ServiceConnection',
   'Subsystem',
   'TemporaryIdentity',
   'User',

src/lists/ServiceConnection.js

@@ -19,11 +19,6 @@ const logger = Logger('batch.runtime-group');
 
 class RuntimeGroupService {
   validateRuntimeGroup = (name: string): void => {
-    logger.debug(
-      '[validateRuntimeGroup] validating runtime group name: %s',
-      name
-    );
-
     regExprValidation(
       '^[a-z0-9]{3,8}$',
       name,

src/server.ts

@@ -8,15 +8,18 @@ import {
   ServiceClient,
 } from '../catalog';
 
-export interface SDXP2PConsumerPatternConfig extends Record<string, string> {
+interface ConsumerUpgrades {
+  sign: {};
+  verify: {};
+}
+
+export interface SDXP2PConsumerPatternConfig extends Record<string, any> {
   organization: string;
   conn_id: string;
   client_id: string;
   service_id: string;
-  upgrades: string;
+  upgrades: ConsumerUpgrades;
   tls_verify?: string;
-  token_exchange_token_endpoint?: string;
-  token_exchange_client_id?: string;
 }
 
 export interface SDXP2PConsumerPatternData {
@@ -59,7 +62,7 @@ export const SDXP2PConsumerPattern = {
     };
   },
 
-  eval: (inputs: Record<string, string>, data: SDXP2PConsumerPatternData) => {
+  eval: (inputs: Record<string, any>, data: SDXP2PConsumerPatternData) => {
     const serviceLocator = data.service.name;
 
     const clientLocator = data.client.subsystem.clientId;
@@ -72,9 +75,9 @@ export const SDXP2PConsumerPattern = {
     const tags = [`ns.${consumerGateway}.${inputs.conn_id}.c`, 'sdx'];
     const name = `sdx.p2p.${inputs.conn_id}.c.${serviceLocator}`;
 
-    const upgrades = inputs.upgrades || '';
+    const upgrades: ConsumerUpgrades = inputs.upgrades || {};
 
-    const config1 = {
+    const config = {
       kind: 'GatewayService',
       name,
       retries: 0,
@@ -94,20 +97,20 @@ export const SDXP2PConsumerPattern = {
       url: data.service.subsystem.runtimeGroup.sdxEndpoint,
       plugins: [
         ...[transformer(tags, data)],
-        ...(upgrades.includes('edge-sign')
+        ...(upgrades.hasOwnProperty('sign')
           ? [upgradeToTrustSign(tags, data)]
           : []),
-        ...(upgrades.includes('edge-verify')
+        ...(upgrades.hasOwnProperty('verify')
           ? [upgradeToTrustVerify(tags, data)]
           : []),
       ],
     } as any;
 
     if (inputs.tls_verify) {
-      config1['tls_verify'] = inputs.tls_verify === 'false' ? false : true;
+      config['tls_verify'] = inputs.tls_verify === 'false' ? false : true;
     }
 
-    return [config1] as any[];
+    return [config] as any[];
   },
 };
 

src/services/batch/runtime-group.ts

@@ -13,23 +13,29 @@ import { Logger } from '../../../logger';
 
 const logger = Logger('sdx-p2p-provider-pattern');
 
+// TODO: clean this up a bit!
+const SDX_KONG_URL =
+  process.env.SDX_KONG_URL || 'http://sdx-konghc-kong-admin:8001';
+
+interface ProviderUpgrades {
+  sign: {};
+  verify: {};
+  token_exchange: {
+    token_endpoint: string;
+    client_id: string;
+    scopes: string[];
+    audience: string;
+  };
+}
+
 export interface SDXP2PProviderPatternConfig extends Record<string, any> {
   organization: string;
   conn_id: string;
   client_id: string;
   service_id: string;
   upstream_url: string;
-  upgrades: string;
+  upgrades: ProviderUpgrades;
   use_sni: string;
-  kms_key_id?: string;
-  upgrade_config: {
-    token_exchange: {
-      token_endpoint: string;
-      client_id: string;
-      scopes: string[];
-      audience: string;
-    };
-  };
 }
 
 export interface SDXP2PProviderPatternData {
@@ -75,7 +81,7 @@ export const SDXP2PProviderPattern = {
 
     let key: KongKey = undefined;
     if (upgrades.includes('org-kms-sign')) {
-      const keys = new KongKeys('http://sdx-konghc-kong-admin:8001');
+      const keys = new KongKeys(SDX_KONG_URL);
 
       key = await keys.getKeyByName(name);
 
@@ -90,7 +96,7 @@ export const SDXP2PProviderPattern = {
     };
   },
 
-  eval: (inputs: Record<string, string>, data: SDXP2PProviderPatternData) => {
+  eval: (inputs: Record<string, any>, data: SDXP2PProviderPatternData) => {
     const serviceLocator = data.service.name;
     const serviceHost = data.service.subsystem.runtimeGroup.host;
 
@@ -103,7 +109,7 @@ export const SDXP2PProviderPattern = {
 
     const upstreamUrl = inputs.upstream_url;
 
-    const upgrades = inputs.upgrades || '';
+    const upgrades: ProviderUpgrades = inputs.upgrades || {};
 
     return [
       {
@@ -153,20 +159,13 @@ export const SDXP2PProviderPattern = {
         tags: [...tags, `service:${serviceLocator}`, `client:${clientLocator}`],
         url: upstreamUrl,
         plugins: [
-          ...(upgrades.includes('edge-sign')
+          ...(upgrades.hasOwnProperty('sign')
             ? [upgradeToTrustSign(tags, data)]
             : []),
-          ...(upgrades.includes('edge-verify')
+          ...(upgrades.hasOwnProperty('verify')
             ? [upgradeToTrustVerify(tags, data)]
             : []),
-          ...(upgrades.includes('org-kms-sign')
-            ? [upgradeToTrustKMSSign(tags, data)]
-            : []),
-          ...(upgrades.includes('timestamp')
-            ? [upgradeToTimestamp(tags, data)]
-            : []),
-          ...(upgrades.includes('ledger') ? [upgradeToLedger(tags, data)] : []),
-          ...(upgrades.includes('token-exchange')
+          ...(upgrades.hasOwnProperty('token_exchange')
             ? [
                 upgradeToTokenExchange(
                   tags,
@@ -213,65 +212,27 @@ function upgradeToTrustVerify(tags: string[], data: SDXP2PProviderPatternData) {
   };
 }
 
-function upgradeToTrustKMSSign(
-  tags: string[],
-  data: SDXP2PProviderPatternData
-) {
-  if (data.key == null) {
-    logger.warn('Unable to configure trust KMS - no key found');
-  }
-  return {
-    name: 'trust-kms',
-    tags: tags,
-    config: {
-      direction: 'response',
-      operation: 'sign',
-      signature_header_key: 'X-Edge-Token',
-      key_id: data.key?.kid,
-    },
-  };
-}
-
-function upgradeToTimestamp(tags: string[], data: SDXP2PProviderPatternData) {
-  return {
-    name: 'trust-timestamp',
-    tags: tags,
-    config: {
-      endpoint_url: 'https://freetsa.org/tsr',
-      policy_oid: '1.2.1.2.1',
-    },
-  };
-}
-
-function upgradeToLedger(tags: string[], data: SDXP2PProviderPatternData) {
-  return {
-    name: 'trust-ledger',
-    tags: tags,
-    config: {
-      endpoint_url: 'https://rekor.sigstore.dev',
-      provider: 'rekor',
-    },
-  };
-}
-
 function upgradeToTokenExchange(
   tags: string[],
   data: SDXP2PProviderPatternData,
   inputs: SDXP2PProviderPatternConfig
 ) {
+  const tokenExchangeConfig = inputs.upgrades.token_exchange;
+
   const kid = `urn:ca:bc:sdx:edge:${data.service.subsystem.runtimeGroup.name}:edge`;
+
   return {
     name: 'token-exchange',
     tags: tags,
     config: {
-      token_endpoint: inputs.upgrade_config?.token_exchange?.token_endpoint,
-      client_id: inputs.upgrade_config?.token_exchange?.client_id,
+      client_id: tokenExchangeConfig?.client_id,
+      token_endpoint: tokenExchangeConfig?.token_endpoint,
+      scopes: tokenExchangeConfig?.scopes,
+      audience: tokenExchangeConfig?.audience,
+      key_id: kid,
       private_key_location: '/etc/secrets/sdx-edge-signing-cert/tls.key',
       algorithm: 'ES256',
       expiration: 60,
-      key_id: kid,
-      scopes: inputs.upgrade_config?.token_exchange?.scopes,
-      audience: inputs.upgrade_config?.token_exchange?.audience,
     },
   };
 }