eclipse-edc
diff --git a/‎extensions/common/s3-copy-lib/src/main/java/org/eclipse/edc/aws/s3/copy/lib/S3CopyUtils.java‎
Lines changed: 16 additions & 12 deletions b/‎extensions/common/s3-copy-lib/src/main/java/org/eclipse/edc/aws/s3/copy/lib/S3CopyUtils.java‎
Lines changed: 16 additions & 12 deletions
diff --git a/‎extensions/control-plane/provision/provision-aws-s3-copy/build.gradle.kts‎
Lines changed: 1 addition & 0 deletions b/‎extensions/control-plane/provision/provision-aws-s3-copy/build.gradle.kts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/AwsS3CopyProvisionExtension.java‎
Lines changed: 5 additions & 1 deletion b/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/AwsS3CopyProvisionExtension.java‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyDeprovisionPipeline.java‎
Lines changed: 16 additions & 6 deletions b/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyDeprovisionPipeline.java‎
Lines changed: 16 additions & 6 deletions
diff --git a/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyProvisionPipeline.java‎
Lines changed: 17 additions & 6 deletions b/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyProvisionPipeline.java‎
Lines changed: 17 additions & 6 deletions
diff --git a/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyProvisioner.java‎
Lines changed: 7 additions & 2 deletions b/‎extensions/control-plane/provision/provision-aws-s3-copy/src/main/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyProvisioner.java‎
Lines changed: 7 additions & 2 deletions
diff --git a/‎extensions/control-plane/provision/provision-aws-s3-copy/src/test/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyProvisionerTest.java‎
Lines changed: 13 additions & 7 deletions b/‎extensions/control-plane/provision/provision-aws-s3-copy/src/test/java/org/eclipse/edc/connector/provision/aws/s3/copy/S3CopyProvisionerTest.java‎
Lines changed: 13 additions & 7 deletions
diff --git a/‎extensions/data-plane/data-plane-aws-s3-copy/build.gradle.kts‎
Lines changed: 1 addition & 0 deletions b/‎extensions/data-plane/data-plane-aws-s3-copy/build.gradle.kts‎
Lines changed: 1 addition & 0 deletions
@@ -18,7 +18,8 @@
 import org.eclipse.edc.aws.s3.AwsTemporarySecretToken;
 import org.eclipse.edc.aws.s3.spi.S3BucketSchema;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.SecretToken;
-import org.eclipse.edc.spi.result.Result;
+import org.eclipse.edc.participantcontext.spi.service.ParticipantContextSupplier;
+import org.eclipse.edc.spi.result.ServiceResult;
 import org.eclipse.edc.spi.security.Vault;
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.edc.spi.types.domain.DataAddress;
@@ -98,27 +99,30 @@ private static boolean sameEndpointOverride(String source, String destination) {
      * @param typeManager type manager required for deserialization
      * @return result containing the deserialized secret token or an error message
      */
-    public static Result<SecretToken> getSecretTokenFromVault(String secretKeyName, Vault vault, TypeManager typeManager) {
-        return ofNullable(secretKeyName)
-                .filter(keyName -> !StringUtils.isNullOrBlank(keyName))
-                .map(vault::resolveSecret)
-                .filter(secret -> !StringUtils.isNullOrBlank(secret))
-                .map(secret -> deserializeSecretToken(secret, typeManager))
-                .orElse(Result.failure(format("Failed to resolve secret with key '%s'", secretKeyName)));
+    public static ServiceResult<SecretToken> getSecretTokenFromVault(ParticipantContextSupplier participantContextSupplier,
+                                                                     String secretKeyName, Vault vault, TypeManager typeManager) {
+        return participantContextSupplier.get()
+                .compose(participantContext -> ofNullable(secretKeyName)
+                        .filter(keyName -> !StringUtils.isNullOrBlank(keyName))
+                        .map(s -> vault.resolveSecret(participantContext.getParticipantContextId(), s))
+                        .filter(secret -> !StringUtils.isNullOrBlank(secret))
+                        .map(secret -> deserializeSecretToken(secret, typeManager))
+                        .orElse(ServiceResult.unexpected(format("Failed to resolve secret with key '%s'", secretKeyName)))
+                );
     }
 
-    private static Result<SecretToken> deserializeSecretToken(String secret, TypeManager typeManager) {
+    private static ServiceResult<SecretToken> deserializeSecretToken(String secret, TypeManager typeManager) {
         try {
             var objectMapper = typeManager.getMapper();
             var tree = objectMapper.readTree(secret);
 
             if (tree.has("sessionToken")) {
-                return Result.success(objectMapper.treeToValue(tree, AwsTemporarySecretToken.class));
+                return ServiceResult.success(objectMapper.treeToValue(tree, AwsTemporarySecretToken.class));
             } else {
-                return Result.success(objectMapper.treeToValue(tree, AwsSecretToken.class));
+                return ServiceResult.success(objectMapper.treeToValue(tree, AwsSecretToken.class));
             }
         } catch (Exception e) {
-            return Result.failure(format("Failed to parse AWS secret token: %s", e.getMessage()));
+            return ServiceResult.unexpected(format("Failed to parse AWS secret token: %s", e.getMessage()));
         }
     }
 
 
@@ -17,6 +17,7 @@ plugins {
 }
 
 dependencies {
+    api(libs.edc.spi.participant.context.single)
     implementation(libs.edc.spi.controlplane)
     implementation(libs.edc.lib.util)
     implementation(project(":extensions:common:aws:aws-s3-core"))
 
@@ -20,6 +20,7 @@
 import org.eclipse.edc.connector.controlplane.transfer.spi.provision.ProvisionManager;
 import org.eclipse.edc.connector.controlplane.transfer.spi.provision.Provisioner;
 import org.eclipse.edc.connector.controlplane.transfer.spi.provision.ResourceManifestGenerator;
+import org.eclipse.edc.participantcontext.single.spi.SingleParticipantContextSupplier;
 import org.eclipse.edc.runtime.metamodel.annotation.Extension;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Setting;
@@ -56,6 +57,8 @@ public class AwsS3CopyProvisionExtension implements ServiceExtension {
     private ResourceManifestGenerator manifestGenerator;
     @Inject
     private ProvisionManager provisionManager;
+    @Inject
+    private SingleParticipantContextSupplier singleParticipantContextSupplier;
 
     @Override
     public String name() {
@@ -66,7 +69,8 @@ public String name() {
     public void initialize(ServiceExtensionContext context) {
         manifestGenerator.registerGenerator(new S3CopyResourceDefinitionGenerator());
 
-        var provisioner = new S3CopyProvisioner(clientProvider, vault, retryPolicy, typeManager, monitor, context.getComponentId(), maxRetries, maxRoleSessionDuration);
+        var provisioner = new S3CopyProvisioner(clientProvider, vault, retryPolicy, typeManager, monitor,
+                context.getComponentId(), maxRetries, maxRoleSessionDuration, singleParticipantContextSupplier);
         provisionManager.register(provisioner);
 
         registerTypes(typeManager);
 
@@ -22,6 +22,7 @@
 import org.eclipse.edc.aws.s3.AwsClientProvider;
 import org.eclipse.edc.aws.s3.S3ClientRequest;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.DeprovisionedResource;
+import org.eclipse.edc.participantcontext.spi.service.ParticipantContextSupplier;
 import org.eclipse.edc.spi.EdcException;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.security.Vault;
@@ -61,18 +62,21 @@ public class S3CopyDeprovisionPipeline {
     private final RetryPolicy<Object> retryPolicy;
     private final TypeManager typeManager;
     private final Monitor monitor;
-    
-    private S3CopyDeprovisionPipeline(AwsClientProvider clientProvider, Vault vault, RetryPolicy<Object> retryPolicy, TypeManager typeManager, Monitor monitor) {
+    private final ParticipantContextSupplier participantContextSupplier;
+
+    private S3CopyDeprovisionPipeline(AwsClientProvider clientProvider, Vault vault, RetryPolicy<Object> retryPolicy,
+                                      TypeManager typeManager, Monitor monitor, ParticipantContextSupplier participantContextSupplier) {
         this.clientProvider = clientProvider;
         this.vault = vault;
         this.retryPolicy = retryPolicy;
         this.typeManager = typeManager;
         this.monitor = monitor;
+        this.participantContextSupplier = participantContextSupplier;
     }
 
     public CompletableFuture<DeprovisionedResource> deprovision(S3CopyProvisionedResource provisionedResource) {
         // create S3 client for destination account -> update S3 bucket policy
-        var secretTokenResult = getSecretTokenFromVault(provisionedResource.getDestinationKeyName(), vault, typeManager);
+        var secretTokenResult = getSecretTokenFromVault(participantContextSupplier, provisionedResource.getDestinationKeyName(), vault, typeManager);
         if (secretTokenResult.failed()) {
             return failedFuture(new EdcException(secretTokenResult.getFailureDetail()));
         }
@@ -176,7 +180,8 @@ static class Builder {
         private RetryPolicy<Object> retryPolicy;
         private TypeManager typeManager;
         private Monitor monitor;
-        
+        private ParticipantContextSupplier participantContextSupplier;
+
         private Builder() {}
 
         public static Builder newInstance() {
@@ -207,14 +212,19 @@ public Builder monitor(Monitor monitor) {
             this.monitor = monitor;
             return this;
         }
-        
+
+        public Builder participantContextSupplier(ParticipantContextSupplier participantContextSupplier) {
+            this.participantContextSupplier = participantContextSupplier;
+            return this;
+        }
+
         public S3CopyDeprovisionPipeline build() {
             Objects.requireNonNull(clientProvider);
             Objects.requireNonNull(vault);
             Objects.requireNonNull(retryPolicy);
             Objects.requireNonNull(typeManager);
             Objects.requireNonNull(monitor);
-            return new S3CopyDeprovisionPipeline(clientProvider, vault, retryPolicy, typeManager, monitor);
+            return new S3CopyDeprovisionPipeline(clientProvider, vault, retryPolicy, typeManager, monitor, participantContextSupplier);
         }
     }
 }
@@ -20,6 +20,7 @@
 import jakarta.json.Json;
 import org.eclipse.edc.aws.s3.AwsClientProvider;
 import org.eclipse.edc.aws.s3.S3ClientRequest;
+import org.eclipse.edc.participantcontext.spi.service.ParticipantContextSupplier;
 import org.eclipse.edc.spi.EdcException;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.security.Vault;
@@ -72,17 +73,20 @@ public class S3CopyProvisionPipeline {
     private final Monitor monitor;
     private final String componentId;
     private final int maxRoleSessionDuration;
-    
+    private final ParticipantContextSupplier participantContextSupplier;
+
     private S3CopyProvisionPipeline(AwsClientProvider clientProvider, Vault vault,
                                     RetryPolicy<Object> retryPolicy, TypeManager typeManager,
-                                    Monitor monitor, String componentId, int maxRoleSessionDuration) {
+                                    Monitor monitor, String componentId, int maxRoleSessionDuration,
+                                    ParticipantContextSupplier participantContextSupplier) {
         this.clientProvider = clientProvider;
         this.vault = vault;
         this.retryPolicy = retryPolicy;
         this.typeManager = typeManager;
         this.monitor = monitor;
         this.componentId = componentId;
         this.maxRoleSessionDuration = maxRoleSessionDuration;
+        this.participantContextSupplier = participantContextSupplier;
     }
 
     public CompletableFuture<S3CopyProvisionResponse> provision(S3CopyResourceDefinition resourceDefinition) {
@@ -92,7 +96,7 @@ public CompletableFuture<S3CopyProvisionResponse> provision(S3CopyResourceDefini
         var stsClient = clientProvider.stsAsyncClient(sourceClientRequest);
 
         // create S3 client for destination account -> update S3 bucket policy
-        var secretTokenResult = getSecretTokenFromVault(resourceDefinition.getDestinationKeyName(), vault, typeManager);
+        var secretTokenResult = getSecretTokenFromVault(participantContextSupplier, resourceDefinition.getDestinationKeyName(), vault, typeManager);
         if (secretTokenResult.failed()) {
             return failedFuture(new EdcException(secretTokenResult.getFailureDetail()));
         }
@@ -252,7 +256,8 @@ static class Builder {
         private Monitor monitor;
         private String componentId;
         private int maxRoleSessionDuration;
-        
+        private ParticipantContextSupplier participantContextSupplier;
+
         private Builder() {}
 
         public static Builder newInstance() {
@@ -293,15 +298,21 @@ public Builder maxRoleSessionDuration(int maxRoleSessionDuration) {
             this.maxRoleSessionDuration = maxRoleSessionDuration;
             return this;
         }
-        
+
+        public Builder participantContextSupplier(ParticipantContextSupplier participantContextSupplier) {
+            this.participantContextSupplier = participantContextSupplier;
+            return this;
+        }
+
         public S3CopyProvisionPipeline build() {
             Objects.requireNonNull(clientProvider);
             Objects.requireNonNull(vault);
             Objects.requireNonNull(retryPolicy);
             Objects.requireNonNull(typeManager);
             Objects.requireNonNull(monitor);
             Objects.requireNonNull(componentId);
-            return new S3CopyProvisionPipeline(clientProvider, vault, retryPolicy, typeManager, monitor, componentId, maxRoleSessionDuration);
+            return new S3CopyProvisionPipeline(clientProvider, vault, retryPolicy, typeManager, monitor, componentId,
+                    maxRoleSessionDuration, participantContextSupplier);
         }
     }
 }
@@ -22,6 +22,7 @@
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.ProvisionResponse;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.ProvisionedResource;
 import org.eclipse.edc.connector.controlplane.transfer.spi.types.ResourceDefinition;
+import org.eclipse.edc.participantcontext.spi.service.ParticipantContextSupplier;
 import org.eclipse.edc.policy.model.Policy;
 import org.eclipse.edc.spi.monitor.Monitor;
 import org.eclipse.edc.spi.response.StatusResult;
@@ -45,17 +46,19 @@ public class S3CopyProvisioner implements Provisioner<S3CopyResourceDefinition,
     private final Monitor monitor;
     private final String componentId;
     private final int maxRoleSessionDuration;
-    
+    private final ParticipantContextSupplier participantContextSupplier;
+
     public S3CopyProvisioner(AwsClientProvider clientProvider, Vault vault,
                              RetryPolicy<Object> retryPolicy, TypeManager typeManager,
                              Monitor monitor, String componentId, int maxRetries,
-                             int maxRoleSessionDuration) {
+                             int maxRoleSessionDuration, ParticipantContextSupplier participantContextSupplier) {
         this.clientProvider = clientProvider;
         this.vault = vault;
         this.typeManager = typeManager;
         this.monitor = monitor;
         this.componentId = componentId;
         this.maxRoleSessionDuration = maxRoleSessionDuration;
+        this.participantContextSupplier = participantContextSupplier;
         this.retryPolicy = RetryPolicy.builder(retryPolicy.getConfig())
                 .withMaxRetries(maxRetries)
                 .handle(AwsServiceException.class)
@@ -82,6 +85,7 @@ public CompletableFuture<StatusResult<ProvisionResponse>> provision(S3CopyResour
                 .monitor(monitor)
                 .componentId(componentId)
                 .maxRoleSessionDuration(maxRoleSessionDuration)
+                .participantContextSupplier(participantContextSupplier)
                 .build()
                 .provision(resourceDefinition)
                 .thenApply(response -> provisioningSucceeded(resourceDefinition, response));
@@ -123,6 +127,7 @@ public CompletableFuture<StatusResult<DeprovisionedResource>> deprovision(S3Copy
                 .retryPolicy(retryPolicy)
                 .typeManager(typeManager)
                 .monitor(monitor)
+                .participantContextSupplier(participantContextSupplier)
                 .build()
                 .deprovision(provisionedResource)
                 .thenApply(StatusResult::success);
 
@@ -25,8 +25,11 @@
 import org.eclipse.edc.aws.s3.S3ClientRequest;
 import org.eclipse.edc.aws.s3.spi.S3BucketSchema;
 import org.eclipse.edc.json.JacksonTypeManager;
+import org.eclipse.edc.participantcontext.spi.service.ParticipantContextSupplier;
+import org.eclipse.edc.participantcontext.spi.types.ParticipantContext;
 import org.eclipse.edc.policy.model.Policy;
 import org.eclipse.edc.spi.monitor.Monitor;
+import org.eclipse.edc.spi.result.ServiceResult;
 import org.eclipse.edc.spi.security.Vault;
 import org.eclipse.edc.spi.types.TypeManager;
 import org.eclipse.edc.spi.types.domain.DataAddress;
@@ -97,23 +100,26 @@ class S3CopyProvisionerTest {
     private String roleAccessKeyId = "123";
     private String roleSecretAccessKey = "456";
     private String roleSessionToken = "789";
-    
+    private ParticipantContextSupplier participantContextSupplier = mock();
+
     @BeforeEach
     void setUp() {
         when(clientProvider.iamAsyncClient(any(S3ClientRequest.class))).thenReturn(iamClient);
         when(clientProvider.stsAsyncClient(any(S3ClientRequest.class))).thenReturn(stsClient);
         when(clientProvider.s3AsyncClient(any(S3ClientRequest.class))).thenReturn(s3Client);
+        var participantContext = ParticipantContext.Builder.newInstance().participantContextId("participantContextId").identity("any").build();
+        when(participantContextSupplier.get()).thenReturn(ServiceResult.success(participantContext));
 
         provisioner = new S3CopyProvisioner(clientProvider, vault, RetryPolicy.ofDefaults(),
-                typeManager, mock(Monitor.class), "componentId", 2, 3600);
+                typeManager, mock(Monitor.class), "componentId", 2, 3600, participantContextSupplier);
     }
 
     @Test
     void provision_shouldProvisionResources() throws Exception {
         var definition = resourceDefinition();
 
         var secretToken = new AwsSecretToken("accessKeyId", "secretAccessKey");
-        when(vault.resolveSecret(definition.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
+        when(vault.resolveSecret("participantContextId", definition.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
 
         var getUserResponse = getUserResponse();
         when(iamClient.getUser()).thenReturn(completedFuture(getUserResponse));
@@ -184,7 +190,7 @@ void provision_onError_shouldReturnFailedFuture() throws Exception {
         var definition = resourceDefinition();
 
         var secretToken = new AwsSecretToken("accessKeyId", "secretAccessKey");
-        when(vault.resolveSecret(definition.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
+        when(vault.resolveSecret("participantContextId", definition.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
 
         when(iamClient.getUser()).thenReturn(failedFuture(new RuntimeException("error")));
 
@@ -198,7 +204,7 @@ void deprovision_shouldDeprovisionResources() throws Exception {
         var resource = provisionedResource();
 
         var secretToken = new AwsSecretToken("accessKeyId", "secretAccessKey");
-        when(vault.resolveSecret(resource.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
+        when(vault.resolveSecret("participantContextId", resource.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
 
         var getBucketPolicyResponse = getNoneEmptyBucketPolicyResponse();
         when(s3Client.getBucketPolicy(any(GetBucketPolicyRequest.class))).thenReturn(completedFuture(getBucketPolicyResponse));
@@ -234,7 +240,7 @@ void deprovision_otherBucketPolicyStatements_shouldOnlyRemoveProvisionedStatemen
         var resource = provisionedResource();
 
         var secretToken = new AwsSecretToken("accessKeyId", "secretAccessKey");
-        when(vault.resolveSecret(resource.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
+        when(vault.resolveSecret("participantContextId", resource.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
 
         var getBucketPolicyResponse = getBucketPolicyResponseWithMultipleStatements();
         when(s3Client.getBucketPolicy(any(GetBucketPolicyRequest.class))).thenReturn(completedFuture(getBucketPolicyResponse));
@@ -274,7 +280,7 @@ void deprovision_onError_shouldReturnFailedFuture() throws Exception {
         var resource = provisionedResource();
 
         var secretToken = new AwsSecretToken("accessKeyId", "secretAccessKey");
-        when(vault.resolveSecret(resource.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
+        when(vault.resolveSecret("participantContextId", resource.getDestinationKeyName())).thenReturn(typeManager.getMapper().writeValueAsString(secretToken));
 
         when(s3Client.getBucketPolicy(any(GetBucketPolicyRequest.class))).thenReturn(failedFuture(new RuntimeException("error")));
 
 
@@ -20,6 +20,7 @@ dependencies {
     api(libs.edc.spi.dataplane)
     api(libs.edc.spi.web)
     api(libs.edc.spi.data.plane.selector)
+    api(libs.edc.spi.participant.context.single)
     implementation(libs.edc.lib.util)
     implementation(libs.edc.core.dataPlane.util)
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@ plugins {`
`17`	`17`	`}`
`18`	`18`
`19`	`19`	`dependencies {`
	`20`	`+ api(libs.edc.spi.participant.context.single)`
`20`	`21`	`implementation(libs.edc.spi.controlplane)`
`21`	`22`	`implementation(libs.edc.lib.util)`
`22`	`23`	`implementation(project(":extensions:common:aws:aws-s3-core"))`