WIP on enhancements

Author: artem-v

services-api/src/main/java/io/scalecube/services/ServiceEndpoint.java

@@ -22,6 +22,7 @@ public class ServiceEndpoint implements Externalizable {
   private static final long serialVersionUID = 1L;
 
   private String id;
+  private String name;
   private Address address;
   private Set<String> contentTypes;
   private Map<String, String> tags;
@@ -37,6 +38,7 @@ public ServiceEndpoint() {}
 
   private ServiceEndpoint(Builder builder) {
     this.id = Objects.requireNonNull(builder.id, "ServiceEndpoint.id is required");
+    this.name = Objects.requireNonNull(builder.name, "ServiceEndpoint.name is required");
     this.address = Objects.requireNonNull(builder.address, "ServiceEndpoint.address is required");
     this.contentTypes = Collections.unmodifiableSet(new HashSet<>(builder.contentTypes));
     this.tags = Collections.unmodifiableMap(new HashMap<>(builder.tags));
@@ -56,6 +58,10 @@ public String id() {
     return id;
   }
 
+  public String name() {
+    return name;
+  }
+
   public Address address() {
     return address;
   }
@@ -86,7 +92,8 @@ public Collection<ServiceReference> serviceReferences() {
   @Override
   public String toString() {
     return new StringJoiner(", ", ServiceEndpoint.class.getSimpleName() + "[", "]")
-        .add("id=" + id)
+        .add("id='" + id + "'")
+        .add("name='" + name + "'")
         .add("address=" + address)
         .add("contentTypes=" + contentTypes)
         .add("tags=" + tags)
@@ -99,6 +106,9 @@ public void writeExternal(ObjectOutput out) throws IOException {
     // id
     out.writeUTF(id);
 
+    // name
+    out.writeUTF(name);
+
     // address
     out.writeUTF(address.toString());
 
@@ -127,6 +137,9 @@ public void readExternal(ObjectInput in) throws IOException, ClassNotFoundExcept
     // id
     id = in.readUTF();
 
+    // name
+    name = in.readUTF();
+
     // address
     address = Address.from(in.readUTF());
 
@@ -160,6 +173,7 @@ public void readExternal(ObjectInput in) throws IOException, ClassNotFoundExcept
   public static class Builder {
 
     private String id;
+    private String name;
     private Address address = Address.NULL_ADDRESS;
     private Set<String> contentTypes = Collections.emptySet();
     private Map<String, String> tags = Collections.emptyMap();
@@ -169,6 +183,7 @@ private Builder() {}
 
     private Builder(ServiceEndpoint other) {
       this.id = other.id;
+      this.name = other.name;
       this.address = other.address;
       this.contentTypes = new HashSet<>(other.contentTypes);
       this.tags = new HashMap<>(other.tags);
@@ -180,6 +195,11 @@ public Builder id(String id) {
       return this;
     }
 
+    public Builder name(String name) {
+      this.name = Objects.requireNonNull(name, "name");
+      return this;
+    }
+
     public Builder address(Address address) {
       this.address = Objects.requireNonNull(address, "address");
       return this;

services-api/src/main/java/io/scalecube/services/ServiceReference.java

@@ -18,6 +18,7 @@
 public class ServiceReference {
 
   private final String endpointId;
+  private final String endpointName;
   private final String namespace;
   private final String action;
   private final String qualifier;
@@ -41,6 +42,7 @@ public ServiceReference(
       ServiceRegistration serviceRegistration,
       ServiceEndpoint serviceEndpoint) {
     this.endpointId = serviceEndpoint.id();
+    this.endpointName = serviceEndpoint.name();
     this.namespace = serviceRegistration.namespace();
     this.action = serviceMethodDefinition.action();
     this.qualifier = Qualifier.asString(namespace, action);
@@ -57,6 +59,10 @@ public String endpointId() {
     return endpointId;
   }
 
+  public String endpointName() {
+    return endpointName;
+  }
+
   public String namespace() {
     return namespace;
   }
@@ -116,6 +122,7 @@ private static Map<String, String> mergeTags(
   public String toString() {
     return new StringJoiner(", ", ServiceReference.class.getSimpleName() + "[", "]")
         .add("endpointId='" + endpointId + "'")
+        .add("endpointName='" + endpointName + "'")
         .add("namespace='" + namespace + "'")
         .add("action='" + action + "'")
         .add("qualifier='" + qualifier + "'")

services-api/src/main/java/io/scalecube/services/discovery/api/ServiceDiscoveryEvent.java

@@ -63,7 +63,7 @@ public boolean isEndpointRemoved() {
   public String toString() {
     return new StringJoiner(", ", ServiceDiscoveryEvent.class.getSimpleName() + "[", "]")
         .add("type=" + type)
-        .add("ServiceEndpoint.id='" + serviceEndpoint.id() + "'")
+        .add("serviceEndpoint=" + serviceEndpoint)
         .toString();
   }
 }

services-api/src/main/java/io/scalecube/services/methods/ServiceMethodInvoker.java

@@ -243,8 +243,8 @@ private Mono<Principal> mapPrincipal(RequestContext context) {
               "Insufficient permissions for secured method ({}) -- "
                   + "request context ({}) does not have principal "
                   + "and principalMapper is also not set",
-              context,
-              methodInfo);
+              methodInfo,
+              context);
         }
         throw new ForbiddenException("Insufficient permissions");
       }

services-api/src/main/java/io/scalecube/services/routing/StaticAddressRouter.java

@@ -35,6 +35,7 @@ private StaticAddressRouter(Builder builder) {
                 UUID.randomUUID().toString(), Collections.emptyMap(), Collections.emptyList()),
             ServiceEndpoint.builder()
                 .id(UUID.randomUUID().toString())
+                .name(builder.serviceName)
                 .address(builder.address)
                 .build());
   }
@@ -53,6 +54,7 @@ public static class Builder {
     private Address address;
     private boolean isSecured;
     private String serviceRole;
+    private String serviceName;
 
     private Builder() {}
 
@@ -93,6 +95,18 @@ public Builder serviceRole(String serviceRole) {
       return this;
     }
 
+    /**
+     * Setter for {@code serviceName} property, will be used in the invocation of {@link
+     * CredentialsSupplier#credentials(String)}.
+     *
+     * @param serviceName serviceName
+     * @return this
+     */
+    public Builder serviceName(String serviceName) {
+      this.serviceName = serviceName;
+      return this;
+    }
+
     public StaticAddressRouter build() {
       return new StaticAddressRouter(this);
     }

services-discovery/src/test/java/io/scalecube/services/discovery/ScalecubeServiceDiscoveryTest.java

@@ -67,6 +67,7 @@ public void testMetadataCodec(MetadataCodec metadataCodec) {
     ServiceEndpoint serviceEndpoint =
         ServiceEndpoint.builder()
             .id(UUID.randomUUID().toString())
+            .name("app-service")
             .tags(Collections.singletonMap("K", "V"))
             .contentTypes(Collections.singleton("json"))
             .appendServiceRegistrations(
@@ -231,7 +232,10 @@ public void testEndpointIsRestarted(MetadataCodec metadataCodec) {
   }
 
   public static ServiceEndpoint newServiceEndpoint() {
-    return ServiceEndpoint.builder().id("" + ID_COUNTER.incrementAndGet()).build();
+    return ServiceEndpoint.builder()
+        .id("" + ID_COUNTER.incrementAndGet())
+        .name("app-service")
+        .build();
   }
 
   private Mono<ServiceDiscovery> newServiceDiscovery(

services-security/src/main/java/io/scalecube/services/security/ServiceTokenCredentialsSupplier.java

@@ -14,6 +14,13 @@ public class ServiceTokenCredentialsSupplier implements CredentialsSupplier {
   private final String vaultAddress;
   private final Supplier<CompletableFuture<String>> vaultTokenSupplier;
 
+  /**
+   * Constructor.
+   *
+   * @param environment logical environment name
+   * @param vaultAddress vaultAddress
+   * @param vaultTokenSupplier vaultTokenSupplier
+   */
   public ServiceTokenCredentialsSupplier(
       String environment,
       String vaultAddress,
@@ -23,6 +30,12 @@ public ServiceTokenCredentialsSupplier(
     this.vaultTokenSupplier = Objects.requireNonNull(vaultTokenSupplier, "vaultTokenSupplier");
   }
 
+  /**
+   * TODO
+   *
+   * @param serviceRole serviceRole
+   * @return credentials
+   */
   @Override
   public Mono<byte[]> credentials(String serviceRole) {
     return Mono.defer(

services-security/src/main/java/io/scalecube/services/security/VaultServiceRolesProcessor.java

@@ -15,26 +15,42 @@
 public class VaultServiceRolesProcessor implements ServiceRolesProcessor {
 
   private final String environment;
+  private final String service;
   private final String vaultAddress;
   private final Supplier<CompletableFuture<String>> vaultTokenSupplier;
 
+  /**
+   * Constructor.
+   *
+   * @param environment logical environment name
+   * @param service logical service name
+   * @param vaultAddress vaultAddress
+   * @param vaultTokenSupplier vaultTokenSupplier
+   */
   public VaultServiceRolesProcessor(
       String environment,
+      String service,
       String vaultAddress,
       Supplier<CompletableFuture<String>> vaultTokenSupplier) {
     this.environment = Objects.requireNonNull(environment, "environment");
+    this.service = Objects.requireNonNull(service, "service");
     this.vaultAddress = Objects.requireNonNull(vaultAddress, "vaultAddress");
     this.vaultTokenSupplier = Objects.requireNonNull(vaultTokenSupplier, "vaultTokenSupplier");
   }
 
+  /**
+   * TODO
+   *
+   * @param values collection of {@link ServiceRoleDefinition} objects
+   */
   @Override
   public void process(Collection<ServiceRoleDefinition> values) {
     VaultServiceRolesInstaller.builder()
         .vaultAddress(vaultAddress)
         .vaultTokenSupplier(vaultTokenSupplier)
         .serviceRolesSources(List.of(() -> toServiceRoles(values)))
-        .keyNameSupplier(() -> environment + "." + "identity-key")
-        .roleNameBuilder(role -> environment + "." + role)
+        .keyNameSupplier(() -> String.join(".", environment, "identity-key"))
+        .roleNameBuilder(role -> String.join(".", environment, service, role))
         .build()
         .install();
   }

services-security/src/test/java/io/scalecube/services/security/ServiceTokenTests.java

@@ -43,7 +43,7 @@ void shouldAuthenticateSuccessfully(SuccessArgs args, VaultEnvironment vaultEnvi
 
     // Install service roles
 
-    new VaultServiceRolesProcessor(args.environment, vaultAddr, vaultTokenSupplier)
+    new VaultServiceRolesProcessor(args.environment, args.service, vaultAddr, vaultTokenSupplier)
         .process(SERVICE_ROLES);
 
     // Get service token
@@ -60,15 +60,15 @@ void shouldAuthenticateSuccessfully(SuccessArgs args, VaultEnvironment vaultEnvi
   }
 
   private record SuccessArgs(
-      String environment, String serviceRole, Set<String> expectedPermissions) {}
+      String environment, String service, String serviceRole, Set<String> expectedPermissions) {}
 
   private static Stream<?> shouldAuthenticateSuccessfullyMethodSource() {
     return Stream.of(
-        new SuccessArgs("develop", "admin", Set.of("*")),
-        new SuccessArgs("develop", "user", Set.of("read", "write")),
-        new SuccessArgs("develop", "foo", Set.of("read", "write", "delete")),
-        new SuccessArgs("master", "admin", Set.of("*")),
-        new SuccessArgs("master", "user", Set.of("read", "write")),
-        new SuccessArgs("master", "foo", Set.of("read", "write", "delete")));
+        new SuccessArgs("develop", "app", "admin", Set.of("*")),
+        new SuccessArgs("develop", "app", "user", Set.of("read", "write")),
+        new SuccessArgs("develop", "app", "foo", Set.of("read", "write", "delete")),
+        new SuccessArgs("master", "app", "admin", Set.of("*")),
+        new SuccessArgs("master", "app", "user", Set.of("read", "write")),
+        new SuccessArgs("master", "app", "foo", Set.of("read", "write", "delete")));
   }
 }

services-transport-parent/services-transport-rsocket/src/main/java/io/scalecube/services/transport/rsocket/RSocketClientTransport.java

@@ -75,25 +75,23 @@ public ClientChannel create(ServiceReference serviceReference) {
   }
 
   private String selectServiceRole(ServiceReference serviceReference) {
-    if (credentialsSupplier == null || !serviceReference.isSecured()) {
+    if (credentialsSupplier == null
+        || !serviceReference.isSecured()
+        || !serviceReference.hasAllowedRoles()) {
       return null;
     }
 
-    if (serviceReference.hasAllowedRoles()) {
-      if (allowedRoles == null || allowedRoles.isEmpty()) {
-        return serviceReference.allowedRoles().get(0);
-      }
+    if (allowedRoles == null || allowedRoles.isEmpty()) {
+      return serviceReference.allowedRoles().get(0);
+    }
 
-      for (var allowedRole : allowedRoles) {
-        if (serviceReference.allowedRoles().contains(allowedRole)) {
-          return allowedRole;
-        }
+    for (var allowedRole : allowedRoles) {
+      if (serviceReference.allowedRoles().contains(allowedRole)) {
+        return allowedRole;
       }
-
-      throw new ForbiddenException("Insufficient permissions");
     }
 
-    return null;
+    throw new ForbiddenException("Insufficient permissions");
   }
 
   private Mono<RSocket> connect(
@@ -125,12 +123,12 @@ private Mono<RSocket> connect(
   }
 
   private Mono<Payload> getCredentials(ServiceReference serviceReference, String serviceRole) {
-    if (credentialsSupplier == null || !serviceReference.isSecured()) {
+    if (credentialsSupplier == null || !serviceReference.isSecured() || serviceRole == null) {
       return Mono.just(EmptyPayload.INSTANCE);
     }
 
     return credentialsSupplier
-        .credentials(serviceRole)
+        .credentials(serviceReference.endpointName() + "." + serviceRole)
         .map(data -> data.length != 0 ? DefaultPayload.create(data) : EmptyPayload.INSTANCE)
         .onErrorMap(
             th -> {