feat(core): v2 ERS with proto updates

sdk/go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/lestrrat-go/jwx/v2 v2.0.21
 	github.com/opentdf/platform/lib/fixtures v0.2.10
 	github.com/opentdf/platform/lib/ocrypto v0.1.9
-	github.com/opentdf/platform/protocol/go v0.3.2
+	github.com/opentdf/platform/protocol/go v0.3.3
 	github.com/stretchr/testify v1.10.0
 	github.com/testcontainers/testcontainers-go v0.34.0
 	github.com/xeipuuv/gojsonschema v1.2.0

sdk/go.sum

@@ -116,8 +116,8 @@ github.com/opentdf/platform/lib/fixtures v0.2.10 h1:R688b98ctsEiDRlQSvLxmAWT7bXv
 github.com/opentdf/platform/lib/fixtures v0.2.10/go.mod h1:wGhclxDeDXf8bp5VAWztT1nY2gWVNGQLd8rWs5wtXV0=
 github.com/opentdf/platform/lib/ocrypto v0.1.9 h1:GvgPB7CoK7JmWvsSvJ0hc+RC0wezgcuRpy3q2oYKjdA=
 github.com/opentdf/platform/lib/ocrypto v0.1.9/go.mod h1:UTtqh8mvhAYA+sEnaMxpr/406e84L5Q1sAxtKGIXfu4=
-github.com/opentdf/platform/protocol/go v0.3.2 h1:WugeSl7RSRM7e7c5jJumZOIW2jr+sMqwDzpGUGyeC5k=
-github.com/opentdf/platform/protocol/go v0.3.2/go.mod h1:nErYkgt32GW22CNqSyLO+JE49C3JndI1TsVdF+CUYd4=
+github.com/opentdf/platform/protocol/go v0.3.3 h1:ySnnMniOFpxnc4G2EPGQEuEzaYAfLtNhqqIkGv1XXQM=
+github.com/opentdf/platform/protocol/go v0.3.3/go.mod h1:nErYkgt32GW22CNqSyLO+JE49C3JndI1TsVdF+CUYd4=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=

sdk/sdk.go

@@ -17,6 +17,7 @@ import (
 	"github.com/opentdf/platform/lib/ocrypto"
 	"github.com/opentdf/platform/protocol/go/authorization"
 	"github.com/opentdf/platform/protocol/go/entityresolution"
+	entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2"
 	"github.com/opentdf/platform/protocol/go/policy"
 	"github.com/opentdf/platform/protocol/go/policy/actions"
 	"github.com/opentdf/platform/protocol/go/policy/attributes"
@@ -71,6 +72,7 @@ type SDK struct {
 	Attributes              attributes.AttributesServiceClient
 	Authorization           authorization.AuthorizationServiceClient
 	EntityResoution         entityresolution.EntityResolutionServiceClient
+	EntityResolutionV2      entityresolutionV2.EntityResolutionServiceClient
 	KeyAccessServerRegistry kasregistry.KeyAccessServerRegistryServiceClient
 	Namespaces              namespaces.NamespaceServiceClient
 	RegisteredResources     registeredresources.RegisteredResourcesServiceClient
@@ -214,6 +216,7 @@ func New(platformEndpoint string, opts ...Option) (*SDK, error) {
 		KeyAccessServerRegistry: kasregistry.NewKeyAccessServerRegistryServiceClient(platformConn),
 		Authorization:           authorization.NewAuthorizationServiceClient(platformConn),
 		EntityResoution:         entityresolution.NewEntityResolutionServiceClient(ersConn),
+		EntityResolutionV2:      entityresolutionV2.NewEntityResolutionServiceClient(ersConn),
 		KeyManagement:           keymanagement.NewKeyManagementServiceClient(platformConn),
 		wellknownConfiguration:  wellknownconfiguration.NewWellKnownServiceClient(platformConn),
 	}, nil

service/entityresolution/claims/claims_entity_resolution.go → service/entityresolution/claims/entity_resolution.go

@@ -1,4 +1,4 @@
-package entityresolution
+package claims
 
 import (
 	"context"

service/entityresolution/claims/claims_entity_resolution_test.go → service/entityresolution/claims/entity_resolution_test.go

@@ -1,4 +1,4 @@
-package entityresolution_test
+package claims_test
 
 import (
 	"testing"

service/entityresolution/claims/v2/entity_resolution.go

@@ -0,0 +1,146 @@
+package claims
+
+import (
+	"context"
+	"fmt"
+	"log/slog"
+	"strconv"
+
+	"connectrpc.com/connect"
+	"github.com/lestrrat-go/jwx/v2/jwt"
+	"github.com/opentdf/platform/protocol/go/entity"
+	entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2"
+	auth "github.com/opentdf/platform/service/authorization"
+	"github.com/opentdf/platform/service/logger"
+	"github.com/opentdf/platform/service/pkg/config"
+	"github.com/opentdf/platform/service/pkg/serviceregistry"
+	"go.opentelemetry.io/otel/trace"
+	"google.golang.org/protobuf/encoding/protojson"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/structpb"
+)
+
+type EntityResolutionServiceV2 struct {
+	entityresolutionV2.UnimplementedEntityResolutionServiceServer
+	logger *logger.Logger
+	trace.Tracer
+}
+
+func RegisterClaimsERS(_ config.ServiceConfig, logger *logger.Logger) (EntityResolutionServiceV2, serviceregistry.HandlerServer) {
+	claimsSVC := EntityResolutionServiceV2{logger: logger}
+	return claimsSVC, nil
+}
+
+func (s EntityResolutionServiceV2) ResolveEntities(ctx context.Context, req *connect.Request[entityresolutionV2.ResolveEntitiesRequest]) (*connect.Response[entityresolutionV2.ResolveEntitiesResponse], error) {
+	resp, err := EntityResolution(ctx, req.Msg, s.logger)
+	return connect.NewResponse(&resp), err
+}
+
+func (s EntityResolutionServiceV2) CreateEntityChainsFromTokens(ctx context.Context, req *connect.Request[entityresolutionV2.CreateEntityChainsFromTokensRequest]) (*connect.Response[entityresolutionV2.CreateEntityChainsFromTokensResponse], error) {
+	ctx, span := s.Tracer.Start(ctx, "CreateEntityChainsFromTokens")
+	defer span.End()
+
+	resp, err := CreateEntityChainsFromTokens(ctx, req.Msg, s.logger)
+	return connect.NewResponse(&resp), err
+}
+
+func CreateEntityChainsFromTokens(
+	_ context.Context,
+	req *entityresolutionV2.CreateEntityChainsFromTokensRequest,
+	_ *logger.Logger,
+) (entityresolutionV2.CreateEntityChainsFromTokensResponse, error) {
+	entityChains := []*entity.EntityChain{}
+	// for each token in the tokens form an entity chain
+	for _, tok := range req.GetTokens() {
+		entities, err := getEntitiesFromToken(tok.GetJwt())
+		if err != nil {
+			return entityresolutionV2.CreateEntityChainsFromTokensResponse{}, err
+		}
+		entityChains = append(entityChains, &entity.EntityChain{EphemeralId: tok.GetEphemeralId(), Entities: entities})
+	}
+
+	return entityresolutionV2.CreateEntityChainsFromTokensResponse{EntityChains: entityChains}, nil
+}
+
+func EntityResolution(_ context.Context,
+	req *entityresolutionV2.ResolveEntitiesRequest, logger *logger.Logger,
+) (entityresolutionV2.ResolveEntitiesResponse, error) {
+	payload := req.GetEntities()
+	var resolvedEntities []*entityresolutionV2.EntityRepresentation
+
+	for idx, ident := range payload {
+		entityStruct := &structpb.Struct{}
+		switch ident.GetEntityType().(type) {
+		case *entity.Entity_Claims:
+			claims := ident.GetClaims()
+			if claims != nil {
+				err := claims.UnmarshalTo(entityStruct)
+				if err != nil {
+					return entityresolutionV2.ResolveEntitiesResponse{}, connect.NewError(connect.CodeInvalidArgument, fmt.Errorf("error unpacking anypb.Any to structpb.Struct: %w", err))
+				}
+			}
+		default:
+			retrievedStruct, err := entityToStructPb(ident)
+			if err != nil {
+				logger.Error("unable to make entity struct", slog.String("error", err.Error()))
+				return entityresolutionV2.ResolveEntitiesResponse{}, connect.NewError(connect.CodeInternal, fmt.Errorf("unable to make entity struct: %w", err))
+			}
+			entityStruct = retrievedStruct
+		}
+		// make sure the id field is populated
+		originialID := ident.GetEphemeralId()
+		if originialID == "" {
+			originialID = auth.EntityIDPrefix + strconv.Itoa(idx)
+		}
+		resolvedEntities = append(
+			resolvedEntities,
+			&entityresolutionV2.EntityRepresentation{
+				OriginalId:      originialID,
+				AdditionalProps: []*structpb.Struct{entityStruct},
+			},
+		)
+	}
+	return entityresolutionV2.ResolveEntitiesResponse{EntityRepresentations: resolvedEntities}, nil
+}
+
+func getEntitiesFromToken(jwtString string) ([]*entity.Entity, error) {
+	token, err := jwt.ParseString(jwtString, jwt.WithVerify(false), jwt.WithValidate(false))
+	if err != nil {
+		return nil, fmt.Errorf("error parsing jwt: %w", err)
+	}
+
+	claims := token.PrivateClaims()
+	entities := []*entity.Entity{}
+
+	// Convert map[string]interface{} to *structpb.Struct
+	structClaims, err := structpb.NewStruct(claims)
+	if err != nil {
+		return nil, fmt.Errorf("error converting to structpb.Struct: %w", err)
+	}
+
+	// Wrap the struct in an *anypb.Any message
+	anyClaims, err := anypb.New(structClaims)
+	if err != nil {
+		return nil, fmt.Errorf("error wrapping in anypb.Any: %w", err)
+	}
+
+	entities = append(entities, &entity.Entity{
+		EntityType:  &entity.Entity_Claims{Claims: anyClaims},
+		EphemeralId: "jwtentity-claims",
+		Category:    entity.Entity_CATEGORY_SUBJECT,
+	})
+	return entities, nil
+}
+
+func entityToStructPb(ident *entity.Entity) (*structpb.Struct, error) {
+	entityBytes, err := protojson.Marshal(ident)
+	if err != nil {
+		return nil, err
+	}
+	var entityStruct structpb.Struct
+	err = entityStruct.UnmarshalJSON(entityBytes)
+	if err != nil {
+		return nil, err
+	}
+	return &entityStruct, nil
+}

service/entityresolution/claims/v2/entity_resolution_test.go

@@ -0,0 +1,116 @@
+package claims_test
+
+import (
+	"testing"
+
+	"github.com/opentdf/platform/protocol/go/entity"
+	entityresolutionV2 "github.com/opentdf/platform/protocol/go/entityresolution/v2"
+	claims "github.com/opentdf/platform/service/entityresolution/claims/v2"
+	"github.com/opentdf/platform/service/logger"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/structpb"
+)
+
+const samplejwt = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6ImhlbGxvd29ybGQiLCJpYXQiOjE1MTYyMzkwMjJ9.EAOittOMzKENEAs44eaMuZe-xas7VNVsgBxhwmxYiIw"
+
+func Test_ClientResolveEntity(t *testing.T) {
+	var validBody []*entity.Entity
+	validBody = append(validBody, &entity.Entity{EphemeralId: "1234", EntityType: &entity.Entity_ClientId{ClientId: "random"}})
+
+	req := entityresolutionV2.ResolveEntitiesRequest{}
+	req.Entities = validBody
+
+	resp, reserr := claims.EntityResolution(t.Context(), &req, logger.CreateTestLogger())
+
+	require.NoError(t, reserr)
+
+	entityRepresentations := resp.GetEntityRepresentations()
+	assert.NotNil(t, entityRepresentations)
+	assert.Len(t, entityRepresentations, 1)
+
+	assert.Equal(t, "1234", entityRepresentations[0].GetOriginalId())
+	assert.Len(t, entityRepresentations[0].GetAdditionalProps(), 1)
+	propMap := entityRepresentations[0].GetAdditionalProps()[0].AsMap()
+	assert.Equal(t, "random", propMap["clientId"])
+	assert.Equal(t, "1234", propMap["ephemeralId"])
+}
+
+func Test_EmailResolveEntity(t *testing.T) {
+	var validBody []*entity.Entity
+	validBody = append(validBody, &entity.Entity{EphemeralId: "1234", EntityType: &entity.Entity_EmailAddress{EmailAddress: "random"}})
+
+	req := entityresolutionV2.ResolveEntitiesRequest{}
+	req.Entities = validBody
+
+	resp, reserr := claims.EntityResolution(t.Context(), &req, logger.CreateTestLogger())
+
+	require.NoError(t, reserr)
+
+	entityRepresentations := resp.GetEntityRepresentations()
+	assert.NotNil(t, entityRepresentations)
+	assert.Len(t, entityRepresentations, 1)
+
+	assert.Equal(t, "1234", entityRepresentations[0].GetOriginalId())
+	assert.Len(t, entityRepresentations[0].GetAdditionalProps(), 1)
+	propMap := entityRepresentations[0].GetAdditionalProps()[0].AsMap()
+	assert.Equal(t, "random", propMap["emailAddress"])
+	assert.Equal(t, "1234", propMap["ephemeralId"])
+}
+
+func Test_ClaimsResolveEntity(t *testing.T) {
+	customclaims := map[string]interface{}{
+		"foo": "bar",
+		"baz": 42,
+	}
+	// Convert map[string]interface{} to *structpb.Struct
+	structClaims, err := structpb.NewStruct(customclaims)
+	require.NoError(t, err)
+
+	// Wrap the struct in an *anypb.Any
+	anyClaims, err := anypb.New(structClaims)
+	require.NoError(t, err)
+
+	var validBody []*entity.Entity
+	validBody = append(validBody, &entity.Entity{EphemeralId: "1234", EntityType: &entity.Entity_Claims{Claims: anyClaims}})
+
+	req := entityresolutionV2.ResolveEntitiesRequest{}
+	req.Entities = validBody
+
+	resp, reserr := claims.EntityResolution(t.Context(), &req, logger.CreateTestLogger())
+
+	require.NoError(t, reserr)
+
+	entityRepresentations := resp.GetEntityRepresentations()
+	assert.NotNil(t, entityRepresentations)
+	assert.Len(t, entityRepresentations, 1)
+
+	assert.Equal(t, "1234", entityRepresentations[0].GetOriginalId())
+	assert.Len(t, entityRepresentations[0].GetAdditionalProps(), 1)
+	propMap := entityRepresentations[0].GetAdditionalProps()[0].AsMap()
+	assert.Equal(t, "bar", propMap["foo"])
+	assert.EqualValues(t, 42, propMap["baz"])
+}
+
+func Test_JWTToEntityChainClaims(t *testing.T) {
+	validBody := []*entity.Token{{Jwt: samplejwt}}
+
+	resp, reserr := claims.CreateEntityChainsFromTokens(t.Context(), &entityresolutionV2.CreateEntityChainsFromTokensRequest{Tokens: validBody}, logger.CreateTestLogger())
+
+	require.NoError(t, reserr)
+
+	assert.Len(t, resp.GetEntityChains(), 1)
+	assert.Len(t, resp.GetEntityChains()[0].GetEntities(), 1)
+	assert.IsType(t, &entity.Entity_Claims{}, resp.GetEntityChains()[0].GetEntities()[0].GetEntityType())
+	assert.Equal(t, entity.Entity_CATEGORY_SUBJECT, resp.GetEntityChains()[0].GetEntities()[0].GetCategory())
+
+	var unpackedStruct structpb.Struct
+	err := resp.GetEntityChains()[0].GetEntities()[0].GetClaims().UnmarshalTo(&unpackedStruct)
+	require.NoError(t, err)
+
+	// Convert structpb.Struct to map[string]interface{}
+	claimsMap := unpackedStruct.AsMap()
+
+	assert.Equal(t, "helloworld", claimsMap["name"])
+}