release/0.5: adopt new divviup-api API (#2151)

The PRs related to divviup/divviup-api#542 implement the new concept of "collector credential". This entails changes to the API for provisioning tasks via divviup-api that we use in e2e integration tests. On `release/0.5`, we don't use the `divviup-client` crate, so we update the client baked into Janus. Another curiosity is that while `divviup-api` will mint a collector auth token in response to our request to create a collector auth token, that auth token won't be used and instead the one generated by the Janus aggregator API gets plumbed back to us in the task creation request. Part of #2071
divviup · Oct 24, 2023 · 7a8b3d6 · 7a8b3d6
1 parent 6f80ee4
commit 7a8b3d6
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 18 deletions.
diff --git a/integration_tests/src/divviup_api_client.rs b/integration_tests/src/divviup_api_client.rs
@@ -53,7 +53,7 @@ pub struct NewTaskRequest {
     pub max_batch_size: Option<u64>,
     pub expiration: String,
     pub time_precision_seconds: u64,
-    pub hpke_config_id: String,
+    pub collector_credential_id: String,
 }
 
 /// Representation of a DAP task in responses from divviup-api. This application ignores several
@@ -81,18 +81,19 @@ pub struct DivviUpAggregator {
     pub dap_url: Url,
 }
 
-/// Request to create an HPKE config in divviup-api.
+/// Request to create a collector credential in divviup-api.
 #[derive(Serialize)]
-pub struct NewHpkeConfigRequest {
+pub struct NewCollectorCredentialRequest {
     pub name: String,
-    pub contents: String,
+    pub hpke_config: String,
 }
 
-/// Representation of an HPKE config in responses from divviup-api. This application ignores most
-/// fields that we never use.
+/// Representation of a collector credential in responses from divviup-api. This application ignores
+/// most fields that we never use.
 #[derive(Deserialize)]
-pub struct DivviUpHpkeConfig {
+pub struct DivviUpCollectorCredential {
     pub id: String,
+    pub token: String,
 }
 
 /// Representation of a collector auth token in divviup-api.
@@ -189,16 +190,16 @@ impl DivviupApiClient {
         .await
     }
 
-    pub async fn create_hpke_config(
+    pub async fn create_collector_credential(
         &self,
         account: &Account,
-        request: &NewHpkeConfigRequest,
-    ) -> DivviUpHpkeConfig {
+        request: &NewCollectorCredentialRequest,
+    ) -> DivviUpCollectorCredential {
         self.make_request(
             Method::POST,
-            &format!("accounts/{}/hpke_configs", account.id),
+            &format!("accounts/{}/collector_credentials", account.id),
             Some(request),
-            "HPKE config creation",
+            "collector credential creation",
         )
         .await
     }

diff --git a/integration_tests/tests/in_cluster.rs b/integration_tests/tests/in_cluster.rs
@@ -14,7 +14,7 @@ use janus_core::{
 use janus_integration_tests::{
     client::ClientBackend,
     divviup_api_client::{
-        DivviupApiClient, NewAggregatorRequest, NewHpkeConfigRequest, NewTaskRequest,
+        DivviupApiClient, NewAggregatorRequest, NewCollectorCredentialRequest, NewTaskRequest,
     },
     TaskParameters,
 };
@@ -139,12 +139,13 @@ impl InClusterJanusPair {
             )
             .await;
 
-        let collector_hpke_config = divviup_api
-            .create_hpke_config(
+        let collector_credential = divviup_api
+            .create_collector_credential(
                 &account,
-                &NewHpkeConfigRequest {
+                &NewCollectorCredentialRequest {
                     name: "Integration test key".to_string(),
-                    contents: STANDARD.encode(task.collector_hpke_config().unwrap().get_encoded()),
+                    hpke_config: STANDARD
+                        .encode(task.collector_hpke_config().unwrap().get_encoded()),
                 },
             )
             .await;
@@ -161,14 +162,19 @@ impl InClusterJanusPair {
             },
             expiration: "3000-01-01T00:00:00Z".to_owned(),
             time_precision_seconds: task.time_precision().as_seconds(),
-            hpke_config_id: collector_hpke_config.id,
+            collector_credential_id: collector_credential.id,
         };
 
         // Provision the task into both aggregators via divviup-api
         let provisioned_task = divviup_api
             .create_task(&account, &provision_task_request)
             .await;
 
+        // Awkwardly, the collector credential we created above will contain a collector auth token
+        // generated by divviup-api, but it's never presented to Janus, so we must ignore it and
+        // instead use the collector auth token that will have been generated by Janus in the
+        // aggregator API and which will be relayed to us in the task creation response. This
+        // awkwardness will go away once we stop supporting Janus 0.5.0 and draft-ietf-ppm-dap-04.
         let collector_auth_tokens = divviup_api
             .list_collector_auth_tokens(&provisioned_task)
             .await;