From 7a8b3d693a1296833b1d025a6deff33bb598d381 Mon Sep 17 00:00:00 2001
From: Tim Geoghegan <timg@divviup.org>
Date: Mon, 23 Oct 2023 17:39:16 -0700
Subject: [PATCH] release/0.5: adopt new `divviup-api` API (#2151)

The PRs related to https://github.com/divviup/divviup-api/issues/542
implement the new concept of "collector credential". This entails
changes to the API for provisioning tasks via divviup-api that we use in
e2e integration tests. On `release/0.5`, we don't use the
`divviup-client` crate, so we update the client baked into Janus.

Another curiosity is that while `divviup-api` will mint a collector auth
token in response to our request to create a collector auth token, that
auth token won't be used and instead the one generated by the Janus
aggregator API gets plumbed back to us in the task creation request.

Part of #2071
---
 integration_tests/src/divviup_api_client.rs | 25 +++++++++++----------
 integration_tests/tests/in_cluster.rs       | 18 ++++++++++-----
 2 files changed, 25 insertions(+), 18 deletions(-)

diff --git a/integration_tests/src/divviup_api_client.rs b/integration_tests/src/divviup_api_client.rs
index cdb323d80..5733a0765 100644
--- a/integration_tests/src/divviup_api_client.rs
+++ b/integration_tests/src/divviup_api_client.rs
@@ -53,7 +53,7 @@ pub struct NewTaskRequest {
     pub max_batch_size: Option<u64>,
     pub expiration: String,
     pub time_precision_seconds: u64,
-    pub hpke_config_id: String,
+    pub collector_credential_id: String,
 }
 
 /// Representation of a DAP task in responses from divviup-api. This application ignores several
@@ -81,18 +81,19 @@ pub struct DivviUpAggregator {
     pub dap_url: Url,
 }
 
-/// Request to create an HPKE config in divviup-api.
+/// Request to create a collector credential in divviup-api.
 #[derive(Serialize)]
-pub struct NewHpkeConfigRequest {
+pub struct NewCollectorCredentialRequest {
     pub name: String,
-    pub contents: String,
+    pub hpke_config: String,
 }
 
-/// Representation of an HPKE config in responses from divviup-api. This application ignores most
-/// fields that we never use.
+/// Representation of a collector credential in responses from divviup-api. This application ignores
+/// most fields that we never use.
 #[derive(Deserialize)]
-pub struct DivviUpHpkeConfig {
+pub struct DivviUpCollectorCredential {
     pub id: String,
+    pub token: String,
 }
 
 /// Representation of a collector auth token in divviup-api.
@@ -189,16 +190,16 @@ impl DivviupApiClient {
         .await
     }
 
-    pub async fn create_hpke_config(
+    pub async fn create_collector_credential(
         &self,
         account: &Account,
-        request: &NewHpkeConfigRequest,
-    ) -> DivviUpHpkeConfig {
+        request: &NewCollectorCredentialRequest,
+    ) -> DivviUpCollectorCredential {
         self.make_request(
             Method::POST,
-            &format!("accounts/{}/hpke_configs", account.id),
+            &format!("accounts/{}/collector_credentials", account.id),
             Some(request),
-            "HPKE config creation",
+            "collector credential creation",
         )
         .await
     }
diff --git a/integration_tests/tests/in_cluster.rs b/integration_tests/tests/in_cluster.rs
index 9c4e35ab1..1e54cd452 100644
--- a/integration_tests/tests/in_cluster.rs
+++ b/integration_tests/tests/in_cluster.rs
@@ -14,7 +14,7 @@ use janus_core::{
 use janus_integration_tests::{
     client::ClientBackend,
     divviup_api_client::{
-        DivviupApiClient, NewAggregatorRequest, NewHpkeConfigRequest, NewTaskRequest,
+        DivviupApiClient, NewAggregatorRequest, NewCollectorCredentialRequest, NewTaskRequest,
     },
     TaskParameters,
 };
@@ -139,12 +139,13 @@ impl InClusterJanusPair {
             )
             .await;
 
-        let collector_hpke_config = divviup_api
-            .create_hpke_config(
+        let collector_credential = divviup_api
+            .create_collector_credential(
                 &account,
-                &NewHpkeConfigRequest {
+                &NewCollectorCredentialRequest {
                     name: "Integration test key".to_string(),
-                    contents: STANDARD.encode(task.collector_hpke_config().unwrap().get_encoded()),
+                    hpke_config: STANDARD
+                        .encode(task.collector_hpke_config().unwrap().get_encoded()),
                 },
             )
             .await;
@@ -161,7 +162,7 @@ impl InClusterJanusPair {
             },
             expiration: "3000-01-01T00:00:00Z".to_owned(),
             time_precision_seconds: task.time_precision().as_seconds(),
-            hpke_config_id: collector_hpke_config.id,
+            collector_credential_id: collector_credential.id,
         };
 
         // Provision the task into both aggregators via divviup-api
@@ -169,6 +170,11 @@ impl InClusterJanusPair {
             .create_task(&account, &provision_task_request)
             .await;
 
+        // Awkwardly, the collector credential we created above will contain a collector auth token
+        // generated by divviup-api, but it's never presented to Janus, so we must ignore it and
+        // instead use the collector auth token that will have been generated by Janus in the
+        // aggregator API and which will be relayed to us in the task creation response. This
+        // awkwardness will go away once we stop supporting Janus 0.5.0 and draft-ietf-ppm-dap-04.
         let collector_auth_tokens = divviup_api
             .list_collector_auth_tokens(&provisioned_task)
             .await;