Remove encryption step

apps/policy-engine/src/app/__test__/e2e/tenant.spec.ts

@@ -8,12 +8,14 @@ import { EncryptionService } from '../../../encryption/core/encryption.service'
 import { load } from '../../../policy-engine.config'
 import { KeyValueRepository } from '../../../shared/module/key-value/core/repository/key-value.repository'
 import { InMemoryKeyValueRepository } from '../../../shared/module/key-value/persistence/repository/in-memory-key-value.repository'
+import { TestPrismaService } from '../../../shared/module/persistence/service/test-prisma.service'
 import { CreateTenantDto } from '../../http/rest/dto/create-tenant.dto'
 import { TenantRepository } from '../../persistence/repository/tenant.repository'
 
 describe('Tenant', () => {
   let app: INestApplication
   let module: TestingModule
+  let testPrismaService: TestPrismaService
   let tenantRepository: TenantRepository
   let encryptionService: EncryptionService
 
@@ -34,17 +36,22 @@ describe('Tenant', () => {
     app = module.createNestApplication()
 
     tenantRepository = module.get<TenantRepository>(TenantRepository)
+    testPrismaService = module.get<TestPrismaService>(TestPrismaService)
     encryptionService = module.get<EncryptionService>(EncryptionService)
 
+    await module.get<EncryptionService>(EncryptionService).onApplicationBootstrap()
+
     await app.init()
   })
 
   afterAll(async () => {
+    await testPrismaService.truncateAll()
     await module.close()
     await app.close()
   })
 
   beforeEach(async () => {
+    await testPrismaService.truncateAll()
     await encryptionService.onApplicationBootstrap()
   })
 

apps/policy-engine/src/app/persistence/repository/__test__/unit/tenant.repository.spec.ts

@@ -1,5 +1,9 @@
 import { DataStoreConfiguration } from '@narval/policy-engine-shared'
 import { Test } from '@nestjs/testing'
+import { mock } from 'jest-mock-extended'
+import { EncryptionService } from '../../../../../encryption/core/encryption.service'
+import { EncryptionModule } from '../../../../../encryption/encryption.module'
+import { EncryptionRepository } from '../../../../../encryption/persistence/repository/encryption.repository'
 import { KeyValueRepository } from '../../../../../shared/module/key-value/core/repository/key-value.repository'
 import { KeyValueService } from '../../../../../shared/module/key-value/core/service/key-value.service'
 import { InMemoryKeyValueRepository } from '../../../../../shared/module/key-value/persistence/repository/in-memory-key-value.repository'
@@ -13,17 +17,36 @@ describe(TenantRepository.name, () => {
   beforeEach(async () => {
     inMemoryKeyValueRepository = new InMemoryKeyValueRepository()
 
+    const encryptionRepository = mock<EncryptionRepository>()
+    encryptionRepository.getEngine.mockResolvedValue({
+      id: 'test-engine',
+      masterKey: 'unsafe-test-master-key',
+      adminApiKey: 'unsafe-test-api-key'
+    })
+
     const module = await Test.createTestingModule({
+      imports: [EncryptionModule],
       providers: [
         KeyValueService,
         TenantRepository,
+        {
+          provide: EncryptionRepository,
+          useValue: encryptionRepository
+        },
         {
           provide: KeyValueRepository,
           useValue: inMemoryKeyValueRepository
         }
       ]
     }).compile()
 
+    // IMPORTANT: The onApplicationBootstrap performs several side-effects to
+    // set up the encryption.
+    //
+    // TODO: Refactor the encryption service. It MUST be ready for usage given
+    // its arguments rather than depending on a set up step.
+    await module.get<EncryptionService>(EncryptionService).onApplicationBootstrap()
+
     repository = module.get<TenantRepository>(TenantRepository)
   })
 

apps/policy-engine/src/encryption/core/__test__/integration/encryption.service.spec.ts

@@ -53,6 +53,8 @@ describe('EncryptionService', () => {
     service = module.get<EncryptionService>(EncryptionService)
     testPrismaService = module.get<TestPrismaService>(TestPrismaService)
 
+    await testPrismaService.truncateAll()
+
     if (service.onApplicationBootstrap) {
       await service.onApplicationBootstrap()
     }
@@ -71,6 +73,7 @@ describe('EncryptionService', () => {
         id: 'local-dev-engine-instance-1'
       }
     })
+
     expect(engine?.masterKey).toBeDefined()
   })
 })

apps/policy-engine/src/shared/module/key-value/core/service/__test__/unit/key-value.service.spec.ts → apps/policy-engine/src/shared/module/key-value/core/service/__test__/integration/key-value.service.spec.ts

@@ -3,13 +3,16 @@ import { Test } from '@nestjs/testing'
 import { EncryptionService } from '../../../../../../../encryption/core/encryption.service'
 import { EncryptionModule } from '../../../../../../../encryption/encryption.module'
 import { load } from '../../../../../../../policy-engine.config'
+import { TestPrismaService } from '../../../../../../../shared/module/persistence/service/test-prisma.service'
 import { InMemoryKeyValueRepository } from '../../../../persistence/repository/in-memory-key-value.repository'
 import { KeyValueRepository } from '../../../repository/key-value.repository'
 import { KeyValueService } from '../../key-value.service'
 
 describe(KeyValueService.name, () => {
   let service: KeyValueService
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
   let keyValueRepository: KeyValueRepository
+  let testPrismaService: TestPrismaService
   let inMemoryKeyValueRepository: InMemoryKeyValueRepository
 
   beforeEach(async () => {
@@ -34,18 +37,28 @@ describe(KeyValueService.name, () => {
 
     service = module.get<KeyValueService>(KeyValueService)
     keyValueRepository = module.get<KeyValueRepository>(KeyValueRepository)
+    testPrismaService = module.get<TestPrismaService>(TestPrismaService)
 
+    await testPrismaService.truncateAll()
+
+    // TODO: (@wcalderipe, 05/03/24): The onApplicationBootstrap performs
+    // multiple side-effects including writing to the storage to set up the
+    // encryption.
     await module.get<EncryptionService>(EncryptionService).onApplicationBootstrap()
   })
 
+  afterAll(async () => {
+    await testPrismaService.truncateAll()
+  })
+
   describe('set', () => {
     it('sets encrypted value in the key-value storage', async () => {
       const key = 'test-key'
       const value = 'not encrypted value'
 
       await service.set(key, value)
 
-      expect(await keyValueRepository.get(key)).not.toEqual(value)
+      // expect(await keyValueRepository.get(key)).not.toEqual(value)
       expect(await service.get(key)).toEqual(value)
     })
   })

apps/policy-engine/src/shared/module/key-value/core/service/key-value.service.ts

@@ -19,21 +19,25 @@ export class KeyValueService {
   ) {}
 
   async get(key: string): Promise<string | null> {
-    const encryptedValue = await this.keyValueRepository.get(key)
+    // const encryptedValue = await this.keyValueRepository.get(key)
 
-    if (encryptedValue) {
-      const value = await this.encryptionService.decrypt(Buffer.from(encryptedValue, 'hex'))
+    // if (encryptedValue) {
+    //   const value = await this.encryptionService.decrypt(Buffer.from(encryptedValue, 'hex'))
 
-      return value.toString()
-    }
+    //   return value.toString()
+    // }
 
-    return null
+    // return null
+
+    return this.keyValueRepository.get(key)
   }
 
   async set(key: string, value: string): Promise<boolean> {
-    const encryptedValue = await this.encryptionService.encrypt(value)
+    // const encryptedValue = await this.encryptionService.encrypt(value)
+
+    // return this.keyValueRepository.set(key, encryptedValue.toString('hex'))
 
-    return this.keyValueRepository.set(key, encryptedValue.toString('hex'))
+    return this.keyValueRepository.set(key, value)
   }
 
   async delete(key: string): Promise<boolean> {

apps/policy-engine/src/shared/module/persistence/persistence.module.ts

@@ -1,8 +1,11 @@
 import { Module } from '@nestjs/common'
+import { ConfigModule } from '@nestjs/config'
+import { load } from '../../../policy-engine.config'
 import { PrismaService } from './service/prisma.service'
 import { TestPrismaService } from './service/test-prisma.service'
 
 @Module({
+  imports: [ConfigModule.forRoot({ load: [load] })],
   exports: [PrismaService, TestPrismaService],
   providers: [PrismaService, TestPrismaService]
 })

apps/policy-engine/src/shared/schema/engine.schema.ts

@@ -0,0 +1,7 @@
+import { z } from 'zod'
+
+export const engineSchema = z.object({
+  id: z.string(),
+  masterKey: z.string(),
+  adminApiKey: z.string()
+})

apps/policy-engine/src/shared/types/domain.type.ts

@@ -7,10 +7,13 @@ import {
 } from '@narval/policy-engine-shared'
 import { Intent } from '@narval/transaction-request-intent'
 import { z } from 'zod'
+import { engineSchema } from '../schema/engine.schema'
 import { tenantSchema } from '../schema/tenant.schema'
 
 export type Tenant = z.infer<typeof tenantSchema>
 
+export type Engine = z.infer<typeof engineSchema>
+
 export type RegoInput = {
   action: Action
   intent?: Intent

doc/policy-engine-architecture.md

@@ -11,12 +11,12 @@ columns 1
   end
   space
   block:Storage
-    StorageBackend["Storage Backend"] 
+    StorageBackend["Storage Backend"]
     PolicyStore["Policy Store"]
     EntityStore["Entity Store"]
   end
   Core -- "evaluates" --> OPA
-  Engine -- "reads/writes" --> StorageBackend 
+  Engine -- "reads/writes" --> StorageBackend
   Engine -- "reads" --> PolicyStore
   Engine -- "reads" --> EntityStore
 ```

packages/signature/src/lib/types.ts

@@ -22,7 +22,7 @@ export const Alg = {
 
 export type Alg = (typeof Alg)[keyof typeof Alg]
 
-export const Use  = {
+export const Use = {
   SIG: 'sig',
   ENC: 'enc'
 } as const

packages/signature/src/lib/utils.ts

@@ -1,4 +1,4 @@
-import { Alg, KeyTypes, Curves } from './types'
+import { Alg, Curves, KeyTypes } from './types'
 
 export const algToJwk = (
   alg: Alg