Skip to content

feat: issuance process pending guard #844

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
thomasrutger wants to merge 10 commits into
base: main
Choose a base branch
from
Open

feat: issuance process pending guard #844

thomasrutger wants to merge 10 commits into from
+215 −8

Conversation

@thomasrutger
Copy link
Contributor

@thomasrutger thomasrutger commented Oct 30, 2025

What this PR changes/adds

Introduces a pending guard that can stall an issuance process (on the issuer side), until some external condition is met.

Why it does that

In some circumstances it may be desirable to stall issuance until an external process validates the request, such as a manual approval procedure.

Further notes

I noticed that the following block in DcpIssuanceFlowEndToEndTest checked for the process to be in the ISSUED state, not the REQUESTED state. I assumed this was incorrect and changed it such that it works with the updated test layout.

        // wait for the request status to be requested on the holder side
        await().pollInterval(INTERVAL)
                .atMost(TIMEOUT)
                .untilAsserted(() -> assertThat(identityHub.getCredentialRequestForParticipant(PARTICIPANT_ID)).hasSize(1)
                        .allSatisfy(t -> {
                            assertThat(t.getState()).isEqualTo(HolderRequestState.ISSUED.code());
                            assertThat(t.getHolderPid()).isEqualTo("test-request-id");
                        }));

Who will sponsor this feature?

@paullatzelsperger

Linked Issue(s)

Closes #829

@paullatzelsperger paullatzelsperger added the enhancement New feature or request label Oct 30, 2025
@thomasrutger
Copy link
Contributor Author

thomasrutger commented Oct 31, 2025

@paullatzelsperger Should I also update DcpAnonymousIssuanceFlowEndToEndTest and/or DcpIssuanceFlowAllInOneTest?

@paullatzelsperger
Copy link
Member

paullatzelsperger commented Nov 3, 2025

@paullatzelsperger Should I also update DcpAnonymousIssuanceFlowEndToEndTest and/or DcpIssuanceFlowAllInOneTest?

The anonymous test may be useful. the all-in-one less so, because it tests a different scenario.

@thomasrutger thomasrutger force-pushed the feat/issuance-process-pending-guard branch from 06cc63e to 41258cb Compare November 5, 2025 10:02
@thomasrutger thomasrutger marked this pull request as ready for review November 5, 2025 10:16
@thomasrutger thomasrutger requested a review from a team as a code owner November 5, 2025 10:16
paullatzelsperger
paullatzelsperger reviewed Nov 11, 2025
View reviewed changes
Copy link
Member

@paullatzelsperger paullatzelsperger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good, some minor refactoring is required in the E2E tests

...st/java/org/eclipse/edc/identityhub/tests/dcp/flow/DcpAnonymousIssuanceFlowEndToEndTest.java Outdated
assertThat(t.getHolderPid()).isEqualTo("test-request-id");
}));

// wait for the issuance process to be pending on the issuer side
Copy link
Member

@paullatzelsperger paullatzelsperger Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please move the pending guard test into a second test method issuanceFlow_withGuard leaving the original method untouched. Yes, that might duplicate some code, but that second method would only need to assert that the issuance process does not advance automatically and remains in the given state.

...ts/src/test/java/org/eclipse/edc/identityhub/tests/dcp/flow/DcpIssuanceFlowEndToEndTest.java
assertThat(t.getHolderPid()).isEqualTo("test-request-id");
}));


Copy link
Member

@paullatzelsperger paullatzelsperger Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment in the anonymous holder test

...in/java/org/eclipse/edc/issuerservice/store/sql/issuanceprocess/SqlIssuanceProcessStore.java
process.getUpdatedAt(),
toJson(process.getTraceContext()),
process.getErrorDetail(),
process.isPending(),
Copy link
Member

@paullatzelsperger paullatzelsperger Nov 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should probably be explicitly asserted in a test as well

@thomasrutger thomasrutger force-pushed the feat/issuance-process-pending-guard branch from 41258cb to def8ffa Compare November 14, 2025 18:57
@thomasrutger
Copy link
Contributor Author

thomasrutger commented Nov 14, 2025

@paullatzelsperger

  1. I split the e2e tests with a separate tests for the guard. note that I had to change the original test by explicitly getting the issuance processes by holderPid. Runtimes are not cleaned up in between tests and that would result in failed assertions (number of processes must match 1). A cleanup hook would also work, but I figured that would slow down the test and this works as well. Let me know if this is acceptable.
  2. I added a test to IssuanceProcessStoreTestBase to test persistence of the pending flag.
  3. After switching the first holder-side check from ISSUED to REQUESTED the test became flaky because the request often advances to ISSUED before await() runs. I reverted that change to keep it stable. That said, the current order still feels odd—it asserts the holder reaches ISSUED before verifying the issuer reached DELIVERED. Would it make sense to first wait for the issuer to hit DELIVERED, then assert the holder is ISSUED, so the checks line up with the real lifecycle?

@paullatzelsperger paullatzelsperger self-requested a review November 21, 2025 12:28
@paullatzelsperger
Copy link
Member

paullatzelsperger commented Nov 21, 2025

@thomasrutger our typical work model on PRs is once you've resolved all comments, or post replies to comments, you re-request the review to let the reviewer know you're ready for another round.
That way, we have it in our to-to list, and it limits the scope of subsequent changes, which makes the review process easier.

paullatzelsperger
paullatzelsperger reviewed Nov 21, 2025
View reviewed changes
...st/java/org/eclipse/edc/identityhub/tests/dcp/flow/DcpAnonymousIssuanceFlowEndToEndTest.java Outdated
.header("Location", Matchers.endsWith("/credentials/request/test-request-with-guard-id"));

// wait for the request status to be requested on the holder side
await().pollInterval(INTERVAL)
Copy link
Member

@paullatzelsperger paullatzelsperger Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this assertion is not needed: we are only interesting the issuer-side request to have the pending flag set, i.e the assertion in line #244

...ts/src/test/java/org/eclipse/edc/identityhub/tests/dcp/flow/DcpIssuanceFlowEndToEndTest.java Outdated
.header("Location", Matchers.endsWith("/credentials/request/test-request-with-guard-id"));

// wait for the request status to be requested on the holder side
await().pollInterval(INTERVAL)
Copy link
Member

@paullatzelsperger paullatzelsperger Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comment in the anonymous test

...a/org/eclipse/edc/issuerservice/spi/issuance/process/store/IssuanceProcessStoreTestBase.java Outdated
}

@Test
void shouldPersistPendingFlag() {
Copy link
Member

@paullatzelsperger paullatzelsperger Nov 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this tests the update case, and technically the read case, but not the insert case. I would expect one method update_shouldPersistPendingFlag and insert_shouldPersistPendingFlag

@thomasrutger thomasrutger force-pushed the feat/issuance-process-pending-guard branch 2 times, most recently from b342cb9 to deff0e6 Compare November 27, 2025 16:37
@thomasrutger thomasrutger force-pushed the feat/issuance-process-pending-guard branch from deff0e6 to b780dc9 Compare November 28, 2025 14:51
@github-actions
Copy link

github-actions bot commented Dec 16, 2025

This pull request is stale because it has been open for 14 days with no activity.

@github-actions github-actions bot added the stale label Dec 16, 2025
@github-actions
Copy link

github-actions bot commented Dec 23, 2025

This pull request was closed because it has been inactive for 7 days since being marked as stale.

@github-actions github-actions bot closed this Dec 23, 2025
@wolf4ood wolf4ood reopened this Dec 23, 2025
@wolf4ood wolf4ood removed the stale label Dec 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paullatzelsperger paullatzelsperger Awaiting requested review from paullatzelsperger

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enable PendingGuards in issuer state machine

3 participants

@thomasrutger @paullatzelsperger @wolf4ood