feat(rust): introduce disable_trust_context_id argument for authority

examples/rust/get_started/examples/06-credentials-exchange-issuer.rs

@@ -54,7 +54,15 @@ async fn main(ctx: Context) -> Result<()> {
     //
     // For a different application this attested attribute set can be different and
     // distinct for each identifier, but for this example we'll keep things simple.
-    let credential_issuer = CredentialIssuerWorker::new(members.clone(), node.credentials(), &issuer, None, None, None);
+    let credential_issuer = CredentialIssuerWorker::new(
+        members.clone(),
+        node.credentials(),
+        &issuer,
+        "test".to_string(),
+        None,
+        None,
+        true,
+    );
 
     let mut pre_trusted_identities = BTreeMap::<Identifier, PreTrustedIdentity>::new();
     let attributes = PreTrustedIdentity::new(

implementations/rust/ockam/ockam_api/src/authenticator/credential_issuer/credential_issuer.rs

@@ -35,12 +35,13 @@ impl CredentialIssuer {
         members: Arc<dyn AuthorityMembersRepository>,
         credentials: Arc<Credentials>,
         issuer: &Identifier,
-        project_identifier: Option<String>, // Legacy value, should be removed when all clients are updated to the latest version
+        project_identifier: String,
         credential_ttl: Option<Duration>,
         account_authority: Option<AccountAuthorityInfo>,
+        disable_trust_context_id: bool,
     ) -> Self {
         let subject_attributes = AttributesBuilder::with_schema(PROJECT_MEMBER_SCHEMA);
-        let subject_attributes = if let Some(project_identifier) = project_identifier {
+        let subject_attributes = if !disable_trust_context_id {
             // Legacy value, should be removed when all clients are updated to the latest version
             subject_attributes.with_attribute(
                 TRUST_CONTEXT_ID.to_vec(),

implementations/rust/ockam/ockam_api/src/authenticator/credential_issuer/credential_issuer_worker.rs

@@ -24,9 +24,10 @@ impl CredentialIssuerWorker {
         members: Arc<dyn AuthorityMembersRepository>,
         credentials: Arc<Credentials>,
         issuer: &Identifier,
-        project_identifier: Option<String>, // Legacy value, should be removed when all clients are updated to the latest version
+        project_identifier: String,
         credential_ttl: Option<Duration>,
         account_authority: Option<AccountAuthorityInfo>,
+        disable_trust_context_id: bool,
     ) -> Self {
         Self {
             credential_issuer: CredentialIssuer::new(
@@ -36,6 +37,7 @@ impl CredentialIssuerWorker {
                 project_identifier,
                 credential_ttl,
                 account_authority,
+                disable_trust_context_id,
             ),
         }
     }

implementations/rust/ockam/ockam_api/src/authority_node/authority.rs

@@ -228,9 +228,10 @@ impl Authority {
             self.members.clone(),
             self.secure_channels.identities().credentials(),
             &self.identifier,
-            Some(configuration.project_identifier()),
+            configuration.project_identifier(),
             ttl,
             self.account_authority.clone(),
+            configuration.disable_trust_context_id,
         );
 
         let address = DefaultAddress::CREDENTIAL_ISSUER.to_string();

implementations/rust/ockam/ockam_api/src/authority_node/configuration.rs

@@ -52,6 +52,10 @@ pub struct Configuration {
 
     /// Differentiate between admins and enrollers
     pub enforce_admin_checks: bool,
+
+    /// Will not include trust_context_id and project id into credential
+    /// Set to true after old clients are updated
+    pub disable_trust_context_id: bool,
 }
 
 /// Local and private functions for the authority configuration

implementations/rust/ockam/ockam_api/tests/common/common.rs

@@ -39,6 +39,7 @@ pub async fn default_configuration() -> Result<Configuration> {
         okta: None,
         account_authority: None,
         enforce_admin_checks: false,
+        disable_trust_context_id: false,
     };
 
     // Hack to create Authority Identity using the same vault and storage

implementations/rust/ockam/ockam_api/tests/credential_issuer.rs

@@ -70,9 +70,10 @@ async fn credential(ctx: &mut Context) -> Result<()> {
         members,
         identities.credentials(),
         &auth_identifier,
+        "test".to_string(),
         None,
         None,
-        None,
+        true,
     );
     ctx.start_worker(auth_worker_addr.clone(), auth).await?;
 

implementations/rust/ockam/ockam_command/src/authority/create.rs

@@ -101,9 +101,14 @@ pub struct CreateCommand {
     #[arg(long, value_name = "ACCOUNT_AUTHORITY_CHANGE_HISTORY", default_value = None)]
     account_authority: Option<String>,
 
-    /// Enforce distintion between admins and enrollers
+    /// Enforce distinction between admins and enrollers
     #[arg(long, value_name = "ENFORCE_ADMIN_CHECKS", default_value_t = false)]
     enforce_admin_checks: bool,
+
+    /// Not include trust context id and project id into the credential
+    /// TODO: Set to true after old clients are updated
+    #[arg(long, value_name = "DISABLE_TRUST_CONTEXT_ID", default_value_t = false)]
+    disable_trust_context_id: bool,
 }
 
 impl CreateCommand {
@@ -192,6 +197,9 @@ impl CreateCommand {
         if self.enforce_admin_checks {
             args.push("--enforce-admin-checks".to_string());
         }
+        if self.disable_trust_context_id {
+            args.push("--disable_trust_context_id".to_string());
+        }
         args.push(self.node_name.to_string());
 
         run_ockam(args).await
@@ -318,6 +326,7 @@ impl CreateCommand {
             okta: okta_configuration,
             account_authority,
             enforce_admin_checks: self.enforce_admin_checks,
+            disable_trust_context_id: self.disable_trust_context_id,
         };
 
         authority_node::start_node(ctx, &configuration)