Merge branch 'main' of github.com:juspay/hyperswitch into refactor-ru…

…stman-runner

* 'main' of github.com:juspay/hyperswitch: (22 commits)
  chore(version): 2024.02.28.0
  chore(postman): update Postman collection files
  fix(connector): [AUTHORIZEDOTNET] Fix status mapping (#3845)
  refactor(router): added logs health and deep health (#3780)
  feat(roles): Change list roles, get role and authorization info api to respond with groups (#3837)
  fix(core): validate amount_to_capture in payment update (#3830)
  refactor(connector): [Square] change error message from NotSupported to NotImplemented (#2875)
  feat(router): add connector mit related columns to the payment methods table (#3764)
  ci(postman): refactor NMI postman collection (#3805)
  refactor(connector): [Braintree] Mask PII data (#3759)
  refactor(connector): [Forte] Mask PII data (#3824)
  refactor(compatibility): added compatibility layer request logs (#3774)
  refactor(payment_methods): introduce `locker_id` column in `payment_methods` table (#3760)
  feat(connector): mask pii information in connector request and response for stripe, aci, adyen, airwallex  and authorizedotnet (#3678)
  chore(version): 2024.02.27.0
  fix(core): do not construct request if it is already available (#3826)
  refactor: incorporate `hyperswitch_interface` into router (#3669)
  feat: add unique constraint restriction for KV (#3723)
  feat(connector): [Payme] Add Void flow to Payme (#3817)
  refactor(connector): [Cybersource] Mask PII data  (#3786)
  ...

.github/workflows/postman-collection-runner.yml

@@ -61,7 +61,7 @@ jobs:
           CONNECTOR_AUTH_PASSPHRASE: ${{ secrets.CONNECTOR_AUTH_PASSPHRASE }}
           CONNECTOR_CREDS_S3_BUCKET_URI: ${{ secrets.CONNECTOR_CREDS_S3_BUCKET_URI}}
           DESTINATION_FILE_NAME: "connector_auth.toml.gpg"
-          S3_SOURCE_FILE_NAME: "cf05a6ab-525e-4888-98b3-3b4a443b87c0.toml.gpg"
+          S3_SOURCE_FILE_NAME: "95aa1243-4caa-4539-a65a-723aa5cbe3d7.toml.gpg"
         shell: bash
         run: |
           mkdir -p ${HOME}/target/secrets ${HOME}/target/test

.github/workflows/validate-openapi-spec.yml

@@ -80,6 +80,6 @@ jobs:
         shell: bash
         run: |
           if ! git diff --quiet --exit-code -- openapi/openapi_spec.json ; then
-            echo '::error::The OpenAPI spec file is not up-to-date. Please re-generate the OpenAPI spec file using `cargo run --features openapi -- generate-openapi-spec` and commit it.'
+            echo '::error::The OpenAPI spec file is not up-to-date. Please re-generate the OpenAPI spec file using `cargo run -p openapi` and commit it.'
             exit 1
           fi

CHANGELOG.md

@@ -4,6 +4,73 @@ All notable changes to HyperSwitch will be documented here.
 
 - - -
 
+## 2024.02.28.0
+
+### Features
+
+- **connector:** Mask pii information in connector request and response for stripe, aci, adyen, airwallex and authorizedotnet ([#3678](https://github.com/juspay/hyperswitch/pull/3678)) ([`1c6913b`](https://github.com/juspay/hyperswitch/commit/1c6913be747bd3da53fa2b48e339810bb30226e7))
+- **roles:** Change list roles, get role and authorization info api to respond with groups ([#3837](https://github.com/juspay/hyperswitch/pull/3837)) ([`fbe9d2f`](https://github.com/juspay/hyperswitch/commit/fbe9d2f19e9c0ca3af45a60e3d82b3ea774e11ce))
+- **router:** Add connector mit related columns to the payment methods table ([#3764](https://github.com/juspay/hyperswitch/pull/3764)) ([`5b8c261`](https://github.com/juspay/hyperswitch/commit/5b8c261d1ec34fab850c33f5d59d46255c7ebe4f))
+
+### Bug Fixes
+
+- **connector:** [AUTHORIZEDOTNET] Fix status mapping ([#3845](https://github.com/juspay/hyperswitch/pull/3845)) ([`f4d0e2b`](https://github.com/juspay/hyperswitch/commit/f4d0e2b441a25048186be4b9d0871e2473a6f357))
+- **core:** Validate amount_to_capture in payment update ([#3830](https://github.com/juspay/hyperswitch/pull/3830)) ([`04e9734`](https://github.com/juspay/hyperswitch/commit/04e9734800a9011d9ae7bd43f75c90a75a9a9334))
+
+### Refactors
+
+- **compatibility:** Added compatibility layer request logs ([#3774](https://github.com/juspay/hyperswitch/pull/3774)) ([`cd1a17b`](https://github.com/juspay/hyperswitch/commit/cd1a17bcd260629aad7548ff274f5512c37bfab7))
+- **connector:**
+  - [Forte] Mask PII data ([#3824](https://github.com/juspay/hyperswitch/pull/3824)) ([`bd890b0`](https://github.com/juspay/hyperswitch/commit/bd890b0715ff5b77b8d1769083fa3e6c965e6dc3))
+  - [Braintree] Mask PII data ([#3759](https://github.com/juspay/hyperswitch/pull/3759)) ([`3e87d44`](https://github.com/juspay/hyperswitch/commit/3e87d4468193cb4f60cd7b9fe93f2eba9250eeb5))
+  - [Square] change error message from NotSupported to NotImplemented ([#2875](https://github.com/juspay/hyperswitch/pull/2875)) ([`0626ca9`](https://github.com/juspay/hyperswitch/commit/0626ca968576709a3559243f5a64e742201dbf91))
+- **payment_methods:** Introduce `locker_id` column in `payment_methods` table ([#3760](https://github.com/juspay/hyperswitch/pull/3760)) ([`3856226`](https://github.com/juspay/hyperswitch/commit/385622678f764b2bdb67423be0e5c8f055dd0b7c))
+- **router:** Added logs health and deep health ([#3780](https://github.com/juspay/hyperswitch/pull/3780)) ([`cd82228`](https://github.com/juspay/hyperswitch/commit/cd8222820a19c53dbc0a0abe6f8ab3408cb7b13f))
+
+### Miscellaneous Tasks
+
+- **postman:** Update Postman collection files ([`8862746`](https://github.com/juspay/hyperswitch/commit/88627463eacd86bf3c8726ea4a08aedb6236ca32))
+
+**Full Changelog:** [`2024.02.27.0...2024.02.28.0`](https://github.com/juspay/hyperswitch/compare/2024.02.27.0...2024.02.28.0)
+
+- - -
+
+## 2024.02.27.0
+
+### Features
+
+- **connector:** [Payme] Add Void flow to Payme ([#3817](https://github.com/juspay/hyperswitch/pull/3817)) ([`9aabb14`](https://github.com/juspay/hyperswitch/commit/9aabb14a60f821769ccc61013368fb9683711d94))
+- **payouts:** Extend routing capabilities to payout operation ([#3531](https://github.com/juspay/hyperswitch/pull/3531)) ([`75c633f`](https://github.com/juspay/hyperswitch/commit/75c633fc7c37341177597041ccbcdfc3cf9e236f))
+- Add unique constraint restriction for KV ([#3723](https://github.com/juspay/hyperswitch/pull/3723)) ([`c117f8e`](https://github.com/juspay/hyperswitch/commit/c117f8ec638536d7ca92603ddadba59793b232de))
+
+### Bug Fixes
+
+- **core:** Do not construct request if it is already available ([#3826](https://github.com/juspay/hyperswitch/pull/3826)) ([`84d91a7`](https://github.com/juspay/hyperswitch/commit/84d91a7b344df47899ff31a87b86b8410c204f95))
+
+### Refactors
+
+- **connector:** [Cybersource] Mask PII data ([#3786](https://github.com/juspay/hyperswitch/pull/3786)) ([`a5cb6bb`](https://github.com/juspay/hyperswitch/commit/a5cb6bb5a456e8c435bbe0b561aa4d8a6f29ad87))
+- Incorporate `hyperswitch_interface` into router ([#3669](https://github.com/juspay/hyperswitch/pull/3669)) ([`2185cd3`](https://github.com/juspay/hyperswitch/commit/2185cd38c1ddf08d9dbb7a320b627fc03f0e7026))
+
+**Full Changelog:** [`2024.02.26.0...2024.02.27.0`](https://github.com/juspay/hyperswitch/compare/2024.02.26.0...2024.02.27.0)
+
+- - -
+
+## 2024.02.26.0
+
+### Features
+
+- **connector:** [BOA/Cybersource] Pass commerce indicator using card network for apple pay ([#3795](https://github.com/juspay/hyperswitch/pull/3795)) ([`54fa309`](https://github.com/juspay/hyperswitch/commit/54fa309b7da5d153855fb684f9655f505b2ba309))
+- **roles:** Add blacklist for roles ([#3794](https://github.com/juspay/hyperswitch/pull/3794)) ([`734327a`](https://github.com/juspay/hyperswitch/commit/734327a957c216511b182151a2f0b27819e7e3bb))
+
+### Bug Fixes
+
+- **cards:** Return a 200 response indicating that a customer is none ([#3773](https://github.com/juspay/hyperswitch/pull/3773)) ([`2c95dcd`](https://github.com/juspay/hyperswitch/commit/2c95dcd19778726f476b219271dc42da182088af))
+
+**Full Changelog:** [`2024.02.23.0...2024.02.26.0`](https://github.com/juspay/hyperswitch/compare/2024.02.23.0...2024.02.26.0)
+
+- - -
+
 ## 2024.02.23.0
 
 ### Features

config/config.example.toml

@@ -115,12 +115,9 @@ route_to_trace = ["*/confirm"]
 # This section provides some secret values.
 [secrets]
 master_enc_key = "sample_key"            # Master Encryption key used to encrypt merchant wise encryption key. Should be 32-byte long.
-admin_api_key = "test_admin"             # admin API key for admin authentication. Only applicable when KMS is disabled.
-kms_encrypted_admin_api_key = ""         # Base64-encoded (KMS encrypted) ciphertext of the admin_api_key. Only applicable when KMS is enabled.
-jwt_secret = "secret"                    # JWT secret used for user authentication. Only applicable when KMS is disabled.
-kms_encrypted_jwt_secret = ""            # Base64-encoded (KMS encrypted) ciphertext of the jwt_secret. Only applicable when KMS is enabled.
-recon_admin_api_key = "recon_test_admin" # recon_admin API key for recon authentication. Only applicable when KMS is disabled.
-kms_encrypted_recon_admin_api_key = ""   # Base64-encoded (KMS encrypted) ciphertext of the recon_admin_api_key. Only applicable when KMS is enabled
+admin_api_key = "test_admin"             # admin API key for admin authentication.
+jwt_secret = "secret"                    # JWT secret used for user authentication.
+recon_admin_api_key = "recon_test_admin" # recon_admin API key for recon authentication.
 
 # Locker settings contain details for accessing a card locker, a
 # PCI Compliant storage entity which stores payment method information
@@ -156,8 +153,6 @@ outgoing_enabled = true
 validity = 1
 
 [api_keys]
-# Base64-encoded (KMS encrypted) ciphertext of the API key hashing key
-kms_encrypted_hash_key = ""
 # Hex-encoded 32-byte long (64 characters long when hex-encoded) key used for calculating hashes of API keys
 hash_key = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
 
@@ -322,11 +317,6 @@ paypal = { currency = "USD,INR", country = "US" }
 # ^------------------------------- any valid payment method type (can be multiple) (for cards this should be card_network)
 # If either currency or country isn't provided then, all possible values are accepted
 
-# AWS KMS configuration. Only applicable when the `aws_kms` feature flag is enabled.
-[kms]
-key_id = "" # The AWS key ID used by the KMS SDK for decrypting data.
-region = "" # The AWS region used by the KMS SDK for decrypting data.
-
 [cors]
 max_age = 30 # Maximum time (in seconds) for which this CORS request may be cached.
 origins = "http://localhost:8080" # List of origins that are allowed to make requests.
@@ -568,3 +558,17 @@ file_storage_backend = "aws_s3"            # File storage backend to be used
 [file_storage.aws_s3]
 region = "us-east-1"                      # The AWS region used by the AWS S3 for file storage
 bucket_name = "bucket1"                   # The AWS S3 bucket name for file storage
+
+[secrets_management]
+secrets_manager = "aws_kms"               # Secrets manager client to be used
+
+[secrets_management.aws_kms]
+key_id = "kms_key_id"                     # The AWS key ID used by the KMS SDK for decrypting data.
+region = "kms_region"                     # The AWS region used by the KMS SDK for decrypting data.
+
+[encryption_management]
+encryption_manager = "aws_kms"            # Encryption manager client to be used
+
+[encryption_management.aws_kms]
+key_id = "kms_key_id"                     # The AWS key ID used by the KMS SDK for decrypting data.
+region = "kms_region"                     # The AWS region used by the KMS SDK for decrypting data.

config/deployments/env_specific.toml

@@ -21,8 +21,7 @@ connection_timeout = 10   # Timeout for database connection in seconds
 queue_strategy = "Fifo"   # Add the queue strategy used by the database bb8 client
 
 [api_keys]
-kms_encrypted_hash_key = "base64_encoded_ciphertext"                          # Base64-encoded (KMS encrypted) ciphertext of the API key hashing key
-hash_key = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" # API key hashing key. Only applicable when KMS is disabled.
+hash_key = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" # API key hashing key.
 
 [applepay_decrypt_keys]
 apple_pay_ppc = "APPLE_PAY_PAYMENT_PROCESSING_CERTIFICATE"         # Payment Processing Certificate provided by Apple Pay (https://developer.apple.com/) Certificates, Identifiers & Profiles > Apple Pay Payment Processing Certificate
@@ -99,11 +98,6 @@ vault_encryption_key = ""       # public key in pem format, corresponding privat
 rust_locker_encryption_key = "" # public key in pem format, corresponding private key in rust locker
 vault_private_key = ""          # private key in pem format, corresponding public key in rust locker
 
-# KMS configuration. Only applicable when the `kms` feature flag is enabled.
-[kms]
-key_id = "" # The AWS key ID used by the KMS SDK for decrypting data.
-region = "" # The AWS region used by the KMS SDK for decrypting data.
-
 # Locker settings contain details for accessing a card locker, a
 # PCI Compliant storage entity which stores payment method information
 # like card details
@@ -201,12 +195,9 @@ region = "report_download_config_region"                     # Region of the buc
 # This section provides some secret values.
 [secrets]
 master_enc_key = "sample_key"            # Master Encryption key used to encrypt merchant wise encryption key. Should be 32-byte long.
-admin_api_key = "test_admin"             # admin API key for admin authentication. Only applicable when KMS is disabled.
-kms_encrypted_admin_api_key = ""         # Base64-encoded (KMS encrypted) ciphertext of the admin_api_key. Only applicable when KMS is enabled.
-jwt_secret = "secret"                    # JWT secret used for user authentication. Only applicable when KMS is disabled.
-kms_encrypted_jwt_secret = ""            # Base64-encoded (KMS encrypted) ciphertext of the jwt_secret. Only applicable when KMS is enabled.
-recon_admin_api_key = "recon_test_admin" # recon_admin API key for recon authentication. Only applicable when KMS is disabled.
-kms_encrypted_recon_admin_api_key = ""   # Base64-encoded (KMS encrypted) ciphertext of the recon_admin_api_key. Only applicable when KMS is enabled
+admin_api_key = "test_admin"             # admin API key for admin authentication.
+jwt_secret = "secret"                    # JWT secret used for user authentication.
+recon_admin_api_key = "recon_test_admin" # recon_admin API key for recon authentication.
 
 # Server configuration
 [server]
@@ -219,3 +210,17 @@ host = "127.0.0.1"
 shutdown_timeout = 30
 # HTTP Request body limit. Defaults to 32kB
 request_body_limit = 32_768
+
+[secrets_management]
+secrets_manager = "aws_kms"               # Secrets manager client to be used
+
+[secrets_management.aws_kms]
+key_id = "kms_key_id"                     # The AWS key ID used by the KMS SDK for decrypting data.
+region = "kms_region"                     # The AWS region used by the KMS SDK for decrypting data.
+
+[encryption_management]
+encryption_manager = "aws_kms"            # Encryption manager client to be used
+
+[encryption_management.aws_kms]
+key_id = "kms_key_id"                     # The AWS key ID used by the KMS SDK for decrypting data.
+region = "kms_region"                     # The AWS region used by the KMS SDK for decrypting data.