-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #491 from catenax-ng/main
Merge from CatenaX
- Loading branch information
Showing
41 changed files
with
627 additions
and
118 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
name: "Publish OpenAPI to Swaggerhub" | ||
|
||
on: | ||
workflow_call: | ||
inputs: | ||
version: | ||
required: true | ||
description: Version that will be published to Swaggerhub | ||
type: string | ||
|
||
jobs: | ||
swagger-api: | ||
runs-on: ubuntu-latest | ||
env: | ||
SWAGGERHUB_API_KEY: ${{ secrets.SWAGGERHUB_API_KEY }} | ||
SWAGGERHUB_USER: ${{ secrets.SWAGGERHUB_USER }} | ||
DOWNSTREAM_VERSION: ${{ inputs.version }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
|
||
- name: Set up JDK 17 | ||
uses: actions/setup-java@v4 | ||
with: | ||
java-version: '17' | ||
distribution: 'temurin' | ||
|
||
- name: Setup node | ||
uses: actions/setup-node@v4 | ||
|
||
- name: Install Swagger CLI | ||
run: | | ||
npm i -g swaggerhub-cli | ||
# create API, will fail if exists | ||
- name: Create API | ||
continue-on-error: true | ||
run: | | ||
swaggerhub api:create ${{ env.SWAGGERHUB_USER }}/item-relationship-service/${{ env.DOWNSTREAM_VERSION }} -f docs/src/api/irs-api.yaml --visibility=public --published=unpublish | ||
# Post the API to SwaggerHub as "unpublished", because published APIs cannot be overwritten | ||
- name: Publish API Specs to SwaggerHub | ||
run: | | ||
if [[ ${{ env.DOWNSTREAM_VERSION }} != *-SNAPSHOT ]]; then | ||
echo "[INFO] - no snapshot, will set the API to 'published'"; | ||
swaggerhub api:update ${{ env.SWAGGERHUB_USER }}/item-relationship-service/${{ env.DOWNSTREAM_VERSION }} -f docs/src/api/irs-api.yaml --visibility=public --published=publish | ||
swaggerhub api:setdefault ${{ env.SWAGGERHUB_USER }}/item-relationship-service/${{ env.DOWNSTREAM_VERSION }} | ||
else | ||
echo "[INFO] - snapshot, will set the API to 'unpublished'"; | ||
swaggerhub api:update ${{ env.SWAGGERHUB_USER }}/item-relationship-service/${{ env.DOWNSTREAM_VERSION }} -f docs/src/api/irs-api.yaml --visibility=public --published=unpublish | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
87 changes: 87 additions & 0 deletions
87
.../#438-investigation-dDTR-api-endpoints/#438-investigation-dDTR-api-endpoints.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
# \[Concept\] \[#ID#\] Summary | ||
|
||
| Key | Value | | ||
|---------------|---------------------------------------------------------------------------------| | ||
| Creation date | 14.03.2024 | | ||
| Ticket Id | [#438](https://github.com/eclipse-tractusx/item-relationship-service/issues/438) | | ||
| State | WIP | | ||
|
||
## Table of Contents | ||
|
||
1. [Overview](#overview) | ||
2. [Summary](#summary) | ||
4. [Assessment](#assessment) | ||
9. [Glossary](#glossary) | ||
10. [References](#references) | ||
|
||
## Overview | ||
The goal of this concept is to determine the impact on the IRS resulting from the new EDC extension "Policy Enforcement". | ||
To this end, the API and the necessary changes to the IRS must be determined, documented and, if necessary, issues derived from them. | ||
|
||
## Summary | ||
Extension of reference implementation of Digital Twin Registry (DTR) in Catena-X for scalable access management to Asset Administration Shells (AAS) and adhering Submodel server(s). | ||
|
||
## Assessment | ||
|
||
- IRS uses the EDC for any request to the dDTR and Submodel Server | ||
|
||
### Request Sequence (A) to API /lookup/shells | ||
|
||
**(1.) Data request from consumer EDC to provider EDC (A1)** | ||
The API /lookup/shells is used in IRS. IRS used the globalAssetId to filter for a specific asset. The BPNL is injected to DTR request header via the EDC and the credential stored in the MIW. | ||
This will work as intended. | ||
**specificAssetIds** is not used by the IRS for filter for AAS assets. | ||
|
||
**(2.) API request by consumer EDC to DTR via provider EDC (A2)** | ||
**(3.) DTR receives request and sends response to consumer EDC (A3)** | ||
Communication only between the participants EDC and the DTR. The BPNL is injected into the request header of the dDTR by the EDC. | ||
|
||
[x] No impact on IRS | ||
|
||
### Request Sequence (B) to API /shell-descriptors/{aasIdentifier} | ||
|
||
**(1.) Data request from consumer EDC to provider EDC (B1)** | ||
**(2.) API request by consumer EDC to DTR via provider EDC (B2)** | ||
**(3.) DTR receives request and sends response to consumer EDC (B3)** | ||
Communication only between the participants EDC and the DTR. The BPNL is injected into the request header of the dDTR by the EDC. | ||
|
||
[x] No impact on IRS | ||
|
||
### Request Sequence (C) to Submodel Server | ||
|
||
**(1.) Data request from consumer EDC to provider EDC (C1)** | ||
**(2.) API request by consumer EDC to DTR for check on access (C2i)** | ||
Communication only between the participants EDC and the DTR. The BPNL is injected into the request header of the dDTR by the EDC. | ||
|
||
[x] No impact on IRS | ||
|
||
### An additional API (outside the definition of the asset administration shells) is required to manage access rules. | ||
Only required for data providers. | ||
|
||
[x] No impact on IRS | ||
|
||
### Impact: | ||
|
||
Outlines the impact of the proposed solution, including the need for an EDC extension, additional APIs in the DTR, and the benefits to data providers utilizing this access management approach. | ||
For the IRS as a data consumer there seem to be no impact and no changes required. | ||
|
||
## Conclusion | ||
No scalable access to attributes is required on the part of the irs. This is the responsibility of data providers such as bps. Trace-X. IRS uses the globalAssetIds to search for assets. For this reason, no dependency on the concept could be determined. | ||
No impact on data consumers. | ||
|
||
### AAS_Access_v3_Architecture | ||
|
||
![AAS_Access_v3_Architecture.jpg](AAS_Access_v3_Architecture.jpg) | ||
|
||
## Glossary | ||
|
||
| Abbreviation | Name | | ||
|--------------|---------------------------| | ||
| CRUD | Create Read Update Delete | | ||
| MIW | Managed Identity Wallet | | ||
| AAS | Asset Adminstration Shell | | ||
|
||
## References | ||
- [Concept of CRUD API for Access management APIs](https://github.com/eclipse-tractusx/sldt-digital-twin-registry/issues/291) | ||
- [Implementation for Access management to Digital Twins (via EDC extension)](https://github.com/eclipse-tractusx/sig-release/issues/417) | ||
- [EDC-based Access Control for Asset Administration Shells and Submodel Server](https://github.com/eclipse-tractusx/sig-release/issues/417#issuecomment-1883058762) |
Binary file added
BIN
+105 KB
docs/concept/#438-investigation-dDTR-api-endpoints/AAS_Access_v3_Architecture.jpg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.