diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 000000000..c0f8fe3b0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,35 @@ +--- +name: Bug report +about: Create a report to help us improve +title: '' +labels: bug +assignees: '' + +--- + +## Describe the bug +_A clear and concise description of what the bug is._ + +### To Reproduce +_Steps to reproduce the behavior:_ +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +### Expected behavior +_A clear and concise description of what you expected to happen._ + +### Screenshots/Error Messages +_If applicable, add screenshots and/or error messages to help explain your problem._ + +## Context Informations +_Add any other context about the probleme here._ + +- Used version: [e.g. Commit Hash] +- OS: [e.g. Mac OS (M1), Windows, Linux] +- Docker Version: [e.g. 20.10.12] +- `java --version`: + +## Possible Implementation +_You already know the root cause of the erroneous state and how to fix it? Feel free to share your thoughts._ diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 000000000..1b6f25b87 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,23 @@ +--- +name: Feature request +about: Suggest an idea for this project +title: '' +labels: enhancement +assignees: '' + +--- + +_If you are missing a feature or have an idea how to improve this project that should first be +discussed, please feel free to open up a [discussion](https://github.com/catenax-ng/catena-x-edc/discussions/categories/ideas)._ + +**Is your feature request related to a problem? Please describe.** +_A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]_ + +**Describe the solution you'd like** +_A clear and concise description of what you want to happen._ + +**Describe alternatives you've considered** +_A clear and concise description of any alternative solutions or features you've considered._ + +**Additional context** +_Add any other context or screenshots about the feature request here._ diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 5ddf2f6a7..fe7de904a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,6 +1,15 @@ --- version: 2 updates: + - + package-ecosystem: "gitsubmodule" + target-branch: develop + directory: "/" + labels: + - "dependabot" + - "edc" + schedule: + interval: "daily" - package-ecosystem: "github-actions" target-branch: develop @@ -28,10 +37,28 @@ updates: - "docker" schedule: interval: "daily" + - + package-ecosystem: "docker" + target-branch: develop + directory: "edc-controlplane/edc-controlplane-memory/src/main/docker" + labels: + - "dependabot" + - "docker" + schedule: + interval: "daily" + - + package-ecosystem: "docker" + target-branch: develop + directory: "edc-controlplane/edc-controlplane-postgresql/src/main/docker" + labels: + - "dependabot" + - "docker" + schedule: + interval: "daily" - package-ecosystem: "maven" target-branch: develop - directory: "edc-controlplane/edc-controlplane-cosmosdb/src/main/docker" + directory: / labels: - "dependabot" - "dependencies" diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index af70ed3ca..a6f2ff925 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -5,6 +5,7 @@ on: push: branches: - main + - develop tags: - '[0-9]+.[0-9]+.[0-9]+' pull_request: @@ -12,35 +13,131 @@ on: - '*' jobs: - build: + secret-presence: runs-on: ubuntu-latest + outputs: + CXNG_GHCR_PAT: ${{ steps.secret-presence.outputs.CXNG_GHCR_PAT }} + VERACODE_ID: ${{ steps.secret-presence.outputs.VERACODE_ID }} + VERACODE_SECRET_KEY: ${{ steps.secret-presence.outputs.VERACODE_SECRET_KEY }} steps: + - name: Check whether secrets exist + id: secret-presence + run: | + [ ! -z "${{ secrets.CXNG_GHCR_PAT }}" ] && echo "::set-output name=CXNG_GHCR_PAT::true" + [ ! -z "${{ secrets.VERACODE_ID }}" ] && echo "::set-output name=VERACODE_ID::true" + [ ! -z "${{ secrets.VERACODE_SECRET_KEY }}" ] && echo "::set-output name=VERACODE_SECRET_KEY::true" - ############## - ### Set-Up ### - ############## + exit 0 + ##################### + ### edc-dataplane ### + ##################### + build-edc-dataplane: + needs: [ secret-presence ] + runs-on: ubuntu-latest + steps: + # Set-Up - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: submodules: recursive - - name: Login to Github Packages - if: github.event_name != 'pull_request' - uses: docker/login-action@v1 + name: Login to GitHub Container Registry + if: | + needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' + uses: docker/login-action@v2 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.CXNG_GHCR_PAT }} - - name: Use specific edc version via git submodule # due to lack of release versions in maven central + name: Set up JDK 11 + uses: actions/setup-java@v3.3.0 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + - + name: Build edc with Gradle to get latest snapshots + run: ./gradlew publishToMavenLocal + working-directory: edc + # Build + - + name: Build edc-dataplane run: |- - [ ! -d "edc" ] && git submodule add https://github.com/eclipse-dataspaceconnector/DataSpaceConnector.git edc - git submodule update --init - git -C edc checkout d429b6cd5e81e0fc79e8f9a0cb1b31888d0900a4 + ./mvnw -s settings.xml -B -pl .,edc-dataplane -am verify + env: + GITHUB_PACKAGE_USERNAME: ${{ github.actor }} + GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} + - + name: edc-dataplane Docker Metadata + id: edc_dataplane_meta + uses: docker/metadata-action@v4 + with: + images: | + ghcr.io/${{ github.repository }}/edc-dataplane + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{raw}} + type=match,pattern=\d.\d.\d + type=sha + - + name: Build edc-dataplane Docker Image + uses: docker/build-push-action@v3 + with: + context: . + file: edc-dataplane/src/main/docker/Dockerfile + build-args: | + JAR=edc-dataplane/target/edc-dataplane.jar + LIB=edc-dataplane/target/lib + push: | + ${{ (needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' && 'true') || 'false' }} + tags: ${{ steps.edc_dataplane_meta.outputs.tags }} + labels: ${{ steps.edc_dataplane_meta.outputs.labels }} + - + name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@v1.0 + if: | + needs.secret-presence.outputs.VERACODE_ID && needs.secret-presence.outputs.VERACODE_SECRET_KEY && contains(' + refs/heads/develop + refs/heads/release/ + refs/tags/ + refs/heads/main', github.ref) + continue-on-error: true + with: + appname: 'product-edc/edc-dataplane' + createprofile: true + version: ${{ github.ref }} + filepath: edc-dataplane/target/edc-dataplane.jar + vid: ${{ secrets.VERACODE_ID }} + vkey: ${{ secrets.VERACODE_SECRET_KEY }} + + ################################# + ### edc-controlplane-memory ### + ################################# + build-edc-controlplane-memory: + needs: [ secret-presence ] + runs-on: ubuntu-latest + steps: + # Set-Up + - + name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + - + name: Login to GitHub Container Registry + if: | + needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.CXNG_GHCR_PAT }} - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@v3.3.0 with: java-version: '11' distribution: 'adopt' @@ -49,10 +146,92 @@ jobs: name: Build edc with Gradle to get latest snapshots run: ./gradlew publishToMavenLocal working-directory: edc + # Build + - + name: Build edc-controlplane-memory + run: |- + ./mvnw -s settings.xml -B -pl .,edc-controlplane/edc-controlplane-memory -am verify + env: + GITHUB_PACKAGE_USERNAME: ${{ github.actor }} + GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} + - + name: edc-controlplane-memory Docker Metadata + id: edc_controlplane_memory_meta + uses: docker/metadata-action@v4 + with: + images: | + ghcr.io/${{ github.repository }}/edc-controlplane-memory + tags: | + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{raw}} + type=match,pattern=\d.\d.\d + type=sha + - + name: Build edc-controlplane-memory Docker Image + uses: docker/build-push-action@v3 + with: + context: . + file: edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile + build-args: | + JAR=edc-controlplane/edc-controlplane-memory/target/edc-controlplane-memory.jar + LIB=edc-controlplane/edc-controlplane-memory/target/lib + push: | + ${{ (needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' && 'true') || 'false' }} + tags: ${{ steps.edc_controlplane_memory_meta.outputs.tags }} + labels: ${{ steps.edc_controlplane_memory_meta.outputs.labels }} + - + name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@v1.0 + if: | + needs.secret-presence.outputs.VERACODE_ID && needs.secret-presence.outputs.VERACODE_SECRET_KEY && contains(' + refs/heads/develop + refs/heads/release/ + refs/tags/ + refs/heads/main', github.ref) + continue-on-error: true + with: + appname: 'product-edc/edc-controlplane-memory' + createprofile: true + version: ${{ github.ref }} + filepath: edc-controlplane/edc-controlplane-memory/target/edc-controlplane-memory.jar + vid: ${{ secrets.VERACODE_ID }} + vkey: ${{ secrets.VERACODE_SECRET_KEY }} - ################################# - ### edc-controlplane-cosmosdb ### - ################################# + ################################# + ### edc-controlplane-cosmosdb ### + ################################# + build-edc-controlplane-cosmosdb: + needs: [ secret-presence ] + runs-on: ubuntu-latest + steps: + # Set-Up + - + name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + - + name: Login to GitHub Container Registry + if: | + needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.CXNG_GHCR_PAT }} + - + name: Set up JDK 11 + uses: actions/setup-java@v3.3.0 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + - + name: Build edc with Gradle to get latest snapshots + run: ./gradlew publishToMavenLocal + working-directory: edc + # Build - name: Build edc-controlplane-cosmosdb run: |- @@ -61,12 +240,12 @@ jobs: GITHUB_PACKAGE_USERNAME: ${{ github.actor }} GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} - - name: Docker Metadata + name: edc-controlplane-cosmosdb Docker Metadata id: edc_controlplane_cosmosdb_meta - uses: docker/metadata-action@v3 + uses: docker/metadata-action@v4 with: images: | - ghcr.io/catenax-ng/catena-x-edc/edc-controlplane-cosmosdb + ghcr.io/${{ github.repository }}/edc-controlplane-cosmosdb tags: | type=ref,event=branch type=ref,event=pr @@ -74,34 +253,84 @@ jobs: type=match,pattern=\d.\d.\d type=sha - - name: Build Docker Image - uses: docker/build-push-action@v2 + name: Build edc-controlplane-cosmosdb Docker Image + uses: docker/build-push-action@v3 with: context: . file: edc-controlplane/edc-controlplane-cosmosdb/src/main/docker/Dockerfile build-args: | JAR=edc-controlplane/edc-controlplane-cosmosdb/target/edc-controlplane-cosmosdb.jar - push: ${{ github.event_name != 'pull_request' }} + LIB=edc-controlplane/edc-controlplane-cosmosdb/target/lib + push: | + ${{ (needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' && 'true') || 'false' }} tags: ${{ steps.edc_controlplane_cosmosdb_meta.outputs.tags }} labels: ${{ steps.edc_controlplane_cosmosdb_meta.outputs.labels }} + - + name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@v1.0 + if: | + needs.secret-presence.outputs.VERACODE_ID && needs.secret-presence.outputs.VERACODE_SECRET_KEY && contains(' + refs/heads/develop + refs/heads/release/ + refs/tags/ + refs/heads/main', github.ref) + continue-on-error: true + with: + appname: 'product-edc/edc-controlplane-cosmosdb' + createprofile: true + filepath: edc-controlplane/edc-controlplane-cosmosdb/target/edc-controlplane-cosmosdb.jar + version: ${{ github.ref }} + vid: ${{ secrets.VERACODE_ID }} + vkey: ${{ secrets.VERACODE_SECRET_KEY }} - ##################### - ### edc-dataplane ### - ##################### + ################################### + ### edc-controlplane-postgresql ### + ################################### + build-edc-controlplane-postgresql: + needs: [ secret-presence ] + runs-on: ubuntu-latest + steps: + # Set-Up - - name: Build edc-dataplane + name: Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + - + name: Login to Github Packages + if: | + needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.CXNG_GHCR_PAT }} + - + name: Set up JDK 11 + uses: actions/setup-java@v3.3.0 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + - + name: Build edc with Gradle to get latest snapshots + run: ./gradlew publishToMavenLocal + working-directory: edc + # Build + - + name: Build edc-controlplane-postgresql run: |- - ./mvnw -s settings.xml -B -pl .,edc-dataplane -am verify + ./mvnw -s settings.xml -B -pl .,edc-controlplane/edc-controlplane-postgresql -am verify env: GITHUB_PACKAGE_USERNAME: ${{ github.actor }} GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} - - name: Docker Metadata - id: edc_dataplane_meta - uses: docker/metadata-action@v3 + name: edc-controlplane-postgresql Docker Metadata + id: edc_controlplane_postgresql_meta + uses: docker/metadata-action@v4 with: images: | - ghcr.io/catenax-ng/catena-x-edc/edc-dataplane + ghcr.io/${{ github.repository }}/edc-controlplane-postgresql tags: | type=ref,event=branch type=ref,event=pr @@ -109,13 +338,32 @@ jobs: type=match,pattern=\d.\d.\d type=sha - - name: Build Docker Image - uses: docker/build-push-action@v2 + name: Build edc-controlplane-postgresql Docker Image + uses: docker/build-push-action@v3 with: context: . - file: edc-dataplane/src/main/docker/Dockerfile + file: edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile build-args: | - JAR=edc-dataplane/target/edc-dataplane.jar - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.edc_dataplane_meta.outputs.tags }} - labels: ${{ steps.edc_dataplane_meta.outputs.labels }} + JAR=edc-controlplane/edc-controlplane-postgresql/target/edc-controlplane-postgresql.jar + LIB=edc-controlplane/edc-controlplane-postgresql/target/lib + push: | + ${{ (needs.secret-presence.outputs.CXNG_GHCR_PAT && github.event_name != 'pull_request' && 'true') || 'false' }} + tags: ${{ steps.edc_controlplane_postgresql_meta.outputs.tags }} + labels: ${{ steps.edc_controlplane_postgresql_meta.outputs.labels }} + - + name: Veracode Upload And Scan + uses: veracode/veracode-uploadandscan-action@v1.0 + if: | + needs.secret-presence.outputs.VERACODE_ID && needs.secret-presence.outputs.VERACODE_SECRET_KEY && contains(' + refs/heads/develop + refs/heads/release/ + refs/tags/ + refs/heads/main', github.ref) + continue-on-error: true + with: + appname: 'product-edc/edc-controlplane-postgresql' + createprofile: true + filepath: edc-controlplane/edc-controlplane-postgresql/target/edc-controlplane-postgresql.jar + version: ${{ github.ref }} + vid: ${{ secrets.VERACODE_ID }} + vkey: ${{ secrets.VERACODE_SECRET_KEY }} diff --git a/.github/workflows/draft-new-release.yaml b/.github/workflows/draft-new-release.yaml index c7c0c8900..d298ab174 100644 --- a/.github/workflows/draft-new-release.yaml +++ b/.github/workflows/draft-new-release.yaml @@ -13,7 +13,7 @@ jobs: name: "Draft a new release" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Create release branch run: git checkout -b release/${{ github.event.inputs.version }} @@ -29,7 +29,7 @@ jobs: git config user.email noreply@github.com - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@v3.3.0 with: java-version: '11' distribution: 'adopt' @@ -43,7 +43,7 @@ jobs: GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} - name: Bump version in deployment/helm - uses: mikefarah/yq@v4.24.2 + uses: mikefarah/yq@v4.25.1 with: cmd: |- find deployment/helm -name Chart.yaml | xargs -n1 yq -i '.appVersion = "${{ github.event.inputs.version }}" | .version = "${{ github.event.inputs.version }}"' diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml new file mode 100644 index 000000000..8b49c30b7 --- /dev/null +++ b/.github/workflows/helm-lint.yaml @@ -0,0 +1,63 @@ +--- +name: "Lint helm charts" + +on: + push: + branches: + - main + - develop + tags: + - '[0-9]+.[0-9]+.[0-9]+' + paths-ignore: + - '**' + - '!deployment/helm/**' + pull_request: + branches: + - '*' + paths-ignore: + - '**' + - '!deployment/helm/**' + +jobs: + helm-lint: + runs-on: ubuntu-latest + steps: + ############## + ### Set-Up ### + ############## + - + name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - + name: helm (setup) + uses: azure/setup-helm@v2.1 + with: + version: v3.8.1 + - + name: python (setup) + uses: actions/setup-python@v3 + with: + python-version: 3.7 + - + name: chart-testing (setup) + uses: helm/chart-testing-action@v2.2.1 + ##################### + ### Chart Testing ### + ##################### + - + name: chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --config ct.yaml --target-branch develop) + if [[ -n "$changed" ]]; then + echo "::set-output name=changed::true" + fi + - + name: chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: | + ct lint \ + --config ct.yaml \ + --all diff --git a/.github/workflows/publish-new-release.yml b/.github/workflows/publish-new-release.yml index 734302121..fad49a49c 100644 --- a/.github/workflows/publish-new-release.yml +++ b/.github/workflows/publish-new-release.yml @@ -61,16 +61,13 @@ jobs: prerelease: false - name: Set up JDK 11 - uses: actions/setup-java@v2 + uses: actions/setup-java@v3.3.0 with: java-version: '11' distribution: 'adopt' cache: 'maven' - name: Merge main back into develop and set new snapshot version - env: - GITHUB_PACKAGE_USERNAME: ${{ github.actor }} - GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} run: | # Prepare git env git config user.name "GitHub actions" diff --git a/.gitignore b/.gitignore index 1e4b29306..cb53525fa 100644 --- a/.gitignore +++ b/.gitignore @@ -8,6 +8,10 @@ .idea/**/usage.statistics.xml .idea/**/dictionaries .idea/**/shelf +.vscode/** + +# Macbooks +**/.DS_STORE # Generated files .idea/**/contentModel.xml diff --git a/CHANGELOG.md b/CHANGELOG.md index 11bddf32c..28b4ebc85 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,3 +6,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] + +## [0.0.1] - 2022-05-13 + +[Unreleased]: https://github.com/catenax-ng/product-edc/compare/0.0.1...HEAD + +[0.0.1]: https://github.com/catenax-ng/product-edc/compare/a02601306fed39a88a3b3b18fae98b80791157b9...0.0.1 diff --git a/LICENSE b/LICENSE index 337440099..c815b0d05 100644 --- a/LICENSE +++ b/LICENSE @@ -186,7 +186,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2021 Catena-X + Copyright 2022 Catena-X Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/NOTICE.md b/NOTICE.md new file mode 100644 index 000000000..2886d7b03 --- /dev/null +++ b/NOTICE.md @@ -0,0 +1,254 @@ +# Notices for Catena-X NG Product EDC + +## Copyright + +All content is the property of the respective authors or their employers. For more information regarding authorship of content, please consult the listed source code repository logs. + +## Declared Project Licenses + +This program and the accompanying materials are made available under the terms of the Apache License, Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0. + +SPDX-License-Identifier: Apache-2.0 + +## Source Code + +The project maintains the following source code repositoriy: + +* https://github.com/catenax-ng/product-edc + +## Third-party Content (Overarching All Modules) + +* aas-controller under Apache License 2.0 +* aopalliance version 1.0 repackaged as a module under EPL 2.0 or GPL2 w/ CPE +* Apache Commons Codec under Apache License, Version 2.0 +* Apache Commons Lang under Apache License, Version 2.0 +* Apache Commons Pool under Apache License, Version 2.0 +* apache-commons-pool-sql under Apache License, Version 2.0 +* api-configuration under Apache License, Version 2.0 +* api-core under Apache License, Version 2.0 +* asm under BSD-3-Clause +* ASM based accessors helper used by json-smart under The Apache Software License, Version 2.0 +* asm-analysis under BSD-3-Clause +* asm-commons under BSD-3-Clause +* asm-tree under BSD-3-Clause +* asset-api under Apache License, Version 2.0 +* asset-index-sql under Apache License, Version 2.0 +* assetindex-cosmos under Apache License, Version 2.0 +* auth-spi under Apache License, Version 2.0 +* auth-tokenbased under Apache License, Version 2.0 +* azure-vault under Apache License, Version 2.0 +* Bean Validation API under Apache License 2.0 +* Bouncy Castle ASN.1 Extension and Utility APIs under Bouncy Castle Licence +* Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs under Bouncy Castle Licence +* Bouncy Castle Provider under Bouncy Castle Licence +* business-partner-validation under Apache License 2.0 +* catalog-api under Apache License, Version 2.0 +* catalog-spi under Apache License, Version 2.0 +* Checker Qual under The MIT License +* ClassGraph under The MIT License (MIT) +* common-sql under Apache License, Version 2.0 +* common-util under Apache License, Version 2.0 +* contract under Apache License, Version 2.0 +* contract-definition-store-cosmos under Apache License, Version 2.0 +* contract-negotiation-store-cosmos under Apache License, Version 2.0 +* contract-spi under Apache License, Version 2.0 +* contractagreement-api under Apache License, Version 2.0 +* contractdefinition-api under Apache License, Version 2.0 +* contractdefinition-store-sql under Apache License, Version 2.0 +* contractnegotiation-api under Apache License, Version 2.0 +* contractnegotiation-store-sql under Apache License, Version 2.0 +* control-api under Apache License, Version 2.0 +* Core functionality for the Reactor Netty library under The Apache Software License, Version 2.0 +* core-base under Apache License, Version 2.0 +* core-boot under Apache License, Version 2.0 +* core-defaults under Apache License, Version 2.0 +* core-micrometer under Apache License, Version 2.0 +* core-spi under Apache License, Version 2.0 +* cosmos-common under Apache License, Version 2.0 +* data-management-api under Apache License, Version 2.0 +* data-plane-api under Apache License, Version 2.0 +* data-plane-framework under Apache License, Version 2.0 +* data-plane-http under Apache License, Version 2.0 +* data-plane-spi under Apache License, Version 2.0 +* data-plane-transfer-spi under Apache License, Version 2.0 +* data-plane-transfer-sync under Apache License, Version 2.0 +* dataloading under Apache License, Version 2.0 +* edc-controlplane under Apache License 2.0 +* edc-controlplane-cosmosdb under Apache License 2.0 +* edc-controlplane-memory under Apache License 2.0 +* edc-controlplane-postgresql under Apache License 2.0 +* edc-dataplane under Apache License 2.0 +* edc-extensions under Apache License 2.0 +* Failsafe under Apache License, Version 2.0 +* filesystem-configuration under Apache License, Version 2.0 +* flyway-core under Apache License, Version 2.0 +* HdrHistogram under Public Domain, per Creative Commons CC0 or BSD-2-Clause +* HK2 API module under EPL 2.0 or GPL2 w/ CPE +* HK2 Implementation Utilities under EPL 2.0 or GPL2 w/ CPE +* http under Apache License, Version 2.0 +* HTTP functionality for the Reactor Netty library under The Apache Software License, Version 2.0 +* http-receiver under Apache License, Version 2.0 +* iam-daps under Apache License, Version 2.0 +* iam-mock under Apache License, Version 2.0 +* ids-api-configuration under Apache License, Version 2.0 +* ids-api-multipart-dispatcher-v1 under Apache License, Version 2.0 +* ids-api-multipart-endpoint-v1 under Apache License, Version 2.0 +* ids-api-transform-v1 under Apache License, Version 2.0 +* ids-core under Apache License, Version 2.0 +* ids-spi under Apache License, Version 2.0 +* ids-token-validation under Apache License, Version 2.0 +* IntelliJ IDEA Annotations under The Apache Software License, Version 2.0 +* Jackson datatype: JSR310 under The Apache Software License, Version 2.0 +* Jackson module: Afterburner under The Apache Software License, Version 2.0 +* Jackson module: Jakarta XML Bind Annotations (jakarta.xml.bind) under The Apache Software License, Version 2.0 +* Jackson-annotations under The Apache Software License, Version 2.0 +* Jackson-core under The Apache Software License, Version 2.0 +* jackson-databind under The Apache Software License, Version 2.0 +* Jackson-dataformat-XML under The Apache Software License, Version 2.0 +* Jackson-dataformat-YAML under The Apache Software License, Version 2.0 +* Jakarta Activation under EDL 1.0 +* Jakarta Annotations API under EPL 2.0 or GPL2 w/ CPE +* Jakarta Bean Validation API under Apache License 2.0 +* Jakarta Dependency Injection under The Apache Software License, Version 2.0 +* Jakarta RESTful WS API under EPL-2.0 or GPL-2.0-with-classpath-exception +* Jakarta XML Binding API under Eclipse Distribution License - v 1.0 +* jakarta.transaction API under EPL 2.0 or GPL2 w/ CPE +* java under Apache License, Version 2.0 +* java jwt under The MIT License (MIT) +* Java Native Access under LGPL, version 2.1 or Apache License v2.0 +* Java Native Access Platform under LGPL, version 2.1 or Apache License v2.0 +* Javassist under MPL 1.1 or LGPL 2.1 or Apache License 2.0 +* JCIP Annotations under Apache License under Apache License, Version 2.0 +* jdk-logger-monitor under Apache License, Version 2.0 +* jersey under Apache License, Version 2.0 +* jersey-container-servlet under EPL 2.0 or GPL2 w/ CPE or EDL 1.0 or BSD 2-Clause or Apache License, 2.0 or Public Domain or Modified BSD or jQuery license or MIT license or W3C license +* jersey-container-servlet-core under EPL 2.0 or GPL2 w/ CPE or EDL 1.0 or BSD 2-Clause or Apache License, 2.0 or Public Domain or Modified BSD or jQuery license or MIT license or W3C license +* jersey-core-client under EPL 2.0 or GPL2 w/ CPE or EDL 1.0 or BSD 2-Clause or Apache License, 2.0 or Public Domain or Modified BSD or jQuery license or MIT license or W3C license +* jersey-core-common under EPL 2.0 or The GNU General Public License (GPL), Version 2, With Classpath Exception or Apache License, 2.0 or Public Domain +* jersey-core-server under EPL 2.0 or The GNU General Public License (GPL), Version 2, With Classpath Exception or Apache License, 2.0 or Modified BSD +* jersey-ext-entity-filtering under EPL 2.0 or GPL2 w/ CPE or EDL 1.0 or BSD 2-Clause or Apache License, 2.0 or Public Domain or Modified BSD or jQuery license or MIT license or W3C license +* jersey-inject-hk2 under EPL 2.0 or GPL2 w/ CPE or EDL 1.0 or BSD 2-Clause or Apache License, 2.0 or Public Domain or Modified BSD or jQuery license or MIT license or W3C license +* jersey-media-json-jackson under EPL 2.0 or The GNU General Public License (GPL), Version 2, With Classpath Exception or Apache License, 2.0 +* jersey-media-multipart under EPL 2.0 or GPL2 w/ CPE or EDL 1.0 or BSD 2-Clause or Apache License, 2.0 or Public Domain or Modified BSD or jQuery license or MIT license or W3C license +* jersey-micrometer under Apache License, Version 2.0 +* jetty under Apache License, Version 2.0 +* Jetty :: ALPN :: Client under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Asynchronous HTTP Client under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Http Utility under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: IO Utility under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Jakarta Servlet API and Schemas for JPMS and OSGi under Apache Software License - Version 2.0 or Eclipse Public License - Version 1.0 +* Jetty :: Jakarta WebSocket API for JPMS and OSGi under Apache Software License - Version 2.0 or Eclipse Public License - Version 1.0 +* Jetty :: JNDI Naming under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Plus under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Security under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Server Core under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Servlet Annotations under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Servlet Handling under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Utilities under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Webapp Application Support under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: Core :: Client under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: Core :: Common under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: Core :: Server under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: jakarta.websocket :: Client under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: jakarta.websocket :: Common under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: jakarta.websocket :: Server under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: Websocket :: Servlet under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* Jetty :: XML utilities under Eclipse Public License - Version 2.0 or Apache Software License - Version 2.0 +* jetty-micrometer under Apache License, Version 2.0 +* JSON Small and Fast Parser under The Apache Software License, Version 2.0 +* JUnit Jupiter API under Eclipse Public License v2.0 +* JUnit Jupiter Engine under Eclipse Public License v2.0 +* JUnit Jupiter Params under Eclipse Public License v2.0 +* JUnit Platform Commons under Eclipse Public License v2.0 +* JUnit Platform Engine API under Eclipse Public License v2.0 +* JUnit Platform Launcher under Eclipse Public License v2.0 +* JUnit Platform Suite (Aggregator) under Eclipse Public License v2.0 +* JUnit Platform Suite API under Eclipse Public License v2.0 +* JUnit Platform Suite Commons under Eclipse Public License v2.0 +* JUnit Platform Suite Engine under Eclipse Public License v2.0 +* LatencyUtils under Public Domain, per Creative Commons CC0 +* lease-sql under Apache License, Version 2.0 +* Metrics Core under Apache License 2.0 +* micrometer-core under The Apache Software License, Version 2.0 +* Microsoft Azure client library for Identity under The MIT License (MIT) +* Microsoft Azure client library for KeyVault Secrets under The MIT License (MIT) +* Microsoft Azure Java Core Library under The MIT License (MIT) +* Microsoft Azure Netty HTTP Client Library under The MIT License (MIT) +* Microsoft Azure SDK for SQL API of Azure Cosmos DB Service under The MIT License (MIT) +* MIME streaming extension under Eclipse Distribution License - v 1.0 +* Mockito under The MIT License +* msal4j under MIT License +* msal4j-persistence-extension under MIT License +* Netty/Buffer under Apache License, Version 2.0 +* Netty/Codec under Apache License, Version 2.0 +* Netty/Codec/DNS under Apache License, Version 2.0 +* Netty/Codec/HTTP under Apache License, Version 2.0 +* Netty/Codec/HTTP2 under Apache License, Version 2.0 +* Netty/Codec/Socks under Apache License, Version 2.0 +* Netty/Common under Apache License, Version 2.0 +* Netty/Handler under Apache License, Version 2.0 +* Netty/Handler/Proxy under Apache License, Version 2.0 +* Netty/Resolver under Apache License, Version 2.0 +* Netty/Resolver/DNS under Apache License, Version 2.0 +* Netty/Resolver/DNS/Classes/MacOS under Apache License, Version 2.0 +* Netty/Resolver/DNS/Native/MacOS under Apache License, Version 2.0 +* Netty/TomcatNative [BoringSSL - Static] under The Apache Software License, Version 2.0 +* Netty/TomcatNative [OpenSSL - Classes] under The Apache Software License, Version 2.0 +* Netty/Transport under Apache License, Version 2.0 +* Netty/Transport/Classes/Epoll under Apache License, Version 2.0 +* Netty/Transport/Classes/KQueue under Apache License, Version 2.0 +* Netty/Transport/Native/Epoll under Apache License, Version 2.0 +* Netty/Transport/Native/KQueue under Apache License, Version 2.0 +* Netty/Transport/Native/Unix/Common under Apache License, Version 2.0 +* Nimbus Content Type under The Apache Software License, Version 2.0 +* Nimbus JOSE+JWT under The Apache Software License, Version 2.0 +* Nimbus LangTag under The Apache Software License, Version 2.0 +* Non-Blocking Reactive Foundation for the JVM under Apache License, Version 2.0 +* OAuth 2.0 SDK with OpenID Connect extensions under Apache License, version 2.0 +* oauth2-core under Apache License, Version 2.0 +* oauth2-spi under Apache License, Version 2.0 +* observability-api under Apache License, Version 2.0 +* okhttp under The Apache Software License, Version 2.0 +* Okio under The Apache Software License, Version 2.0 +* OpenTelemetry Java under The Apache License, Version 2.0 +* org.apiguardian:apiguardian-api under The Apache License, Version 2.0 +* org.jetbrains.kotlin:kotlin-stdlib under The Apache License, Version 2.0 +* org.jetbrains.kotlin:kotlin-stdlib-common under The Apache License, Version 2.0 +* org.opentest4j:opentest4j under The Apache License, Version 2.0 +* OSGi resource locator under EPL 2.0 or GPL2 w/ CPE +* policy-engine under Apache License, Version 2.0 +* policy-evaluator under Apache License, Version 2.0 +* policy-spi under Apache License, Version 2.0 +* policy-store-cosmos under Apache License, Version 2.0 +* policy-store-sql under Apache License, Version 2.0 +* policydefinition-api under Apache License, Version 2.0 +* PostgreSQL JDBC Driver under BSD-2-Clause +* postgresql-migration under Apache License 2.0 +* product-edc-parent under Apache License 2.0 +* reactive-streams under CC0 +* ServiceLocator Default Implementation under EPL 2.0 or GPL2 w/ CPE +* SLF4J API Module under MIT License +* SnakeYAML under Apache License, Version 2.0 +* spi under Apache License, Version 2.0 +* state-machine-lib under Apache License, Version 2.0 +* Stax2 API under The BSD License +* swagger-annotations-jakarta under Apache License 2.0 +* swagger-core-jakarta under Apache License 2.0 +* swagger-integration-jakarta under Apache License 2.0 +* swagger-jaxrs2-jakarta under Apache License 2.0 +* swagger-models-jakarta under Apache License 2.0 +* token-generation-lib under Apache License, Version 2.0 +* token-validation-lib under Apache License, Version 2.0 +* transaction-datasource-spi under Apache License, Version 2.0 +* transaction-local under Apache License, Version 2.0 +* transaction-spi under Apache License, Version 2.0 +* transfer under Apache License, Version 2.0 +* transfer-process-store-cosmos under Apache License, Version 2.0 +* transfer-process-store-sql under Apache License, Version 2.0 +* transfer-spi under Apache License, Version 2.0 +* transferprocess-api under Apache License, Version 2.0 +* transport-spi under Apache License, Version 2.0 +* util under Apache License, Version 2.0 +* web-spi under Apache License, Version 2.0 +* Woodstox under The Apache License, Version 2.0 + diff --git a/README.md b/README.md index 1c988c6e1..9cb72a662 100644 --- a/README.md +++ b/README.md @@ -1 +1,48 @@ -Catena-X specific edc apps +# Catena-X specific edc apps + +This project provides pre-built Control-Plane and Data-Plane [docker](https://www.docker.com/) images and [helm](https://helm.sh/) charts of the [Eclipse DataSpaceConnector Project](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). + +## Inventory + +The eclipse data space connector is split up into Control-Plane and Data-Plane, whereas the Control-Plane functions as administration layer +and has responsibility of resource management, contract negotiation and administer data transfer. +The Data-Plane does the heavy lifting of transferring and receiving data streams. + +Depending on your environment there are different derivatives of the control-plane prepared: + +* [edc-controlplane-cosmosdb](edc-controlplane/edc-controlplane-cosmosdb) +* [edc-controlplane-memory](edc-controlplane/edc-controlplane-memory) +* [edc-controlplane-postgresql](edc-controlplane/edc-controlplane-postgresql) + +Derivatives of the Data-Plane can be found here + +* [edc-dataplane](edc-dataplane) + +## Prerequisites + +#### EDC artifacts + +Since the [EDC](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector) does +not yet publish artifacts to a maven repository, which this project relies on, it needs +to be built upfront to be used: + +```shell +git submodule update --init +cd edc && ./gradlew publishToMavenLocal +``` + +## Build + +```shell +./mvnw package -Pwith-docker-image +``` + +## Releases + +### Milestone 3 + +The Catena-X milestone 3 release can be found in the `release/0.0.1` branch. +You can download the container image from our [repository](https://github.com/catenax-ng/product-edc/pkgs/container/product-edc%2Fedc-controlplane-postgresql). +```bash +docker pull ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql:0.0.1 +``` diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..ebfd8b30b --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,63 @@ +# Security Policy + + + + +## Reporting a bug in Catena-X + + + + +Report security bugs in Catena-X to "dl_CoP_IT_Security@catena-x.net". + +Your report will be acknowledged within 5 days, and you’ll receive a more detailed response to your report within 10 days indicating the next steps in handling your submission. + +After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement, and may ask for additional information or guidance surrounding the reported issue. + +Please do not report security bugs through public GitHub issues. + + + + +Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue: + +- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + +- Full paths of source file(s) related to the manifestation of the issue + +- The location of the affected source code (tag/branch/commit or direct URL) + +- Any special configuration required to reproduce the issue + +- Step-by-step instructions to reproduce the issue + +- Proof-of-concept or exploit code (if possible) + +- Impact of the issue, including how an attacker might exploit the issue + +This information will help us triage your report more quickly. + + + + +## Reporting a bug in a third party module + +Security bugs in third party modules should be reported to their respective maintainers. + + + + +## Disclosure policy + +Here is the security disclosure policy for Catena-X. + +- The security report is received and is assigned a primary handler. + +- This person will coordinate the fix and release process. + +- Fixes are prepared for all releases which are still under maintenance. + +- A suggested embargo date for this vulnerability is chosen. Typically the embargo date will be set to 72 hours. However, this may vary depending on the severity of the bug or difficulty in applying a fix. + +This process can take some time, especially when coordination is required with maintainers of other projects. +Every effort will be made to handle the bug in as timely a manner as possible; however, it’s important that we follow the release process above to ensure that the disclosure is handled in a consistent manner. diff --git a/chart_schema.yaml b/chart_schema.yaml new file mode 100644 index 000000000..6581ef7e8 --- /dev/null +++ b/chart_schema.yaml @@ -0,0 +1,38 @@ +--- +name: str() +home: str(required=False) +version: str() +apiVersion: str() +appVersion: any(str(), num(), required=False) +description: str(required=False) +keywords: list(str(), required=False) +sources: list(str(), required=False) +maintainers: list(include('maintainer'), required=False) +dependencies: list(include('dependency'), required=False) +icon: str(required=False) +engine: str(required=False) +condition: str(required=False) +tags: str(required=False) +deprecated: bool(required=False) +kubeVersion: str(required=False) +annotations: map(str(), str(), required=False) +type: str(required=False) +--- +maintainer: + name: str(required=False) + email: str(required=False) + url: str(required=False) +--- +dependency: + name: str() + version: str() + repository: str(required=False) + condition: str(required=False) + tags: list(str(), required=False) + enabled: bool(required=False) + import-values: any(list(str()), list(include('import-value')), required=False) + alias: str(required=False) +--- +import-value: + child: str() + parent: str() diff --git a/ct.yaml b/ct.yaml new file mode 100644 index 000000000..4c716ff7d --- /dev/null +++ b/ct.yaml @@ -0,0 +1,4 @@ +--- +validate-maintainers: false +chart-dirs: + - deployment/helm diff --git a/deployment/helm/README.md b/deployment/helm/README.md new file mode 100644 index 000000000..c5f541187 --- /dev/null +++ b/deployment/helm/README.md @@ -0,0 +1,5 @@ +# Chart Linting + +Chart linting is performed using [helm's CT tool](https://github.com/helm/chart-testing). + +Configuration files for [CT](../../ct.yaml), [Yamale](../../chart_schema.yaml) and [Yamllint](../../lintconf.yaml) have been provided. diff --git a/deployment/helm/edc-controlplane/Chart.yaml b/deployment/helm/edc-controlplane/Chart.yaml index 46ed5fe88..0661b813a 100644 --- a/deployment/helm/edc-controlplane/Chart.yaml +++ b/deployment/helm/edc-controlplane/Chart.yaml @@ -1,7 +1,9 @@ +--- apiVersion: v2 name: edc-controlplane description: EDC Control-Plane -home: https://github.com/catenax-ng/catena-x-edc/deployment/helm/edc-controlplane +home: https://github.com/catenax-ng/product-edc/deployment/helm/edc-controlplane type: application -appVersion: "0.0.3" -version: 0.0.3 +appVersion: "0.0.1" +version: 0.0.1 +maintainers: [] diff --git a/deployment/helm/edc-controlplane/README.md b/deployment/helm/edc-controlplane/README.md new file mode 100644 index 000000000..489210dba --- /dev/null +++ b/deployment/helm/edc-controlplane/README.md @@ -0,0 +1 @@ +# edc-controlplane Helm Chart \ No newline at end of file diff --git a/deployment/helm/edc-controlplane/templates/NOTES.txt b/deployment/helm/edc-controlplane/templates/NOTES.txt index b7cbf4507..6758c6bdf 100644 --- a/deployment/helm/edc-controlplane/templates/NOTES.txt +++ b/deployment/helm/edc-controlplane/templates/NOTES.txt @@ -1,22 +1,74 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +Logs can be accessed by running this command: + + kubectl logs --tail 100 -f \ + --namespace {{ .Release.Namespace }} \ + -l "app.kubernetes.io/name={{ include "edc-controlplane.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" + +{{- if .Values.ingresses }} + +Following ingress URLS are available: + {{- $edcEndpoints := .Values.edc.endpoints }} + {{- range .Values.ingresses }} + {{- if .enabled }} + {{- $ingressEdcEndpoints := .endpoints }} + {{- $hostname := .hostname }} + {{- $tls := .tls }} + {{- range $name, $mapping := $edcEndpoints }} + {{- if (has $name $ingressEdcEndpoints) }} + Visit http{{ if $tls }}s{{ end }}://{{ $hostname }}{{ $mapping.path }} to access the {{ $name }} api {{- end }} -{{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "edc-controlplane.fullname" . }}) +Get the application URLs by running these commands: export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "edc-controlplane.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "edc-controlplane.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} + + export NODE_PORT_DEFAULT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "edc-controlplane.fullname" . }}}") + export NODE_PORT_DATA=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "edc-controlplane.fullname" . }}}") + export NODE_PORT_VALIDATION=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[2].nodePort}" services {{ include "edc-controlplane.fullname" . }}}") + export NODE_PORT_CONTROL=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[3].nodePort}" services {{ include "edc-controlplane.fullname" . }}}") + export NODE_PORT_IDS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[4].nodePort}" services {{ include "edc-controlplane.fullname" . }}}") + export NODE_PORT_METRICS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[5].nodePort}" services {{ include "edc-controlplane.fullname" . }}}") + + echo "Visit http://$NODE_IP:$NODE_PORT_DEFAULT to access the default api" + echo "Visit http://$NODE_IP:$NODE_PORT_DATA to access the data management api" + echo "Visit http://$NODE_IP:$NODE_PORT_VALIDATION to access the data transfer validation api" + echo "Visit http://$NODE_IP:$NODE_PORT_CONTROL to access the control api" + echo "Visit http://$NODE_IP:$NODE_PORT_IDS to access the IDS api" + echo "Visit http://$NODE_IP:$NODE_PORT_METRICS to access the metrics api" + {{- else if contains "ClusterIP" .Values.service.type }} +Get the application URL by running these commands: + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "edc-controlplane.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + + export CONTAINER_PORT_DEFAULT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + export CONTAINER_PORT_DATA=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") + export CONTAINER_PORT_VALIDATION=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[2].containerPort}") + export CONTAINER_PORT_CONTROL=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[3].containerPort}") + export CONTAINER_PORT_IDS=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[4].containerPort}") + export CONTAINER_PORT_METRICS=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[5].containerPort}") + + echo "Visit http://127.0.0.1:8080 to access the default api" + echo "Visit http://127.0.0.1:8182 to access the data management api" + echo "Visit http://127.0.0.1:8182 to access the data transfer validation api" + echo "Visit http://127.0.0.1:9999 to access the control api" + echo "Visit http://127.0.0.1:8282 to access the IDS api" + echo "Visit http://127.0.0.1:9090 to access the metrics api" + + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME \ + 8080:$CONTAINER_PORT_DEFAULT \ + 8182:$CONTAINER_PORT_DATA \ + 8182:$CONTAINER_PORT_VALIDATION \ + 9999:$CONTAINER_PORT_CONTROL \ + 8282:$CONTAINER_PORT_IDS \ + 9090:$CONTAINER_PORT_METRICS + {{- end }} diff --git a/deployment/helm/edc-controlplane/templates/configmap-env.yaml b/deployment/helm/edc-controlplane/templates/configmap-env.yaml new file mode 100644 index 000000000..f7f63f709 --- /dev/null +++ b/deployment/helm/edc-controlplane/templates/configmap-env.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "edc-controlplane.fullname" . }}-env + labels: + {{- include "edc-controlplane.labels" . | nindent 4 }} +data: + {{- toYaml .Values.env | nindent 2 }} diff --git a/deployment/helm/edc-controlplane/templates/configmap.yaml b/deployment/helm/edc-controlplane/templates/configmap.yaml index 37bfc3034..34a745bfa 100644 --- a/deployment/helm/edc-controlplane/templates/configmap.yaml +++ b/deployment/helm/edc-controlplane/templates/configmap.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -6,4 +7,20 @@ metadata: {{- include "edc-controlplane.labels" . | nindent 4 }} data: configuration.properties: |- - {{ .Values.configuration.properties | nindent 4 }} + web.http.default.port={{ .Values.edc.endpoints.default.port }} + web.http.default.path={{ .Values.edc.endpoints.default.path }} + web.http.data.port={{ .Values.edc.endpoints.data.port }} + web.http.data.path={{ .Values.edc.endpoints.data.path }} + web.http.validation.port={{ .Values.edc.endpoints.validation.port }} + web.http.validation.path={{ .Values.edc.endpoints.validation.path }} + web.http.control.port={{ .Values.edc.endpoints.control.port }} + web.http.control.path={{ .Values.edc.endpoints.control.path }} + web.http.ids.port={{ .Values.edc.endpoints.ids.port }} + web.http.ids.path={{ .Values.edc.endpoints.ids.path }} + {{- .Values.configuration.properties | nindent 4 }} + + opentelemetry.properties: |- + {{- .Values.opentelemetry.properties | nindent 4 }} + + logging.properties: |- + {{- .Values.logging.properties | nindent 4 }} diff --git a/deployment/helm/edc-controlplane/templates/deployment.yaml b/deployment/helm/edc-controlplane/templates/deployment.yaml index 641bd5b44..7eb27a307 100644 --- a/deployment/helm/edc-controlplane/templates/deployment.yaml +++ b/deployment/helm/edc-controlplane/templates/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -13,17 +14,24 @@ spec: {{- include "edc-controlplane.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/env-config: {{ include (print $.Template.BasePath "/configmap-env.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} labels: {{- include "edc-controlplane.selectorLabels" . | nindent 8 }} spec: + {{- if .Values.imagePullSecret.dockerconfigjson }} + imagePullSecrets: + - name: {{ include "edc-controlplane.fullname" . }}-imagepullsecret + {{- else }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- end }} serviceAccountName: {{ include "edc-controlplane.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -31,28 +39,62 @@ spec: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}{{- if .Values.flavor }}-{{ .Values.flavor }}{{- end -}}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: CONFIGURATION_PROPERTIES - value: "/etc/edc/configuration.properties" ports: - - name: http - containerPort: 80 + - name: default + containerPort: {{ .Values.edc.endpoints.default.port }} + protocol: TCP + - name: data + containerPort: {{ .Values.edc.endpoints.data.port }} + protocol: TCP + - name: validation + containerPort: {{ .Values.edc.endpoints.validation.port }} + protocol: TCP + - name: control + containerPort: {{ .Values.edc.endpoints.control.port }} protocol: TCP + - name: ids + containerPort: {{ .Values.edc.endpoints.ids.port }} + protocol: TCP + - name: metrics + containerPort: {{ .Values.edc.endpoints.metrics.port }} + protocol: TCP + {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: - path: / - port: http + path: {{ .Values.edc.endpoints.default.path }}/check/liveness + port: default + {{- end }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: - path: / - port: http + path: {{ .Values.edc.endpoints.default.path }}/check/readiness + port: default + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.edc.endpoints.default.path }}/check/startup + port: default + failureThreshold: 12 + initialDelaySeconds: 10 + {{- end }} + envFrom: + - configMapRef: + name: {{ include "edc-controlplane.fullname" . }}-env resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: configuration - mountPath: /etc/edc + mountPath: /app/configuration.properties + subPath: configuration.properties + - name: configuration + mountPath: /app/opentelemetry.properties + subPath: opentelemetry.properties + - name: configuration + mountPath: /app/logging.properties + subPath: logging.properties volumes: - name: configuration configMap: @@ -60,6 +102,10 @@ spec: items: - key: configuration.properties path: configuration.properties + - key: opentelemetry.properties + path: opentelemetry.properties + - key: logging.properties + path: logging.properties {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deployment/helm/edc-controlplane/templates/hpa.yaml b/deployment/helm/edc-controlplane/templates/hpa.yaml index 5af9fb7fc..0881a3ce2 100644 --- a/deployment/helm/edc-controlplane/templates/hpa.yaml +++ b/deployment/helm/edc-controlplane/templates/hpa.yaml @@ -1,4 +1,5 @@ {{- if .Values.autoscaling.enabled }} +--- apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: diff --git a/deployment/helm/edc-controlplane/templates/imagepullsecret.yaml b/deployment/helm/edc-controlplane/templates/imagepullsecret.yaml new file mode 100644 index 000000000..663efd28a --- /dev/null +++ b/deployment/helm/edc-controlplane/templates/imagepullsecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.dockerconfigjson }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "edc-controlplane.fullname" . }}-imagepullsecret + labels: + {{- include "edc-controlplane.labels" . | nindent 4 }} +data: + .dockerconfigjson: {{ .Values.imagePullSecret.dockerconfigjson }} +type: kubernetes.io/dockerconfigjson +{{- end }} diff --git a/deployment/helm/edc-controlplane/templates/ingress.yaml b/deployment/helm/edc-controlplane/templates/ingress.yaml index 0e15b7baa..f395970ff 100644 --- a/deployment/helm/edc-controlplane/templates/ingress.yaml +++ b/deployment/helm/edc-controlplane/templates/ingress.yaml @@ -1,61 +1,72 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "edc-controlplane.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- $fullName := include "edc-controlplane.fullname" . }} +{{- $labels := include "edc-controlplane.labels" . | nindent 4 }} +{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} +{{- $edcEndpoints := .Values.edc.endpoints }} +{{- range .Values.ingresses }} +{{- if and .enabled .endpoints }} +{{- $ingressName := printf "%s-%s" $fullName .hostname }} +--- +{{- if semverCompare ">=1.19-0" $gitVersion }} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare ">=1.14-0" $gitVersion }} apiVersion: networking.k8s.io/v1beta1 -{{- else -}} +{{- else }} apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: {{ $fullName }} + name: {{ $ingressName }} labels: - {{- include "edc-controlplane.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- $labels | nindent 2 }} annotations: + {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} + {{- if not (hasKey .annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .annotations "kubernetes.io/ingress.class" .className}} + {{- end }} + {{- end }} + {{- if .certManager }} + {{- if .certManager.issuer }} + {{- $_ := set .annotations "cert-manager.io/issuer" .certManager.issuer}} + {{- end }} + {{- if .certManager.clusterIssuer }} + {{- $_ := set .annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} + {{- end }} + {{- end }} + {{- with .annotations }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} + ingressClassName: {{ .className }} {{- end }} - {{- if .Values.ingress.tls }} + {{- if .hostname }} + {{- if .tls }} tls: - {{- range .Values.ingress.tls }} - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} + - {{ .hostname }} + secretName: {{ $ingressName }}-tls {{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ .hostname }} http: paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} + {{- $ingressEdcEndpoints := .endpoints }} + {{- range $name, $mapping := $edcEndpoints }} + {{- if (has $name $ingressEdcEndpoints) }} + - path: {{ $mapping.path }} + pathType: Prefix backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if semverCompare ">=1.19-0" $gitVersion }} service: name: {{ $fullName }} port: - number: {{ $svcPort }} + number: {{ $mapping.port }} {{- else }} serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} + servicePort: {{ $mapping.port }} {{- end }} - {{- end }} - {{- end }} -{{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }}{{- /* end: if .enabled */}} +{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/deployment/helm/edc-controlplane/templates/service.yaml b/deployment/helm/edc-controlplane/templates/service.yaml index 2d1004219..7f6dafe1c 100644 --- a/deployment/helm/edc-controlplane/templates/service.yaml +++ b/deployment/helm/edc-controlplane/templates/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: @@ -7,9 +8,29 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: http + - port: {{ .Values.edc.endpoints.default.port }} + targetPort: default protocol: TCP - name: http + name: default + - port: {{ .Values.edc.endpoints.control.port }} + targetPort: control + protocol: TCP + name: control + - port: {{ .Values.edc.endpoints.data.port }} + targetPort: data + protocol: TCP + name: data + - port: {{ .Values.edc.endpoints.validation.port }} + targetPort: validation + protocol: TCP + name: validation + - port: {{ .Values.edc.endpoints.ids.port }} + targetPort: ids + protocol: TCP + name: ids + - port: {{ .Values.edc.endpoints.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics selector: {{- include "edc-controlplane.selectorLabels" . | nindent 4 }} diff --git a/deployment/helm/edc-controlplane/templates/serviceaccount.yaml b/deployment/helm/edc-controlplane/templates/serviceaccount.yaml index 5602d2204..66568118b 100644 --- a/deployment/helm/edc-controlplane/templates/serviceaccount.yaml +++ b/deployment/helm/edc-controlplane/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ {{- if .Values.serviceAccount.create -}} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/deployment/helm/edc-controlplane/values.yaml b/deployment/helm/edc-controlplane/values.yaml index 3b5967129..f832b06a1 100644 --- a/deployment/helm/edc-controlplane/values.yaml +++ b/deployment/helm/edc-controlplane/values.yaml @@ -1,65 +1,207 @@ +--- # Default values for edc-controlplane. # This is a YAML-formatted file. # Declare variables to be passed into your templates. replicaCount: 1 -# Flavor of edc-controlplane. values: [cosmosdb] -flavor: "" - image: - repository: ghcr.io/catenax-ng/catena-x-edc/edc-controlplane + ## + ## Which derivate of the edc controlplane to use. + ## One of: + ## * ghcr.io/catenax-ng/product-edc/edc-controlplane-memory + ## * ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql + ## * ghcr.io/catenax-ng/product-edc/edc-controlplane-cosmosdb + ## + repository: ghcr.io/catenax-ng/product-edc/edc-controlplane-memory pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + ## + ## Overrides the image tag whose default is the chart appVersion. + ## tag: "" +## +## Image pull secret to create to obtain the container image +## Note: 'imagePullSecret.dockerconfigjson' takes precedence if configured together with 'imagePullSecrets' +## +imagePullSecret: + dockerconfigjson: "" + +## +## Existing image pull secret to use to obtain the container image +## imagePullSecrets: [] + nameOverride: "" fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + ## + ## Specifies whether a service account should be created per release + ## create: true - # Annotations to add to the service account + ## + ## Annotations to add to the service account + ## annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + ## + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## name: "" podAnnotations: {} podSecurityContext: {} - # fsGroup: 2000 +# fsGroup: 2000 -securityContext: {} +securityContext: # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 + runAsUser: 1001 + +## +## Whether to enable kubernetes liveness-probes +## +livenessProbe: + enabled: true +## +## Whether to enable kubernetes readiness-probes +## +readinessProbe: + enabled: true + +## +## Whether to enable kubernetes startup-probes +## +startupProbe: + enabled: true + +## +## EDC endpoints exposed by the conrol-plane +## +edc: + endpoints: + # Default api exposing health checks etc + default: + port: "8080" + path: /api + ingress: false + # Data management API + data: + port: "8181" + path: /data + ingress: true + # Validation API + validation: + port: "8182" + path: /validation + ingress: false + # Control API + control: + port: "9999" + path: /api/controlplane/control + ingress: true + # IDS endpoints + ids: + port: "8282" + path: /api/v1/ids + ingress: true + # Prometheus endpoint + metrics: + port: "9090" + path: /metrics + ingress: false + +## +## Service to expose the running application on a set of Pods as a network service. +## service: type: ClusterIP - port: 80 -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: controlplane-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} +## +## Ingress declaration to expose the network service. +## +ingresses: + ## Public / Internet facing Ingress + - enabled: true + ## + ## The hostname to be used to precisely map incoming traffic onto the underlying network service + ## + hostname: "edc-controlplane.local" + ## + ## Additional ingress annotations to add + ## + annotations: {} + ## + ## EDC endpoints exposed by this ingress resource + ## + endpoints: + - ids + ## + ## Defines the ingress class to use https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class + ## + className: "" + ## + ## Enables TLS on the ingress resource + ## + tls: false + ## + ## Adds cert-manager annotations to the ingress + ## + certManager: + ## + ## If preset enables certificate generation via cert-manager namespace scoped issuer + ## + issuer: "" + ## + ## If preset enables certificate generation via cert-manager cluster-wide issuer + ## + clusterIssuer: "" + + ## Private / Intranet facing Ingress + - enabled: false + ## + ## The hostname to be used to precisely map incoming traffic onto the underlying network service + ## + hostname: "edc-controlplane.intranet" + ## + ## Additional ingress annotations to add + ## + annotations: {} + ## + ## EDC endpoints exposed by this ingress resource + ## + endpoints: + - data + - control + ## + ## Defines the ingress class to use https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class + ## + className: "" + ## + ## Enables TLS on the ingress resource + ## + tls: false + ## + ## Adds cert-manager annotations to the ingress + ## + certManager: + ## + ## If preset enables certificate generation via cert-manager namespace scoped issuer + ## + issuer: "" + ## + ## If preset enables certificate generation via cert-manager cluster-wide issuer + ## + clusterIssuer: "" + +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -84,5 +226,158 @@ tolerations: [] affinity: {} +## +## Container environment variables +## e.g. for configuring JAVA_TOOL_OPTIONS (see: https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/envvars002.html) +## +## JAVA_TOOL_OPTIONS: > +## -Dhttp.proxyHost=proxy -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts="localhost|127.*|[::1]" -Dhttps.proxyHost=proxy -Dhttps.proxyPort=443 +## +env: {} + +## +## EDC logging.properties configuring the java.util.logging subsystem +## +logging: + properties: |- + .level=INFO + org.eclipse.dataspaceconnector.level=ALL + handlers=java.util.logging.ConsoleHandler + java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter + java.util.logging.ConsoleHandler.level=ALL + java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n + +## +## opentelemetry.properties configuring the opentelemetry agent +## +## See https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/ for further configuration options +## +opentelemetry: + properties: |- + otel.javaagent.enabled=true + otel.javaagent.debug=false + +## +## EDC configuration.properties +## +## Consult the eclipse-dataspaceconnector documentation for further details: https://github.com/eclipse-dataspaceconnector/DataSpaceConnector +## configuration: properties: |- + # edc.api.auth.key= + # edc.api.control.auth.apikey.key= + # edc.api.control.auth.apikey.value= + # edc.assetindex.cosmos.account-name= + # edc.assetindex.cosmos.container-name= + # edc.assetindex.cosmos.database-name= + # edc.assetindex.cosmos.preferred-region= + # edc.atomikos.checkpoint.interval= + # edc.atomikos.directory= + # edc.atomikos.logging= + # edc.atomikos.threaded2pc= + # edc.atomikos.timeout= + # edc.aws.access.key= + # edc.aws.provision.retry.retries.max= + # edc.aws.provision.role.duration.session.max= + # edc.aws.secret.access.key= + # edc.blobstore.endpoint= + # edc.contractdefinitionstore.cosmos.account-name= + # edc.contractdefinitionstore.cosmos.container-name= + # edc.contractdefinitionstore.cosmos.database-name= + # edc.contractdefinitionstore.cosmos.preferred-region= + # edc.contractnegotiationstore.cosmos.account-name= + # edc.contractnegotiationstore.cosmos.container-name= + # edc.contractnegotiationstore.cosmos.database-name= + # edc.contractnegotiationstore.cosmos.preferred-region= + # edc.controlplane.validation-endpoint= + # edc.core.retry.backoff.max= + # edc.core.retry.backoff.min= + # edc.core.retry.retries.max= + # edc.core.system.health.check.liveness-period= + # edc.core.system.health.check.readiness-period= + # edc.core.system.health.check.startup-period= + # edc.core.system.health.check.threadpool-size= + # edc.cosmos.partition-key= + # edc.cosmos.query-metrics-enabled= + # edc.dataplane.queue.capacity= + # edc.dataplane.wait= + # edc.dataplane.workers= + # edc.datasource.asset.name="default" + # edc.datasource.contractdefinition.name="default" + # edc.datasource.contractnegotiation.name="default" + # edc.datasource.policy.name="default" + # edc.datasource.transferprocess.name="default" + # edc.datasource.default.pool.maxIdleConnections= + # edc.datasource.default.pool.maxTotalConnections= + # edc.datasource.default.pool.minIdleConnections= + # edc.datasource.default.pool.testConnectionOnBorrow= + # edc.datasource.default.pool.testConnectionOnCreate= + # edc.datasource.default.pool.testConnectionOnReturn= + # edc.datasource.default.pool.testConnectionWhileIdle= + # edc.datasource.default.pool.testQuery= + # edc.datasource.default.url= + # edc.datasource.default.user= + # edc.datasource.default.password= + # edc.dpf.selector.url= + # edc.events.topic.endpoint= + # edc.events.topic.name= + # edc.fs.config= + # edc.hostname= + # edc.identity.did.url= + # edc.ids.catalog.id= + # edc.ids.curator= + # edc.ids.description= + # edc.ids.endpoint= + # edc.ids.id= + # edc.ids.maintainer= + # edc.ids.security.profile= + # edc.ids.title= + # edc.ids.validation.referringconnector= + # edc.ion.crawler.did-type= + # edc.ion.crawler.interval-minutes= + # edc.ion.crawler.ion.url= + # edc.metrics.enabled= + # edc.metrics.executor.enabled= + # edc.metrics.jersey.enabled= + # edc.metrics.jetty.enabled= + # edc.metrics.okhttp.enabled= + # edc.metrics.system.enabled= + # edc.negotiation.consumer.state-machine.batch-size= + # edc.negotiation.provider.state-machine.batch-size= + # edc.node.directory.cosmos.account.name= + # edc.node.directory.cosmos.container.name= + # edc.node.directory.cosmos.database.name= + # edc.node.directory.cosmos.preferred.region= + # edc.oauth.client.id= + # edc.oauth.private.key.alias= + # edc.oauth.provider.audience= + # edc.oauth.provider.jwks.refresh= + # edc.oauth.provider.jwks.url= + # edc.oauth.public.key.alias= + # edc.oauth.token.url= + # edc.oauth.validation.nbf.leeway= + # edc.receiver.http.auth-code= + # edc.receiver.http.auth-key= + # edc.receiver.http.endpoint= + # edc.transfer.proxy.endpoint= + # edc.transfer.dataplane.sync.token.validity= + # edc.transfer.proxy.token.signer.privatekey.alias= + # edc.transfer.functions.check.endpoint= + # edc.transfer.functions.enabled.protocols= + # edc.transfer.functions.transfer.endpoint= + # edc.transfer-process-store.cosmos.account.name= + # edc.transfer-process-store.cosmos.container-name= + # edc.transfer-process-store.cosmos.preferred-region= + # edc.transfer-process-store.database.name= + # edc.transfer.state-machine.batch-size= + # edc.vault= + # edc.vault.certificate= + # edc.vault.clientid= + # edc.vault.clientsecret= + # edc.vault.name= + # edc.vault.tenantid= + # edc.webdid.doh.url= + # edc.web.rest.cors.enabled= + # edc.web.rest.cors.headers= + # edc.web.rest.cors.methods= + # edc.web.rest.cors.origins= diff --git a/deployment/helm/edc-dataplane/Chart.yaml b/deployment/helm/edc-dataplane/Chart.yaml index 368af65e0..82559407b 100644 --- a/deployment/helm/edc-dataplane/Chart.yaml +++ b/deployment/helm/edc-dataplane/Chart.yaml @@ -1,7 +1,9 @@ +--- apiVersion: v2 name: edc-dataplane -description: EDC Control-Plane -home: https://github.com/catenax-ng/catena-x-edc/deployment/helm/edc-dataplane +description: EDC Data-Plane +home: https://github.com/catenax-ng/product-edc/deployment/helm/edc-dataplane type: application -appVersion: "0.0.3" -version: 0.0.3 +appVersion: "0.0.1" +version: 0.0.1 +maintainers: [] diff --git a/deployment/helm/edc-dataplane/README.md b/deployment/helm/edc-dataplane/README.md new file mode 100644 index 000000000..acc4aa7c8 --- /dev/null +++ b/deployment/helm/edc-dataplane/README.md @@ -0,0 +1 @@ +# edc-dataplane Helm Chart \ No newline at end of file diff --git a/deployment/helm/edc-dataplane/templates/NOTES.txt b/deployment/helm/edc-dataplane/templates/NOTES.txt index f0cb7547c..454b250eb 100644 --- a/deployment/helm/edc-dataplane/templates/NOTES.txt +++ b/deployment/helm/edc-dataplane/templates/NOTES.txt @@ -1,22 +1,64 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +Logs can be accessed by running this command: + + kubectl logs --tail 100 -f \ + --namespace {{ .Release.Namespace }} \ + -l "app.kubernetes.io/name={{ include "edc-dataplane.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" + +{{- if .Values.ingresses }} + +Following ingress URLS are available: + {{- $edcEndpoints := .Values.edc.endpoints }} + {{- range .Values.ingresses }} + {{- if .enabled }} + {{- $ingressEdcEndpoints := .endpoints }} + {{- $hostname := .hostname }} + {{- $tls := .tls }} + {{- range $name, $mapping := $edcEndpoints }} + {{- if (has $name $ingressEdcEndpoints) }} + Visit http{{ if $tls }}s{{ end }}://{{ $hostname }}{{ $mapping.path }} to access the {{ $name }} api {{- end }} -{{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "edc-dataplane.fullname" . }}) +Get the application URLs by running these commands: export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "edc-dataplane.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "edc-dataplane.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} + + export NODE_PORT_DEFAULT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "edc-dataplane.fullname" . }}}") + export NODE_PORT_PUBLIC=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[1].nodePort}" services {{ include "edc-dataplane.fullname" . }}}") + export NODE_PORT_CONTROL=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[2].nodePort}" services {{ include "edc-dataplane.fullname" . }}}") + export NODE_PORT_METRICS=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[3].nodePort}" services {{ include "edc-dataplane.fullname" . }}}") + + echo "Visit http://$NODE_IP:$NODE_PORT_DEFAULT to access the default api" + echo "Visit http://$NODE_IP:$NODE_PORT_PUBLIC to access the public data transfer api" + echo "Visit http://$NODE_IP:$NODE_PORT_CONTROL to access the control api" + echo "Visit http://$NODE_IP:$NODE_PORT_METRICS to access the metrics api" + {{- else if contains "ClusterIP" .Values.service.type }} +Get the application URL by running these commands: + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "edc-dataplane.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + + export CONTAINER_PORT_DEFAULT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + export CONTAINER_PORT_PUBLIC=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[1].containerPort}") + export CONTAINER_PORT_CONTROL=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[2].containerPort}") + export CONTAINER_PORT_METRICS=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[3].containerPort}") + + echo "Visit http://127.0.0.1:8080 to access the default api" + echo "Visit http://127.0.0.1:8185 to access the public data transfer api" + echo "Visit http://127.0.0.1:9999 to access the control api" + echo "Visit http://127.0.0.1:9090 to access the metrics api" + + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME \ + 8080:$CONTAINER_PORT_DEFAULT \ + 8185:$CONTAINER_PORT_PUBLIC \ + 9999:$CONTAINER_PORT_CONTROL \ + 9090:$CONTAINER_PORT_METRICS + {{- end }} diff --git a/deployment/helm/edc-dataplane/templates/configmap-env.yaml b/deployment/helm/edc-dataplane/templates/configmap-env.yaml new file mode 100644 index 000000000..e23aba1a8 --- /dev/null +++ b/deployment/helm/edc-dataplane/templates/configmap-env.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "edc-dataplane.fullname" . }}-env + labels: + {{- include "edc-dataplane.labels" . | nindent 4 }} +data: + {{- toYaml .Values.env | nindent 2 }} diff --git a/deployment/helm/edc-dataplane/templates/configmap.yaml b/deployment/helm/edc-dataplane/templates/configmap.yaml index 27a43a8b3..5b32349ca 100644 --- a/deployment/helm/edc-dataplane/templates/configmap.yaml +++ b/deployment/helm/edc-dataplane/templates/configmap.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -6,4 +7,16 @@ metadata: {{- include "edc-dataplane.labels" . | nindent 4 }} data: configuration.properties: |- - {{ .Values.configuration.properties | nindent 4 }} + web.http.default.port={{ .Values.edc.endpoints.default.port }} + web.http.default.path={{ .Values.edc.endpoints.default.path }} + web.http.public.port={{ .Values.edc.endpoints.public.port }} + web.http.public.path={{ .Values.edc.endpoints.public.path }} + web.http.control.port={{ .Values.edc.endpoints.control.port }} + web.http.control.path={{ .Values.edc.endpoints.control.path }} + {{- .Values.configuration.properties | nindent 4 }} + + opentelemetry.properties: |- + {{- .Values.opentelemetry.properties | nindent 4 }} + + logging.properties: |- + {{- .Values.logging.properties | nindent 4 }} diff --git a/deployment/helm/edc-dataplane/templates/deployment.yaml b/deployment/helm/edc-dataplane/templates/deployment.yaml index d65f75f87..3f1b284d8 100644 --- a/deployment/helm/edc-dataplane/templates/deployment.yaml +++ b/deployment/helm/edc-dataplane/templates/deployment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -13,17 +14,24 @@ spec: {{- include "edc-dataplane.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.podAnnotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/env-config: {{ include (print $.Template.BasePath "/configmap-env.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} labels: {{- include "edc-dataplane.selectorLabels" . | nindent 8 }} spec: + {{- if .Values.imagePullSecret.dockerconfigjson }} + imagePullSecrets: + - name: {{ include "edc-dataplane.fullname" . }}-imagepullsecret + {{- else }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} + {{- end }} serviceAccountName: {{ include "edc-dataplane.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} @@ -33,26 +41,54 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: CONFIGURATION_PROPERTIES - value: "/etc/edc/configuration.properties" ports: - - name: http - containerPort: 80 + - name: default + containerPort: {{ .Values.edc.endpoints.default.port }} + protocol: TCP + - name: public + containerPort: {{ .Values.edc.endpoints.public.port }} + protocol: TCP + - name: control + containerPort: {{ .Values.edc.endpoints.control.port }} protocol: TCP + - name: metrics + containerPort: {{ .Values.edc.endpoints.metrics.port }} + protocol: TCP + {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: - path: / - port: http + path: {{ .Values.edc.endpoints.default.path }}/check/liveness + port: default + {{- end }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: - path: / - port: http + path: {{ .Values.edc.endpoints.default.path }}/check/readiness + port: default + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.edc.endpoints.default.path }}/check/startup + port: default + failureThreshold: 12 + initialDelaySeconds: 10 + {{- end }} + envFrom: + - configMapRef: + name: {{ include "edc-dataplane.fullname" . }}-env resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - name: configuration - mountPath: /etc/edc + mountPath: /app/configuration.properties + subPath: configuration.properties + - name: configuration + mountPath: /app/opentelemetry.properties + subPath: opentelemetry.properties + - name: configuration + mountPath: /app/logging.properties + subPath: logging.properties volumes: - name: configuration configMap: @@ -60,6 +96,10 @@ spec: items: - key: configuration.properties path: configuration.properties + - key: opentelemetry.properties + path: opentelemetry.properties + - key: logging.properties + path: logging.properties {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deployment/helm/edc-dataplane/templates/hpa.yaml b/deployment/helm/edc-dataplane/templates/hpa.yaml index c903077c5..3a481bccf 100644 --- a/deployment/helm/edc-dataplane/templates/hpa.yaml +++ b/deployment/helm/edc-dataplane/templates/hpa.yaml @@ -1,4 +1,5 @@ {{- if .Values.autoscaling.enabled }} +--- apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: diff --git a/deployment/helm/edc-dataplane/templates/imagepullsecret.yaml b/deployment/helm/edc-dataplane/templates/imagepullsecret.yaml new file mode 100644 index 000000000..45b7332f1 --- /dev/null +++ b/deployment/helm/edc-dataplane/templates/imagepullsecret.yaml @@ -0,0 +1,12 @@ +{{- if .Values.imagePullSecret.dockerconfigjson }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "edc-dataplane.fullname" . }}-imagepullsecret + labels: + {{- include "edc-dataplane.labels" . | nindent 4 }} +data: + .dockerconfigjson: {{ .Values.imagePullSecret.dockerconfigjson }} +type: kubernetes.io/dockerconfigjson +{{- end }} diff --git a/deployment/helm/edc-dataplane/templates/ingress.yaml b/deployment/helm/edc-dataplane/templates/ingress.yaml index ef93f367e..5558391ea 100644 --- a/deployment/helm/edc-dataplane/templates/ingress.yaml +++ b/deployment/helm/edc-dataplane/templates/ingress.yaml @@ -1,61 +1,72 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "edc-dataplane.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +{{- $fullName := include "edc-dataplane.fullname" . }} +{{- $labels := include "edc-dataplane.labels" . | nindent 4 }} +{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} +{{- $edcEndpoints := .Values.edc.endpoints }} +{{- range .Values.ingresses }} +{{- if and .enabled .endpoints }} +{{- $ingressName := printf "%s-%s" $fullName .hostname }} +--- +{{- if semverCompare ">=1.19-0" $gitVersion }} apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- else if semverCompare ">=1.14-0" $gitVersion }} apiVersion: networking.k8s.io/v1beta1 -{{- else -}} +{{- else }} apiVersion: extensions/v1beta1 {{- end }} kind: Ingress metadata: - name: {{ $fullName }} + name: {{ $ingressName }} labels: - {{- include "edc-dataplane.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- $labels | nindent 2 }} annotations: + {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} + {{- if not (hasKey .annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .annotations "kubernetes.io/ingress.class" .className}} + {{- end }} + {{- end }} + {{- if .certManager }} + {{- if .certManager.issuer }} + {{- $_ := set .annotations "cert-manager.io/issuer" .certManager.issuer}} + {{- end }} + {{- if .certManager.clusterIssuer }} + {{- $_ := set .annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} + {{- end }} + {{- end }} + {{- with .annotations }} {{- toYaml . | nindent 4 }} - {{- end }} + {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} + ingressClassName: {{ .className }} {{- end }} - {{- if .Values.ingress.tls }} + {{- if .hostname }} + {{- if .tls }} tls: - {{- range .Values.ingress.tls }} - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} + - {{ .hostname }} + secretName: {{ $ingressName }}-tls {{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: {{ .hostname }} http: paths: - {{- range .paths }} - - path: {{ .path }} - {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .pathType }} - {{- end }} + {{- $ingressEdcEndpoints := .endpoints }} + {{- range $name, $mapping := $edcEndpoints }} + {{- if (has $name $ingressEdcEndpoints) }} + - path: {{ $mapping.path }} + pathType: Prefix backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if semverCompare ">=1.19-0" $gitVersion }} service: name: {{ $fullName }} port: - number: {{ $svcPort }} + number: {{ $mapping.port }} {{- else }} serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} + servicePort: {{ $mapping.port }} {{- end }} - {{- end }} - {{- end }} -{{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }}{{- /* end: if .enabled */}} +{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/deployment/helm/edc-dataplane/templates/service.yaml b/deployment/helm/edc-dataplane/templates/service.yaml index 24903794e..a29e2c125 100644 --- a/deployment/helm/edc-dataplane/templates/service.yaml +++ b/deployment/helm/edc-dataplane/templates/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: @@ -7,9 +8,21 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: http + - port: {{ .Values.edc.endpoints.default.port }} + targetPort: default protocol: TCP - name: http + name: default + - port: {{ .Values.edc.endpoints.control.port }} + targetPort: control + protocol: TCP + name: control + - port: {{ .Values.edc.endpoints.public.port }} + targetPort: public + protocol: TCP + name: public + - port: {{ .Values.edc.endpoints.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics selector: {{- include "edc-dataplane.selectorLabels" . | nindent 4 }} diff --git a/deployment/helm/edc-dataplane/templates/serviceaccount.yaml b/deployment/helm/edc-dataplane/templates/serviceaccount.yaml index 1d46ec16a..7fbe537fb 100644 --- a/deployment/helm/edc-dataplane/templates/serviceaccount.yaml +++ b/deployment/helm/edc-dataplane/templates/serviceaccount.yaml @@ -1,4 +1,5 @@ {{- if .Values.serviceAccount.create -}} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/deployment/helm/edc-dataplane/values.yaml b/deployment/helm/edc-dataplane/values.yaml index bedf48f9c..e63ce75d8 100644 --- a/deployment/helm/edc-dataplane/values.yaml +++ b/deployment/helm/edc-dataplane/values.yaml @@ -1,3 +1,4 @@ +--- # Default values for edc-dataplane. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -5,58 +6,152 @@ replicaCount: 1 image: - repository: ghcr.io/catenax-ng/catena-x-edc/edc-dataplane + ## + ## Which edc-dataplane container image to use. + ## + repository: ghcr.io/catenax-ng/product-edc/edc-dataplane pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. + ## + ## Overrides the image tag whose default is the chart appVersion. + ## tag: "" +## +## Image pull secret to create to obtain the container image +## Note: 'imagePullSecret.dockerconfigjson' takes precedence if configured together with 'imagePullSecrets' +## +imagePullSecret: + dockerconfigjson: "" + +## +## Existing image pull secret to use to obtain the container image +## imagePullSecrets: [] + nameOverride: "" fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + ## + ## Specifies whether a service account should be created per release + ## create: true - # Annotations to add to the service account + ## + ## Annotations to add to the service account + ## annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + ## + ## The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## name: "" podAnnotations: {} podSecurityContext: {} - # fsGroup: 2000 +# fsGroup: 2000 -securityContext: {} +securityContext: + {} # capabilities: # drop: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 +# runAsUser: 1000 + +## +## Whether to enable kubernetes liveness-probes +## +livenessProbe: + enabled: true + +## +## Whether to enable kubernetes readiness-probes +## +readinessProbe: + enabled: true +## +## Whether to enable kubernetes startup-probes +## +startupProbe: + enabled: true + +## +## EDC endpoints exposed by the data-plane +## +edc: + endpoints: + # Default api exposing health checks etc + default: + port: "8080" + path: /api + ingress: false + # Public endpoint for data transfer + public: + port: "8185" + path: /api/public + ingress: true + # Control API + control: + port: "9999" + path: /api/dataplane/control + ingress: true + # Prometheus endpoint + metrics: + port: "9090" + path: /metrics + ingress: false + +## +## Service to expose the running application on a set of Pods as a network service. +## service: type: ClusterIP - port: 80 -ingress: - enabled: false - className: "" - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: dataplane-example.local - paths: - - path: / - pathType: ImplementationSpecific - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} +## +## Ingress declaration to expose the network service. +## +ingresses: + ## Public / Internet facing Ingress + - enabled: true + ## + ## The hostname to be used to precisely map incoming traffic onto the underlying network service + ## + hostname: "edc-dataplane.local" + ## + ## Additional ingress annotations to add + ## + annotations: {} + ## + ## EDC endpoints exposed by this ingress resource + ## + endpoints: + - public + ## + ## Defines the ingress class to use https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class + ## + className: "" + ## + ## Enables TLS on the ingress resource + ## + tls: false + ## + ## Adds cert-manager annotations to the ingress + ## + certManager: + ## + ## If preset enables certificate generation via cert-manager namespace scoped issuer + ## + issuer: "" + ## + ## If preset enables certificate generation via cert-manager cluster-wide issuer + ## + clusterIssuer: "" + +resources: + {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following @@ -81,5 +176,157 @@ tolerations: [] affinity: {} +## +## Container environment variables +## e.g. for configuring JAVA_TOOL_OPTIONS (see: https://docs.oracle.com/javase/8/docs/technotes/guides/troubleshoot/envvars002.html) +## +## JAVA_TOOL_OPTIONS: > +## -Dhttp.proxyHost=proxy -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts="localhost|127.*|[::1]" -Dhttps.proxyHost=proxy -Dhttps.proxyPort=443 +## +env: {} + +## +## EDC logging.properties configuring the java.util.logging subsystem +## +logging: + properties: |- + .level=INFO + org.eclipse.dataspaceconnector.level=ALL + handlers=java.util.logging.ConsoleHandler + java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter + java.util.logging.ConsoleHandler.level=ALL + java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n + +## +## opentelemetry.properties configuring the opentelemetry agent +## +## See https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/ for further configuration options +## +opentelemetry: + properties: |- + otel.javaagent.enabled=true + otel.javaagent.debug=false + +## +## EDC configuration.properties +## +## Consult the eclipse-dataspaceconnector documentation for further details: https://github.com/eclipse-dataspaceconnector/DataSpaceConnector +## configuration: properties: |- + # edc.api.control.auth.apikey.key= + # edc.api.control.auth.apikey.value= + # edc.assetindex.cosmos.account-name= + # edc.assetindex.cosmos.container-name= + # edc.assetindex.cosmos.database-name= + # edc.assetindex.cosmos.preferred-region= + # edc.atomikos.checkpoint.interval= + # edc.atomikos.directory= + # edc.atomikos.logging= + # edc.atomikos.threaded2pc= + # edc.atomikos.timeout= + # edc.aws.access.key= + # edc.aws.provision.retry.retries.max= + # edc.aws.provision.role.duration.session.max= + # edc.aws.secret.access.key= + # edc.blobstore.endpoint= + # edc.contractdefinitionstore.cosmos.account-name= + # edc.contractdefinitionstore.cosmos.container-name= + # edc.contractdefinitionstore.cosmos.database-name= + # edc.contractdefinitionstore.cosmos.preferred-region= + # edc.contractnegotiationstore.cosmos.account-name= + # edc.contractnegotiationstore.cosmos.container-name= + # edc.contractnegotiationstore.cosmos.database-name= + # edc.contractnegotiationstore.cosmos.preferred-region= + # edc.controlplane.validation-endpoint= + # edc.core.retry.backoff.max= + # edc.core.retry.backoff.min= + # edc.core.retry.retries.max= + # edc.core.system.health.check.liveness-period= + # edc.core.system.health.check.readiness-period= + # edc.core.system.health.check.startup-period= + # edc.core.system.health.check.threadpool-size= + # edc.cosmos.partition-key= + # edc.cosmos.query-metrics-enabled= + # edc.dataplane.queue.capacity= + # edc.dataplane.wait= + # edc.dataplane.workers= + # edc.datasource.asset.name="default" + # edc.datasource.contractdefinition.name="default" + # edc.datasource.contractnegotiation.name="default" + # edc.datasource.policy.name="default" + # edc.datasource.transferprocess.name="default" + # edc.datasource.default.pool.maxIdleConnections= + # edc.datasource.default.pool.maxTotalConnections= + # edc.datasource.default.pool.minIdleConnections= + # edc.datasource.default.pool.testConnectionOnBorrow= + # edc.datasource.default.pool.testConnectionOnCreate= + # edc.datasource.default.pool.testConnectionOnReturn= + # edc.datasource.default.pool.testConnectionWhileIdle= + # edc.datasource.default.pool.testQuery= + # edc.datasource.default.url= + # edc.datasource.default.user= + # edc.datasource.default.password= + # edc.dpf.selector.url= + # edc.events.topic.endpoint= + # edc.events.topic.name= + # edc.fs.config= + # edc.hostname= + # edc.identity.did.url= + # edc.ids.catalog.id= + # edc.ids.curator= + # edc.ids.description= + # edc.ids.endpoint= + # edc.ids.id= + # edc.ids.maintainer= + # edc.ids.security.profile= + # edc.ids.title= + # edc.ids.validation.referringconnector= + # edc.ion.crawler.did-type= + # edc.ion.crawler.interval-minutes= + # edc.ion.crawler.ion.url= + # edc.metrics.enabled= + # edc.metrics.executor.enabled= + # edc.metrics.jersey.enabled= + # edc.metrics.jetty.enabled= + # edc.metrics.okhttp.enabled= + # edc.metrics.system.enabled= + # edc.negotiation.consumer.state-machine.batch-size= + # edc.negotiation.provider.state-machine.batch-size= + # edc.node.directory.cosmos.account.name= + # edc.node.directory.cosmos.container.name= + # edc.node.directory.cosmos.database.name= + # edc.node.directory.cosmos.preferred.region= + # edc.oauth.client.id= + # edc.oauth.private.key.alias= + # edc.oauth.provider.audience= + # edc.oauth.provider.jwks.refresh= + # edc.oauth.provider.jwks.url= + # edc.oauth.public.key.alias= + # edc.oauth.token.url= + # edc.oauth.validation.nbf.leeway= + # edc.receiver.http.auth-code= + # edc.receiver.http.auth-key= + # edc.receiver.http.endpoint= + # edc.transfer.proxy.endpoint= + # edc.transfer.dataplane.sync.token.validity= + # edc.transfer.proxy.token.signer.privatekey.alias= + # edc.transfer.functions.check.endpoint= + # edc.transfer.functions.enabled.protocols= + # edc.transfer.functions.transfer.endpoint= + # edc.transfer-process-store.cosmos.account.name= + # edc.transfer-process-store.cosmos.container-name= + # edc.transfer-process-store.cosmos.preferred-region= + # edc.transfer-process-store.database.name= + # edc.transfer.state-machine.batch-size= + # edc.vault= + # edc.vault.certificate= + # edc.vault.clientid= + # edc.vault.clientsecret= + # edc.vault.name= + # edc.vault.tenantid= + # edc.webdid.doh.url= + # edc.web.rest.cors.enabled= + # edc.web.rest.cors.headers= + # edc.web.rest.cors.methods= + # edc.web.rest.cors.origins= diff --git a/edc b/edc index d429b6cd5..79fe5d3ca 160000 --- a/edc +++ b/edc @@ -1 +1 @@ -Subproject commit d429b6cd5e81e0fc79e8f9a0cb1b31888d0900a4 +Subproject commit 79fe5d3cacf7c323b02fc09110e81ec28b37d8e6 diff --git a/edc-controlplane/README.md b/edc-controlplane/README.md new file mode 100644 index 000000000..bda80caac --- /dev/null +++ b/edc-controlplane/README.md @@ -0,0 +1,567 @@ +# Control Plane + +The Eclipse Dataspace Connector consists of a **Control Plan** and a **Data Plane** Application. +While the **Data Plane** handles the actual Data Transfer, the **Control Plane** is responsible for: + +- Resource Management (e.g. Assets, Policies & Contract Definitions CRUD) +- Contract Offering & Contract Negotiation +- Data Transfer Coordination / Management + +# Control Plane Setup + +This chapter is about integration the Control Plane with the Azure KeyVault and IDS DAPS. + + +---- + +**Please note** +
+The documentation operates the Azure Key Vault using the Azure CLI. Please visit the Microsoft has documented to learn how the Azure CLI is installed. +
+https://docs.microsoft.com/en-us/cli/azure/install-azure-cli + +---- + +## Azure Key Vault Setup + +The Eclipse Dataspace Connector requires a key vault, where it can store and retrieve secrets and certificates.
+At the time of writing the only key vault, the EDC is supporting, is the Azure Key vault. + +### 1. Register a new App + +In the Azure Portal: + +1. Open **App registrations** page and create a new app +2. Choose a unique name and click _register_ +3. The new App has a **Client ID** (also called Application ID). This ID must be configured in the connector + setting `edc.vault.clientid` + +For further information have a look at the official documentation
+https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app + +### 2. Create App Secret + +In the Azure Portal: + +1. Open the page of the newly created app +2. On the left side select _certificates & secrets_ +3. Create a new _client secret_ +4. Add the secret value to the connector setting `edc.vault.clientsecret` + +For further information have a look at the official documentation
+https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#add-credentials + +### 3. Create Azure Key Vault + +In the Azure Portal: + +1. Open **Key vaults** page and create a new Azure Key Vault +2. Fill out the mandatory fields, choose a unique key vault name and click _review + create_ +3. The chosen name must be configured in the connector setting `edc.vault.name` +4. The directory ID of the key vault (also called tenant ID) must be configured in the `edc.vault.tenantid` + +For further information have a look at the official documentation
+https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app + +### 4. Provide the newly created App access to the Key Vault + +In the Azure Portal: + +1. Open the page of the newly created key vault +2. On the left side select _access policies_ +3. Create new _access policy_ and select the appropriate permissions +5. Under _select principal_ add the newly created app from step 1 +6. Click _add_ + +For further information have a look at the official documentation
+https://docs.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal + +### 5. Summary + +The complete Azure Key Vault configuration in the EDC should look something like this + +```properties +edc.vault.tenantid= +edc.vault.clientid= +edc.vault.clientsecret= +edc.vault.name= +``` + +Please note that the key vault could also be configured using the `edc.vault.certificate`, which is not covered by this +documentation. + +## IDS DAPS Setup + +The Eclipse Dataspace Connector is able to retrieve an identity token from the IDS DAPS. This token is part of all IDS +messages. + +The DAPS application requires a certificate from the Eclipse Dataspace Connector. This certificate may then be used by +the EDC connector to retrieve its identity token and prove its identity to other connectors. + +When writing this guidance these step were tested out using the open source omejdn DAPS of the Fraunhofer +AISEC ([GitHub](https://github.com/International-Data-Spaces-Association/omejdn-daps)). + +--- +**Client Unknown Issue:** +
+Pleaste know that, in the past there were some DAPS issues with the client certificate. If you see this error, please contact the DAPS Team so that they can support you. + +```json +{ "error":"invalid_client","error_description":"Client unknown"} +``` +--- + + +### (optional) 1. Key / Certificate Generation + +In the first step generate a PKSC8 Key and the corresponding certificate. This step is optional, because it might be possible that this key is provided by the DAPS maintainers. + +```bash +# Generate Private Key +openssl genpkey -out daps_key.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048 +``` + +```bash +# Generate Certificate +openssl req -new -x509 -key daps_key.pem -nodes -days 365 -out daps_cert.pem +``` + +In case the certificate was not generated by the DAPS maintainers themself, it needs to be send to them. After the DAPS maintainers have registered a new client, it gets a unique client ID. Configure the DAPS client ID in `edc.oauth.client.id`. + +### 2. Azure Key Vault Upload + +```bash +# Upload Private Key +az keyvault secret set --name my-daps-key --vault-name tree512 --file daps_key.pem +``` + +```bash +# Upload Certificate +az keyvault secret set --name my-daps-cert --vault-name tree512 --file daps_cert.pem +``` + +### 3. EDC Configuration + +Configure the private key alias in the `edc.oauth.private.key.alias`, and the certificate alias in `edc.oauth.public.key.alias`. + +In this example it would be +```properties +edc.oauth.private.key.alias=my-daps-key +edc.oauth.public.key.alias=my-daps-cert +``` + +Additionally these properties must be requested from the DAPS maintainers: + +- DAPS Connector Client ID must be configured in `edc.oauth.client.id` +- DAPS Token URL must be configured in `edc.oauth.token.url` +- DAPS JWKS URL must be configured in `edc.oauth.provider.jwks.url` +- Token Audience must be configured in `edc.oauth.provider.audience` + +### 4. Summary + +The complete EDC configuration could look like this: + +```properties +# DAPS Properties +edc.oauth.token.url=http://localhost:4567/token +edc.oauth.client.id= +edc.oauth.provider.audience= +edc.oauth.provider.jwks.url=http://localhost:4567/.well-known/jwks.json +# OAUTH Properties +edc.oauth.private.key.alias= +edc.oauth.public.key.alias= +``` + +## Dataplane Setup + +Configure the control plane so that is able to communicate with an EDC data plane instance. + +---- + +**Please note** +
+This chapter contains only the mandatory data plane configuration. + +---- + +### Encryption + +The communication between dataplane and controlplane is encrypted and needs some keys in the key vault and configuration in the EDC. + +#### Private Key + +```bash +# Generate Private Key +openssl genpkey -out my-data-plane-private-key.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048 +``` + +```bash +# Upload Private Key +az keyvault secret set --name my-data-plane-private-key --vault-name tree512 --file my-data-plane-private-key.pem +``` + +```properties +# Configuration +edc.transfer.proxy.token.signer.privatekey.alias=my-data-plane-private-key +``` + +#### Public Key + +```bash +# Generate Public Key +openssl rsa -in my-data-plane-private-key.pem -out my-data-plane-public-key.pem -pubout -outform PEM +``` + +```bash +# Upload Public Key +az keyvault secret set --name my-data-plane-public-key --vault-name tree512 --file my-data-plane-public-key.pem +``` + +```properties +# Configuration +edc.transfer.proxy.token.verifier.publickey.alias=my-data-plane-public-key +``` + + +# Short Overview of the EDC Domain + +This chapter gives a short overview of the EDC domain. The idea is to get a basic understanding of the domain objects and their roles.
+The complete EDC documentation can be found in the official open source [EDC GitHub Repository](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). + +---- + +**Please note** +
+If you have already used the Fraunhofer Dataspace Connector, you are probably familiar with the IDS Domain Model. Don't confuse the IDS Domain Model with the EDC Domain Model. +The terms that are used in both models are pretty similar, but often don't represent the same thing. In the context of the EDC documentation it’s always safe to assume that the EDC Domain Model is in place, as the IDS model is only used when two Eclipse Dataspace COnnectors are exchanging messages. + +---- + +## Contract Offer Exchange + +In the EDC it’s not possible to create a _ContractOffer_ directly. The _ContractOffer_ is generated on the fly when +another connector asks about the _ContractOfferCatalog_. A _ContractOffer_ will only ge persistent when it becomes part of a +_ContractNegotiation_. + +A _ContractDefinition_ defines how many _ContractOffers_ should be generated and how the _Policy_ should +look like. + +The _ContractDefinition_ consists of a + +- _ContractPolicy_, that describes in EDC ODRL terms how the policy for a _ContractOffer_ should look like. +- _AccessPolicy_, that describes in EDC ODRL terms who is able to see a _ContractOffer_. But the content of this policy + will not be part of the _ContractOffer_. +- _AssetSelector_, that defines for which _Assets_ a _ContractOffer_ should be generated. An _Asset_ describes the data + itself that may be offered/transferred and is comparable to the IDS triplet of IDS-Resource, IDS-Representation, IDS + Artifact. + +So the ContractDefinition looks somewhat like this: + + + +![test](http://www.plantuml.com/plantuml/png/PSvD2a9130FWVKyn-tU99-fUU2SOEbKAOqUQ28fuTnL_DYxpGK9ci2RFnowYlG9bFO9PbHlRUpXzHBd9j30z3iMRJBlHNQ-bgXhm3Z_KJ_dBAy2uM3VboEtbb0Qy5l57SXUHsQ8zhpm0) + +When another connector asks the EDC about its _ContractOffers_ it: + +- Checks the connector identity +- Finds all the _ContractDefinitions_ that have a passing AccessPolicy +- Finds for each passing _ContractDefinition_ the corresponding _Assets_ +- Generates a new _ContractOffer_ for each _Asset_. The policy of the _ContractOffer_ is described in the ContractPolicy of the _ContractDefinition_. +- Maps the content of the _ContractOffer_ into the IDS domain and sends an IDS-ContractOffers to the other connector. +- The other connector then maps the IDS-ContractOffers back into its EDC domain and can then processes the _ContractOffer_. + +# Data Management API + +The documentation of the Data Management API can be found in the official open +source [EDC GitHub Repository](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). + +The complete Eclipse Dataspace Connector API is described in the [EDC Open API Specification](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/blob/main/resources/openapi/openapi.yaml). Please be aware that this specification contains all APIs, that are implemented in the open source repository. The extensions, that implement those APIs, might not be part of the Control- and/or Data-Plane applications in this repository. Additionally, depending on the extension configuration, the documented paths might be only reachable using the configured ports. + +## Contract Offer Exchange + +---- + +**Please note**
+This chapter showcases the contract offer exchange between two connectors. It should function as starting point when working the Eclipse Dataspace Connector API. For a more detailed explanation of the various topics, that are touched in this section, please consolidate the official documentation in the [EDC GitHub Repository](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). + +---- + +As described in the chapter about the EDC domain, the following resources must be created at the data provider: + +- **Asset** (& DataAddress), describing the data and how it can be transferred +- **Policy**, as Contract- and/or AccessPolicy of the _ContractDefinition_ +- **ContractDefinition**, for the contract offer generation + +### 0. Calling the Data Management API + +The Data Management API is secured with an API key. The value of this key can be configured in `edc.api.auth.key` and +should then be passed in the header as `X-API-Key: `. +Additionally, most or all of the API methods accept only JSON content, therefore adding `Content-Type: application/json` +to the header for most of the calls is recommended. + +### 1. Create Asset using Data Mgmt API + +#### Bash Script + +```bash +# Variables (please update before running the script) +__connectorUrl=http://localhost:8181 +__dataMgmtPath=data-mgmt +__apiKey=X-Api-Key +__apiKeyValue=pwd +__assetId=1 +__assetDescription="Demo Asset" +__assetDataEndpoint=https://github.com/eclipse-dataspaceconnector + +__asset="{ + \"asset\": { + \"properties\": { + \"asset:prop:id\": \"$__assetId\", + \"asset:prop:description\": \"$__assetDescription\" + } + }, + \"dataAddress\": { + \"properties\": { + \"type\": \"HttpProxy\", + \"endpoint\": \"$__assetDataEndpoint\" + } + } + }" + +# Call Data Management API +curl -X POST "$__connectorUrl/$__dataMgmtPath/assets" --header "$__apiKey: $__apiKeyValue" --header "Content-Type: application/json" --data "$__asset" +``` + +#### Bash Parameters + +| Name | Description | +| -------------------- | ----------------------------------------------------------------------------------------- | +| $__connectorUrl | URL of the Connector with the Data Management API port configured in `web.http.data.port` | +| $__dataMgmtPath | Path of the Data Management API as configured in `web.http.data.path` | +| $__apiKey | Should always be _X-Api-Key_ for the Data Management API | +| $__apiKeyValue | The API Key Value as configured in `edc.api.auth.key` | +| $__assetId | Unique identifier of the asset | +| $__assetDescription | Description of the asset | +| $__assetDataEndpoint | Endpoint that might be used when data is transferred. Irrelevant in this context / sample | + +#### Control Call + +Get Asset + +```bash +curl -X GET "$__connectorUrl/$__dataMgmtPath/assets/$__assetId" --header "$__apiKey: $__apiKeyValue" --header "Content-Type: application/json" | jq +``` + +### 2. Create Policy + +**Please be aware that the following policy make the data offer public for everyone and should be used with caution outside of this showcase!** + +Create a policy that can be used by the __ContractDefinition__. As the same policy may be used as contract- and access policy of the ContractDefinition, creating only one policy for both cases is totally fine for this demo. + +#### Bash Script + +```bash +# Variables +__connectorUrl=http://localhost:8181 +__dataMgmtPath=data-mgmt +__apiKey=X-Api-Key +__apiKeyValue=pwd +__policyId=1 + +__publicPolicy=" +{ + \"uid\": \"$__policyId\", + \"prohibitions\": [], + \"obligations\": [], + \"permissions\": [ + { + \"edctype\": \"dataspaceconnector:permission\", + \"action\": { + \"type\": \"USE\" + }, + } + ] +}" + +# Call Data Mgmt API +curl -X POST "$__connectorUrl/$__dataMgmtPath/policies" --header "$__apiKey: $__apiKeyValue" --header "Content-Type: application/json" --data "$__publicPolicy" +``` + +#### Bash Parameters + +| Name | Description | +| --------------- | ----------------------------------------------------------------------------------------- | +| $__connectorUrl | URL of the Connector with the Data Management API port configured in `web.http.data.port` | +| $__dataMgmtPath | Path of the Data Management API as configured in `web.http.data.path` | +| $__apiKey | Should always be _X-Api-Key_ for the Data Management API | +| $__apiKeyValue | The API Key Value as configured in `edc.api.auth.key` | +| $__policyId | Unique identifier of the policy. | + +#### Control Call + +Get Policy + +```bash +curl -X GET "$__connectorUrl/$__dataMgmtPath/policies/$__policyId" --header "$__apiKey: $__apiKeyValue" --header "Content-Type: application/json" | jq +``` + +### 3. Create Contract Definition + +The following uses the previously created public policy make the data offer available for everyone. + +#### Bash Script + +```bash +# Variables +__connectorUrl=http://localhost:8181 +__dataMgmtPath=data-mgmt +__apiKey=X-Api-Key +__apiKeyValue=pwd +__contractDefinitionId=1 +__policyId=1 +__assetId=1 + +__publicContractDefinition=" + { + \"id\": \"$__contractDefinitionId\", + \"accessPolicyId\": \"$__policyId\", + \"contractPolicyId\": \"$__policyId\", + \"criteria\": [ + { + \"left\": \"asset:prop:id\", + \"op\": \"=\", + \"right\": \"$__assetId\" + } + ] + }" + +# Call Data Mgmt API +curl -X POST "$__connectorUrl/$__dataMgmtPath/policies" --header "$__apiKey: $__apiKeyValue" --header "Content-Type: application/json" --data "$__publicContractDefinition" +``` + +#### Bash Parameters + +| Name | Description | +| ----------------------- | ----------------------------------------------------------------------------------------- | +| $__connectorUrl | URL of the Connector with the Data Management API port configured in `web.http.data.port` | +| $__dataMgmtPath | Path of the Data Management API as configured in `web.http.data.path` | +| $__apiKey | Should always be _X-Api-Key_ for the Data Management API | +| $__apiKeyValue | The API Key Value as configured in `edc.api.auth.key` | +| $__contractDefinitionId | Unique identifier of the contract definition. | +| $__policyId | Unique identifier of the policy. Must be the same ID as in step 2. | +| $__assetId | Unique identifier of the asset. Must be the same ID as in step 1. | + +#### Control Call + +Get Contract Definition + +```bash +curl -X GET "$__connectorUrl/$__dataMgmtPath/policies/$__policyId" --header "$__apiKey: $__apiKeyValue" --header "Content-Type: application/json" | jq +``` + +### 4. Get Contract Offer Catalog + +The last call is not (yet) part of the Data Management API. Instead, the deprecated Control API is used. The extension +for the control API is part of the Catena-X images and usable. + +---- + +**Please Note** + +Don't confuse the deprecated Control API with another Control API of the connector, that is not deprecated. + +---- + +#### Bash Script + +```bash +# Variables +__connectorUrl=http://localhost:8181 +__targetConnectorUrl=http://localhost:9292 +__targetConnectorIdsPath=api/v1/ids +__defaultApiPath=api +__apiKey=X-Api-Key +__apiKeyValue=pwd +__contractDefinitionId=1 +__policyId=1 +__assetId=1 + +__publicContractDefinition=" + { + \"id\": \"$__contractDefinitionId\", + \"accessPolicyId\": \"$__policyId\", + \"contractPolicyId\": \"$__policyId\", + \"criteria\": [ + { + \"left\": \"asset:prop:id\", + \"op\": \"=\", + \"right\": \"$__assetId\" + } + ] + }" + +# Call Control API +curl -G -X GET $__connectorUrl/$__defaultApiPath/control/catalog --header "$__apiKey: $__apiKeyValue" --data-urlencode "provider=$__targetConnectorUrl/$__targetConnectorIdsPath/data" --header "Content-Type: application/json" -s | jq +``` + +#### Bash Parameters + +| Name | Description | +| ------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | +| $__connectorUrl | URL of the Connector with the Control API port configured in `web.http.default.port` | +| $__defaultApiPath | Path of the Control API as configured in `web.http.default.path` | +| $__apiKey | The API Key as configured in `edc.api.control.auth.apikey.key` | +| $__apiKeyValue | The API Key Value as configured in `edc.api.control.auth.apikey.value` | +| $__targetConnectorUrl | URL of the Connector of the target connector with the IDS API port configured in `web.http.ids.port`(in the configuration of the other connector) | +| $__targetConnectorIdsPath | The IDS Path as configured in `web.http.ids.path` (in the configuration of the other connector) | + +# Secure your connector + +## API Security + +The only API that is protected by some kind of security mechanism is the Data Management API. At the time of writing this is done by a simple API key. +The key value must be configured in `edc.api.auth.key`. All requests to the Data Management API must have `X-Api-Key` header with the key value. + +Example: +```bash +curl -X GET --header "X-Api-Key: " +``` + +# Known Control Plane Issues + +Please have look at all the open issues in the open source repository. The list below might not be maintained well and +only contains the most important issues. +EDC Github Repository https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues + +## Contract negotiation not working when `web.http.ids.path` is configured/changed + +https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1249 + +**Workaround:** +Don't configure `web.http.ids.path`, so that the default path is used. + +## Contract negotiation not working when initiated with policy id + +https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1251 + +**Workaround:** +The DataManagement API can also initiate a contract negotiation using the actual policy object. + +## Non-IDS-Transformable-ContractDefinition causes connector to be unable to send out self-descriptions/catalogs + +https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1265 + +**Solution** +Delete non-transformable ContractDefinition or Policy. diff --git a/edc-controlplane/edc-controlplane-cosmosdb/README.md b/edc-controlplane/edc-controlplane-cosmosdb/README.md new file mode 100644 index 000000000..8c932d960 --- /dev/null +++ b/edc-controlplane/edc-controlplane-cosmosdb/README.md @@ -0,0 +1,178 @@ +# EDC Control-Plane backed by [Azure CosmosDB](https://docs.microsoft.com/en-us/azure/cosmos-db/introduction) + +### Building + +```shell +./mvnw -pl .,edc-controlplane/edc-controlplane-cosmosdb -am package -Pwith-docker-image +``` + +### Key Vault Setup + +The connector will lookup a secret in the key vault, that has the same alias as the `account-name` setting for CosmosDB (e.g. `edc.assetindex.cosmos.account-name`). +This secret must contain the primary or the secondard CosmosDB Read-write key. + +### Configuration + +Listed below are configuration keys needed to get the `edc-controlplane-cosmosdb` up and running. +Details regarding each configuration property can be found at the [documentary section of the EDC](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/tree/main/docs). + +| Key | Required | Example | Description | +|--- |--- |--- |--- | +| web.http.default.port | X | 8080 | | +| web.http.default.path | X | /api | | +| web.http.data.port | X | 8181 | | +| web.http.data.path | X | | | +| web.http.validation.port | X | 8182 | | +| web.http.validation.path | X | /validation | | +| web.http.control.port | X | 9999 | | +| web.http.control.path | X | /api/controlplane/control | | +| web.http.ids.port | X | 8282 | | +| web.http.ids.path | X | /api/v1/ids | | +| edc.receiver.http.endpoint | X | http://backend-service | | +| edc.ids.title | | Eclipse Dataspace Connector | | +| edc.ids.description | | Eclipse Dataspace Connector | | +| edc.ids.id | | urn:connector:edc | | +| edc.ids.security.profile | | base | | +| edc.ids.endpoint | | http://localhost:8282/api/v1/ids | | +| edc.ids.maintainer | | http://localhost | | +| edc.ids.curator | | http://localhost | | +| edc.ids.catalog.id | | urn:catalog:default | | +| ids.webhook.address | | http://localhost:8282/api/v1/ids | | +| edc.api.control.auth.apikey.key | | X-Api-Key | | +| edc.api.control.auth.apikey.value | | super-strong-api-key | | +| edc.hostname | | localhost | | +| edc.oauth.token.url | X | https://daps.catena-x.net | | +| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | | +| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | | +| edc.oauth.client.id | X | daps-oauth-client-id | | +| edc.vault.clientid | X | 00000000-1111-2222-3333-444444444444 | | +| edc.vault.tenantid | X | 55555555-6666-7777-8888-999999999999 | | +| edc.vault.name | X | my-vault-name | | +| edc.vault.clientsecret | X | 34-chars-secret | | +| edc.assetindex.cosmos.account-name | X | cosmosdb-assetindex-account-name | | +| edc.assetindex.cosmos.database-name | X | asset-index | | +| edc.assetindex.cosmos.preferred-region | X | westeurope | | +| edc.assetindex.cosmos.container-name | X | cosmosdb-assetindex-container-name | | +| edc.contractdefinitionstore.cosmos.account-name | X | cosmosdb-contractdefinitionstore-account-name | | +| edc.contractdefinitionstore.cosmos.database-name | X | contract-definition-store | | +| edc.contractdefinitionstore.cosmos.preferred-region | X | westeurope | | +| edc.contractdefinitionstore.cosmos.container-name | X | cosmosdb-contractdefinitionstore-container-name | | +| edc.contractnegotiationstore.cosmos.account-name | X | cosmosdb-contractnegotiationstore-account-name | | +| edc.contractnegotiationstore.cosmos.database-name | X | contract-negotiation-store | | +| edc.contractnegotiationstore.cosmos.preferred-region | X | westeurope | | +| edc.contractnegotiationstore.cosmos.container-name | X | cosmosdb-contractnegotiationstore-container-name | | +| edc.transfer-process-store.cosmos.account.name | X | cosmosdb-contractnegotiationstore-account-name | | +| edc.transfer-process-store.database.name | X | transfer-process-store | | +| edc.transfer-process-store.cosmos.preferred-region | X | westeurope | | +| edc.transfer-process-store.cosmos.container-name | X | cosmosdb-transfer-process-store-container-name | | +| edc.transfer.proxy.endpoint | X | | | +| edc.transfer.proxy.token.signer.privatekey.alias | X | | | + +#### Example configuration.properties + +JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties` within the container. + +```shell +# Create configuration.properties +export CONFIGURATION_PROPERTIES_FILE=$(mktemp /tmp/configuration.properties.XXXXXX) +cat << 'EOF' > ${CONFIGURATION_PROPERTIES_FILE} + +web.http.default.port=8080 +web.http.default.path=/api +web.http.data.port=8181 +web.http.data.path=/data +web.http.validation.port=8182 +web.http.validation.path=/validation +web.http.control.port=9999 +web.http.control.path=/api/controlplane/control +web.http.ids.port=8282 +web.http.ids.path=/api/v1/ids + +edc.receiver.http.endpoint=http://backend-service + +edc.ids.title=Eclipse Dataspace Connector +edc.ids.description=Eclipse Dataspace Connector +edc.ids.id=urn:connector:edc +edc.ids.security.profile=base +edc.ids.endpoint=http://localhost:8282/api/v1/ids +edc.ids.maintainer=http://localhost +edc.ids.curator=http://localhost +edc.ids.catalog.id=urn:catalog:default +ids.webhook.address=http://localhost:8282/api/v1/ids + +edc.api.control.auth.apikey.key=X-Api-Key +edc.api.control.auth.apikey.value=pass + +edc.hostname=localhost + +# OAuth / DAPS related configuration +edc.oauth.token.url=https://daps.catena-x.net +edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault +edc.oauth.private.key.alias=key-to-private-key-in-keyvault +edc.oauth.client.id=daps-oauth-client-id + +# Azure vault related configuration +edc.vault.clientid=00000000-1111-2222-3333-444444444444 +edc.vault.tenantid=55555555-6666-7777-8888-999999999999 +edc.vault.name=my-vault-name +edc.vault.clientsecret=34-chars-secret + +# Control- / Data- Plane configuration +edc.transfer.proxy.endpoint=http://dataplane-public-endpoint/public +edc.transfer.proxy.token.signer.privatekey.alias=azure-vault-token-signer-private-key + +# Azure CosmosDB related configuration +edc.assetindex.cosmos.account-name=cosmosdb-assetindex-account-name +edc.assetindex.cosmos.database-name=asset-index +edc.assetindex.cosmos.preferred-region=westeurope +edc.assetindex.cosmos.container-name=cosmosdb-assetindex-container-name +edc.contractdefinitionstore.cosmos.account-name=cosmosdb-contractdefinitionstore-account-name +edc.contractdefinitionstore.cosmos.database-name=contract-definition-store +edc.contractdefinitionstore.cosmos.preferred-region=westeurope +edc.contractdefinitionstore.cosmos.container-name=cosmosdb-contractdefinitionstore-container-name +edc.contractnegotiationstore.cosmos.account-name=cosmosdb-contractnegotiationstore-account-name +edc.contractnegotiationstore.cosmos.database-name=contract-negotiation-store +edc.contractnegotiationstore.cosmos.preferred-region=westeurope +edc.contractnegotiationstore.cosmos.container-name=cosmosdb-contractnegotiationstore-container-name +edc.transfer-process-store.cosmos.account.name=cosmosdb-contractnegotiationstore-account-name +edc.transfer-process-store.database.name=transfer-process-store +edc.transfer-process-store.cosmos.preferred-region=westeurope +edc.transfer-process-store.cosmos.container-name=cosmosdb-transfer-process-store-container-name + +EOF +``` + +#### Example logging.properties +```shell +# Create logging.properties +export LOGGING_PROPERTIES_FILE=$(mktemp /tmp/logging.properties.XXXXXX) +cat << 'EOF' > ${LOGGING_PROPERTIES_FILE} +.level=INFO +org.eclipse.dataspaceconnector.level=ALL +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter +java.util.logging.ConsoleHandler.level=ALL +java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n +EOF +``` + +#### Example opentelemetry.properties +```shell +# Create opentelemetry.properties +export OPENTELEMETRY_PROPERTIES_FILE=$(mktemp /tmp/opentelemetry.properties.XXXXXX) +cat << 'EOF' > ${OPENTELEMETRY_PROPERTIES_FILE} +otel.javaagent.enabled=true +otel.javaagent.debug=false +EOF +``` + +### Running + +```shell +docker run \ + -p 8080:8080 -p 8181:8181 -p 8182:8182 -p 8282:8282 -p 9090:9090 -p 9999:9999 \ + -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ + -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ + -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ + -i edc-controlplane-cosmosdb:latest +``` \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-cosmosdb/pom.xml b/edc-controlplane/edc-controlplane-cosmosdb/pom.xml index 2a0539fa3..3f29c4bf0 100644 --- a/edc-controlplane/edc-controlplane-cosmosdb/pom.xml +++ b/edc-controlplane/edc-controlplane-cosmosdb/pom.xml @@ -1,11 +1,22 @@ - + + net.catenax.edc edc-controlplane - 0.0.1-SNAPSHOT + 0.0.1 4.0.0 @@ -13,47 +24,51 @@ jar + ${project.artifactId} + + + src/main/resources + + **/* + + + + ../../ + META-INF + + NOTICE.md + LICENSE + + + + org.apache.maven.plugins - maven-shade-plugin + maven-jar-plugin + + + + true + lib/ + + org.eclipse.dataspaceconnector.boot.system.runtime.BaseRuntime + + + + + + + org.apache.maven.plugins + maven-dependency-plugin + package - shade + copy-dependencies - ${project.artifactId} - true - - - *:* - - META-INF/*.SF - META-INF/*.DSA - META-INF/*.RSA - - - - - - org.eclipse.dataspaceconnector.boot.system.runtime.BaseRuntime - - - - - META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension - - - - - META-INF/services/org.eclipse.dataspaceconnector.spi.system.ConfigurationExtension - - - + ${project.build.directory}/lib @@ -61,100 +76,280 @@ + + - jakarta.ws.rs - jakarta.ws.rs-api - 3.0.0 + net.catenax.edc.extensions + aas-controller + + net.catenax.edc.extensions + business-partner-validation + + + org.eclipse.dataspaceconnector - web-spi + filesystem-configuration + + org.eclipse.dataspaceconnector - core-spi + auth-tokenbased + + org.eclipse.dataspaceconnector - core + azure-vault + + + com.azure + azure-security-keyvault-secrets + + + com.azure + azure-identity + + + + org.eclipse.dataspaceconnector - transfer-process-store-memory + control-api org.eclipse.dataspaceconnector - contractnegotiation-store-memory + data-management-api org.eclipse.dataspaceconnector - ids + observability-api + + org.eclipse.dataspaceconnector - filesystem-configuration + ids-api-configuration org.eclipse.dataspaceconnector - iam-mock + ids-api-multipart-dispatcher-v1 org.eclipse.dataspaceconnector - control-api + ids-api-multipart-endpoint-v1 org.eclipse.dataspaceconnector - http + ids-api-transform-v1 org.eclipse.dataspaceconnector - azure-vault + ids-core + + org.eclipse.dataspaceconnector + ids-spi + + + org.eclipse.dataspaceconnector + ids-token-validation + + + org.eclipse.dataspaceconnector assetindex-cosmos + + + com.azure + azure-cosmos + + org.eclipse.dataspaceconnector contract-definition-store-cosmos + + + com.azure + azure-cosmos + + org.eclipse.dataspaceconnector contract-negotiation-store-cosmos + + + com.azure + azure-cosmos + + + + + org.eclipse.dataspaceconnector + policy-store-cosmos + + + com.azure + azure-cosmos + + org.eclipse.dataspaceconnector transfer-process-store-cosmos + + + com.azure + azure-cosmos + + + + + + + org.eclipse.dataspaceconnector + core-base + + + org.eclipse.dataspaceconnector + core-boot + + + org.eclipse.dataspaceconnector + transfer + + + org.eclipse.dataspaceconnector + contract + + + + + org.eclipse.dataspaceconnector + data-plane-transfer-sync + + + + + org.eclipse.dataspaceconnector + oauth2-core + + + org.eclipse.dataspaceconnector + iam-daps + + + + + org.eclipse.dataspaceconnector + core-micrometer + + + org.eclipse.dataspaceconnector + jersey-micrometer + + + org.eclipse.dataspaceconnector + jetty-micrometer + + + + + org.eclipse.dataspaceconnector + jdk-logger-monitor + + + + + + org.eclipse.dataspaceconnector + http + + + + + org.eclipse.dataspaceconnector + http-receiver + + + + + com.azure + azure-cosmos + + + com.azure + azure-identity + + + com.azure + azure-security-keyvault-secrets + with-docker-image - com.spotify - dockerfile-maven-plugin + org.codehaus.mojo + exec-maven-plugin + - default + docker-build-${project.artifactId}:${project.version} package - build + exec + + docker + ${project.basedir} + + build + -f + src/main/docker/Dockerfile + --build-arg + JAR=target/${project.artifactId}.jar + --build-arg + LIB=target/lib + -t + ${project.artifactId}:${project.version} + . + + + + + docker-tag-${project.artifactId}:latest + package + + exec + + + docker + ${project.basedir} + + tag + ${project.artifactId}:${project.version} + ${project.artifactId}:latest + + - - . - src/main/docker/Dockerfile - ${project.artifactId} - ${project.version} - - target/${project.artifactId}.jar - - diff --git a/edc-controlplane/edc-controlplane-cosmosdb/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-cosmosdb/src/main/docker/Dockerfile index f6df86226..2bb41f209 100644 --- a/edc-controlplane/edc-controlplane-cosmosdb/src/main/docker/Dockerfile +++ b/edc-controlplane/edc-controlplane-cosmosdb/src/main/docker/Dockerfile @@ -1,17 +1,37 @@ -FROM openjdk:11-jre-slim-buster -ARG JAR +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile +# +FROM alpine:3.15.4 as otel -ENV CONFIGURATION_PROPERTIES=/app/configuration.properties +ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" -RUN useradd --create-home app +RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -WORKDIR /app +FROM gcr.io/distroless/java11-debian11 +ARG JAR +ARG LIB -USER app +WORKDIR /app -COPY $JAR edc-controlplane.jar +COPY --from=otel /tmp/opentelemetry-javaagent.jar . +COPY ${JAR} edc-controlplane.jar +COPY ${LIB} ./lib/ -ENTRYPOINT java \ - -Djava.security.edg=file:/dev/.urandom \ - -Dedc.fs.config="${CONFIGURATION_PROPERTIES}" \ - -jar edc-controlplane.jar \ No newline at end of file +CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ + "-Dedc.fs.config=/app/configuration.properties", \ + "-Djava.util.logging.config.file=/app/logging.properties", \ + "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ + "-Dotel.metrics.exporter=prometheus", \ + "-Dotel.exporter.prometheus.port=9090", \ + "-Djava.security.edg=file:/dev/.urandom", \ + "-jar", \ + "edc-controlplane.jar"] diff --git a/edc-controlplane/edc-controlplane-cosmosdb/src/main/resources/META-INF/resources/org.eclipse.dataspaceconnector.spi.system.ServiceExtension b/edc-controlplane/edc-controlplane-cosmosdb/src/main/resources/META-INF/resources/org.eclipse.dataspaceconnector.spi.system.ServiceExtension deleted file mode 100644 index af2b75359..000000000 --- a/edc-controlplane/edc-controlplane-cosmosdb/src/main/resources/META-INF/resources/org.eclipse.dataspaceconnector.spi.system.ServiceExtension +++ /dev/null @@ -1 +0,0 @@ -net.catenax.edc.controlplane.ControlPlaneExtension \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-memory/README.md b/edc-controlplane/edc-controlplane-memory/README.md new file mode 100644 index 000000000..e8349e646 --- /dev/null +++ b/edc-controlplane/edc-controlplane-memory/README.md @@ -0,0 +1,125 @@ +# EDC Control-Plane backed by In-Memory Stores + +### Building + +```shell +./mvnw -pl .,edc-controlplane/edc-controlplane-memory -am package -Pwith-docker-image +``` + +### Configuration (configuration.properties) + +Listed below are configuration keys needed to get the `edc-controlplane-memory` up and running. +Details regarding each configuration property can be found at the [documentary section of the EDC](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/tree/main/docs). + +| Key | Required | Example | Description | +|--- |--- |--- |--- | +| web.http.default.port | X | 8080 | | +| web.http.default.path | X | /api | | +| web.http.data.port | X | 8181 | | +| web.http.data.path | X | /data | | +| web.http.validation.port | X | 8182 | | +| web.http.validation.path | X | /validation | | +| web.http.control.port | X | 9999 | | +| web.http.control.path | X | /api/controlplane/control | | +| web.http.ids.port | X | 8282 | | +| web.http.ids.path | X | /api/v1/ids | | +| edc.receiver.http.endpoint | X | http://backend-service | | +| edc.ids.title | | Eclipse Dataspace Connector | | +| edc.ids.description | | Eclipse Dataspace Connector | | +| edc.ids.id | | urn:connector:edc | | +| edc.ids.security.profile | | base | | +| edc.ids.endpoint | | http://localhost:8282/api/v1/ids | | +| edc.ids.maintainer | | http://localhost | | +| edc.ids.curator | | http://localhost | | +| edc.ids.catalog.id | | urn:catalog:default | | +| ids.webhook.address | | http://localhost:8282/api/v1/ids | | +| edc.api.control.auth.apikey.key | | X-Api-Key | | +| edc.api.control.auth.apikey.value | | super-strong-api-key | | +| edc.hostname | | localhost | | +| edc.transfer.proxy.endpoint | X | | | +| edc.transfer.proxy.token.signer.privatekey.alias | X | | | + +#### Example configuration.properties + +JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties` within the container. + +```shell +# Create configuration.properties +export CONFIGURATION_PROPERTIES_FILE=$(mktemp /tmp/configuration.properties.XXXXXX) +cat << 'EOF' > ${CONFIGURATION_PROPERTIES_FILE} + +web.http.default.port=8080 +web.http.default.path=/api +web.http.data.port=8181 +web.http.data.path=/data +web.http.validation.port=8182 +web.http.validation.path=/validation +web.http.control.port=9999 +web.http.control.path=/api/controlplane/control +web.http.ids.port=8282 +web.http.ids.path=/api/v1/ids + +edc.receiver.http.endpoint=http://backend-service + +edc.ids.title=Eclipse Dataspace Connector +edc.ids.description=Eclipse Dataspace Connector +edc.ids.id=urn:connector:edc +edc.ids.security.profile=base +edc.ids.endpoint=http://localhost:8282/api/v1/ids +edc.ids.maintainer=http://localhost +edc.ids.curator=http://localhost +edc.ids.catalog.id=urn:catalog:default +ids.webhook.address=http://localhost:8282/api/v1/ids + +edc.api.control.auth.apikey.key=X-Api-Key +edc.api.control.auth.apikey.value=pass + +edc.hostname=localhost + + +# Azure vault related configuration +edc.vault.clientid=00000000-1111-2222-3333-444444444444 +edc.vault.tenantid=55555555-6666-7777-8888-999999999999 +edc.vault.name=my-vault-name +edc.vault.clientsecret=34-chars-secret + +# Control- / Data- Plane configuration +edc.transfer.proxy.endpoint=http://dataplane-public-endpoint/public +edc.transfer.proxy.token.signer.privatekey.alias=azure-vault-token-signer-private-key +EOF +``` + +#### Example logging.properties +```shell +# Create logging.properties +export LOGGING_PROPERTIES_FILE=$(mktemp /tmp/logging.properties.XXXXXX) +cat << 'EOF' > ${LOGGING_PROPERTIES_FILE} +.level=INFO +org.eclipse.dataspaceconnector.level=ALL +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter +java.util.logging.ConsoleHandler.level=ALL +java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n +EOF +``` + +#### Example opentelemetry.properties +```shell +# Create opentelemetry.properties +export OPENTELEMETRY_PROPERTIES_FILE=$(mktemp /tmp/opentelemetry.properties.XXXXXX) +cat << 'EOF' > ${OPENTELEMETRY_PROPERTIES_FILE} +otel.javaagent.enabled=true +otel.javaagent.debug=false +EOF +``` + +### Running + +```shell +docker run \ + -p 8080:8080 -p 8181:8181 -p 8182:8182 -p 8282:8282 -p 9090:9090 -p 9999:9999 \ + -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ + -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ + -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ + -i edc-controlplane-memory:latest +``` \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-memory/pom.xml b/edc-controlplane/edc-controlplane-memory/pom.xml new file mode 100644 index 000000000..e5dc13323 --- /dev/null +++ b/edc-controlplane/edc-controlplane-memory/pom.xml @@ -0,0 +1,299 @@ + + + + + edc-controlplane + net.catenax.edc + 0.0.1 + + 4.0.0 + + edc-controlplane-memory + jar + + + ${project.artifactId} + + + src/main/resources + + **/* + + + + ../../ + META-INF + + NOTICE.md + LICENSE + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + + true + lib/ + + org.eclipse.dataspaceconnector.boot.system.runtime.BaseRuntime + + + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + package + + copy-dependencies + + + ${project.build.directory}/lib + + + + + + + + + + + net.catenax.edc.extensions + aas-controller + + + net.catenax.edc.extensions + business-partner-validation + + + + + org.eclipse.dataspaceconnector + filesystem-configuration + + + + + org.eclipse.dataspaceconnector + auth-tokenbased + + + + + org.eclipse.dataspaceconnector + azure-vault + + + com.azure + azure-security-keyvault-secrets + + + com.azure + azure-identity + + + + + + + org.eclipse.dataspaceconnector + control-api + + + org.eclipse.dataspaceconnector + data-management-api + + + org.eclipse.dataspaceconnector + observability-api + + + + + org.eclipse.dataspaceconnector + ids-api-configuration + + + org.eclipse.dataspaceconnector + ids-api-multipart-dispatcher-v1 + + + org.eclipse.dataspaceconnector + ids-api-multipart-endpoint-v1 + + + org.eclipse.dataspaceconnector + ids-api-transform-v1 + + + org.eclipse.dataspaceconnector + ids-core + + + org.eclipse.dataspaceconnector + ids-spi + + + org.eclipse.dataspaceconnector + ids-token-validation + + + + + org.eclipse.dataspaceconnector + core-base + + + org.eclipse.dataspaceconnector + core-boot + + + org.eclipse.dataspaceconnector + transfer + + + org.eclipse.dataspaceconnector + contract + + + + + org.eclipse.dataspaceconnector + data-plane-transfer-sync + + + + + org.eclipse.dataspaceconnector + iam-mock + + + + + org.eclipse.dataspaceconnector + core-micrometer + + + org.eclipse.dataspaceconnector + jersey-micrometer + + + org.eclipse.dataspaceconnector + jetty-micrometer + + + + + + org.eclipse.dataspaceconnector + jdk-logger-monitor + + + + + + org.eclipse.dataspaceconnector + http + + + + + org.eclipse.dataspaceconnector + http-receiver + + + + + com.azure + azure-identity + + + com.azure + azure-security-keyvault-secrets + + + + + + + + with-docker-image + + + + org.codehaus.mojo + exec-maven-plugin + + + + docker-build-${project.artifactId}:${project.version} + package + + exec + + + docker + ${project.basedir} + + build + -f + src/main/docker/Dockerfile + --build-arg + JAR=target/${project.artifactId}.jar + --build-arg + LIB=target/lib + -t + ${project.artifactId}:${project.version} + . + + + + + docker-tag-${project.artifactId}:latest + package + + exec + + + docker + ${project.basedir} + + tag + ${project.artifactId}:${project.version} + ${project.artifactId}:latest + + + + + + + + + + \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile new file mode 100644 index 000000000..2bb41f209 --- /dev/null +++ b/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile @@ -0,0 +1,37 @@ +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile +# +FROM alpine:3.15.4 as otel + +ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" + +RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar + +FROM gcr.io/distroless/java11-debian11 +ARG JAR +ARG LIB + +WORKDIR /app + +COPY --from=otel /tmp/opentelemetry-javaagent.jar . +COPY ${JAR} edc-controlplane.jar +COPY ${LIB} ./lib/ + +CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ + "-Dedc.fs.config=/app/configuration.properties", \ + "-Djava.util.logging.config.file=/app/logging.properties", \ + "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ + "-Dotel.metrics.exporter=prometheus", \ + "-Dotel.exporter.prometheus.port=9090", \ + "-Djava.security.edg=file:/dev/.urandom", \ + "-jar", \ + "edc-controlplane.jar"] diff --git a/edc-controlplane/edc-controlplane-postgresql/README.md b/edc-controlplane/edc-controlplane-postgresql/README.md new file mode 100644 index 000000000..af44e6a12 --- /dev/null +++ b/edc-controlplane/edc-controlplane-postgresql/README.md @@ -0,0 +1,181 @@ +# EDC Control-Plane backed by [Postgresql](https://www.postgresql.org/) + +### Building + +```shell +./mvnw -pl .,edc-controlplane/edc-controlplane-postgresql -am package -Pwith-docker-image +``` + +### Configuration + +Listed below are configuration keys needed to get the `edc-controlplane-postgresql` up and running. +Details regarding each configuration property can be found at the [documentary section of the EDC](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/tree/main/docs). + +| Key | Required | Example | Description | +|--- |--- |--- |--- | +| web.http.default.port | X | 8080 | | +| web.http.default.path | X | /api | | +| web.http.data.port | X | 8181 | | +| web.http.data.path | X | | | +| web.http.validation.port | X | 8182 | | +| web.http.validation.path | X | /validation | | +| web.http.control.port | X | 9999 | | +| web.http.control.path | X | /api/controlplane/control | | +| web.http.ids.port | X | 8282 | | +| web.http.ids.path | X | /api/v1/ids | | +| edc.receiver.http.endpoint | X | http://backend-service | | +| edc.ids.title | | Eclipse Dataspace Connector | | +| edc.ids.description | | Eclipse Dataspace Connector | | +| edc.ids.id | | urn:connector:edc | | +| edc.ids.security.profile | | base | | +| edc.ids.endpoint | | http://localhost:8282/api/v1/ids | | +| edc.ids.maintainer | | http://localhost | | +| edc.ids.curator | | http://localhost | | +| edc.ids.catalog.id | | urn:catalog:default | | +| ids.webhook.address | | http://localhost:8282/api/v1/ids | | +| edc.api.control.auth.apikey.key | | X-Api-Key | | +| edc.api.control.auth.apikey.value | | super-strong-api-key | | +| edc.hostname | | localhost | | +| edc.oauth.token.url | X | https://daps.catena-x.net | | +| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | | +| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | | +| edc.oauth.client.id | X | daps-oauth-client-id | | +| edc.vault.clientid | X | 00000000-1111-2222-3333-444444444444 | | +| edc.vault.tenantid | X | 55555555-6666-7777-8888-999999999999 | | +| edc.vault.name | X | my-vault-name | | +| edc.vault.clientsecret | X | 34-chars-secret | | +| edc.datasource.asset.name | X | asset | | +| edc.datasource.asset.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_asset_db | | +| edc.datasource.asset.user | X | username | | +| edc.datasource.asset.password | X | password | | +| edc.datasource.contractdefinition.name | X | contractdefinition | | +| edc.datasource.contractdefinition.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractdefinition_db | | +| edc.datasource.contractdefinition.user | X | username | | +| edc.datasource.contractdefinition.password | X | password | | +| edc.datasource.contractnegotiation.name | X | contractnegotiation | | +| edc.datasource.contractnegotiation.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractnegotiation_db | | +| edc.datasource.contractnegotiation.user | X | username | | +| edc.datasource.contractnegotiation.password | X | password | | +| edc.datasource.policy.name | X | policy | | +| edc.datasource.policy.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_policy_db | | +| edc.datasource.policy.user | X | username | | +| edc.datasource.policy.password | X | password | | +| edc.datasource.transferprocess.name | X | transferprocess | | +| edc.datasource.transferprocess.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_transferprocess_db | | +| edc.datasource.transferprocess.user | X | username | | +| edc.datasource.transferprocess.password | X | password | | +| edc.transfer.proxy.endpoint | X | | | +| edc.transfer.proxy.token.signer.privatekey.alias | X | | | + +#### Example configuration.properties + +JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties` within the container. + +```shell +# Create configuration.properties +export CONFIGURATION_PROPERTIES_FILE=$(mktemp /tmp/configuration.properties.XXXXXX) +cat << 'EOF' > ${CONFIGURATION_PROPERTIES_FILE} + +web.http.default.port=8080 +web.http.default.path=/api +web.http.data.port=8181 +web.http.data.path=/data +web.http.validation.port=8182 +web.http.validation.path=/validation +web.http.control.port=9999 +web.http.control.path=/api/controlplane/control +web.http.ids.port=8282 +web.http.ids.path=/api/v1/ids + +edc.receiver.http.endpoint=http://backend-service + +edc.ids.title=Eclipse Dataspace Connector +edc.ids.description=Eclipse Dataspace Connector +edc.ids.id=urn:connector:edc +edc.ids.security.profile=base +edc.ids.endpoint=http://localhost:8282/api/v1/ids +edc.ids.maintainer=http://localhost +edc.ids.curator=http://localhost +edc.ids.catalog.id=urn:catalog:default +ids.webhook.address=http://localhost:8282/api/v1/ids + +edc.api.control.auth.apikey.key=X-Api-Key +edc.api.control.auth.apikey.value=pass + +edc.hostname=localhost + +# OAuth / DAPS related configuration +edc.oauth.token.url=https://daps.catena-x.net +edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault +edc.oauth.private.key.alias=key-to-private-key-in-keyvault +edc.oauth.client.id=daps-oauth-client-id + +# Azure vault related configuration +edc.vault.clientid=00000000-1111-2222-3333-444444444444 +edc.vault.tenantid=55555555-6666-7777-8888-999999999999 +edc.vault.name=my-vault-name +edc.vault.clientsecret=34-chars-secret + +# Control- / Data- Plane configuration +edc.transfer.proxy.endpoint=http://dataplane-public-endpoint/public +edc.transfer.proxy.token.signer.privatekey.alias=azure-vault-token-signer-private-key + +# Postgresql related configuration +edc.datasource.asset.name=asset +edc.datasource.asset.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_asset +edc.datasource.asset.user=user +edc.datasource.asset.password=pass +edc.datasource.contractdefinition.name=contractdefinition +edc.datasource.contractdefinition.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractdefinition +edc.datasource.contractdefinition.user=user +edc.datasource.contractdefinition.password=pass +edc.datasource.contractnegotiation.name=contractnegotiation +edc.datasource.contractnegotiation.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractnegotiation +edc.datasource.contractnegotiation.user=user +edc.datasource.contractnegotiation.password=pass +edc.datasource.policy.name=policy +edc.datasource.policy.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_policy +edc.datasource.policy.user=user +edc.datasource.policy.password=pass +edc.datasource.transferprocess.name=transferprocess +edc.datasource.transferprocess.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_transferprocess +edc.datasource.transferprocess.user=user +edc.datasource.transferprocess.password=pass + +EOF +``` + +#### Example logging.properties +```shell +# Create logging.properties +export LOGGING_PROPERTIES_FILE=$(mktemp /tmp/logging.properties.XXXXXX) +cat << 'EOF' > ${LOGGING_PROPERTIES_FILE} +.level=INFO +org.eclipse.dataspaceconnector.level=ALL +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter +java.util.logging.ConsoleHandler.level=ALL +java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n +EOF +``` + +#### Example opentelemetry.properties +```shell +# Create opentelemetry.properties +export OPENTELEMETRY_PROPERTIES_FILE=$(mktemp /tmp/opentelemetry.properties.XXXXXX) +cat << 'EOF' > ${OPENTELEMETRY_PROPERTIES_FILE} +otel.javaagent.enabled=true +otel.javaagent.debug=false +EOF +``` + +### Running + +```shell +docker run \ + -p 8080:8080 -p 8181:8181 -p 8182:8182 -p 8282:8282 -p 9090:9090 -p 9999:9999 \ + -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ + -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ + -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ + -i edc-controlplane-postgresql:latest +``` \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-postgresql/pom.xml b/edc-controlplane/edc-controlplane-postgresql/pom.xml new file mode 100644 index 000000000..dc858c527 --- /dev/null +++ b/edc-controlplane/edc-controlplane-postgresql/pom.xml @@ -0,0 +1,342 @@ + + + + + edc-controlplane + net.catenax.edc + 0.0.1 + + 4.0.0 + + edc-controlplane-postgresql + jar + + + ${project.artifactId} + + + src/main/resources + + **/* + + + + ../../ + META-INF + + NOTICE.md + LICENSE + + + + + + + org.apache.maven.plugins + maven-jar-plugin + + + + true + lib/ + + org.eclipse.dataspaceconnector.boot.system.runtime.BaseRuntime + + + + + + + org.apache.maven.plugins + maven-dependency-plugin + + + package + + copy-dependencies + + + ${project.build.directory}/lib + + + + + + + + + + + + net.catenax.edc.extensions + aas-controller + + + net.catenax.edc.extensions + business-partner-validation + + + net.catenax.edc.extensions + postgresql-migration + + + + + org.eclipse.dataspaceconnector + filesystem-configuration + + + + + org.eclipse.dataspaceconnector + auth-tokenbased + + + + + org.eclipse.dataspaceconnector + azure-vault + + + com.azure + azure-security-keyvault-secrets + + + com.azure + azure-identity + + + + + + + org.eclipse.dataspaceconnector + control-api + + + org.eclipse.dataspaceconnector + data-management-api + + + org.eclipse.dataspaceconnector + observability-api + + + + + org.eclipse.dataspaceconnector + ids-api-configuration + + + org.eclipse.dataspaceconnector + ids-api-multipart-dispatcher-v1 + + + org.eclipse.dataspaceconnector + ids-api-multipart-endpoint-v1 + + + org.eclipse.dataspaceconnector + ids-api-transform-v1 + + + org.eclipse.dataspaceconnector + ids-core + + + org.eclipse.dataspaceconnector + ids-spi + + + org.eclipse.dataspaceconnector + ids-token-validation + + + + + org.eclipse.dataspaceconnector + asset-index-sql + + + org.eclipse.dataspaceconnector + contractdefinition-store-sql + + + org.eclipse.dataspaceconnector + contractnegotiation-store-sql + + + org.eclipse.dataspaceconnector + transfer-process-store-sql + + + org.eclipse.dataspaceconnector + policy-store-sql + + + + + org.eclipse.dataspaceconnector + core-base + + + org.eclipse.dataspaceconnector + core-boot + + + org.eclipse.dataspaceconnector + transfer + + + org.eclipse.dataspaceconnector + contract + + + + + org.eclipse.dataspaceconnector + data-plane-transfer-sync + + + + + org.eclipse.dataspaceconnector + oauth2-core + + + org.eclipse.dataspaceconnector + iam-daps + + + + + org.eclipse.dataspaceconnector + core-micrometer + + + org.eclipse.dataspaceconnector + jersey-micrometer + + + org.eclipse.dataspaceconnector + jetty-micrometer + + + + + org.eclipse.dataspaceconnector + jdk-logger-monitor + + + + + + org.eclipse.dataspaceconnector + http + + + + org.eclipse.dataspaceconnector + apache-commons-pool-sql + + + org.eclipse.dataspaceconnector + transaction-local + + + + + org.eclipse.dataspaceconnector + http-receiver + + + + + com.azure + azure-identity + + + com.azure + azure-security-keyvault-secrets + + + org.postgresql + postgresql + + + + + + + + with-docker-image + + + + org.codehaus.mojo + exec-maven-plugin + + + + docker-build-${project.artifactId}:${project.version} + package + + exec + + + docker + ${project.basedir} + + build + -f + src/main/docker/Dockerfile + --build-arg + JAR=target/${project.artifactId}.jar + --build-arg + LIB=target/lib + -t + ${project.artifactId}:${project.version} + . + + + + + docker-tag-${project.artifactId}:latest + package + + exec + + + docker + ${project.basedir} + + tag + ${project.artifactId}:${project.version} + ${project.artifactId}:latest + + + + + + + + + + \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile new file mode 100644 index 000000000..2bb41f209 --- /dev/null +++ b/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile @@ -0,0 +1,37 @@ +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile +# +FROM alpine:3.15.4 as otel + +ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" + +RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar + +FROM gcr.io/distroless/java11-debian11 +ARG JAR +ARG LIB + +WORKDIR /app + +COPY --from=otel /tmp/opentelemetry-javaagent.jar . +COPY ${JAR} edc-controlplane.jar +COPY ${LIB} ./lib/ + +CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ + "-Dedc.fs.config=/app/configuration.properties", \ + "-Djava.util.logging.config.file=/app/logging.properties", \ + "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ + "-Dotel.metrics.exporter=prometheus", \ + "-Dotel.exporter.prometheus.port=9090", \ + "-Djava.security.edg=file:/dev/.urandom", \ + "-jar", \ + "edc-controlplane.jar"] diff --git a/edc-controlplane/pom.xml b/edc-controlplane/pom.xml index ad344acb9..f62453891 100644 --- a/edc-controlplane/pom.xml +++ b/edc-controlplane/pom.xml @@ -1,13 +1,24 @@ - + + 4.0.0 net.catenax.edc - catena-x-edc-parent - 0.0.1-SNAPSHOT + product-edc-parent + 0.0.1 edc-controlplane @@ -15,5 +26,7 @@ edc-controlplane-cosmosdb + edc-controlplane-memory + edc-controlplane-postgresql \ No newline at end of file diff --git a/edc-dataplane/README.md b/edc-dataplane/README.md new file mode 100644 index 000000000..76cb68245 --- /dev/null +++ b/edc-dataplane/README.md @@ -0,0 +1,94 @@ +# EDC Data-Plane + +### Building + +```shell +./mvnw -pl .,edc-dataplane -am package -Pwith-docker-image +``` + +### Configuration + +Listed below are configuration keys needed to get the `edc-dataplane` up and running. +Details regarding each configuration property can be found at the [documentary section of the EDC](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/tree/main/docs). + +| Key | Required | Example | Description | +|--- |--- |--- |--- | +| web.http.default.port | X | 8080 | | +| web.http.default.path | X | /api | | +| web.http.public.port | X | 8181 | | +| web.http.public.path | X | | | +| web.http.control.port | X | 9999 | | +| web.http.control.path | X | /api/controlplane/control | | +| edc.receiver.http.endpoint | X | http://backend-service | | +| edc.hostname | | localhost | | +| edc.oauth.client.id | X | daps-oauth-client-id | | +| edc.vault.clientid | X | 00000000-1111-2222-3333-444444444444 | | +| edc.vault.tenantid | X | 55555555-6666-7777-8888-999999999999 | | +| edc.vault.name | X | my-vault-name | | +| edc.vault.clientsecret | X | 34-chars-secret | | +| edc.controlplane.validation-endpoint | X | http://controlplane:8182/validation | | + +#### Example configuration.properties + +JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties` within the container. + +```shell +# Create configuration.properties +export CONFIGURATION_PROPERTIES_FILE=$(mktemp /tmp/configuration.properties.XXXXXX) +cat << 'EOF' > ${CONFIGURATION_PROPERTIES_FILE} + +web.http.default.port=8080 +web.http.default.path=/api +web.http.public.port=8185 +web.http.public.path=/public +web.http.control.port=9999 +web.http.control.path=/api/dataplane/control + +# Validation endpoint of controlplane +edc.controlplane.validation-endpoint=http://controlplane:8182/validation + +# EDC hostname +edc.hostname=localhost + +# Azure vault related configuration +edc.vault.clientid=00000000-1111-2222-3333-444444444444 +edc.vault.tenantid=55555555-6666-7777-8888-999999999999 +edc.vault.name=my-vault-name +edc.vault.clientsecret=34-chars-secret +EOF +``` + +#### Example logging.properties +```shell +# Create logging.properties +export LOGGING_PROPERTIES_FILE=$(mktemp /tmp/logging.properties.XXXXXX) +cat << 'EOF' > ${LOGGING_PROPERTIES_FILE} +.level=INFO +org.eclipse.dataspaceconnector.level=ALL +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter +java.util.logging.ConsoleHandler.level=ALL +java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n +EOF +``` + +#### Example opentelemetry.properties +```shell +# Create opentelemetry.properties +export OPENTELEMETRY_PROPERTIES_FILE=$(mktemp /tmp/opentelemetry.properties.XXXXXX) +cat << 'EOF' > ${OPENTELEMETRY_PROPERTIES_FILE} +otel.javaagent.enabled=true +otel.javaagent.debug=false +EOF +``` + +### Running + +```shell +docker run \ + -p 8080:8080 -p 8185:8185 -p 9999:9999 -p 9090:9090 \ + -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ + -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ + -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ + -i edc-dataplane:latest +``` \ No newline at end of file diff --git a/edc-dataplane/pom.xml b/edc-dataplane/pom.xml index 1c5d3e3f8..6bd3421f2 100644 --- a/edc-dataplane/pom.xml +++ b/edc-dataplane/pom.xml @@ -1,49 +1,74 @@ - + + 4.0.0 net.catenax.edc - catena-x-edc-parent - 0.0.1-SNAPSHOT + product-edc-parent + 0.0.1 edc-dataplane jar + ${project.artifactId} + + + src/main/resources + + **/* + + + + ../ + META-INF + + NOTICE.md + LICENSE + + + + org.apache.maven.plugins - maven-shade-plugin + maven-jar-plugin + + + + true + lib/ + + org.eclipse.dataspaceconnector.boot.system.runtime.BaseRuntime + + + + + + + org.apache.maven.plugins + maven-dependency-plugin + package - shade + copy-dependencies - ${project.artifactId} - true - - - org.eclipse.dataspaceconnector.boot.system.runtime.BaseRuntime - - - - - META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension - - - - - META-INF/services/org.eclipse.dataspaceconnector.spi.system.ConfigurationExtension - - - + ${project.build.directory}/lib @@ -52,10 +77,47 @@ + + + org.eclipse.dataspaceconnector + filesystem-configuration + + + org.eclipse.dataspaceconnector - web-spi + azure-vault + + + com.azure + azure-security-keyvault-secrets + + + com.azure + azure-identity + + + + + + + org.eclipse.dataspaceconnector + data-plane-framework + + + org.eclipse.dataspaceconnector + data-plane-http + + + org.eclipse.dataspaceconnector + data-plane-api + + org.eclipse.dataspaceconnector + observability-api + + + org.eclipse.dataspaceconnector core-base @@ -64,54 +126,101 @@ org.eclipse.dataspaceconnector core-boot + + org.eclipse.dataspaceconnector - http + core-micrometer org.eclipse.dataspaceconnector - data-plane-framework + jersey-micrometer org.eclipse.dataspaceconnector - data-plane-http + jetty-micrometer + + org.eclipse.dataspaceconnector - data-plane-api + jdk-logger-monitor + + + org.eclipse.dataspaceconnector - filesystem-configuration + http + + + + + com.azure + azure-identity + + + com.azure + azure-security-keyvault-secrets + with-docker-image - com.spotify - dockerfile-maven-plugin + org.codehaus.mojo + exec-maven-plugin + - default + docker-build-${project.artifactId}:${project.version} + package + + exec + + + docker + ${project.basedir} + + build + -f + src/main/docker/Dockerfile + --build-arg + JAR=target/${project.artifactId}.jar + --build-arg + LIB=target/lib + -t + ${project.artifactId}:${project.version} + . + + + + + docker-tag-${project.artifactId}:latest package - build + exec + + docker + ${project.basedir} + + tag + ${project.artifactId}:${project.version} + ${project.artifactId}:latest + + - - . - src/main/docker/Dockerfile - ${project.artifactId} - ${project.version} - - target/${project.artifactId}.jar - - diff --git a/edc-dataplane/src/main/docker/Dockerfile b/edc-dataplane/src/main/docker/Dockerfile index cd934c193..be19ac944 100644 --- a/edc-dataplane/src/main/docker/Dockerfile +++ b/edc-dataplane/src/main/docker/Dockerfile @@ -1,17 +1,37 @@ -FROM openjdk:11-jre-slim-buster -ARG JAR +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial Dockerfile +# +FROM alpine:3.15.4 as otel -ENV CONFIGURATION_PROPERTIES=/app/configuration.properties +ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" -RUN useradd --create-home app +RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -WORKDIR /app +FROM gcr.io/distroless/java11-debian11 +ARG JAR +ARG LIB -USER app +WORKDIR /app -COPY $JAR edc-dataplane.jar +COPY --from=otel /tmp/opentelemetry-javaagent.jar . +COPY ${JAR} edc-dataplane.jar +COPY ${LIB} ./lib/ -ENTRYPOINT java \ - -Djava.security.edg=file:/dev/.urandom \ - -Dedc.fs.config="${CONFIGURATION_PROPERTIES}" \ - -jar edc-dataplane.jar \ No newline at end of file +CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ + "-Dedc.fs.config=/app/configuration.properties", \ + "-Djava.util.logging.config.file=/app/logging.properties", \ + "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ + "-Dotel.metrics.exporter=prometheus", \ + "-Dotel.exporter.prometheus.port=9090", \ + "-Djava.security.edg=file:/dev/.urandom", \ + "-jar", \ + "edc-dataplane.jar"] diff --git a/edc-extensions/README.md b/edc-extensions/README.md new file mode 100644 index 000000000..cbbaa5684 --- /dev/null +++ b/edc-extensions/README.md @@ -0,0 +1 @@ +# edc-extensions \ No newline at end of file diff --git a/edc-extensions/aas-controller/README.md b/edc-extensions/aas-controller/README.md new file mode 100644 index 000000000..f32ad27e5 --- /dev/null +++ b/edc-extensions/aas-controller/README.md @@ -0,0 +1,3 @@ +# Asset Administration Shell Controller + +This EDC extension implements a custom controller for the 'Asset Administration Shell'-Wrapper. \ No newline at end of file diff --git a/edc-extensions/aas-controller/pom.xml b/edc-extensions/aas-controller/pom.xml new file mode 100644 index 000000000..6398e76a5 --- /dev/null +++ b/edc-extensions/aas-controller/pom.xml @@ -0,0 +1,71 @@ + + + + 4.0.0 + + + net.catenax.edc.extensions + edc-extensions + 0.0.1 + + + aas-controller + jar + + + + + src/main/resources + + **/* + + + + ../../ + META-INF + + NOTICE.md + LICENSE + + + + + + + + + org.eclipse.dataspaceconnector + web-spi + + + org.eclipse.dataspaceconnector + transfer-spi + + + org.eclipse.dataspaceconnector + contract-spi + + + org.eclipse.dataspaceconnector + dataloading + + + + + jakarta.ws.rs + jakarta.ws.rs-api + + + \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-cosmosdb/src/main/java/net/catenax/edc/controlplane/ControlPlaneController.java b/edc-extensions/aas-controller/src/main/java/net/catenax/edc/controlplane/ControlPlaneController.java similarity index 58% rename from edc-controlplane/edc-controlplane-cosmosdb/src/main/java/net/catenax/edc/controlplane/ControlPlaneController.java rename to edc-extensions/aas-controller/src/main/java/net/catenax/edc/controlplane/ControlPlaneController.java index 6394945a4..f8f510e74 100644 --- a/edc-controlplane/edc-controlplane-cosmosdb/src/main/java/net/catenax/edc/controlplane/ControlPlaneController.java +++ b/edc-extensions/aas-controller/src/main/java/net/catenax/edc/controlplane/ControlPlaneController.java @@ -1,3 +1,17 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + package net.catenax.edc.controlplane; import jakarta.ws.rs.Consumes; @@ -19,7 +33,7 @@ @Consumes({MediaType.APPLICATION_JSON}) @Produces({MediaType.APPLICATION_JSON}) -@Path("/") +@Path("/v1") public class ControlPlaneController { private final Monitor monitor; private final AssetLoader assetLoader; @@ -40,11 +54,11 @@ public ControlPlaneController( // TODO: most of these api will be replaced by data management api @Path("/assets") @POST - public String createAsset(Map> properties) { - var assetProperties = properties.get("asset"); + public String createAsset(AssetEntryDto assetEntry) { + var assetProperties = assetEntry.asset.properties; var asset = Asset.Builder.newInstance().properties(assetProperties).build(); - var dataAddressProperties = properties.get("dataAddress"); + var dataAddressProperties = assetEntry.dataAddress.properties; var dataAddress = DataAddress.Builder.newInstance().properties(dataAddressProperties).build(); monitor.debug("Create asset: " + asset.getId()); assetLoader.accept(asset, dataAddress); @@ -63,4 +77,59 @@ public void createContractDefinition(ContractDefinition definition) { public TransferProcess getTransferProcess(@PathParam("id") String id) { return transferProcessStore.find(id); } + + private static class AssetDto { + + public AssetDto() {} + + Map properties; + + public Map getProperties() { + return properties; + } + + public void setProperties(Map properties) { + this.properties = properties; + } + } + + private static class DataAddressDto { + + public DataAddressDto() {} + + Map properties; + + public Map getProperties() { + return properties; + } + + public void setProperties(Map properties) { + this.properties = properties; + } + } + + private static class AssetEntryDto { + + public AssetEntryDto() {} + + private AssetDto asset; + + private DataAddressDto dataAddress; + + public AssetDto getAsset() { + return asset; + } + + public void setAsset(AssetDto asset) { + this.asset = asset; + } + + public DataAddressDto getDataAddress() { + return dataAddress; + } + + public void setDataAddress(DataAddressDto dataAddress) { + this.dataAddress = dataAddress; + } + } } diff --git a/edc-controlplane/edc-controlplane-cosmosdb/src/main/java/net/catenax/edc/controlplane/ControlPlaneExtension.java b/edc-extensions/aas-controller/src/main/java/net/catenax/edc/controlplane/ControlPlaneExtension.java similarity index 73% rename from edc-controlplane/edc-controlplane-cosmosdb/src/main/java/net/catenax/edc/controlplane/ControlPlaneExtension.java rename to edc-extensions/aas-controller/src/main/java/net/catenax/edc/controlplane/ControlPlaneExtension.java index 459ba1746..4e5791c26 100644 --- a/edc-controlplane/edc-controlplane-cosmosdb/src/main/java/net/catenax/edc/controlplane/ControlPlaneExtension.java +++ b/edc-extensions/aas-controller/src/main/java/net/catenax/edc/controlplane/ControlPlaneExtension.java @@ -1,3 +1,17 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + package net.catenax.edc.controlplane; import org.eclipse.dataspaceconnector.dataloading.AssetLoader; diff --git a/edc-extensions/aas-controller/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension b/edc-extensions/aas-controller/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension new file mode 100644 index 000000000..80375f38d --- /dev/null +++ b/edc-extensions/aas-controller/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension @@ -0,0 +1,14 @@ +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial ServiceExtension file +# +# +net.catenax.edc.controlplane.ControlPlaneExtension \ No newline at end of file diff --git a/edc-extensions/business-partner-validation/README.md b/edc-extensions/business-partner-validation/README.md new file mode 100644 index 000000000..fb7d53ce6 --- /dev/null +++ b/edc-extensions/business-partner-validation/README.md @@ -0,0 +1,152 @@ +# Important for Milestone 3! + +Please note, that with the start of the **Milestone 3** release (v0.0.1) there exists an issue, where the BPN number cannot be retrieved from the DAPS token. The missing token BPN makes offers, protected by a BPN constraint, unavailable to all connectors. + +# Business Partner Validation Extension + +Using the Business Partner Validation Extension it's possible to add configurable validation against +Catena-X `Participants` in the `ContractDefinition.AccessPolicy`. + +**Why only AccessPolicy?** Because when a custom validation is used in the `ContractPolicy`, it is necessary +to send it to the other connector. But nether is it possible to send a generic constraint using the IDS Protocol, +nor is it possible for another connector to enforce a generic constraint reliable. Hence, the limit +to `AccessPolicy`. This limitation is not technically enforceable, therefore adding Business Partner constraints to the +contract policy simply won't work. + +This extension is already included in all the Catena-X control-planes and can be used accordingly. +It is recommended to have a basic understanding of the EDC contract/policy domain before using this extension. The +corresponding documentation can +be found in the [EDC GitHub Repository](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). For a +simplified overview of the EDC domain please have a look at the Catena-X Control Plane documentation. + +Example of business partner constraint: + +```json +{ + "leftExpression": { + "value": "BusinessPartner" + }, + "rightExpression": { + "value": "BPNLCDQ90000X42KU" + }, + "operator": "EQ" +} +``` + +The `leftExpression` must always contain 'BusinessPartner', so that the policy functions of this extension are invoked. +Additionally, the only `operator` that is supported by these policy functions is 'EQ'. Finally, the `rightExpression` +must contain +the Business Partner Number. + +The most simple BPN policy would allow the usage of certain data to a single Business Partner. An example `Policy` is +shown below. In this example the `edctype` properties are added, so that this policy may even be sent to the Data +Management API. + +```json +{ + "uid": "", + "prohibitions": [], + "obligations": [], + "permissions": [ + { + "edctype": "dataspaceconnector:permission", + "action": { + "type": "USE" + }, + "constraints": [ + { + "edctype": "AtomicConstraint", + "leftExpression": { + "edctype": "dataspaceconnector:literalexpression", + "value": "BusinessPartnerNumber" + }, + "rightExpression": { + "edctype": "dataspaceconnector:literalexpression", + "value": "" + }, + "operator": "EQ" + } + ] + } + ] +} +``` + +The business partner number of another connector is part of the DAPS token. Once a BPN constraint is used in an access +policy the connector checks the token before sending out contract offers. + +# Important: EDC Policies are input sensitive + +Please be aware that the EDC ignores all Rules and Constraint it does not understand. This could cause your constrained policies to be public. + +--- + +Example 1 for accidentially public: + +```json +{ + "uid": "1", + "prohibitions": [], + "obligations": [], + "permissions": [ + { + "edctype": "dataspaceconnector:permission", + "action": { + "type": "MY-USE" + }, + "constraints": [ + { + "edctype": "AtomicConstraint", + "leftExpression": { + "edctype": "dataspaceconnector:literalexpression", + "value": "BusinessPartnerNumber" + }, + "rightExpression": { + "edctype": "dataspaceconnector:literalexpression", + "value": "BPNLCDQ90000X42KU" + }, + "operator": "EQ" + } + ] + } + ] +} +``` + +This policy is public available, even though the constraint is described correct. The reason is, that this extension only registeres the Policy.Action `USE` within the EDC. Any other Action Type will have the EDC ignore the corresponding permission, hence interpret the polics as public policy. + +--- + +Example 2 for accidentially public: + +```json +{ + "uid": "1", + "prohibitions": [], + "obligations": [], + "permissions": [ + { + "edctype": "dataspaceconnector:permission", + "action": { + "type": "USE" + }, + "constraints": [ + { + "edctype": "AtomicConstraint", + "leftExpression": { + "edctype": "dataspaceconnector:literalexpression", + "value": "BusinesPartnerNumber" + }, + "rightExpression": { + "edctype": "dataspaceconnector:literalexpression", + "value": "BPNLCDQ90000X42KU" + }, + "operator": "EQ" + } + ] + } + ] +} +``` + +This policy is public available, too. The cause is a typo in the left-expression of the constraint. This extension only registeres the Constraint.LeftExpression `BusinessPartnerNumber` within the EDC. Any other term will have the EDC ignore the corresponding constraint, hence interpret the polics as public policy. diff --git a/edc-extensions/business-partner-validation/pom.xml b/edc-extensions/business-partner-validation/pom.xml new file mode 100644 index 000000000..dc336cb75 --- /dev/null +++ b/edc-extensions/business-partner-validation/pom.xml @@ -0,0 +1,74 @@ + + + + 4.0.0 + + + net.catenax.edc.extensions + edc-extensions + 0.0.1 + + business-partner-validation + jar + + + + + src/main/resources + + **/* + + + + ../../ + META-INF + + NOTICE.md + LICENSE + + + + + + + + + org.eclipse.dataspaceconnector + policy-spi + + + + + org.junit.jupiter + junit-jupiter-engine + + + org.junit.jupiter + junit-jupiter-api + + + org.junit.jupiter + junit-jupiter-params + + + org.junit.platform + junit-platform-suite + + + org.mockito + mockito-all + + + \ No newline at end of file diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java new file mode 100644 index 000000000..16343530d --- /dev/null +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner; + +import static org.eclipse.dataspaceconnector.spi.policy.PolicyEngine.ALL_SCOPES; + +import net.catenax.edc.validation.businesspartner.functions.BusinessPartnerDutyFunction; +import net.catenax.edc.validation.businesspartner.functions.BusinessPartnerPermissionFunction; +import net.catenax.edc.validation.businesspartner.functions.BusinessPartnerProhibitionFunction; +import org.eclipse.dataspaceconnector.policy.model.Duty; +import org.eclipse.dataspaceconnector.policy.model.Permission; +import org.eclipse.dataspaceconnector.policy.model.Prohibition; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.PolicyEngine; +import org.eclipse.dataspaceconnector.spi.policy.RuleBindingRegistry; +import org.eclipse.dataspaceconnector.spi.system.Requires; +import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; +import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; + +@Requires({RuleBindingRegistry.class, PolicyEngine.class}) +public class BusinessPartnerValidationExtension implements ServiceExtension { + + /** + * The key for business partner numbers constraints. Must be used as left operand when declaring + * constraints. + * + *

Example: + * + * 

+   * {
+   *     "constraint": {
+   *         "leftOperand": "BusinessPartnerNumber",
+   *         "operator": "EQ",
+   *         "rightOperand": "BPNLCDQ90000X42KU"
+   *     }
+   * }
+   *
+ */ + public static final String BUSINESS_PARTNER_CONSTRAINT_KEY = "BusinessPartnerNumber"; + + @Override + public String name() { + return "Business Partner Validation Extension"; + } + + @Override + public void initialize(ServiceExtensionContext context) { + + final Monitor monitor = context.getMonitor(); + final PolicyEngine policyEngine = context.getService(PolicyEngine.class); + final RuleBindingRegistry ruleBindingRegistry = context.getService(RuleBindingRegistry.class); + + final BusinessPartnerDutyFunction dutyFunction = new BusinessPartnerDutyFunction(monitor); + final BusinessPartnerPermissionFunction permissionFunction = + new BusinessPartnerPermissionFunction(monitor); + final BusinessPartnerProhibitionFunction prohibitionFunction = + new BusinessPartnerProhibitionFunction(monitor); + + ruleBindingRegistry.bind("USE", ALL_SCOPES); + ruleBindingRegistry.bind("BusinessPartnerNumber", ALL_SCOPES); + + policyEngine.registerFunction( + ALL_SCOPES, Duty.class, BUSINESS_PARTNER_CONSTRAINT_KEY, dutyFunction); + policyEngine.registerFunction( + ALL_SCOPES, Permission.class, BUSINESS_PARTNER_CONSTRAINT_KEY, permissionFunction); + policyEngine.registerFunction( + ALL_SCOPES, Prohibition.class, BUSINESS_PARTNER_CONSTRAINT_KEY, prohibitionFunction); + } +} diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java new file mode 100644 index 000000000..c776e6042 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java @@ -0,0 +1,92 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner.functions; + +import java.util.Map; +import java.util.Objects; +import org.eclipse.dataspaceconnector.policy.model.Operator; +import org.eclipse.dataspaceconnector.spi.agent.ParticipantAgent; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; + +/** + * Abstract class for BusinessPartnerNumber validation. This class may be inherited from the EDC + * policy enforcing functions for duties, permissions and prohibitions. + */ +public abstract class AbstractBusinessPartnerValidation { + + private final Monitor monitor; + + protected AbstractBusinessPartnerValidation(Monitor monitor) { + this.monitor = Objects.requireNonNull(monitor); + } + + /** + * Name of the claim that contains the Business Partner Number. + * + *

Please note: At the time of writing (April 2022) the business partner + * number is part of the 'referringConnector' claim in the IDS DAT token. This will probably + * change for the next release. + */ + private static final String BUSINESS_PARTNER_NUMBER_CLAIM_KEY = "referringConnector"; + + /** + * Evaluation funtion to decide whether a claim belongs to a specific business partner. + * + * @param operator operator of the constraint + * @param rightValue right value fo the constraint, that contains the business partner number + * (e.g. BPNLCDQ90000X42KU) + * @param claims claims of the participant / business partner + * @return true if claims are from the constrained business partner + */ + protected boolean evaluate( + final Operator operator, final Object rightValue, final PolicyContext policyContext) { + + if (policyContext.hasProblems() && policyContext.getProblems().size() > 0) { + String problems = String.join(", ", policyContext.getProblems()); + String logMessage = + String.format( + "BusinessPartnerNumberValidation: Rejecting PolicyContext with problems. Problems: %s", + problems); + monitor.debug(logMessage); + return false; + } + + final ParticipantAgent participantAgent = policyContext.getParticipantAgent(); + final Map claims = participantAgent.getClaims(); + if (!claims.containsKey(BUSINESS_PARTNER_NUMBER_CLAIM_KEY)) { + return false; + } + + if (operator != Operator.EQ) { + throw new UnsupportedOperationException( + "Operator for BusinessPartnerNumber must always be 'EQ'"); + } + + if (!(rightValue instanceof String)) { + throw new UnsupportedOperationException( + "Right value of BusinessPartnerNumber constraint must be of type 'String'"); + } + + String claimValue = claims.get(BUSINESS_PARTNER_NUMBER_CLAIM_KEY); + + // At the time of writing the business partner number is part of the + // 'referingConnector' claim, which contains a connector URL. + // As the CX projects are not further alligned about the URL formatting, the + // enforcement can only be done by checking whether the URL _contains_ the + // number. + return claimValue.contains((String) rightValue); + } +} diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java new file mode 100644 index 000000000..dcf0c5050 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java @@ -0,0 +1,35 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner.functions; + +import org.eclipse.dataspaceconnector.policy.model.Duty; +import org.eclipse.dataspaceconnector.policy.model.Operator; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.AtomicConstraintFunction; +import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; + +/** AtomicConstraintFunction to validate business partner numbers for edc duties. */ +public class BusinessPartnerDutyFunction extends AbstractBusinessPartnerValidation + implements AtomicConstraintFunction { + + public BusinessPartnerDutyFunction(Monitor monitor) { + super(monitor); + } + + @Override + public boolean evaluate(Operator operator, Object rightValue, Duty rule, PolicyContext context) { + return evaluate(operator, rightValue, context); + } +} diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java new file mode 100644 index 000000000..a12544248 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner.functions; + +import org.eclipse.dataspaceconnector.policy.model.Operator; +import org.eclipse.dataspaceconnector.policy.model.Permission; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.AtomicConstraintFunction; +import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; + +/** AtomicConstraintFunction to validate business partner numbers for edc permissions. */ +public class BusinessPartnerPermissionFunction extends AbstractBusinessPartnerValidation + implements AtomicConstraintFunction { + + public BusinessPartnerPermissionFunction(Monitor monitor) { + super(monitor); + } + + @Override + public boolean evaluate( + Operator operator, Object rightValue, Permission rule, PolicyContext context) { + return evaluate(operator, rightValue, context); + } +} diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java new file mode 100644 index 000000000..faeb4a358 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner.functions; + +import org.eclipse.dataspaceconnector.policy.model.Operator; +import org.eclipse.dataspaceconnector.policy.model.Prohibition; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.AtomicConstraintFunction; +import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; + +/** AtomicConstraintFunction to validate business partner numbers for edc prohibitions. */ +public class BusinessPartnerProhibitionFunction extends AbstractBusinessPartnerValidation + implements AtomicConstraintFunction { + + public BusinessPartnerProhibitionFunction(Monitor monitor) { + super(monitor); + } + + @Override + public boolean evaluate( + Operator operator, Object rightValue, Prohibition rule, PolicyContext context) { + return evaluate(operator, rightValue, context); + } +} diff --git a/edc-extensions/business-partner-validation/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension b/edc-extensions/business-partner-validation/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension new file mode 100644 index 000000000..226b41ab3 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension @@ -0,0 +1,14 @@ +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial ServiceExtension file +# +# +net.catenax.edc.validation.businesspartner.BusinessPartnerValidationExtension diff --git a/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java new file mode 100644 index 000000000..44086fc39 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java @@ -0,0 +1,98 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner; + +import org.eclipse.dataspaceconnector.policy.model.Duty; +import org.eclipse.dataspaceconnector.policy.model.Permission; +import org.eclipse.dataspaceconnector.policy.model.Prohibition; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.PolicyEngine; +import org.eclipse.dataspaceconnector.spi.policy.RuleBindingRegistry; +import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.mockito.Mockito; + +public class BusinessPartnerValidationExtensionTest { + + private BusinessPartnerValidationExtension extension; + + // mocks + private ServiceExtensionContext serviceExtensionContext; + private PolicyEngine policyEngine; + private RuleBindingRegistry ruleBindingRegistry; + + @BeforeEach + public void setup() { + + policyEngine = Mockito.mock(PolicyEngine.class); + ruleBindingRegistry = Mockito.mock(RuleBindingRegistry.class); + + final Monitor monitor = Mockito.mock(Monitor.class); + serviceExtensionContext = Mockito.mock(ServiceExtensionContext.class); + + Mockito.when(serviceExtensionContext.getMonitor()).thenReturn(monitor); + Mockito.when(serviceExtensionContext.getService(PolicyEngine.class)).thenReturn(policyEngine); + Mockito.when(serviceExtensionContext.getService(RuleBindingRegistry.class)) + .thenReturn(ruleBindingRegistry); + + extension = new BusinessPartnerValidationExtension(); + } + + @Test + public void testRegisterDutyFunction() { + + // invoke + extension.initialize(serviceExtensionContext); + + // verify + Mockito.verify(policyEngine, Mockito.times(1)) + .registerFunction( + Mockito.anyString(), + Mockito.eq(Duty.class), + Mockito.eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + Mockito.any()); + } + + @Test + public void testRegisterPermissionFunction() { + + // invoke + extension.initialize(serviceExtensionContext); + + // verify + Mockito.verify(policyEngine, Mockito.times(1)) + .registerFunction( + Mockito.anyString(), + Mockito.eq(Permission.class), + Mockito.eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + Mockito.any()); + } + + @Test + public void testRegisterProhibitionFunction() { + + // invoke + extension.initialize(serviceExtensionContext); + + // verify + Mockito.verify(policyEngine, Mockito.times(1)) + .registerFunction( + Mockito.anyString(), + Mockito.eq(Prohibition.class), + Mockito.eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + Mockito.any()); + } +} diff --git a/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java new file mode 100644 index 000000000..8bf70c247 --- /dev/null +++ b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java @@ -0,0 +1,158 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.validation.businesspartner.functions; + +import java.util.Collections; +import java.util.List; +import org.eclipse.dataspaceconnector.policy.model.Operator; +import org.eclipse.dataspaceconnector.spi.agent.ParticipantAgent; +import org.eclipse.dataspaceconnector.spi.monitor.Monitor; +import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.EnumSource; +import org.mockito.Mockito; + +public class AbstractBusinessPartnerValidationTest { + + private AbstractBusinessPartnerValidation validation; + + // mocks + private Monitor monitor; + private PolicyContext policyContext; + private ParticipantAgent participantAgent; + + @BeforeEach + public void BeforeEach() { + this.monitor = Mockito.mock(Monitor.class); + this.policyContext = Mockito.mock(PolicyContext.class); + this.participantAgent = Mockito.mock(ParticipantAgent.class); + + Mockito.when(policyContext.getParticipantAgent()).thenReturn(participantAgent); + + validation = new AbstractBusinessPartnerValidation(monitor) {}; + } + + @ParameterizedTest + @EnumSource(Operator.class) + public void testThrowsOnUnsupportedOperations(Operator operator) { + + if (operator == Operator.EQ) { // only allowed operator + return; + } + + // prepare + prepareContextProblems(null); + prepareBusinessPartnerClaim("yes"); + + // invoke & assert + Assertions.assertThrows( + UnsupportedOperationException.class, + () -> validation.evaluate(operator, "null", policyContext)); + } + + @Test + public void testThrowsOnUnsupportedRightValue() { + + // prepare + prepareContextProblems(null); + prepareBusinessPartnerClaim("yes"); + + // invoke & assert + Assertions.assertThrows( + UnsupportedOperationException.class, + () -> validation.evaluate(Operator.EQ, 1, policyContext)); + Assertions.assertThrows( + UnsupportedOperationException.class, + () -> validation.evaluate(Operator.EQ, new Object(), policyContext)); + } + + @Test + public void testValidationFailsWhenClaimMissing() { + + // prepare + prepareContextProblems(null); + + // invoke + final boolean isValid = validation.evaluate(Operator.EQ, "foo", policyContext); + + // assert + Assertions.assertFalse(isValid); + } + + @Test + public void testValidationSuccedesWhenClaimContainsNumber() { + + // prepare + prepareContextProblems(null); + + // prepare equals + prepareBusinessPartnerClaim("foo"); + final boolean isEqualsTrue = validation.evaluate(Operator.EQ, "foo", policyContext); + + // prepare contains + prepareBusinessPartnerClaim("foobar"); + final boolean isContainedTrue = validation.evaluate(Operator.EQ, "foo", policyContext); + + // assert + Assertions.assertTrue(isEqualsTrue); + Assertions.assertTrue(isContainedTrue); + } + + @Test + public void testValidationWhenParticipantHasProblems() { + + // prepare + prepareContextProblems(Collections.singletonList("big problem")); + prepareBusinessPartnerClaim("foo"); + + // invoke + final boolean isValid = validation.evaluate(Operator.EQ, "foo", policyContext); + + // Mockito.verify(monitor.debug(Mockito.anyString()); + Assertions.assertFalse(isValid); + } + + @Test + public void testValidationWhenParticipantIsValid() { + + // prepare + prepareContextProblems(null); + prepareBusinessPartnerClaim("foo"); + + // invoke + final boolean isContainedTrue = validation.evaluate(Operator.EQ, "foo", policyContext); + + // Mockito.verify(monitor.debug(Mockito.anyString()); + Assertions.assertTrue(isContainedTrue); + } + + private void prepareContextProblems(List problems) { + Mockito.when(policyContext.getProblems()).thenReturn(problems); + + if (problems == null || problems.isEmpty()) { + Mockito.when(policyContext.hasProblems()).thenReturn(false); + } else { + Mockito.when(policyContext.hasProblems()).thenReturn(true); + } + } + + private void prepareBusinessPartnerClaim(String businessPartnerNumber) { + Mockito.when(participantAgent.getClaims()) + .thenReturn(Collections.singletonMap("referringConnector", businessPartnerNumber)); + } +} diff --git a/edc-extensions/pom.xml b/edc-extensions/pom.xml new file mode 100644 index 000000000..c7cbf0615 --- /dev/null +++ b/edc-extensions/pom.xml @@ -0,0 +1,34 @@ + + + + 4.0.0 + + + net.catenax.edc + product-edc-parent + 0.0.1 + + + net.catenax.edc.extensions + edc-extensions + pom + + + business-partner-validation + aas-controller + postgresql-migration + + + \ No newline at end of file diff --git a/edc-extensions/postgresql-migration/README.md b/edc-extensions/postgresql-migration/README.md new file mode 100644 index 000000000..d96c2af5e --- /dev/null +++ b/edc-extensions/postgresql-migration/README.md @@ -0,0 +1,9 @@ +# Postgresql SQL Migration Extension + +This extension applies SQL migrations to + +* the asset-index +* the contract-definition store +* contract-negotiation store +* policy store +* transfer-process store diff --git a/edc-extensions/postgresql-migration/pom.xml b/edc-extensions/postgresql-migration/pom.xml new file mode 100644 index 000000000..f2e543a80 --- /dev/null +++ b/edc-extensions/postgresql-migration/pom.xml @@ -0,0 +1,74 @@ + + + + + edc-extensions + net.catenax.edc.extensions + 0.0.1 + + 4.0.0 + + postgresql-migration + jar + + + + + src/main/resources + + **/* + + + + ../../ + META-INF + + NOTICE.md + LICENSE + + + + + + + + org.eclipse.dataspaceconnector + transaction-datasource-spi + + + org.eclipse.dataspaceconnector + transaction-spi + + + + + org.eclipse.dataspaceconnector + asset-index-sql + compile + + + + + org.eclipse.dataspaceconnector + common-sql + + + + + org.flywaydb + flyway-core + + + \ No newline at end of file diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/AbstractPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/AbstractPostgresqlMigrationExtension.java new file mode 100644 index 000000000..dbb17465a --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/AbstractPostgresqlMigrationExtension.java @@ -0,0 +1,103 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import java.util.Objects; +import java.util.Properties; +import org.eclipse.dataspaceconnector.spi.persistence.EdcPersistenceException; +import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; +import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; +import org.eclipse.dataspaceconnector.spi.system.configuration.Config; +import org.eclipse.dataspaceconnector.sql.datasource.ConnectionFactoryDataSource; +import org.flywaydb.core.Flyway; +import org.flywaydb.core.api.MigrationVersion; +import org.flywaydb.core.api.output.MigrateResult; + +abstract class AbstractPostgresqlMigrationExtension implements ServiceExtension { + protected abstract String getDataSourceNameConfigurationKey(); + + protected abstract String getSubsystemName(); + + private static final String EDC_DATASOURCE_PREFIX = "edc.datasource"; + private static final String MIGRATION_LOCATION_BASE = + String.format( + "classpath:%s", + AbstractPostgresqlMigrationExtension.class.getPackageName().replaceAll("\\.", "/")); + + @Override + public void initialize(final ServiceExtensionContext context) { + final String subSystemName = Objects.requireNonNull(getSubsystemName()); + + final String dataSourceName = + context.getConfig().getString(getDataSourceNameConfigurationKey(), null); + if (dataSourceName == null) { + return; + } + + boolean enabled = + context + .getConfig() + .getBoolean( + String.format("net.catenax.edc.postgresql.migration.%s.enabled", subSystemName), + true); + + if (!enabled) { + return; + } + + Config datasourceConfiguration = + context.getConfig(String.join(".", EDC_DATASOURCE_PREFIX, dataSourceName)); + + final String jdbcUrl = Objects.requireNonNull(datasourceConfiguration.getString("url")); + final Properties jdbcProperties = new Properties(); + jdbcProperties.putAll(datasourceConfiguration.getRelativeEntries()); + + final DriverManagerConnectionFactory driverManagerConnectionFactory = + new DriverManagerConnectionFactory(jdbcUrl, jdbcProperties); + final ConnectionFactoryDataSource dataSource = + new ConnectionFactoryDataSource(driverManagerConnectionFactory); + + final String schemaHistoryTableName = getSchemaHistoryTableName(subSystemName); + final String migrationsLocation = getMigrationsLocation(); + + final Flyway flyway = + Flyway.configure() + .baselineVersion(MigrationVersion.fromVersion("0.0.0")) + .failOnMissingLocations(true) + .dataSource(dataSource) + .table(schemaHistoryTableName) + .locations(migrationsLocation) + .load(); + + flyway.baseline(); + + final MigrateResult migrateResult = flyway.migrate(); + + if (!migrateResult.success) { + throw new EdcPersistenceException( + String.format( + "Migrating DataSource %s for subsystem %s failed: %s", + dataSourceName, subSystemName, String.join(", ", migrateResult.warnings))); + } + } + + private String getMigrationsLocation() { + return String.join("/", MIGRATION_LOCATION_BASE, getSubsystemName()); + } + + private String getSchemaHistoryTableName(final String subSystemName) { + return String.format("flyway_schema_history_%s", subSystemName); + } +} diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/AssetPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/AssetPostgresqlMigrationExtension.java new file mode 100644 index 000000000..44368a069 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/AssetPostgresqlMigrationExtension.java @@ -0,0 +1,29 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import org.eclipse.dataspaceconnector.sql.asset.index.ConfigurationKeys; + +public class AssetPostgresqlMigrationExtension extends AbstractPostgresqlMigrationExtension { + private static final String NAME_SUBSYSTEM = "asset"; + + protected String getDataSourceNameConfigurationKey() { + return ConfigurationKeys.DATASOURCE_SETTING_NAME; + } + + protected String getSubsystemName() { + return NAME_SUBSYSTEM; + } +} diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java new file mode 100644 index 000000000..1834cde8f --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import org.eclipse.dataspaceconnector.spi.EdcSetting; + +public class ContractDefinitionPostgresqlMigrationExtension + extends AbstractPostgresqlMigrationExtension { + private static final String NAME_SUBSYSTEM = "contractdefinition"; + + @EdcSetting + private static final String DATASOURCE_SETTING_NAME = "edc.datasource.contractdefinition.name"; + + protected String getDataSourceNameConfigurationKey() { + return DATASOURCE_SETTING_NAME; + } + + protected String getSubsystemName() { + return NAME_SUBSYSTEM; + } +} diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java new file mode 100644 index 000000000..8c732742f --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import org.eclipse.dataspaceconnector.spi.EdcSetting; + +public class ContractNegotiationPostgresqlMigrationExtension + extends AbstractPostgresqlMigrationExtension { + private static final String NAME_SUBSYSTEM = "contractnegotiation"; + + @EdcSetting + private static final String DATASOURCE_SETTING_NAME = "edc.datasource.contractnegotiation.name"; + + protected String getDataSourceNameConfigurationKey() { + return DATASOURCE_SETTING_NAME; + } + + protected String getSubsystemName() { + return NAME_SUBSYSTEM; + } +} diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/DriverManagerConnectionFactory.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/DriverManagerConnectionFactory.java new file mode 100644 index 000000000..4e7c96220 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/DriverManagerConnectionFactory.java @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import java.sql.Connection; +import java.sql.DriverManager; +import java.util.Objects; +import java.util.Properties; +import org.eclipse.dataspaceconnector.spi.persistence.EdcPersistenceException; +import org.eclipse.dataspaceconnector.sql.ConnectionFactory; + +class DriverManagerConnectionFactory implements ConnectionFactory { + private final String jdbcUrl; + private final Properties properties; + + public DriverManagerConnectionFactory(final String jdbcUrl, final Properties properties) { + this.jdbcUrl = Objects.requireNonNull(jdbcUrl); + this.properties = Objects.requireNonNull(properties); + } + + @Override + public Connection create() { + try { + return DriverManager.getConnection(jdbcUrl, properties); + } catch (Exception exception) { + throw new EdcPersistenceException(exception.getMessage(), exception); + } + } +} diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java new file mode 100644 index 000000000..9e3b64ff9 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java @@ -0,0 +1,31 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import org.eclipse.dataspaceconnector.spi.EdcSetting; + +public class PolicyPostgresqlMigrationExtension extends AbstractPostgresqlMigrationExtension { + private static final String NAME_SUBSYSTEM = "policy"; + + @EdcSetting private static final String DATASOURCE_SETTING_NAME = "edc.datasource.policy.name"; + + protected String getDataSourceNameConfigurationKey() { + return DATASOURCE_SETTING_NAME; + } + + protected String getSubsystemName() { + return NAME_SUBSYSTEM; + } +} diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java new file mode 100644 index 000000000..4ef0d97f4 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java @@ -0,0 +1,33 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial implementation + * + */ + +package net.catenax.edc.postgresql.migration; + +import org.eclipse.dataspaceconnector.spi.EdcSetting; + +public class TransferProcessPostgresqlMigrationExtension + extends AbstractPostgresqlMigrationExtension { + private static final String NAME_SUBSYSTEM = "transferprocess"; + + @EdcSetting + private static final String DATASOURCE_SETTING_NAME = "edc.datasource.transferprocess.name"; + + protected String getDataSourceNameConfigurationKey() { + return DATASOURCE_SETTING_NAME; + } + + protected String getSubsystemName() { + return NAME_SUBSYSTEM; + } +} diff --git a/edc-extensions/postgresql-migration/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension b/edc-extensions/postgresql-migration/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension new file mode 100644 index 000000000..fc52160ad --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/META-INF/services/org.eclipse.dataspaceconnector.spi.system.ServiceExtension @@ -0,0 +1,18 @@ +# +# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Mercedes-Benz Tech Innovation GmbH - Initial ServiceExtension file +# +# +net.catenax.edc.postgresql.migration.AssetPostgresqlMigrationExtension +net.catenax.edc.postgresql.migration.ContractDefinitionPostgresqlMigrationExtension +net.catenax.edc.postgresql.migration.ContractNegotiationPostgresqlMigrationExtension +net.catenax.edc.postgresql.migration.PolicyPostgresqlMigrationExtension +net.catenax.edc.postgresql.migration.TransferProcessPostgresqlMigrationExtension diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/asset/V0_0_1__Init_Asset_Database_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/asset/V0_0_1__Init_Asset_Database_Schema.sql new file mode 100644 index 000000000..6f2d87bd2 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/asset/V0_0_1__Init_Asset_Database_Schema.sql @@ -0,0 +1,55 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - Initial Database Schema +-- + +-- +-- table: edc_asset +-- +CREATE TABLE IF NOT EXISTS edc_asset +( + asset_id VARCHAR(255) NOT NULL, + PRIMARY KEY (asset_id) +); + +-- +-- table: edc_asset_dataaddress +-- +CREATE TABLE IF NOT EXISTS edc_asset_dataaddress +( + asset_id VARCHAR(255) NOT NULL, + properties TEXT NOT NULL, + PRIMARY KEY (asset_id), + FOREIGN KEY (asset_id) REFERENCES edc_asset (asset_id) ON DELETE CASCADE +); +COMMENT ON COLUMN edc_asset_dataaddress.properties is 'DataAddress properties serialized as JSON'; + +-- +-- table: edc_asset_property +-- +CREATE TABLE IF NOT EXISTS edc_asset_property +( + asset_id VARCHAR(255) NOT NULL, + property_name VARCHAR(255) NOT NULL, + property_value TEXT NOT NULL, + property_type VARCHAR(255) NOT NULL, + PRIMARY KEY (asset_id, property_name), + FOREIGN KEY (asset_id) REFERENCES edc_asset (asset_id) ON DELETE CASCADE +); +COMMENT ON COLUMN edc_asset_property.property_name IS + 'Asset property key'; +COMMENT ON COLUMN edc_asset_property.property_value IS + 'Asset property value'; +COMMENT ON COLUMN edc_asset_property.property_type IS + 'Asset property class name'; + +CREATE INDEX IF NOT EXISTS idx_edc_asset_property_value + ON edc_asset_property (property_name, property_value); \ No newline at end of file diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractdefinition/V0_0_1__Init_ContractDefinition_Database_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractdefinition/V0_0_1__Init_ContractDefinition_Database_Schema.sql new file mode 100644 index 000000000..90b36b8d9 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractdefinition/V0_0_1__Init_ContractDefinition_Database_Schema.sql @@ -0,0 +1,24 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - Initial Database Schema +-- + +-- +-- table: edc_contract_definitions +-- +CREATE TABLE IF NOT EXISTS edc_contract_definitions +( + contract_definition_id VARCHAR(255) NOT NULL, + access_policy TEXT NOT NULL, + contract_policy TEXT NOT NULL, + selector_expression TEXT NOT NULL, + PRIMARY KEY (contract_definition_id) +); diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractdefinition/V0_0_2__Alter_ContractDefinition_Access_Contract_Policy_Id_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractdefinition/V0_0_2__Alter_ContractDefinition_Access_Contract_Policy_Id_Schema.sql new file mode 100644 index 000000000..a6f0b53ba --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractdefinition/V0_0_2__Alter_ContractDefinition_Access_Contract_Policy_Id_Schema.sql @@ -0,0 +1,29 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - Migrate edc_contract_definitions to contain access_policy_id and contract_policy_id +-- + +-- Add new access_policy_id and contract_policy_id columns +ALTER TABLE edc_contract_definitions ADD access_policy_id VARCHAR(255) DEFAULT NULL; +ALTER TABLE edc_contract_definitions ADD contract_policy_id VARCHAR(255) DEFAULT NULL; + +-- Extract the id from access_policy and store its value into access_policy_id +UPDATE edc_contract_definitions SET access_policy_id=access_policy::json->>'uid'; +-- Extract the id from contract_policy and store its value into contract_policy_id +UPDATE edc_contract_definitions SET contract_policy_id=contract_policy::json->>'uid'; + +-- DROP obsolete access_policy columns +ALTER TABLE edc_contract_definitions DROP COLUMN access_policy; +ALTER TABLE edc_contract_definitions DROP COLUMN contract_policy; + +-- Add non-null constraints to the new columns +ALTER TABLE edc_contract_definitions ALTER COLUMN access_policy_id SET NOT NULL; +ALTER TABLE edc_contract_definitions ALTER COLUMN contract_policy_id SET NOT NULL; diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractnegotiation/V0_0_1__Init_ContractNegotiation_Database_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractnegotiation/V0_0_1__Init_ContractNegotiation_Database_Schema.sql new file mode 100644 index 000000000..9ec1b59d3 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractnegotiation/V0_0_1__Init_ContractNegotiation_Database_Schema.sql @@ -0,0 +1,82 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - Initial Database Schema +-- + +-- +-- table: edc_lease +-- +CREATE TABLE IF NOT EXISTS edc_lease +( + leased_by VARCHAR(255) NOT NULL, + leased_at BIGINT, + lease_duration INTEGER DEFAULT 60000 NOT NULL, + lease_id VARCHAR(255) NOT NULL + CONSTRAINT lease_pk + PRIMARY KEY +); +COMMENT ON COLUMN edc_lease.leased_at IS 'posix timestamp of lease'; +COMMENT ON COLUMN edc_lease.lease_duration IS 'duration of lease in milliseconds'; + +CREATE UNIQUE INDEX lease_lease_id_uindex + ON edc_lease (lease_id); + +-- +-- table: edc_contract_agreement +-- +CREATE TABLE IF NOT EXISTS edc_contract_agreement +( + id VARCHAR NOT NULL + CONSTRAINT contract_agreement_pk PRIMARY KEY, + provider_agent_id VARCHAR(255), + consumer_agent_id VARCHAR(255), + signing_date BIGINT, + start_date BIGINT, + end_date INTEGER, + asset_id VARCHAR(255) NOT NULL, + policy_id VARCHAR(255), + serialized_policy TEXT +); + +-- +-- table: edc_contract_negotiation +-- +CREATE TABLE IF NOT EXISTS edc_contract_negotiation +( + id VARCHAR(255) NOT NULL + CONSTRAINT contract_negotiation_pk PRIMARY KEY, + correlation_id VARCHAR(255) NOT NULL, + counterparty_id VARCHAR(255) NOT NULL, + counterparty_address VARCHAR(255) NOT NULL, + protocol VARCHAR(255) DEFAULT 'ids-multipart':: CHARACTER VARYING NOT NULL, + type INTEGER DEFAULT 0 NOT NULL, + state INTEGER DEFAULT 0 NOT NULL, + state_count INTEGER DEFAULT 0, + state_timestamp BIGINT, + error_detail TEXT, + contract_agreement_id TEXT + CONSTRAINT contract_negotiation_contract_agreement_id_fk REFERENCES edc_contract_agreement, + contract_offers TEXT, + trace_context TEXT, + lease_id VARCHAR(255) + CONSTRAINT contract_negotiation_lease_lease_id_fk REFERENCES edc_lease ON DELETE SET NULL +); +COMMENT ON COLUMN edc_contract_negotiation.contract_agreement_id IS 'ContractAgreement serialized as JSON'; +COMMENT ON COLUMN edc_contract_negotiation.contract_offers IS 'List serialized as JSON'; +COMMENT ON COLUMN edc_contract_negotiation.trace_context IS 'Map serialized as JSON'; + +CREATE INDEX IF NOT EXISTS contract_negotiation_correlationid_index + ON edc_contract_negotiation (correlation_id); +CREATE UNIQUE INDEX IF NOT EXISTS contract_negotiation_id_uindex + ON edc_contract_negotiation (id); +CREATE UNIQUE INDEX IF NOT EXISTS contract_agreement_id_uindex + ON edc_contract_agreement (id); + diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractnegotiation/V0_0_2__Alter_ContractNegotation_Contract_Agreement_Id_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractnegotiation/V0_0_2__Alter_ContractNegotation_Contract_Agreement_Id_Schema.sql new file mode 100644 index 000000000..966653f2c --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/contractnegotiation/V0_0_2__Alter_ContractNegotation_Contract_Agreement_Id_Schema.sql @@ -0,0 +1,16 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - contract agreement id column rename, negotiation correlation id nullable +-- + +-- RENAME id column and make correlation_id nullable +ALTER TABLE IF EXISTS edc_contract_agreement RENAME COLUMN id to agreement_id; +ALTER TABLE IF EXISTS edc_contract_negotiation ALTER COLUMN correlation_id DROP NOT NULL; diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/policy/V0_0_1__Init_Policy_Database_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/policy/V0_0_1__Init_Policy_Database_Schema.sql new file mode 100644 index 000000000..9c8ebfc74 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/policy/V0_0_1__Init_Policy_Database_Schema.sql @@ -0,0 +1,40 @@ +-- +-- Copyright (c) 2022 ZF Friedrichshafen AG and others +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- ZF Friedrichshafen AG - Initial SQL Query +-- Daimler TSS GmbH - Value range modifications +-- + +-- +-- table: edc_policies +-- +CREATE TABLE IF NOT EXISTS edc_policies +( + policy_id VARCHAR(255) NOT NULL, + permissions TEXT, + prohibitions TEXT, + duties TEXT, + extensible_properties TEXT, + inherits_from VARCHAR(255), + assigner VARCHAR(255), + assignee VARCHAR(255), + target VARCHAR(255), + policy_type VARCHAR(255) NOT NULL, + PRIMARY KEY (policy_id) +); + +COMMENT ON COLUMN edc_policies.permissions IS 'Java List serialized as JSON'; +COMMENT ON COLUMN edc_policies.prohibitions IS 'Java List serialized as JSON'; +COMMENT ON COLUMN edc_policies.duties IS 'Java List serialized as JSON'; +COMMENT ON COLUMN edc_policies.extensible_properties IS 'Java Map serialized as JSON'; +COMMENT ON COLUMN edc_policies.policy_type IS 'Java PolicyType serialized as JSON'; + +CREATE UNIQUE INDEX IF NOT EXISTS edc_policies_id_uindex + ON edc_policies (policy_id); diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/transferprocess/V0_0_1__Init_TransferProcess_Database_Schema.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/transferprocess/V0_0_1__Init_TransferProcess_Database_Schema.sql new file mode 100644 index 000000000..f587632ef --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/transferprocess/V0_0_1__Init_TransferProcess_Database_Schema.sql @@ -0,0 +1,91 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - Rewrite to be SQL Init Schema +-- + +-- +-- table: edc_lease +-- +CREATE TABLE IF NOT EXISTS edc_lease +( + leased_by VARCHAR(255) NOT NULL, + leased_at BIGINT, + lease_duration INTEGER DEFAULT 60000 NOT NULL, + lease_id VARCHAR(255) NOT NULL + CONSTRAINT lease_pk + PRIMARY KEY +); +COMMENT ON COLUMN edc_lease.leased_at IS 'posix timestamp of lease'; +COMMENT ON COLUMN edc_lease.lease_duration IS 'duration of lease in milliseconds'; + +CREATE UNIQUE INDEX IF NOT EXISTS lease_lease_id_uindex + ON edc_lease (lease_id); + +-- +-- table: edc_transfer_process +-- +CREATE TABLE IF NOT EXISTS edc_transfer_process +( + id VARCHAR(255) NOT NULL + CONSTRAINT transfer_process_pk + PRIMARY KEY, + type VARCHAR(255) NOT NULL, + state INTEGER NOT NULL, + state_count INTEGER DEFAULT 0 NOT NULL, + state_time_stamp BIGINT, + trace_context TEXT, + error_detail TEXT, + resource_manifest TEXT, + provisioned_resource_set TEXT, + lease_id VARCHAR(255) + CONSTRAINT transfer_process_lease_lease_id_fk + REFERENCES edc_lease + ON DELETE SET NULL +); +COMMENT ON COLUMN edc_transfer_process.trace_context IS 'Java Map serialized as JSON'; +COMMENT ON COLUMN edc_transfer_process.resource_manifest IS 'java ResourceManifest serialized as JSON'; +COMMENT ON COLUMN edc_transfer_process.provisioned_resource_set IS 'ProvisionedResourceSet serialized as JSON'; + +CREATE UNIQUE INDEX IF NOT EXISTS transfer_process_id_uindex + ON edc_transfer_process (id); + +-- +-- table: edc_data_request +-- +CREATE TABLE IF NOT EXISTS edc_data_request +( + id VARCHAR(255) NOT NULL + CONSTRAINT data_request_pk + PRIMARY KEY, + process_id VARCHAR(255) NOT NULL, + connector_address VARCHAR(255) NOT NULL, + protocol VARCHAR(255) NOT NULL, + connector_id VARCHAR(255), + asset_id VARCHAR(255) NOT NULL, + contract_id VARCHAR(255) NOT NULL, + data_destination TEXT NOT NULL, + managed_resources BOOLEAN DEFAULT TRUE, + properties TEXT, + transfer_type TEXT, + transfer_process_id VARCHAR(255) NOT NULL + CONSTRAINT data_request_transfer_process_id_fk + REFERENCES edc_transfer_process + ON UPDATE RESTRICT ON DELETE CASCADE +); +COMMENT ON COLUMN edc_data_request.data_destination IS 'DataAddress serialized as JSON'; +COMMENT ON COLUMN edc_data_request.properties IS 'java Map serialized as JSON'; +COMMENT ON COLUMN edc_data_request.transfer_type IS 'TransferType serialized as JSON'; + +CREATE UNIQUE INDEX IF NOT EXISTS data_request_id_uindex + ON edc_data_request (id); +CREATE UNIQUE INDEX IF NOT EXISTS lease_lease_id_uindex + ON edc_lease (lease_id); + diff --git a/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/transferprocess/V0_0_2__Alter_TransferProcess_Add_DataAddress.sql b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/transferprocess/V0_0_2__Alter_TransferProcess_Add_DataAddress.sql new file mode 100644 index 000000000..a399b1c22 --- /dev/null +++ b/edc-extensions/postgresql-migration/src/main/resources/net/catenax/edc/postgresql/migration/transferprocess/V0_0_2__Alter_TransferProcess_Add_DataAddress.sql @@ -0,0 +1,17 @@ +-- +-- Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH +-- +-- This program and the accompanying materials are made available under the +-- terms of the Apache License, Version 2.0 which is available at +-- https://www.apache.org/licenses/LICENSE-2.0 +-- +-- SPDX-License-Identifier: Apache-2.0 +-- +-- Contributors: +-- Mercedes-Benz Tech Innovation GmbH - Add DataAddress Column +-- + + +-- Add new content_data_address columns +ALTER TABLE edc_transfer_process ADD content_data_address TEXT; +COMMENT ON COLUMN edc_transfer_process.content_data_address IS 'DataAddress serialized as JSON'; diff --git a/lintconf.yaml b/lintconf.yaml new file mode 100644 index 000000000..71d5b1db7 --- /dev/null +++ b/lintconf.yaml @@ -0,0 +1,42 @@ +--- +rules: + braces: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + brackets: + min-spaces-inside: 0 + max-spaces-inside: 0 + min-spaces-inside-empty: -1 + max-spaces-inside-empty: -1 + colons: + max-spaces-before: 0 + max-spaces-after: 1 + commas: + max-spaces-before: 0 + min-spaces-after: 1 + max-spaces-after: 1 + comments: + require-starting-space: true + min-spaces-from-content: 1 + document-end: disable + document-start: true # No --- to start a file + empty-lines: + max: 2 + max-start: 0 + max-end: 0 + hyphens: + max-spaces-after: 1 + indentation: + spaces: consistent + indent-sequences: whatever # - list indentation will handle both indentation and without + check-multi-line-strings: false + key-duplicates: enable + line-length: disable # Lines can be any length + new-line-at-end-of-file: enable + new-lines: + type: unix + trailing-spaces: enable + truthy: + level: warning diff --git a/misc/NOTICE.md.template b/misc/NOTICE.md.template new file mode 100644 index 000000000..ca8fb8acc --- /dev/null +++ b/misc/NOTICE.md.template @@ -0,0 +1,21 @@ +# Notices for Catena-X NG Product EDC + +## Copyright + +All content is the property of the respective authors or their employers. For more information regarding authorship of content, please consult the listed source code repository logs. + +## Declared Project Licenses + +This program and the accompanying materials are made available under the terms of the Apache License, Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0. + +SPDX-License-Identifier: Apache-2.0 + +## Source Code + +The project maintains the following source code repositoriy: + +* https://github.com/catenax-ng/product-edc + +## Third-party Content (Overarching All Modules) + +@{GENERATED_NOTICES} \ No newline at end of file diff --git a/misc/license-mappings.xml b/misc/license-mappings.xml new file mode 100644 index 000000000..f26375c3e --- /dev/null +++ b/misc/license-mappings.xml @@ -0,0 +1,755 @@ + + + + org.eclipse.dataspaceconnector + apache-commons-pool-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + api-configuration + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + api-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + asset-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + assetindex-cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + asset-index-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + auth-basic + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + auth-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + auth-tokenbased + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + aws-s3 + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + aws-test + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + azure-eventgrid + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + azure-eventgrid-config + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + azure-test + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + azure-vault + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + blob-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + blob-operator + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + blob-provision + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + blobstorage + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + catalog + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + catalog-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + catalog-cache + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + catalog-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + common-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + common-util + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contract + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contractagreement-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contractdefinition-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contract-definition-store-cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contractdefinition-store-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contractnegotiation-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contract-negotiation-store-cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contractnegotiation-store-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + contract-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + control-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core-base + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core-boot + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core-defaults + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core-micrometer + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core-policy + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + core-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + cosmos-common + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + dataloading + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-management-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-azure-storage + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-framework + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-http + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-s3 + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-selector-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-selector-client + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-selector-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-selector-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-selector-store + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-transfer + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-transfer-client + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-transfer-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + data-plane-transfer-sync + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + decentralized-identity + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + dummy-credentials-verifier + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + fcc-node-directory-cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + federated-catalog-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + filesystem-configuration + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + filesystem-vault + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + http + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + http-provisioner + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + http-receiver + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + iam-daps + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + iam-mock + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + identity-common-test + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + identity-did-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + identity-did-crypto + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + identity-did-service + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + identity-did-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + identity-did-web + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-api-configuration + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-api-multipart-dispatcher-v1 + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-api-multipart-endpoint-v1 + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-api-transform-v1 + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-policy + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + ids-token-validation + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + jdk-logger-monitor + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + jersey + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + jersey-micrometer + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + jetty + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + jetty-micrometer + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + lease-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + oauth2-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + oauth2-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + observability-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + policydefinition-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + policy-engine + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + policy-evaluator + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + policy-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + policy-store-cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + policy-store-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + registration-service + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + registration-service-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + s3-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + s3-operator + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + s3-provision + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + state-machine-lib + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + token-generation-lib + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + token-validation-lib + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transaction-atomikos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transaction-datasource-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transaction-local + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transaction-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transfer + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transfer-functions-core + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transfer-functions-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transferprocess-api + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transfer-process-store-cosmos + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transfer-process-store-sql + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transfer-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + transport-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + + org.eclipse.dataspaceconnector + web-spi + Apache License, Version 2.0 + 0.0.1-SNAPSHOT + + diff --git a/pom.xml b/pom.xml index a3edf565d..76d6f5eea 100644 --- a/pom.xml +++ b/pom.xml @@ -1,36 +1,71 @@ - + 4.0.0 net.catenax.edc - catena-x-edc-parent - 0.0.1-SNAPSHOT + product-edc-parent + 0.0.1 pom + edc-extensions edc-controlplane edc-dataplane + 2022 + + + Apache License 2.0 + https://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + 11 11 + UTF-8 - 3.2.4 - 1.4.13 - 1.31.3 + 3.3.0 + 3.2.2 + 2.22.5 + 3.0.0 + 1.5 + 0.0.1-SNAPSHOT + 1.2.1 + 3.1.0 + 42.3.5 + 8.5.10 + + + 5.8.2 + 1.8.2 + 1.10.19 github-catenax-ng Catena-X NG: Github Packages - https://maven.pkg.github.com/catenax-ng/catena-x-edc + https://maven.pkg.github.com/catenax-ng/product-edc @@ -45,33 +80,35 @@ Fraunhofer IAIS https://maven.iais.fraunhofer.de/artifactory/eis-ids-public - - github-edc - EDC: Github Packages - https://maven.pkg.github.com/eclipse-dataspaceconnector/DataSpaceConnector - - true - - - - github-catenax-ng - Catena-X NG: Github Packages - https://maven.pkg.github.com/catenax-ng/catena-x-edc - + + org.codehaus.mojo + exec-maven-plugin + ${org.codehaus.mojo.exec.maven.plugin.version} + + + org.apache.commons + commons-build-plugin + 1.12 + + + org.codehaus.mojo + license-maven-plugin + 2.0.0 + org.apache.maven.plugins - maven-shade-plugin - ${org.apache.maven.plugins.shade.version} + maven-jar-plugin + ${org.apache.maven.plugins.maven.jar.plugin.version} - com.spotify - dockerfile-maven-plugin - ${com.spotify.dockerfile.maven.plugin.version} + org.apache.maven.plugins + maven-dependency-plugin + ${org.apache.maven.plugins.maven.dependency.plugin.version} com.diffplug.spotless @@ -95,6 +132,79 @@ + + maven-surefire-plugin + 2.22.2 + + + org.codehaus.mojo + license-maven-plugin + ${org.codehaus.mojo.license.maven.plugin} + + ${project.basedir}/LICENSE + true + + + Apache License 2.0|Apache License v2.0| + Apache License, 2.0| + Apache License, Version 2.0| + Apache License, version 2.0| + Apache Software License - Version 2.0| + The Apache License, Version 2.0| + The Apache Software License, Version 2.0 + + + BSD 2-Clause| + BSD-2-Clause + + + Eclipse Distribution License - v 1.0| + EDL 1.0 + + + Eclipse Public License - Version 1.0| + EPL 1.0| + EPL-1.0 + + + Eclipse Public License - Version 2.0| + EPL 2.0| + EPL-2.0 + + + GPL-2.0-with-classpath-exception| + GPL2 w/ CPE| + GPL-2.0-with-classpath-exception + + + LGPL 2.1| + LGPL, version 2.1 + + + MIT License| + MIT license| + The MIT License (MIT) + + + BSD-3-Clause| + Modified BSD + + + GNU Lesser General Public License, version 2.1| + LGPL 2.1 + + + + + + create-license-list + + aggregate-add-third-party + + generate-resources + + + @@ -108,6 +218,221 @@ + + + net.catenax.edc.extensions + aas-controller + ${project.version} + + + net.catenax.edc.extensions + business-partner-validation + ${project.version} + + + net.catenax.edc.extensions + postgresql-migration + ${project.version} + + + + + jakarta.ws.rs + jakarta.ws.rs-api + ${jakarta.ws.rs.api.version} + + + org.postgresql + postgresql + ${org.postgresql.version} + + + org.flywaydb + flyway-core + ${org.flywaydb.version} + + + + + org.eclipse.dataspaceconnector + apache-commons-pool-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + api-configuration + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + api-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + asset-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + assetindex-cosmos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + asset-index-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + auth-basic + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + auth-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + auth-tokenbased + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + aws-s3 + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + aws-test + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + azure-eventgrid + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + azure-eventgrid-config + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + azure-test + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + azure-vault + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + blob-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + blob-operator + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + blob-provision + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + blobstorage + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + catalog + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + catalog-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + catalog-cache + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + catalog-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + common-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + common-util + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contract + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contractagreement-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contractdefinition-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contract-definition-store-cosmos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contractdefinition-store-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contractnegotiation-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contract-negotiation-store-cosmos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contractnegotiation-store-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + contract-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + control-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + core + ${org.eclipse.dataspaceconnector.version} + org.eclipse.dataspaceconnector core-base @@ -120,7 +445,52 @@ org.eclipse.dataspaceconnector - http + core-defaults + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + core-micrometer + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + core-policy + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + core-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + cosmos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + cosmos-common + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + dataloading + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-management-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-azure-storage ${org.eclipse.dataspaceconnector.version} @@ -135,7 +505,77 @@ org.eclipse.dataspaceconnector - data-plane-api + data-plane-s3 + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-selector-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-selector-client + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-selector-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-selector-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-selector-store + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-transfer + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-transfer-client + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-transfer-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + data-plane-transfer-sync + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + decentralized-identity + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + dummy-credentials-verifier + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + fcc-node-directory-cosmos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + federated-catalog-spi ${org.eclipse.dataspaceconnector.version} @@ -145,27 +585,62 @@ org.eclipse.dataspaceconnector - web-spi + filesystem-vault ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - core-spi + http ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - core + http-provisioner + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + http-receiver + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + iam-daps + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + iam-mock + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + identity-common-test + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + identity-did-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + identity-did-crypto + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + identity-did-service ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - transfer-process-store-memory + identity-did-spi ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - contractnegotiation-store-memory + identity-did-web ${org.eclipse.dataspaceconnector.version} @@ -175,32 +650,207 @@ org.eclipse.dataspaceconnector - iam-mock + ids-api-configuration ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - control-api + ids-api-multipart-dispatcher-v1 ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - azure-vault + ids-api-multipart-endpoint-v1 ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - assetindex-cosmos + ids-api-transform-v1 ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - contract-definition-store-cosmos + ids-core ${org.eclipse.dataspaceconnector.version} org.eclipse.dataspaceconnector - contract-negotiation-store-cosmos + ids-policy + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + ids-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + ids-token-validation + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + jdk-logger-monitor + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + jersey + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + jersey-micrometer + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + jetty + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + jetty-micrometer + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + lease-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + oauth2-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + oauth2-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + observability-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + policydefinition-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + policy-engine + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + policy-evaluator + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + policy-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + policy-store-cosmos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + policy-store-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + registration-service + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + registration-service-api + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + s3-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + s3-operator + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + s3-provision + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + state-machine-lib + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + token-generation-lib + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + token-validation-lib + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transaction-atomikos + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transaction-datasource-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transaction-local + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transaction-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transfer + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transfer-functions-core + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transfer-functions-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transferprocess-api ${org.eclipse.dataspaceconnector.version} @@ -208,6 +858,107 @@ transfer-process-store-cosmos ${org.eclipse.dataspaceconnector.version} + + org.eclipse.dataspaceconnector + transfer-process-store-sql + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transfer-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + transport-spi + ${org.eclipse.dataspaceconnector.version} + + + org.eclipse.dataspaceconnector + web-spi + ${org.eclipse.dataspaceconnector.version} + + + + + com.azure + azure-sdk-bom + ${com.azure.sdk.bom.version} + pom + import + + + + + org.junit.jupiter + junit-jupiter-engine + ${junit.jupiter.version} + test + + + org.junit.jupiter + junit-jupiter-api + ${junit.jupiter.version} + test + + + org.junit.jupiter + junit-jupiter-params + ${junit.jupiter.version} + test + + + org.junit.platform + junit-platform-suite + ${junit.platform.version} + test + + + org.mockito + mockito-all + ${mockito.version} + test + + + + + generate-notice + + + + + org.jasig.maven + maven-notice-plugin + 1.1.0 + + + jakarta.xml.bind + jakarta.xml.bind-api + 4.0.0 + + + org.glassfish.jaxb + jaxb-runtime + 2.3.6 + + + + ${project.basedir}/misc/NOTICE.md.template + false + * {0} under {1} + NOTICE.md + @{GENERATED_NOTICES} + + ${project.basedir}/misc/license-mappings.xml + + + + + + + \ No newline at end of file