From e03e4adec567ef8fe1ae8947604e4af5748be712 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger <43503240+paullatzelsperger@users.noreply.github.com> Date: Mon, 7 Aug 2023 16:38:17 +0200 Subject: [PATCH] feat: use new BPN Policy in artefacts and E2E tests (#690) * feat: use new BPN Policy in artefacts and E2E tests * moved old code to the new module * add README.md * update helm charts, extend helm tests * update helm tests * unrelated: clean out old files * use mgmt api as helm test * fix datasource in azure chart --- .github/workflows/deployment-test.yaml | 6 +- .../templates/deployment-controlplane.yaml | 10 + .../templates/tests/test-controlplane.yaml | 56 +++++ .../tests/test-dataplane-readiness.yaml | 4 +- .../templates/service-runtime.yaml | 4 +- .../templates/tests/test-readiness.yaml | 46 ----- .../templates/tests/test-runtime.yaml | 57 ++++++ .../templates/deployment-controlplane.yaml | 10 + .../tests/test-controlplane-readiness.yaml | 43 ---- .../templates/tests/test-controlplane.yaml} | 21 +- .../tests/test-dataplane-readiness.yaml | 38 ++-- .../edc-controlplane-base/build.gradle.kts | 4 +- .../build.gradle.kts | 1 + .../README.md | 178 ---------------- .../build.gradle.kts | 83 -------- .../notice.md | 28 --- .../src/main/docker/Dockerfile | 64 ------ .../build.gradle.kts | 3 +- edc-extensions/bpn-validation/README.md | 157 ++++++++++++++ .../BusinessPartnerGroupApiController.java | 6 +- ...rg.eclipse.edc.spi.system.ServiceExtension | 2 +- ...BusinessPartnerGroupApiControllerTest.java | 7 +- ...> BusinessPartnerValidationExtension.java} | 2 +- ...cyBusinessPartnerValidationExtension.java} | 50 ++--- .../BusinessPartnerGroupFunction.java | 6 +- .../AbstractBusinessPartnerValidation.java | 52 +++-- .../legacy}/BusinessPartnerDutyFunction.java | 29 +-- .../BusinessPartnerPermissionFunction.java | 32 +-- .../BusinessPartnerProhibitionFunction.java | 32 +-- ...rg.eclipse.edc.spi.system.ServiceExtension | 3 +- ...sinessPartnerValidationExtensionTest.java} | 45 ++-- ...AbstractBusinessPartnerValidationTest.java | 28 +-- ...rg.eclipse.edc.spi.system.ServiceExtension | 2 +- ...SqlBusinessPartnerGroupStoreExtension.java | 6 + edc-extensions/build.gradle.kts | 2 +- .../business-partner-validation/README.md | 192 ------------------ .../build.gradle.kts | 31 --- edc-tests/e2e-tests/build.gradle.kts | 1 + .../edc/helpers/PolicyHelperFunctions.java | 46 ++++- .../tractusx/edc/lifecycle/DataWiper.java | 13 +- .../tractusx/edc/lifecycle/Participant.java | 18 ++ .../edc/lifecycle/PgParticipantRuntime.java | 4 + .../tests/catalog/AbstractCatalogTest.java | 44 +++- .../edc/tests/edr/AbstractDeleteEdrTest.java | 8 +- .../tests/edr/AbstractNegotiateEdrTest.java | 8 +- .../edc/tests/edr/AbstractRenewalEdrTest.java | 8 +- .../AbstractContractNegotiateTest.java | 6 +- .../proxy/AbstractDataPlaneProxyTest.java | 30 +-- .../runtime-postgresql/build.gradle.kts | 1 - .../edc-dataplane-proxy-consumer-api.yaml | 6 + resources/openapi/yaml/edr-api.yaml | 70 +++++-- settings.gradle.kts | 1 - 52 files changed, 706 insertions(+), 898 deletions(-) create mode 100644 charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml delete mode 100644 charts/tractusx-connector-memory/templates/tests/test-readiness.yaml create mode 100644 charts/tractusx-connector-memory/templates/tests/test-runtime.yaml delete mode 100644 charts/tractusx-connector/templates/tests/test-controlplane-readiness.yaml rename charts/{tractusx-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml => tractusx-connector/templates/tests/test-controlplane.yaml} (59%) delete mode 100644 edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/README.md delete mode 100644 edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/build.gradle.kts delete mode 100644 edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/notice.md delete mode 100644 edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/src/main/docker/Dockerfile create mode 100644 edc-extensions/bpn-validation/README.md rename edc-extensions/{business-partner-validation => bpn-validation/bpn-validation-api}/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension (90%) rename edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/{BusinessPartnerEvaluationExtension.java => BusinessPartnerValidationExtension.java} (98%) rename edc-extensions/{business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java => bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtension.java} (70%) rename edc-extensions/{business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions => bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy}/AbstractBusinessPartnerValidation.java (77%) rename edc-extensions/{business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions => bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy}/BusinessPartnerDutyFunction.java (56%) rename edc-extensions/{business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions => bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy}/BusinessPartnerPermissionFunction.java (51%) rename edc-extensions/{business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions => bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy}/BusinessPartnerProhibitionFunction.java (51%) rename edc-extensions/{business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java => bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtensionTest.java} (65%) rename edc-extensions/{business-partner-validation => bpn-validation/bpn-validation-core}/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java (87%) delete mode 100644 edc-extensions/business-partner-validation/README.md delete mode 100644 edc-extensions/business-partner-validation/build.gradle.kts diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml index 646e4ef0c..3060eb940 100644 --- a/.github/workflows/deployment-test.yaml +++ b/.github/workflows/deployment-test.yaml @@ -73,7 +73,7 @@ jobs: kubectl rollout status deployment tx-inmem # execute the helm test - helm test tx-inmem --logs + helm test tx-inmem test-hashicorp-postgres: runs-on: ubuntu-latest @@ -98,7 +98,7 @@ jobs: kubectl rollout status deployment tx-prod-dataplane # execute the helm test - helm test tx-prod --logs + helm test tx-prod test-azure-vault-postgres: runs-on: ubuntu-latest @@ -135,4 +135,4 @@ jobs: kubectl rollout status deployment tx-prod-dataplane # execute the helm test - helm test tx-prod --logs + helm test tx-prod diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml index e35926a18..7c6ae79ed 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml @@ -228,6 +228,16 @@ spec: - name: "EDC_DATASOURCE_EDR_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/bpn-validation/business-partner-store-sql + - name: "EDC_DATASOURCE_BPN_NAME" + value: "bpn" + - name: "EDC_DATASOURCE_BPN_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_BPN_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_BPN_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + ################ ## DATA PLANE ## ################ diff --git a/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml new file mode 100644 index 000000000..33b188764 --- /dev/null +++ b/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane.yaml @@ -0,0 +1,56 @@ +# + # Copyright (c) 2023 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License, Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # + +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{include "txdc.fullname" .}}-test-controlplane" + labels: + {{- include "txdc.controlplane.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} +spec: + containers: + {{/* Poke the pod's management API */}} + - name: readiness + image: curlimages/curl + command: [ 'curl', '--fail' ] + args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] + + {{/* Try adding a BPN Group to the store via the management API */}} + - name: mgmt-api-bpn-store + image: curlimages/curl + command: [ 'curl', '-X', 'POST', '--fail','-H','Content-Type: application/json', '-H', '{{- printf "x-api-key: %s" $.Values.controlplane.endpoints.management.authKey }}', '-d', '{ + "@context": { + "tx": "https://w3id.org/tractusx/v0.0.1/ns/" + }, + "@id": "tx:BPN000001234", + "tx:groups": ["group1", "group2", "group3"] + }' ] + args: [ '{{- printf "http://%s-controlplane:%v%s/business-partner-groups" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.management.port $.Values.controlplane.endpoints.management.path -}}' ] + restartPolicy: Never + securityContext: + fsGroup: 101 # curl_group + runAsGroup: 101 # curl_group + runAsNonRoot: true + runAsUser: 100 # curl_user + seccompProfile: + type: RuntimeDefault diff --git a/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml b/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml index 83d2fdd50..fa58c7da7 100644 --- a/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml +++ b/charts/tractusx-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml @@ -31,7 +31,7 @@ spec: containers: - name: wget image: curlimages/curl - command: [ 'curl' ] + command: [ 'curl', '--fail' ] args: [ '{{- printf "http://%s-dataplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.dataplane.endpoints.default.port $.Values.dataplane.endpoints.default.path -}}' ] restartPolicy: Never securityContext: @@ -40,4 +40,4 @@ spec: runAsNonRoot: true runAsUser: 100 # curl_user seccompProfile: - type: RuntimeDefault + type: RuntimeDefault diff --git a/charts/tractusx-connector-memory/templates/service-runtime.yaml b/charts/tractusx-connector-memory/templates/service-runtime.yaml index 1739eb938..016b7effa 100644 --- a/charts/tractusx-connector-memory/templates/service-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/service-runtime.yaml @@ -40,9 +40,9 @@ spec: protocol: TCP name: control - port: {{ .Values.runtime.endpoints.management.port }} - targetPort: data + targetPort: management protocol: TCP - name: data + name: management - port: {{ .Values.runtime.endpoints.validation.port }} targetPort: validation protocol: TCP diff --git a/charts/tractusx-connector-memory/templates/tests/test-readiness.yaml b/charts/tractusx-connector-memory/templates/tests/test-readiness.yaml deleted file mode 100644 index 057b807cd..000000000 --- a/charts/tractusx-connector-memory/templates/tests/test-readiness.yaml +++ /dev/null @@ -1,46 +0,0 @@ -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "txdc.fullname" . }}-test-readiness" - labels: - {{- include "txdc.runtime.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ 'curl' ] - args: [ '{{- printf "http://%s-runtime:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.runtime.endpoints.default.port $.Values.runtime.endpoints.default.path -}}' ] - restartPolicy: Never - securityContext: - fsGroup: 101 # curl_group - runAsGroup: 101 # curl_group - runAsNonRoot: true - runAsUser: 100 # curl_user - seccompProfile: - type: RuntimeDefault diff --git a/charts/tractusx-connector-memory/templates/tests/test-runtime.yaml b/charts/tractusx-connector-memory/templates/tests/test-runtime.yaml new file mode 100644 index 000000000..87f132235 --- /dev/null +++ b/charts/tractusx-connector-memory/templates/tests/test-runtime.yaml @@ -0,0 +1,57 @@ +# + # Copyright (c) 2023 ZF Friedrichshafen AG + # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH + # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + # Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License, Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # + +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "txdc.fullname" . }}-test" + labels: + {{- include "txdc.runtime.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} +spec: + containers: + - name: readiness + image: curlimages/curl + command: [ 'curl', '--fail' ] + args: [ '{{- printf "http://%s-runtime:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.runtime.endpoints.default.port $.Values.runtime.endpoints.default.path -}}' ] + {{/* Try adding a BPN Group to the store via the management API */}} + - name: mgmt-api-bpn-store + image: curlimages/curl + command: [ 'curl', '-X', 'POST', '--fail','-H','Content-Type: application/json', '-H', '{{- printf "x-api-key: %s" $.Values.runtime.endpoints.management.authKey }}', '-d', '{ + "@context": { + "tx": "https://w3id.org/tractusx/v0.0.1/ns/" + }, + "@id": "tx:BPN000001234", + "tx:groups": ["group1", "group2", "group3"] + }' ] + args: [ '{{- printf "http://%s-runtime:%v%s/business-partner-groups" (include "txdc.fullname" $ ) $.Values.runtime.endpoints.management.port $.Values.runtime.endpoints.management.path -}}' ] + restartPolicy: Never + securityContext: + fsGroup: 101 # curl_group + runAsGroup: 101 # curl_group + runAsNonRoot: true + runAsUser: 100 # curl_user + seccompProfile: + type: RuntimeDefault diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml index bd4e892ae..5c72b1b50 100644 --- a/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml @@ -228,6 +228,16 @@ spec: - name: "EDC_DATASOURCE_EDR_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/bpn-validation/business-partner-store-sql + - name: "EDC_DATASOURCE_BPN_NAME" + value: "bpn" + - name: "EDC_DATASOURCE_BPN_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_BPN_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_BPN_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + ################ ## DATA PLANE ## ################ diff --git a/charts/tractusx-connector/templates/tests/test-controlplane-readiness.yaml b/charts/tractusx-connector/templates/tests/test-controlplane-readiness.yaml deleted file mode 100644 index 14d18f591..000000000 --- a/charts/tractusx-connector/templates/tests/test-controlplane-readiness.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-controlplane-readiness" - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ 'curl' ] - args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] - restartPolicy: Never - securityContext: - fsGroup: 101 # curl_group - runAsGroup: 101 # curl_group - runAsNonRoot: true - runAsUser: 100 # curl_user - seccompProfile: - type: RuntimeDefault diff --git a/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml b/charts/tractusx-connector/templates/tests/test-controlplane.yaml similarity index 59% rename from charts/tractusx-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml rename to charts/tractusx-connector/templates/tests/test-controlplane.yaml index 8f00e499f..796b94fa2 100644 --- a/charts/tractusx-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml +++ b/charts/tractusx-connector/templates/tests/test-controlplane.yaml @@ -21,7 +21,7 @@ apiVersion: v1 kind: Pod metadata: - name: "{{include "txdc.fullname" .}}test-controlplane-readiness" + name: "{{include "txdc.fullname" .}}-test-controlplane" labels: {{- include "txdc.controlplane.labels" . | nindent 4 }} annotations: @@ -29,10 +29,23 @@ metadata: "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} spec: containers: - - name: wget + {{/* Poke the pod's management API */}} + - name: readiness image: curlimages/curl - command: [ 'curl' ] + command: [ 'curl', '--fail' ] args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] + + {{/* Try adding a BPN Group to the store via the management API */}} + - name: bpn-store + image: curlimages/curl + command: [ 'curl', '-X', 'POST', '--fail','-H','Content-Type: application/json', '-H', '{{- printf "x-api-key: %s" $.Values.controlplane.endpoints.management.authKey }}', '-d', '{ + "@context": { + "tx": "https://w3id.org/tractusx/v0.0.1/ns/" + }, + "@id": "tx:BPN000001234", + "tx:groups": ["group1", "group2", "group3"] + }' ] + args: [ '{{- printf "http://%s-controlplane:%v%s/business-partner-groups" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.management.port $.Values.controlplane.endpoints.management.path -}}' ] restartPolicy: Never securityContext: fsGroup: 101 # curl_group @@ -40,4 +53,4 @@ spec: runAsNonRoot: true runAsUser: 100 # curl_user seccompProfile: - type: RuntimeDefault + type: RuntimeDefault diff --git a/charts/tractusx-connector/templates/tests/test-dataplane-readiness.yaml b/charts/tractusx-connector/templates/tests/test-dataplane-readiness.yaml index 651e818eb..fa58c7da7 100644 --- a/charts/tractusx-connector/templates/tests/test-dataplane-readiness.yaml +++ b/charts/tractusx-connector/templates/tests/test-dataplane-readiness.yaml @@ -1,21 +1,21 @@ # -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# + # Copyright (c) 2023 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License, Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + # + # SPDX-License-Identifier: Apache-2.0 + # --- apiVersion: v1 @@ -31,7 +31,7 @@ spec: containers: - name: wget image: curlimages/curl - command: [ 'curl' ] + command: [ 'curl', '--fail' ] args: [ '{{- printf "http://%s-dataplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.dataplane.endpoints.default.port $.Values.dataplane.endpoints.default.path -}}' ] restartPolicy: Never securityContext: @@ -40,4 +40,4 @@ spec: runAsNonRoot: true runAsUser: 100 # curl_user seccompProfile: - type: RuntimeDefault + type: RuntimeDefault diff --git a/edc-controlplane/edc-controlplane-base/build.gradle.kts b/edc-controlplane/edc-controlplane-base/build.gradle.kts index f6d912bb5..f8bc52809 100644 --- a/edc-controlplane/edc-controlplane-base/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-base/build.gradle.kts @@ -25,7 +25,6 @@ plugins { dependencies { runtimeOnly(project(":core:edr-cache-core")) runtimeOnly(project(":core:edr-core")) - runtimeOnly(project(":edc-extensions:business-partner-validation")) runtimeOnly(project(":edc-extensions:dataplane-selector-configuration")) runtimeOnly(project(":edc-extensions:data-encryption")) @@ -33,6 +32,9 @@ dependencies { runtimeOnly(project(":edc-extensions:edr:edr-api")) runtimeOnly(project(":edc-extensions:edr:edr-callback")) + // needed for BPN validation + runtimeOnly(project(":edc-extensions:bpn-validation")) + // needed for SSI integration runtimeOnly(project(":core:json-ld-core")) runtimeOnly(project(":edc-extensions:ssi:ssi-identity-core")) diff --git a/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts index 322019398..a1cdab224 100644 --- a/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-postgresql-azure-vault/build.gradle.kts @@ -30,6 +30,7 @@ dependencies { runtimeOnly(project(":edc-controlplane:edc-controlplane-base")) runtimeOnly(project(":edc-extensions:postgresql-migration")) runtimeOnly(project(":edc-extensions:edr:edr-cache-sql")) + runtimeOnly(project(":edc-extensions:bpn-validation:business-partner-store-sql")) runtimeOnly(libs.edc.azure.vault) runtimeOnly(libs.bundles.edc.sqlstores) runtimeOnly(libs.edc.transaction.local) diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/README.md b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/README.md deleted file mode 100644 index 4d73773fb..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/README.md +++ /dev/null @@ -1,178 +0,0 @@ -# EDC Control-Plane backed by [Postgresql](https://www.postgresql.org/) and [HashiCorp vault](https://www.vaultproject.io/docs) - -## Building - -```shell -./gardlew :edc-controlplane:edc-controlplane-postgresql-hashicorp-vault:dockerize -``` - -## Configuration - -Listed below are configuration keys needed to get the `edc-controlplane-postgresql-hashicorp-vault` up and running. -Details regarding each configuration property can be found at the [documentary section of the EDC](https://github.com/eclipse-edc/Connector/tree/main/docs). - -| Key | Required | Example | Description | -|--------------------------------------------------|----------|------------------------------------------------------------------------------|----------------------------| -| edc.api.auth.key | | password | default value: random UUID | -| web.http.default.port | X | 8080 | | -| web.http.default.path | X | /api | | -| web.http.data.port | X | 8181 | | -| web.http.data.path | X | /data | | -| web.http.validation.port | X | 8182 | | -| web.http.validation.path | X | /validation | | -| web.http.control.port | X | 9999 | | -| web.http.control.path | X | /api/controlplane/control | | -| web.http.ids.port | X | 8282 | | -| web.http.ids.path | X | /api/v1/ids | | -| edc.receiver.http.endpoint | X | | | -| edc.ids.title | | Eclipse Dataspace Connector | | -| edc.ids.description | | Eclipse Dataspace Connector | | -| edc.ids.id | | urn:connector:edc | | -| edc.ids.security.profile | | base | | -| edc.ids.endpoint | | | | -| edc.ids.maintainer | | | | -| edc.ids.curator | | | | -| edc.ids.catalog.id | | urn:catalog:default | | -| ids.webhook.address | | | | -| edc.hostname | | localhost | | -| edc.oauth.token.url | X | | | -| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | | -| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | | -| edc.oauth.client.id | X | daps-oauth-client-id | | -| edc.vault.hashicorp.url | X | | | -| edc.vault.hashicorp.token | X | 55555555-6666-7777-8888-999999999999 | | -| edc.vault.hashicorp.timeout.seconds | | 30 | | -| edc.datasource.asset.name | X | asset | | -| edc.datasource.asset.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_asset_db | | -| edc.datasource.asset.user | X | username | | -| edc.datasource.asset.password | X | password | | -| edc.datasource.contractdefinition.name | X | contractdefinition | | -| edc.datasource.contractdefinition.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractdefinition_db | | -| edc.datasource.contractdefinition.user | X | username | | -| edc.datasource.contractdefinition.password | X | password | | -| edc.datasource.contractnegotiation.name | X | contractnegotiation | | -| edc.datasource.contractnegotiation.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractnegotiation_db | | -| edc.datasource.contractnegotiation.user | X | username | | -| edc.datasource.contractnegotiation.password | X | password | | -| edc.datasource.policy.name | X | policy | | -| edc.datasource.policy.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_policy_db | | -| edc.datasource.policy.user | X | username | | -| edc.datasource.policy.password | X | password | | -| edc.datasource.transferprocess.name | X | transferprocess | | -| edc.datasource.transferprocess.url | X | jdbc:postgresql://postgres.svc.cluster.local:5432/edc_transferprocess_db | | -| edc.datasource.transferprocess.user | X | username | | -| edc.datasource.transferprocess.password | X | password | | -| edc.transfer.proxy.endpoint | X | | | -| edc.transfer.proxy.token.signer.privatekey.alias | X | | | - -### Example configuration.properties - -JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties` within the container. - -```shell -# Create configuration.properties -export CONFIGURATION_PROPERTIES_FILE=$(mktemp /tmp/configuration.properties.XXXXXX) -cat << 'EOF' > ${CONFIGURATION_PROPERTIES_FILE} - -web.http.default.port=8080 -web.http.default.path=/api -web.http.data.port=8181 -web.http.data.path=/data -web.http.validation.port=8182 -web.http.validation.path=/validation -web.http.control.port=9999 -web.http.control.path=/api/controlplane/control -web.http.ids.port=8282 -web.http.ids.path=/api/v1/ids - -edc.receiver.http.endpoint=http://backend-service - -edc.ids.title=Eclipse Dataspace Connector -edc.ids.description=Eclipse Dataspace Connector -edc.ids.id=urn:connector:edc -edc.ids.security.profile=base -edc.ids.endpoint=http://localhost:8282/api/v1/ids -edc.ids.maintainer=http://localhost -edc.ids.curator=http://localhost -edc.ids.catalog.id=urn:catalog:default -ids.webhook.address=http://localhost:8282/api/v1/ids - -edc.hostname=localhost - -edc.api.auth.key=password - -# OAuth / DAPS related configuration -edc.oauth.token.url=https://daps.example.net -edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault -edc.oauth.private.key.alias=key-to-private-key-in-keyvault -edc.oauth.client.id=daps-oauth-client-id - -# HashiCorp vault related configuration -edc.vault.hashicorp.url=http://vault -edc.vault.hashicorp.token=55555555-6666-7777-8888-999999999999 -edc.vault.hashicorp.timeout.seconds=30 - -# Control- / Data- Plane configuration -edc.transfer.proxy.endpoint=http://dataplane-public-endpoint/public -edc.transfer.proxy.token.signer.privatekey.alias=token-signer-private-key - -# Postgresql related configuration -edc.datasource.asset.name=asset -edc.datasource.asset.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_asset -edc.datasource.asset.user=user -edc.datasource.asset.password=pass -edc.datasource.contractdefinition.name=contractdefinition -edc.datasource.contractdefinition.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractdefinition -edc.datasource.contractdefinition.user=user -edc.datasource.contractdefinition.password=pass -edc.datasource.contractnegotiation.name=contractnegotiation -edc.datasource.contractnegotiation.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_contractnegotiation -edc.datasource.contractnegotiation.user=user -edc.datasource.contractnegotiation.password=pass -edc.datasource.policy.name=policy -edc.datasource.policy.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_policy -edc.datasource.policy.user=user -edc.datasource.policy.password=pass -edc.datasource.transferprocess.name=transferprocess -edc.datasource.transferprocess.url=jdbc:postgresql://postgres.svc.cluster.local:5432/edc_transferprocess -edc.datasource.transferprocess.user=user -edc.datasource.transferprocess.password=pass -EOF -``` - -### Example logging.properties - -```shell -# Create logging.properties -export LOGGING_PROPERTIES_FILE=$(mktemp /tmp/logging.properties.XXXXXX) -cat << 'EOF' > ${LOGGING_PROPERTIES_FILE} -.level=INFO -org.eclipse.edc.level=ALL -handlers=java.util.logging.ConsoleHandler -java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter -java.util.logging.ConsoleHandler.level=ALL -java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n -EOF -``` - -### Example opentelemetry.properties - -```shell -# Create opentelemetry.properties -export OPENTELEMETRY_PROPERTIES_FILE=$(mktemp /tmp/opentelemetry.properties.XXXXXX) -cat << 'EOF' > ${OPENTELEMETRY_PROPERTIES_FILE} -otel.javaagent.enabled=false -otel.javaagent.debug=false -EOF -``` - -## Running - -```shell -docker run \ - -p 8080:8080 -p 8181:8181 -p 8182:8182 -p 8282:8282 -p 9090:9090 -p 9999:9999 \ - -v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \ - -v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \ - -v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \ - -i edc-controlplane-postgresql-hashicorp-vault:latest -``` diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/build.gradle.kts deleted file mode 100644 index 8b725e160..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/build.gradle.kts +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - */ - -import com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar - -plugins { - `java-library` - id("application") - id("com.github.johnrengelman.shadow") version "8.1.1" -} - -dependencies { - runtimeOnly(project(":core:edr-cache-core")) - runtimeOnly(project(":core:edr-core")) - runtimeOnly(project(":edc-extensions:business-partner-validation")) - runtimeOnly(project(":edc-extensions:dataplane-selector-configuration")) - runtimeOnly(project(":edc-extensions:data-encryption")) - runtimeOnly(project(":edc-extensions:cx-oauth2")) - runtimeOnly(project(":edc-extensions:provision-additional-headers")) - runtimeOnly(project(":edc-extensions:edr:edr-api")) - runtimeOnly(project(":edc-extensions:edr:edr-callback")) - - runtimeOnly(libs.edc.core.controlplane) - runtimeOnly(libs.edc.config.filesystem) - runtimeOnly(libs.edc.auth.tokenbased) - runtimeOnly(libs.edc.auth.oauth2.core) - runtimeOnly(libs.edc.auth.oauth2.daps) - runtimeOnly(libs.edc.api.management) - runtimeOnly(libs.edc.api.observability) - runtimeOnly(libs.edc.dsp) - runtimeOnly(libs.edc.spi.jwt) - runtimeOnly(libs.bundles.edc.dpf) - - runtimeOnly(libs.edc.ext.http) - runtimeOnly(libs.bundles.edc.monitoring) - runtimeOnly(libs.edc.transfer.dynamicreceiver) - runtimeOnly(libs.edc.controlplane.callback.dispatcher.event) - runtimeOnly(libs.edc.controlplane.callback.dispatcher.http) - - runtimeOnly(project(":edc-extensions:postgresql-migration")) - runtimeOnly(libs.edc.vault.hashicorp) - runtimeOnly(project(":edc-extensions:edr:edr-cache-sql")) - runtimeOnly(libs.bundles.edc.sqlstores) - runtimeOnly(libs.edc.transaction.local) - runtimeOnly(libs.edc.sql.pool) - runtimeOnly(libs.edc.core.controlplane) - runtimeOnly(libs.edc.dpf.transfer) - runtimeOnly(libs.postgres) - - // needed for DAPS - not officially supported anymore - runtimeOnly(project(":edc-extensions:cx-oauth2")) - runtimeOnly(libs.edc.auth.oauth2.core) - runtimeOnly(libs.edc.auth.oauth2.daps) -} - - -tasks.withType { - exclude("**/pom.properties", "**/pom.xm") - mergeServiceFiles() - archiveFileName.set("${project.name}.jar") -} - - -application { - mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") -} diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/notice.md b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/notice.md deleted file mode 100644 index 381253ec9..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/notice.md +++ /dev/null @@ -1,28 +0,0 @@ -# Notice for Docker image - -An EDC Control Plane using PostgreSQL as persistence backend, and HashiCorp Vault as secret store. - -DockerHub: https://hub.docker.com/r/tractusx/edc-controlplane-postgresql-hashicorp-vault - -Eclipse Tractus-X product(s) installed within the image: - -## Tractus-X EDC Control Plane - -- GitHub: https://github.com/eclipse-tractusx/tractusx-edc -- Project home: https://projects.eclipse.org/projects/automotive.tractusx -- Dockerfile: https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile -- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE) - -## Used base image - -- [eclipse-temurin:17.0.6_10-jre-alpine](https://github.com/adoptium/containers) -- Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin -- Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin -- Additional information about the Eclipse Temurin - images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin - -As with all Docker images, these likely also contain other software which may be under other licenses (such as Bash, etc -from the base distribution, along with any direct or indirect dependencies of the primary software being contained). - -As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies -with any relevant licenses for all software contained within. diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/src/main/docker/Dockerfile deleted file mode 100644 index 4e23ac310..000000000 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault-legacy/src/main/docker/Dockerfile +++ /dev/null @@ -1,64 +0,0 @@ -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2022,2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -FROM alpine:3.18.2 AS otel - -ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" - -HEALTHCHECK NONE - -RUN apk update && apk add curl=8.2.1-r0 --no-cache -RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar - -FROM eclipse-temurin:17.0.6_10-jre-alpine -ARG JAR - -ARG APP_USER=docker -ARG APP_UID=10100 - -RUN addgroup --system "$APP_USER" - -RUN adduser \ - --shell /sbin/nologin \ - --disabled-password \ - --gecos "" \ - --ingroup "$APP_USER" \ - --no-create-home \ - --uid "$APP_UID" \ - "$APP_USER" - -USER "$APP_USER" -WORKDIR /app - -COPY --from=otel /tmp/opentelemetry-javaagent.jar . -COPY ${JAR} edc-controlplane.jar - -HEALTHCHECK NONE - -CMD ["java", \ - "-javaagent:/app/opentelemetry-javaagent.jar", \ - "-Dedc.fs.config=/app/configuration.properties", \ - "-Djava.util.logging.config.file=/app/logging.properties", \ - "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ - "-Dotel.metrics.exporter=prometheus", \ - "-Dotel.exporter.prometheus.port=9090", \ - "-Djava.security.egd=file:/dev/urandom", \ - "-jar", \ - "edc-controlplane.jar"] diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/build.gradle.kts b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/build.gradle.kts index 634d8314c..634c5a24f 100644 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/build.gradle.kts @@ -29,8 +29,9 @@ plugins { dependencies { runtimeOnly(project(":edc-controlplane:edc-controlplane-base")) runtimeOnly(project(":edc-extensions:postgresql-migration")) - runtimeOnly(libs.edc.vault.hashicorp) runtimeOnly(project(":edc-extensions:edr:edr-cache-sql")) + runtimeOnly(project(":edc-extensions:bpn-validation:business-partner-store-sql")) + runtimeOnly(libs.edc.vault.hashicorp) runtimeOnly(libs.bundles.edc.sqlstores) runtimeOnly(libs.edc.transaction.local) runtimeOnly(libs.edc.sql.pool) diff --git a/edc-extensions/bpn-validation/README.md b/edc-extensions/bpn-validation/README.md new file mode 100644 index 000000000..58ec270d1 --- /dev/null +++ b/edc-extensions/bpn-validation/README.md @@ -0,0 +1,157 @@ +# Business Partner Validation Extension + +This extension is used to introduce the capability to a connector to evaluate two types of policies: + +- A Business Partner Group policy: evaluates, whether a certain BPN belongs to a certain group. For example, a + participating company categorizes other dataspace participants in three + groups: `"customer"`, `"gold_customer"`, `"platin_customer"`. Then, that company may want to show certain assets only + to a specific group. The Business Partner Group Policy enables that semantic. +- [not recommended] a Business Partner Number Policy: evaluates, whether the BPN in question is contained in a list of " + white-listed" BPNs. That whitelist is hard-coded directly on the policy. This policy is **not recommended anymore** + due to + concerns of scalability and maintainability. Each time such a policy is evaluated, the runtime will log a warning. + +Technically, both these policies and their evaluation functions can be used in several circumstances, which in EDC are +called *scopes*. More information on how to bind policy functions to scopes can be found in +the [official documentation](https://github.com/eclipse-edc/Connector/blob/main/docs/developer/policy-engine.md). + +Both previously mentioned evaluation functions are bound to the following scopes: + +- `catalog`: determines, what policies (specifically: constraints) are to be evaluated when requesting the catalog ( + i.e. "access policy") +- `contract.negotiation`: determines, which policies/constraints are to be evaluated during the negotiation phase ( + i.e. "contract policy") +- `transfer.process`: determines, which policies/constraints are to be evaluated when performing a data transfer, e.g. + contract expiry + +## Business Partner Group Policy + +This policy states, that a certain BPN must, may or must not be member of a certain group. Groups may be represented as +scalar, or as comma-separated lists. For semantic expression, the following ODRL operators are +supported: `eq`, `neq`, `in`, `isAllOf`, `isAnyOf`, `isNoneOf`. The following example demonstrates a full JSON-LD +structure in expanded form, containing such a constraint. + +### Example + +```json +{ + "@type": "https://w3id.org/edc/v0.0.1/ns/PolicyDefinitionDto", + "https://w3id.org/edc/v0.0.1/ns/policy": { + "@context": "http://www.w3.org/ns/odrl.jsonld", + "permission": { + "action": "USE", + "constraint": { + "@type": "http://www.w3.org/ns/odrl/2/LogicalConstraint", + "or": [ + { + "@type": "http://www.w3.org/ns/odrl/2/Constraint", + "leftOperand": "https://w3id.org/tractusx/v0.0.1/ns/BusinessPartnerGroup", + "operator": "http://www.w3.org/ns/odrl/2/isAllOf", + "rightOperand": "greek,philosopher" + } + ] + } + } + }, + "@id": "some-policy-id" +} +``` + +The first important take-away is the `constraint` object, which contains a single expression that mandates, that in +order to fulfill the policy, a business partner must be `greek` and they must be a `philosopher`. Whether a +particular BPN has either of these groups assigned is determined by the `ParticipantAgent`, and by a subsequent lookup +in an internal database. See [the next section](#manipulating-groups) for details. + +The second important aspect is the `leftOperand`, which must +be `"https://w3id.org/tractusx/v0.0.1/ns/BusinessPartnerGroup"`. Together with the scope, the `leftOperand` determines, +which constraint functions is called to evaluate the policy. Here, it is the `BusinessPartnerGroupFunction`. + +### Manipulating groups + +The `bpn-evaluation` module provides a simple CRUD REST API to manipulate BPN <> group associations. Each BPN is stored +in an internal database together with the groups that it was assigned. The OpenAPI specification can be +found [here](../../resources/openapi/yaml/bpn-validation-api.yaml). + +## Business Partner Number Policy [not recommended] + +This policy mandates, that a particular Business Partner Number must be contained in a white-list that is hard-coded on +the policy. Here, only the ODRL `eq"` operator is supported, and the `rightOperand` must be the white-listed BPN. + +### Example + +```json +{ + "@type": "https://w3id.org/edc/v0.0.1/ns/PolicyDefinitionDto", + "https://w3id.org/edc/v0.0.1/ns/policy": { + "@context": "http://www.w3.org/ns/odrl.jsonld", + "permission": [ + { + "action": "USE", + "constraint": { + "@type": "http://www.w3.org/ns/odrl/2/LogicalConstraint", + "or": [ + { + "@type": "http://www.w3.org/ns/odrl/2/Constraint", + "leftOperand": "BusinessPartnerNumber", + "operator": "eq", + "rightOperand": "BPN00001234" + } + ] + } + } + ] + }, + "@id": "some-policy-id" +} +``` + +Again, the `leftOperand` must be `"BusinessPartnerNumber`, and it determines, which constraint function is evaluated +(here: `BusinessPartnerPermissionFunction`). The evaluation of the example policy only succeeds, when +the `ParticipantAgent`'s BPN is `"BPN00001234"`. + +In case multiple BPNs are to be white-listed, the policy would contain multiple `or` constraints: + +```json +{ + "@type": "https://w3id.org/edc/v0.0.1/ns/PolicyDefinitionDto", + "https://w3id.org/edc/v0.0.1/ns/policy": { + "@context": "http://www.w3.org/ns/odrl.jsonld", + "permission": [ + { + "action": "USE", + "constraint": { + "@type": "http://www.w3.org/ns/odrl/2/LogicalConstraint", + "or": [ + { + "@type": "http://www.w3.org/ns/odrl/2/Constraint", + "leftOperand": "BusinessPartnerNumber", + "operator": "eq", + "rightOperand": "BPN00001234" + }, + { + "@type": "http://www.w3.org/ns/odrl/2/Constraint", + "leftOperand": "BusinessPartnerNumber", + "operator": "eq", + "rightOperand": "BPN00005678" + } + ] + } + } + ] + }, + "@id": "some-policy-id" +} +``` + +The second policy expresses that the BPN of the participant in question must be either `"BPN00001234"` +*or* `"BPN00005678"`. + +### Deprecation warning + +The Business Partner Number Policy is not recommended for production use because it is severely limited in terms of +scalability and maintainability. Everytime a new participant onboards onto or off-boards from the dataspace, every +existing participant would have to either enter new contract definitions, effectively duplicating them, or update *all +existing policies*. That would be a significant maintenance and migration effort. + +For that reason, the Business Partner Number Policy is marked as deprecated, and is scheduled for removal in EDC 0.6.x. +Please consider upgrading your environment at your earliest convenience. diff --git a/edc-extensions/bpn-validation/bpn-validation-api/src/main/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiController.java b/edc-extensions/bpn-validation/bpn-validation-api/src/main/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiController.java index 93991618f..5b7aeb6f3 100644 --- a/edc-extensions/bpn-validation/bpn-validation-api/src/main/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiController.java +++ b/edc-extensions/bpn-validation/bpn-validation-api/src/main/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiController.java @@ -43,6 +43,7 @@ import java.util.List; import static org.eclipse.edc.jsonld.spi.JsonLdKeywords.ID; +import static org.eclipse.edc.jsonld.spi.JsonLdKeywords.VALUE; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.TX_NAMESPACE; @@ -117,7 +118,10 @@ private String getBpn(JsonObject object) { @NotNull private List getGroups(JsonObject object) { try { - return object.getJsonArray(TX_NAMESPACE + "groups").stream().map(jv -> ((JsonString) jv).getString()).toList(); + return object.getJsonArray(TX_NAMESPACE + "groups") + .stream() + .map(jv -> ((JsonString) jv.asJsonObject().get(VALUE)).getString()) + .toList(); } catch (Exception ex) { throw new InvalidRequestException(ex.getMessage()); } diff --git a/edc-extensions/business-partner-validation/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/edc-extensions/bpn-validation/bpn-validation-api/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension similarity index 90% rename from edc-extensions/business-partner-validation/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension rename to edc-extensions/bpn-validation/bpn-validation-api/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension index eaadbabd1..bb54cf2b2 100644 --- a/edc-extensions/business-partner-validation/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ b/edc-extensions/bpn-validation/bpn-validation-api/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -17,4 +17,4 @@ # # SPDX-License-Identifier: Apache-2.0 # -org.eclipse.tractusx.edc.validation.businesspartner.BusinessPartnerValidationExtension +org.eclipse.tractusx.edc.api.bpn.BusinessPartnerGroupApiExtension \ No newline at end of file diff --git a/edc-extensions/bpn-validation/bpn-validation-api/src/test/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiControllerTest.java b/edc-extensions/bpn-validation/bpn-validation-api/src/test/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiControllerTest.java index 49afdeae3..d83112a6f 100644 --- a/edc-extensions/bpn-validation/bpn-validation-api/src/test/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiControllerTest.java +++ b/edc-extensions/bpn-validation/bpn-validation-api/src/test/java/org/eclipse/tractusx/edc/api/bpn/BusinessPartnerGroupApiControllerTest.java @@ -35,7 +35,6 @@ import org.junit.jupiter.api.Test; import java.util.List; -import java.util.Set; import static io.restassured.RestAssured.given; import static io.restassured.http.ContentType.JSON; @@ -187,11 +186,11 @@ private RequestSpecification baseRequest() { } private JsonObject createJsonObject() { - return Json.createObjectBuilder() + return jsonLdService.expand(Json.createObjectBuilder() .add(ID, "test-bpn") .add(CONTEXT, Json.createObjectBuilder().add(TX_PREFIX, TX_NAMESPACE).build()) - .add(TX_NAMESPACE + "groups", Json.createArrayBuilder((Set.of("group1", "group2", "group3")))) - .build(); + .add(TX_NAMESPACE + "groups", String.join(",", "group1", "group2", "group3")) + .build()).orElseThrow(f -> new RuntimeException(f.getFailureDetail())); } } \ No newline at end of file diff --git a/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerEvaluationExtension.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java similarity index 98% rename from edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerEvaluationExtension.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java index 0960f6128..7cca8f600 100644 --- a/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerEvaluationExtension.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java @@ -50,7 +50,7 @@ * Note that the {@link BusinessPartnerGroupFunction} is an {@link org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction}, thus it is registered with the {@link PolicyEngine} for the {@link Permission} class. */ @Extension(value = "Registers a function to evaluate whether a BPN number is covered by a certain policy or not", categories = {"policy", "contract"}) -public class BusinessPartnerEvaluationExtension implements ServiceExtension { +public class BusinessPartnerValidationExtension implements ServiceExtension { private static final String USE = "USE"; @Inject diff --git a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtension.java similarity index 70% rename from edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtension.java index 5cd2557dc..5e8758934 100644 --- a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtension.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtension.java @@ -1,21 +1,22 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ package org.eclipse.tractusx.edc.validation.businesspartner; @@ -27,12 +28,11 @@ import org.eclipse.edc.policy.model.Prohibition; import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.runtime.metamodel.annotation.Setting; -import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.eclipse.tractusx.edc.validation.businesspartner.functions.BusinessPartnerDutyFunction; -import org.eclipse.tractusx.edc.validation.businesspartner.functions.BusinessPartnerPermissionFunction; -import org.eclipse.tractusx.edc.validation.businesspartner.functions.BusinessPartnerProhibitionFunction; +import org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy.BusinessPartnerDutyFunction; +import org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy.BusinessPartnerPermissionFunction; +import org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy.BusinessPartnerProhibitionFunction; import static org.eclipse.edc.connector.contract.spi.offer.ContractDefinitionResolver.CATALOGING_SCOPE; import static org.eclipse.edc.connector.contract.spi.validation.ContractValidationService.NEGOTIATION_SCOPE; @@ -44,7 +44,7 @@ * @deprecated Please use {@code BusinessPartnerEvaluationExtension} instead. */ @Deprecated(forRemoval = true, since = "0.5.0") -public class BusinessPartnerValidationExtension implements ServiceExtension { +public class LegacyBusinessPartnerValidationExtension implements ServiceExtension { /** * The key for business partner numbers constraints. Must be used as left operand when declaring constraints. @@ -72,10 +72,10 @@ public class BusinessPartnerValidationExtension implements ServiceExtension { @Inject private PolicyEngine policyEngine; - public BusinessPartnerValidationExtension() { + public LegacyBusinessPartnerValidationExtension() { } - public BusinessPartnerValidationExtension( + public LegacyBusinessPartnerValidationExtension( final RuleBindingRegistry ruleBindingRegistry, final PolicyEngine policyEngine) { this.ruleBindingRegistry = ruleBindingRegistry; this.policyEngine = policyEngine; @@ -89,13 +89,13 @@ public String name() { @Override public void initialize(ServiceExtensionContext context) { - final Monitor monitor = context.getMonitor(); + var monitor = context.getMonitor(); var logAgreementEvaluation = logAgreementEvaluationSetting(context); - final BusinessPartnerDutyFunction dutyFunction = new BusinessPartnerDutyFunction(monitor, logAgreementEvaluation); - final BusinessPartnerPermissionFunction permissionFunction = new BusinessPartnerPermissionFunction(monitor, logAgreementEvaluation); - final BusinessPartnerProhibitionFunction prohibitionFunction = new BusinessPartnerProhibitionFunction(monitor, logAgreementEvaluation); + var dutyFunction = new BusinessPartnerDutyFunction(monitor, logAgreementEvaluation); + var permissionFunction = new BusinessPartnerPermissionFunction(monitor, logAgreementEvaluation); + var prohibitionFunction = new BusinessPartnerProhibitionFunction(monitor, logAgreementEvaluation); bindToScope(dutyFunction, permissionFunction, prohibitionFunction, TRANSFER_SCOPE); bindToScope(dutyFunction, permissionFunction, prohibitionFunction, NEGOTIATION_SCOPE); @@ -113,7 +113,7 @@ private void bindToScope(BusinessPartnerDutyFunction dutyFunction, BusinessPartn policyEngine.registerFunction(scope, Prohibition.class, BUSINESS_PARTNER_CONSTRAINT_KEY, prohibitionFunction); } - private Boolean logAgreementEvaluationSetting(ServiceExtensionContext context) { + private boolean logAgreementEvaluationSetting(ServiceExtensionContext context) { return Boolean.parseBoolean(context.getSetting(BUSINESS_PARTNER_VALIDATION_LOG_AGREEMENT_VALIDATION, DEFAULT_LOG_AGREEMENT_EVALUATION)); } } diff --git a/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerGroupFunction.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerGroupFunction.java index 26106ec38..06cd255a5 100644 --- a/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerGroupFunction.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerGroupFunction.java @@ -21,6 +21,7 @@ import org.eclipse.edc.spi.agent.ParticipantAgent; import org.eclipse.tractusx.edc.validation.businesspartner.spi.BusinessPartnerStore; +import java.util.Arrays; import java.util.Collection; import java.util.HashMap; import java.util.List; @@ -100,7 +101,7 @@ public BusinessPartnerGroupFunction(BusinessPartnerStore store) { */ @Override public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext policyContext) { - final ParticipantAgent participantAgent = policyContext.getContextData(ParticipantAgent.class); + var participantAgent = policyContext.getContextData(ParticipantAgent.class); // No participant agent found in context if (participantAgent == null) { @@ -144,7 +145,8 @@ public boolean evaluate(Operator operator, Object rightValue, Permission rule, P private List parseRightOperand(Object rightValue, PolicyContext context) { if (rightValue instanceof String) { - return List.of(rightValue.toString()); + var tokens = ((String) rightValue).split(","); + return Arrays.asList(tokens); } if (rightValue instanceof Collection) { return ((Collection) rightValue).stream().map(Object::toString).toList(); diff --git a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/AbstractBusinessPartnerValidation.java similarity index 77% rename from edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/AbstractBusinessPartnerValidation.java index 88609af8f..c17b75293 100644 --- a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/AbstractBusinessPartnerValidation.java @@ -1,24 +1,25 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.tractusx.edc.validation.businesspartner.functions; +package org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy; import org.eclipse.edc.connector.contract.spi.types.agreement.ContractAgreement; import org.eclipse.edc.policy.engine.spi.PolicyContext; @@ -75,8 +76,7 @@ protected AbstractBusinessPartnerValidation(Monitor monitor, boolean logAgreemen * @param businessPartnerNumber of the constraint * @return true if claim contains the business partner number */ - private static boolean isCorrectBusinessPartner( - String referringConnectorClaim, String businessPartnerNumber) { + private static boolean isCorrectBusinessPartner(String referringConnectorClaim, String businessPartnerNumber) { return referringConnectorClaim.contains(businessPartnerNumber); } @@ -93,14 +93,13 @@ public boolean isLogAgreementEvaluation() { * @param policyContext context of the policy with claims * @return true if claims are from the constrained business partner */ - protected boolean evaluate( - final Operator operator, final Object rightValue, final PolicyContext policyContext) { + public boolean evaluate(Operator operator, Object rightValue, PolicyContext policyContext) { - monitor.warning("This policy evaluation function was deprecated and is scheduled for removal in version 0.6.0 of Tractus-X EDC"); + monitor.warning("This policy evaluation function (class [%s]) was deprecated and is scheduled for removal in version 0.6.0 of Tractus-X EDC".formatted(getClass().getSimpleName())); if (policyContext.hasProblems() && !policyContext.getProblems().isEmpty()) { - String problems = String.join(", ", policyContext.getProblems()); - String message = + var problems = String.join(", ", policyContext.getProblems()); + var message = format( "BusinessPartnerNumberValidation: Rejecting PolicyContext with problems. Problems: %s", problems); @@ -108,7 +107,7 @@ protected boolean evaluate( return false; } - final ParticipantAgent participantAgent = policyContext.getContextData(ParticipantAgent.class); + var participantAgent = policyContext.getContextData(ParticipantAgent.class); if (participantAgent == null) { return false; @@ -122,7 +121,7 @@ protected boolean evaluate( if (operator == Operator.EQ) { return isBusinessPartnerNumber(referringConnectorClaim, rightValue, policyContext); } else { - final String message = format(FAIL_EVALUATION_BECAUSE_UNSUPPORTED_OPERATOR, operator); + var message = format(FAIL_EVALUATION_BECAUSE_UNSUPPORTED_OPERATOR, operator); monitor.warning(message); policyContext.reportProblem(message); return false; @@ -131,11 +130,10 @@ protected boolean evaluate( @Nullable private String getReferringConnectorClaim(ParticipantAgent participantAgent) { - Object referringConnectorClaimObject = null; String referringConnectorClaim = null; var claims = participantAgent.getClaims(); - referringConnectorClaimObject = claims.get(REFERRING_CONNECTOR_CLAIM); + var referringConnectorClaimObject = claims.get(REFERRING_CONNECTOR_CLAIM); if (referringConnectorClaimObject instanceof String) { referringConnectorClaim = (String) referringConnectorClaimObject; @@ -149,13 +147,13 @@ private String getReferringConnectorClaim(ParticipantAgent participantAgent) { private boolean isBusinessPartnerNumber(String referringConnectorClaim, Object businessPartnerNumber, PolicyContext policyContext) { if (businessPartnerNumber == null) { - final String message = format(FAIL_EVALUATION_BECAUSE_RIGHT_VALUE_NOT_STRING, "null"); + var message = format(FAIL_EVALUATION_BECAUSE_RIGHT_VALUE_NOT_STRING, "null"); monitor.warning(message); policyContext.reportProblem(message); return false; } if (!(businessPartnerNumber instanceof String businessPartnerNumberStr)) { - final String message = + var message = format( FAIL_EVALUATION_BECAUSE_RIGHT_VALUE_NOT_STRING, businessPartnerNumber.getClass().getName()); diff --git a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerDutyFunction.java similarity index 56% rename from edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerDutyFunction.java index 0a4cf74bd..ba44fa0ce 100644 --- a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerDutyFunction.java @@ -1,24 +1,25 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.tractusx.edc.validation.businesspartner.functions; +package org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy; import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; import org.eclipse.edc.policy.engine.spi.PolicyContext; diff --git a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerPermissionFunction.java similarity index 51% rename from edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerPermissionFunction.java index e2ab43b3a..b0c074086 100644 --- a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerPermissionFunction.java @@ -1,24 +1,25 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.tractusx.edc.validation.businesspartner.functions; +package org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy; import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; import org.eclipse.edc.policy.engine.spi.PolicyContext; @@ -40,8 +41,7 @@ public BusinessPartnerPermissionFunction(Monitor monitor, boolean shouldLogOnAgr } @Override - public boolean evaluate( - Operator operator, Object rightValue, Permission rule, PolicyContext context) { + public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext context) { return evaluate(operator, rightValue, context); } } diff --git a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerProhibitionFunction.java similarity index 51% rename from edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerProhibitionFunction.java index d21b44920..56a02f96d 100644 --- a/edc-extensions/business-partner-validation/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/legacy/BusinessPartnerProhibitionFunction.java @@ -1,24 +1,25 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ -package org.eclipse.tractusx.edc.validation.businesspartner.functions; +package org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy; import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction; import org.eclipse.edc.policy.engine.spi.PolicyContext; @@ -40,8 +41,7 @@ public BusinessPartnerProhibitionFunction(Monitor monitor, boolean shouldLogOnAg } @Override - public boolean evaluate( - Operator operator, Object rightValue, Prohibition rule, PolicyContext context) { + public boolean evaluate(Operator operator, Object rightValue, Prohibition rule, PolicyContext context) { return evaluate(operator, rightValue, context); } } diff --git a/edc-extensions/bpn-validation/bpn-validation-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/edc-extensions/bpn-validation/bpn-validation-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension index d16eb96eb..80602ce92 100644 --- a/edc-extensions/bpn-validation/bpn-validation-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -17,5 +17,6 @@ # # SPDX-License-Identifier: Apache-2.0 # -org.eclipse.tractusx.edc.validation.businesspartner.BusinessPartnerEvaluationExtension +org.eclipse.tractusx.edc.validation.businesspartner.BusinessPartnerValidationExtension org.eclipse.tractusx.edc.validation.businesspartner.defaults.DefaultStoreProviderExtension +org.eclipse.tractusx.edc.validation.businesspartner.LegacyBusinessPartnerValidationExtension diff --git a/edc-extensions/business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java b/edc-extensions/bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtensionTest.java similarity index 65% rename from edc-extensions/business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtensionTest.java index 4986fdd89..209bc0c3f 100644 --- a/edc-extensions/business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/LegacyBusinessPartnerValidationExtensionTest.java @@ -1,21 +1,22 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ package org.eclipse.tractusx.edc.validation.businesspartner; @@ -27,7 +28,7 @@ import org.eclipse.edc.policy.model.Prohibition; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.eclipse.tractusx.edc.validation.businesspartner.functions.BusinessPartnerPermissionFunction; +import org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy.BusinessPartnerPermissionFunction; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.ArgumentCaptor; @@ -41,9 +42,9 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -class BusinessPartnerValidationExtensionTest { +class LegacyBusinessPartnerValidationExtensionTest { - private BusinessPartnerValidationExtension extension; + private LegacyBusinessPartnerValidationExtension extension; // mocks private ServiceExtensionContext serviceExtensionContext; @@ -61,7 +62,7 @@ void setup() { when(serviceExtensionContext.getMonitor()).thenReturn(monitor); - extension = new BusinessPartnerValidationExtension(ruleBindingRegistry, policyEngine); + extension = new LegacyBusinessPartnerValidationExtension(ruleBindingRegistry, policyEngine); } @Test @@ -75,7 +76,7 @@ void testRegisterDutyFunction() { .registerFunction( anyString(), eq(Duty.class), - eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + eq(LegacyBusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), any()); } @@ -90,7 +91,7 @@ void testRegisterPermissionFunction() { .registerFunction( anyString(), eq(Permission.class), - eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + eq(LegacyBusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), any()); } @@ -105,14 +106,14 @@ void testRegisterProhibitionFunction() { .registerFunction( anyString(), eq(Prohibition.class), - eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + eq(LegacyBusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), any()); } @Test void testLogConfiguration() { - when(serviceExtensionContext.getSetting(BusinessPartnerValidationExtension.BUSINESS_PARTNER_VALIDATION_LOG_AGREEMENT_VALIDATION, "true")).thenReturn("false"); + when(serviceExtensionContext.getSetting(LegacyBusinessPartnerValidationExtension.BUSINESS_PARTNER_VALIDATION_LOG_AGREEMENT_VALIDATION, "true")).thenReturn("false"); var captor = ArgumentCaptor.forClass(BusinessPartnerPermissionFunction.class); // invoke @@ -123,7 +124,7 @@ void testLogConfiguration() { .registerFunction( anyString(), eq(Permission.class), - eq(BusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), + eq(LegacyBusinessPartnerValidationExtension.BUSINESS_PARTNER_CONSTRAINT_KEY), captor.capture()); assertThat(captor.getValue().isLogAgreementEvaluation()).isFalse(); diff --git a/edc-extensions/business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java b/edc-extensions/bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java similarity index 87% rename from edc-extensions/business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java rename to edc-extensions/bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java index 5ae641a88..2427ea4dd 100644 --- a/edc-extensions/business-partner-validation/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java +++ b/edc-extensions/bpn-validation/bpn-validation-core/src/test/java/org/eclipse/tractusx/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java @@ -1,21 +1,22 @@ /* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. + * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 * - * SPDX-License-Identifier: Apache-2.0 */ package org.eclipse.tractusx.edc.validation.businesspartner.functions; @@ -26,6 +27,7 @@ import org.eclipse.edc.policy.model.Policy; import org.eclipse.edc.spi.agent.ParticipantAgent; import org.eclipse.edc.spi.monitor.Monitor; +import org.eclipse.tractusx.edc.validation.businesspartner.functions.legacy.AbstractBusinessPartnerValidation; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/edc-extensions/bpn-validation/bpn-validation-spi/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/edc-extensions/bpn-validation/bpn-validation-spi/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension index d16eb96eb..427c43cda 100644 --- a/edc-extensions/bpn-validation/bpn-validation-spi/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ b/edc-extensions/bpn-validation/bpn-validation-spi/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -17,5 +17,5 @@ # # SPDX-License-Identifier: Apache-2.0 # -org.eclipse.tractusx.edc.validation.businesspartner.BusinessPartnerEvaluationExtension +org.eclipse.tractusx.edc.validation.businesspartner.BusinessPartnerValidationExtension org.eclipse.tractusx.edc.validation.businesspartner.defaults.DefaultStoreProviderExtension diff --git a/edc-extensions/bpn-validation/business-partner-store-sql/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/store/SqlBusinessPartnerGroupStoreExtension.java b/edc-extensions/bpn-validation/business-partner-store-sql/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/store/SqlBusinessPartnerGroupStoreExtension.java index 8ece8e681..07aab14ff 100644 --- a/edc-extensions/bpn-validation/business-partner-store-sql/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/store/SqlBusinessPartnerGroupStoreExtension.java +++ b/edc-extensions/bpn-validation/business-partner-store-sql/src/main/java/org/eclipse/tractusx/edc/validation/businesspartner/store/SqlBusinessPartnerGroupStoreExtension.java @@ -35,6 +35,7 @@ public class SqlBusinessPartnerGroupStoreExtension implements ServiceExtension { private static final String DEFAULT_DATASOURCE_NAME = "bpn"; @Setting(value = "Datasource name for the SQL BusinessPartnerGroup store", defaultValue = DEFAULT_DATASOURCE_NAME) private static final String DATASOURCE_SETTING_NAME = "edc.datasource.bpn.name"; + private static final String NAME = "SQL Business Partner Store"; @Inject private DataSourceRegistry dataSourceRegistry; @Inject @@ -52,6 +53,11 @@ public BusinessPartnerStore sqlStore(ServiceExtensionContext context) { return new SqlBusinessPartnerStore(dataSourceRegistry, dataSourceName, transactionContext, typeManager.getMapper(), queryExecutor, getStatements()); } + @Override + public String name() { + return NAME; + } + private BusinessPartnerGroupStatements getStatements() { return statements == null ? new PostgresBusinessPartnerGroupStatements() : statements; } diff --git a/edc-extensions/build.gradle.kts b/edc-extensions/build.gradle.kts index 479ef1d09..a6769cfcd 100644 --- a/edc-extensions/build.gradle.kts +++ b/edc-extensions/build.gradle.kts @@ -22,7 +22,7 @@ plugins { } dependencies { - implementation(project(":edc-extensions:business-partner-validation")) + implementation(project(":edc-extensions:bpn-validation")) implementation(project(":edc-extensions:cx-oauth2")) implementation(project(":edc-extensions:data-encryption")) implementation(project(":edc-extensions:dataplane-selector-configuration")) diff --git a/edc-extensions/business-partner-validation/README.md b/edc-extensions/business-partner-validation/README.md deleted file mode 100644 index f339c7914..000000000 --- a/edc-extensions/business-partner-validation/README.md +++ /dev/null @@ -1,192 +0,0 @@ -# Business Partner Validation Extension - -> this extension is deprecated and should not be used anymore -> Please use the `bpn-validation` module instead! - -Using the Business Partner Validation Extension it's possible to add configurable validation against -BPNs in the `ContractDefinition.AccessPolicy`. Using a BPN in `ContractDefinition.ContractPolicy` is possible, too, but once the contract is complete there is no policy enforcement in place from the EDC. - -It is recommended to have a basic understanding of the EDC contract/policy domain before using this extension. The -corresponding documentation can be found in the [EDC GitHub Repository](https://github.com/eclipse-edc/Connector). - -The business partner number of another connector is part of its DAPS token. Once a BPN constraint is used in an access -policy the connector checks the token before sending out contract offers. - -Example of business partner constraint: - -```json -{ - "leftExpression": { - "value": "BusinessPartner" - }, - "rightExpression": { - "value": "BPNLCDQ90000X42KU" - }, - "operator": "EQ" -} -``` - -The `leftExpression` must always contain 'BusinessPartner', so that the policy functions of this extension are invoked. -Additionally, the only `operator` that is supported by these policy functions is 'EQ'. Finally, the `rightExpression` -must contain the Business Partner Number. - -## Single BusinessPartnerNumber example - -The most simple BPN policy would allow the usage of certain data to a single Business Partner. An example `Policy` is -shown below. In this example the `edctype` properties are added, so that this policy may even be sent to the Management API. - -```json -{ - "uid": "", - "prohibitions": [], - "obligations": [], - "permissions": [ - { - "edctype": "dataspaceconnector:permission", - "action": { - "type": "USE" - }, - "constraints": [ - { - "edctype": "AtomicConstraint", - "leftExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BusinessPartnerNumber" - }, - "rightExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "" - }, - "operator": "EQ" - } - ] - } - ] -} -``` - -## Multiple BusinessPartnerNumber example - -To define multiple BPN and allow multiple participants to use the data the `orconstraint` should be used. -It will permit the constraints contained to be evaluated using the `OR` operator. - -```json -{ - "permissions": [ - { - "edctype": "dataspaceconnector:permission", - "action": { - "type": "USE" - }, - "constraints": [ - { - "edctype": "dataspaceconnector:orconstraint", - "constraints": [ - { - "edctype": "AtomicConstraint", - "leftExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BusinessPartnerNumber" - }, - "rightExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "" - }, - "operator": "EQ" - }, - { - "edctype": "AtomicConstraint", - "leftExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BusinessPartnerNumber" - }, - "rightExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "" - }, - "operator": "EQ" - }, - - ... - - // other constraints can be added - ] - } - ], - "duties": [] - } - ] -} -``` - -## Important: EDC Policies are input sensitive - -Please be aware that the EDC ignores all Rules and Constraint it does not understand. This could cause your constrained policies to be public. - -### Example 1 for accidentially public - -```json -{ - "uid": "1", - "prohibitions": [], - "obligations": [], - "permissions": [ - { - "edctype": "dataspaceconnector:permission", - "action": { - "type": "MY-USE" - }, - "constraints": [ - { - "edctype": "AtomicConstraint", - "leftExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BusinessPartnerNumber" - }, - "rightExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BPNLCDQ90000X42KU" - }, - "operator": "EQ" - } - ] - } - ] -} -``` - -This policy is public available, even though the constraint is described correct. The reason is, that this extension only registeres the Policy.Action `USE` within the EDC. Any other Action Type will have the EDC ignore the corresponding permission, hence interpret the polics as public policy. - -### Example 2 for accidentially public - -```json -{ - "uid": "1", - "prohibitions": [], - "obligations": [], - "permissions": [ - { - "edctype": "dataspaceconnector:permission", - "action": { - "type": "USE" - }, - "constraints": [ - { - "edctype": "AtomicConstraint", - "leftExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BusinesPartnerNumber" - }, - "rightExpression": { - "edctype": "dataspaceconnector:literalexpression", - "value": "BPNLCDQ90000X42KU" - }, - "operator": "EQ" - } - ] - } - ] -} -``` - -This policy is public available, too. The cause is a typo in the left-expression of the constraint. This extension only registers the `Constraint.LeftExpression` `BusinessPartnerNumber` within the EDC. Any other term will have the EDC ignore the corresponding constraint, hence interpret the policies as public policy. diff --git a/edc-extensions/business-partner-validation/build.gradle.kts b/edc-extensions/business-partner-validation/build.gradle.kts deleted file mode 100644 index 6d5b6059a..000000000 --- a/edc-extensions/business-partner-validation/build.gradle.kts +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - */ - -plugins { - `java-library` - `maven-publish` -} - -dependencies { - implementation(project(":spi:core-spi")) - api(libs.edc.spi.core) - implementation(libs.edc.spi.policy) - implementation(libs.edc.spi.contract) - implementation(libs.edc.spi.policyengine) -} diff --git a/edc-tests/e2e-tests/build.gradle.kts b/edc-tests/e2e-tests/build.gradle.kts index 84d4f7b6a..af8d43d19 100644 --- a/edc-tests/e2e-tests/build.gradle.kts +++ b/edc-tests/e2e-tests/build.gradle.kts @@ -44,6 +44,7 @@ dependencies { testCompileOnly(project(":edc-tests:runtime:runtime-memory")) testCompileOnly(project(":edc-tests:runtime:runtime-memory-ssi")) testCompileOnly(project(":edc-tests:runtime:runtime-postgresql")) + testImplementation(project(":edc-extensions:bpn-validation:bpn-validation-spi")) testImplementation(libs.edc.auth.oauth2.client) testImplementation(libs.testcontainers.junit) testImplementation(libs.testcontainers.postgres) diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/helpers/PolicyHelperFunctions.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/helpers/PolicyHelperFunctions.java index ee7bb0689..01c0f35a6 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/helpers/PolicyHelperFunctions.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/helpers/PolicyHelperFunctions.java @@ -21,8 +21,12 @@ import jakarta.json.JsonObjectBuilder; import org.eclipse.edc.connector.policy.spi.PolicyDefinition; import org.eclipse.edc.policy.model.AtomicConstraint; +import org.eclipse.edc.policy.model.Operator; +import java.util.Arrays; +import java.util.Collection; import java.util.Map; +import java.util.stream.Collectors; import java.util.stream.Stream; import static org.eclipse.edc.jsonld.spi.JsonLdKeywords.CONTEXT; @@ -34,18 +38,47 @@ public class PolicyHelperFunctions { + public static final String TX_NAMESPACE = "https://w3id.org/tractusx/v0.0.1/ns/"; private static final String BUSINESS_PARTNER_EVALUATION_KEY = "BusinessPartnerNumber"; + private static final String BUSINESS_PARTNER_CONSTRAINT_KEY = TX_NAMESPACE + "BusinessPartnerGroup"; /** * Creates a {@link PolicyDefinition} using the given ID, that contains equality constraints for each of the given BusinessPartnerNumbers: * each BPN is converted into an {@link AtomicConstraint} {@code BusinessPartnerNumber EQ [BPN]}. + * + * @deprecated This method creates a policy that is compliant with the old/legacy BPN validation. Please use {@link PolicyHelperFunctions#businessPartnerGroupPolicy(String, Operator, String...)} instead. */ + @Deprecated public static JsonObject businessPartnerNumberPolicy(String id, String... bpns) { return policyDefinitionBuilder(bnpPolicy(bpns)) .add(ID, id) .build(); } + public static JsonObject businessPartnerGroupPolicy(String id, Operator operator, String... allowedGroups) { + return policyDefinitionBuilder(bpnGroupPolicy(operator.getOdrlRepresentation(), allowedGroups)) + .add(ID, id) + .build(); + } + + private static JsonObject bpnGroupPolicy(String operator, String... allowedGroups) { + + var groupConstraint = atomicConstraint(BUSINESS_PARTNER_CONSTRAINT_KEY, operator, Arrays.asList(allowedGroups)); + + var permission = Json.createObjectBuilder() + .add("action", "USE") + .add("constraint", Json.createObjectBuilder() + .add(TYPE, ODRL_LOGICAL_CONSTRAINT_TYPE) + .add("or", groupConstraint) + .build()) + .build(); + + return Json.createObjectBuilder() + .add(CONTEXT, "http://www.w3.org/ns/odrl.jsonld") + .add("permission", permission) + .build(); + } + /** * Creates a {@link PolicyDefinition} using the given ID, that contains equality constraints for each of the given BusinessPartnerNumbers: * each BPN is converted into an {@link AtomicConstraint} {@code BusinessPartnerNumber EQ [BPN]}. @@ -125,11 +158,16 @@ private static JsonObject frameworkPermission(Map permissions) { } private static JsonObject atomicConstraint(String leftOperand, String operator, Object rightOperand) { - return Json.createObjectBuilder() + var builder = Json.createObjectBuilder() .add(TYPE, ODRL_CONSTRAINT_TYPE) .add("leftOperand", leftOperand) - .add("operator", operator) - .add("rightOperand", rightOperand.toString()) - .build(); + .add("operator", operator); + + if (rightOperand instanceof Collection) { + builder.add("rightOperand", ((Collection) rightOperand).stream().map(Object::toString).collect(Collectors.joining(","))); + } else { + builder.add("rightOperand", rightOperand.toString()); + } + return builder.build(); } } diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/DataWiper.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/DataWiper.java index afc32db4a..83c10940c 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/DataWiper.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/DataWiper.java @@ -20,8 +20,10 @@ import org.eclipse.edc.spi.query.QuerySpec; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.tractusx.edc.edr.spi.store.EndpointDataReferenceCache; +import org.eclipse.tractusx.edc.validation.businesspartner.spi.BusinessPartnerStore; -import java.util.stream.Collectors; +import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_BPN; +import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_BPN; /** * Helper class to delete all objects from a runtime's data stores. @@ -39,6 +41,13 @@ public void clearPersistence() { clearPolicies(); clearContractDefinitions(); clearEdrCache(); + clearBusinessPartnerStore(); + } + + public void clearBusinessPartnerStore() { + var bps = context.getService(BusinessPartnerStore.class); + bps.delete(SOKRATES_BPN); + bps.delete(PLATO_BPN); } public void clearContractDefinitions() { @@ -49,7 +58,7 @@ public void clearContractDefinitions() { public void clearPolicies() { var ps = context.getService(PolicyDefinitionStore.class); // must .collect() here, otherwise we'll get a ConcurrentModificationException - ps.findAll(QuerySpec.max()).collect(Collectors.toList()).forEach(p -> ps.delete(p.getId())); + ps.findAll(QuerySpec.max()).toList().forEach(p -> ps.delete(p.getId())); } public void clearAssetIndex() { diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java index 8e6b9ac66..36b722640 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/Participant.java @@ -33,6 +33,7 @@ import java.net.URI; import java.time.Duration; +import java.util.Arrays; import java.util.Map; import java.util.concurrent.atomic.AtomicReference; @@ -50,6 +51,7 @@ import static org.eclipse.tractusx.edc.helpers.CatalogHelperFunctions.getDatasetFirstPolicy; import static org.eclipse.tractusx.edc.helpers.ContractNegotiationHelperFunctions.createNegotiationRequest; import static org.eclipse.tractusx.edc.helpers.EdrNegotiationHelperFunctions.createEdrNegotiationRequest; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.TX_NAMESPACE; import static org.eclipse.tractusx.edc.helpers.TransferProcessHelperFunctions.createTransferRequest; import static org.mockito.Mockito.mock; @@ -140,6 +142,20 @@ public void createPolicy(JsonObject policyDefinition) { .contentType(JSON); } + public void storeBusinessPartner(String bpn, String... groups) { + var body = Json.createObjectBuilder() + .add(ID, bpn) + .add(TX_NAMESPACE + "groups", Json.createArrayBuilder(Arrays.asList(groups))) + .build(); + baseRequest() + .contentType(JSON) + .body(body) + .when() + .post("/business-partner-groups") + .then() + .statusCode(204); + } + public String negotiateContract(Participant other, String assetId) { var dataset = getDatasetForAsset(other, assetId); assertThat(dataset).withFailMessage("Catalog received from " + other.runtimeName + " was empty!").isNotEmpty(); @@ -403,4 +419,6 @@ private RequestSpecification baseRequest() { .header("x-api-key", apiKey) .contentType(JSON); } + + } diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java index 6dbeba86c..ecdfa0e6d 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java @@ -107,6 +107,10 @@ public Map postgresqlConfiguration(String name) { put("edc.datasource.edr.url", jdbcUrl); put("edc.datasource.edr.user", USER); put("edc.datasource.edr.password", PASSWORD); + put("edc.datasource.bpn.name", "bpn"); + put("edc.datasource.bpn.url", jdbcUrl); + put("edc.datasource.bpn.user", USER); + put("edc.datasource.bpn.password", PASSWORD); // use non-default schema name to test usage of non-default schema put("org.eclipse.tractusx.edc.postgresql.migration.schema", DB_SCHEMA_NAME); } diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/catalog/AbstractCatalogTest.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/catalog/AbstractCatalogTest.java index 741e198ed..491ea292b 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/catalog/AbstractCatalogTest.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/catalog/AbstractCatalogTest.java @@ -15,6 +15,7 @@ package org.eclipse.tractusx.edc.tests.catalog; +import org.eclipse.edc.policy.model.Operator; import org.eclipse.tractusx.edc.lifecycle.Participant; import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; @@ -23,6 +24,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.eclipse.tractusx.edc.helpers.CatalogHelperFunctions.getDatasetAssetId; import static org.eclipse.tractusx.edc.helpers.CatalogHelperFunctions.getDatasetPolicies; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerGroupPolicy; import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerNumberPolicy; import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.noConstraintPolicyDefinition; import static org.eclipse.tractusx.edc.helpers.QueryHelperFunctions.createQuery; @@ -39,6 +41,7 @@ public abstract class AbstractCatalogTest { protected static final Participant PLATO = new Participant(PLATO_NAME, PLATO_BPN, platoConfiguration()); @Test + @DisplayName("Plato gets catalog from Sokrates. No constraints.") void requestCatalog_fulfillsPolicy_shouldReturnOffer() { // arrange SOKRATES.createAsset("test-asset"); @@ -61,8 +64,8 @@ void requestCatalog_fulfillsPolicy_shouldReturnOffer() { } @Test - @DisplayName("Verify that Plato receives only the offers he is permitted to") - void requestCatalog_filteredByBpn_shouldReject() { + @DisplayName("Verify that Plato receives only the offers he is permitted to (using the legacy BPN validation)") + void requestCatalog_filteredByBpnLegacy_shouldReject() { var onlyPlatoId = "ap"; var onlyDiogenesId = "db"; @@ -88,12 +91,44 @@ void requestCatalog_filteredByBpn_shouldReject() { assertThat(catalog).hasSize(2); } + + @Test + @DisplayName("Verify that Plato receives only the offers he is permitted to (using the new BPN validation)") + void requestCatalog_filteredByBpn_shouldReject() { + var philosopherId = "ap"; + var mathId = "db"; + + var mustBeGreekPhilosopher = businessPartnerGroupPolicy(philosopherId, Operator.IS_ANY_OF, "greek_customer", "philosopher"); + var mustBeGreekMathematician = businessPartnerGroupPolicy(mathId, Operator.IS_ALL_OF, "greek_customer", "mathematician"); + var noConstraintPolicyId = "no-constraint"; + + + SOKRATES.storeBusinessPartner(PLATO.getBpn(), "greek_customer", "philosopher"); + SOKRATES.createPolicy(mustBeGreekPhilosopher); + SOKRATES.createPolicy(mustBeGreekMathematician); + SOKRATES.createPolicy(noConstraintPolicyDefinition(noConstraintPolicyId)); + + SOKRATES.createAsset("test-asset1"); + SOKRATES.createAsset("test-asset2"); + SOKRATES.createAsset("test-asset3"); + + SOKRATES.createContractDefinition("test-asset1", "def1", noConstraintPolicyId, noConstraintPolicyId); + SOKRATES.createContractDefinition("test-asset2", "def2", philosopherId, noConstraintPolicyId); + SOKRATES.createContractDefinition("test-asset3", "def3", mathId, noConstraintPolicyId); + + + // act + var catalog = PLATO.getCatalogDatasets(SOKRATES); + assertThat(catalog).hasSize(2); + } + @Test @DisplayName("Multiple ContractDefinitions exist for one Asset") void requestCatalog_multipleOffersForAsset() { + SOKRATES.storeBusinessPartner(PLATO.getBpn(), "test-group"); SOKRATES.createAsset("asset-1"); SOKRATES.createPolicy(noConstraintPolicyDefinition("policy-1")); - SOKRATES.createPolicy(businessPartnerNumberPolicy("policy-2", PLATO.getBpn())); + SOKRATES.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.IS_ANY_OF, "test-group")); SOKRATES.createContractDefinition("asset-1", "def1", "policy-1", "policy-1"); SOKRATES.createContractDefinition("asset-1", "def2", "policy-2", "policy-1"); @@ -110,9 +145,10 @@ void requestCatalog_multipleOffersForAsset() { @DisplayName("Catalog with 1000 offers") void requestCatalog_of1000Assets_shouldContainAll() { var policyId = "policy-1"; - var policy = businessPartnerNumberPolicy(policyId, PLATO.getBpn()); + var policy = businessPartnerGroupPolicy(policyId, Operator.IS_NONE_OF, "test-group1", "test-group2"); SOKRATES.createPolicy(policy); SOKRATES.createPolicy(noConstraintPolicyDefinition("noconstraint")); + SOKRATES.storeBusinessPartner(PLATO.getBpn(), "test-group-3"); range(0, 1000) .forEach(i -> { diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractDeleteEdrTest.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractDeleteEdrTest.java index 21ab2dac6..e09f77d27 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractDeleteEdrTest.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractDeleteEdrTest.java @@ -17,6 +17,7 @@ import jakarta.json.Json; import okhttp3.mockwebserver.MockWebServer; import org.assertj.core.api.Condition; +import org.eclipse.edc.policy.model.Operator; import org.eclipse.tractusx.edc.lifecycle.Participant; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -33,7 +34,7 @@ import static org.awaitility.Awaitility.await; import static org.eclipse.edc.spi.CoreConstants.EDC_NAMESPACE; import static org.eclipse.tractusx.edc.edr.spi.types.EndpointDataReferenceEntryStates.EXPIRED; -import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerNumberPolicy; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerGroupPolicy; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_BPN; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_NAME; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_BPN; @@ -69,8 +70,9 @@ void negotiateEdr_shouldRemoveExpiredEdrs() throws IOException { .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.NEQ, "forbidden-policy")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.EQ, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); var callbacks = Json.createArrayBuilder() diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractNegotiateEdrTest.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractNegotiateEdrTest.java index 039e8496b..9e6d87a40 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractNegotiateEdrTest.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractNegotiateEdrTest.java @@ -27,6 +27,7 @@ import org.eclipse.edc.connector.transfer.spi.event.TransferProcessProvisioned; import org.eclipse.edc.connector.transfer.spi.event.TransferProcessRequested; import org.eclipse.edc.connector.transfer.spi.event.TransferProcessStarted; +import org.eclipse.edc.policy.model.Operator; import org.eclipse.tractusx.edc.lifecycle.Participant; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -43,7 +44,7 @@ import static org.eclipse.edc.spi.types.domain.edr.EndpointDataReference.EDR_SIMPLE_TYPE; import static org.eclipse.tractusx.edc.helpers.EdrNegotiationHelperFunctions.createCallback; import static org.eclipse.tractusx.edc.helpers.EdrNegotiationHelperFunctions.createEvent; -import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerNumberPolicy; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerGroupPolicy; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_BPN; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_NAME; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_BPN; @@ -94,8 +95,9 @@ void negotiateEdr_shouldInvokeCallbacks() throws IOException { .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.IS_NONE_OF, "forbidden-policy")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.IS_ALL_OF, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractRenewalEdrTest.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractRenewalEdrTest.java index 21f89b894..d0c9d1b9c 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractRenewalEdrTest.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/edr/AbstractRenewalEdrTest.java @@ -20,6 +20,7 @@ import okhttp3.mockwebserver.MockWebServer; import org.assertj.core.api.Condition; import org.eclipse.edc.connector.transfer.spi.event.TransferProcessCompleted; +import org.eclipse.edc.policy.model.Operator; import org.eclipse.tractusx.edc.lifecycle.Participant; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; @@ -43,7 +44,7 @@ import static org.eclipse.tractusx.edc.edr.spi.types.EndpointDataReferenceEntryStates.REFRESHING; import static org.eclipse.tractusx.edc.helpers.EdrNegotiationHelperFunctions.createCallback; import static org.eclipse.tractusx.edc.helpers.EdrNegotiationHelperFunctions.createEvent; -import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerNumberPolicy; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerGroupPolicy; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_BPN; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_NAME; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.SOKRATES_BPN; @@ -86,8 +87,9 @@ void negotiateEdr_shouldRenewTheEdr() throws IOException { .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.IS_NONE_OF, "forbidden-policy")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.IS_ANY_OF, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); var callbacks = Json.createArrayBuilder() diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/negotiation/AbstractContractNegotiateTest.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/negotiation/AbstractContractNegotiateTest.java index 3651ac642..4053a77b7 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/negotiation/AbstractContractNegotiateTest.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/negotiation/AbstractContractNegotiateTest.java @@ -16,6 +16,7 @@ import jakarta.json.Json; import org.eclipse.edc.connector.contract.spi.types.negotiation.ContractNegotiationStates; +import org.eclipse.edc.policy.model.Operator; import org.eclipse.tractusx.edc.lifecycle.Participant; import org.junit.jupiter.api.DisplayName; import org.junit.jupiter.api.Test; @@ -27,7 +28,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.awaitility.Awaitility.await; import static org.eclipse.edc.spi.CoreConstants.EDC_NAMESPACE; -import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerNumberPolicy; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerGroupPolicy; import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.frameworkPolicy; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_BPN; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_NAME; @@ -58,7 +59,8 @@ void contractNegotiation_shouldFail_whenPolicyEvaluationFails() { .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "allowed-group"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.NEQ, "forbidden-group")); PLATO.createPolicy(frameworkPolicy("policy-2", Map.of("Dismantler", "active"))); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/proxy/AbstractDataPlaneProxyTest.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/proxy/AbstractDataPlaneProxyTest.java index 54bdd7e73..37f3df3fe 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/proxy/AbstractDataPlaneProxyTest.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/tests/proxy/AbstractDataPlaneProxyTest.java @@ -22,6 +22,7 @@ import okhttp3.mockwebserver.MockWebServer; import okhttp3.mockwebserver.RecordedRequest; import org.eclipse.edc.connector.transfer.spi.event.TransferProcessCompleted; +import org.eclipse.edc.policy.model.Operator; import org.eclipse.edc.spi.event.EventEnvelope; import org.eclipse.tractusx.edc.lifecycle.Participant; import org.jetbrains.annotations.NotNull; @@ -38,7 +39,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.eclipse.edc.spi.CoreConstants.EDC_NAMESPACE; import static org.eclipse.tractusx.edc.helpers.EdrNegotiationHelperFunctions.createCallback; -import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerNumberPolicy; +import static org.eclipse.tractusx.edc.helpers.PolicyHelperFunctions.businessPartnerGroupPolicy; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_BPN; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_NAME; import static org.eclipse.tractusx.edc.lifecycle.TestRuntimeConfiguration.PLATO_PROXIED_AAS_BACKEND_PORT; @@ -61,6 +62,7 @@ public abstract class AbstractDataPlaneProxyTest { private final ObjectMapper mapper = new ObjectMapper(); private MockWebServer server; + @Test @DisplayName("Verify E2E flow with Data Plane proxies and EDR") void httpPullDataTransfer_withEdrAndProxy() { @@ -78,8 +80,9 @@ void httpPullDataTransfer_withEdrAndProxy() { .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.IS_ANY_OF, "test-group1")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.IS_ALL_OF, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); var callbacks = Json.createArrayBuilder() @@ -121,8 +124,9 @@ void httpPullDataTransfer_withoutEdr() throws IOException { .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.NEQ, "forbidden-policy")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.EQ, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); @@ -149,8 +153,9 @@ void httpPullDataTransfer_shouldFailForAsset_withTwoEdrAndProxy() throws IOExcep .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.IS_NONE_OF, "forbidden-policy")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.IS_ALL_OF, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); var callbacks = Json.createArrayBuilder() @@ -199,8 +204,9 @@ void httpPullDataTransfer_withEdrAndProviderDataPlaneProxy() throws IOException .add(EDC_NAMESPACE + "authCode", authCode) .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.IS_ANY_OF, "test-group1")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.IS_ALL_OF, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); var callbacks = Json.createArrayBuilder() @@ -225,7 +231,6 @@ void httpPullDataTransfer_withEdrAndProviderDataPlaneProxy() throws IOException assertThat(data).isEqualTo(body); } - @Test @DisplayName("Verify E2E flow with Data Plane provider and EDR") void httpPullDataTransfer_withEdrAndProviderDataPlaneProxyAndCustomProperties() throws IOException { @@ -261,8 +266,9 @@ public MockResponse dispatch(@NotNull RecordedRequest recordedRequest) throws In .add(EDC_NAMESPACE + "proxyQueryParams", "true") .build()); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-1", SOKRATES.getBpn())); - PLATO.createPolicy(businessPartnerNumberPolicy("policy-2", SOKRATES.getBpn())); + PLATO.storeBusinessPartner(SOKRATES.getBpn(), "test-group1", "test-group2"); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-1", Operator.NEQ, "forbidden-policy")); + PLATO.createPolicy(businessPartnerGroupPolicy("policy-2", Operator.EQ, "test-group1", "test-group2")); PLATO.createContractDefinition(assetId, "def-1", "policy-1", "policy-2"); var callbacks = Json.createArrayBuilder() diff --git a/edc-tests/runtime/runtime-postgresql/build.gradle.kts b/edc-tests/runtime/runtime-postgresql/build.gradle.kts index 5668ee2cf..fd07930c8 100644 --- a/edc-tests/runtime/runtime-postgresql/build.gradle.kts +++ b/edc-tests/runtime/runtime-postgresql/build.gradle.kts @@ -28,7 +28,6 @@ dependencies { exclude(module = "ssi-miw-credential-client") exclude(module = "ssi-identity-extractor") exclude(module = "cx-policy") - exclude(module = "data-encryption") exclude(group = "org.eclipse.edc", "vault-hashicorp") } diff --git a/resources/openapi/yaml/edc-dataplane-proxy-consumer-api.yaml b/resources/openapi/yaml/edc-dataplane-proxy-consumer-api.yaml index 4a1d28c7c..edf1712cd 100644 --- a/resources/openapi/yaml/edc-dataplane-proxy-consumer-api.yaml +++ b/resources/openapi/yaml/edc-dataplane-proxy-consumer-api.yaml @@ -29,9 +29,15 @@ components: endpointUrl: type: string example: null + pathSegments: + type: string + example: null providerId: type: string example: null + queryParams: + type: string + example: null transferProcessId: type: string example: null diff --git a/resources/openapi/yaml/edr-api.yaml b/resources/openapi/yaml/edr-api.yaml index e937bc6ba..28518d5d5 100644 --- a/resources/openapi/yaml/edr-api.yaml +++ b/resources/openapi/yaml/edr-api.yaml @@ -74,7 +74,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/IdResponseDto' + $ref: '#/components/schemas/IdResponse' description: The negotiation was successfully initiated. "400": content: @@ -103,7 +103,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/DataAddressDto' + $ref: '#/components/schemas/DataAddress' description: The EDR cached "400": content: @@ -140,7 +140,7 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/DataAddressDto' + $ref: '#/components/schemas/DataAddress' description: The EDR cached "400": content: @@ -238,21 +238,15 @@ components: example: null policy: $ref: '#/components/schemas/Policy' - DataAddressDto: + DataAddress: type: object example: null properties: - '@context': - type: object - example: null '@type': type: string - example: null - properties: - type: object - additionalProperties: - type: string - example: null + example: https://w3id.org/edc/v0.0.1/ns/DataAddress + type: + type: string example: null Duty: type: object @@ -288,25 +282,59 @@ components: assetId: type: string example: null + createdAt: + type: integer + format: int64 + example: null + errorDetail: + type: string + example: null + expirationTimestamp: + type: integer + format: int64 + example: null + id: + type: string + example: null providerId: type: string example: null + state: + type: integer + format: int32 + example: null + stateCount: + type: integer + format: int32 + example: null + stateTimestamp: + type: integer + format: int64 + example: null + traceContext: + type: object + additionalProperties: + type: string + example: null + example: null transferProcessId: type: string example: null - IdResponseDto: + updatedAt: + type: integer + format: int64 + example: null + IdResponse: type: object - example: null - properties: + example: '@context': - type: object - example: null + edc: https://w3id.org/edc/v0.0.1/ns/ + '@id': id-value + createdAt: 1688465655 + properties: '@id': type: string example: null - '@type': - type: string - example: null createdAt: type: integer format: int64 diff --git a/settings.gradle.kts b/settings.gradle.kts index 291dd368d..e081bd49e 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -32,7 +32,6 @@ include(":core:edr-core") include(":core:json-ld-core") -include(":edc-extensions:business-partner-validation") include(":edc-extensions:bpn-validation") include(":edc-extensions:bpn-validation:bpn-validation-api") include(":edc-extensions:bpn-validation:bpn-validation-spi")