From e21f946b8448b6f08a29bda3c00b596282d9764e Mon Sep 17 00:00:00 2001 From: Enrico Risa Date: Mon, 25 Nov 2024 12:16:32 +0100 Subject: [PATCH] feat: strict policy definition validation --- .../edc/identity/mapper/BdrsClientImpl.java | 2 +- .../edc/policy/cx/CxPolicyExtension.java | 42 +++-- .../ContractReferenceConstraintFunction.java | 42 +++++ .../usage/UsagePurposeConstraintFunction.java | 42 +++++ ...ntractReferenceConstraintFunctionTest.java | 42 +++++ .../UsagePurposeConstraintFunctionTest.java | 42 +++++ .../dcp/sts/dim/DimSecureTokenService.java | 1 - .../participant/TractusxParticipantBase.java | 1 + .../tests/runtimes/ParticipantRuntime.java | 8 +- .../AbstractIatpConsumerPullTest.java | 3 +- .../iatp/runtime/IatpParticipantRuntime.java | 8 +- .../policy/PolicyDefinitionEndToEndTest.java | 160 ++++++++++++++++++ gradle/libs.versions.toml | 2 +- 13 files changed, 369 insertions(+), 26 deletions(-) create mode 100644 edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunction.java create mode 100644 edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunction.java create mode 100644 edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunctionTest.java create mode 100644 edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunctionTest.java create mode 100644 edc-tests/edc-controlplane/policy-tests/src/test/java/org/eclipse/tractusx/edc/tests/policy/PolicyDefinitionEndToEndTest.java diff --git a/edc-extensions/bdrs-client/src/main/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImpl.java b/edc-extensions/bdrs-client/src/main/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImpl.java index 859a91fa0..2bfc2d3de 100644 --- a/edc-extensions/bdrs-client/src/main/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImpl.java +++ b/edc-extensions/bdrs-client/src/main/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImpl.java @@ -120,7 +120,7 @@ private boolean isCacheExpired() { private Result updateCache() { var membershipCredToken = createMembershipPresentation(); if (membershipCredToken.failed()) { - return membershipCredToken.mapTo(); + return membershipCredToken.mapEmpty(); } var request = new Request.Builder() diff --git a/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/CxPolicyExtension.java b/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/CxPolicyExtension.java index 5f419f61e..ce127b21f 100644 --- a/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/CxPolicyExtension.java +++ b/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/CxPolicyExtension.java @@ -29,9 +29,11 @@ import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; +import org.eclipse.tractusx.edc.policy.cx.contractreference.ContractReferenceConstraintFunction; import org.eclipse.tractusx.edc.policy.cx.dismantler.DismantlerCredentialConstraintFunction; import org.eclipse.tractusx.edc.policy.cx.framework.FrameworkAgreementCredentialConstraintFunction; import org.eclipse.tractusx.edc.policy.cx.membership.MembershipCredentialConstraintFunction; +import org.eclipse.tractusx.edc.policy.cx.usage.UsagePurposeConstraintFunction; import java.util.Set; import java.util.stream.Stream; @@ -44,9 +46,11 @@ import static org.eclipse.tractusx.edc.policy.cx.common.PolicyScopes.NEGOTIATION_SCOPE; import static org.eclipse.tractusx.edc.policy.cx.common.PolicyScopes.TRANSFER_PROCESS_REQUEST_SCOPE; import static org.eclipse.tractusx.edc.policy.cx.common.PolicyScopes.TRANSFER_PROCESS_SCOPE; +import static org.eclipse.tractusx.edc.policy.cx.contractreference.ContractReferenceConstraintFunction.CONTRACT_REFERENCE; import static org.eclipse.tractusx.edc.policy.cx.dismantler.DismantlerCredentialConstraintFunction.DISMANTLER_LITERAL; import static org.eclipse.tractusx.edc.policy.cx.framework.FrameworkAgreementCredentialConstraintFunction.FRAMEWORK_AGREEMENT_LITERAL; import static org.eclipse.tractusx.edc.policy.cx.membership.MembershipCredentialConstraintFunction.MEMBERSHIP_LITERAL; +import static org.eclipse.tractusx.edc.policy.cx.usage.UsagePurposeConstraintFunction.USAGE_PURPOSE; /** @@ -65,17 +69,6 @@ public class CxPolicyExtension implements ServiceExtension { @Inject private RuleBindingRegistry bindingRegistry; - @Override - public String name() { - return NAME; - } - - @Override - public void initialize(ServiceExtensionContext context) { - registerFunctions(policyEngine); - registerBindings(bindingRegistry); - } - public static void registerFunctions(PolicyEngine engine) { engine.registerFunction(CatalogPolicyContext.class, Permission.class, new DismantlerCredentialConstraintFunction<>()); engine.registerFunction(ContractNegotiationPolicyContext.class, Permission.class, new DismantlerCredentialConstraintFunction<>()); @@ -88,6 +81,14 @@ public static void registerFunctions(PolicyEngine engine) { engine.registerFunction(CatalogPolicyContext.class, Permission.class, new MembershipCredentialConstraintFunction<>()); engine.registerFunction(ContractNegotiationPolicyContext.class, Permission.class, new MembershipCredentialConstraintFunction<>()); engine.registerFunction(TransferProcessPolicyContext.class, Permission.class, new MembershipCredentialConstraintFunction<>()); + + engine.registerFunction(CatalogPolicyContext.class, Permission.class, CX_POLICY_NS + USAGE_PURPOSE, new UsagePurposeConstraintFunction<>()); + engine.registerFunction(ContractNegotiationPolicyContext.class, Permission.class, CX_POLICY_NS + USAGE_PURPOSE, new UsagePurposeConstraintFunction<>()); + engine.registerFunction(TransferProcessPolicyContext.class, Permission.class, CX_POLICY_NS + USAGE_PURPOSE, new UsagePurposeConstraintFunction<>()); + + engine.registerFunction(CatalogPolicyContext.class, Permission.class, CX_POLICY_NS + CONTRACT_REFERENCE, new ContractReferenceConstraintFunction<>()); + engine.registerFunction(ContractNegotiationPolicyContext.class, Permission.class, CX_POLICY_NS + CONTRACT_REFERENCE, new ContractReferenceConstraintFunction<>()); + engine.registerFunction(TransferProcessPolicyContext.class, Permission.class, CX_POLICY_NS + CONTRACT_REFERENCE, new ContractReferenceConstraintFunction<>()); } public static void registerBindings(RuleBindingRegistry registry) { @@ -101,5 +102,24 @@ public static void registerBindings(RuleBindingRegistry registry) { registry.bind(ODRL_SCHEMA + "use", CATALOG_SCOPE); registry.bind(ODRL_SCHEMA + "use", NEGOTIATION_SCOPE); registry.bind(ODRL_SCHEMA + "use", TRANSFER_PROCESS_SCOPE); + + registry.bind(CX_POLICY_NS + USAGE_PURPOSE, CATALOG_SCOPE); + registry.bind(CX_POLICY_NS + USAGE_PURPOSE, NEGOTIATION_SCOPE); + registry.bind(CX_POLICY_NS + USAGE_PURPOSE, TRANSFER_PROCESS_SCOPE); + + registry.bind(CX_POLICY_NS + CONTRACT_REFERENCE, CATALOG_SCOPE); + registry.bind(CX_POLICY_NS + CONTRACT_REFERENCE, NEGOTIATION_SCOPE); + registry.bind(CX_POLICY_NS + CONTRACT_REFERENCE, TRANSFER_PROCESS_SCOPE); + } + + @Override + public String name() { + return NAME; + } + + @Override + public void initialize(ServiceExtensionContext context) { + registerFunctions(policyEngine); + registerBindings(bindingRegistry); } } diff --git a/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunction.java b/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunction.java new file mode 100644 index 000000000..0978addea --- /dev/null +++ b/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunction.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +package org.eclipse.tractusx.edc.policy.cx.contractreference; + +import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential; +import org.eclipse.edc.participant.spi.ParticipantAgent; +import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; +import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction; +import org.eclipse.edc.policy.engine.spi.PolicyContext; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.edc.policy.model.Permission; + + +/** + * This constraint function checks that a MembershipCredential is present in a list of {@link VerifiableCredential} + * objects extracted from a {@link ParticipantAgent} which is expected to be present on the {@link PolicyContext}. + */ +public class ContractReferenceConstraintFunction implements AtomicConstraintRuleFunction { + public static final String CONTRACT_REFERENCE = "ContractReference"; + + @Override + public boolean evaluate(Operator operator, Object rightOperand, Permission permission, C c) { + return true; + } +} diff --git a/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunction.java b/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunction.java new file mode 100644 index 000000000..9a7c0d152 --- /dev/null +++ b/edc-extensions/cx-policy/src/main/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunction.java @@ -0,0 +1,42 @@ +/* + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +package org.eclipse.tractusx.edc.policy.cx.usage; + +import org.eclipse.edc.iam.verifiablecredentials.spi.model.VerifiableCredential; +import org.eclipse.edc.participant.spi.ParticipantAgent; +import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; +import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction; +import org.eclipse.edc.policy.engine.spi.PolicyContext; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.edc.policy.model.Permission; + + +/** + * This constraint function checks that a MembershipCredential is present in a list of {@link VerifiableCredential} + * objects extracted from a {@link ParticipantAgent} which is expected to be present on the {@link PolicyContext}. + */ +public class UsagePurposeConstraintFunction implements AtomicConstraintRuleFunction { + public static final String USAGE_PURPOSE = "UsagePurpose"; + + @Override + public boolean evaluate(Operator operator, Object rightOperand, Permission permission, C c) { + return true; + } +} diff --git a/edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunctionTest.java b/edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunctionTest.java new file mode 100644 index 000000000..ed4679d51 --- /dev/null +++ b/edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/contractreference/ContractReferenceConstraintFunctionTest.java @@ -0,0 +1,42 @@ +/******************************************************************************** + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +package org.eclipse.tractusx.edc.policy.cx.contractreference; + +import org.eclipse.edc.participant.spi.ParticipantAgent; +import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.tractusx.edc.policy.cx.TestParticipantAgentPolicyContext; +import org.junit.jupiter.api.Test; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +class ContractReferenceConstraintFunctionTest { + + private final ParticipantAgent participantAgent = mock(); + private final ContractReferenceConstraintFunction function = new ContractReferenceConstraintFunction<>(); + private final ParticipantAgentPolicyContext context = new TestParticipantAgentPolicyContext(participantAgent); + + @Test + void evaluate() { + assertThat(function.evaluate(Operator.EQ, "contractRef", null, context)).isTrue(); + } + +} diff --git a/edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunctionTest.java b/edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunctionTest.java new file mode 100644 index 000000000..a6e44ffe3 --- /dev/null +++ b/edc-extensions/cx-policy/src/test/java/org/eclipse/tractusx/edc/policy/cx/usage/UsagePurposeConstraintFunctionTest.java @@ -0,0 +1,42 @@ +/******************************************************************************** + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +package org.eclipse.tractusx.edc.policy.cx.usage; + +import org.eclipse.edc.participant.spi.ParticipantAgent; +import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.tractusx.edc.policy.cx.TestParticipantAgentPolicyContext; +import org.junit.jupiter.api.Test; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; + +class UsagePurposeConstraintFunctionTest { + + private final ParticipantAgent participantAgent = mock(); + private final UsagePurposeConstraintFunction function = new UsagePurposeConstraintFunction<>(); + private final ParticipantAgentPolicyContext context = new TestParticipantAgentPolicyContext(participantAgent); + + @Test + void evaluate() { + assertThat(function.evaluate(Operator.EQ, "usagePurpose", null, context)).isTrue(); + } + +} diff --git a/edc-extensions/dcp/tx-dcp-sts-dim/src/main/java/org/eclipse/tractusx/edc/iam/dcp/sts/dim/DimSecureTokenService.java b/edc-extensions/dcp/tx-dcp-sts-dim/src/main/java/org/eclipse/tractusx/edc/iam/dcp/sts/dim/DimSecureTokenService.java index 25931da9f..c59c889e5 100644 --- a/edc-extensions/dcp/tx-dcp-sts-dim/src/main/java/org/eclipse/tractusx/edc/iam/dcp/sts/dim/DimSecureTokenService.java +++ b/edc-extensions/dcp/tx-dcp-sts-dim/src/main/java/org/eclipse/tractusx/edc/iam/dcp/sts/dim/DimSecureTokenService.java @@ -203,7 +203,6 @@ private Result> mapClaims(Map claims, Map mapClaim(claims, entry))) .peek(inner -> inner.onSuccess(mapped -> payload.put(mapped.getKey(), mapped.getValue()))) - .map(Result::mapTo) .reduce(Result::merge) .orElseGet(() -> Result.success(null)); diff --git a/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java b/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java index d4c5775ba..2332d605e 100644 --- a/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java +++ b/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/participant/TractusxParticipantBase.java @@ -125,6 +125,7 @@ public Map getConfiguration() { put("edc.dataplane.api.public.baseurl", "http://localhost:%d/api/public/v2/data".formatted(dataPlanePublic.getPort())); put("edc.catalog.cache.execution.delay.seconds", "2"); put("edc.catalog.cache.execution.period.seconds", "2"); + put("edc.policy.validation.enabled", "true"); } }; } diff --git a/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/runtimes/ParticipantRuntime.java b/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/runtimes/ParticipantRuntime.java index 5351c0ac4..09442b821 100644 --- a/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/runtimes/ParticipantRuntime.java +++ b/edc-tests/e2e-fixtures/src/testFixtures/java/org/eclipse/tractusx/edc/tests/runtimes/ParticipantRuntime.java @@ -23,7 +23,7 @@ import com.nimbusds.jose.jwk.Curve; import com.nimbusds.jose.jwk.ECKey; import com.nimbusds.jose.jwk.gen.ECKeyGenerator; -import org.eclipse.edc.boot.system.injection.InjectionContainer; +import org.eclipse.edc.boot.system.DependencyGraph; import org.eclipse.edc.iam.did.spi.resolution.DidPublicKeyResolver; import org.eclipse.edc.iam.identitytrust.spi.SecureTokenService; import org.eclipse.edc.iam.identitytrust.sts.embedded.EmbeddedSecureTokenService; @@ -33,7 +33,6 @@ import org.eclipse.edc.spi.iam.IdentityService; import org.eclipse.edc.spi.result.Result; import org.eclipse.edc.spi.security.Vault; -import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.token.InMemoryJtiValidationStore; import org.eclipse.edc.token.JwtGenerationService; @@ -42,7 +41,6 @@ import java.time.Clock; import java.time.Duration; -import java.util.List; import java.util.Map; /** @@ -83,8 +81,8 @@ public DataWiper getWiper() { } @Override - protected void bootExtensions(ServiceExtensionContext context, List> serviceExtensions) { - super.bootExtensions(context, serviceExtensions); + protected void bootExtensions(ServiceExtensionContext context, DependencyGraph dependencyGraph) { + super.bootExtensions(context, dependencyGraph); wiper = new DataWiper(context); registerConsumerPullKeys(runtimeKeyPair); } diff --git a/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/AbstractIatpConsumerPullTest.java b/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/AbstractIatpConsumerPullTest.java index bc04abcd9..9f6a911b7 100644 --- a/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/AbstractIatpConsumerPullTest.java +++ b/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/AbstractIatpConsumerPullTest.java @@ -59,7 +59,6 @@ import static org.awaitility.Awaitility.await; import static org.awaitility.pollinterval.FibonacciPollInterval.fibonacci; import static org.eclipse.edc.util.io.Ports.getFreePort; -import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.CX_CREDENTIAL_NS; import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.CX_POLICY_NS; import static org.eclipse.tractusx.edc.tests.TestRuntimeConfiguration.CONSUMER_BPN; import static org.eclipse.tractusx.edc.tests.TestRuntimeConfiguration.CONSUMER_NAME; @@ -320,7 +319,7 @@ void catalogRequest_whenCredentialRevoked() { @Override protected JsonObject createContractPolicy(String bpn) { - return frameworkPolicy(Map.of(CX_CREDENTIAL_NS + "Membership", "active")); + return frameworkPolicy(Map.of(CX_POLICY_NS + "Membership", "active")); } protected abstract RuntimeExtension consumerRuntime(); diff --git a/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/runtime/IatpParticipantRuntime.java b/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/runtime/IatpParticipantRuntime.java index 934a6192b..8d7da6e13 100644 --- a/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/runtime/IatpParticipantRuntime.java +++ b/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/runtime/IatpParticipantRuntime.java @@ -20,17 +20,15 @@ package org.eclipse.tractusx.edc.tests.transfer.iatp.runtime; import com.nimbusds.jose.jwk.JWK; -import org.eclipse.edc.boot.system.injection.InjectionContainer; +import org.eclipse.edc.boot.system.DependencyGraph; import org.eclipse.edc.junit.extensions.EmbeddedRuntime; import org.eclipse.edc.security.token.jwt.CryptoConverter; import org.eclipse.edc.spi.security.Vault; -import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.tractusx.edc.spi.identity.mapper.BdrsClient; import org.eclipse.tractusx.edc.tests.runtimes.DataWiper; import java.security.KeyPair; -import java.util.List; import java.util.Map; @@ -52,8 +50,8 @@ public DataWiper getWiper() { @Override - protected void bootExtensions(ServiceExtensionContext context, List> serviceExtensions) { - super.bootExtensions(context, serviceExtensions); + protected void bootExtensions(ServiceExtensionContext context, DependencyGraph dependencyGraph) { + super.bootExtensions(context, dependencyGraph); wiper = new CredentialWiper(getContext()); registerConsumerPullKeys(runtimeKeyPair); } diff --git a/edc-tests/edc-controlplane/policy-tests/src/test/java/org/eclipse/tractusx/edc/tests/policy/PolicyDefinitionEndToEndTest.java b/edc-tests/edc-controlplane/policy-tests/src/test/java/org/eclipse/tractusx/edc/tests/policy/PolicyDefinitionEndToEndTest.java new file mode 100644 index 000000000..5d3adc248 --- /dev/null +++ b/edc-tests/edc-controlplane/policy-tests/src/test/java/org/eclipse/tractusx/edc/tests/policy/PolicyDefinitionEndToEndTest.java @@ -0,0 +1,160 @@ +/******************************************************************************** + * Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +package org.eclipse.tractusx.edc.tests.policy; + +import jakarta.json.JsonObject; +import org.eclipse.edc.junit.annotations.EndToEndTest; +import org.eclipse.edc.junit.annotations.PostgresqlIntegrationTest; +import org.eclipse.edc.junit.extensions.RuntimeExtension; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.tractusx.edc.tests.participant.TransferParticipant; +import org.eclipse.tractusx.edc.tests.runtimes.PostgresExtension; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Nested; +import org.junit.jupiter.api.Order; +import org.junit.jupiter.api.extension.ExtensionContext; +import org.junit.jupiter.api.extension.RegisterExtension; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.ArgumentsProvider; +import org.junit.jupiter.params.provider.ArgumentsSource; + +import java.util.List; +import java.util.Map; +import java.util.stream.Stream; + +import static org.assertj.core.api.Assertions.assertThatThrownBy; +import static org.eclipse.edc.connector.controlplane.test.system.utils.PolicyFixtures.inForceDatePolicy; +import static org.eclipse.tractusx.edc.edr.spi.CoreConstants.CX_POLICY_NS; +import static org.eclipse.tractusx.edc.tests.TestRuntimeConfiguration.CONSUMER_BPN; +import static org.eclipse.tractusx.edc.tests.TestRuntimeConfiguration.CONSUMER_NAME; +import static org.eclipse.tractusx.edc.tests.TestRuntimeConfiguration.PROVIDER_BPN; +import static org.eclipse.tractusx.edc.tests.TestRuntimeConfiguration.PROVIDER_NAME; +import static org.eclipse.tractusx.edc.tests.helpers.PolicyHelperFunctions.frameworkPolicy; +import static org.eclipse.tractusx.edc.tests.runtimes.Runtimes.memoryRuntime; +import static org.eclipse.tractusx.edc.tests.runtimes.Runtimes.pgRuntime; + +public class PolicyDefinitionEndToEndTest { + + protected static final TransferParticipant CONSUMER = TransferParticipant.Builder.newInstance() + .name(CONSUMER_NAME) + .id(CONSUMER_BPN) + .build(); + + + protected static final TransferParticipant PROVIDER = TransferParticipant.Builder.newInstance() + .name(PROVIDER_NAME) + .id(PROVIDER_BPN) + .build(); + + abstract static class Tests { + + @DisplayName("Policy is accepted") + @ParameterizedTest(name = "{1}") + @ArgumentsSource(ValidContractPolicyProvider.class) + void shouldAcceptValidPolicyDefinitions(JsonObject policy, String description) { + PROVIDER.createPolicyDefinition(policy); + } + + @DisplayName("Policy is accepted") + @ParameterizedTest(name = "{1}") + @ArgumentsSource(InValidContractPolicyProvider.class) + void shouldNotAcceptInvalidValidPolicyDefinitions(JsonObject policy, String description) { + assertThatThrownBy(() -> PROVIDER.createPolicyDefinition(policy)); + } + + } + + private abstract static class BaseContractPolicyProvider implements ArgumentsProvider { + + private final String namespace; + + private BaseContractPolicyProvider(String namespace) { + this.namespace = namespace; + } + + @Override + public Stream provideArguments(ExtensionContext extensionContext) { + return Stream.of( + Arguments.of(frameworkPolicy(Map.of(namespace + "Membership", "active")), "MembershipCredential"), + Arguments.of(frameworkPolicy(Map.of(namespace + "FrameworkAgreement.pcf", "active")), "PCF Use Case (legacy notation)"), + Arguments.of(frameworkPolicy(Map.of(namespace + "FrameworkAgreement", "Pcf")), "PCF Use Case (new notation)"), + Arguments.of(frameworkPolicy(Map.of(namespace + "FrameworkAgreement", "DataExchangeGovernance:1.0.0")), "DataExchangeGovernance use case"), + Arguments.of(frameworkPolicy(Map.of(namespace + "Dismantler", "active")), "Dismantler Credential"), + Arguments.of(frameworkPolicy(Map.of(namespace + "Dismantler.activityType", "vehicleDismantle")), "Dismantler Cred (activity type)"), + Arguments.of(frameworkPolicy(namespace + "Dismantler.allowedBrands", Operator.IS_ANY_OF, List.of("Moskvich", "Tatra")), "Dismantler allowedBrands (IS_ANY_OF, one intersects)"), + Arguments.of(frameworkPolicy(namespace + "Dismantler.allowedBrands", Operator.EQ, List.of("Moskvich", "Lada")), "Dismantler allowedBrands (EQ, exact match)"), + Arguments.of(frameworkPolicy(namespace + "Dismantler.allowedBrands", Operator.IS_NONE_OF, List.of("Yugo", "Tatra")), "Dismantler allowedBrands (IS_NONE_OF, no intersect)"), + Arguments.of(frameworkPolicy(namespace + "Dismantler.allowedBrands", Operator.IN, List.of("Moskvich", "Tatra", "Yugo", "Lada")), "Dismantler allowedBrands (IN, fully contained)"), + Arguments.of(frameworkPolicy(Map.of(namespace + "UsagePurpose", "cx.core.industrycore:1")), "Usage Purpose"), + Arguments.of(frameworkPolicy(Map.of(namespace + "ContractReference", "contractReference")), "Contract reference") + ); + } + } + + private static class ValidContractPolicyProvider extends BaseContractPolicyProvider { + + private ValidContractPolicyProvider() { + super(CX_POLICY_NS); + } + + @Override + public Stream provideArguments(ExtensionContext extensionContext) { + return Stream.concat(super.provideArguments(extensionContext), Stream.of( + Arguments.of(inForceDatePolicy("gteq", "contractAgreement+0s", "lteq", "contractAgreement+10s"), "In force date policy") + )); + } + } + + private static class InValidContractPolicyProvider extends BaseContractPolicyProvider { + + private InValidContractPolicyProvider() { + super(""); + } + } + + @Nested + @EndToEndTest + class InMemory extends Tests { + + @RegisterExtension + protected static final RuntimeExtension CONSUMER_RUNTIME = memoryRuntime(CONSUMER.getName(), CONSUMER.getBpn(), CONSUMER.getConfiguration()); + + @RegisterExtension + protected static final RuntimeExtension PROVIDER_RUNTIME = memoryRuntime(PROVIDER.getName(), PROVIDER.getBpn(), PROVIDER.getConfiguration()); + + } + + @Nested + @PostgresqlIntegrationTest + class Postgres extends Tests { + + @RegisterExtension + @Order(0) + private static final PostgresExtension POSTGRES = new PostgresExtension(CONSUMER.getName(), PROVIDER.getName()); + + @RegisterExtension + protected static final RuntimeExtension CONSUMER_RUNTIME = pgRuntime(CONSUMER, POSTGRES); + + @RegisterExtension + protected static final RuntimeExtension PROVIDER_RUNTIME = pgRuntime(PROVIDER, POSTGRES); + + } +} diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index f41a223e3..204285227 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -2,7 +2,7 @@ format.version = "1.1" [versions] -edc = "0.10.1" +edc = "0.11.0-20241127-SNAPSHOT" assertj = "3.26.3" awaitility = "4.2.2" aws = "2.29.9"