diff --git a/local/MIGRATION_NOTES.md b/local/MIGRATION_NOTES.md deleted file mode 100644 index 50efb47e..00000000 --- a/local/MIGRATION_NOTES.md +++ /dev/null @@ -1,188 +0,0 @@ -# Policy Definition -> still in alignment - -Old - -```json -{ - "@context": { - "@vocab": "https://w3id.org/edc/v0.0.1/ns/", - "odrl": "http://www.w3.org/ns/odrl/2/" - }, - "@type": "PolicyDefinitionRequestDto", - "@id": "{{POLICY_ID}}", - "policy": { - "@type": "Policy", - "odrl:permission": [ - { - "odrl:action": "USE", - "odrl:constraint": { - "@type": "LogicalConstraint", - "odrl:or": [ - { - "@type": "Constraint", - "odrl:leftOperand": "BusinessPartnerNumber", - "odrl:operator": { - "@id": "odrl:eq" - }, - "odrl:rightOperand": "{{SUPPLIER_BPNL}}" - } - ] - } - } - ] - } -} -``` - -error - -```json -[ - { - "message": "https://w3id.org/edc/v0.0.1/ns/policy/@type was expected to be http://www.w3.org/ns/odrl/2/Set but it was not", - "type": "ValidationFailure", - "path": "https://w3id.org/edc/v0.0.1/ns/policy/@type", - "invalidValue": [ - "https://w3id.org/edc/v0.0.1/ns/Policy" - ] - } -] -``` - -policy.@type = "odrl:Set" - -Catalog Request needs `counterPartyId` - -# bdrs - -Calls needed: - -- management -> create bpn directory -- BPN-Directory -> map of bpn and did reachable - -The EDC needs to self-IATP to get a `MembershipCredential` to use the BDRS - -DIDs are build following JsonWebKey2020 -DID-ID like did:web:name-to-use - -Credential Service -mock: https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-extensions/bdrs-client/src/test/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImplComponentTest.java - -Update Cache -> why does it need a bearer token with the membershipCredToken sent to /bpn-directory? -https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-extensions/bdrs-client/src/main/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImpl.java#L92 - -Dids seem to -be [dependent on the hosting companies' url](https://github.com/eclipse-tractusx/identity-trust/blob/main/specifications/tx.dataspace.topology.md) - -Seems like: - -- MIW / DIM are credential services -- Portal + DIM are issuer services - -A client uses a token during a request, to grant access to specific resources - -- verifier uses it to request the vp -- the CS endpoint is resolved using bdrs -- **What's the bearer access scope** - -access scopes - -- org.eclipse.tractusx.vc.type:Member:read -- org.eclipse.tractusx.vc.id:uuid:read -> give access to verifieable credential by id - -Endoints: - -- POST presentations/query - - uses OAuth2 scopes that need to be mapped to presentation definition -- storage api credentials - -https://github.com/eclipse-edc/Connector/blob/4fd16b8e34d685239ea40fc3d8e9b02cc8ccf323/core/common/token-core/src/main/java/org/eclipse/edc/token/TokenValidationServiceImpl.java#L54 - -- a key is somehow resolved. This may be from the did.json - -Following -this [test](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-extensions/bdrs-client/src/test/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientImplComponentTest.java), - -- the VC is signed by the issuer -- the VP is signed by the holder - -Following Tractus-X Connector Setup - -- DIM = your wallet that already contains VCs -> encapsulated STS and CS -- Credential Service = get your own VP to hand over. (something like the miw) -- SecureTokenService = get auth for something and then request presentation - -# Updates EDR - -edr callback payload - -```json -{ - "id": "3099e0f1-e255-4a00-8a8b-8ec5c16e8758", - "at": 1714325393313, - "payload": { - "transferProcessId": "07231854-112b-45bb-957b-4fb01dc2718f", - "callbackAddresses": [ - { - "uri": "http://mock-util-service:80/edr-log", - "events": [ - "transfer.process.started" - ], - "transactional": false, - "authKey": "None", - "authCodeId": "None" - } - ], - "assetId": "ASSET_1", - "type": "CONSUMER", - "contractId": "54dd6fe4-7a4e-4de6-b7b8-2f131fc99f79", - "dataAddress": { - "properties": { - "process_id": "6570b7a5-7df9-42be-9fd7-80f200427fc3", - "participant_id": "BPNL1234567890ZZ", - "asset_id": "ASSET_1", - "https://w3id.org/edc/v0.0.1/ns/endpointType": "https://w3id.org/idsa/v4.1/HTTP", - "https://w3id.org/tractusx/auth/refreshEndpoint": "http://customer-data-plane:8285/api/public", - "https://w3id.org/tractusx/auth/audience": "did:web:mock-util-service/supplier", - "agreement_id": "54dd6fe4-7a4e-4de6-b7b8-2f131fc99f79", - "flow_type": "PULL", - "https://w3id.org/edc/v0.0.1/ns/type": "https://w3id.org/idsa/v4.1/HTTP", - "https://w3id.org/edc/v0.0.1/ns/endpoint": "http://customer-data-plane:8285/api/public", - "https://w3id.org/tractusx/auth/refreshToken": "eyJraWQiOiJjdXN0b21lci1jZXJ0IiwiYWxnIjoiUlMyNTYifQ.eyJleHAiOjE3MTQzMjU2OTMsImlhdCI6MTcxNDMyNTM5MywianRpIjoiMGY2YzM4NjItOGYxZS00YzU1LWIwMzEtNGMzM2NhZWIxMzY5In0.L_r5a_hZY3aFYw4SYOoV_Ct5yWuDJBRwPeujAPKv8aPVB_buRZHDPwwnrlYAIWa4j4QIiKjmMMFQN7NUi56tIYr3An3KGwfycekCAS5CSMMAx7x6In5JTRPyyBEi897gjXYGHDlfFa_j7G5bG4__InwDt5HF_2_BKTrPMGEEGL62pAm2cm9qfZJCNJx2R6tnkSymlR0E6Dju2FsCWiOIbYlPP6JHjDkU9aKRIv6l_n0HodRUELBLKBGi565O5zwkec9sNxYdv4mTwskU4IMOvGJPNgHE3QKpzyPCIl7CzVJICCaMszl698rAp9BYP0tokUNj8yNAKbR5ZutYFnAwSA", - "https://w3id.org/tractusx/auth/expiresIn": "300", - "https://w3id.org/edc/v0.0.1/ns/authorization": "eyJraWQiOiJjdXN0b21lci1jZXJ0IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJCUE5MNDQ0NDQ0NDQ0NFhYIiwiYXVkIjoiQlBOTDEyMzQ1Njc4OTBaWiIsInN1YiI6IkJQTkw0NDQ0NDQ0NDQ0WFgiLCJleHAiOjE3MTQzMjU2OTMsImlhdCI6MTcxNDMyNTM5MywianRpIjoiMzMwMjhjZDEtMTVlZC00Njk1LWE0NjMtNDc2MTJlNmZhNDk5In0.AP8BY0gjnKFxeswCPRaalKPD-nyLtXqe8hpEQH_CcWoN48KLXLJzgyQXo04WtcCPe7QBU0dyOd9UBi71tmxPNNACLRg_HZVmAFfRZWSkCY9pr-sreChP0EJcTT7AXgHnBIT0mKZbcQ_8b8g9BI-nS43eAd52I_WAg6oTK5hvyMOha7H-HvPeyNDGPA5QQ2RKuf3JKEw-26RALZdgkLz0VDjHd9CMDJJC0nvkbzP928LvzmLs8r-e1YFJwFtZ-ipVlxb7OiFrg7UeAwwb46spi2epMj3Px1QLXrd-Fd9skV2Iw8PugPIUFm5ehyK2d5mQYB4waAm5kEmgVVLLvwVX8A", - "https://w3id.org/tractusx/auth/refreshAudience": "did:web:mock-util-service/supplier" - } - } - }, - "type": "TransferProcessStarted" -} -``` - -Get against EDR API after Transfer Process: -`{{SUPPLIER_EDC}}/{{MANAGEMENT_PATH}}/v2/transferprocesses/{{TRANSFER_PROCESS_ID}}` -Will be loaded lazily - -```json -{ - "@type": "DataAddress", - "endpointType": "https://w3id.org/idsa/v4.1/HTTP", - "tx-auth:refreshEndpoint": "http://customer-data-plane:8285/api/public", - "tx-auth:audience": "did:web:mock-util-service/supplier", - "type": "https://w3id.org/idsa/v4.1/HTTP", - "endpoint": "http://customer-data-plane:8285/api/public", - "tx-auth:refreshToken": "eyJraWQiOiJjdXN0b21lci1jZXJ0IiwiYWxnIjoiUlMyNTYifQ.eyJleHAiOjE3MTQzMjU2OTMsImlhdCI6MTcxNDMyNTM5MywianRpIjoiMGY2YzM4NjItOGYxZS00YzU1LWIwMzEtNGMzM2NhZWIxMzY5In0.L_r5a_hZY3aFYw4SYOoV_Ct5yWuDJBRwPeujAPKv8aPVB_buRZHDPwwnrlYAIWa4j4QIiKjmMMFQN7NUi56tIYr3An3KGwfycekCAS5CSMMAx7x6In5JTRPyyBEi897gjXYGHDlfFa_j7G5bG4__InwDt5HF_2_BKTrPMGEEGL62pAm2cm9qfZJCNJx2R6tnkSymlR0E6Dju2FsCWiOIbYlPP6JHjDkU9aKRIv6l_n0HodRUELBLKBGi565O5zwkec9sNxYdv4mTwskU4IMOvGJPNgHE3QKpzyPCIl7CzVJICCaMszl698rAp9BYP0tokUNj8yNAKbR5ZutYFnAwSA", - "tx-auth:expiresIn": "300", - // use Header Authorization - "authorization": "eyJraWQiOiJjdXN0b21lci1jZXJ0IiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJCUE5MNDQ0NDQ0NDQ0NFhYIiwiYXVkIjoiQlBOTDEyMzQ1Njc4OTBaWiIsInN1YiI6IkJQTkw0NDQ0NDQ0NDQ0WFgiLCJleHAiOjE3MTQzMjU2OTMsImlhdCI6MTcxNDMyNTM5MywianRpIjoiMzMwMjhjZDEtMTVlZC00Njk1LWE0NjMtNDc2MTJlNmZhNDk5In0.AP8BY0gjnKFxeswCPRaalKPD-nyLtXqe8hpEQH_CcWoN48KLXLJzgyQXo04WtcCPe7QBU0dyOd9UBi71tmxPNNACLRg_HZVmAFfRZWSkCY9pr-sreChP0EJcTT7AXgHnBIT0mKZbcQ_8b8g9BI-nS43eAd52I_WAg6oTK5hvyMOha7H-HvPeyNDGPA5QQ2RKuf3JKEw-26RALZdgkLz0VDjHd9CMDJJC0nvkbzP928LvzmLs8r-e1YFJwFtZ-ipVlxb7OiFrg7UeAwwb46spi2epMj3Px1QLXrd-Fd9skV2Iw8PugPIUFm5ehyK2d5mQYB4waAm5kEmgVVLLvwVX8A", - "tx-auth:refreshAudience": "did:web:mock-util-service/supplier", - "@context": { - "@vocab": "https://w3id.org/edc/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "tx-auth": "https://w3id.org/tractusx/auth/", - "cx-policy": "https://w3id.org/catenax/policy/", - "odrl": "http://www.w3.org/ns/odrl/2/" - } -} -``` diff --git a/local/docker-compose-edc.yaml b/local/docker-compose-edc.yaml deleted file mode 100644 index 348a074e..00000000 --- a/local/docker-compose-edc.yaml +++ /dev/null @@ -1,139 +0,0 @@ -# -# Copyright (c) 2023, 2024 Volkswagen AG -# Copyright (c) 2023, 2024 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) -# Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -version: "3" -services: - - postgres-all: - image: postgres:15.4-alpine - container_name: postgres-all - environment: - POSTGRES_DB: edc - POSTGRES_USER: ${PG_USER} - POSTGRES_PASSWORD: ${PG_PW} - ports: - - "127.0.0.1:5433:5432" - healthcheck: - test: ["CMD-SHELL", "pg_isready -d edc -U ${PG_USER}"] - interval: 4s - timeout: 3s - retries: 15 - networks: - - miw-net - deploy: - resources: - limits: - memory: 512mb - cpus: "0.5" - security_opt: - - no-new-privileges:true - volumes: - - ./postgres/init-db.sql:/docker-entrypoint-initdb.d/init-db.sql - - edc-customer-control-plane: - depends_on: - postgres-all: - condition: service_healthy - # restart: on-failure - extends: - file: ./tractus-x-edc/docker-compose.yaml - service: control-plane - container_name: customer-control-plane - env_file: - - ./tractus-x-edc/config/customer/control-plane.properties - ports: - - "127.0.0.1:8180:8180" - - "127.0.0.1:8181:8181" - - "127.0.0.1:8182:8182" - - "127.0.0.1:8183:8183" - - "127.0.0.1:8184:8184" - networks: - - miw-net - extra_hosts: - - "host.docker.internal:host-gateway" # Adjusts container's host file to allow for communication with docker-host machine - - edc-customer-data-plane: - depends_on: - postgres-all: - condition: service_healthy - restart: on-failure - extends: - file: ./tractus-x-edc/docker-compose.yaml - service: data-plane - container_name: customer-data-plane - ports: - - "127.0.0.1:8280:8280" - - "127.0.0.1:8283:8283" - - "127.0.0.1:8285:8285" - - "127.0.0.1:8299:8299" - env_file: - - ./tractus-x-edc/config/customer/data-plane.properties - networks: - - miw-net - extra_hosts: - - "host.docker.internal:host-gateway" # Adjusts container's host file to allow for communication with docker-host machine - - edc-supplier-control-plane: - depends_on: - postgres-all: - condition: service_healthy - # restart: on-failure - extends: - file: ./tractus-x-edc/docker-compose.yaml - service: control-plane - container_name: supplier-control-plane - ports: - - "127.0.0.1:9180:9180" - - "127.0.0.1:9181:9181" - - "127.0.0.1:9182:9182" - - "127.0.0.1:9183:9183" - - "127.0.0.1:9184:9184" - - "127.0.0.1:1044:1044" - env_file: - - ./tractus-x-edc/config/supplier/control-plane.properties - networks: - - miw-net - extra_hosts: - - "host.docker.internal:host-gateway" # Adjusts container's host file to allow for communication with docker-host machine - - edc-supplier-data-plane: - depends_on: - postgres-all: - condition: service_healthy - restart: on-failure - extends: - file: ./tractus-x-edc/docker-compose.yaml - service: data-plane - container_name: supplier-data-plane - ports: - - "127.0.0.1:9280:9280" - - "127.0.0.1:9283:9283" - - "127.0.0.1:9285:9285" - - "127.0.0.1:9299:9299" - env_file: - - ./tractus-x-edc/config/supplier/data-plane.properties - networks: - - miw-net - extra_hosts: - - "host.docker.internal:host-gateway" # Adjusts container's host file to allow for communication with docker-host machine - -networks: - miw-net: - external: true