Skip to content

Commit

Permalink
feat(irs-api):[#199] merge and conflicts resolve
Browse files Browse the repository at this point in the history
  • Loading branch information
ds-psosnowski committed Mar 5, 2024
2 parents 8028ac4 + f2ff82e commit 1898634
Show file tree
Hide file tree
Showing 91 changed files with 2,712 additions and 5,060,281 deletions.
18 changes: 16 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Added
- DigitalTwinRegistryCreateShellService in irs-registry-client for creating shells in DTR directly
- POST /management/v2/contractagreements/request and GET /management/v2/contractagreements/{contractAgreementId}/negotiation to irs-edc-client lib

### Changed
- EDC client handles multiple Digital Twin Registries and Digital Twins now #395
- Change logo of irs
- Added 'businessPartnerNumber' field to Tombstone model. This will be filled only when UsagePolicyValidation tombstone is being created.

### Fixed
- Update to Spring Boot 3.1.9 to fix CVE's.
- Fixed a case where Policy validation could result in a NullPointerException if either orConstraint or andConstraint of
accepted policies were null

## [4.6.0] - 2024-02-20
### Added
Expand All @@ -25,11 +35,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- Fixed Log4J configuration
- Fix tavern and cucumber tests

## [4.5.2] - 2024-02-22
## Changed
- Updated IRS OpenAPI version to 4.5.2

## [4.5.1] - 2024-02-20
### Changed
- Moved Docker notice to separate file #425


## [4.5.0] - 2024-02-07
### Added
- Added helper script for building documentation locally.
Expand Down Expand Up @@ -537,7 +550,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
- **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information.

[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.6.0...HEAD
[4.6.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.5.1...4.6.0
[4.6.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.5.2...4.6.0
[4.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.5.1...4.5.2
[4.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.5.0...4.5.1
[4.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.5.0...4.5.1
[4.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.4.0...4.5.0
Expand Down
202 changes: 101 additions & 101 deletions DEPENDENCIES

Large diffs are not rendered by default.

3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
# ![Item Relationship Service (IRS)](https://raw.githubusercontent.com/eclipse-tractusx/item-relationship-service/main/logo.png)
# ![Item Relationship Service (IRS)](https://github.com/eclipse-tractusx/item-relationship-service/blob/main/logo.png)


[![Apache 2 License](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://github.com/eclipse-tractusx/item-relationship-service/blob/main/LICENSE)
[![Build](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/irs-build.yml/badge.svg)](https://github.com/eclipse-tractusx/item-relationship-service/actions/workflows/irs-build.yml)
Expand Down
8 changes: 8 additions & 0 deletions charts/irs-helm/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
### Changed
- Update IRS version to 4.6.0

## [6.14.2] - 2024-02-22
### Changed
- Update IRS version to 4.5.2

## [6.14.1] - 2024-02-20
### Changed
- Update IRS version to 4.5.1

## [6.14.0] - 2024-02-07
### Added
- Added configuration parameters `oauth2.semantics.clientId`,`oauth2.semantics.clientSecret`, `oauth2.discovery.clientId`,`oauth2.discovery.clientSecret`, `oauth2.bpdm.clientId`,`oauth2.bpdm.clientSecret`
Expand Down
1 change: 1 addition & 0 deletions charts/irs-helm/templates/configmap-spring-app-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,7 @@ data:
contract-negotiation: {{ .Values.edc.controlplane.endpoint.contractnegotiation | default "/v2/contractnegotiations" | quote }}
transfer-process: {{ .Values.edc.controlplane.endpoint.transferprocess | default "/v2/transferprocesses" | quote }}
state-suffix: {{ .Values.edc.controlplane.endpoint.statesuffix | default "/state" | quote }}
contract-agreements: {{ .Values.edc.controlplane.endpoint.contractAgreements | default "/v2/contractagreements" | quote }}
provider-suffix: {{ tpl .Values.edc.controlplane.provider.suffix . | quote }}
catalog-limit: {{ .Values.edc.controlplane.catalog.limit }}
catalog-page-size: {{ .Values.edc.controlplane.catalog.pagesize }}
Expand Down
1 change: 1 addition & 0 deletions charts/irs-helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,7 @@ edc:
contractnegotiation: /v2/contractnegotiations # EDC consumer controlplane contract negotiation path
transferprocess: /v2/transferprocesses # EDC consumer controlplane transfer process path
statesuffix: /state # Path of the state suffix for contract negotiation and transfer process
contractAgreements: /v2/contractagreements # EDC consumer controlplane contract agreements path
request:
ttl: PT10M # Requests to controlplane will time out after this duration (see https://en.wikipedia.org/wiki/ISO_8601#Durations)
provider:
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
# Data Sov guardrails presentation #333

| Key | Value |
|---------------|----------------------------------------------------------------------------------|
| Creation date | 01.02.2024 |
| Ticket Id | [#333](https://github.com/eclipse-tractusx/item-relationship-service/issues/333) |
| State | WIP |

## Table of Contents

1. [Overview](#overview)
2. [Summary](#summary)
3. [Problem Statement](#problem-statement)
4. [Requirements](#requirements)
5. [NFR](#nfr)
6. [Out of scope](#out-of-scope)
7. [Assumptions](#assumptions)
8. [Concept](#concept)
9. [Glossary](#glossary)
10. [References](#references)

## Overview
New data sovereignty guardrails have been developed for release 24.05 DS, which are to be implemented by the product in release 24.5.

## Summary
The IRS acts as a data consumer. It is therefore necessary to analyse the new DS Guardrails requirements for data consumers.
Here it is important to fulfil these requirements against the current implementation of the IRS.
If there are any deviations, these must be named, and concepts created for them.

## Problem Statement
Analyse and check new data sovereignty guardrails for release 24.05 against current implementation of IRS.

## Requirements
- [ ] These Constraints are the base for a potential “auto-negotiation” process
- [ ] Part of the required logic for such a negotiation process is already available
- [ ] Application Providers must ensure a proper negotiation process
- [ ] Do NOT accept Policies / Offers you or your organization doesn't understand or accept.

Core requirement for data consumers.
- [ ] Establish a legally binding framework agreement.
- [ ] Check whether Data Contract Offer matches Data Provider Offer.

1. Data provider: Selection of a data offer from Catalog offer
2. Data provider:

Policy Store
- [ ] As an admin, I have the option of storing usage policies in the Policy Store
- [ ] As an admin, I have the option of modifying usage policies in the Policy Store
- [ ] As an admin, I have the option of deleting usage policies in the Policy Store
- [ ] Policies stored in the policy store must correspond to a specific format (Policy Definition).
- This format is defined by the C-X Association.
- This format definition is contained in a set of rules in the Policy Repository (Policy Hub).

## Data Sovereignty Q-Gate Criteria for Release 24.05

### Data Provider (Applications FOSS & COTS incl. Broker)
Out of scope for IRS

### Data Consumer (Applications FOSS & COTS incl. Broker)
- [x] **(DS_1.0.0)** The provider of the component implementing the DSP MUST ensure the consumption of data via the DSP protocol adhering to the released version of CX-0018 standard. For example, using the Eclipse Data Space Connector on Tractus X.
- [x] **(DS_1.1.0)** The application MUST ensure that the consumer of the data is uniquely identifiable through its associated BPN-L.
- [x] **(DS_1.2.0)** This BPN-L must be used by this application to identify the data.
- [ ] **(DS_2.0.0)** The application MUST use the BPN-L of consumer of the data when consuming data via the DSP component (e.g. EDC or managed EDC).
- [ ] **(DS_3.0.0)** A user of an application MUST be enforced to act within the constraints of the framework agreement by appropriate means (legal, technical,...).
- [ ] **(DS_4.0.0)** To agree to one or multiple contract offers for a queried data asset, the selection of the appropriate offer MUST be done through the consuming application ensuring to follow company-defined rules and regulations for a user of that application.


#### DS_1.0.0
- [x] IRS [CX-0018 2.0.1](https://catena-x.net/fileadmin/user_upload/Standard-Bibliothek/Update_September23/CX-0018-EclipseDataConnector_EDC_-v.2.0.1.pdf) fulfills any asset consumption (aas and submodel) using the EDC connector.
- [x] CX-0018 2.0.1
- [x] 1.4.1 Requirement: Identification of data exchange partners
- [x] IRS uses the 'IRS Policy Store' to store usage policies
- [x] These policies contain constraints with defined 'RahmenbedingungsID'
- [x] These usage policies are checked in case of any data consumption (notification exchange, aas consumption, submodel consumption)
- [x] 1.4.2 Requirement: Terms & Condition Signing
- IRS validates the "Rahmenbedingungen" on each data consumption
- [x] 1.4.3 Requirement: Data Asset Creation
- For Data consumer: **Out of scope**

#### DS_1.1.0
_EDC consumer deployed in company context_
BPN-L is configured in the EDC consumer used by IRS instance deployed in company context. This BPNL is used to verify the Verifiable credentials provided by the (M)IdentityWallet user.

#### DS_1.2.0
_EDC consumer deployed in company context_
BPN-L is configured in the EDC consumer used by IRS instance deployed in company context. This BPNL is used to verify the Verifiable credentials provided by the (M)IdentityWallet user.

#### DS_2.0.0
_EDC consumer deployed in company context_
IRS uses the configured EDC consumer to consume any data asset. BPNL of company is configured in the EDC.

### DS_3.0.0

#### Access policies
Enforcement of access policies over the configured EDC consumer instance.
The verification of the access policy for a data asset is ensured using the EDC for the concentration of data assets (shells and submodels).
The EDC checks the consumer's authorisation for a data asset.

#### Usage policies
Enforcement of usage policy handling by irs.
Component to be used is the IRS Policy Store to provides a usage policies management.
IRS enforces to only consume assets where usage policy of BPNL matches.
The IRS ensures that data is only consumed if the usage policy matches. In case the usage policy matches, the data asset is accumulated via the EDC after successful contract fulfilment and made available to the business application.

Note:
There is no content or semantic check of the usage policy.
Usage policy existence and matching with provided usage policy of contract offer is checked by the IRS.
Assets are consumed only in case of a positive check whether the usage policy matches the usage policy of the offered ContractOffer.

### DS_4.0.0
Refer to DS_3.0.0. Policy Store and the associated usage policy check is fulfilling this requirement.

### Policy Hub
Policy Hub provides api endpoints to receive usage policy template definition. Policy hub provides templates and restricted value ranges and defines allowed policies in the C-X environment for usage policies.
PolicyHub is used to store only policies which matches policy templates.

### Assessment
IRS current implementation matches the DS Guardrails for R24.5.
Usage of EDC (CX-0018) for consumption of any data asset.
Policy Store is used for checking if usage policy exists for BPNL offering desired asset.
Policy Store is used for checking if usage policy matches policy of asset offered by a BPNL.

**Deviation:**
Actually, usage policies are not validated according to the policy specifications provided by the Policy Hub - this validation should be implemented for the Policy Store.

## Glossary

| Abbreviation | Name | Description |
|--------------|----------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| DS | Data Sovereignty | Data sovereignty refers to the idea that data is subject to the laws and regulations of the country or region where it is located or originates. It asserts the rights of governments to control how data is managed and used within their borders. ||
| DSP | Data Space Protocol | Set of specifications designed to facilitate interoperable data sharing within a dataspace, currently governed by the IDSA |
| AAS | Asset Administration Shell | Asset Administration Shell (AAS) The Asset Administration Shell is a digital representation of an asset. It is a form of a digital twin. |
| - | Policy Hub | Policy Hub provides api endpoints to receive usage policy template definition. Policy hub provides templates and restricted value ranges and defines allowed policies in the C-X environment for usage policies.


## References
* [Swagger Policy Hub](https://policy-hub.dev.demo.catena-x.net/api/policy-hub/swagger/index.html)
* [API Endpoint usage](https://github.com/eclipse-tractusx/policy-hub/tree/release/v0.1.0-rc.4/docs/developer/Technical-Documentation/requests/example-requests.md)
Loading

0 comments on commit 1898634

Please sign in to comment.