Policy Check

[tanweersalah]

Current Behavior

I followed the postman collection present in the repo, to create the policies and assets , from postman i am able to complete all the steps and retrieve my DT data.

But when i am trying to integrate the back-end and test it, it is giving this error :

[[DtrSearchManager.searchEndpoint] There was no valid policy available for the digital twin registry found!] It was not possible find any valid digital twin registry!,

I can check there is policyCheck enabled option in config file, i tried to disable that but still it is checking for policy and giving this error. I am not sure what that policyCheck is for , may be you can guide me .

policyCheck: enabled: false strictMode: false policies: - permission: - action: "USE" logicalConstraint: "odrl:and" constraints: - leftOperand: "cx-policy:Membership" operator: "odrl:eq" rightOperand: "active" - leftOperand: "cx-policy:FrameworkAgreement" operator: "odrl:eq" rightOperand: "CircularEconomy:1.0" - leftOperand: "cx-policy:UsagePurpose" operator: "odrl:eq" rightOperand: "cx.circular.dpp:1" prohibition: [ ] obligation: [ ]

This is my catalog response from postman :

{ "@id": "19f536e8-ba98-4d0c-ac04-e40437e091d7", "@type": "dcat:Catalog", "dspace:participantId": "BPNL1234567890ZZ", "dcat:dataset": { "@id": "registry-asset", "@type": "dcat:Dataset", "odrl:hasPolicy": { "@id": "cmVnaXN0cnktY29udHJhY3QtZGVmaW5pdGlvbg==:cmVnaXN0cnktYXNzZXQ=:ODI0NWZjZmEtY2UwNS00NjM3LWIzNjUtNDQxNWZlMDIwOWEw", "@type": "odrl:Offer", "odrl:permission": { "odrl:action": { "odrl:type": "http://www.w3.org/ns/odrl/2/use" }, "odrl:constraint": { "odrl:and": [ { "odrl:leftOperand": "Membership", "odrl:operator": { "@id": "odrl:eq" }, "odrl:rightOperand": "active" }, { "odrl:leftOperand": "BusinessPartnerNumber", "odrl:operator": { "@id": "odrl:eq" }, "odrl:rightOperand": "BPNL4444444444XX" }, { "odrl:leftOperand": "cx-policy:UsagePurpose", "odrl:operator": { "@id": "odrl:eq" }, "odrl:rightOperand": "cx.core.digitalTwinRegistry:1" } ] } }, "odrl:prohibition": [], "odrl:obligation": [] }, "dcat:distribution": [ { "@type": "dcat:Distribution", "dct:format": { "@id": "HttpData-PULL" }, "dcat:accessService": { "@id": "08c6bda6-5e7b-43c0-9b5e-0619736f13d9", "@type": "dcat:DataService", "dcat:endpointDescription": "dspace:connector", "dcat:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp", "dct:terms": "dspace:connector", "dct:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp" } }, { "@type": "dcat:Distribution", "dct:format": { "@id": "HttpData-PUSH" }, "dcat:accessService": { "@id": "08c6bda6-5e7b-43c0-9b5e-0619736f13d9", "@type": "dcat:DataService", "dcat:endpointDescription": "dspace:connector", "dcat:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp", "dct:terms": "dspace:connector", "dct:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp" } } ], "version": "3.0", "type": { "@id": "DigitalTwinRegistry" }, "asset:prop:type": "data.core.digitalTwinRegistry", "id": "registry-asset" }, "dcat:service": { "@id": "08c6bda6-5e7b-43c0-9b5e-0619736f13d9", "@type": "dcat:DataService", "dcat:endpointDescription": "dspace:connector", "dcat:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp", "dct:terms": "dspace:connector", "dct:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp" }, "participantId": "BPNL1234567890ZZ", "@context": { "@vocab": "https://w3id.org/edc/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "tx-auth": "https://w3id.org/tractusx/auth/", "cx-policy": "https://w3id.org/catenax/policy/", "dcat": "http://www.w3.org/ns/dcat#", "dct": "http://purl.org/dc/terms/", "odrl": "http://www.w3.org/ns/odrl/2/", "dspace": "https://w3id.org/dspace/v0.8/" } }

Please let me know how i can skip the policy check or what policy i need to added to proceed.

Thanks

[matbmoser]

We can take a look at this for you, I think it is a bug, we will add it in the next release

[matbmoser]

Hi @tanweersalah,

We have took a look and tested from our side ;)

The problem

We have found out that you have chosen the incorrect configuration option in your values.yaml file.
There are 2 options available for policy configuration. One of them is the following:

backend:
  digitalTwinRegistry:
    # -- policy configuration for the digital twin assets in the edc catalog
    policyCheck:
      # -- condition to enable and disable the policy check
      enabled: true
      # -- the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value
      strictMode: false
      # -- list of allowed policies that can be selected from the edc catalog in negotiations
      policies:
        - permission:
            - action: "USE"
              logicalConstraint: "odrl:and"
              constraints:
                - leftOperand: "cx-policy:Membership"
                  operator: "odrl:eq"
                  rightOperand: "active"
                - leftOperand: "cx-policy:UsagePurpose"
                  operator: "odrl:eq"
                  rightOperand: "cx.core.digitalTwinRegistry:1"
          prohibition: []
          obligation: []

Which configures the policy for the "digital twin registry", which is the "Asset" you are trying to retrieve with you EDC.

And this is the one you have disabled:

backend:
    passport:
      # -- configuration for policies to filter in the digital product pass asset negotiation
      policyCheck:
        # -- condition to enable and disable the policy check
        enabled: true
        # -- the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value
        strictMode: false
        # -- list of allowed policies that can be selected from the edc catalog in negotiations
        policies:
          - permission:
              - action: "USE"
                logicalConstraint: "odrl:and"
                constraints:
                  - leftOperand: "cx-policy:Membership"
                    operator: "odrl:eq"
                    rightOperand: "active"
                  - leftOperand: "cx-policy:FrameworkAgreement"
                    operator: "odrl:eq"
                    rightOperand: "CircularEconomy:1.0"
                  - leftOperand: "cx-policy:UsagePurpose"
                    operator: "odrl:eq"
                    rightOperand: "cx.circular.dpp:1"
            prohibition: []
            obligation: []

And this one I just mentioned is for the "passport" asset.

The Solution

For your to configure your policies correctly please make sure you configure and disable the property in the following path:

backend.digitalTwinRegistry.policyCheck.enabled to false

You have configured in backend.passport.policyCheck.enabled because of this it does not work to filter it.

If you disable both, it will not filter anything at all, it should skip it.

It is demonstrated here in this line of code:

digital-product-pass/dpp-backend/digitalproductpass/src/main/java/utils/PolicyUtil.java

Lines 125 to 127 in c800893

	if(!policyConfig.getEnabled()){
	return this.getPolicyById(dataset,policyId);
	}

This line of code is used for both of the configuration, so if the digital twin registry is being retrieved the configuration for the digital twin registry will be used, but if we are retrieving a passport it will use the configuration from the passport