diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md index 1a763d03c5..28169057dd 100644 --- a/charts/irs-helm/CHANGELOG.md +++ b/charts/irs-helm/CHANGELOG.md @@ -5,11 +5,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] -### Added -- Added configuration parameters `oauth2.semantics.clientId`,`oauth2.semantics.clientSecret`, `oauth2.discovery.clientId`,`oauth2.discovery.clientSecret`, `oauth2.bpdm.clientId`,`oauth2.bpdm.clientSecret` - -### Removed -- Removed configuration parameters `oauth2.clientId`,`oauth2.clientSecret`, `portal.oauth2.clientId`,`portal.oauth2.clientSecret` ## [6.13.0] - 2024-01-15 - Update IRS version to 4.4.0 diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index b43e15ce64..bad14f82a5 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -56,21 +56,16 @@ data: oauth2: client: registration: - semantics: - client-id: "${SEMANTICS_OAUTH2_CLIENT_ID}" # taken from secret ENV - client-secret: "${SEMANTICS_OAUTH2_CLIENT_SECRET}" # taken from secret ENV - discovery: - client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # taken from secret ENV - client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # taken from secret ENV - bpdm: - client-id: ${BPDM_OAUTH2_CLIENT_ID} # taken from secret ENV - client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # taken from secret ENV + common: + client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV + portal: + client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV + client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV provider: - semantics: + common: token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} - discovery: - token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} - bpdm: + portal: token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} digitalTwinRegistry: @@ -134,7 +129,7 @@ data: irs: url: {{ tpl (.Values.irsUrl | default "") . | quote }} discovery: - oAuthClientId: {{ .Values.discovery.oAuthClientId | default "discovery" }} + oAuthClientId: {{ .Values.discovery.oAuthClientId | default "portal" }} {{- if .Values.ess.mockEdcResult }} mockEdcResult: {{- tpl (toYaml .Values.ess.mockEdcResult) . | nindent 10 }} diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml index e30f10c7e8..785961cfe5 100644 --- a/charts/irs-helm/templates/deployment.yaml +++ b/charts/irs-helm/templates/deployment.yaml @@ -81,36 +81,26 @@ spec: secretKeyRef: name: {{ template "irs.secretName" . }} key: minioPassword - - name: SEMANTICS_OAUTH2_CLIENT_ID + - name: OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: semanticsId - - name: SEMANTICS_OAUTH2_CLIENT_SECRET + key: clientId + - name: OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: semanticsSecret - - name: DISCOVERY_OAUTH2_CLIENT_ID + key: clientSecret + - name: PORTAL_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: discoveryClientId - - name: DISCOVERY_OAUTH2_CLIENT_SECRET + key: portalClientId + - name: PORTAL_OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: discoveryClientSecret - - name: BPDM_OAUTH2_CLIENT_ID - valueFrom: - secretKeyRef: - name: {{ template "irs.secretName" . }} - key: bpdmClientId - - name: BPDM_OAUTH2_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: {{ template "irs.secretName" . }} - key: bpdmClientSecret + key: portalClientSecret - name: EDC_API_KEY_SECRET valueFrom: secretKeyRef: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index d9488ae665..c9f8741a28 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -35,12 +35,10 @@ type: Opaque data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} - semanticsId: {{ .Values.oauth2.semantics.clientId | default "semanticsId" | b64enc | quote }} - semanticsSecret: {{ .Values.oauth2.semantics.clientSecret | default "semanticsSecret" | b64enc | quote }} - discoveryClientId: {{ .Values.oauth2.discovery.clientId | default "discoveryClientId" | b64enc | quote }} - discoveryClientSecret: {{ .Values.oauth2.discovery.clientSecret | default "discoveryClientSecret" | b64enc | quote }} - bpdmClientId: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientId" | b64enc | quote }} - bpdmClientSecret: {{ .Values.oauth2.bpdm.clientSecret | default "bpdmClientSecret" | b64enc | quote }} + clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }} + clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }} + portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }} + portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} {{- if .Values.grafana.enabled }} grafanaUser: {{ .Values.grafana.user | default "grafana" | b64enc | quote }} diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index c436def741..9744cd5efd 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -152,16 +152,13 @@ minioUser: "minio" # minioPassword: # minioUrl: "http://{{ .Release.Name }}-minio:9000" oauth2: + clientId: # + clientSecret: # clientTokenUri: # - semantics: - clientId: # - clientSecret: # - discovery: - clientId: # - clientSecret: # - bpdm: - clientId: # - clientSecret: # +portal: + oauth2: + clientId: # + clientSecret: # edc: controlplane: endpoint: @@ -210,7 +207,7 @@ edc: cacheTTL: PT24H # Time to live for ConnectorEndpointService for fetchConnectorEndpoints method cache discovery: - oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client ess: edc: diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 1655a04f7b..67879e47ea 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -7,7 +7,7 @@ info: servers: - url: http://localhost:8080 security: - - api_key: [] + - oAuth2: [] paths: /ess/bpn/investigations: post: @@ -58,7 +58,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId. tags: @@ -123,7 +123,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - api_key: [] + - oAuth2: [] summary: Return job with additional supplyChainImpacted information. tags: - Environmental and Social Standards @@ -202,7 +202,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches." tags: @@ -292,7 +292,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Returns paginated jobs with state and execution times. tags: - Item Relationship Service @@ -343,7 +343,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}." tags: - Item Relationship Service @@ -427,7 +427,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - api_key: [] + - oAuth2: [] summary: Return job with optional item graph result for requested id. tags: - Item Relationship Service @@ -492,7 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - api_key: [] + - oAuth2: [] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -529,7 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -582,7 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -649,7 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - api_key: [] + - oAuth2: [] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -714,7 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - api_key: [] + - oAuth2: [] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -790,7 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - api_key: [] + - oAuth2: [] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -826,7 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -870,7 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -915,7 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -965,7 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - api_key: [] + - oAuth2: [] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -2639,8 +2639,10 @@ components: required: - validUntil securitySchemes: - api_key: - description: Api Key access - in: header - name: X-API-KEY - type: apiKey + oAuth2: + flows: + clientCredentials: + scopes: + {} + tokenUrl: https://localhost + type: oauth2 diff --git a/docs/src/docs/administration/configuration.adoc b/docs/src/docs/administration/configuration.adoc index d3430cc7b9..5c4bbc6241 100644 --- a/docs/src/docs/administration/configuration.adoc +++ b/docs/src/docs/administration/configuration.adoc @@ -156,23 +156,11 @@ This is a list of all secrets used in the deployment. WARNING: Keep the values for these settings safe and do not publish them! -=== -Semantic Hub client ID for OAuth2 provider. Request this from your OAuth2 operator. +=== +Client ID for OAuth2 provider. Request this from your OAuth2 operator. -=== -Semantic Hub client secret for OAuth2 provider. Request this from your OAuth2 operator. - -=== -Dataspace Discovery client ID for OAuth2 provider. Request this from your OAuth2 operator. - -=== -Dataspace Discovery client secret for OAuth2 provider. Request this from your OAuth2 operator. - -=== -BPDM client ID for OAuth2 provider. Request this from your OAuth2 operator. - -=== -BPDM client secret for OAuth2 provider. Request this from your OAuth2 operator. +=== +Client secret for OAuth2 provider. Request this from your OAuth2 operator. === Login username for Minio. To be defined by you. diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 991ab57564..837d9d9810 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -26,12 +26,16 @@ import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.OpenAPI; import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.security.OAuthFlow; +import io.swagger.v3.oas.models.security.OAuthFlows; +import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityRequirement; import io.swagger.v3.oas.models.security.SecurityScheme; import io.swagger.v3.oas.models.servers.Server; import lombok.RequiredArgsConstructor; import org.eclipse.tractusx.irs.IrsApplication; import org.springdoc.core.customizers.OpenApiCustomizer; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -55,7 +59,7 @@ public class OpenApiConfiguration { @Bean public OpenAPI customOpenAPI() { return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString())) - .addSecurityItem(new SecurityRequirement().addList("api_key")) + .addSecurityItem(new SecurityRequirement().addList("oAuth2")) .info(new Info().title("IRS API") .version(IrsApplication.API_VERSION) .description( @@ -65,19 +69,20 @@ public OpenAPI customOpenAPI() { /** * Generates example values in Swagger * + * @param tokenUri the OAuth2 token uri loaded from application.yaml * @return the customizer */ @Bean - public OpenApiCustomizer customizer() { + public OpenApiCustomizer customizer( + @Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) { return openApi -> { final Components components = openApi.getComponents(); - components.addSecuritySchemes("api_key", new SecurityScheme().type(SecurityScheme.Type.APIKEY) - .description("Api Key access") - .in(SecurityScheme.In.HEADER) - .name("X-API-KEY") - ); + components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) + .flows(new OAuthFlows().clientCredentials( + new OAuthFlow().scopes( + new Scopes()) + .tokenUrl(tokenUri)))); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); - new OpenApiExamples().createExamples(components); }; } diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index c8ff5c60f2..cfb85c6231 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -81,7 +81,7 @@ public class BatchController { @Operation(operationId = "registerOrder", summary = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.") @ApiResponses( @@ -121,7 +121,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa @Operation(operationId = "registerESSInvestigationOrder", summary = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.", - security = @SecurityRequirement(name = "api_key"), tags = { "Environmental and Social Standards" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.") @ApiResponses( value = { @ApiResponse(responseCode = "201", description = "Returns orderId of registered Batch order.", @@ -160,7 +160,7 @@ public BatchOrderCreated registerESSInvestigationOrder( } @Operation(description = "Get a batch order for a given orderId.", operationId = "getBatchOrder", - summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), + summary = "Get a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch order for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, schema = @Schema( @@ -206,7 +206,7 @@ public BatchOrderResponse getBatchOrder( @Operation(description = "Get a batch with a given batchId for a given orderId.", operationId = "getBatch", summary = "Get a batch with a given batchId for a given orderId.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch with a given batchId for a given orderId.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -255,7 +255,7 @@ public BatchResponse getBatch( } @Operation(description = "Cancel a batch order for a given orderId.", operationId = "cancelBatchOrder", - summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "api_key"), + summary = "Cancel a batch order for a given orderId.", security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses( value = { @ApiResponse(responseCode = "200", description = "Cancel a batch order for a given orderId.", diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index a8a23c11c4..60166e2c87 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -93,7 +93,7 @@ public class IrsController { @Operation(operationId = "registerJobForGlobalAssetId", summary = "Register an IRS job to retrieve an item graph for given {globalAssetId}.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register an IRS job to retrieve an item graph for given {globalAssetId}.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -131,7 +131,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ @Operation(description = "Return job with optional item graph result for requested id.", operationId = "getJobForJobId", summary = "Return job with optional item graph result for requested id.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -190,7 +190,7 @@ public ResponseEntity getJobById( } @Operation(description = "Cancel job for requested jobId.", operationId = "cancelJobByJobId", - summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "api_key"), + summary = "Cancel job for requested jobId.", security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Job with requested jobId canceled.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -236,7 +236,7 @@ public Job cancelJobByJobId( @Operation(description = "Returns paginated jobs with state and execution times.", operationId = "getJobsByJobStates", summary = "Returns paginated jobs with state and execution times.", - security = @SecurityRequirement(name = "api_key"), tags = { "Item Relationship Service" }) + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Paginated list of jobs with state and execution times for requested job states.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -280,7 +280,7 @@ public PageResult getJobsByState( @Operation(operationId = "getAllAspectModels", summary = "Get all available aspect models from semantic hub or local models.", - security = @SecurityRequirement(name = "api_key"), tags = { "Aspect Models" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Aspect Models" }, description = "Get all available aspect models from semantic hub or local models.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns all available aspect models.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index ca6720b605..9414172ec8 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -75,7 +75,7 @@ class EssController { @Operation(operationId = "registerBPNInvestigation", summary = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -114,7 +114,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI @Operation(description = "Return job with additional supplyChainImpacted information.", operationId = "getBPNInvestigation", summary = "Return job with additional supplyChainImpacted information.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index 52df8d461c..ecf233bb2b 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -9,25 +9,20 @@ spring: oauth2: client: registration: - semantics : + common: authorization-grant-type: client_credentials - client-id: ${SEMANTICS_OAUTH2_CLIENT_ID} # Semantic Hub OAuth2 client ID used to authenticate with the IAM - client-secret: ${SEMANTICS_OAUTH2_CLIENT_SECRET} # Semantic Hub OAuth2 client secret used to authenticate with the IAM - discovery: + client-id: ${OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM + portal: authorization-grant-type: client_credentials - client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # Dataspace Discovery OAuth2 client ID used to authenticate with the IAM - client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # Dataspace Discovery OAuth2 client secret used to authenticate with the IAM - bpdm: - authorization-grant-type: client_credentials - client-id: ${BPDM_OAUTH2_CLIENT_ID} # BPDM Pool OAuth2 client ID used to authenticate with the IAM - client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # BPDM Pool OAuth2 client secret used to authenticate with the IAM + client-id: ${PORTAL_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM provider: - semantics: - token-uri: ${SEMANTICS_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials - discovery: - token-uri: ${DISCOVERY_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials - bpdm: - token-uri: ${BPDM_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + common: + token-uri: ${OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + portal: + token-uri: ${PORTAL_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + management: # Spring management API config, see https://spring.io/guides/gs/centralized-configuration/ endpoints: @@ -216,7 +211,7 @@ semanticshub: # │ │ │ │ │ │ scheduler: 0 0 23 * * * # How often to clear the semantic model cache defaultUrns: "${SEMANTICSHUB_DEFAULT_URNS:urn:bamm:io.catenax.serial_part:1.0.0#SerialPart}" # IDs of models to cache at IRS startup - oAuthClientId: semantics # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the semantic hub client connect: PT90S # HTTP connect timeout for the semantic hub client @@ -224,7 +219,7 @@ semanticshub: bpdm: bpnEndpoint: "${BPDM_URL:}" # Endpoint to resolve BPNs, must contain the placeholders {partnerId} and {idType} - oAuthClientId: bpdm # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the bpdm client connect: PT90S # HTTP connect timeout for the bpdm client @@ -239,7 +234,7 @@ ess: irs: url: "${IRS_URL:}" # IRS Url to connect with discovery: - oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the discovery client connect: PT90S # HTTP connect timeout for the discovery client diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 9365e0f13a..2c18570427 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -74,7 +74,7 @@ public class PolicyStoreController { @Operation(operationId = "registerAllowedPolicy", summary = "Register a policy that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register a policy that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "201"), @@ -106,7 +106,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest @Operation(operationId = "getAllowedPolicies", summary = "Lists the registered policies that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Lists the registered policies that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the policies.", @@ -135,7 +135,7 @@ public List getPolicies() { @Operation(operationId = "deleteAllowedPolicy", summary = "Removes a policy that should no longer be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Removes a policy that should no longer be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), @@ -166,7 +166,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) } @Operation(operationId = "updateAllowedPolicy", summary = "Updates an existing policy with new validUntil value.", - security = @SecurityRequirement(name = "api_key"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Updates an existing policy with new validUntil value.") @ApiResponses(value = { @ApiResponse(responseCode = "200"),