From 762e111b53a2171f251aca9c47104f6a539ea5e4 Mon Sep 17 00:00:00 2001 From: Simone Lindner Date: Mon, 11 Dec 2023 15:40:55 +0100 Subject: [PATCH] new field timeToLive for registration process --- CHANGELOG.md | 7 ++ .../bpndiscovery/BpnDiscoveryProperties.java | 6 ++ .../discoveryfinder/DiscoveryEndpoint.java | 2 + .../bpndiscovery/service/RegisterService.java | 4 +- backend/src/main/resources/application.yml | 1 + .../AbstractDiscoveryFinderClientTest.java | 3 + .../src/test/resources/application-test.yml | 1 + charts/bpndiscovery/Chart.yaml | 2 +- charts/bpndiscovery/README.md | 85 ++++++++++--------- charts/bpndiscovery/templates/secret.yaml | 1 + charts/bpndiscovery/values.yaml | 1 + docs/3-system-scope-and-context.md | 2 +- 12 files changed, 70 insertions(+), 45 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b04a6e..4567bb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.2.8 +### Added +- new field "timeToLive" to DiscoveryEndpoint added, so that a time to live can be provided for the self registration at the DiscoveryFinder + +## fixed + ## 0.2.7 ### Added @@ -15,6 +21,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - Spring Boot version updated to 3.1.6 to fix CVE-2023-46589 and CVE-2023-34053 - update logback version to fix CVE-2023-6378 + ## 0.2.6 ### Added - Introduced versioning of the APIs of the Discovery Services.First version of this API is 1.0 diff --git a/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/BpnDiscoveryProperties.java b/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/BpnDiscoveryProperties.java index cb926c1..cf4ef41 100644 --- a/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/BpnDiscoveryProperties.java +++ b/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/BpnDiscoveryProperties.java @@ -24,6 +24,8 @@ import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.validation.annotation.Validated; +import jakarta.validation.constraints.Max; +import jakarta.validation.constraints.Min; import jakarta.validation.constraints.NotEmpty; import jakarta.validation.constraints.NotNull; import lombok.Data; @@ -43,6 +45,10 @@ public class BpnDiscoveryProperties { private final Idm idm = new Idm(); + @Min( value = 1, message = "value must be greater or equal to 1" ) + @Max( value = 31536000, message = "value must be lesser or equal to 31536000") + private Integer timeToLive; + /** * Properties for Identity Management system */ diff --git a/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/dto/discoveryfinder/DiscoveryEndpoint.java b/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/dto/discoveryfinder/DiscoveryEndpoint.java index 5748178..6e57889 100644 --- a/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/dto/discoveryfinder/DiscoveryEndpoint.java +++ b/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/dto/discoveryfinder/DiscoveryEndpoint.java @@ -47,4 +47,6 @@ public class DiscoveryEndpoint { @JsonProperty( "resourceId" ) private String resourceId; + @JsonProperty( "timeToLive" ) + private Integer timeToLive; } diff --git a/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/service/RegisterService.java b/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/service/RegisterService.java index ff70314..5573d22 100644 --- a/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/service/RegisterService.java +++ b/backend/src/main/java/org/eclipse/tractusx/bpndiscovery/service/RegisterService.java @@ -84,6 +84,8 @@ private DiscoveryEndpoint createDiscoveryEndpointRequest( String type ) { .type( type ) .description( bpnDiscoveryProperties.getDescription() ) .endpointAddress( bpnDiscoveryProperties.getEndpointAddress() ) - .documentation( bpnDiscoveryProperties.getDocumentation() ).build(); + .documentation( bpnDiscoveryProperties.getDocumentation() ) + .timeToLive( bpnDiscoveryProperties.getTimeToLive() ) + .build(); } } diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 06fd885..8593fb4 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -22,6 +22,7 @@ bpndiscovery: description: endpointAddress: documentation: + timeToLive: idm: public-client-id: bpn-id-claim-name: diff --git a/backend/src/test/java/org/eclipse/tractusx/bpndiscovery/service/AbstractDiscoveryFinderClientTest.java b/backend/src/test/java/org/eclipse/tractusx/bpndiscovery/service/AbstractDiscoveryFinderClientTest.java index e4d877f..c06c962 100644 --- a/backend/src/test/java/org/eclipse/tractusx/bpndiscovery/service/AbstractDiscoveryFinderClientTest.java +++ b/backend/src/test/java/org/eclipse/tractusx/bpndiscovery/service/AbstractDiscoveryFinderClientTest.java @@ -107,13 +107,16 @@ public DiscoveryEndpoint dummyDiscoveryEndpoint() { .endpointAddress( "http://localhost:8585" ) .documentation( "http://localhost:8585/swagger/index.html" ) .resourceId( "123-wxy" ) + .timeToLive( 31536000 ) .build(); } public DiscoveryEndpoint applicationDiscoveryEndpoint() { return DiscoveryEndpoint.builder() .type( bpnDiscoveryProperties.getAllowedTypes().get( 0 ) ) + .description( bpnDiscoveryProperties.getDescription() ) .endpointAddress( bpnDiscoveryProperties.getEndpointAddress() ) + .timeToLive( bpnDiscoveryProperties.getTimeToLive() ) .resourceId( "resourceId-app-1" ) .build(); } diff --git a/backend/src/test/resources/application-test.yml b/backend/src/test/resources/application-test.yml index 3d15442..bc30fc7 100644 --- a/backend/src/test/resources/application-test.yml +++ b/backend/src/test/resources/application-test.yml @@ -24,6 +24,7 @@ bpndiscovery: description: "Service to discover BPN to a particular OEN" endpointAddress: "http://localhost:86866" documentation: "http://.../swagger/index.html" + timeToLive: 31536000 idm: public-client-id: bpndiscovery bpn-id-claim-name: bpn diff --git a/charts/bpndiscovery/Chart.yaml b/charts/bpndiscovery/Chart.yaml index f4cd2f8..a599f58 100644 --- a/charts/bpndiscovery/Chart.yaml +++ b/charts/bpndiscovery/Chart.yaml @@ -24,7 +24,7 @@ sources: - https://github.com/eclipse-tractusx/sldt-bpn-discovery type: application -version: 0.1.14 +version: 0.1.15 appVersion: 0.2.7 dependencies: diff --git a/charts/bpndiscovery/README.md b/charts/bpndiscovery/README.md index a79ef8c..6740121 100644 --- a/charts/bpndiscovery/README.md +++ b/charts/bpndiscovery/README.md @@ -29,48 +29,49 @@ helm install bpndiscovery -n discovery charts/bpndiscovery ## Values ### BPN Discovery parameters -| Key | Type | Default | Description | -|---------------------------------------------------------------|------|-------------------------------------|-----------------------------------------------------------------------------------------------------------| -| bpndiscovery.bpndiscoveryEndpoint.allowedTypes | string | `"oen,wmi"` | allowed types for deployed application. (oen,...) | -| bpndiscovery.bpndiscoveryEndpoint.description | string | `""` | Bpn discovery endpoint (description) informationen for the self registration on discoveryfinder | -| bpndiscovery.bpndiscoveryEndpoint.endpointAddress | string | `""` | Bpn discovery endpoint (host of bpn discovery) informationen for the self registration on discoveryfinder | -| bpndiscovery.bpndiscoveryEndpoint.documentation | string | `""` | Bpn discovery endpoint (documentation) informationen for the self registration on discoveryfinder | -| bpndiscovery.discoveryfinderClient.baseUrl | string | `""` | The host of discoveryfinder. This is needed for the selfregistration of bpn discovery | -| bpndiscovery.discoveryfinderClient.registration.clientId | string | `""` | Discovery finder client information (clientId) to the selfregistration. | -| bpndiscovery.discoveryfinderClient.registration.clientSecret | string | `""` | Discovery finder client information (clientSecret) to the self registration. | -| bpndiscovery.discoveryfinderClient.registration.authorizationGrantType | string | `"client_credentials"` | Discovery finder client information (authorizationGrantType) to the self registration. | -| bpndiscovery.discoveryfinderClient.provider.tokenUri | string | `""` | Discovery finder client information (tokenUri) to the self registration. | -| bpndiscovery.bpndiscoveryEndpointallowedTypes | string | `"oen,bpid"` | allowed types for deployed application. (oen,...) | -| bpndiscovery.authentication | bool | `true` | Enables OAuth2 based authentication/authorization | -| bpndiscovery.containerPort | int | `4243` | Containerport | -| bpndiscovery.dataSource.driverClassName | string | `"org.postgresql.Driver"` | The driver class name for the database connection | -| bpndiscovery.dataSource.password | string | `"password"` | Datasource password | -| bpndiscovery.dataSource.sqlInitPlatform | string | `"pg"` | Datasource InitPlatform | -| bpndiscovery.dataSource.url | string | `"jdbc:postgresql://database:5432"` | Datasource URL | -| bpndiscovery.dataSource.user | string | `"user"` | Datasource user | -| bpndiscovery.host | string | `"localhost"` | This value is used by the Ingress object (if enabled) to route traffic | -| bpndiscovery.idp.bpnIdClaimName | string | `"bpn"` | bpnId claim Name | -| bpndiscovery.idp.issuerUri | string | `""` | The issuer URI of the OAuth2 identity provider | -| bpndiscovery.idp.publicClientId | string | `"default-cleint"` | ClientId | -| bpndiscovery.image.imagePullPolicy | string | `"IfNotPresent"` | ImagepullPolicy | -| bpndiscovery.image.registry | string | `"ghcr.io/catenax-ng"` | Image registry | -| bpndiscovery.image.repository | string | `"sldt-bpn-discovery"` | Image repository | -| bpndiscovery.image.version | string | `""` | ersion of image. By default the app Version from Chart.yml is used. You can overwrite the version to use an other version of sldt-bpn-discovery | -| bpndiscovery.ingress.annotations."cert-manager.io/cluster-issuer" | string | `"selfsigned-cluster-issuer"` | | -| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-credentials" | string | `"true"` | | -| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | -| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | | -| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | -| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/x-forwarded-prefix" | string | `"/bpndiscovery"` | | -| bpndiscovery.ingress.className | string | `"nginx"` | The Ingress class name | -| bpndiscovery.ingress.enabled | bool | `false` | Configures if an Ingress resource is created | -| bpndiscovery.ingress.tls | bool | `false` | Configures whether the `Ingress` should include TLS configuration. In that case, a separate `Secret` (as defined by `registry.ingress.tlsSecretName`) needs to be provided manually or by using [cert-manager](https://cert-manager.io/) | -| bpndiscovery.ingress.urlPrefix | string | `"/bpndiscovery"` | The url prefix that is used by the Ingress resource to route traffic | -| bpndiscovery.replicaCount | int | `1` | Replica count | -| bpndiscovery.resources.limits.memory | string | `"1024Mi"` | Resources limit memory | -| bpndiscovery.resources.requests.memory | string | `"512Mi"` | Resources request memory | -| bpndiscovery.service.port | int | `8080` | Service port | -| bpndiscovery.service.type | string | `"ClusterIP"` | Service type | +| Key | Type | Default | Description | +|---------------------------------------------------------------------------------------|---------|-------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| bpndiscovery.bpndiscoveryEndpoint.allowedTypes | string | `"oen,wmi"` | allowed types for deployed application. (oen,...) | +| bpndiscovery.bpndiscoveryEndpoint.description | string | `""` | Bpn discovery endpoint (description) informationen for the self registration on discoveryfinder | +| bpndiscovery.bpndiscoveryEndpoint.endpointAddress | string | `""` | Bpn discovery endpoint (host of bpn discovery) informationen for the self registration on discoveryfinder | +| bpndiscovery.bpndiscoveryEndpoint.documentation | string | `""` | Bpn discovery endpoint (documentation) informationen for the self registration on discoveryfinder | +| bpndiscovery.bpndiscoveryEndpoint.timeToLive | integer | min = 1, max = 31536000 | The timeToLive value of the endpoint. This is needed for the selfregistration of bpn discovery | +| bpndiscovery.discoveryfinderClient.baseUrl | string | `""` | The host of discoveryfinder. This is needed for the selfregistration of bpn discovery | +| bpndiscovery.discoveryfinderClient.registration.clientId | string | `""` | Discovery finder client information (clientId) to the selfregistration. | +| bpndiscovery.discoveryfinderClient.registration.clientSecret | string | `""` | Discovery finder client information (clientSecret) to the self registration. | +| bpndiscovery.discoveryfinderClient.registration.authorizationGrantType | string | `"client_credentials"` | Discovery finder client information (authorizationGrantType) to the self registration. | +| bpndiscovery.discoveryfinderClient.provider.tokenUri | string | `""` | Discovery finder client information (tokenUri) to the self registration. | +| bpndiscovery.bpndiscoveryEndpointallowedTypes | string | `"oen,bpid"` | allowed types for deployed application. (oen,...) | +| bpndiscovery.authentication | bool | `true` | Enables OAuth2 based authentication/authorization | +| bpndiscovery.containerPort | int | `4243` | Containerport | +| bpndiscovery.dataSource.driverClassName | string | `"org.postgresql.Driver"` | The driver class name for the database connection | +| bpndiscovery.dataSource.password | string | `"password"` | Datasource password | +| bpndiscovery.dataSource.sqlInitPlatform | string | `"pg"` | Datasource InitPlatform | +| bpndiscovery.dataSource.url | string | `"jdbc:postgresql://database:5432"` | Datasource URL | +| bpndiscovery.dataSource.user | string | `"user"` | Datasource user | +| bpndiscovery.host | string | `"localhost"` | This value is used by the Ingress object (if enabled) to route traffic | +| bpndiscovery.idp.bpnIdClaimName | string | `"bpn"` | bpnId claim Name | +| bpndiscovery.idp.issuerUri | string | `""` | The issuer URI of the OAuth2 identity provider | +| bpndiscovery.idp.publicClientId | string | `"default-cleint"` | ClientId | +| bpndiscovery.image.imagePullPolicy | string | `"IfNotPresent"` | ImagepullPolicy | +| bpndiscovery.image.registry | string | `"ghcr.io/catenax-ng"` | Image registry | +| bpndiscovery.image.repository | string | `"sldt-bpn-discovery"` | Image repository | +| bpndiscovery.image.version | string | `""` | ersion of image. By default the app Version from Chart.yml is used. You can overwrite the version to use an other version of sldt-bpn-discovery | +| bpndiscovery.ingress.annotations."cert-manager.io/cluster-issuer" | string | `"selfsigned-cluster-issuer"` | | +| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/cors-allow-credentials" | string | `"true"` | | +| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/enable-cors" | string | `"true"` | | +| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/rewrite-target" | string | `"/$2"` | | +| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/use-regex" | string | `"true"` | | +| bpndiscovery.ingress.annotations."nginx.ingress.kubernetes.io/x-forwarded-prefix" | string | `"/bpndiscovery"` | | +| bpndiscovery.ingress.className | string | `"nginx"` | The Ingress class name | +| bpndiscovery.ingress.enabled | bool | `false` | Configures if an Ingress resource is created | +| bpndiscovery.ingress.tls | bool | `false` | Configures whether the `Ingress` should include TLS configuration. In that case, a separate `Secret` (as defined by `registry.ingress.tlsSecretName`) needs to be provided manually or by using [cert-manager](https://cert-manager.io/) | +| bpndiscovery.ingress.urlPrefix | string | `"/bpndiscovery"` | The url prefix that is used by the Ingress resource to route traffic | +| bpndiscovery.replicaCount | int | `1` | Replica count | +| bpndiscovery.resources.limits.memory | string | `"1024Mi"` | Resources limit memory | +| bpndiscovery.resources.requests.memory | string | `"512Mi"` | Resources request memory | +| bpndiscovery.service.port | int | `8080` | Service port | +| bpndiscovery.service.type | string | `"ClusterIP"` | Service type | ### PostgreSQL parameters | Key | Type | Default | Description | diff --git a/charts/bpndiscovery/templates/secret.yaml b/charts/bpndiscovery/templates/secret.yaml index 66ddbea..b0e6b10 100644 --- a/charts/bpndiscovery/templates/secret.yaml +++ b/charts/bpndiscovery/templates/secret.yaml @@ -45,6 +45,7 @@ data: BPNDISCOVERY_ALLOWED_TYPES: {{ .Values.bpndiscovery.bpndiscoveryEndpoint.allowedTypes | b64enc }} BPNDISCOVERY_DESCRIPTION: {{ .Values.bpndiscovery.bpndiscoveryEndpoint.description | b64enc }} BPNDISCOVERY_ENDPOINT_ADDRESS: {{ .Values.bpndiscovery.bpndiscoveryEndpoint.endpointAddress | b64enc }} + BPNDISCOVERY_TIME_TO_LIVE: {{ .Values.bpndiscovery.bpndiscoveryEndpoint.timeToLive | toString | b64enc }} BPNDISCOVERY_DOCUMENTATION: {{ .Values.bpndiscovery.bpndiscoveryEndpoint.documentation | b64enc }} BPNDISCOVERY_IDM_PUBLIC_CLIENT_ID: {{ .Values.bpndiscovery.idp.publicClientId | b64enc }} BPNDISCOVERY_IDM_BPN_ID_CLAIM_NAME: {{ .Values.bpndiscovery.idp.bpnIdClaimName | b64enc }} diff --git a/charts/bpndiscovery/values.yaml b/charts/bpndiscovery/values.yaml index 62fb4be..dc0c262 100644 --- a/charts/bpndiscovery/values.yaml +++ b/charts/bpndiscovery/values.yaml @@ -40,6 +40,7 @@ bpndiscovery: description: "bpndiscovery" endpointAddress: "/bpndiscovery" documentation: "/bpndiscovery/swagger/index.html" + timeToLive: 31536000 ## Configure discoveryFinderClient to register the bpn-discovery on discovery-finder.Properties needed for spring-security config. discoveryfinderClient: baseUrl: "/discoveryfinder" diff --git a/docs/3-system-scope-and-context.md b/docs/3-system-scope-and-context.md index 462731e..936f79c 100644 --- a/docs/3-system-scope-and-context.md +++ b/docs/3-system-scope-and-context.md @@ -20,7 +20,7 @@ |------------------|--------------------------------------------------------------------------| | Consumer App | Requests for BPN with an type and type number | | Data Provider | Requests for register or delete entries from BPN Discovery | -| Discovery Finder | Receives request from BPN Discovey of self-registration purpose | +| Discovery Finder | Receives request from BPN Discovery of self-registration purpose | | Keycloak | Generates token for users and provides id management of user and service |