diff --git a/DEPENDENCIES b/DEPENDENCIES index 665363136..f76cf020a 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -10,7 +10,7 @@ maven/mavencentral/com.azure/azure-core/1.43.0, MIT AND Apache-2.0, approved, #1 maven/mavencentral/com.azure/azure-core/1.44.1, MIT, approved, clearlydefined maven/mavencentral/com.azure/azure-core/1.45.1, MIT AND Apache-2.0, approved, #11845 maven/mavencentral/com.azure/azure-identity/1.10.1, MIT AND Apache-2.0, approved, #10086 -maven/mavencentral/com.azure/azure-identity/1.11.1, , restricted, clearlydefined +maven/mavencentral/com.azure/azure-identity/1.11.1, MIT, approved, clearlydefined maven/mavencentral/com.azure/azure-json/1.1.0, MIT AND Apache-2.0, approved, #10547 maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.7.0, MIT, approved, #10868 maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.7.3, MIT, approved, #10868 @@ -244,7 +244,7 @@ maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.77, MIT, approved, #11596 maven/mavencentral/org.ccil.cowan.tagsoup/tagsoup/1.2.1, Apache-2.0, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.12.0, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.31.0, MIT, approved, clearlydefined -maven/mavencentral/org.checkerframework/checker-qual/3.41.0, , restricted, clearlydefined +maven/mavencentral/org.checkerframework/checker-qual/3.41.0, MIT, approved, #12032 maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670 maven/mavencentral/org.eclipse.edc/api-core/0.4.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/api-observability/0.4.1, Apache-2.0, approved, technology.edc diff --git a/docs/README.md b/docs/README.md index 1ac9bcd7d..560e39e5f 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,10 +1,10 @@ # Tractus-X EDC -The Tractus-X EDC repository creates runnable applications out of EDC extensions from -the [Eclipse DataSpace Connector](https://github.com/eclipse-edc/Connector) repository. +The Tractus-X EDC repository creates runnable applications out of EDC extensions from the +[EDC Connector](https://github.com/eclipse-edc/Connector) platform. -When running a EDC connector from the Tractus-X EDC repository there are three setups to choose from. They only vary by -using different extensions for +When running an EDC connector from the Tractus-X EDC repository there are three different setups to choose from. They +only vary by using different extensions for - Resolving of Connector-Identities - Persistence of the Control-Plane-State @@ -15,43 +15,33 @@ using different extensions for The three supported setups are. - Setup 1: Pure in Memory **Not intended for production use!** - - [Control Plane](../edc-controlplane/edc-runtime-memory/README.md) - - [IDS DAPS Extensions](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/iam/oauth2/daps) - - In Memory Persistence done by using no extension - - In Memory Keyvault with seedable secrets. - - [Data Plane](../edc-dataplane/edc-dataplane-azure-vault/README.md) - - [Azure Key Vault Extension](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/vault/azure-vault) -- Setup 2: PostgreSQL & Azure Vault - - [Control Plane](../edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md) - - [IDS DAPS Extensions](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/iam/oauth2/daps) - - [PostgreSQL Persistence Extensions](https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql) - - [Azure Key Vault Extension](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/vault/azure-vault) - - [Data Plane](../edc-dataplane/edc-dataplane-azure-vault/README.md) - - [Azure Key Vault Extension](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/vault/azure-vault) -- Setup 3: PostgreSQL & HashiCorp Vault - - [Control Plane](../edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md) - - [IDS DAPS Extensions](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/iam/oauth2/daps) - - [PostgreSQL Persistence Extensions](https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql) - - [HashiCorp Vault Extension](../edc-extensions/hashicorp-vault/README.md) - - [Data Plane](../edc-dataplane/edc-dataplane-hashicorp-vault/README.md) - - [HashiCorp Vault Extension](../edc-extensions/hashicorp-vault/README.md) + - In Memory persistence + - In Memory KeyVault with seedable secrets. + - Planes: + - [Control Plane](../edc-controlplane/edc-runtime-memory/README.md) + - [Data Plane](../edc-dataplane/edc-dataplane-base/README.md) +- Setup 2: PostgreSQL & HashiCorp Vault + - PostgreSQL persistence + - HashiCorp Vault + - Planes: + - [Control Plane](../edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md) + - [Data Plane](../edc-dataplane/edc-dataplane-hashicorp-vault/README.md) +- Setup 3: PostgreSQL & Azure Vault + - PostgreSQL persistence + - Azure Key Vault + - Planes: + - [Control Plane](../edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md) + - [Data Plane](../edc-dataplane/edc-dataplane-azure-vault/README.md) ## Recommended Documentation -### This Repository - -- [Update EDC Version from 0.0.x - 0.1.x](migration/Version_0.0.x_0.1.x.md) +- [MXD: Minimum viable tractusX Dataspace](https://github.com/eclipse-tractusx/tutorial-resources/tree/main/mxd) +- [Migration guides](migration) +- [Development](development/README.md) - [Application: Control Plane](../edc-controlplane) - [Application: Data Plane](../edc-dataplane) -- [Extension: Business Partner Numbers](../edc-extensions/business-partner-validation/README.md) -- [Example: Local TXDC Setup](samples/Local%20TXDC%20Setup.md) -- [Example: Data Transfer](samples/Transfer%20Data.md) - -### Eclipse Dataspace Connector - -- [EDC Domain Model](https://github.com/eclipse-edc/Connector/blob/main/docs/developer/architecture/domain-model.md) -- [EDC Open API Spec](https://github.com/eclipse-edc/Connector/blob/main/resources/openapi/openapi.yaml) -- [HTTP Receiver Extension](https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/http-receiver) +- [Extension: Business Partner Numbers validation](../edc-extensions/bpn-validation/README.md) +- [Eclipse Dataspace Components](https://eclipse-edc.github.io/docs/#/) ## NOTICE diff --git a/docs/development/README.md b/docs/development/README.md new file mode 100644 index 000000000..7887c3f44 --- /dev/null +++ b/docs/development/README.md @@ -0,0 +1,10 @@ +# Development Documentation + +- [Coding principles](coding-principles.md) +- [Decision Records](decision-records) +- [Release](Release.md) + +## Deep Dives +- [Data Plane Http OAuth2](data-plane-http-oauth2.md) +- [EDR Api Overview](edr-api-overview.md) + diff --git a/docs/samples/data-plane-http-oauth2.md b/docs/development/data-plane-http-oauth2.md similarity index 100% rename from docs/samples/data-plane-http-oauth2.md rename to docs/development/data-plane-http-oauth2.md diff --git a/docs/samples/edr-api-overview/edr-api-overview.md b/docs/development/edr-api-overview.md similarity index 97% rename from docs/samples/edr-api-overview/edr-api-overview.md rename to docs/development/edr-api-overview.md index b69e604c4..e86290517 100644 --- a/docs/samples/edr-api-overview/edr-api-overview.md +++ b/docs/development/edr-api-overview.md @@ -112,7 +112,7 @@ associated to it in the configured datasource for future querying. Since `tractusx-edc` [v0.5.1](https://github.com/eclipse-tractusx/tractusx-edc/releases/tag/0.5.1) the cached EDRs also come with a state machine that will manage the lifecycle of an EDR on the consumer side. That means that it will auto-renew it is nearing its expiration date by firing another transfer process request with the same parameters as the original one. Once renewed, the old EDR -will transition to the `EXPIRED` state, and it will be removed from the database and the vault according to the [configuration](../../../core/edr-core/README.md). +will transition to the `EXPIRED` state, and it will be removed from the database and the vault according to the [configuration](../../core/edr-core/README.md). ### EDR Management | Fetch cached EDRs @@ -219,7 +219,7 @@ curl --request GET \ #### Consumer data-plane (proxy) The Consumer data-plane proxy is an extension available in `tractusx-edc` that will use the EDR store to simplify -the data request on consumer side. The documentation is available [here](../../../edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/README.md). +the data request on consumer side. The documentation is available [here](../../edc-extensions/dataplane-proxy/edc-dataplane-proxy-consumer-api/README.md). The only API is: @@ -228,7 +228,7 @@ The only API is: | `/aas/request` | POST | [OpenApi](https://app.swaggerhub.com/apis/eclipse-tractusx-bot/tractusx-edc/0.5.1#/Data%20Plane%20Proxy%20API/requestAsset) | which fetches the data according to the input body. The body should contain the `assetId` plus `providerId` or the `transferProcessId`, -which identifies the EDR to use for fetching data and an `endpointUrl` which is the [provider gateway](../../../edc-extensions/dataplane-proxy/edc-dataplane-proxy-provider-api/README.md) +which identifies the EDR to use for fetching data and an `endpointUrl` which is the [provider gateway](../../edc-extensions/dataplane-proxy/edc-dataplane-proxy-provider-api/README.md) on which the data is available. Example: diff --git a/docs/development/run-config.png b/docs/development/run-config.png deleted file mode 100644 index 4be2d85ad..000000000 Binary files a/docs/development/run-config.png and /dev/null differ diff --git a/docs/kit/Adoption View/00_adoption-view.md b/docs/kit/Adoption View/00_adoption-view.md index 4ccb3494a..4e850b530 100644 --- a/docs/kit/Adoption View/00_adoption-view.md +++ b/docs/kit/Adoption View/00_adoption-view.md @@ -31,7 +31,7 @@ The main difference between the EDC and the previous connectors of the [IDSA][id The architecture of the EDC combines various services that are necessary for the above principles: -- An interface to the Identity Provider service, currently [IDSA][idsa-url]'s [Dynamic Attribute Provisioning System][daps-url]. This central service provides the identity and the corresponding authentication of the participants in the data exchange. (There is no authorization at this point). Decentralized solutions will also be supported in the future. +- An interface to the Identity Provider service, currently [IDSA][idsa-url]'s [Identity And Trust Protocol][iatp-url]. This central service provides the identity and the corresponding authentication of the participants in the data exchange. (There is no authorization at this point). Decentralized solutions will also be supported in the future. - The provision of possible offers (contract offering) which, on the one hand, stipulates the data offered and the associated terms of use (policies) in corresponding contracts. - An interface for manual selection of data and associated contract offers. - The actual data transfer via the data plane extension @@ -40,7 +40,7 @@ The architecture of the EDC combines various services that are necessary for the [edc-url]: https://github.com/eclipse-edc/Connector [gaiax-url]: https://www.data-infrastructure.eu/GAIAX/Navigation/EN/Home/home.html [idsa-url]: https://internationaldataspaces.org/ -[daps-url]: https://www.dataspaces.fraunhofer.de/en/software/identity_provider.html +[iatp-url]: https://github.com/eclipse-tractusx/ssi-docu ## NOTICE diff --git a/docs/kit/Operation View/02_Local Setup/00_local_setup_controlplane.md b/docs/kit/Operation View/02_Local Setup/00_local_setup_controlplane.md index d40432384..1ee5059a8 100644 --- a/docs/kit/Operation View/02_Local Setup/00_local_setup_controlplane.md +++ b/docs/kit/Operation View/02_Local Setup/00_local_setup_controlplane.md @@ -62,12 +62,6 @@ edc.hostname=localhost edc.api.auth.key=password -# OAuth / DAPS related configuration -edc.oauth.token.url=https://daps.example.net -edc.oauth.certificate.alias=key-to-daps-certificate-in-keyvault -edc.oauth.private.key.alias=key-to-private-key-in-keyvault -edc.oauth.client.id=daps-oauth-client-id - # HashiCorp vault related configuration edc.vault.hashicorp.url=http://vault edc.vault.hashicorp.token=55555555-6666-7777-8888-999999999999 diff --git a/docs/samples/README.md b/docs/samples/README.md deleted file mode 100644 index 4621e8a90..000000000 --- a/docs/samples/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Samples - -In this folder are listed some documents that will help you setting up a connector execute some use cases. - -- [Local setup](./example-dataspace/README.md) -- [Transfer data](./Transfer%20Data.md) -- [Data Plane HTTP OAuth2](./data-plane-http-oauth2.md) - -## NOTICE - -This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0). - -- SPDX-License-Identifier: Apache-2.0 -- SPDX-FileCopyrightText: 2021,2022,2023 Contributors to the Eclipse Foundation -- Source URL: diff --git a/docs/samples/Transfer Data.md b/docs/samples/Transfer Data.md deleted file mode 100644 index a9444557a..000000000 --- a/docs/samples/Transfer Data.md +++ /dev/null @@ -1,373 +0,0 @@ -# Transfer Data - -This document will showcase a data transfer between two connectors. - -For this transfer connector **Bob** will act as data provider, and connector **Alice** will act as data -consumer. But the roles could be inverse as well. - -> Please note: Before running the examples the corresponding environment variables must be set. -> How such an environment can be setup locally is documented in [chapter 1](#1-optional---local-setup). - -## Table of Content - -1. [Optional - Local Setup](#1-optional---local-setup) -2. [Setup Data Offer](#2-setup-data-offer) -3. [Request Contract Offers](#3-request-contract-offer-catalog) -4. [Negotiate Contract](#4-negotiate-contract) -5. [Transfer Data](#5-transfer-data) -6. [Verify Data Transfer](#6-verify-data-transfer) - -## 1. Optional - Local Setup - -To create a local setup with two connectors have a look at -the [Local TXDC Setup Documentation](Local%20TXDC%20Setup.md). -It creates two connectors (Plato & Sokrates) with exposed Node Ports. - -### See Node Ports using Minikube - -Run the following command. - -```shell -minkube service list -``` - -Minikube will then print out something like this: - -```plain -|-------------|-----------------------|-----------------|---------------------------| -| NAMESPACE | NAME | TARGET PORT | URL | -|-------------|-----------------------|-----------------|---------------------------| -| cx | backend | frontend/8080 | http://192.168.49.2:31918 | -| | | backend/8081 | http://192.168.49.2:30193 | < Transfer Backend API -| cx | ids-daps | No node port | -| cx | plato-controlplane | default/8080 | http://192.168.49.2:31016 | -| | | control/8083 | http://192.168.49.2:32510 | -| | | data/8081 | http://192.168.49.2:30423 | < Plato Data Management API -| | | validation/8082 | http://192.168.49.2:30997 | -| | | ids/8084 | http://192.168.49.2:32709 | < Plato IDS API -| | | metrics/8085 | http://192.168.49.2:31124 | -| cx | plato-dataplane | No node port | -| cx | sokrates-controlplane | default/8080 | http://192.168.49.2:32297 | -| | | control/8083 | http://192.168.49.2:32671 | -| | | data/8081 | http://192.168.49.2:31772 | < Sokrates Data Management API -| | | validation/8082 | http://192.168.49.2:30540 | -| | | ids/8084 | http://192.168.49.2:32543 | < Sokrates IDS API -| | | metrics/8085 | http://192.168.49.2:30247 | -| cx | sokrates-dataplane | No node port | -| cx | vault | No node port | -| cx | vault-internal | No node port | -| cx | vault-ui | No node port | -| default | kubernetes | No node port | -| kube-system | kube-dns | No node port | -|-------------|-----------------------|-----------------|---------------------------| -``` - -The most important APIs, used by this example, are highlighted. How they are used is described in subchapter ['Set -Environment Variables](#set-environment-variables-used-by-this-example), used by this example below. - -### See Node Ports using Kubernetes - -Using Kubernetes only the Node Ports of each Service must be checked separately. - -Run - -```shell -kubectl describe service -n cx plato-controlplane -``` - -or - -```shell -kubectl describe service -n cx sokrates-controlplane -``` - -Kubernetes will then print out something like this. - -```plain -Name: plato-controlplane -Namespace: cx -Labels: app.kubernetes.io/component=edc-controlplane - app.kubernetes.io/instance=plato-controlplane - app.kubernetes.io/managed-by=Helm - app.kubernetes.io/name=tractusx-connector-controlplane - app.kubernetes.io/part-of=edc - app.kubernetes.io/version=0.2.0 - helm.sh/chart=tractusx-connector-0.2.0 -Annotations: meta.helm.sh/release-name: plato - meta.helm.sh/release-namespace: cx -Selector: app.kubernetes.io/instance=plato-controlplane,app.kubernetes.io/name=tractusx-connector-controlplane -Type: NodePort -IP Family Policy: SingleStack -IP Families: IPv4 -IP: 10.110.180.57 -IPs: 10.110.180.57 -Port: default 8080/TCP -TargetPort: default/TCP -NodePort: default 31016/TCP -Endpoints: 172.17.0.6:8080 -Port: control 8083/TCP -TargetPort: control/TCP -NodePort: control 32510/TCP -Endpoints: 172.17.0.6:8083 -Port: data 8081/TCP -TargetPort: data/TCP -NodePort: data 30423/TCP < Plato Data Manamgent API -Endpoints: 172.17.0.6:8081 -Port: validation 8082/TCP -TargetPort: validation/TCP -NodePort: validation 30997/TCP -Endpoints: 172.17.0.6:8082 -Port: ids 8084/TCP -TargetPort: ids/TCP -NodePort: ids 32709/TCP < Plato IDS API -Endpoints: 172.17.0.6:8084 -Port: metrics 8085/TCP -TargetPort: metrics/TCP -NodePort: metrics 31124/TCP -Endpoints: 172.17.0.6:8085 -Session Affinity: None -External Traffic Policy: Cluster -Events: -``` - -The most important APIs, used by this example, are highlighted. How they are used is described in subchapter ['Set -Environment Variables](#set-environment-variables-used-by-this-example), used by this example below. -In comparison to the Minikube example this call shows only the ports. To call the ports the Kubernetes Node IP / URL is -required. Where to get the IP may vary depending on how Kubernetes is deployed. - -### Set Environment Variables, used by this example - -Environment Variables, containing a URL, used by this example are - -- BOB_DATAMGMT_URL -- ALICE_DATAMGMT_URL -- BOB_IDS_URL -- ALICE_BACKEND_URL - -Let's assume we will use Sokrates as Bob, and Plato as Alice. - -**BOB_DATAMGMT_URL** must be the Node URL. In this local setup it would be `http://192.168.49.2:31772` - -**ALICE_DATAMGMT_URL** must be the Node URL. In this local setup it would be `http://192.168.49.2:30423` - -**BOB_IDS_URL** must be internal Kubernetes URL. In this local setup `http://sokrates-controlplane:8084` - -**ALICE_BACKEND_URL** must the Node URL. In this local setup it would be `http://192.168.49.2:30193` - -## 2. Setup Data Offer - -Set up a data offer in **Bob**, so that **Alice** has something to consume. - -In case you are unfamiliar with the EDC terms `Asset`, `Policy` or `ContractDefinition` please have a look at the -official open source documentation ([link](https://github.com/eclipse-edc/Connector/blob/main/docs/developer/architecture/domain-model.md)). - -![Sequence 1](diagrams/transfer_sequence_1.png) - -The following commands will create an Asset, a Policy and a Contract Definition. -For simplicity `https://jsonplaceholder.typicode.com/todos/1` is used as data source of the asset, but could be any -other API, that is reachable from the Provider Data Plane. - -```bash -curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "asset": { - "properties": { - "asset:prop:id": "1", - "asset:prop:description": "Tractus-X EDC Demo Asset" - } - }, - "dataAddress": { - "properties": { - "type": "HttpData", - "baseUrl": "https://jsonplaceholder.typicode.com/todos/1" - } - } - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -```bash -curl -X POST "${BOB_DATAMGMT_URL}/data/policydefinitions" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "id": "1", - "policy": { - "prohibitions": [], - "obligations": [], - "permissions": [ - { - "edctype": "dataspaceconnector:permission", - "action": { "type": "USE" }, - "constraints": [] - } - ] - } - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -```bash -curl -X POST "${BOB_DATAMGMT_URL}/data/contractdefinitions" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "id": "1", - "criteria": [ - { - "operandLeft": "asset:prop:id", - "operator": "=", - "operandRight": "1" - } - ], - "accessPolicyId": "1", - "contractPolicyId": "1" - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -## 3. Request Contract Offer Catalog - -In this step Alice gets told to request contract offers from another connector (in this case Bob). Alice will -then request the catalog over IDS messaging. - -For IDS messaging connectors will identify each other using the configured IDS DAPS. Therefore, it is important that -connectors, that intent to send messages to each other, have the same DAPS instance configured. - -![Sequence 1](diagrams/transfer_sequence_2.png) - -Run: - -```bash -curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ - --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -## 4. Negotiate Contract - -Initiate a contract negotiation for the asset (from step 1). Part of the negotiation payload is the contract -offer (received in step 2). - -In the diagram the IDS contract negotiation is marked as simplified, because the EDC is exchanging multiple messages -during contract negotiation. But the inter-controlplane communication is not in the scope of this document. - -After the negotiation is initiated ensure that is has concluded. This is done by requesting the negotiation from the API -and checking whether the `contractAgreementId` is set. This might take a few seconds. - -![Sequence 1](diagrams/transfer_sequence_3.png) - -Run: - -```bash -export NEGOTIATION_ID=$( \ - curl -X POST "${ALICE_DATAMGMT_URL}/data/contractnegotiations" \ - --header "X-Api-Key: password" \ - --header "Content-Type: application/json" \ - --data "{ - \"connectorId\": \"foo\", - \"connectorAddress\": \"${BOB_IDS_URL}/api/v1/ids/data\", - \"offer\": { - \"offerId\": \"1:foo\", - \"assetId\": \"1\", - \"policy\": { - \"uid\": \"1\", - \"prohibitions\": [], - \"obligations\": [], - \"permissions\": [ - { - \"edctype\": \"dataspaceconnector:permission\", - \"action\": { \"type\": \"USE\" }, - \"target\": \"1\", - \"constraints\": [] - } - ] - } - } - }" \ - -s | jq -r '.id') -``` - -```bash -curl -X GET "${ALICE_DATAMGMT_URL}/data/contractnegotiations/${NEGOTIATION_ID}" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -## 5. Transfer Data - -Initiate a data transfer using the contract agreement from the negotiation (from step 3). Then wait until the state of -the transfer process is `COMPLETED`. - -![Sequence 1](diagrams/transfer_sequence_4.png) - -Run: - -```bash -export CONTRACT_AGREEMENT_ID=$( \ - curl -X GET "$ALICE_DATAMGMT_URL/data/contractnegotiations/$NEGOTIATION_ID" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -r '.contractAgreementId') -``` - -```bash -export TRANSFER_PROCESS_ID=$(tr -dc '[:alnum:]' < /dev/urandom | head -c20) -export TRANSFER_ID=$( \ - curl -X POST "${ALICE_DATAMGMT_URL}/data/transferprocess" \ - --header "X-Api-Key: password" \ - --header "Content-Type: application/json" \ - --data "{ - \"id\": \"${TRANSFER_PROCESS_ID}\", - \"connectorId\": \"foo\", - \"connectorAddress\": \"${BOB_IDS_URL}/api/v1/ids/data\", - \"contractId\": \"${CONTRACT_AGREEMENT_ID}\", - \"assetId\": \"1\", - \"managedResources\": \"false\", - \"dataDestination\": { \"type\": \"HttpProxy\" } - }" \ - -s | jq -r '.id') -``` - -```bash -curl -X GET "${ALICE_DATAMGMT_URL}/data/transferprocess/${TRANSFER_ID}" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -## 6. Verify Data Transfer - -After the transfer is complete the Backend Application has downloaded the data. The Backend Application stores the data -locally. In this demo the transfer can be verified by executing a simple `cat` call in the Pod. - -![Sequence 1](diagrams/transfer_sequence_5.png) - -```bash -curl -X GET "${ALICE_BACKEND_URL}/${TRANSFER_PROCESS_ID}" \ - --header 'Accept: application/octet-stream' \ - -s | jq -``` - -## Delete All Data - -```bash -minikube kubectl -- delete pvc -n edc-all-in-one --all -``` - -```bash -minikube kubectl -- delete pv -n edc-all-in-one --all -``` - -## NOTICE - -This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0). - -- SPDX-License-Identifier: Apache-2.0 -- SPDX-FileCopyrightText: 2021,2022,2023 Contributors to the Eclipse Foundation -- Source URL: diff --git a/docs/samples/diagrams/transfer_sequence_1.png b/docs/samples/diagrams/transfer_sequence_1.png deleted file mode 100644 index 22500abc3..000000000 Binary files a/docs/samples/diagrams/transfer_sequence_1.png and /dev/null differ diff --git a/docs/samples/diagrams/transfer_sequence_1.puml b/docs/samples/diagrams/transfer_sequence_1.puml deleted file mode 100644 index b49733a01..000000000 --- a/docs/samples/diagrams/transfer_sequence_1.puml +++ /dev/null @@ -1,34 +0,0 @@ -@startuml - -!define aliceColor 66CCFF -!define bobColor CCFF99 -!define dapsColor FFFF99 -!define noteColor 9999FF - -actor User as "User" - -box Alice - participant AliceControlPlane as "Control Plane" #aliceColor - participant AliceBackendService as "Backend Application" #aliceColor - participant AliceDataPlane as "Data Plane" #aliceColor -end box - -box Bob - participant BobControlPlane as "Control Plane" #bobColor - participant BobDataPlane as "Data Plane" #bobColor -end box - -participant JsonPlaceHolder as "JsonPlaceHolder" - - -User -> BobControlPlane ++ : Create Asset -return 204 - -User -> BobControlPlane ++ : Create Policy -return 204 - -User -> BobControlPlane ++ : Create Contract Definition -return 204 - - -@enduml diff --git a/docs/samples/diagrams/transfer_sequence_2.png b/docs/samples/diagrams/transfer_sequence_2.png deleted file mode 100644 index 95b6eeced..000000000 Binary files a/docs/samples/diagrams/transfer_sequence_2.png and /dev/null differ diff --git a/docs/samples/diagrams/transfer_sequence_2.puml b/docs/samples/diagrams/transfer_sequence_2.puml deleted file mode 100644 index 2d078607d..000000000 --- a/docs/samples/diagrams/transfer_sequence_2.puml +++ /dev/null @@ -1,28 +0,0 @@ -@startuml - -!define aliceColor 66CCFF -!define bobColor CCFF99 -!define dapsColor FFFF99 -!define noteColor 9999FF - -actor User as "User" - -box Alice - participant AliceControlPlane as "Control Plane" #aliceColor - participant AliceBackendService as "Backend Application" #aliceColor - participant AliceDataPlane as "Data Plane" #aliceColor -end box - -box Bob - participant BobControlPlane as "Control Plane" #bobColor - participant BobDataPlane as "Data Plane" #bobColor -end box - -participant JsonPlaceHolder as "JsonPlaceHolder" - -User -> AliceControlPlane ++ : Request Contract Offers from Bob - AliceControlPlane -> BobControlPlane ++ : IDS Description Request Message - return Description -return Contract Offers - -@enduml diff --git a/docs/samples/diagrams/transfer_sequence_3.png b/docs/samples/diagrams/transfer_sequence_3.png deleted file mode 100644 index 14a30c9a9..000000000 Binary files a/docs/samples/diagrams/transfer_sequence_3.png and /dev/null differ diff --git a/docs/samples/diagrams/transfer_sequence_3.puml b/docs/samples/diagrams/transfer_sequence_3.puml deleted file mode 100644 index 7bec9eadb..000000000 --- a/docs/samples/diagrams/transfer_sequence_3.puml +++ /dev/null @@ -1,33 +0,0 @@ -@startuml - -!define aliceColor 66CCFF -!define bobColor CCFF99 -!define dapsColor FFFF99 -!define noteColor 9999FF - -actor User as "User" - -box Alice - participant AliceControlPlane as "Control Plane" #aliceColor - participant AliceBackendService as "Backend Application" #aliceColor - participant AliceDataPlane as "Data Plane" #aliceColor -end box - -box Bob - participant BobControlPlane as "Control Plane" #bobColor - participant BobDataPlane as "Data Plane" #bobColor -end box - -participant JsonPlaceHolder as "JsonPlaceHolder" - - -User -> AliceControlPlane ++ : Negotiate Contract for Offer X -AliceControlPlane --> User: Negotiation ID - AliceControlPlane -> BobControlPlane ++ : IDS Contract Negotiation (simplified) - return Contract Agreement -deactivate AliceControlPlane - -User -> AliceControlPlane ++ : Request Negotiation by ID -return Contract Negotiation - -@enduml diff --git a/docs/samples/diagrams/transfer_sequence_4.png b/docs/samples/diagrams/transfer_sequence_4.png deleted file mode 100644 index e3630e70a..000000000 Binary files a/docs/samples/diagrams/transfer_sequence_4.png and /dev/null differ diff --git a/docs/samples/diagrams/transfer_sequence_4.puml b/docs/samples/diagrams/transfer_sequence_4.puml deleted file mode 100644 index 6d4e936ed..000000000 --- a/docs/samples/diagrams/transfer_sequence_4.puml +++ /dev/null @@ -1,44 +0,0 @@ -@startuml - -!define aliceColor 66CCFF -!define bobColor CCFF99 -!define dapsColor FFFF99 -!define noteColor 9999FF - -actor User as "User" - -box Alice - participant AliceControlPlane as "Control Plane" #aliceColor - participant AliceBackendService as "Backend Application" #aliceColor - participant AliceDataPlane as "Data Plane" #aliceColor -end box - -box Bob - participant BobControlPlane as "Control Plane" #bobColor - participant BobDataPlane as "Data Plane" #bobColor -end box - -participant JsonPlaceHolder as "JsonPlaceHolder" - -User -> AliceControlPlane ++ : Request Negotiation by ID -return Contract Negotiation\n(containing Contract Agreement ID) - -User -> AliceControlPlane ++ : Initiate Transfer with Agreement ID -AliceControlPlane --> User : Transfer Process ID - AliceControlPlane -> BobControlPlane ++ : IDS Data Transfer (simplified) -return -AliceControlPlane -> AliceBackendService ++ : Data Plane Endpoint + Token - AliceBackendService -> AliceDataPlane ++ : Request Data with Token - AliceDataPlane -> BobDataPlane ++ : Request Data - BobDataPlane -> JsonPlaceHolder ++ : Request Data - return data - return data - return data - AliceBackendService -> AliceBackendService : Write Data to File -return ok -deactivate AliceControlPlane - -User -> AliceControlPlane ++ : Request Transfer Process by ID -return Transfer Process - -@enduml diff --git a/docs/samples/diagrams/transfer_sequence_5.png b/docs/samples/diagrams/transfer_sequence_5.png deleted file mode 100644 index 1a18b5be2..000000000 Binary files a/docs/samples/diagrams/transfer_sequence_5.png and /dev/null differ diff --git a/docs/samples/diagrams/transfer_sequence_5.puml b/docs/samples/diagrams/transfer_sequence_5.puml deleted file mode 100644 index 598b747b6..000000000 --- a/docs/samples/diagrams/transfer_sequence_5.puml +++ /dev/null @@ -1,27 +0,0 @@ -@startuml - -!define aliceColor 66CCFF -!define bobColor CCFF99 -!define dapsColor FFFF99 -!define noteColor 9999FF - -actor User as "User" - -box Alice - participant AliceControlPlane as "Control Plane" #aliceColor - participant AliceBackendService as "Backend Application" #aliceColor - participant AliceDataPlane as "Data Plane" #aliceColor -end box - -box Bob - participant BobControlPlane as "Control Plane" #bobColor - participant BobDataPlane as "Data Plane" #bobColor -end box - -participant JsonPlaceHolder as "JsonPlaceHolder" - -User -> AliceBackendService ++ : Get File Content -return data - - -@enduml diff --git a/docs/samples/example-dataspace/README.md b/docs/samples/example-dataspace/README.md deleted file mode 100644 index 7650bd125..000000000 --- a/docs/samples/example-dataspace/README.md +++ /dev/null @@ -1,136 +0,0 @@ -# How-To run two connectors and a DAPS - -## 1. Prepare environment - -This guide will bring up two connectors named "Sokrates" and "Plato", each alongside their dependencies (Hashicorp -Vault, PostgreSQL) and a DAPS instance that both share. - -We've tested this setup with [KinD](https://kind.sigs.k8s.io/), but other runtimes such -as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. - -This version of Tractus-X EDC _requires_ a running instance of the Managed Identity Wallet and KeyCloak, a connector -will not be able to communicate to another connector without it. - -Installation instructions for those are beyond the scope of this document, please refer to the respective manuals and -guides for information on how to set them up. - -Furthermore, this guide assumes: - -- the Tractus-X EDC repository is checked out, the working directory for this guide is `docs/samples/example-dataspace` -- a Kubernetes runtime (e.g. KinD) is already installed and ready-to-use -- basic knowledge about `helm` and Kubernetes -- the following tools are available: `yq`, `openssl`, `base64` -- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise - -### 1.1 Create secrets for both runtimes - -We'll need a x509 certificate in order to communicate with DAPS, as well as a private key and a Data Encryption signing -key. - -```shell -# SOKRATES aes encryption key -echo "aes_enckey_test" | base64 > sokrates.aes.key - -# PLATO aes encryption key -echo "aes_enckey_test" | base64 > plato.aes.key -``` - -Any arbitrary string can be used for the AES key, but it has to be 16, 24, or 32 characters in length, assuming UTF-8 -encoding. - -### 1.2 Obtain configuration for MiW and KeyCloak - -> The following information is _required_, your connectors will **not** work properly unless you -> modify the `ssi:` section of `sokrates-values.yaml` and `plato-values.yaml` accordingly! - -For communication with KeyCloak we need the following information - -- the `tokenurl`: URL where access tokens can be obtained -- the `client.id`: KeyCloak identifier of the connector - -Note that the OAuth2 client secret will be stored in the vault under the alias `client-secret`. - -In order to use MiW as credential backend we need the following information: - -- `url`: a URL where MiW is reachable -- `authorityId`: this is the `issuerIdentifier` for MiW REST requests, please refer to the respective documentation. - -Furthermore, we need the `endpoint.audience`, which is used to verify the `aud` claim of incoming requests. This does **not** have to be set explicitly, it defaults to each connector's callback address. - -## 2. Prepare Connectors - -Next, the certificates and private keys we created previously must be stored in each connector's vault by injecting -a `postStart` element to the chart's configuration file: - -```shell -# for sokrates -VALUES_FILE=sokrates-values.yaml -CLIENT_SECRET= -AES_KEY=$(cat sokrates.aes.key) -yq -i ".vault.server.postStart |= [\"sh\",\"-c\",\"{\nsleep 5\n -/bin/vault kv put secret/client-secret content=$CLIENT_SECRET\n -/bin/vault kv put secret/aes-keys content=$AES_KEY\n}\"]" "$VALUES_FILE" - -# for plato -VALUES_FILE=plato-values.yaml -CLIENT_SECRET= -AES_KEY=$(cat plato.aes.key) -yq -i ".vault.server.postStart |= [\"sh\",\"-c\",\"{\nsleep 5\n -/bin/vault kv put secret/client-secret content=$CLIENT_SECRET\n -/bin/vault kv put secret/aes-keys content=$AES_KEY\n}\"]" "$VALUES_FILE" -``` - -## 3 Install the connectors - -Use `helm` to install the Tractus-X EDC Helm charts. In this example we are using the _local_ charts, assuming you have -Tractus-X EDC checked out in your local filesystem at ``. - -```shell -# install sokrates -helm install tx-sokrates /charts/tractusx-connector \ - -f sokrates-values.yaml \ - --dependency-update - -# install plato -helm install tx-plato /charts/tractusx-connector \ - -f plato-values.yaml \ - --dependency-update -``` - -_Note: if you prefer to use the published version of the `tractusx-connector` chart, please add the Tractus-X Helm repo -first:_ - -```shell -helm repo add tractusx-edc https://eclipse-tractusx.github.io/charts/dev -helm install tx-[sokrates|plato] tractusx-edc/tractusx-connector \ - -f [sokrates|plato]-values.yaml \ - --dependency-update -``` - -## 3.1 [Optional] Verify the correct installation - -There is several ways of making sure everything worked out well: - -- simply look at the logs of the Helm releases, e.g. with a tool - like [stern](https://kubernetes.io/blog/2016/10/tail-kubernetes-with-stern/) and look out for a log line similar to: - - ```shell - stern tx-sokrates - ``` - - then look out for something similar to: - - ```shell - tx-sokrates-controlplane-b9456f97b-s5jts tractusx-connector INFO 2023-05-31T07:24:53.020975888 tx-sokrates-controlplane ready - ``` - -- wait for the Kubernetes rollout to be successful, e.g. `kubectl rollout status deployment tx-plato-controlplane` -- use `helm test` to execute tests: `helm test tx-plato` - -## NOTICE - -This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0). - -- SPDX-License-Identifier: Apache-2.0 -- SPDX-FileCopyrightText: 2021,2022,2023 Contributors to the Eclipse Foundation -- Source URL: diff --git a/docs/samples/example-dataspace/plato-values.yaml b/docs/samples/example-dataspace/plato-values.yaml deleted file mode 100644 index c016d9a0e..000000000 --- a/docs/samples/example-dataspace/plato-values.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - - -install: - daps: false -fullnameOverride: tx-plato -################################ -# EDC ControlPlane + DataPlane # -################################ -participant: - id: "BPNPLATO" -controlplane: - service: - type: NodePort - endpoints: - management: - authKey: password - image: - pullPolicy: Never - tag: "latest" - repository: "edc-controlplane-postgresql-hashicorp-vault" - securityContext: - # SSI configuration - ssi: - miw: - url: "" - authorityId: "" - oauth: - tokenurl: "" - client: - id: "" - secretAlias: "client-secret" -dataplane: - endpoints: - management: - authKey: password - image: - pullPolicy: Never - tag: "latest" - repository: "edc-dataplane-hashicorp-vault" - aws: - endpointOverride: http://minio:9000 - secretAccessKey: qwerty123 - accessKeyId: qwerty123 -postgresql: - fullnameOverride: "plato-postgresql" - username: user - password: password - jdbcUrl: jdbc:postgresql://plato-postgresql:5432/edc -vault: - fullnameOverride: "plato-vault" - hashicorp: - url: http://plato-vault:8200 - token: root - secretNames: - transferProxyTokenEncryptionAesKey: aes-keys - secrets: - server: -backendService: - httpProxyTokenReceiverUrl: "http://backend:8080" diff --git a/docs/samples/example-dataspace/sokrates-values.yaml b/docs/samples/example-dataspace/sokrates-values.yaml deleted file mode 100644 index c21948a16..000000000 --- a/docs/samples/example-dataspace/sokrates-values.yaml +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - -install: - daps: false -fullnameOverride: tx-sokrates -################################ -# EDC ControlPlane + DataPlane # -################################ -participant: - id: "BPNSOKRATES" -controlplane: - service: - type: NodePort - endpoints: - management: - authKey: password - image: - pullPolicy: Never - tag: "latest" - repository: "edc-controlplane-postgresql-hashicorp-vault" - # SSI configuration - ssi: - miw: - url: "" - authorityId: "" - oauth: - tokenurl: "" - client: - id: "" - secretAlias: "client-secret" -dataplane: - endpoints: - proxy: - authKey: password - image: - pullPolicy: Never - tag: "latest" - repository: "edc-dataplane-hashicorp-vault" - securityContext: - aws: - endpointOverride: http://minio:9000 - secretAccessKey: qwerty123 - accessKeyId: qwerty123 -postgresql: - fullnameOverride: "sokrates-postgresql" - username: user - password: password - jdbcUrl: jdbc:postgresql://sokrates-postgresql:5432/edc -vault: - fullnameOverride: "sokrates-vault" - hashicorp: - url: http://sokrates-vault:8200 - token: root - secretNames: - transferProxyTokenEncryptionAesKey: aes-keys - secrets: - server: -backendService: - httpProxyTokenReceiverUrl: "http://backend:8080" diff --git a/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md b/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md index 38a2b2bd4..ac6275657 100644 --- a/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md +++ b/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md @@ -37,10 +37,6 @@ Details regarding each configuration property can be found at the [documentary s | edc.ids.catalog.id | | urn:catalog:default | | | ids.webhook.address | | | | | edc.hostname | | localhost | | -| edc.oauth.token.url | X | | | -| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | | -| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | | -| edc.oauth.client.id | X | daps-oauth-client-id | | | edc.vault.clientid | X | 00000000-1111-2222-3333-444444444444 | | | edc.vault.tenantid | X | 55555555-6666-7777-8888-999999999999 | | | edc.vault.name | X | my-vault-name | | @@ -104,12 +100,6 @@ edc.hostname=localhost edc.api.auth.key=password -# OAuth / DAPS related configuration -edc.oauth.token.url=https://daps.example.net -edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault -edc.oauth.private.key.alias=key-to-private-key-in-keyvault -edc.oauth.client.id=daps-oauth-client-id - # Azure vault related configuration edc.vault.clientid=00000000-1111-2222-3333-444444444444 edc.vault.tenantid=55555555-6666-7777-8888-999999999999 diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md index f06c4d127..564ac7101 100644 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md +++ b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/README.md @@ -37,10 +37,6 @@ Details regarding each configuration property can be found at the [documentary s | edc.ids.catalog.id | | urn:catalog:default | | | ids.webhook.address | | | | | edc.hostname | | localhost | | -| edc.oauth.token.url | X | | | -| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | | -| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | | -| edc.oauth.client.id | X | daps-oauth-client-id | | | edc.vault.hashicorp.url | X | | | | edc.vault.hashicorp.token | X | 55555555-6666-7777-8888-999999999999 | | | edc.vault.hashicorp.timeout.seconds | | 30 | | @@ -103,12 +99,6 @@ edc.hostname=localhost edc.api.auth.key=password -# OAuth / DAPS related configuration -edc.oauth.token.url=https://daps.example.net -edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault -edc.oauth.private.key.alias=key-to-private-key-in-keyvault -edc.oauth.client.id=daps-oauth-client-id - # HashiCorp vault related configuration edc.vault.hashicorp.url=http://vault edc.vault.hashicorp.token=55555555-6666-7777-8888-999999999999 diff --git a/edc-controlplane/edc-runtime-memory/README.md b/edc-controlplane/edc-runtime-memory/README.md index 150a8f680..377f566c2 100644 --- a/edc-controlplane/edc-runtime-memory/README.md +++ b/edc-controlplane/edc-runtime-memory/README.md @@ -48,10 +48,6 @@ the [documentary section of the EDC](https://github.com/eclipse-edc/Connector/tr | edc.ids.catalog.id | | urn:catalog:default | | | ids.webhook.address | | | | | edc.hostname | | localhost | | -| edc.oauth.token.url | X | | | -| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | | -| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | | -| edc.oauth.client.id | X | daps-oauth-client-id | | | edc.transfer.proxy.endpoint | X | | | | edc.transfer.proxy.token.signer.privatekey.alias | X | | | @@ -92,12 +88,6 @@ edc.hostname=localhost edc.api.auth.key=password -# OAuth / DAPS related configuration -edc.oauth.token.url=https://daps.example.net -edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault -edc.oauth.private.key.alias=key-to-private-key-in-keyvault -edc.oauth.client.id=daps-oauth-client-id - # Control- / Data- Plane configuration edc.transfer.proxy.endpoint=http://dataplane-public-endpoint/public edc.transfer.proxy.token.signer.privatekey.alias=azure-vault-token-signer-private-key diff --git a/edc-dataplane/edc-dataplane-azure-vault/README.md b/edc-dataplane/edc-dataplane-azure-vault/README.md index 21404d8d0..255adfa26 100644 --- a/edc-dataplane/edc-dataplane-azure-vault/README.md +++ b/edc-dataplane/edc-dataplane-azure-vault/README.md @@ -23,7 +23,6 @@ Details regarding each configuration property can be found at the [documentary s | web.http.control.path | X | /api/controlplane/control | | | edc.receiver.http.endpoint | X | | | | edc.hostname | | localhost | | -| edc.oauth.client.id | X | daps-oauth-client-id | | | edc.vault.clientid | X | 00000000-1111-2222-3333-444444444444 | | | edc.vault.tenantid | X | 55555555-6666-7777-8888-999999999999 | | | edc.vault.name | X | my-vault-name | | diff --git a/edc-dataplane/edc-dataplane-hashicorp-vault/README.md b/edc-dataplane/edc-dataplane-hashicorp-vault/README.md index 799d5dd1f..49da83d76 100644 --- a/edc-dataplane/edc-dataplane-hashicorp-vault/README.md +++ b/edc-dataplane/edc-dataplane-hashicorp-vault/README.md @@ -23,7 +23,6 @@ Details regarding each configuration property can be found at the [documentary s | web.http.control.path | X | /api/controlplane/control | | | edc.receiver.http.endpoint | X | | | | edc.hostname | | localhost | | -| edc.oauth.client.id | X | daps-oauth-client-id | | | edc.vault.hashicorp.url | X | | | | edc.vault.hashicorp.token | X | 55555555-6666-7777-8888-999999999999 | | | edc.vault.hashicorp.timeout.seconds | | 30 | | diff --git a/edc-extensions/build.gradle.kts b/edc-extensions/build.gradle.kts index a6769cfcd..5f8b652f7 100644 --- a/edc-extensions/build.gradle.kts +++ b/edc-extensions/build.gradle.kts @@ -23,7 +23,6 @@ plugins { dependencies { implementation(project(":edc-extensions:bpn-validation")) - implementation(project(":edc-extensions:cx-oauth2")) implementation(project(":edc-extensions:data-encryption")) implementation(project(":edc-extensions:dataplane-selector-configuration")) implementation(project(":edc-extensions:postgresql-migration")) diff --git a/edc-extensions/cx-oauth2/README.md b/edc-extensions/cx-oauth2/README.md deleted file mode 100644 index c796ac245..000000000 --- a/edc-extensions/cx-oauth2/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# Tractus-X OAuth2 Extension - -## Why Tractus-X needs this extension - -In IDS the DAPS token audience is always `idsc:IDS_CONNECTORS_ALL`. At first glance this makes it possible for other connectors to steal and reuse an received token. To mitigate this security risk IDS introduces something called `transportCertsSha256`, which couples the connector audience with its corresponding TLS/SSL certificate. - -From [GitHub IDS-G](https://github.com/International-Data-Spaces-Association/IDS-G/tree/main/Components/IdentityProvider/DAPS) - -> - **transportCertsSha256** Contains the public keys of the used transport certificates, hashed using SHA256. The identifying X509 certificate should not be used for the communication encryption. Therefore, the receiving party needs to connect the identity of a connector by relating its hostname (from the communication encryption layer) and the used private/public key pair, with its IDS identity claim of the DAT. The public transportation key must be one of the `transportCertsSha256` values. Otherwise, the receiving connector must expect that the requesting connector is using a false identity claim. In general, this claim holds an Array of Strings, but it may optionally hold a single String instead if the Array would have exactly one element. - -The reason IDS did this is to prevent the IDS DAPS to know, which connectors talk to each other. But this solution introduces a new level of complexity for different deployment scenarios. The OAuth2 Extension introduces the classic audience validation again, so that users do not have to deal with these things for now. - -## Configuration - -| Key | Description | Mandatory | Default | -|:--------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------|------------| -| edc.oauth.token.url | Token URL of the DAPS | X | | -| edc.oauth.public.key.alias | Vault alias of the public key | X | | -| edc.oauth.client.id | DAPS client id of the connector | X | | -| edc.oauth.private.key.alias | Vault lias of the private key | X | | -| edc.oauth.token.expiration.seconds | | | 5 minutes | -| edc.oauth.validation.nbf.leeway | DAPS token request leeway | | 10 seconds | -| edc.oauth.provider.jwks.refresh | Time between refresh of the DAPS json web key set | | 5 minutes | -| edc.ids.endpoint.audience | The audience the connector requests from the DAPS. Should be the IDS URL of the connector, e.g. `http://plato-edc-controlplane:8282/api/v1/ids/data` | X | | -| edc.ids.validation.referringconnector | Adds checks to the DAPS token. Validation that the `referringConnector` equals the `issuerConnector` and the `securityProfile` of the token is equal to the profile of the IDS message | | false | - -## Audience Validation - -Instead of the `idsc:IDS_CONNECTORS_ALL` the connector requests a specific audience from the DAPS. This audience will be the IDS URL, the connector intends to call. - -When a connector receives a message, it will checks the token audience is equal to the configured value in `edc.ids.endpoint.audience`. - -![sequence diagram](./diagrams/sequence.png) - -## Participant Extension - -Starting from `0.0.1-milestone-9` EDC requires a mandatory setting `edc.participant.id`, which in this case should be the BPN number which is transmitted over the wire to identifying the participants IDs. -To verify that in the DAPS token an extension has been created, that extract from the `ClaimToken` the BPN number and then EDC compare that identity with the one provided over the wire, for security reason. - -By default, the extension parse the `referringConnector` url and extract the BPN number as the last parameter in the URL eg (). - -### Configuration - -| Key | Description | Mandatory | Default | -|:--------------------------------------|:----------------------------------------------------------|-----------|---------------| -| tx.participant.id.regex | Regex for extracting the BPN from the referringConnector | | [^/]+(?=/$|$) | -| tx.participant.id.regexGroup | Group number for the regex match | | 0 | diff --git a/edc-extensions/cx-oauth2/build.gradle.kts b/edc-extensions/cx-oauth2/build.gradle.kts deleted file mode 100644 index 772c60f47..000000000 --- a/edc-extensions/cx-oauth2/build.gradle.kts +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright (c) 2023 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - */ - - -plugins { - `java-library` - `maven-publish` -} - -dependencies { - implementation(libs.edc.spi.core) - implementation(libs.edc.spi.oauth2) - implementation(libs.edc.spi.jwt) - implementation(libs.slf4j.api) - implementation(libs.nimbus.jwt) - implementation(libs.okhttp) - - testImplementation(libs.edc.junit) -} diff --git a/edc-extensions/cx-oauth2/diagrams/sequence.png b/edc-extensions/cx-oauth2/diagrams/sequence.png deleted file mode 100644 index 784441b4e..000000000 Binary files a/edc-extensions/cx-oauth2/diagrams/sequence.png and /dev/null differ diff --git a/edc-extensions/cx-oauth2/diagrams/sequence.puml b/edc-extensions/cx-oauth2/diagrams/sequence.puml deleted file mode 100644 index d2f20f278..000000000 --- a/edc-extensions/cx-oauth2/diagrams/sequence.puml +++ /dev/null @@ -1,24 +0,0 @@ -@startuml - -title CX-DAPS Audience Validation - -participant ConnectorA as "Connector A" -participant DAPS as "IDS DAPS" -participant ConnectorB as "Connector B" - -== Configuration == - -ConnectorB <-? : Configure //edc.ids.endpoint.audience//\nto ///api/v1/ids/data// - -== Request == - -?-> ConnectorA ++: Initiate Catalog Request\n/data/catalog?providerUrl=///api/v1/ids/data// - ConnectorA -> DAPS ++: Request Token for audience\n///api/v1/ids/data// - return DAPS Token - ConnectorA -> ConnectorB ++ : Send Request with Token - ConnectorB -> ConnectorB : Check Audience equals\n/api/v1/ids/data - ... continue request processing ... - return Catalog Response -return Catalog - -@enduml \ No newline at end of file diff --git a/edc-extensions/cx-oauth2/src/main/java/org/eclipse/tractusx/edc/oauth2/CxOauth2Extension.java b/edc-extensions/cx-oauth2/src/main/java/org/eclipse/tractusx/edc/oauth2/CxOauth2Extension.java deleted file mode 100644 index 338784ef3..000000000 --- a/edc-extensions/cx-oauth2/src/main/java/org/eclipse/tractusx/edc/oauth2/CxOauth2Extension.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH - * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation - * - * See the NOTICE file(s) distributed with this work for additional - * information regarding copyright ownership. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - * License for the specific language governing permissions and limitations - * under the License. - * - * SPDX-License-Identifier: Apache-2.0 - */ -package org.eclipse.tractusx.edc.oauth2; - -import org.eclipse.edc.iam.oauth2.spi.CredentialsRequestAdditionalParametersProvider; -import org.eclipse.edc.runtime.metamodel.annotation.Provider; -import org.eclipse.edc.spi.system.ServiceExtension; - -import java.util.Map; - -public class CxOauth2Extension implements ServiceExtension { - - @Override - public String name() { - return "CX OAuth2"; - } - - @Provider - public CredentialsRequestAdditionalParametersProvider credentialsRequestAdditionalParametersProvider() { - return tokenParameters -> Map.of("resource", tokenParameters.getAudience()); - } -} diff --git a/edc-extensions/cx-oauth2/src/main/java/org/eclipse/tractusx/edc/oauth2/CxParticipantExtension.java b/edc-extensions/cx-oauth2/src/main/java/org/eclipse/tractusx/edc/oauth2/CxParticipantExtension.java deleted file mode 100644 index 037851bcd..000000000 --- a/edc-extensions/cx-oauth2/src/main/java/org/eclipse/tractusx/edc/oauth2/CxParticipantExtension.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation - * - */ - -package org.eclipse.tractusx.edc.oauth2; - -import org.eclipse.edc.runtime.metamodel.annotation.Inject; -import org.eclipse.edc.runtime.metamodel.annotation.Setting; -import org.eclipse.edc.spi.agent.ParticipantAgentService; -import org.eclipse.edc.spi.agent.ParticipantAgentServiceExtension; -import org.eclipse.edc.spi.iam.ClaimToken; -import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.system.ServiceExtension; -import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.jetbrains.annotations.NotNull; - -import java.util.Map; -import java.util.regex.Pattern; - -import static org.eclipse.edc.spi.agent.ParticipantAgent.PARTICIPANT_IDENTITY; - -public class CxParticipantExtension implements ServiceExtension, ParticipantAgentServiceExtension { - - public static final String REFERRING_CONNECTOR_CLAIM = "referringConnector"; - - private static final String DEFAULT_PARTICIPANT_ID_REGEX = "[^/]+(?=/$|$)"; - private static final int DEFAULT_PARTICIPANT_ID_REGEX_GROUP = 0; - - @Setting(value = "Participant Extractor from referringConnector regex", defaultValue = CxParticipantExtension.DEFAULT_PARTICIPANT_ID_REGEX) - private static final String PARTICIPANT_ID_REGEX = "tx.participant.id.regex"; - - @Setting(value = "Participant Extractor from referringConnector regex group", defaultValue = "0") - private static final String PARTICIPANT_ID_REGEX_GROUP = "tx.participant.id.regexGroup"; - @Inject - private ParticipantAgentService agentService; - - private Pattern participantRegex; - - private int participantRegexGroup; - - @Inject - private Monitor monitor; - - @Override - public void initialize(ServiceExtensionContext context) { - this.participantRegex = Pattern.compile(context.getConfig().getString(PARTICIPANT_ID_REGEX, DEFAULT_PARTICIPANT_ID_REGEX)); - this.participantRegexGroup = context.getConfig().getInteger(PARTICIPANT_ID_REGEX_GROUP, DEFAULT_PARTICIPANT_ID_REGEX_GROUP); - - agentService.register(this); - } - - @Override - public @NotNull Map attributesFor(ClaimToken token) { - var referringConnector = token.getClaim(REFERRING_CONNECTOR_CLAIM); - if (referringConnector instanceof String referringConnectorUrl) { - var matcher = participantRegex.matcher(referringConnectorUrl); - if (matcher.find()) { - var id = matcher.group(participantRegexGroup); - return Map.of(PARTICIPANT_IDENTITY, id); - } - monitor.warning("Unable to extract the participant id from the referring connector claim"); - } - return Map.of(); - } -} diff --git a/edc-extensions/cx-oauth2/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/edc-extensions/cx-oauth2/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension deleted file mode 100644 index d3d98beb2..000000000 --- a/edc-extensions/cx-oauth2/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ /dev/null @@ -1,22 +0,0 @@ -# -# Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - -org.eclipse.tractusx.edc.oauth2.CxOauth2Extension -org.eclipse.tractusx.edc.oauth2.CxParticipantExtension diff --git a/edc-extensions/cx-oauth2/src/test/java/org/eclipse/tractusx/edc/oauth2/CxParticipantExtensionTest.java b/edc-extensions/cx-oauth2/src/test/java/org/eclipse/tractusx/edc/oauth2/CxParticipantExtensionTest.java deleted file mode 100644 index aabbe35e1..000000000 --- a/edc-extensions/cx-oauth2/src/test/java/org/eclipse/tractusx/edc/oauth2/CxParticipantExtensionTest.java +++ /dev/null @@ -1,90 +0,0 @@ -/* - * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation - * - */ - -package org.eclipse.tractusx.edc.oauth2; - -import org.eclipse.edc.junit.extensions.DependencyInjectionExtension; -import org.eclipse.edc.spi.agent.ParticipantAgentService; -import org.eclipse.edc.spi.iam.ClaimToken; -import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.eclipse.edc.spi.system.injection.ObjectFactory; -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.junit.jupiter.api.extension.ExtensionContext; -import org.junit.jupiter.params.ParameterizedTest; -import org.junit.jupiter.params.provider.Arguments; -import org.junit.jupiter.params.provider.ArgumentsProvider; -import org.junit.jupiter.params.provider.ArgumentsSource; - -import java.util.Map; -import java.util.stream.Stream; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.eclipse.edc.spi.agent.ParticipantAgent.PARTICIPANT_IDENTITY; -import static org.eclipse.tractusx.edc.oauth2.CxParticipantExtension.REFERRING_CONNECTOR_CLAIM; -import static org.mockito.ArgumentMatchers.isA; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; -import static org.mockito.Mockito.verify; - -@ExtendWith(DependencyInjectionExtension.class) -public class CxParticipantExtensionTest { - - CxParticipantExtension extension; - - ParticipantAgentService agentService = mock(ParticipantAgentService.class); - - ServiceExtensionContext context; - - @BeforeEach - void setUp(ObjectFactory factory, ServiceExtensionContext context) { - this.context = spy(context); - context.registerService(ParticipantAgentService.class, agentService); - extension = factory.constructInstance(CxParticipantExtension.class); - } - - @Test - void initialize() { - extension.initialize(context); - verify(agentService).register(isA(CxParticipantExtension.class)); - } - - - @ParameterizedTest - @ArgumentsSource(ClaimProvider.class) - void attributesFor_shouldMatchTheId(Map claims) { - var attributes = Map.of(PARTICIPANT_IDENTITY, "BPNSOKRATES"); - extension.initialize(context); - var claimToken = ClaimToken.Builder.newInstance().claims(claims).build(); - assertThat(extension.attributesFor(claimToken)).containsExactlyEntriesOf(attributes); - } - - static class ClaimProvider implements ArgumentsProvider { - ClaimProvider() { - } - - @Override - public Stream provideArguments(ExtensionContext context) { - return Stream.of( - Map.of(REFERRING_CONNECTOR_CLAIM, "http://sokrates-controlplane/BPNSOKRATES"), - Map.of(REFERRING_CONNECTOR_CLAIM, "http://sokrates-controlplane/BPNSOKRATES/"), - Map.of(REFERRING_CONNECTOR_CLAIM, "http://sokrates-controlplane/test/path/BPNSOKRATES"), - Map.of(REFERRING_CONNECTOR_CLAIM, "https://sokrates-controlplane/test/path/BPNSOKRATES"), - Map.of(REFERRING_CONNECTOR_CLAIM, "BPNSOKRATES") - ).map(Arguments::arguments); - } - } -} - diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml index 757cd64c9..8f4c6da4a 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml @@ -17,21 +17,6 @@ # SPDX-License-Identifier: Apache-2.0 # -## This file can be used to verify that the chart is working properly. It provides an exemplary configuration -## that is intended to be used with the supporting infrastructure. -## 1. install DAPS: -## helm install infrastructure edc-tests/deployment/src/main/resources/helm/test-infrastructure --wait-for-jobs -## -## 2. set Azure KevVault secrets, either through the Azure Portal or through az cli: -## az keyvault secret set --vault-name --name daps-crt --value -## az keyvault secret set --vault-name --name daps-key --value -## az keyvault secret set --vault-name --name aes-keys --value -## -## 3. install the connector plus its third-party dependencies (Postgres): -## helm install tx-prod charts/tractusx-connector-azure-vault-app -f charts/tractusx-connector-azure-vault-app/example.yaml --dependency-update \ -## --set vault.azure.client= \ -## --set vault.azure.tenant= \ -## --set vault.azure.secret= fullnameOverride: tx-prod ################################ diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml index 90120c220..bb60ea652 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml @@ -18,18 +18,6 @@ # SPDX-License-Identifier: Apache-2.0 # -## This file can be used to verify that the chart is working properly. It provides an exemplary configuration -## that is intended to be used with the supporting infrastructure. -## 1. install DAPS: -## helm install infrastructure edc-tests/deployment/src/main/resources/helm/test-infrastructure \ ─╯ -## --wait-for-jobs -## -## 2. install in-mem runtime. Note that the key and crt must match exactly the DAPS setup, c.f. edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml -## export DAPSKEY="" -## export DAPSCRT="" -## export YOUR_VAULT_SECRETS="daps-key:$DAPSKEY;daps-crt:$DAPSCRT" -## helm install trudy charts/tractusx-connector-memory -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml --set vault.secrets=$YOUR_VAULT_SECRETS - --- fullnameOverride: tx-inmem participant: diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/ParticipantRuntime.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/ParticipantRuntime.java index 9feae6c68..10fab82af 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/ParticipantRuntime.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/ParticipantRuntime.java @@ -19,7 +19,7 @@ import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.spi.system.injection.InjectionContainer; -import org.eclipse.tractusx.edc.token.MockDapsService; +import org.eclipse.tractusx.edc.token.MockBpnIdentityService; import org.junit.jupiter.api.extension.AfterAllCallback; import org.junit.jupiter.api.extension.BeforeAllCallback; import org.junit.jupiter.api.extension.ExtensionContext; @@ -35,7 +35,7 @@ public class ParticipantRuntime extends EdcRuntimeExtension implements BeforeAll public ParticipantRuntime(String moduleName, String runtimeName, String bpn, Map properties) { super(moduleName, runtimeName, properties); if (!properties.containsKey("tx.ssi.miw.url")) { - this.registerServiceMock(IdentityService.class, new MockDapsService(bpn)); + this.registerServiceMock(IdentityService.class, new MockBpnIdentityService(bpn)); } } diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java index 106a929bb..8cd68ed4c 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/lifecycle/PgParticipantRuntime.java @@ -15,7 +15,6 @@ package org.eclipse.tractusx.edc.lifecycle; import org.eclipse.edc.connector.core.vault.InMemoryVault; -import org.eclipse.edc.spi.iam.IdentityService; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.result.Result; import org.eclipse.edc.spi.security.Vault; @@ -23,7 +22,6 @@ import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.spi.system.injection.InjectionContainer; import org.eclipse.edc.sql.testfixtures.PostgresqlLocalInstance; -import org.eclipse.tractusx.edc.token.MockDapsService; import org.junit.jupiter.api.extension.ExtensionContext; import org.testcontainers.containers.PostgreSQLContainer; @@ -46,7 +44,6 @@ public class PgParticipantRuntime extends ParticipantRuntime { public PgParticipantRuntime(String moduleName, String runtimeName, String bpn, Map properties) { super(moduleName, runtimeName, bpn, properties); this.dbName = runtimeName.toLowerCase(); - this.registerServiceMock(IdentityService.class, new MockDapsService(bpn)); mockVault(); postgreSqlContainer = new PostgreSQLContainer<>(POSTGRES_IMAGE_NAME) diff --git a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/token/MockDapsService.java b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/token/MockBpnIdentityService.java similarity index 71% rename from edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/token/MockDapsService.java rename to edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/token/MockBpnIdentityService.java index c833b5c8a..7db813b43 100644 --- a/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/token/MockDapsService.java +++ b/edc-tests/e2e-tests/src/test/java/org/eclipse/tractusx/edc/token/MockBpnIdentityService.java @@ -26,17 +26,16 @@ import static java.lang.String.format; /** - * An {@link IdentityService} that will mimic the behaviour of DAPS by inserting the "referringConnector" claim into any token. + * An {@link IdentityService} that will inject the BPN claim in every token. * Please only use in testing scenarios! */ -public class MockDapsService implements IdentityService { +public class MockBpnIdentityService implements IdentityService { private static final String BUSINESS_PARTNER_NUMBER_CLAIM = "BusinessPartnerNumber"; - private static final String REFERRING_CONNECTOR_CLAIM = "referringConnector"; private final String businessPartnerNumber; - private TypeManager typeManager = new TypeManager(); + private final TypeManager typeManager = new TypeManager(); - public MockDapsService(String businessPartnerNumber) { + public MockBpnIdentityService(String businessPartnerNumber) { this.businessPartnerNumber = businessPartnerNumber; } @@ -44,7 +43,7 @@ public MockDapsService(String businessPartnerNumber) { public Result obtainClientCredentials(TokenParameters parameters) { var token = Map.of(BUSINESS_PARTNER_NUMBER_CLAIM, businessPartnerNumber); - TokenRepresentation tokenRepresentation = TokenRepresentation.Builder.newInstance() + var tokenRepresentation = TokenRepresentation.Builder.newInstance() .token(typeManager.writeValueAsString(token)) .build(); return Result.success(tokenRepresentation); @@ -57,9 +56,9 @@ public Result verifyJwtToken(TokenRepresentation tokenRepresentation if (token.containsKey(BUSINESS_PARTNER_NUMBER_CLAIM)) { return Result.success(ClaimToken.Builder.newInstance() .claim(BUSINESS_PARTNER_NUMBER_CLAIM, token.get(BUSINESS_PARTNER_NUMBER_CLAIM)) - .claim(REFERRING_CONNECTOR_CLAIM, token.get(BUSINESS_PARTNER_NUMBER_CLAIM)).build()); + .build()); } - return Result.failure(format("Expected %s and %s claims, but token did not contain them", BUSINESS_PARTNER_NUMBER_CLAIM, REFERRING_CONNECTOR_CLAIM)); + return Result.failure(format("Expected %s claim, but token did not contain them", BUSINESS_PARTNER_NUMBER_CLAIM)); } } diff --git a/edc-tests/runtime/runtime-memory-ssi/build.gradle.kts b/edc-tests/runtime/runtime-memory-ssi/build.gradle.kts index ffd3d0aaa..6a67086f2 100644 --- a/edc-tests/runtime/runtime-memory-ssi/build.gradle.kts +++ b/edc-tests/runtime/runtime-memory-ssi/build.gradle.kts @@ -22,8 +22,6 @@ dependencies { // use basic (all in-mem) control plane implementation(project(":edc-controlplane:edc-controlplane-base")) { - exclude("org.eclipse.edc", "oauth2-core") - exclude("org.eclipse.edc", "oauth2-daps") exclude(module = "data-encryption") } implementation(project(":core:json-ld-core")) @@ -51,7 +49,6 @@ application { mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") } -// do not publish edcBuild { publish.set(false) } diff --git a/edc-tests/runtime/runtime-memory/build.gradle.kts b/edc-tests/runtime/runtime-memory/build.gradle.kts index 8be6581c4..0022efd34 100644 --- a/edc-tests/runtime/runtime-memory/build.gradle.kts +++ b/edc-tests/runtime/runtime-memory/build.gradle.kts @@ -22,10 +22,6 @@ dependencies { // use basic (all in-mem) control plane implementation(project(":edc-controlplane:edc-controlplane-base")) { - exclude("org.eclipse.edc", "oauth2-core") - exclude("org.eclipse.edc", "oauth2-daps") - -// exclude(module = "data-encryption") exclude(module = "json-ld-core") exclude(module = "ssi-identity-core") exclude(module = "ssi-miw-credential-client") @@ -40,7 +36,6 @@ dependencies { exclude("org.eclipse.edc", "api-observability") } - implementation(libs.edc.core.controlplane) // for the controller implementation(libs.jakarta.rsApi) @@ -50,7 +45,6 @@ application { mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") } -// do not publish edcBuild { publish.set(false) } diff --git a/edc-tests/runtime/runtime-postgresql-hashicorp/build.gradle.kts b/edc-tests/runtime/runtime-postgresql-hashicorp/build.gradle.kts index 512d8dd92..f1e1beca2 100644 --- a/edc-tests/runtime/runtime-postgresql-hashicorp/build.gradle.kts +++ b/edc-tests/runtime/runtime-postgresql-hashicorp/build.gradle.kts @@ -37,7 +37,6 @@ dependencies { exclude("org.eclipse.edc", "api-observability") } - implementation(libs.edc.core.controlplane) // for the controller implementation(libs.jakarta.rsApi) @@ -47,7 +46,6 @@ application { mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") } -// do not publish edcBuild { publish.set(false) } diff --git a/edc-tests/runtime/runtime-postgresql/build.gradle.kts b/edc-tests/runtime/runtime-postgresql/build.gradle.kts index fd07930c8..32000816e 100644 --- a/edc-tests/runtime/runtime-postgresql/build.gradle.kts +++ b/edc-tests/runtime/runtime-postgresql/build.gradle.kts @@ -38,7 +38,6 @@ dependencies { exclude("org.eclipse.edc", "api-observability") } - implementation(libs.edc.core.controlplane) // for the controller implementation(libs.jakarta.rsApi) @@ -48,7 +47,6 @@ application { mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") } -// do not publish edcBuild { publish.set(false) } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 61b2c381b..3df0f9ddf 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -73,8 +73,6 @@ edc-dsp = { module = "org.eclipse.edc:dsp", version.ref = "edc" } edc-iam-mock = { module = "org.eclipse.edc:iam-mock", version.ref = "edc" } edc-policy-engine = { module = "org.eclipse.edc:policy-engine", version.ref = "edc" } edc-auth-tokenbased = { module = "org.eclipse.edc:auth-tokenbased", version.ref = "edc" } -edc-auth-oauth2-core = { module = "org.eclipse.edc:oauth2-core", version.ref = "edc" } -edc-auth-oauth2-daps = { module = "org.eclipse.edc:oauth2-daps", version.ref = "edc" } edc-auth-oauth2-client = { module = "org.eclipse.edc:oauth2-client", version.ref = "edc" } edc-transaction-local = { module = "org.eclipse.edc:transaction-local", version.ref = "edc" } edc-ext-http = { module = "org.eclipse.edc:http", version.ref = "edc" } diff --git a/samples/multi-tenancy/build.gradle.kts b/samples/multi-tenancy/build.gradle.kts index 2303cf86d..1da912fda 100644 --- a/samples/multi-tenancy/build.gradle.kts +++ b/samples/multi-tenancy/build.gradle.kts @@ -21,13 +21,13 @@ plugins { dependencies { implementation(libs.edc.boot) + implementation(libs.edc.iam.mock) implementation(project(":edc-controlplane:edc-controlplane-base")) { exclude("org.eclipse.tractusx.edc", "data-encryption") exclude(module = "ssi-miw-credential-client") exclude(module = "ssi-identity-core") exclude(module = "auth-tokenbased") } - implementation(libs.edc.iam.mock) implementation(libs.edc.core.controlplane) } diff --git a/settings.gradle.kts b/settings.gradle.kts index d6c0b6543..35c9e4497 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -37,7 +37,6 @@ include(":edc-extensions:bpn-validation:bpn-validation-api") include(":edc-extensions:bpn-validation:bpn-validation-spi") include(":edc-extensions:bpn-validation:bpn-validation-core") include(":edc-extensions:bpn-validation:business-partner-store-sql") -include(":edc-extensions:cx-oauth2") include(":edc-extensions:data-encryption") include(":edc-extensions:dataplane-selector-configuration") include(":edc-extensions:postgresql-migration")