chore: cherry-pick elements for a hotfix release (#1057)

* fix: Trivy TOOMANYREQUESTS GitHub API response by authenticating (#1053) * Trivy hotfix * fix: Abide to the DataOfferCreationRequest.PolicyEnum rule (#1055) * Enable CI on hotfix branches * select hotfix branch explicitly * change to target branch --------- Co-authored-by: Sebastian Opriel <[email protected]>
sovity · Oct 7, 2024 · ed06072 · ed06072
1 parent 6b86ee4
commit ed06072
Show file tree

Hide file tree

Showing 14 changed files with 324 additions and 44 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -6,7 +6,7 @@ on:
   release:
     types: [ published ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, hotfix/v10.4.1.x ]
 
 env:
   REGISTRY_URL: ghcr.io

diff --git a/.github/workflows/license_scan.yml b/.github/workflows/license_scan.yml
@@ -10,32 +10,38 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run license scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           scan-type: "rootfs"
           scan-ref: "."
           scanners: "license"
           severity: "CRITICAL,HIGH"
           exit-code: 1
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
   license_scan2:
     name: License scan (repo)
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: npm install (typescript-client)
         run: cd extensions/wrapper/clients/typescript-client && npm clean-install
       - name: npm install (typescript-client-example)
         run: cd extensions/wrapper/clients/typescript-client-example && npm clean-install
       - name: Run license scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           scan-type: "repo"
           scan-ref: "."
           scanners: "license"
           severity: "CRITICAL,HIGH"
           exit-code: 1
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/secret_scan.yml b/.github/workflows/secret_scan.yml
@@ -17,9 +17,12 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           scan-type: "fs"
           exit-code: "1"
           ignore-unfixed: true
           scanners: secret
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/security_scan.yml b/.github/workflows/security_scan.yml
@@ -12,29 +12,35 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run static analysis (rootfs)
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           scan-type: "rootfs"
           scanners: "vuln,misconfig"
           ignore-unfixed: true
           format: "sarif"
           output: "trivy-results-rootfs.sarif"
           severity: "CRITICAL,HIGH"
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
   security_scan_repo:
     name: security_scan_repo
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
       - name: Run static analysis (repo)
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           scan-type: "repo"
           scanners: "vuln,misconfig"
           ignore-unfixed: true
           format: "sarif"
           output: "trivy-results-repo.sarif"
           severity: "CRITICAL,HIGH"
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload Trivy scan results to GitHub Security tab (repo)
         uses: github/codeql-action/upload-sarif@v2
         continue-on-error: true

diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
@@ -12,17 +12,20 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run static analysis
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/[email protected]
+        env:
+          TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db:2
         with:
           scan-type: 'fs'
           security-checks: 'vuln,secret,config'
           ignore-unfixed: true
           format: 'sarif'
           output: 'trivy-results.sarif'
           severity: 'CRITICAL'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}
 
 
       - name: Upload Trivy scan results to GitHub Security tab

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -16,6 +16,8 @@ please see [changelog_updates.md](docs/dev/changelog_updates.md).
 
 #### Patch Changes
 
+- Fix issues with the Create Data Offer Endpoint ([PR#1055](https://github.com/sovity/edc-ce/pull/1055))
+
 ### Deployment Migration Notes
 
 _No special deployment migration steps required_
@@ -26,8 +28,6 @@ _No special deployment migration steps required_
   - Dev EDC: `ghcr.io/sovity/edc-dev:{{ VERSION }}`
   - sovity EDC CE: `ghcr.io/sovity/edc-ce:{{ VERSION }}`
   - MDS EDC CE: `ghcr.io/sovity/edc-ce-mds:{{ VERSION }}`
-  - Dev Catalog Crawler: `ghcr.io/sovity/catalog-crawler-dev:{{ VERSION }}`
-  - Catalog Crawler CE: `ghcr.io/sovity/catalog-crawler-ce:{{ VERSION }}`
 - Connector UI Docker Image: `ghcr.io/sovity/edc-ui:{{ UI VERSION }}`
 
 
@@ -226,7 +226,7 @@ MDS 2.2 release
 #### Major Changes
 
 - Complex policies using AND, OR and XONE:
-  - Complex policy support in the Connector UI. 
+  - Complex policy support in the Connector UI.
   - The `UiPolicy` model has been adjusted to support complex expressions including `AND`, `OR` and `XONE`.
   - The `createPolicyDefinition` has been marked as deprecated in favor of the new `createPolicyDefinitionV2` endpoint that supports complex policies.
   - Removed the recently rushed `createPolicyDefinitionUseCase` endpoint in favor of the new `createPolicyDefinitionV2` endpoint.
@@ -271,7 +271,7 @@ MDS 2.2 intermediate release
 
 - API Wrapper UI API: Data sources are now well-typed.
 - The Broker has been removed in favor of the Authority Portal:
-  - A new Deployment Unit, the ["Data Catalog Crawler"](extensions/catalog-crawler/README.md), has been added.
+  - A new Deployment Unit, the ["Data Catalog Crawler"](https://github.com/sovity/edc-ce/tree/v9.0.0/extensions/catalog-crawler/README.md), has been added.
   - Each "Data Catalog Crawler" connects to an existing Authority Portal Deployment's DB.
   - Each "Data Catalog Crawler" is responsible for crawling exactly one environment.
   - The Data Catalog functionality of the Broker has been integrated into the Authority Portal.
@@ -294,7 +294,7 @@ MDS 2.2 intermediate release
   - The database migration system has been moved from multiple migration history tables to a single one.
 - Broker:
   - The broker has been removed. For Authority Portal users, please check out the new
-    [Data Catalog Crawler Productive Deployment Guide](docs/deployment-guide/goals/catalog-crawler-production/README.md).
+    [Data Catalog Crawler Productive Deployment Guide](https://github.com/sovity/edc-ce/tree/v9.0.0/docs/deployment-guide/goals/catalog-crawler-production/README.md).
   - Any previous broker deployment's database is not required anymore.
   - Please care that only some environment variables look similar. It is recommended to create fresh deployments.
 

diff --git a/docs/api/sovity-edc-api-wrapper.yaml b/docs/api/sovity-edc-api-wrapper.yaml
@@ -948,7 +948,7 @@ components:
           $ref: '#/components/schemas/UiAssetCreateRequest'
         policy:
           type: string
-          description: Which policy to apply to this asset.
+          description: Which policy to apply to this asset creation.
           enum:
           - DONT_PUBLISH
           - PUBLISH_UNRESTRICTED

diff --git a/...er-api/src/main/java/de/sovity/edc/ext/wrapper/api/ui/model/DataOfferCreationRequest.java b/...er-api/src/main/java/de/sovity/edc/ext/wrapper/api/ui/model/DataOfferCreationRequest.java
@@ -35,7 +35,7 @@ public class DataOfferCreationRequest {
     @Schema(description = "The asset to create", requiredMode = REQUIRED)
     private UiAssetCreateRequest uiAssetCreateRequest;
 
-    @Schema(description = "Which policy to apply to this asset.", requiredMode = REQUIRED)
+    @Schema(description = "Which policy to apply to this asset creation.", requiredMode = REQUIRED)
     private PolicyDefinitionChoiceEnum policy;
 
     @Schema(description = "Policy Expression.", requiredMode = NOT_REQUIRED)

diff --git a/...-api/src/main/java/de/sovity/edc/ext/wrapper/api/ui/model/PolicyDefinitionChoiceEnum.java b/...-api/src/main/java/de/sovity/edc/ext/wrapper/api/ui/model/PolicyDefinitionChoiceEnum.java
@@ -14,8 +14,15 @@
 
 package de.sovity.edc.ext.wrapper.api.ui.model;
 
+import io.swagger.v3.oas.annotations.media.Schema;
+
+import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;
+
 public enum PolicyDefinitionChoiceEnum {
+    @Schema(description = "Only create the asset", requiredMode = REQUIRED)
     DONT_PUBLISH,
+    @Schema(description = "Create the asset and assigns the always-true policy in the contract definition", requiredMode = REQUIRED)
     PUBLISH_UNRESTRICTED,
+    @Schema(description = "Create the asset, a policy and a contract definition", requiredMode = REQUIRED)
     PUBLISH_RESTRICTED
 }
diff --git a/extensions/wrapper/wrapper/build.gradle.kts b/extensions/wrapper/wrapper/build.gradle.kts
@@ -21,6 +21,7 @@ dependencies {
 
     implementation(project(":extensions:contract-termination"))
     implementation(project(":extensions:database-direct-access"))
+    implementation(project(":extensions:policy-always-true"))
     implementation(project(":extensions:sovity-messenger"))
     implementation(project(":utils:jooq-database-access"))
 

diff --git a/extensions/wrapper/wrapper/src/main/java/de/sovity/edc/ext/wrapper/WrapperExtension.java b/extensions/wrapper/wrapper/src/main/java/de/sovity/edc/ext/wrapper/WrapperExtension.java
@@ -34,6 +34,7 @@
 import org.eclipse.edc.connector.transfer.spi.store.TransferProcessStore;
 import org.eclipse.edc.jsonld.spi.JsonLd;
 import org.eclipse.edc.policy.engine.spi.PolicyEngine;
+import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry;
 import org.eclipse.edc.protocol.dsp.api.configuration.DspApiConfiguration;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.runtime.metamodel.annotation.Setting;
@@ -78,6 +79,8 @@ public class WrapperExtension implements ServiceExtension {
     @Inject
     private PolicyEngine policyEngine;
     @Inject
+    private RuleBindingRegistry ruleBindingRegistry;
+    @Inject
     private TransferProcessService transferProcessService;
     @Inject
     private TransferProcessStore transferProcessStore;
@@ -122,6 +125,7 @@ public void initialize(ServiceExtensionContext context) {
             policyDefinitionService,
             policyDefinitionStore,
             policyEngine,
+            ruleBindingRegistry,
             transferProcessService,
             transferProcessStore,
             typeTransformerRegistry

diff --git a/...apper/wrapper/src/main/java/de/sovity/edc/ext/wrapper/WrapperExtensionContextBuilder.java b/...apper/wrapper/src/main/java/de/sovity/edc/ext/wrapper/WrapperExtensionContextBuilder.java
@@ -79,6 +79,7 @@
 import de.sovity.edc.ext.wrapper.controller.PlaceholderEndpointController;
 import de.sovity.edc.extension.contacttermination.ContractAgreementTerminationService;
 import de.sovity.edc.extension.db.directaccess.DslContextFactory;
+import de.sovity.edc.extension.policy.services.AlwaysTruePolicyDefinitionService;
 import de.sovity.edc.utils.catalog.DspCatalogService;
 import de.sovity.edc.utils.catalog.mapper.DspDataOfferBuilder;
 import lombok.NoArgsConstructor;
@@ -96,6 +97,7 @@
 import org.eclipse.edc.connector.transfer.spi.store.TransferProcessStore;
 import org.eclipse.edc.jsonld.spi.JsonLd;
 import org.eclipse.edc.policy.engine.spi.PolicyEngine;
+import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry;
 import org.eclipse.edc.runtime.metamodel.annotation.Inject;
 import org.eclipse.edc.spi.asset.AssetIndex;
 import org.eclipse.edc.spi.monitor.Monitor;
@@ -135,6 +137,7 @@ public static WrapperExtensionContext buildContext(
         PolicyDefinitionService policyDefinitionService,
         PolicyDefinitionStore policyDefinitionStore,
         PolicyEngine policyEngine,
+        RuleBindingRegistry ruleBindingRegistry,
         TransferProcessService transferProcessService,
         TransferProcessStore transferProcessStore,
         TypeTransformerRegistry typeTransformerRegistry
@@ -250,10 +253,14 @@ public static WrapperExtensionContext buildContext(
             miwConfigBuilder,
             selfDescriptionService
         );
+        var alwaysTruePolicyService = new AlwaysTruePolicyDefinitionService(
+            policyDefinitionService
+        );
         var dataOfferPageApiService = new DataOfferPageApiService(
             assetApiService,
             contractDefinitionApiService,
-            policyDefinitionApiService
+            policyDefinitionApiService,
+            alwaysTruePolicyService
         );
         var uiResource = new UiResourceImpl(
             contractAgreementApiService,