diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 5f5e29995..4f51b1f25 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -13,7 +13,7 @@ on: - released pull_request: paths-ignore: - - 'deployment/helm/**' + - 'charts/**' branches: - '*' @@ -46,7 +46,7 @@ jobs: fetch-depth: 0 - name: Set up JDK 11 - uses: actions/setup-java@v3.4.1 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -69,7 +69,7 @@ jobs: fetch-depth: 0 - name: Set up JDK 11 - uses: actions/setup-java@v3.3.0 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -79,7 +79,7 @@ jobs: run: git submodule update --init - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220902-SNAPSHOT + run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc working-directory: edc - name: Cache SonarCloud packages @@ -103,6 +103,37 @@ jobs: -Dsonar.coverage.jacoco.xmlReportPaths=${GITHUB_WORKSPACE}/edc-tests/target/site/jacoco-aggregate/jacoco.xml \ -Dsonar.verbose=true + build-extensions: + runs-on: ubuntu-latest + needs: [ secret-presence, verify-formatting ] + steps: + # Set-Up + - + name: Checkout + uses: actions/checkout@v3 + - + name: Set up JDK 11 + uses: actions/setup-java@v3.5.1 + with: + java-version: '11' + distribution: 'adopt' + cache: 'maven' + # Build + - + name: Init git submodule + run: git submodule update --init + - + name: Build edc with Gradle to get specific snapshot + run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc + working-directory: edc + - + name: Build Extensions + run: |- + ./mvnw -s settings.xml -B -f edc-extensions -am package + env: + GITHUB_PACKAGE_USERNAME: ${{ github.actor }} + GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} + build-controlplane: runs-on: ubuntu-latest needs: [ secret-presence, verify-formatting ] @@ -129,7 +160,7 @@ jobs: password: ${{ secrets.CXNG_GHCR_PAT }} - name: Set up JDK 11 - uses: actions/setup-java@v3.4.0 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -140,7 +171,7 @@ jobs: run: git submodule update --init - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220902-SNAPSHOT + run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc working-directory: edc - name: Build Controlplane @@ -218,7 +249,7 @@ jobs: password: ${{ secrets.CXNG_GHCR_PAT }} - name: Set up JDK 11 - uses: actions/setup-java@v3.4.1 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -229,7 +260,7 @@ jobs: run: git submodule update --init - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220902-SNAPSHOT + run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc working-directory: edc - name: Build Dataplane diff --git a/.github/workflows/business-tests.yaml b/.github/workflows/business-tests.yaml index 0932f6b6a..71a6f63d9 100644 --- a/.github/workflows/business-tests.yaml +++ b/.github/workflows/business-tests.yaml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@v3 - name: Set-Up JDK 11 - uses: actions/setup-java@v3.4.0 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -62,7 +62,7 @@ jobs: EOF - name: Create k8s Kind Cluster - uses: helm/kind-action@v1.3.0 + uses: helm/kind-action@v1.4.0 with: config: kind.config.yaml @@ -74,7 +74,7 @@ jobs: run: git submodule update --init - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220902-SNAPSHOT + run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc working-directory: edc - name: Build edc-controlplane-postgresql-hashicorp-vault diff --git a/.github/workflows/draft-new-release.yaml b/.github/workflows/draft-new-release.yaml index 7e3096349..051192bf1 100644 --- a/.github/workflows/draft-new-release.yaml +++ b/.github/workflows/draft-new-release.yaml @@ -29,7 +29,7 @@ jobs: git config user.email noreply@github.com - name: Set up JDK 11 - uses: actions/setup-java@v3.4.1 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -42,24 +42,24 @@ jobs: GITHUB_PACKAGE_USERNAME: ${{ github.actor }} GITHUB_PACKAGE_PASSWORD: ${{ secrets.CXNG_GHCR_PAT }} - - name: Bump version in deployment/helm - uses: mikefarah/yq@v4.27.3 + name: Bump version in /charts + uses: mikefarah/yq@v4.27.5 with: cmd: |- - find deployment/helm -name Chart.yaml | xargs -n1 yq -i '.appVersion = "${{ github.event.inputs.version }}" | .version = "${{ github.event.inputs.version }}"' + find charts -name Chart.yaml | xargs -n1 yq -i '.appVersion = "${{ github.event.inputs.version }}" | .version = "${{ github.event.inputs.version }}"' - name: Update Chart READMEs uses: addnab/docker-run-action@v3 with: image: jnorwood/helm-docs:v1.10.0 - options: -v ${{ github.workspace }}/deployment/helm:/helm-docs + options: -v ${{ github.workspace }}/charts:/helm-docs run: | helm-docs --log-level debug - name: Commit changelog and manifest files id: make-commit run: | - git add CHANGELOG.md $(find -name pom.xml) $(find deployment/helm -name Chart.yaml) $(find deployment/helm -name README.md) + git add CHANGELOG.md $(find -name pom.xml) $(find charts -name Chart.yaml) $(find charts -name README.md) git commit --message "Prepare release ${{ github.event.inputs.version }}" echo "::set-output name=commit::$(git rev-parse HEAD)" diff --git a/.github/workflows/helm-lint.yaml b/.github/workflows/helm-lint.yaml index 557d91d5a..bf341b5d6 100644 --- a/.github/workflows/helm-lint.yaml +++ b/.github/workflows/helm-lint.yaml @@ -10,13 +10,13 @@ on: - '[0-9]+.[0-9]+.[0-9]+' paths-ignore: - '**' - - '!deployment/helm/**' + - '!charts/**' pull_request: branches: - '*' paths-ignore: - '**' - - '!deployment/helm/**' + - '!charts/**' jobs: helm-lint: @@ -42,7 +42,7 @@ jobs: python-version: 3.7 - name: chart-testing (setup) - uses: helm/chart-testing-action@v2.3.0 + uses: helm/chart-testing-action@v2.3.1 ##################### ### Chart Testing ### ##################### diff --git a/.github/workflows/kics.yaml b/.github/workflows/kics.yml similarity index 100% rename from .github/workflows/kics.yaml rename to .github/workflows/kics.yml diff --git a/.github/workflows/publish-new-release.yml b/.github/workflows/publish-new-release.yml index 4d5a3f6d0..d10185c72 100644 --- a/.github/workflows/publish-new-release.yml +++ b/.github/workflows/publish-new-release.yml @@ -15,13 +15,11 @@ jobs: runs-on: ubuntu-latest outputs: CXNG_GHCR_PAT: ${{ steps.secret-presence.outputs.CXNG_GHCR_PAT }} - CXNG_RELEASE_PAT: ${{ steps.secret-presence.outputs.CXNG_RELEASE_PAT }} steps: - name: Check whether secrets exist id: secret-presence run: | [ ! -z "${{ secrets.CXNG_GHCR_PAT }}" ] && echo "::set-output name=CXNG_GHCR_PAT::true" - [ ! -z "${{ secrets.CXNG_RELEASE_PAT }}" ] && echo "::set-output name=CXNG_RELEASE_PAT::true" exit 0 # Gate: Check release version presence @@ -69,7 +67,7 @@ jobs: uses: actions/checkout@v3 - name: Set up JDK 11 - uses: actions/setup-java@v3.4.1 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' @@ -79,13 +77,13 @@ jobs: run: git submodule update --init - name: Build edc with Gradle to get specific snapshot - run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220902-SNAPSHOT + run: ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220922-SNAPSHOT -xjavadoc working-directory: edc - name: Deploy run: |- ./mvnw -s settings.xml \ - -Pdelombok -pl '!edc-controlplane/edc-controlplane-memory,!edc-controlplane/edc-controlplane-postgresql,!edc-controlplane/edc-controlplane-postgresql-hashicorp-vault,!edc-dataplane/edc-dataplane-azure-vault,!edc-dataplane/edc-dataplane-hashicorp-vault,!edc-tests' \ + -Pdelombok -pl '!edc-tests' \ -DaltReleaseDeploymentRepository=github::https://maven.pkg.github.com/${{ github.repository }} \ -Dmaven.test.skip=true -B package deploy:deploy env: @@ -121,7 +119,7 @@ jobs: git config user.email noreply@github.com # Package all charts - find deployment/helm -name Chart.yaml -not -path "./edc-tests/*" | xargs -n1 dirname | xargs -n1 helm package -u -d helm-charts + find charts -name Chart.yaml -not -path "./edc-tests/*" | xargs -n1 dirname | xargs -n1 helm package -u -d helm-charts git checkout gh-pages || git checkout -b gh-pages git pull --rebase origin gh-pages @@ -140,7 +138,7 @@ jobs: name: Publish new github release needs: [ secret-presence, release-version ] runs-on: ubuntu-latest - if: github.event.pull_request.merged == true && needs.secret-presence.outputs.CXNG_RELEASE_PAT && needs.release-version.outputs.RELEASE_VERSION + if: github.event.pull_request.merged == true && needs.release-version.outputs.RELEASE_VERSION steps: - name: Export RELEASE_VERSION env @@ -172,7 +170,7 @@ jobs: id: create_release uses: thomaseizinger/create-release@1.0.0 env: - GITHUB_TOKEN: ${{ secrets.CXNG_RELEASE_PAT }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: target_commitish: ${{ github.event.pull_request.merge_commit_sha }} tag_name: ${{ env.RELEASE_VERSION }} @@ -181,7 +179,7 @@ jobs: prerelease: false - name: Set up JDK 11 - uses: actions/setup-java@v3.4.1 + uses: actions/setup-java@v3.5.1 with: java-version: '11' distribution: 'adopt' diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yml similarity index 100% rename from .github/workflows/trivy.yaml rename to .github/workflows/trivy.yml diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml new file mode 100644 index 000000000..f3230f5a2 --- /dev/null +++ b/.github/workflows/veracode.yaml @@ -0,0 +1,2 @@ +# file to satisfy check in https://gh-org-checks.core.demo.catena-x.net/ +# veracode runs inside the build.yaml \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a4429ff6..83c1881f6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,22 +7,34 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.1.2] - 2022-09-30 + +### Added + +- Introduced DEPENDENCIES file + +### Changed + +- Moved helm charts from `deployment/helm` to `charts` +- Replaced distroless image with alpine in all docker images +- Update EDC commit to `740c100ac162bc41b1968c232ad81f7d739aefa9` + ## [0.1.1] - 2022-09-04 -**Important Note**: Please consolidate the migration documentation before updating your connector. [documentation](/docs/migration/Version_0.0.x_0.1.x.md). +**Important Note**: Please consolidate the migration documentation before updating your connector. [documentation](/docs/migration/Version_0.1.0_0.1.1.md). ### Added -- Control-Plane Extension ([cx-oauth2](/edc-extensions/cx-oauth2/README.md)) +- Control-Plane Extension ([cx-oauth2](/edc-extensions/cx-oauth2/README.md)) ### Changed -- Introduced git submodule to import EDC dependencies (instead of snapshot- or milestone artifact) -- Helm Charts: TLS secret name is now configurable +- Introduced git submodule to import EDC dependencies (instead of snapshot- or milestone artifact) +- Helm Charts: TLS secret name is now configurable ### Fixed -- Connectors with Azure Vault extension are now starting again [link](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1892) +- Connectors with Azure Vault extension are now starting again [link](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1892) ## [0.1.0] - 2022-08-19 @@ -96,7 +108,9 @@ corresponding [documentation](/docs/migration/Version_0.0.x_0.1.x.md). ## [0.0.1] - 2022-05-13 -[Unreleased]: https://github.com/catenax-ng/product-edc/compare/0.1.1...HEAD +[Unreleased]: https://github.com/catenax-ng/product-edc/compare/0.1.2...HEAD + +[0.1.2]: https://github.com/catenax-ng/product-edc/compare/0.1.1...0.1.2 [0.1.1]: https://github.com/catenax-ng/product-edc/compare/0.1.0...0.1.1 diff --git a/DEPENDENCIES b/DEPENDENCIES new file mode 100644 index 000000000..c6b2f625b --- /dev/null +++ b/DEPENDENCIES @@ -0,0 +1,169 @@ +maven/mavencentral/com.azure/azure-core-http-netty/1.12.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-core/1.28.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-identity/1.5.1, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.4.2, MIT, approved, clearlydefined +maven/mavencentral/com.electronwill.night-config/core/3.6.6, NOASSERTION, restricted, clearlydefined +maven/mavencentral/com.electronwill.night-config/toml/3.6.6, NOASSERTION, restricted, clearlydefined +maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.13.3, Apache-2.0, approved, CQ24135 +maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.13.3, Apache-2.0, approved, CQ24134 +maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.13.3, Apache-2.0, approved, CQ24136 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.13.2, Apache-2.0, restricted, clearlydefined +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.3, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.2.7, Apache-2.0, approved, CQ23040 +maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949 +maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.1.0, MIT, approved, clearlydefined +maven/mavencentral/com.microsoft.azure/msal4j/1.12.0, MIT, approved, clearlydefined +maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/lang-tag/1.6, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.21, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.24.3, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/9.32, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.squareup.okhttp3/okhttp/4.9.3, Apache-2.0 AND MPL-2.0, approved, #3225 +maven/mavencentral/com.squareup.okio/okio/2.8.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/de.fraunhofer.iais.eis.ids.infomodel/java/4.1.3, , restricted, clearlydefined +maven/mavencentral/de.fraunhofer.iais.eis.infomodel/util/4.1.3, , restricted, clearlydefined +maven/mavencentral/dev.failsafe/failsafe/3.2.4, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.micrometer/micrometer-core/1.8.2, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-buffer/4.1.76.Final, Apache-2.0, approved, CQ21842 +maven/mavencentral/io.netty/netty-codec-dns/4.1.75.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http2/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-socks/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-common/4.1.76.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 +maven/mavencentral/io.netty/netty-handler-proxy/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-handler/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.75.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.75.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-resolver-dns/4.1.75.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.51.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 +maven/mavencentral/io.netty/netty-tcnative-classes/2.0.51.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.76.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.76.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport/4.1.76.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.18, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.18, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.projectreactor/reactor-core/3.4.17, Apache-2.0, approved, clearlydefined +maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest +maven/mavencentral/javax.validation/validation-api/2.0.1.Final, Apache-2.0, approved, CQ15302 +maven/mavencentral/net.catenax.edc.extensions/business-partner-validation/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc.extensions/cx-oauth2/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc.extensions/data-encryption/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc.extensions/dataplane-selector-configuration/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc.extensions/hashicorp-vault/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc.extensions/postgresql-migration/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc/edc-controlplane-base/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc/edc-controlplane-postgresql/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.catenax.edc/edc-dataplane-base/0.1.1-SNAPSHOT, , restricted, clearlydefined +maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390 +maven/mavencentral/net.java.dev.jna/jna/5.5.0, Apache-2.0 or LGPL-2.1, approved, #1508 +maven/mavencentral/net.minidev/accessors-smart/2.4.8, Apache-2.0, approved, clearlydefined +maven/mavencentral/net.minidev/json-smart/2.4.8, Apache-2.0, approved, #3288 +maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.70, MIT, approved, clearlydefined +maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 +maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.70, MIT, approved, clearlydefined +maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670 +maven/mavencentral/org.eclipse.dataspaceconnector/apache-commons-pool-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/api-configuration/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/api-core/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/asset-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/asset-index-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/auth-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/auth-tokenbased/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/azure-vault/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/catalog-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/catalog-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/common-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/common-util/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contract-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contract/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contractagreement-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contractdefinition-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contractdefinition-store-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contractnegotiation-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/contractnegotiation-store-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/control-plane-core/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/control-plane-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/core-base/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/core-boot/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/core-micrometer/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/core-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-management-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-framework/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-http/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-s3/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-selector-client/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-selector-core/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-selector-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-transfer-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/data-plane-transfer-sync/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/filesystem-configuration/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/http-receiver/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/http/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/ids-api-configuration/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/ids-api-multipart-dispatcher-v1/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/ids-api-multipart-endpoint-v1/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/ids-api-transform-v1/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/ids-core/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/ids-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/jdk-logger-monitor/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/jersey-micrometer/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/jersey/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/jetty-micrometer/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/jetty/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/jwt-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/oauth2-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/observability-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policy-engine-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policy-engine/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policy-evaluator/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policy-model/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policy-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policy-store-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/policydefinition-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/runtime-metamodel/0.0.1-20220929.123028-13, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/s3-core/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transaction-datasource-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transaction-local/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transaction-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transfer-process-store-sql/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transfer-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transfer/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transferprocess-api/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/transport-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.eclipse.dataspaceconnector/web-spi/0.0.1-20220902-SNAPSHOT, Apache-2.0, approved, technology.dataspaceconnector +maven/mavencentral/org.flywaydb/flyway-core/9.3.1, NOASSERTION, restricted, clearlydefined +maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, , approved, CQ13192 +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.4.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.4.10, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.jetbrains/annotations/15.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, CQ24052 +maven/mavencentral/org.postgresql/postgresql/42.5.0, BSD-2-Clause, approved, #3416 +maven/mavencentral/org.projectlombok/lombok/1.18.24, MIT AND LicenseRef-Public-Domain, approved, CQ23907 +maven/mavencentral/org.reactivestreams/reactive-streams/1.0.3, CC0-1.0, approved, CQ16332 +maven/mavencentral/org.slf4j/slf4j-api/2.0.0-beta1, MIT, approved, CQ24150 +maven/mavencentral/software.amazon.awssdk/annotations/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/arns/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/auth/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/aws-core/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/http-client-spi/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/iam/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/json-utils/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/metrics-spi/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/profiles/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/protocol-core/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/regions/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/s3/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/sdk-core/2.17.278, Apache-2.0, approved, #3167 +maven/mavencentral/software.amazon.awssdk/sts/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.17.278, Apache-2.0, approved, #3166 +maven/mavencentral/software.amazon.awssdk/utils/2.17.278, , restricted, clearlydefined +maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined diff --git a/README.md b/README.md index c720d758f..4a7d0fe38 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,61 @@ -# Catena-X specific edc apps + -This project provides pre-built Control-Plane and Data-Plane [docker](https://www.docker.com/) images and [helm](https://helm.sh/) charts of the [Eclipse DataSpaceConnector Project](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). + +[![Contributors][contributors-shield]][contributors-url] +[![Stargazers][stars-shield]][stars-url] +[![Apache 2.0 License][license-shield]][license-url] +[![Latest Release][release-shield]][release-url] + + +
+
+ + Logo + + +

Product Eclipse Dataspace Connector

+

Catena-X

+ +

+ Container images and deployments of the Eclipse Dataspace Connector open source project. +
+ Explore the docs » +
+
+ View Eclipse Dataspace Connector + · + Releases + · + Report Bug / Request Feature +

+
+ + + +
+ Table of Contents +
    +
  1. + About The Project +
    2. +
  2. + Inventory +
    3. +
  3. + Getting Started + +
    4. +
  4. License
    5. +
+
+ +## About The Project + +The project provides pre-built control- and data-plane [docker](https://www.docker.com/) images and [helm](https://helm.sh/) charts of the [Eclipse DataSpaceConnector Project](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector). + +

(back to top)

## Inventory @@ -26,10 +81,41 @@ Derivatives of the Data-Plane can be found here * [edc-dataplane-hashicorp-vault](edc-dataplane/edc-dataplane-hashicorp-vault) with dependency onto * [Hashicorp Vault](https://www.vaultproject.io/) -## Prerequisites +

(back to top)

+ +## Getting Started + +

(back to top)

-## Build +### Build + +1. Build EDC Submodule Dependencies +```shell +git submodule update --init +cd edc && ./gradlew publishToMavenLocal -Pskip.signing=true -PedcVersion=0.0.1-20220902-SNAPSHOT -xjavadoc && cd .. +``` + +2. Build Product-EDC Container Images ```shell ./mvnw package -Pwith-docker-image ``` + +

(back to top)

+ +## License + +Distributed under the Apache 2.0 License. See [LICENSE](https://github.com/catenax-ng/product-edc/blob/main/LICENSE) for more information. + +

(back to top)

+ + + +[contributors-shield]: https://img.shields.io/github/contributors/catenax-ng/product-edc.svg?style=for-the-badge +[contributors-url]: https://github.com/catenax-ng/product-edc/graphs/contributors +[stars-shield]: https://img.shields.io/github/stars/catenax-ng/product-edc.svg?style=for-the-badge +[stars-url]: https://github.com/catenax-ng/product-edc/stargazers +[license-shield]: https://img.shields.io/github/license/catenax-ng/product-edc.svg?style=for-the-badge +[license-url]: https://github.com/catenax-ng/product-edc/blob/main/LICENSE +[release-shield]: https://img.shields.io/github/v/release/catenax-ng/product-edc.svg?style=for-the-badge +[release-url]: https://github.com/catenax-ng/product-edc/releases diff --git a/deployment/helm/README.md b/charts/README.md similarity index 100% rename from deployment/helm/README.md rename to charts/README.md diff --git a/deployment/helm/edc-controlplane/.helmignore b/charts/edc-controlplane/.helmignore similarity index 100% rename from deployment/helm/edc-controlplane/.helmignore rename to charts/edc-controlplane/.helmignore diff --git a/deployment/helm/edc-controlplane/Chart.yaml b/charts/edc-controlplane/Chart.yaml similarity index 68% rename from deployment/helm/edc-controlplane/Chart.yaml rename to charts/edc-controlplane/Chart.yaml index d81685edc..a0e964e0d 100644 --- a/deployment/helm/edc-controlplane/Chart.yaml +++ b/charts/edc-controlplane/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: edc-controlplane description: >- EDC Control-Plane - The Eclipse DataSpaceConnector administration layer with responsibility of resource management and govern contracts and data transfers -home: https://github.com/catenax-ng/product-edc/deployment/helm/edc-controlplane +home: https://github.com/catenax-ng/product-edc/charts/edc-controlplane type: application -appVersion: "0.1.1" -version: 0.1.1 +appVersion: "0.1.2" +version: 0.1.2 maintainers: [] diff --git a/deployment/helm/edc-controlplane/README.md b/charts/edc-controlplane/README.md similarity index 98% rename from deployment/helm/edc-controlplane/README.md rename to charts/edc-controlplane/README.md index 46e933039..2ea1be08a 100644 --- a/deployment/helm/edc-controlplane/README.md +++ b/charts/edc-controlplane/README.md @@ -1,15 +1,15 @@ # edc-controlplane -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.1](https://img.shields.io/badge/AppVersion-0.1.1-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.2](https://img.shields.io/badge/AppVersion-0.1.2-informational?style=flat-square) EDC Control-Plane - The Eclipse DataSpaceConnector administration layer with responsibility of resource management and govern contracts and data transfers -**Homepage:** +**Homepage:** ## TL;DR ```shell $ helm repo add catenax-ng-product-edc https://catenax-ng.github.io/product-edc -$ helm install my-release catenax-ng-product-edc/edc-controlplane --version 0.1.1 +$ helm install my-release catenax-ng-product-edc/edc-controlplane --version 0.1.2 ``` ## Values diff --git a/deployment/helm/edc-controlplane/README.md.gotmpl b/charts/edc-controlplane/README.md.gotmpl similarity index 100% rename from deployment/helm/edc-controlplane/README.md.gotmpl rename to charts/edc-controlplane/README.md.gotmpl diff --git a/deployment/helm/edc-controlplane/templates/NOTES.txt b/charts/edc-controlplane/templates/NOTES.txt similarity index 100% rename from deployment/helm/edc-controlplane/templates/NOTES.txt rename to charts/edc-controlplane/templates/NOTES.txt diff --git a/deployment/helm/edc-controlplane/templates/_helpers.tpl b/charts/edc-controlplane/templates/_helpers.tpl similarity index 100% rename from deployment/helm/edc-controlplane/templates/_helpers.tpl rename to charts/edc-controlplane/templates/_helpers.tpl diff --git a/deployment/helm/edc-controlplane/templates/configmap-env.yaml b/charts/edc-controlplane/templates/configmap-env.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/configmap-env.yaml rename to charts/edc-controlplane/templates/configmap-env.yaml diff --git a/deployment/helm/edc-controlplane/templates/configmap.yaml b/charts/edc-controlplane/templates/configmap.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/configmap.yaml rename to charts/edc-controlplane/templates/configmap.yaml diff --git a/deployment/helm/edc-controlplane/templates/deployment.yaml b/charts/edc-controlplane/templates/deployment.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/deployment.yaml rename to charts/edc-controlplane/templates/deployment.yaml diff --git a/deployment/helm/edc-controlplane/templates/hpa.yaml b/charts/edc-controlplane/templates/hpa.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/hpa.yaml rename to charts/edc-controlplane/templates/hpa.yaml diff --git a/deployment/helm/edc-controlplane/templates/imagepullsecret.yaml b/charts/edc-controlplane/templates/imagepullsecret.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/imagepullsecret.yaml rename to charts/edc-controlplane/templates/imagepullsecret.yaml diff --git a/deployment/helm/edc-controlplane/templates/ingress.yaml b/charts/edc-controlplane/templates/ingress.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/ingress.yaml rename to charts/edc-controlplane/templates/ingress.yaml diff --git a/deployment/helm/edc-controlplane/templates/service.yaml b/charts/edc-controlplane/templates/service.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/service.yaml rename to charts/edc-controlplane/templates/service.yaml diff --git a/deployment/helm/edc-controlplane/templates/serviceaccount.yaml b/charts/edc-controlplane/templates/serviceaccount.yaml similarity index 100% rename from deployment/helm/edc-controlplane/templates/serviceaccount.yaml rename to charts/edc-controlplane/templates/serviceaccount.yaml diff --git a/deployment/helm/edc-controlplane/values.yaml b/charts/edc-controlplane/values.yaml similarity index 100% rename from deployment/helm/edc-controlplane/values.yaml rename to charts/edc-controlplane/values.yaml diff --git a/deployment/helm/edc-dataplane/.helmignore b/charts/edc-dataplane/.helmignore similarity index 100% rename from deployment/helm/edc-dataplane/.helmignore rename to charts/edc-dataplane/.helmignore diff --git a/deployment/helm/edc-dataplane/Chart.yaml b/charts/edc-dataplane/Chart.yaml similarity index 65% rename from deployment/helm/edc-dataplane/Chart.yaml rename to charts/edc-dataplane/Chart.yaml index e9d513ff4..4610c99e8 100644 --- a/deployment/helm/edc-dataplane/Chart.yaml +++ b/charts/edc-dataplane/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: edc-dataplane description: >- EDC Data-Plane - The Eclipse DataSpaceConnector data layer with responsibility of transferring and receiving data streams -home: https://github.com/catenax-ng/product-edc/deployment/helm/edc-dataplane +home: https://github.com/catenax-ng/product-edc/charts/edc-dataplane type: application -appVersion: "0.1.1" -version: 0.1.1 +appVersion: "0.1.2" +version: 0.1.2 maintainers: [] diff --git a/deployment/helm/edc-dataplane/README.md b/charts/edc-dataplane/README.md similarity index 98% rename from deployment/helm/edc-dataplane/README.md rename to charts/edc-dataplane/README.md index fbedf9dec..de73cdb84 100644 --- a/deployment/helm/edc-dataplane/README.md +++ b/charts/edc-dataplane/README.md @@ -1,15 +1,15 @@ # edc-dataplane -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.1](https://img.shields.io/badge/AppVersion-0.1.1-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.2](https://img.shields.io/badge/AppVersion-0.1.2-informational?style=flat-square) EDC Data-Plane - The Eclipse DataSpaceConnector data layer with responsibility of transferring and receiving data streams -**Homepage:** +**Homepage:** ## TL;DR ```shell $ helm repo add catenax-ng-product-edc https://catenax-ng.github.io/product-edc -$ helm install my-release catenax-ng-product-edc/edc-dataplane --version 0.1.1 +$ helm install my-release catenax-ng-product-edc/edc-dataplane --version 0.1.2 ``` ## Values diff --git a/deployment/helm/edc-dataplane/README.md.gotmpl b/charts/edc-dataplane/README.md.gotmpl similarity index 100% rename from deployment/helm/edc-dataplane/README.md.gotmpl rename to charts/edc-dataplane/README.md.gotmpl diff --git a/deployment/helm/edc-dataplane/templates/NOTES.txt b/charts/edc-dataplane/templates/NOTES.txt similarity index 100% rename from deployment/helm/edc-dataplane/templates/NOTES.txt rename to charts/edc-dataplane/templates/NOTES.txt diff --git a/deployment/helm/edc-dataplane/templates/_helpers.tpl b/charts/edc-dataplane/templates/_helpers.tpl similarity index 100% rename from deployment/helm/edc-dataplane/templates/_helpers.tpl rename to charts/edc-dataplane/templates/_helpers.tpl diff --git a/deployment/helm/edc-dataplane/templates/configmap-env.yaml b/charts/edc-dataplane/templates/configmap-env.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/configmap-env.yaml rename to charts/edc-dataplane/templates/configmap-env.yaml diff --git a/deployment/helm/edc-dataplane/templates/configmap.yaml b/charts/edc-dataplane/templates/configmap.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/configmap.yaml rename to charts/edc-dataplane/templates/configmap.yaml diff --git a/deployment/helm/edc-dataplane/templates/deployment.yaml b/charts/edc-dataplane/templates/deployment.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/deployment.yaml rename to charts/edc-dataplane/templates/deployment.yaml diff --git a/deployment/helm/edc-dataplane/templates/hpa.yaml b/charts/edc-dataplane/templates/hpa.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/hpa.yaml rename to charts/edc-dataplane/templates/hpa.yaml diff --git a/deployment/helm/edc-dataplane/templates/imagepullsecret.yaml b/charts/edc-dataplane/templates/imagepullsecret.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/imagepullsecret.yaml rename to charts/edc-dataplane/templates/imagepullsecret.yaml diff --git a/deployment/helm/edc-dataplane/templates/ingress.yaml b/charts/edc-dataplane/templates/ingress.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/ingress.yaml rename to charts/edc-dataplane/templates/ingress.yaml diff --git a/deployment/helm/edc-dataplane/templates/service.yaml b/charts/edc-dataplane/templates/service.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/service.yaml rename to charts/edc-dataplane/templates/service.yaml diff --git a/deployment/helm/edc-dataplane/templates/serviceaccount.yaml b/charts/edc-dataplane/templates/serviceaccount.yaml similarity index 100% rename from deployment/helm/edc-dataplane/templates/serviceaccount.yaml rename to charts/edc-dataplane/templates/serviceaccount.yaml diff --git a/deployment/helm/edc-dataplane/values.yaml b/charts/edc-dataplane/values.yaml similarity index 100% rename from deployment/helm/edc-dataplane/values.yaml rename to charts/edc-dataplane/values.yaml diff --git a/docs/data-transfer/Transfer Data.md b/docs/data-transfer/Transfer Data.md index 529c06416..5de4b3111 100644 --- a/docs/data-transfer/Transfer Data.md +++ b/docs/data-transfer/Transfer Data.md @@ -64,20 +64,71 @@ source documentation ([link](https://github.com/eclipse-dataspaceconnector/DataS **Run** + The following commands will create an Asset, a Policy and a Contract Definition. For simplicity `https://jsonplaceholder.typicode.com/todos/1` is used as data source of the asset, but could be any other API, that is reachable from the Provider Data Plane. ```bash -curl -X POST "$PLATO_DATAMGMT_URL/data/assets" --header "X-Api-Key: password" --header "Content-Type: application/json" --data "{ \"asset\": { \"properties\": { \"asset:prop:id\": \"1\", \"asset:prop:description\": \"Product EDC Demo Asset\" } }, \"dataAddress\": { \"properties\": { \"type\": \"HttpData\", \"baseUrl\": \"https://jsonplaceholder.typicode.com/todos/1\" } } }" -s -o /dev/null -w 'Response Code: %{http_code}\n' +curl -X POST "$PLATO_DATAMGMT_URL/data/assets" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "asset": { + "properties": { + "asset:prop:id": "1", + "asset:prop:description": "Product EDC Demo Asset" + } + }, + "dataAddress": { + "properties": { + "type": "HttpData", + "baseUrl": "https://jsonplaceholder.typicode.com/todos/1" + } + } + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' ``` ```bash -curl -X POST "$PLATO_DATAMGMT_URL/data/policydefinitions" --header "X-Api-Key: password" --header "Content-Type: application/json" --data "{ \"id\": \"1\", \"policy\": { \"prohibitions\": [], \"obligations\": [], \"permissions\": [ { \"edctype\": \"dataspaceconnector:permission\", \"action\": { \"type\": \"USE\" }, \"constraints\": [] } ] } }" -s -o /dev/null -w 'Response Code: %{http_code}\n' +curl -X POST "${PLATO_DATAMGMT_URL}/data/policydefinitions" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "id": "1", + "policy": { + "prohibitions": [], + "obligations": [], + "permissions": [ + { + "edctype": "dataspaceconnector:permission", + "action": { "type": "USE" }, + "constraints": [] + } + ] + } + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' ``` + ```bash -curl -X POST "$PLATO_DATAMGMT_URL/data/contractdefinitions" --header "X-Api-Key: password" --header "Content-Type: application/json" --data "{ \"id\": \"1\", \"criteria\": [ { \"operandLeft\": \"asset:prop:id\", \"operator\": \"=\", \"operandRight\": \"1\" } ], \"accessPolicyId\": \"1\", \"contractPolicyId\": \"1\" }" -s -o /dev/null -w 'Response Code: %{http_code}\n' +curl -X POST "${PLATO_DATAMGMT_URL}/data/contractdefinitions" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "id": "1", + "criteria": [ + { + "operandLeft": "asset:prop:id", + "operator": "=", + "operandRight": "1" + } + ], + "accessPolicyId": "1", + "contractPolicyId": "1" + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' ``` ## 2. Request Contract Offer Catalog @@ -93,7 +144,11 @@ connectors, that intent to send messages to each other, have the same DAPS insta **Run** ```bash -curl -G -X GET "$SOKRATES_DATAMGMT_URL/data/catalog" --data-urlencode "providerUrl=$PLATO_IDS_URL/api/v1/ids/data" --header "X-Api-Key: password" --header "Content-Type: application/json" -s | jq +curl -G -X GET "${SOKRATES_DATAMGMT_URL}/data/catalog" \ + --data-urlencode "providerUrl=${PLATO_IDS_URL}/api/v1/ids/data" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq ``` ## 3. Negotiate Contract @@ -112,11 +167,40 @@ and checking whether the `contractAgreementId` is set. This might take a few sec **Run** ```bash -export NEGOTIATION_ID=$(curl -X POST "$SOKRATES_DATAMGMT_URL/data/contractnegotiations" --header "X-Api-Key: password" --header "Content-Type: application/json" --data "{ \"connectorId\": \"foo\", \"connectorAddress\": \"$PLATO_IDS_URL/api/v1/ids/data\", \"offer\": { \"offerId\": \"1:foo\", \"assetId\": \"1\", \"policy\": { \"uid\": \"1\", \"prohibitions\": [], \"obligations\": [], \"permissions\": [ { \"edctype\": \"dataspaceconnector:permission\", \"action\": { \"type\": \"USE\" }, \"target\": \"1\", \"constraints\": [] } ] } } }" -s | jq -r '.id') +export NEGOTIATION_ID=$( \ + curl -X POST "${SOKRATES_DATAMGMT_URL}/data/contractnegotiations" \ + --header "X-Api-Key: password" \ + --header "Content-Type: application/json" \ + --data "{ + \"connectorId\": \"foo\", + \"connectorAddress\": \"${PLATO_IDS_URL}/api/v1/ids/data\", + \"offer\": { + \"offerId\": \"1:foo\", + \"assetId\": \"1\", + \"policy\": { + \"uid\": \"1\", + \"prohibitions\": [], + \"obligations\": [], + \"permissions\": [ + { + \"edctype\": \"dataspaceconnector:permission\", + \"action\": { \"type\": \"USE\" }, + \"target\": \"1\", + \"constraints\": [] + } + ] + } + } + }" \ + -s | jq -r '.id') ``` + ```bash -curl -X GET "$SOKRATES_DATAMGMT_URL/data/contractnegotiations/$NEGOTIATION_ID" --header "X-Api-Key: password" --header "Content-Type: application/json" -s | jq +curl -X GET "${SOKRATES_DATAMGMT_URL}/data/contractnegotiations/${NEGOTIATION_ID}" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq ``` ## 4. Transfer Data @@ -129,16 +213,36 @@ the transfer process is `COMPLETED`. **Run** ```bash -export CONTRACT_AGREEMENT_ID=$(curl -X GET "$SOKRATES_DATAMGMT_URL/data/contractnegotiations/$NEGOTIATION_ID" --header "X-Api-Key: password" --header "Content-Type: application/json" -s | jq -r '.contractAgreementId') +export CONTRACT_AGREEMENT_ID=$( \ + curl -X GET "$SOKRATES_DATAMGMT_URL/data/contractnegotiations/$NEGOTIATION_ID" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq -r '.contractAgreementId') ``` ```bash export TRANSFER_PROCESS_ID=$(tr -dc '[:alnum:]' < /dev/urandom | head -c20) -export TRANSFER_ID=$(curl -X POST "$SOKRATES_DATAMGMT_URL/data/transferprocess" --header "X-Api-Key: password" --header "Content-Type: application/json" --data "{ \"id\": \"${TRANSFER_PROCESS_ID}\", \"connectorId\": \"foo\", \"connectorAddress\": \"${PLATO_IDS_URL}/api/v1/ids/data\", \"contractId\": \"${CONTRACT_AGREEMENT_ID}\", \"assetId\": \"1\", \"managedResources\": \"false\", \"dataDestination\": { \"type\": \"HttpProxy\" } }" -s | jq -r '.id') +export TRANSFER_ID=$( \ + curl -X POST "${SOKRATES_DATAMGMT_URL}/data/transferprocess" \ + --header "X-Api-Key: password" \ + --header "Content-Type: application/json" \ + --data "{ + \"id\": \"${TRANSFER_PROCESS_ID}\", + \"connectorId\": \"foo\", + \"connectorAddress\": \"${PLATO_IDS_URL}/api/v1/ids/data\", + \"contractId\": \"${CONTRACT_AGREEMENT_ID}\", + \"assetId\": \"1\", + \"managedResources\": \"false\", + \"dataDestination\": { \"type\": \"HttpProxy\" } + }" \ + -s | jq -r '.id') ``` ```bash -curl -X GET "$SOKRATES_DATAMGMT_URL/data/transferprocess/$TRANSFER_ID" --header "X-Api-Key: password" --header "Content-Type: application/json" -s | jq +curl -X GET "$SOKRATES_DATAMGMT_URL/data/transferprocess/$TRANSFER_ID" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq ``` ## 5. Verify Data Transfer @@ -149,7 +253,9 @@ locally. In this demo the transfer can be verified by executing a simple `cat` c ![Sequence 1](diagrams/transfer_sequence_5.png) ```bash -curl -X GET "${SOKRATES_BACKEND_URL}/${TRANSFER_PROCESS_ID}" -H "Accept: application/octet-stream" -s | jq +curl -X GET "${SOKRATES_BACKEND_URL}/${TRANSFER_PROCESS_ID}" \ + --header 'Accept: application/octet-stream' \ + -s | jq ``` # Delete All Data diff --git a/docs/development/Release.md b/docs/development/Release.md new file mode 100644 index 000000000..2b8e09d07 --- /dev/null +++ b/docs/development/Release.md @@ -0,0 +1,40 @@ +# Release + +## Prerequisites + +[![Apache Maven][maven-shield]][maven-url] + +## Update DEPENDENCIES file +### 1. Setup Eclipse Dash License Tool Maven Plugin locally + +At the time of writing the maven plugin could not be downloaded from the repository. +As alternative check out the repository and build the plugin locally, so that its added to the local maven repository. + +#### 1.1 Checkout repository + +`git clone https://github.com/eclipse/dash-licenses.git` + +#### 1.2 Install Plugin in local maven repository + +`mvn clean install` + +### 2. Generate DEPENDENCIES file + +This call generates the dependencies file. If there is a value set for `dash.iplab.token` it will also automatically create new issues for all unknown dependencies at the Eclipse Intellectual Property board +https://gitlab.eclipse.org/eclipsefdn/emo-team/iplab/-/issues + +```bash +./mvnw org.eclipse.dash:license-tool-plugin:license-check \ + -Ddash.summary=DEPENDENCIES \ + -Ddash.projectId=automotive.tractusx \ + -Ddash.iplab.token= +``` + +

+ + * see dash documentation on how to get a token + +

+ +[maven-shield]: https://img.shields.io/badge/Apache%20Maven-URL-blue +[maven-url]: https://maven.apache.org \ No newline at end of file diff --git a/docs/migration/Version_0.1.0_0.1.1.md b/docs/migration/Version_0.1.0_0.1.1.md index e0caa4fa2..5797593de 100644 --- a/docs/migration/Version_0.1.0_0.1.1.md +++ b/docs/migration/Version_0.1.0_0.1.1.md @@ -75,7 +75,7 @@ New call ## 2. Connector Configuration ### 2.1. CX OAuth Extension -All connectors are now shipped with a new OAuth extension. This extension has an additional mandatory setting called `edc.oauth.endpoint.audience`, that must be set to the IDS path. +All connectors are now shipped with a new OAuth extension. This extension has an additional mandatory setting called `edc.ids.endpoint.audience`, that must be set to the IDS path. [Documentation](/edc-extensions/cx-oauth2/README.md) @@ -85,7 +85,7 @@ All connectors are now shipped with a new OAuth extension. This extension has an Example ``` -edc.oauth.endpoint.audience=http://plato-edc-controlplane:8282/api/v1/ids/data +edc.ids.endpoint.audience=http://plato-edc-controlplane:8282/api/v1/ids/data ``` diff --git a/docs/release-notes/Version 0.1.1.md b/docs/release-notes/Version 0.1.1.md index 3e5247942..a56d1f307 100644 --- a/docs/release-notes/Version 0.1.1.md +++ b/docs/release-notes/Version 0.1.1.md @@ -6,6 +6,10 @@ > > Please consolidate the migration documentation ([link](../migration/Version_0.1.0_0.1.1.md)). +> **Important Notice** +> +> The **InMemoryControlPlane** image is broken. Please use another control plane instead. + ## 0. Summary - 1. Eclipse Dataspace Connector Update @@ -33,7 +37,7 @@ Using the open source OAuth Extension it is possible for a connector to re-use a **New Audience Configuration** ``` -edc.oauth.endpoint.audience=http://plato-edc-controlplane:8282/api/v1/ids/data +edc.ids.endpoint.audience=http://plato-edc-controlplane:8282/api/v1/ids/data ``` ## 3. Bug Fixes diff --git a/docs/release-notes/Version 0.1.2.md b/docs/release-notes/Version 0.1.2.md new file mode 100644 index 000000000..812e8a1d7 --- /dev/null +++ b/docs/release-notes/Version 0.1.2.md @@ -0,0 +1,20 @@ +# Release Notes Version 0.1.2 +30.09.2022 + +> This version introduced mostly bugfixes and thread mitigation by updating libraries. + +## 1. Eclipse Dataspace Connector + +The Git submodule references commit `740c100ac162bc41b1968c232ad81f7d739aefa9` from the 23th of September 2022 (newer than **0.0.1-milestone-6**). + +## 2. Product EDC + +### 2.1 Alpine Image + +Introduce alpine image as base for all Product EDC Images (replaced distroless image). + +## 3. Fixed Issues + +- Contract negotiation not working when initiated with policy id ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1251)) + +- Negotiation of Policies with extensible properties now works as expected \ No newline at end of file diff --git a/edc b/edc index 658c5e31a..740c100ac 160000 --- a/edc +++ b/edc @@ -1 +1 @@ -Subproject commit 658c5e31accf5f7f4b221e94478763fd30af7d85 +Subproject commit 740c100ac162bc41b1968c232ad81f7d739aefa9 diff --git a/edc-controlplane/README.md b/edc-controlplane/README.md index 230e156d8..033852b1c 100644 --- a/edc-controlplane/README.md +++ b/edc-controlplane/README.md @@ -44,9 +44,19 @@ EDC commit the Product-EDC uses. **Persistence** - ContractDefinition-AssetSelector of InMemory Connector selects 50 Asset max.([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1779)) +**Negotiation** + +- Connector blocks negotiation when `rightExpression` of a `Constraint` contains multiple elements/an array ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/2026)) + +- Provider must pass its own `ContractPolicy` for the negotiation to succeed ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1975)) + **Transfer** - Transfer Process remains 'InProgress' on provider side ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1287)) +**Data Management API** + +- Pagination is not correctly applied during catalog request ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/2008)) + **Configuration** - Contract negotiation not working when `web.http.ids.path` is configured/changed ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1249)) - **Workaround:** Don't configure `web.http.ids.path`, so that the default path is used. @@ -56,10 +66,6 @@ EDC commit the Product-EDC uses. - Non-telling logs when `edc.transfer.proxy.token.verifier.publickey.alias` setting is missing([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1889)) -**Data Management API** -- Contract negotiation not working when initiated with policy id ([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1251)) - - **Workaround:** The DataManagement API can also initiate a contract negotiation using the actual policy object. - **Other** - Non-IDS-Transformable-ContractDefinition causes connector to be unable to send out self-descriptions/catalogs([issue](https://github.com/eclipse-dataspaceconnector/DataSpaceConnector/issues/1265)) - **Workaround:** Delete non-transformable ContractDefinition or Policy. diff --git a/edc-controlplane/edc-controlplane-base/pom.xml b/edc-controlplane/edc-controlplane-base/pom.xml index 7aca2a18a..61b811404 100644 --- a/edc-controlplane/edc-controlplane-base/pom.xml +++ b/edc-controlplane/edc-controlplane-base/pom.xml @@ -18,7 +18,7 @@ edc-controlplane net.catenax.edc - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-controlplane/edc-controlplane-memory/pom.xml b/edc-controlplane/edc-controlplane-memory/pom.xml index 43334f0a2..7bfadee32 100644 --- a/edc-controlplane/edc-controlplane-memory/pom.xml +++ b/edc-controlplane/edc-controlplane-memory/pom.xml @@ -16,7 +16,7 @@ net.catenax.edc edc-controlplane - 0.1.1 + 0.1.2 4.0.0 @@ -87,6 +87,10 @@ net.catenax.edc edc-controlplane-base + + org.eclipse.dataspaceconnector + control-plane-core + diff --git a/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile index 350eeb6c5..aec27cd97 100644 --- a/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile +++ b/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile @@ -16,17 +16,38 @@ ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-in RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -FROM gcr.io/distroless/java11-debian11@sha256:dee9240c64471f1776a6b37f315890aba14ff4bc89ad247eeb34ec79fdeb24f4 +FROM alpine:3.16.2 + ARG JAR ARG LIB +ARG APP_USER=docker +ARG APP_UID=10100 + +RUN apk update && \ + apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \ + rm -rf /var/cache/apk/* + +RUN addgroup --system "$APP_USER" + +RUN adduser \ + --shell /sbin/nologin \ + --disabled-password \ + --gecos "" \ + --ingroup "$APP_USER" \ + --no-create-home \ + --uid "$APP_UID" \ + "$APP_USER" + +USER "$APP_USER" WORKDIR /app COPY --from=otel /tmp/opentelemetry-javaagent.jar . COPY ${JAR} edc-controlplane.jar COPY ${LIB} ./lib/ -CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ +CMD ["java", \ + "-javaagent:/app/opentelemetry-javaagent.jar", \ "-Dedc.fs.config=/app/configuration.properties", \ "-Djava.util.logging.config.file=/app/logging.properties", \ "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/pom.xml b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/pom.xml index 0aa9f47e3..402a1bac2 100644 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/pom.xml +++ b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc edc-controlplane - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile index 350eeb6c5..aec27cd97 100644 --- a/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile +++ b/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile @@ -16,17 +16,38 @@ ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-in RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -FROM gcr.io/distroless/java11-debian11@sha256:dee9240c64471f1776a6b37f315890aba14ff4bc89ad247eeb34ec79fdeb24f4 +FROM alpine:3.16.2 + ARG JAR ARG LIB +ARG APP_USER=docker +ARG APP_UID=10100 + +RUN apk update && \ + apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \ + rm -rf /var/cache/apk/* + +RUN addgroup --system "$APP_USER" + +RUN adduser \ + --shell /sbin/nologin \ + --disabled-password \ + --gecos "" \ + --ingroup "$APP_USER" \ + --no-create-home \ + --uid "$APP_UID" \ + "$APP_USER" + +USER "$APP_USER" WORKDIR /app COPY --from=otel /tmp/opentelemetry-javaagent.jar . COPY ${JAR} edc-controlplane.jar COPY ${LIB} ./lib/ -CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ +CMD ["java", \ + "-javaagent:/app/opentelemetry-javaagent.jar", \ "-Dedc.fs.config=/app/configuration.properties", \ "-Djava.util.logging.config.file=/app/logging.properties", \ "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ diff --git a/edc-controlplane/edc-controlplane-postgresql/pom.xml b/edc-controlplane/edc-controlplane-postgresql/pom.xml index c0c97462e..0ef3fa639 100644 --- a/edc-controlplane/edc-controlplane-postgresql/pom.xml +++ b/edc-controlplane/edc-controlplane-postgresql/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc edc-controlplane - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile b/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile index 350eeb6c5..aec27cd97 100644 --- a/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile +++ b/edc-controlplane/edc-controlplane-postgresql/src/main/docker/Dockerfile @@ -16,17 +16,38 @@ ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-in RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -FROM gcr.io/distroless/java11-debian11@sha256:dee9240c64471f1776a6b37f315890aba14ff4bc89ad247eeb34ec79fdeb24f4 +FROM alpine:3.16.2 + ARG JAR ARG LIB +ARG APP_USER=docker +ARG APP_UID=10100 + +RUN apk update && \ + apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \ + rm -rf /var/cache/apk/* + +RUN addgroup --system "$APP_USER" + +RUN adduser \ + --shell /sbin/nologin \ + --disabled-password \ + --gecos "" \ + --ingroup "$APP_USER" \ + --no-create-home \ + --uid "$APP_UID" \ + "$APP_USER" + +USER "$APP_USER" WORKDIR /app COPY --from=otel /tmp/opentelemetry-javaagent.jar . COPY ${JAR} edc-controlplane.jar COPY ${LIB} ./lib/ -CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ +CMD ["java", \ + "-javaagent:/app/opentelemetry-javaagent.jar", \ "-Dedc.fs.config=/app/configuration.properties", \ "-Djava.util.logging.config.file=/app/logging.properties", \ "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ diff --git a/edc-controlplane/pom.xml b/edc-controlplane/pom.xml index 1414a5d93..7833a1b49 100644 --- a/edc-controlplane/pom.xml +++ b/edc-controlplane/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc product-edc-parent - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-dataplane/edc-dataplane-azure-vault/pom.xml b/edc-dataplane/edc-dataplane-azure-vault/pom.xml index 5420c8a78..82c0895d5 100644 --- a/edc-dataplane/edc-dataplane-azure-vault/pom.xml +++ b/edc-dataplane/edc-dataplane-azure-vault/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc edc-dataplane - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-dataplane/edc-dataplane-azure-vault/src/main/docker/Dockerfile b/edc-dataplane/edc-dataplane-azure-vault/src/main/docker/Dockerfile index 4b527f281..2aec25e1b 100644 --- a/edc-dataplane/edc-dataplane-azure-vault/src/main/docker/Dockerfile +++ b/edc-dataplane/edc-dataplane-azure-vault/src/main/docker/Dockerfile @@ -16,17 +16,38 @@ ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-in RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -FROM gcr.io/distroless/java11-debian11@sha256:dee9240c64471f1776a6b37f315890aba14ff4bc89ad247eeb34ec79fdeb24f4 +FROM alpine:3.16.2 + ARG JAR ARG LIB +ARG APP_USER=docker +ARG APP_UID=10100 + +RUN apk update && \ + apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \ + rm -rf /var/cache/apk/* + +RUN addgroup --system "$APP_USER" + +RUN adduser \ + --shell /sbin/nologin \ + --disabled-password \ + --gecos "" \ + --ingroup "$APP_USER" \ + --no-create-home \ + --uid "$APP_UID" \ + "$APP_USER" + +USER "$APP_USER" WORKDIR /app COPY --from=otel /tmp/opentelemetry-javaagent.jar . COPY ${JAR} edc-dataplane.jar COPY ${LIB} ./lib/ -CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ +CMD ["java", \ + "-javaagent:/app/opentelemetry-javaagent.jar", \ "-Dedc.fs.config=/app/configuration.properties", \ "-Djava.util.logging.config.file=/app/logging.properties", \ "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ diff --git a/edc-dataplane/edc-dataplane-base/pom.xml b/edc-dataplane/edc-dataplane-base/pom.xml index 6905ca3ba..4d3604e17 100644 --- a/edc-dataplane/edc-dataplane-base/pom.xml +++ b/edc-dataplane/edc-dataplane-base/pom.xml @@ -18,7 +18,7 @@ edc-dataplane net.catenax.edc - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-dataplane/edc-dataplane-hashicorp-vault/pom.xml b/edc-dataplane/edc-dataplane-hashicorp-vault/pom.xml index 351b705a5..25ab47e0d 100644 --- a/edc-dataplane/edc-dataplane-hashicorp-vault/pom.xml +++ b/edc-dataplane/edc-dataplane-hashicorp-vault/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc edc-dataplane - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-dataplane/edc-dataplane-hashicorp-vault/src/main/docker/Dockerfile b/edc-dataplane/edc-dataplane-hashicorp-vault/src/main/docker/Dockerfile index 4b527f281..2aec25e1b 100644 --- a/edc-dataplane/edc-dataplane-hashicorp-vault/src/main/docker/Dockerfile +++ b/edc-dataplane/edc-dataplane-hashicorp-vault/src/main/docker/Dockerfile @@ -16,17 +16,38 @@ ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-in RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar -FROM gcr.io/distroless/java11-debian11@sha256:dee9240c64471f1776a6b37f315890aba14ff4bc89ad247eeb34ec79fdeb24f4 +FROM alpine:3.16.2 + ARG JAR ARG LIB +ARG APP_USER=docker +ARG APP_UID=10100 + +RUN apk update && \ + apk add openjdk11-jre-headless=11.0.16.1_p1-r0 --no-cache && \ + rm -rf /var/cache/apk/* + +RUN addgroup --system "$APP_USER" + +RUN adduser \ + --shell /sbin/nologin \ + --disabled-password \ + --gecos "" \ + --ingroup "$APP_USER" \ + --no-create-home \ + --uid "$APP_UID" \ + "$APP_USER" + +USER "$APP_USER" WORKDIR /app COPY --from=otel /tmp/opentelemetry-javaagent.jar . COPY ${JAR} edc-dataplane.jar COPY ${LIB} ./lib/ -CMD ["-javaagent:/app/opentelemetry-javaagent.jar", \ +CMD ["java", \ + "-javaagent:/app/opentelemetry-javaagent.jar", \ "-Dedc.fs.config=/app/configuration.properties", \ "-Djava.util.logging.config.file=/app/logging.properties", \ "-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \ diff --git a/edc-dataplane/pom.xml b/edc-dataplane/pom.xml index 2b7e8fd52..70d806d1b 100644 --- a/edc-dataplane/pom.xml +++ b/edc-dataplane/pom.xml @@ -18,7 +18,7 @@ net.catenax.edc product-edc-parent - 0.1.1 + 0.1.2 edc-dataplane diff --git a/edc-extensions/business-partner-validation/pom.xml b/edc-extensions/business-partner-validation/pom.xml index 2523e9bc3..fbfe5ba0e 100644 --- a/edc-extensions/business-partner-validation/pom.xml +++ b/edc-extensions/business-partner-validation/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc.extensions edc-extensions - 0.1.1 + 0.1.2 4.0.0 @@ -49,10 +49,18 @@ + + org.eclipse.dataspaceconnector + core-spi + org.eclipse.dataspaceconnector policy-spi + + org.eclipse.dataspaceconnector + policy-engine-spi + diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java index 88caf2121..d97953e84 100644 --- a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtension.java @@ -14,7 +14,7 @@ package net.catenax.edc.validation.businesspartner; -import static org.eclipse.dataspaceconnector.spi.policy.PolicyEngine.ALL_SCOPES; +import static org.eclipse.dataspaceconnector.spi.policy.engine.PolicyEngine.ALL_SCOPES; import net.catenax.edc.validation.businesspartner.functions.BusinessPartnerDutyFunction; import net.catenax.edc.validation.businesspartner.functions.BusinessPartnerPermissionFunction; @@ -22,10 +22,10 @@ import org.eclipse.dataspaceconnector.policy.model.Duty; import org.eclipse.dataspaceconnector.policy.model.Permission; import org.eclipse.dataspaceconnector.policy.model.Prohibition; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.PolicyEngine; -import org.eclipse.dataspaceconnector.spi.policy.RuleBindingRegistry; -import org.eclipse.dataspaceconnector.spi.system.Requires; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyEngine; +import org.eclipse.dataspaceconnector.spi.policy.engine.RuleBindingRegistry; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java index 47466b2d6..e5f4eabe0 100644 --- a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidation.java @@ -20,7 +20,7 @@ import org.eclipse.dataspaceconnector.policy.model.Operator; import org.eclipse.dataspaceconnector.spi.agent.ParticipantAgent; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyContext; /** * Abstract class for BusinessPartnerNumber validation. This class may be inherited from the EDC diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java index dcf0c5050..db7a7282b 100644 --- a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerDutyFunction.java @@ -17,8 +17,8 @@ import org.eclipse.dataspaceconnector.policy.model.Duty; import org.eclipse.dataspaceconnector.policy.model.Operator; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.AtomicConstraintFunction; -import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; +import org.eclipse.dataspaceconnector.spi.policy.engine.AtomicConstraintFunction; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyContext; /** AtomicConstraintFunction to validate business partner numbers for edc duties. */ public class BusinessPartnerDutyFunction extends AbstractBusinessPartnerValidation diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java index a12544248..101f37054 100644 --- a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerPermissionFunction.java @@ -17,8 +17,8 @@ import org.eclipse.dataspaceconnector.policy.model.Operator; import org.eclipse.dataspaceconnector.policy.model.Permission; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.AtomicConstraintFunction; -import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; +import org.eclipse.dataspaceconnector.spi.policy.engine.AtomicConstraintFunction; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyContext; /** AtomicConstraintFunction to validate business partner numbers for edc permissions. */ public class BusinessPartnerPermissionFunction extends AbstractBusinessPartnerValidation diff --git a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java index faeb4a358..4db6d9629 100644 --- a/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java +++ b/edc-extensions/business-partner-validation/src/main/java/net/catenax/edc/validation/businesspartner/functions/BusinessPartnerProhibitionFunction.java @@ -17,8 +17,8 @@ import org.eclipse.dataspaceconnector.policy.model.Operator; import org.eclipse.dataspaceconnector.policy.model.Prohibition; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.AtomicConstraintFunction; -import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; +import org.eclipse.dataspaceconnector.spi.policy.engine.AtomicConstraintFunction; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyContext; /** AtomicConstraintFunction to validate business partner numbers for edc prohibitions. */ public class BusinessPartnerProhibitionFunction extends AbstractBusinessPartnerValidation diff --git a/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java index 79dd839d8..4ae06eb83 100644 --- a/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java +++ b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/BusinessPartnerValidationExtensionTest.java @@ -18,8 +18,8 @@ import org.eclipse.dataspaceconnector.policy.model.Permission; import org.eclipse.dataspaceconnector.policy.model.Prohibition; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.PolicyEngine; -import org.eclipse.dataspaceconnector.spi.policy.RuleBindingRegistry; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyEngine; +import org.eclipse.dataspaceconnector.spi.policy.engine.RuleBindingRegistry; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java index ac8a68ebb..b00232d5e 100644 --- a/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java +++ b/edc-extensions/business-partner-validation/src/test/java/net/catenax/edc/validation/businesspartner/functions/AbstractBusinessPartnerValidationTest.java @@ -19,7 +19,7 @@ import org.eclipse.dataspaceconnector.policy.model.Operator; import org.eclipse.dataspaceconnector.spi.agent.ParticipantAgent; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.policy.PolicyContext; +import org.eclipse.dataspaceconnector.spi.policy.engine.PolicyContext; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/edc-extensions/cx-oauth2/README.md b/edc-extensions/cx-oauth2/README.md index 5f721e4ea..0da6f1ced 100644 --- a/edc-extensions/cx-oauth2/README.md +++ b/edc-extensions/cx-oauth2/README.md @@ -22,4 +22,12 @@ The reason IDS did this is to prevent the IDS DAPS to know, which connectors tal | edc.oauth.validation.nbf.leeway | DAPS token request leeway | | 10 seconds | | edc.oauth.provider.jwks.refresh | Time between refresh of the DAPS json web key set | | 5 minutes | | edc.ids.endpoint.audience | The audience the connector requests from the DAPS. Should be the IDS URL of the connector, e.g. `http://plato-edc-controlplane:8282/api/v1/ids/data` | X | | -| edc.ids.validation.referringconnector | Adds checks to the DAPS token. Validation that the `referringConnector` equals the `issuerConnector` and the `securityProfile` of the token is equal to the profile of the IDS message | | false | \ No newline at end of file +| edc.ids.validation.referringconnector | Adds checks to the DAPS token. Validation that the `referringConnector` equals the `issuerConnector` and the `securityProfile` of the token is equal to the profile of the IDS message | | false | + +## Audience Validation + +Instead of the `idsc:IDS_CONNECTORS_ALL` the connector requests a specific audience from the DAPS. This audience will be the IDS URL, the connector intends to call. + +When a connector receives a message, it will checks the token audience is equal to the configured value in `edc.ids.endpoint.audience`. + +![sequence diagram](./diagrams/sequence.png) \ No newline at end of file diff --git a/edc-extensions/cx-oauth2/diagrams/sequence.png b/edc-extensions/cx-oauth2/diagrams/sequence.png new file mode 100644 index 000000000..784441b4e Binary files /dev/null and b/edc-extensions/cx-oauth2/diagrams/sequence.png differ diff --git a/edc-extensions/cx-oauth2/diagrams/sequence.puml b/edc-extensions/cx-oauth2/diagrams/sequence.puml new file mode 100644 index 000000000..d2f20f278 --- /dev/null +++ b/edc-extensions/cx-oauth2/diagrams/sequence.puml @@ -0,0 +1,24 @@ +@startuml + +title CX-DAPS Audience Validation + +participant ConnectorA as "Connector A" +participant DAPS as "IDS DAPS" +participant ConnectorB as "Connector B" + +== Configuration == + +ConnectorB <-? : Configure //edc.ids.endpoint.audience//\nto ///api/v1/ids/data// + +== Request == + +?-> ConnectorA ++: Initiate Catalog Request\n/data/catalog?providerUrl=///api/v1/ids/data// + ConnectorA -> DAPS ++: Request Token for audience\n///api/v1/ids/data// + return DAPS Token + ConnectorA -> ConnectorB ++ : Send Request with Token + ConnectorB -> ConnectorB : Check Audience equals\n/api/v1/ids/data + ... continue request processing ... + return Catalog Response +return Catalog + +@enduml \ No newline at end of file diff --git a/edc-extensions/cx-oauth2/pom.xml b/edc-extensions/cx-oauth2/pom.xml index b6b56ca5a..b82d0b05f 100644 --- a/edc-extensions/cx-oauth2/pom.xml +++ b/edc-extensions/cx-oauth2/pom.xml @@ -18,7 +18,7 @@ edc-extensions net.catenax.edc.extensions - 0.1.1 + 0.1.2 4.0.0 @@ -122,7 +122,6 @@ com.nimbusds nimbus-jose-jwt - 8.23 com.squareup.okhttp3 diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/OAuth2Extension.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/OAuth2Extension.java index abc008b95..9fe15001c 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/OAuth2Extension.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/OAuth2Extension.java @@ -18,14 +18,14 @@ import lombok.Setter; import okhttp3.OkHttpClient; import org.eclipse.dataspaceconnector.iam.oauth2.spi.Oauth2JwtDecoratorRegistry; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.EdcException; -import org.eclipse.dataspaceconnector.spi.EdcSetting; import org.eclipse.dataspaceconnector.spi.iam.IdentityService; import org.eclipse.dataspaceconnector.spi.jwt.TokenGenerationService; import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationService; -import org.eclipse.dataspaceconnector.spi.system.Inject; -import org.eclipse.dataspaceconnector.spi.system.Provides; -import org.eclipse.dataspaceconnector.spi.system.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecorator.java index 3469dd075..3e7f90950 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecorator.java @@ -14,15 +14,22 @@ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import java.util.Map; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; public class DapsJwtDecorator implements JwtDecorator { + + @Override + public Map claims() { + return Map.of( + "@context", + "https://w3id.org/idsa/contexts/context.jsonld", + "@type", + "ids:DatRequestToken"); + } + @Override - public void decorate(JWSHeader.Builder header, JWTClaimsSet.Builder claimsSet) { - claimsSet - .claim("@context", "https://w3id.org/idsa/contexts/context.jsonld") - .claim("@type", "ids:DatRequestToken"); + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecorator.java index 4c06d1aea..4168f7e63 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecorator.java @@ -13,11 +13,10 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.time.Clock; import java.time.Duration; import java.util.Date; +import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; @@ -29,7 +28,14 @@ public class ExpJwtDecorator implements JwtDecorator { @NonNull private final Duration expiration; @Override - public void decorate(final JWSHeader.Builder header, final JWTClaimsSet.Builder claimsSet) { - claimsSet.expirationTime(Date.from(clock.instant().plusSeconds(expiration.toSeconds()))); + public Map claims() { + return Map.of( + JWTClaimNames.EXPIRATION_TIME, + Date.from(clock.instant().plusSeconds(expiration.toSeconds()))); + } + + @Override + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecorator.java index c409ca74f..d8d34d7bb 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecorator.java @@ -13,10 +13,9 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.time.Clock; import java.util.Date; +import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; @@ -27,7 +26,12 @@ public class IatJwtDecorator implements JwtDecorator { @NonNull private final Clock clock; @Override - public void decorate(final JWSHeader.Builder header, final JWTClaimsSet.Builder claimsSet) { - claimsSet.issueTime(Date.from(clock.instant())); + public Map claims() { + return Map.of(JWTClaimNames.ISSUED_AT, Date.from(clock.instant())); + } + + @Override + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecorator.java index df9c71a22..673ca7372 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecorator.java @@ -13,8 +13,8 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import java.util.Collections; +import java.util.Map; import lombok.RequiredArgsConstructor; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; @@ -22,7 +22,12 @@ public class IdsAudJwtDecorator implements JwtDecorator { @Override - public void decorate(final JWSHeader.Builder header, final JWTClaimsSet.Builder claimsSet) { - claimsSet.audience("idsc:IDS_CONNECTORS_ALL"); + public Map claims() { + return Map.of(JWTClaimNames.AUDIENCE, Collections.singletonList("idsc:IDS_CONNECTORS_ALL")); + } + + @Override + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecorator.java index 54daf908e..32303d14a 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecorator.java @@ -13,8 +13,7 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; @@ -25,7 +24,12 @@ public class IssJwtDecorator implements JwtDecorator { @NonNull private final String clientId; @Override - public void decorate(final JWSHeader.Builder header, final JWTClaimsSet.Builder claimsSet) { - claimsSet.issuer(clientId); + public Map claims() { + return Map.of(JWTClaimNames.ISSUER, clientId); + } + + @Override + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JWTClaimNames.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JWTClaimNames.java new file mode 100644 index 000000000..f1649b8c0 --- /dev/null +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JWTClaimNames.java @@ -0,0 +1,24 @@ +/* + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * Mercedes-Benz Tech Innovation GmbH - Initial API and Implementation + * + */ +package net.catenax.edc.oauth2.jwt.decorator; + +public final class JWTClaimNames { + public static final String ISSUER = "iss"; + public static final String SUBJECT = "sub"; + public static final String AUDIENCE = "aud"; + public static final String EXPIRATION_TIME = "exp"; + public static final String NOT_BEFORE = "nbf"; + public static final String ISSUED_AT = "iat"; + public static final String JWT_ID = "jti"; +} diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecorator.java index 6815a4ad5..39590d1a6 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecorator.java @@ -13,17 +13,19 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import java.util.Map; import java.util.UUID; -import lombok.NonNull; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; public class JtiJwtDecorator implements JwtDecorator { @Override - public void decorate( - @NonNull final JWSHeader.Builder header, @NonNull final JWTClaimsSet.Builder claimsSet) { - claimsSet.jwtID(UUID.randomUUID().toString()); + public Map claims() { + return Map.of(JWTClaimNames.JWT_ID, UUID.randomUUID().toString()); + } + + @Override + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JwtDecoratorExtension.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JwtDecoratorExtension.java index fdff18d80..7f551fcc4 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JwtDecoratorExtension.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/JwtDecoratorExtension.java @@ -21,12 +21,12 @@ import lombok.NonNull; import lombok.Setter; import org.eclipse.dataspaceconnector.iam.oauth2.spi.Oauth2JwtDecoratorRegistry; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.EdcException; -import org.eclipse.dataspaceconnector.spi.EdcSetting; import org.eclipse.dataspaceconnector.spi.security.CertificateResolver; -import org.eclipse.dataspaceconnector.spi.system.Inject; -import org.eclipse.dataspaceconnector.spi.system.Provides; -import org.eclipse.dataspaceconnector.spi.system.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecorator.java index d0a9b459c..951fd8791 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecorator.java @@ -13,8 +13,7 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; @@ -24,7 +23,12 @@ public class SubJwtDecorator implements JwtDecorator { @NonNull private final String subject; @Override - public void decorate(final JWSHeader.Builder header, final JWTClaimsSet.Builder claimsSet) { - claimsSet.subject(subject); + public Map claims() { + return Map.of(JWTClaimNames.SUBJECT, subject); + } + + @Override + public Map headers() { + return Map.of(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/X5tJwtDecorator.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/X5tJwtDecorator.java index 9d34c0307..9b8903936 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/X5tJwtDecorator.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/decorator/X5tJwtDecorator.java @@ -13,12 +13,11 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; import com.nimbusds.jose.util.Base64URL; -import com.nimbusds.jwt.JWTClaimsSet; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Base64; +import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; import org.eclipse.dataspaceconnector.spi.EdcException; @@ -30,12 +29,6 @@ public class X5tJwtDecorator implements JwtDecorator { @NonNull private final byte[] encodedCertificate; - @Override - public void decorate( - @NonNull final JWSHeader.Builder header, @NonNull final JWTClaimsSet.Builder claimsSet) { - header.x509CertThumbprint(new Base64URL(sha1Base64Fingerprint(encodedCertificate))); - } - public static String sha1Base64Fingerprint(final byte[] bytes) { try { final MessageDigest messageDigest = MessageDigest.getInstance(SHA_1); @@ -45,4 +38,14 @@ public static String sha1Base64Fingerprint(final byte[] bytes) { throw new EdcException(e); } } + + @Override + public Map claims() { + return Map.of(); + } + + @Override + public Map headers() { + return Map.of("x5t", new Base64URL(sha1Base64Fingerprint(encodedCertificate))); + } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationService.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationService.java index e26e461ef..b4c4f3a27 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationService.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationService.java @@ -26,7 +26,7 @@ import com.nimbusds.jwt.SignedJWT; import java.security.PrivateKey; import java.security.interfaces.ECPrivateKey; -import java.util.Arrays; +import java.util.Map.Entry; import lombok.NonNull; import lombok.SneakyThrows; import org.eclipse.dataspaceconnector.spi.EdcException; @@ -76,11 +76,16 @@ private static JWSAlgorithm getJWSAlgorithm(@NonNull final String algorithm) { @Override public Result generate(@NotNull @NonNull final JwtDecorator... decorators) { + final JWSHeader.Builder headerBuilder = new JWSHeader.Builder(jwsAlgorithm); final JWTClaimsSet.Builder claimsBuilder = new JWTClaimsSet.Builder(); - Arrays.stream(decorators) - .forEach(decorator -> decorator.decorate(headerBuilder, claimsBuilder)); + for (JwtDecorator decorator : decorators) { + for (Entry claim : decorator.claims().entrySet()) { + claimsBuilder.claim(claim.getKey(), claim.getValue()); + } + headerBuilder.customParams(decorator.headers()); + } final JWTClaimsSet jwtClaimSet = claimsBuilder.build(); diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationServiceExtension.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationServiceExtension.java index eb869ec32..0fcdf35f6 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationServiceExtension.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/generator/JwtTokenGenerationServiceExtension.java @@ -16,12 +16,12 @@ import java.security.PrivateKey; import lombok.NonNull; import lombok.Setter; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.jwt.TokenGenerationService; import org.eclipse.dataspaceconnector.spi.security.PrivateKeyResolver; -import org.eclipse.dataspaceconnector.spi.system.Inject; -import org.eclipse.dataspaceconnector.spi.system.Provides; -import org.eclipse.dataspaceconnector.spi.system.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRule.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRule.java index 3d05e7f75..3f46930ff 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRule.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/AudValidationRule.java @@ -13,19 +13,18 @@ */ package net.catenax.edc.oauth2.jwt.validation; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; -import java.text.ParseException; import java.util.ArrayList; import java.util.List; import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; import lombok.SneakyThrows; -import org.eclipse.dataspaceconnector.spi.EdcException; +import net.catenax.edc.oauth2.jwt.decorator.JWTClaimNames; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationRule; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.eclipse.dataspaceconnector.spi.result.Result; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @RequiredArgsConstructor @@ -42,12 +41,15 @@ public class AudValidationRule implements TokenValidationRule { */ @Override @SneakyThrows - public Result checkRule(SignedJWT toVerify, @Nullable Map additional) { - try { - final JWTClaimsSet claimsSet = toVerify.getJWTClaimsSet(); - final List errors = new ArrayList<>(); + public Result checkRule( + @NotNull ClaimToken toVerify, @Nullable Map additional) { + final List errors = new ArrayList<>(); - final List audiences = claimsSet.getAudience(); + final Object claim = toVerify.getClaims().get(JWTClaimNames.AUDIENCE); + if (!(claim instanceof List)) { + errors.add("Audience claim is not a list"); + } else { + final List audiences = (List) claim; audiences.forEach(a -> monitor.info("RECEIVED DAP AUDIENCE TO VERIFY: " + a)); if (audiences.isEmpty()) { @@ -55,17 +57,12 @@ public Result checkRule(SignedJWT toVerify, @Nullable Map checkRule(SignedJWT toVerify, @Nullable Map additional) { - try { - final JWTClaimsSet claimsSet = toVerify.getJWTClaimsSet(); - final List errors = new ArrayList<>(); + public Result checkRule( + @NotNull ClaimToken toVerify, @Nullable Map additional) { + final List errors = new ArrayList<>(); - final Instant now = clock.instant(); - final Date expires = claimsSet.getExpirationTime(); - var expiresSet = expires != null; - if (!expiresSet) { - errors.add("Required expiration time (exp) claim is missing in token"); - } else if (now.isAfter(convertToUtcTime(expires))) { + final Instant now = clock.instant(); + final Object claim = toVerify.getClaims().get(JWTClaimNames.EXPIRATION_TIME); + if (!(claim instanceof Date)) { + errors.add("Required expiration (exp) claim is missing in token"); + } else { + final Date expires = (Date) claim; + if (now.isAfter(convertToUtcTime(expires))) { errors.add("Token has expired (exp)"); } + } - if (errors.isEmpty()) { - return Result.success(toVerify); - } else { - return Result.failure(errors); - } - } catch (final ParseException parseException) { - throw new EdcException( - String.format( - "%s: unable to parse SignedJWT (%s)", - this.getClass().getSimpleName(), parseException.getMessage())); + if (errors.isEmpty()) { + return Result.success(); + } else { + return Result.failure(errors); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRule.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRule.java index d4959e4e0..a5185e559 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRule.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IatValidationRule.java @@ -15,9 +15,6 @@ import static java.time.ZoneOffset.UTC; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; -import java.text.ParseException; import java.time.Clock; import java.time.Instant; import java.time.ZonedDateTime; @@ -27,9 +24,11 @@ import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; -import org.eclipse.dataspaceconnector.spi.EdcException; +import net.catenax.edc.oauth2.jwt.decorator.JWTClaimNames; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationRule; import org.eclipse.dataspaceconnector.spi.result.Result; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @RequiredArgsConstructor @@ -43,31 +42,31 @@ public class IatValidationRule implements TokenValidationRule { * @param additional No more additional information needed for this validation, can be null. */ @Override - public Result checkRule(SignedJWT toVerify, @Nullable Map additional) { - try { - JWTClaimsSet claimsSet = toVerify.getJWTClaimsSet(); - List errors = new ArrayList<>(); + public Result checkRule( + @NotNull ClaimToken toVerify, @Nullable Map additional) { + List errors = new ArrayList<>(); - Instant now = clock.instant(); - Date issuedAt = claimsSet.getIssueTime(); - if (claimsSet.getExpirationTime() != null) { - if (issuedAt.toInstant().isAfter(claimsSet.getExpirationTime().toInstant())) { + Instant now = clock.instant(); + final Object issuedAtClaim = toVerify.getClaims().get(JWTClaimNames.ISSUED_AT); + if (!(issuedAtClaim instanceof Date)) { + errors.add("Issued at (iat) claim is missing in token"); + } else { + final Object expirationTimeClaim = toVerify.getClaims().get(JWTClaimNames.EXPIRATION_TIME); + if (expirationTimeClaim instanceof Date) { + Date expirationTime = (Date) expirationTimeClaim; + Date issuedAt = (Date) issuedAtClaim; + if (issuedAt.toInstant().isAfter(expirationTime.toInstant())) { errors.add("Issued at (iat) claim is after expiration time (exp) claim in token"); } else if (now.isBefore(convertToUtcTime(issuedAt))) { errors.add("Current date/time before issued at (iat) claim in token"); } } + } - if (errors.isEmpty()) { - return Result.success(toVerify); - } else { - return Result.failure(errors); - } - } catch (final ParseException parseException) { - throw new EdcException( - String.format( - "%s: unable to parse SignedJWT (%s)", - this.getClass().getSimpleName(), parseException.getMessage())); + if (errors.isEmpty()) { + return Result.success(); + } else { + return Result.failure(errors); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IdsValidationRule.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IdsValidationRule.java index 5d3220cbd..6a61cd6bf 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IdsValidationRule.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/IdsValidationRule.java @@ -14,12 +14,12 @@ package net.catenax.edc.oauth2.jwt.validation; -import com.nimbusds.jwt.SignedJWT; -import java.text.ParseException; import java.util.Map; import org.eclipse.dataspaceconnector.spi.EdcException; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationRule; import org.eclipse.dataspaceconnector.spi.result.Result; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; public class IdsValidationRule implements TokenValidationRule { @@ -31,7 +31,8 @@ public IdsValidationRule(boolean validateReferring) { /** Validates the JWT by checking extended IDS rules. */ @Override - public Result checkRule(SignedJWT jwt, @Nullable Map additional) { + public Result checkRule( + @NotNull ClaimToken toVerify, @Nullable Map additional) { if (additional != null) { var issuerConnector = additional.get("issuerConnector"); if (issuerConnector == null) { @@ -43,44 +44,36 @@ public Result checkRule(SignedJWT jwt, @Nullable Map securityProfile = additional.get("securityProfile").toString(); } - return verifyTokenIds(jwt, issuerConnector.toString(), securityProfile); + return verifyTokenIds(additional, issuerConnector.toString(), securityProfile); } else { throw new EdcException("Missing required additional information for IDS token validation"); } } - private Result verifyTokenIds( - SignedJWT jwt, String issuerConnector, @Nullable String securityProfile) { - try { - var claims = jwt.getJWTClaimsSet().getClaims(); + private Result verifyTokenIds( + Map claims, String issuerConnector, @Nullable String securityProfile) { - // referringConnector (DAT, optional) vs issuerConnector (Message-Header, - // mandatory) - var referringConnector = claims.get("referringConnector"); + // referringConnector (DAT, optional) vs issuerConnector (Message-Header, + // mandatory) + var referringConnector = claims.get("referringConnector"); - if (validateReferring && !issuerConnector.equals(referringConnector)) { - return Result.failure( - "referingConnector in token does not match issuerConnector in message"); - } + if (validateReferring && !issuerConnector.equals(referringConnector)) { + return Result.failure("referingConnector in token does not match issuerConnector in message"); + } - // securityProfile (DAT, mandatory) vs securityProfile (Message-Payload, - // optional) - try { - var tokenSecurityProfile = claims.get("securityProfile"); + // securityProfile (DAT, mandatory) vs securityProfile (Message-Payload, + // optional) + try { + var tokenSecurityProfile = claims.get("securityProfile"); - if (securityProfile != null && !securityProfile.equals(tokenSecurityProfile)) { - return Result.failure( - "securityProfile in token does not match securityProfile in payload"); - } - } catch (Exception e) { - // Nothing to do, payload mostly no connector instance + if (securityProfile != null && !securityProfile.equals(tokenSecurityProfile)) { + return Result.failure("securityProfile in token does not match securityProfile in payload"); } - } catch (ParseException e) { - throw new EdcException( - "IdsValidationRule: unable to parse SignedJWT (" + e.getMessage() + ")"); + } catch (Exception e) { + // Nothing to do, payload mostly no connector instance } - return Result.success(jwt); + return Result.success(); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/JwtValidationExtension.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/JwtValidationExtension.java index 310c979de..c4e5d9ff4 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/JwtValidationExtension.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/JwtValidationExtension.java @@ -28,11 +28,11 @@ import net.catenax.edc.oauth2.jwk.RsaPublicKeyReader; import okhttp3.OkHttpClient; import org.eclipse.dataspaceconnector.iam.oauth2.spi.Oauth2ValidationRulesRegistry; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Inject; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationService; -import org.eclipse.dataspaceconnector.spi.system.Inject; -import org.eclipse.dataspaceconnector.spi.system.Provides; -import org.eclipse.dataspaceconnector.spi.system.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/NbfValidationRule.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/NbfValidationRule.java index 8c4ab3429..88672b8cb 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/NbfValidationRule.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/NbfValidationRule.java @@ -15,9 +15,6 @@ import static java.time.ZoneOffset.UTC; -import com.nimbusds.jwt.JWTClaimsSet; -import com.nimbusds.jwt.SignedJWT; -import java.text.ParseException; import java.time.Clock; import java.time.Duration; import java.time.Instant; @@ -28,9 +25,11 @@ import java.util.Map; import lombok.NonNull; import lombok.RequiredArgsConstructor; -import org.eclipse.dataspaceconnector.spi.EdcException; +import net.catenax.edc.oauth2.jwt.decorator.JWTClaimNames; +import org.eclipse.dataspaceconnector.spi.iam.ClaimToken; import org.eclipse.dataspaceconnector.spi.jwt.TokenValidationRule; import org.eclipse.dataspaceconnector.spi.result.Result; +import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @RequiredArgsConstructor @@ -46,31 +45,27 @@ public class NbfValidationRule implements TokenValidationRule { * @param additional No more additional information needed for this validation, can be null. */ @Override - public Result checkRule( - final SignedJWT toVerify, @Nullable final Map additional) { - try { - final JWTClaimsSet claimsSet = toVerify.getJWTClaimsSet(); - final List errors = new ArrayList<>(); + public Result checkRule( + @NotNull ClaimToken toVerify, @Nullable Map additional) { + final List errors = new ArrayList<>(); - final Instant now = clock.instant(); - final Instant leewayNow = now.plusSeconds(notBeforeValidationLeeway.toSeconds()); - final Date notBefore = claimsSet.getNotBeforeTime(); - if (notBefore == null) { - errors.add("Required not before (nbf) claim is missing in token"); - } else if (leewayNow.isBefore(dateToInstant(notBefore))) { + final Instant now = clock.instant(); + final Instant leewayNow = now.plusSeconds(notBeforeValidationLeeway.toSeconds()); + + final Object claim = toVerify.getClaims().get(JWTClaimNames.NOT_BEFORE); + if (!(claim instanceof Date)) { + errors.add("Required not before (nbf) claim is missing in token"); + } else { + final Date notBefore = (Date) claim; + if (leewayNow.isBefore(dateToInstant(notBefore))) { errors.add("Current date/time with leeway before the not before (nbf) claim in token"); } + } - if (errors.isEmpty()) { - return Result.success(toVerify); - } else { - return Result.failure(errors); - } - } catch (final ParseException parseException) { - throw new EdcException( - String.format( - "%s: unable to parse SignedJWT (%s)", - this.getClass().getSimpleName(), parseException.getMessage())); + if (errors.isEmpty()) { + return Result.success(); + } else { + return Result.failure(errors); } } diff --git a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/TokenValidationServiceImpl.java b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/TokenValidationServiceImpl.java index 0ca7d3eeb..6a7e4e17f 100644 --- a/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/TokenValidationServiceImpl.java +++ b/edc-extensions/cx-oauth2/src/main/java/net/catenax/edc/oauth2/jwt/validation/TokenValidationServiceImpl.java @@ -63,10 +63,11 @@ public Result validate(@NonNull final TokenRepresentation tokenRepre } claimsSet = signedJwt.getJWTClaimsSet(); + var claimToken = ClaimToken.Builder.newInstance().claims(claimsSet.getClaims()).build(); final List errors = rulesRegistry.getRules().stream() - .map(r -> r.checkRule(signedJwt, additional)) + .map(r -> r.checkRule(claimToken, additional)) .filter(Result::failed) .map(Result::getFailureMessages) .flatMap(Collection::stream) diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecoratorTest.java index 52921d1f9..99ed5ae93 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/DapsJwtDecoratorTest.java @@ -13,10 +13,8 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; class DapsJwtDecoratorTest { @@ -24,17 +22,11 @@ class DapsJwtDecoratorTest { void decorate() { final DapsJwtDecorator decorator = new DapsJwtDecorator(); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = Mockito.mock(JWTClaimsSet.Builder.class); + Assertions.assertTrue(decorator.claims().containsKey("@context")); + Assertions.assertEquals( + "https://w3id.org/idsa/contexts/context.jsonld", decorator.claims().get("@context")); - Mockito.when(claimsSetBuilder.claim(Mockito.anyString(), Mockito.anyString())) - .thenReturn(claimsSetBuilder); - - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - - Mockito.verify(claimsSetBuilder, Mockito.times(1)) - .claim("@context", "https://w3id.org/idsa/contexts/context.jsonld"); - Mockito.verify(claimsSetBuilder, Mockito.times(1)).claim("@type", "ids:DatRequestToken"); - Mockito.verifyNoMoreInteractions(jwsHeaderBuilder, claimsSetBuilder); + Assertions.assertTrue(decorator.claims().containsKey("@type")); + Assertions.assertEquals("ids:DatRequestToken", decorator.claims().get("@type")); } } diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecoratorTest.java index a5e36561f..fe5a3e903 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/ExpJwtDecoratorTest.java @@ -13,8 +13,6 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.time.Clock; import java.time.Duration; import java.time.Instant; @@ -32,15 +30,11 @@ void decorate() { final ExpJwtDecorator decorator = new ExpJwtDecorator(clock, expiration); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder(); - Mockito.when(clock.instant()).thenReturn(Instant.ofEpochSecond(0)); - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - JWTClaimsSet jwtClaimsSet = claimsSetBuilder.build(); - Assertions.assertNotNull(jwtClaimsSet.getExpirationTime()); - Assertions.assertEquals(new Date(100000), jwtClaimsSet.getExpirationTime()); + Assertions.assertTrue(decorator.claims().containsKey(JWTClaimNames.EXPIRATION_TIME)); + Assertions.assertEquals( + new Date(100000), decorator.claims().get(JWTClaimNames.EXPIRATION_TIME)); } @Test diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecoratorTest.java index 9f37c4338..898903e62 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IatJwtDecoratorTest.java @@ -13,8 +13,6 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.time.Clock; import java.time.Instant; import java.util.Date; @@ -30,15 +28,10 @@ void decorate() { final IatJwtDecorator decorator = new IatJwtDecorator(clock); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder(); - Mockito.when(clock.instant()).thenReturn(Instant.ofEpochSecond(0)); - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - JWTClaimsSet jwtClaimsSet = claimsSetBuilder.build(); - Assertions.assertNotNull(jwtClaimsSet.getIssueTime()); - Assertions.assertEquals(new Date(0), jwtClaimsSet.getIssueTime()); + Assertions.assertTrue(decorator.claims().containsKey(JWTClaimNames.ISSUED_AT)); + Assertions.assertEquals(new Date(0), decorator.claims().get(JWTClaimNames.ISSUED_AT)); } @Test diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecoratorTest.java index 8f5ac315b..b9180e5ec 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IdsAudJwtDecoratorTest.java @@ -14,10 +14,9 @@ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; +import java.util.List; +import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; class IdsAudJwtDecoratorTest { @@ -26,12 +25,8 @@ void decorate() { final String expectedAudience = "idsc:IDS_CONNECTORS_ALL"; final IdsAudJwtDecorator decorator = new IdsAudJwtDecorator(); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = Mockito.mock(JWTClaimsSet.Builder.class); - - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - - Mockito.verify(claimsSetBuilder, Mockito.times(1)).audience(expectedAudience); - Mockito.verifyNoMoreInteractions(jwsHeaderBuilder, claimsSetBuilder); + Assertions.assertTrue(decorator.claims().containsKey(JWTClaimNames.AUDIENCE)); + Assertions.assertEquals( + List.of(expectedAudience), decorator.claims().get(JWTClaimNames.AUDIENCE)); } } diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecoratorTest.java index e74d0ea85..fba6a1d52 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/IssJwtDecoratorTest.java @@ -13,12 +13,9 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.util.UUID; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; class IssJwtDecoratorTest { @@ -27,13 +24,8 @@ void decorate() { final String expectedIssuer = UUID.randomUUID().toString(); final IssJwtDecorator decorator = new IssJwtDecorator(expectedIssuer); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = Mockito.mock(JWTClaimsSet.Builder.class); - - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - - Mockito.verify(claimsSetBuilder, Mockito.times(1)).issuer(expectedIssuer); - Mockito.verifyNoMoreInteractions(jwsHeaderBuilder, claimsSetBuilder); + Assertions.assertTrue(decorator.claims().containsKey(JWTClaimNames.ISSUER)); + Assertions.assertEquals(expectedIssuer, decorator.claims().get(JWTClaimNames.ISSUER)); } @Test diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecoratorTest.java index ccc6e3dc8..681113b38 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/JtiJwtDecoratorTest.java @@ -13,11 +13,8 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; class JtiJwtDecoratorTest { @@ -25,12 +22,6 @@ class JtiJwtDecoratorTest { void decorate() { final JtiJwtDecorator decorator = new JtiJwtDecorator(); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = new JWTClaimsSet.Builder(); - - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - - JWTClaimsSet jwtClaimsSet = claimsSetBuilder.build(); - Assertions.assertNotNull(jwtClaimsSet.getJWTID()); + Assertions.assertTrue(decorator.claims().containsKey(JWTClaimNames.JWT_ID)); } } diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/Oauth2JwtDecoratorRegistryRegistryImplTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/Oauth2JwtDecoratorRegistryRegistryImplTest.java index fa81fb35d..e11b78a38 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/Oauth2JwtDecoratorRegistryRegistryImplTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/Oauth2JwtDecoratorRegistryRegistryImplTest.java @@ -13,9 +13,8 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.util.Arrays; +import java.util.Map; import org.eclipse.dataspaceconnector.spi.jwt.JwtDecorator; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; @@ -72,16 +71,37 @@ void test() { private static class A_JwtDecorator implements JwtDecorator { @Override - public void decorate(JWSHeader.Builder header, JWTClaimsSet.Builder claimsSet) {} + public Map claims() { + return null; + } + + @Override + public Map headers() { + return null; + } } private static class B_JwtDecorator implements JwtDecorator { @Override - public void decorate(JWSHeader.Builder header, JWTClaimsSet.Builder claimsSet) {} + public Map claims() { + return null; + } + + @Override + public Map headers() { + return null; + } } private static class C_JwtDecorator implements JwtDecorator { @Override - public void decorate(JWSHeader.Builder header, JWTClaimsSet.Builder claimsSet) {} + public Map claims() { + return null; + } + + @Override + public Map headers() { + return null; + } } } diff --git a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecoratorTest.java b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecoratorTest.java index d86ac0f02..4dc4f32eb 100644 --- a/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecoratorTest.java +++ b/edc-extensions/cx-oauth2/src/test/java/net/catenax/edc/oauth2/jwt/decorator/SubJwtDecoratorTest.java @@ -13,12 +13,9 @@ */ package net.catenax.edc.oauth2.jwt.decorator; -import com.nimbusds.jose.JWSHeader; -import com.nimbusds.jwt.JWTClaimsSet; import java.util.UUID; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.Test; -import org.mockito.Mockito; class SubJwtDecoratorTest { @@ -27,13 +24,8 @@ void decorate() { final String expectedSubject = UUID.randomUUID().toString(); final SubJwtDecorator decorator = new SubJwtDecorator(expectedSubject); - final JWSHeader.Builder jwsHeaderBuilder = Mockito.mock(JWSHeader.Builder.class); - final JWTClaimsSet.Builder claimsSetBuilder = Mockito.mock(JWTClaimsSet.Builder.class); - - decorator.decorate(jwsHeaderBuilder, claimsSetBuilder); - - Mockito.verify(claimsSetBuilder, Mockito.times(1)).subject(expectedSubject); - Mockito.verifyNoMoreInteractions(jwsHeaderBuilder, claimsSetBuilder); + Assertions.assertTrue(decorator.claims().containsKey(JWTClaimNames.SUBJECT)); + Assertions.assertEquals(expectedSubject, decorator.claims().get(JWTClaimNames.SUBJECT)); } @Test diff --git a/edc-extensions/data-encryption/pom.xml b/edc-extensions/data-encryption/pom.xml index 031ad7d21..0d1dad90d 100644 --- a/edc-extensions/data-encryption/pom.xml +++ b/edc-extensions/data-encryption/pom.xml @@ -18,7 +18,7 @@ edc-extensions net.catenax.edc.extensions - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/DataEncryptionExtension.java b/edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/DataEncryptionExtension.java index 5f9446dfa..ac5d2898b 100644 --- a/edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/DataEncryptionExtension.java +++ b/edc-extensions/data-encryption/src/main/java/net/catenax/edc/data/encryption/DataEncryptionExtension.java @@ -22,12 +22,12 @@ import net.catenax.edc.data.encryption.key.CryptoKeyFactory; import net.catenax.edc.data.encryption.key.CryptoKeyFactoryImpl; import net.catenax.edc.data.encryption.provider.AesKeyProvider; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.EdcException; -import org.eclipse.dataspaceconnector.spi.EdcSetting; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; import org.eclipse.dataspaceconnector.spi.security.Vault; -import org.eclipse.dataspaceconnector.spi.system.Provides; -import org.eclipse.dataspaceconnector.spi.system.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; import org.eclipse.dataspaceconnector.transfer.dataplane.spi.security.DataEncrypter; diff --git a/edc-extensions/dataplane-selector-configuration/pom.xml b/edc-extensions/dataplane-selector-configuration/pom.xml index 524376a42..5ce58e204 100644 --- a/edc-extensions/dataplane-selector-configuration/pom.xml +++ b/edc-extensions/dataplane-selector-configuration/pom.xml @@ -18,7 +18,7 @@ edc-extensions net.catenax.edc.extensions - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-extensions/dataplane-selector-configuration/src/main/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtension.java b/edc-extensions/dataplane-selector-configuration/src/main/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtension.java index cd9a04271..976d468d9 100644 --- a/edc-extensions/dataplane-selector-configuration/src/main/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtension.java +++ b/edc-extensions/dataplane-selector-configuration/src/main/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtension.java @@ -24,10 +24,10 @@ import java.util.stream.Collectors; import org.eclipse.dataspaceconnector.dataplane.selector.DataPlaneSelectorService; import org.eclipse.dataspaceconnector.dataplane.selector.instance.DataPlaneInstanceImpl; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.EdcException; -import org.eclipse.dataspaceconnector.spi.EdcSetting; import org.eclipse.dataspaceconnector.spi.monitor.Monitor; -import org.eclipse.dataspaceconnector.spi.system.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; import org.eclipse.dataspaceconnector.spi.system.configuration.Config; @@ -53,25 +53,32 @@ * edc.dataplane.selector..url * URL to connect to the Data Plane Instance. * X - * http://localhost:8181/control/transfer + * http://localhost:8181/control/transfer * * - * edc.dataplane.selector..sourcetypes + * edc.dataplane.selector..sourcetypes * Source Types in a comma separated List. * X * HttpData * * - * edc.dataplane.selector..destinationtypes + * edc.dataplane.selector..destinationtypes * Destination Types in a comma separated List. * X * HttpProxy * * - * edc.dataplane.selector..properties - * Additional properties of the Data Plane Instance. + * edc.dataplane.selector..properties + * Additional properties of the Data Plane + * Instance. * (X) - * { "publicApiUrl:": "http://localhost:8181/api/public" } + * { "publicApiUrl:": "http://localhost:8181/api/public" + * } * * * diff --git a/edc-extensions/dataplane-selector-configuration/src/test/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtensionEdcExtensionTest.java b/edc-extensions/dataplane-selector-configuration/src/test/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtensionEdcExtensionTest.java index 8d162e0d3..6ace3d84c 100644 --- a/edc-extensions/dataplane-selector-configuration/src/test/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtensionEdcExtensionTest.java +++ b/edc-extensions/dataplane-selector-configuration/src/test/java/net/catenax/edc/dataplane/selector/configuration/DataPlaneSelectorConfigurationServiceExtensionEdcExtensionTest.java @@ -18,7 +18,7 @@ import java.util.Map; import org.eclipse.dataspaceconnector.dataplane.selector.DataPlaneSelectorService; import org.eclipse.dataspaceconnector.junit.extensions.EdcExtension; -import org.eclipse.dataspaceconnector.spi.system.Provides; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; import org.eclipse.dataspaceconnector.spi.types.domain.DataAddress; diff --git a/edc-extensions/hashicorp-vault/pom.xml b/edc-extensions/hashicorp-vault/pom.xml index 9d3dbec38..b3806c341 100644 --- a/edc-extensions/hashicorp-vault/pom.xml +++ b/edc-extensions/hashicorp-vault/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc.extensions edc-extensions - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/AbstractHashicorpVaultExtension.java b/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/AbstractHashicorpVaultExtension.java index 4512e8512..23486385a 100644 --- a/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/AbstractHashicorpVaultExtension.java +++ b/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/AbstractHashicorpVaultExtension.java @@ -16,7 +16,7 @@ import java.time.Duration; import okhttp3.OkHttpClient; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; /** diff --git a/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultHealthExtension.java b/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultHealthExtension.java index 9e904a2c7..62bc5bc00 100644 --- a/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultHealthExtension.java +++ b/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultHealthExtension.java @@ -15,8 +15,8 @@ package net.catenax.edc.hashicorpvault; import okhttp3.OkHttpClient; -import org.eclipse.dataspaceconnector.spi.EdcSetting; -import org.eclipse.dataspaceconnector.spi.system.Requires; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Requires; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; import org.eclipse.dataspaceconnector.spi.system.health.HealthCheckService; diff --git a/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultVaultExtension.java b/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultVaultExtension.java index f6afafb07..c7bfc6674 100644 --- a/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultVaultExtension.java +++ b/edc-extensions/hashicorp-vault/src/main/java/net/catenax/edc/hashicorpvault/HashicorpVaultVaultExtension.java @@ -17,11 +17,11 @@ package net.catenax.edc.hashicorpvault; import okhttp3.OkHttpClient; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.Provides; import org.eclipse.dataspaceconnector.spi.security.CertificateResolver; import org.eclipse.dataspaceconnector.spi.security.PrivateKeyResolver; import org.eclipse.dataspaceconnector.spi.security.Vault; import org.eclipse.dataspaceconnector.spi.security.VaultPrivateKeyResolver; -import org.eclipse.dataspaceconnector.spi.system.Provides; import org.eclipse.dataspaceconnector.spi.system.ServiceExtension; import org.eclipse.dataspaceconnector.spi.system.ServiceExtensionContext; diff --git a/edc-extensions/pom.xml b/edc-extensions/pom.xml index 4517e418e..e6e64c87a 100644 --- a/edc-extensions/pom.xml +++ b/edc-extensions/pom.xml @@ -17,7 +17,7 @@ net.catenax.edc product-edc-parent - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-extensions/postgresql-migration/pom.xml b/edc-extensions/postgresql-migration/pom.xml index 3075a9632..f31e80aad 100644 --- a/edc-extensions/postgresql-migration/pom.xml +++ b/edc-extensions/postgresql-migration/pom.xml @@ -17,7 +17,7 @@ edc-extensions net.catenax.edc.extensions - 0.1.1 + 0.1.2 4.0.0 diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java index 1834cde8f..31285de95 100644 --- a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractDefinitionPostgresqlMigrationExtension.java @@ -14,7 +14,7 @@ package net.catenax.edc.postgresql.migration; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; public class ContractDefinitionPostgresqlMigrationExtension extends AbstractPostgresqlMigrationExtension { diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java index 8c732742f..b198b4834 100644 --- a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/ContractNegotiationPostgresqlMigrationExtension.java @@ -14,7 +14,7 @@ package net.catenax.edc.postgresql.migration; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; public class ContractNegotiationPostgresqlMigrationExtension extends AbstractPostgresqlMigrationExtension { diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java index 9e3b64ff9..5e6333ad1 100644 --- a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/PolicyPostgresqlMigrationExtension.java @@ -14,7 +14,7 @@ package net.catenax.edc.postgresql.migration; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; public class PolicyPostgresqlMigrationExtension extends AbstractPostgresqlMigrationExtension { private static final String NAME_SUBSYSTEM = "policy"; diff --git a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java index 4ef0d97f4..f17373cf5 100644 --- a/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java +++ b/edc-extensions/postgresql-migration/src/main/java/net/catenax/edc/postgresql/migration/TransferProcessPostgresqlMigrationExtension.java @@ -14,7 +14,7 @@ package net.catenax.edc.postgresql.migration; -import org.eclipse.dataspaceconnector.spi.EdcSetting; +import org.eclipse.dataspaceconnector.runtime.metamodel.annotation.EdcSetting; public class TransferProcessPostgresqlMigrationExtension extends AbstractPostgresqlMigrationExtension { diff --git a/edc-tests/pom.xml b/edc-tests/pom.xml index 242c456c8..2c3e66e79 100644 --- a/edc-tests/pom.xml +++ b/edc-tests/pom.xml @@ -19,7 +19,7 @@ net.catenax.edc product-edc-parent - 0.1.1 + 0.1.2 net.catenax.edc.tests @@ -30,7 +30,7 @@ ${project.groupId}_${project.artifactId} 2.9.1 4.5.13 - 1.4.0 + 1.4.1 1.7.36 diff --git a/edc-tests/src/main/resources/deployment/helm/all-in-one/Chart.yaml b/edc-tests/src/main/resources/deployment/helm/all-in-one/Chart.yaml index 63ee4b5b7..ab8eee0cd 100644 --- a/edc-tests/src/main/resources/deployment/helm/all-in-one/Chart.yaml +++ b/edc-tests/src/main/resources/deployment/helm/all-in-one/Chart.yaml @@ -35,12 +35,12 @@ dependencies: # PLATO CONNECTOR - name: edc-controlplane version: ">=0.0.1" - repository: "file://../../../../../../../deployment/helm/edc-controlplane" + repository: "file://../../../../../../../charts/edc-controlplane" alias: platoedccontrolplane condition: platoedccontrolplane.enabled - name: edc-dataplane version: ">=0.0.1" - repository: "file://../../../../../../../deployment/helm/edc-dataplane" + repository: "file://../../../../../../../charts/edc-dataplane" alias: platoedcdataplane condition: platoedcdataplane.enabled - name: backend-service @@ -62,12 +62,12 @@ dependencies: # SOKRATES CONNECTOR - name: edc-controlplane version: ">=0.0.1" - repository: "file://../../../../../../../deployment/helm/edc-controlplane" + repository: "file://../../../../../../../charts/edc-controlplane" alias: sokratesedccontrolplane condition: sokratesedccontrolplane.enabled - name: edc-dataplane version: ">=0.0.1" - repository: "file://../../../../../../../deployment/helm/edc-dataplane" + repository: "file://../../../../../../../charts/edc-dataplane" alias: sokratesedcdataplane condition: sokratesedcdataplane.enabled - name: backend-service diff --git a/pom.xml b/pom.xml index d029601c0..2e858d861 100644 --- a/pom.xml +++ b/pom.xml @@ -18,7 +18,7 @@ net.catenax.edc product-edc-parent - 0.1.1 + 0.1.2 pom product-edc @@ -47,8 +47,8 @@ 3.3.0 - 3.2.2 - 2.25.0 + 3.3.0 + 2.27.1 3.1.0 3.4.1 2.0.0 @@ -63,26 +63,28 @@ 1.1.0 3.9.1.2184 4.2.0 + 0.0.1-SNAPSHOT - 0.0.1-20220902-SNAPSHOT + 0.0.1-20220922-SNAPSHOT 1.2.2 42.5.0 - 9.2.2 + 9.3.1 + 8.23 - 5.9.0 + 5.9.1 1.8.2 - 7.6.0 - 5.1.1 + 7.8.0 + 5.2.0 1.1.0 - 4.7.0 + 4.8.0 1.18.24 1.70 4.9.3 1.17.3 2.0.0-beta1 - 1.4.0 + 1.4.1 2.2 @@ -112,6 +114,16 @@ Fraunhofer IAIS https://maven.iais.fraunhofer.de/artifactory/eis-ids-public + + dash-licenses-snapshots + https://repo.eclipse.org/content/repositories/dash-licenses-snapshots + + true + + + false + + @@ -192,6 +204,11 @@ maven-compiler-plugin ${org.apache.maven.plugins.compiler.version} + + org.eclipse.dash + license-tool-plugin + ${org.eclipse.dash.license.tool.plugin.version} + org.projectlombok lombok-maven-plugin @@ -376,6 +393,11 @@ + + com.nimbusds + nimbus-jose-jwt + ${com.nimbus.jose.jwt.version} + org.postgresql postgresql @@ -593,6 +615,11 @@ control-api ${org.eclipse.dataspaceconnector.version} + + org.eclipse.dataspaceconnector + control-plane-core + ${org.eclipse.dataspaceconnector.version} + org.eclipse.dataspaceconnector core @@ -913,6 +940,11 @@ policy-engine ${org.eclipse.dataspaceconnector.version} + + org.eclipse.dataspaceconnector + policy-engine-spi + ${org.eclipse.dataspaceconnector.version} + org.eclipse.dataspaceconnector policy-evaluator @@ -1169,7 +1201,7 @@ org.glassfish.jaxb jaxb-runtime - 2.3.3 + 4.0.1 @@ -1206,5 +1238,6 @@ +