Merge pull request #177 from catenax-ng/main

Prepare helm chart release

CHANGELOG.md

@@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [3.5.0] - 2023-09-27
 ### Changed
 - IRS now makes use of the value `dspEndpoint` in `subprotocolBody` of the Asset Administration Shell to request submodel data directly.
+- Policy Store API is extended to handle:
+  - multi permissions per each allowed Policy in POST call to create Policy
+  - multi constraint per each permission in POST call to create Permission
+  - logical AndConstraint and OrConstraint to give possibility to create complex restriction
 
 ### Fixed
 - Fixed a case where IRS submodel requests did not reuqest all EDC endpoints discovered by Discovery Finder

DEPENDENCIES

@@ -309,7 +309,6 @@ maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.15, EPL-2.0 OR Apache-2.0, a
 maven/mavencentral/org.eclipse.tractusx.irs/irs-api/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-common/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-edc-client/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.irs/irs-ess/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-models/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-policy-store/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.2.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx

Dockerfile

@@ -29,7 +29,6 @@ COPY .config .config
 COPY .mvn .mvn
 COPY pom.xml .
 
-COPY irs-ess irs-ess
 COPY irs-policy-store irs-policy-store
 COPY irs-integration-tests irs-integration-tests
 COPY irs-api irs-api

charts/irs-helm/CHANGELOG.md

@@ -6,6 +6,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.7.1] - 2023-09-29
+### Changed
+- Added toString template for `edc.controlplane.apikey.secret`
+
 ## [6.7.0] - 2023-09-28
 ### Changed
 - Update IRS version to 3.5.0

charts/irs-helm/Chart.yaml

@@ -35,7 +35,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 6.7.0
+version: 6.7.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.

charts/irs-helm/templates/secrets.yaml

@@ -39,7 +39,7 @@ data:
   keycloakClientSecret: {{ .Values.keycloak.oauth2.clientSecret | default "keycloakClientSecret" | b64enc | quote }}
   portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }}
   portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }}
-  edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | default "" | b64enc | quote }}
+  edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }}
   {{- if .Values.grafana.enabled }}
   grafanaUser: {{ .Values.grafana.user | default "grafana" | b64enc | quote }}
   grafanaPassword: {{ .Values.grafana.password | default "grafana" | b64enc | quote }}

docs/src/docs/administration/configuration.adoc

@@ -24,6 +24,31 @@ include::../../../../charts/irs-helm/values.yaml[lines=104..287]
 ==== <irs-url>
 The hostname where the IRS will be made available.
 
+=== <ingress>
+To expose the IRS service, you need to add an ingress for the default port 8080.
+You can do this by adding this to ingress:
+
+[source,yaml]
+----
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+  hosts:
+    - host: "public.irs.hostname"
+      paths:
+        - path: /
+          pathType: Prefix
+          port: 8080
+  tls:
+    - hosts:
+      - "public.irs.hostname"
+      secretName: tls-secret
+----
+
 ==== <digital-twin-registry-url>
 The URL of the Digital Twin Registry. The IRS uses this service to fetch AAS shells.
 
@@ -62,6 +87,34 @@ If you want to use local schema files, you need to provide them directly in the
 The *key* of each entry is the `Base64` encoded URN of the model. The *value* is the `Base64` encoded content of the schema file itself. The entries will then be mounted into the IRS container and used on demand. For reference, see the example comment in the default `values.yaml`.
 
 
+== Use existing EDC consumer
+If you want to use an existing EDC as consumer, you need to add the management endpoint URL of this edc to `edc.controlplane.endpoint.data`.
+You also have to add an ingress for the IRS EDC EDR Token callback endpoint (default port: 8181):
+
+[source,yaml]
+----
+ingress:
+  enabled: true
+  className: "nginx"
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-passthrough: "false"
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
+  hosts:
+    - host: "public.irs.hostname"
+      paths:
+        - path: /
+          pathType: Prefix
+          port: 8080
+        - path: /internal
+          port: 8181
+          pathType: Prefix
+  tls:
+    - hosts:
+      - "public.irs.hostname"
+      secretName: tls-secret
+----
+
 == EDC consumer configuration
 If you want to provide your own EDC consumer, add the EDC Helm Chart as dependency to your Chart.yaml. The helm chart and documentation can be found here: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector[tractusx-connector]
 

docs/src/docs/arc42/cross-cutting/under-the-hood.adoc

@@ -68,6 +68,12 @@ Data validation happens at two points:
 - Submodel payload: each time a submodel payload is requested from via EDC, the data is validated against the model defined in the SemanticHub for the matching aspect type.
 - EDC Contract Offer Policy: each time IRS consumes data over the EDC, the policies of the offered contract will be validated. IDs of so-called "Rahmenverträgen" or Framework-Agreements can be added to the IRS Policy Store to be accepted by the IRS. If a Contract Offer does not match any of the IDs store in Policy Store, the contract offer will be declined and no data will be consumed.
 
+== Policy Store
+
+The IRS gives its users the ability to manage, create and delete complex policies containing permissions and constraints in order to obtain the most precise control over access and use of data received from the edc provider. Policies stored in Policy Store will serve as input with allowed restriction and will be checked against every item from EDC Catalog.
+
+The structure of a Policy that can be stored in storage can be easily viewed by using Policy Store endpoints in the published API documentation. Each policy may contain more than one permission, which in turn consists of constraints linked together by AND or OR relationships. This model provides full flexibility and control over stored access and use policies.
+
 == Caching
 
 The IRS caches data provided externally to avoid unnecessary requests and reduce execution time.

docs/src/docs/arc42/glossary.adoc

@@ -19,5 +19,5 @@ Samples: SingleLevelBomAsPlanned, SingleLevelBomAsBuilt and SingleLevelUsageAsBu
 |Eclipse Dataspace Connector (EDC) | For more information see: https://github.com/eclipse-tractusx/tractusx-edc
 |Managed Identity Wallet (MIW) | For more information see: https://github.com/eclipse-tractusx/managed-identity-wallet
 |Self-Sovereign Identity (SSI) | For more information see: https://github.com/eclipse-tractusx/ssi-docu/tree/main/docs/architecture/cx-3-2
-|PolicyStore | The Policy Store is an IRS component which provides an interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers.
+|PolicyStore | The Policy Store is an IRS component which provides an interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. EDC contract offers must include permissions that are equal to permission defined by a admin user in order to be allowed to use in IRS use cases. | For more information see: https://github.com/eclipse-tractusx/ssi-docu/blob/main/docs/architecture/cx-3-2/edc/policy.definitions.md#0-introduction
 |===

irs-api/pom.xml

@@ -22,12 +22,6 @@
     </repositories>
 
     <dependencies>
-        <!-- To find spring components and expose controller endpoints -->
-        <dependency>
-            <groupId>org.eclipse.tractusx.irs</groupId>
-            <artifactId>irs-ess</artifactId>
-            <version>${revision}</version>
-        </dependency>
         <dependency>
             <groupId>org.eclipse.tractusx.irs</groupId>
             <artifactId>irs-edc-client</artifactId>

irs-api/src/main/java/org/eclipse/tractusx/irs/IrsApplication.java

@@ -43,7 +43,7 @@
 @ComponentScan(
     basePackages = {
         "org.eclipse.tractusx.irs",
-        "org.eclipse.tractusx.ess",
+        "org.eclipse.tractusx.irs.ess",
         "org.eclipse.tractusx.irs.edc",
         "org.eclipse.tractusx.irs.common.auth",
     },

irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiExamples.java

@@ -30,7 +30,7 @@
 
 import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.examples.Example;
-import org.eclipse.tractusx.ess.service.NotificationSummary;
+import org.eclipse.tractusx.irs.ess.service.NotificationSummary;
 import org.eclipse.tractusx.irs.component.AsyncFetchedItems;
 import org.eclipse.tractusx.irs.component.BatchResponse;
 import org.eclipse.tractusx.irs.component.BatchOrderResponse;

irs-ess/src/main/java/org/eclipse/tractusx/ess/bpn/validation/BPNIncidentValidation.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/bpn/validation/BPNIncidentValidation.java

@@ -21,15 +21,15 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.bpn.validation;
+package org.eclipse.tractusx.irs.ess.bpn.validation;
 
 import java.time.ZonedDateTime;
 import java.util.List;
 import java.util.NoSuchElementException;
 
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
-import org.eclipse.tractusx.ess.service.SupplyChainImpacted;
+import org.eclipse.tractusx.irs.ess.service.SupplyChainImpacted;
 import org.eclipse.tractusx.irs.component.Jobs;
 import org.eclipse.tractusx.irs.component.assetadministrationshell.AssetAdministrationShellDescriptor;
 import org.eclipse.tractusx.irs.component.partasplanned.PartAsPlanned;

irs-ess/src/main/java/org/eclipse/tractusx/ess/controller/EssController.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.controller;
+package org.eclipse.tractusx.irs.ess.controller;
 
 import static org.eclipse.tractusx.irs.common.ApiConstants.FORBIDDEN_DESC;
 import static org.eclipse.tractusx.irs.common.ApiConstants.UNAUTHORIZED_DESC;
@@ -40,7 +40,7 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.ess.service.EssService;
+import org.eclipse.tractusx.irs.ess.service.EssService;
 import org.eclipse.tractusx.irs.common.auth.AuthorizationService;
 import org.eclipse.tractusx.irs.common.auth.IrsRoles;
 import org.eclipse.tractusx.irs.component.JobHandle;

irs-ess/src/main/java/org/eclipse/tractusx/ess/controller/EssRecursiveController.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssRecursiveController.java

@@ -21,13 +21,13 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.controller;
+package org.eclipse.tractusx.irs.ess.controller;
 
 import io.swagger.v3.oas.annotations.Hidden;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.ess.service.EssRecursiveService;
+import org.eclipse.tractusx.irs.ess.service.EssRecursiveService;
 import org.eclipse.tractusx.irs.edc.client.model.notification.EdcNotification;
 import org.eclipse.tractusx.irs.edc.client.model.notification.InvestigationNotificationContent;
 import org.springframework.http.HttpStatus;

irs-ess/src/main/java/org/eclipse/tractusx/ess/controller/NotificationReceiverController.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/NotificationReceiverController.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.controller;
+package org.eclipse.tractusx.irs.ess.controller;
 
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 
@@ -33,7 +33,7 @@
 import io.swagger.v3.oas.annotations.responses.ApiResponses;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
-import org.eclipse.tractusx.ess.service.EssService;
+import org.eclipse.tractusx.irs.ess.service.EssService;
 import org.eclipse.tractusx.irs.dtos.ErrorResponse;
 import org.eclipse.tractusx.irs.edc.client.model.notification.EdcNotification;
 import org.eclipse.tractusx.irs.edc.client.model.notification.ResponseNotificationContent;

irs-ess/src/main/java/org/eclipse/tractusx/ess/controller/mock/MockedNotificationReceiverController.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/mock/MockedNotificationReceiverController.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.controller.mock;
+package org.eclipse.tractusx.irs.ess.controller.mock;
 
 import java.util.List;
 import java.util.Map;
@@ -32,8 +32,8 @@
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.eclipse.tractusx.ess.discovery.EdcDiscoveryMockConfig;
-import org.eclipse.tractusx.ess.service.SupplyChainImpacted;
+import org.eclipse.tractusx.irs.ess.discovery.EdcDiscoveryMockConfig;
+import org.eclipse.tractusx.irs.ess.service.SupplyChainImpacted;
 import org.eclipse.tractusx.irs.edc.client.EdcSubmodelFacade;
 import org.eclipse.tractusx.irs.edc.client.exceptions.EdcClientException;
 import org.eclipse.tractusx.irs.edc.client.model.notification.EdcNotification;

irs-ess/src/main/java/org/eclipse/tractusx/ess/discovery/EdcDiscoveryMockConfig.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/discovery/EdcDiscoveryMockConfig.java

@@ -21,12 +21,12 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.discovery;
+package org.eclipse.tractusx.irs.ess.discovery;
 
 import java.util.Map;
 
 import lombok.Data;
-import org.eclipse.tractusx.ess.service.SupplyChainImpacted;
+import org.eclipse.tractusx.irs.ess.service.SupplyChainImpacted;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/AspectTypeNotFoundException.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/AspectTypeNotFoundException.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 /**
  * Exception thrown if ESS Validation could not find the requested aspect model in the job.

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/BpnInvestigationJob.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/BpnInvestigationJob.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/BpnInvestigationJobCache.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/BpnInvestigationJobCache.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 import static java.util.Objects.requireNonNull;
 

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/EdcNotificationSender.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/EdcNotificationSender.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 import java.util.UUID;
 

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/EdcRegistration.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/EdcRegistration.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/EssRecursiveNotificationHandler.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/EssRecursiveNotificationHandler.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 import java.util.List;
 import java.util.Optional;

irs-ess/src/main/java/org/eclipse/tractusx/ess/service/EssRecursiveService.java → irs-api/src/main/java/org/eclipse/tractusx/irs/ess/service/EssRecursiveService.java

@@ -21,7 +21,7 @@
  *
  * SPDX-License-Identifier: Apache-2.0
  ********************************************************************************/
-package org.eclipse.tractusx.ess.service;
+package org.eclipse.tractusx.irs.ess.service;
 
 import java.util.List;
 import java.util.Optional;