diff --git a/.github/workflows/BETA-xray-cucumber-integration.yaml b/.github/workflows/BETA-xray-cucumber-integration.yaml index f99f639906..c1ebea938e 100644 --- a/.github/workflows/BETA-xray-cucumber-integration.yaml +++ b/.github/workflows/BETA-xray-cucumber-integration.yaml @@ -38,7 +38,7 @@ jobs: - name: Build with Maven if: ${{ steps.download.outputs.http_response == '200' }} env: - KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET_BETA }} + OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET_BETA }} run: | unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features mvn --batch-mode clean install -pl irs-cucumber-tests,irs-models -D"cucumber.filter.tags"="not @Ignore and @INTEGRATION_TEST" diff --git a/.github/workflows/irs-load-test.yaml b/.github/workflows/irs-load-test.yaml index e6e931fc80..79d2df9c7b 100644 --- a/.github/workflows/irs-load-test.yaml +++ b/.github/workflows/irs-load-test.yaml @@ -39,9 +39,9 @@ jobs: - name: Run Gatling tests env: - KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} - KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} + OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }} + OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }} IRS_HOST: ${{ github.event.inputs.irs-host || 'https://irs-full.dev.demo.catena-x.net' }} TEST_CYCLES: ${{ github.event.inputs.test-cycles || '20' }} run: | diff --git a/.github/workflows/publish-documentation.yaml b/.github/workflows/publish-documentation.yaml index f20471c66b..b9667075be 100644 --- a/.github/workflows/publish-documentation.yaml +++ b/.github/workflows/publish-documentation.yaml @@ -1,7 +1,10 @@ -name: Publish documentation +name: Lint and Publish documentation on: workflow_dispatch: # Trigger manually + pull_request: + paths: + - 'docs/**' push: branches: - main @@ -9,7 +12,7 @@ on: - 'docs/**' jobs: - publish: + lint-and-publish: # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token permissions: @@ -64,6 +67,12 @@ jobs: asciidoctor-reducer -o docs/target/adminguide.adoc docs/src/docs/administration/administration-guide.adoc asciidoctor-reducer -o docs/target/arc42.adoc docs/src/docs/arc42/full.adoc + - name: Cache plantuml jar + uses: actions/cache@v3 + with: + path: plantuml.jar + key: ${{ runner.os }}-file-${{ hashFiles('plantuml.jar') }} + - name: Download PlantUML jar run: | wget -O plantuml.jar https://sourceforge.net/projects/plantuml/files/plantuml.jar/download @@ -103,7 +112,8 @@ jobs: run: | mv docs/src/diagram-replacer/assets/ docs/target/generated-docs/assets/ - - name: GitHub Pages action + - name: Update documentation on GitHub Pages + if: github.ref == 'refs/heads/main' uses: peaceiris/actions-gh-pages@v3.9.3 with: github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/tavern-integration.yml b/.github/workflows/tavern-integration.yml index 0e243f3fdc..268bad26f4 100644 --- a/.github/workflows/tavern-integration.yml +++ b/.github/workflows/tavern-integration.yml @@ -61,9 +61,9 @@ jobs: env: IRS_HOST: ${{ 'https://irs.int.demo.catena-x.net' }} IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }} - KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - KEYCLOAK_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }} + OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }} + OAUTH2_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }} GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }} BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }} GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb' }} diff --git a/.github/workflows/tavern.yml b/.github/workflows/tavern.yml index d75a7a330d..bd21b36033 100644 --- a/.github/workflows/tavern.yml +++ b/.github/workflows/tavern.yml @@ -63,9 +63,9 @@ jobs: env: IRS_HOST: ${{ 'https://irs.dev.demo.catena-x.net' }} IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }} - KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }} - KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }} + OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }} + OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }} + OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }} GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }} BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }} GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:6d505432-8b31-4966-9514-4b753372683f' }} diff --git a/.github/workflows/xray-cucumber-integration.yaml b/.github/workflows/xray-cucumber-integration.yaml index b08b96bf94..b7700a1caf 100644 --- a/.github/workflows/xray-cucumber-integration.yaml +++ b/.github/workflows/xray-cucumber-integration.yaml @@ -3,7 +3,7 @@ name: IRS Cucumber Integration test Xray execution on: workflow_call: # Trigger by another workflow secrets: - keycloakTokenUrl: + oauth2TokenUrl: required: true clientId: required: true @@ -57,9 +57,9 @@ jobs: - name: Build with Maven if: ${{ steps.download.outputs.http_response == '200' }} env: - KEYCLOAK_HOST: ${{ secrets.keycloakTokenUrl }} - KEYCLOAK_CLIENT_ID: ${{ secrets.clientId }} - KEYCLOAK_CLIENT_SECRET: ${{ secrets.clientSecret }} + OAUTH2_HOST: ${{ secrets.oauth2TokenUrl }} + OAUTH2_CLIENT_ID: ${{ secrets.clientId }} + OAUTH2_CLIENT_SECRET: ${{ secrets.clientSecret }} ISSUE_FILTER: ${{ inputs.executionFilter }} run: | unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features diff --git a/AUTHORS.md b/AUTHORS.md index 1206cc2470..12e875f6dc 100644 --- a/AUTHORS.md +++ b/AUTHORS.md @@ -15,4 +15,6 @@ The following people have contributed to this repository: - Michael Schlacher, doubleSlash Net-Business GmbH, https://github.com/michaelschlacher2 - Sebastian Bezold, Mercedes Benz AG, https://github.com/SebastianBezold - Zied Belkhiria, MHP, https://github.com/Zied-Belkhiria-Mhp -- Adam Bugajewski, doubleSlash Net-Business GmbH, https://github.com/ds-ext-abugajewski \ No newline at end of file +- Adam Bugajewski, doubleSlash Net-Business GmbH, https://github.com/ds-ext-abugajewski +- Matthias Fischer, doubleSlash Net-Business GmbH, https://github.com/dsmf + diff --git a/CHANGELOG.md b/CHANGELOG.md index f9ccccf514..6e90000c0f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,44 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] + +## [4.1.0] - 2023-11-15 ### Added - IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config entry to determine if external dependencies health checks should be checked (false by default). - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` property, eg. ``service_name: http://service_name_host/health`` + +### Changed +- Changed name of spring's OAuth2 client registration from 'keycloak' to 'common' like below: + ``` + spring: + security: + oauth2: + client: + registration: + keycloak: + authorization-grant-type: client_credentials + client-id: + client-secret: + provider: + keycloak: + token-uri: + ``` + to: + ``` + spring: + security: + oauth2: + client: + registration: + common: + authorization-grant-type: client_credentials + client-id: + client-secret: + provider: + common: + token-uri: + ``` +- Update IRS API Swagger documentation to match AAS 3.0.0 ## [4.0.1] - 2023-11-10 ### Changed @@ -408,7 +443,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Unresolved - **Select Aspects you need** You are able to select the needed aspects for which you want to collect the correct endpoint information. -[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.1...HEAD +[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.1.0...HEAD +[4.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.1...4.1.0 [4.0.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.0...4.0.1 [4.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...4.0.0 [3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4 @@ -450,4 +486,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 [1.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v1.0.0...v1.1.0 [1.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v0.9.1...v1.0.0 [0.9.1]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.1 -[0.9.0]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.0 \ No newline at end of file +[0.9.0]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.0 diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md index 6c4e1d8969..3b49b76f00 100644 --- a/charts/irs-helm/CHANGELOG.md +++ b/charts/irs-helm/CHANGELOG.md @@ -6,6 +6,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [6.10.0] +### Changed +- Update IRS version to 4.1.0 +- Changed configuration for OAuth2 client from: + ``` + keycloak: + oauth2: + clientId: + clientSecret: + clientTokenUri: + jwkSetUri: + ``` + to: + ``` + oauth2: + clientId: + clientSecret: + clientTokenUri: + jwkSetUri: + ``` + ## [6.9.1] ### Changed - Update IRS version to 4.0.1 diff --git a/charts/irs-helm/Chart.yaml b/charts/irs-helm/Chart.yaml index 3ffbdc9f60..786bd44c4f 100644 --- a/charts/irs-helm/Chart.yaml +++ b/charts/irs-helm/Chart.yaml @@ -35,12 +35,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 6.9.1 +version: 6.10.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "4.0.1" +appVersion: "4.1.0" dependencies: - name: common repository: https://charts.bitnami.com/bitnami diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml index ed44bf8a05..344182606c 100644 --- a/charts/irs-helm/templates/configmap-spring-app-config.yaml +++ b/charts/irs-helm/templates/configmap-spring-app-config.yaml @@ -51,20 +51,20 @@ data: oauth2: client: registration: - keycloak: - client-id: "${KEYCLOAK_OAUTH2_CLIENT_ID}" # taken from secret ENV - client-secret: "${KEYCLOAK_OAUTH2_CLIENT_SECRET}" # taken from secret ENV + common: + client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV + client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV portal: client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV provider: - keycloak: - token-uri: {{ tpl (.Values.keycloak.oauth2.clientTokenUri | default "http://localhost") . | quote }} + common: + token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} portal: - token-uri: {{ tpl (.Values.keycloak.oauth2.clientTokenUri | default "http://localhost") . | quote }} + token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }} resourceserver: jwt: - jwk-set-uri: {{ tpl (.Values.keycloak.oauth2.jwkSetUri | default "http://localhost") . | quote }} + jwk-set-uri: {{ tpl (.Values.oauth2.jwkSetUri | default "http://localhost") . | quote }} digitalTwinRegistry: descriptorEndpoint: {{ tpl (.Values.digitalTwinRegistry.descriptorEndpoint | default "") . | quote }} diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml index 65406a45f0..757d8dae97 100644 --- a/charts/irs-helm/templates/deployment.yaml +++ b/charts/irs-helm/templates/deployment.yaml @@ -81,16 +81,16 @@ spec: secretKeyRef: name: {{ template "irs.secretName" . }} key: minioPassword - - name: KEYCLOAK_OAUTH2_CLIENT_ID + - name: OAUTH2_CLIENT_ID valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: keycloakClientId - - name: KEYCLOAK_OAUTH2_CLIENT_SECRET + key: clientId + - name: OAUTH2_CLIENT_SECRET valueFrom: secretKeyRef: name: {{ template "irs.secretName" . }} - key: keycloakClientSecret + key: clientSecret - name: PORTAL_OAUTH2_CLIENT_ID valueFrom: secretKeyRef: diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml index 599e17c129..c22f19d517 100644 --- a/charts/irs-helm/templates/secrets.yaml +++ b/charts/irs-helm/templates/secrets.yaml @@ -35,8 +35,8 @@ type: Opaque data: minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }} minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }} - keycloakClientId: {{ .Values.keycloak.oauth2.clientId | default "keycloakClientId" | b64enc | quote }} - keycloakClientSecret: {{ .Values.keycloak.oauth2.clientSecret | default "keycloakClientSecret" | b64enc | quote }} + clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }} + clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }} portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }} portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }} edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }} diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml index b4e9582324..d3fc3421ab 100644 --- a/charts/irs-helm/values.yaml +++ b/charts/irs-helm/values.yaml @@ -148,12 +148,11 @@ bpdm: minioUser: "minio" # minioPassword: # minioUrl: "http://{{ .Release.Name }}-minio:9000" -keycloak: - oauth2: - clientId: # - clientSecret: # - clientTokenUri: # - jwkSetUri: # +oauth2: + clientId: # + clientSecret: # + clientTokenUri: # + jwkSetUri: # portal: oauth2: clientId: # diff --git a/docs/src/api/irs-api.yaml b/docs/src/api/irs-api.yaml index 388c7b345d..9a68a6ac11 100644 --- a/docs/src/api/irs-api.yaml +++ b/docs/src/api/irs-api.yaml @@ -7,8 +7,7 @@ info: servers: - url: http://localhost:8080 security: - - oAuth2: - - profile email + - oAuth2: [] paths: /ess/bpn/investigations: post: @@ -59,8 +58,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId. tags: @@ -125,8 +123,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Return job with additional supplyChainImpacted information. tags: - Environmental and Social Standards @@ -205,8 +202,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches." tags: @@ -296,8 +292,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Returns paginated jobs with state and execution times. tags: - Item Relationship Service @@ -348,8 +343,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}." tags: - Item Relationship Service @@ -433,8 +427,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job with the requested jobId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Return job with optional item graph result for requested id. tags: - Item Relationship Service @@ -499,8 +492,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Job for requested jobId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Cancel job for requested jobId. tags: - Item Relationship Service @@ -537,8 +529,7 @@ paths: $ref: "#/components/schemas/ErrorResponse" description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Get all available aspect models from semantic hub or local models. tags: - Aspect Models @@ -591,8 +582,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: "Registers an IRS order with an array of {globalAssetIds}.\ \ Each globalAssetId will be processed in an IRS Job, grouped in batches." tags: @@ -659,8 +649,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Get a batch order for a given orderId. tags: - Item Relationship Service @@ -725,8 +714,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch Order with the requested orderId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Cancel a batch order for a given orderId. tags: - Item Relationship Service @@ -802,8 +790,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Batch with the requested orderId and batchId not found. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Get a batch with a given batchId for a given orderId. tags: - Item Relationship Service @@ -839,8 +826,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Lists the registered policies that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -884,8 +870,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Register a policy that should be accepted in EDC negotiation. tags: - Item Relationship Service @@ -930,8 +915,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Removes a policy that should no longer be accepted in EDC negotiation. tags: - Item Relationship Service @@ -981,8 +965,7 @@ paths: $ref: '#/components/schemas/ErrorResponse' description: Authorization refused by server. security: - - oAuth2: - - profile email + - oAuth2: [] summary: Updates an existing policy with new validUntil value. tags: - Item Relationship Service @@ -1097,7 +1080,7 @@ components: - language: en text: The shell for a vehicle globalAssetId: urn:uuid:a45a2246-f6e1-42da-b47d-5c3b58ed62e9 - id: 882fc530-b69b-4707-95f6-5dbc5e9baaa8 + id: urn:uuid:882fc530-b69b-4707-95f6-5dbc5e9baaa8 idShort: future concept x specificAssetIds: - name: engineserialid @@ -1113,12 +1096,15 @@ components: endpointProtocolVersion: - "1.0" href: https://catena-x.net/vehicle/basedetails/ - id: 4a738a24-b7d8-4989-9cd6-387772f40565 - idShort: vehicle base details + subprotocol: DSP + subprotocolBody: id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net + subprotocolBodyEncoding: plain + id: urn:uuid:5d25a897-6571-4800-b98c-a3352fbf996d + idShort: SingleLevelBomAsPlanned semanticId: keys: - - type: Submodel - value: urn:bamm:com.catenax.vehicle:0.1.1 + - type: ExternalReference + value: urn:bamm:io.catenax.single_level_bom_as_planned:2.0.0#SingleLevelBomAsPlanned type: ModelReference - description: - language: en @@ -1130,7 +1116,10 @@ components: endpointProtocolVersion: - "1.0" href: https://catena-x.net/vehicle/partdetails/ - id: dae4d249-6d66-4818-b576-bf52f3b9ae90 + subprotocol: DSP + subprotocolBody: id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net + subprotocolBodyEncoding: plain + id: urn:uuid:dae4d249-6d66-4818-b576-bf52f3b9ae90 idShort: vehicle part details semanticId: keys: @@ -1210,7 +1199,7 @@ components: - language: en text: The shell for a vehicle globalAssetId: urn:uuid:a45a2246-f6e1-42da-b47d-5c3b58ed62e9 - id: 882fc530-b69b-4707-95f6-5dbc5e9baaa8 + id: urn:uuid:882fc530-b69b-4707-95f6-5dbc5e9baaa8 idShort: future concept x specificAssetIds: - name: engineserialid @@ -1222,16 +1211,20 @@ components: endpoints: - interface: HTTP protocolInformation: - href: https://catena-x.net/vehicle/basedetails/ endpointProtocol: HTTPS - endpointProtocolVersion: ["1.0"] - idShort: vehicle base details - id: 4a738a24-b7d8-4989-9cd6-387772f40565 + endpointProtocolVersion: + - "1.0" + href: https://catena-x.net/vehicle/basedetails/ + subprotocol: DSP + subprotocolBody: id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net + subprotocolBodyEncoding: plain + idShort: SingleLevelBomAsPlanned + id: urn:uuid:5d25a897-6571-4800-b98c-a3352fbf996d semanticId: type: ModelReference keys: - - type: Submodel - value: urn:bamm:com.catenax.vehicle:0.1.1 + - type: ExternalReference + value: urn:bamm:io.catenax.single_level_bom_as_planned:2.0.0#SingleLevelBomAsPlanned - description: - language: en text: Provides base vehicle information @@ -1240,8 +1233,12 @@ components: protocolInformation: href: https://catena-x.net/vehicle/partdetails/ endpointProtocol: HTTPS - endpointProtocolVersion: ["1.0"] - id: dae4d249-6d66-4818-b576-bf52f3b9ae90 + endpointProtocolVersion: + - "1.0" + subprotocol: DSP + subprotocolBody: id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net + subprotocolBodyEncoding: plain + id: urn:uuid:dae4d249-6d66-4818-b576-bf52f3b9ae90 idShort: vehicle part details semanticId: keys: @@ -1390,7 +1387,7 @@ components: - language: en text: The shell for a vehicle globalAssetId: urn:uuid:a45a2246-f6e1-42da-b47d-5c3b58ed62e9 - id: 882fc530-b69b-4707-95f6-5dbc5e9baaa8 + id: urn:uuid:882fc530-b69b-4707-95f6-5dbc5e9baaa8 idShort: future concept x specificAssetIds: - name: engineserialid @@ -1402,16 +1399,19 @@ components: endpoints: - interface: HTTP protocolInformation: - href: https://catena-x.net/vehicle/basedetails/ endpointProtocol: HTTPS endpointProtocolVersion: ["1.0"] - id: 4a738a24-b7d8-4989-9cd6-387772f40565 - idShort: vehicle base details + href: https://catena-x.net/vehicle/basedetails/ + subprotocol: DSP + subprotocolBody: id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net + subprotocolBodyEncoding: plain + id: urn:uuid:5d25a897-6571-4800-b98c-a3352fbf996d + idShort: SingleLevelBomAsPlanned semanticId: type: ModelReference keys: - - type: Submodel - value: urn:bamm:com.catenax.vehicle:0.1.1 + - type: ExternalReference + value: urn:bamm:io.catenax.single_level_bom_as_planned:2.0.0#SingleLevelBomAsPlanned - description: - language: en text: Provides base vehicle information @@ -1421,7 +1421,10 @@ components: href: https://catena-x.net/vehicle/partdetails/ endpointProtocol: HTTPS endpointProtocolVersion: ["1.0"] - id: dae4d249-6d66-4818-b576-bf52f3b9ae90 + subprotocol: DSP + subprotocolBody: id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net + subprotocolBodyEncoding: plain + id: urn:uuid:dae4d249-6d66-4818-b576-bf52f3b9ae90 idShort: vehicle part details semanticId: type: ModelReference @@ -2635,6 +2638,6 @@ components: flows: clientCredentials: scopes: - profile email: "" + {} tokenUrl: https://localhost - type: oauth2 \ No newline at end of file + type: oauth2 diff --git a/docs/src/docs/administration/configuration.adoc b/docs/src/docs/administration/configuration.adoc index 2e7a8d7adf..41af8b1142 100644 --- a/docs/src/docs/administration/configuration.adoc +++ b/docs/src/docs/administration/configuration.adoc @@ -6,7 +6,7 @@ Take the following template and adjust the configuration parameters ( mark the relevant spots). You can define the URLs as well as most of the secrets yourself. -The Keycloak, MIW and Vault configuration / secrets depend on your setup and might need to be provided externally. +The OAuth2, MIW and Vault configuration / secrets depend on your setup and might need to be provided externally. include::irs-spring-config.adoc[leveloffset=+1] @@ -61,11 +61,11 @@ The URL of the SemanticsHub. The IRS uses this service to fetch aspect schemas f ==== The URL of the BPDM service. The IRS uses this service to fetch business partner information based on BPNs. -==== -The URL of the Keycloak token API. Used by the IRS for token creation to authenticate with other services. +==== +The URL of the OAuth2 token API. Used by the IRS for token creation to authenticate with other services. -==== -The URL of the Keycloak JWK Set. Used by the IRS to validate tokens when the IRS API is called. +==== +The URL of the OAuth2 JWK Set. Used by the IRS to validate tokens when the IRS API is called. ==== The hostname where Grafana will be made available. @@ -139,11 +139,11 @@ This is a list of all secrets used in the deployment. WARNING: Keep the values for these settings safe and do not publish them! -=== -Client ID for Keycloak. Request this from your Keycloak operator. +=== +Client ID for OAuth2 provider. Request this from your OAuth2 operator. -=== -Client secret for Keycloak. Request this from your Keycloak operator. +=== +Client secret for OAuth2 provider. Request this from your OAuth2 operator. === Login username for Minio. To be defined by you. diff --git a/docs/src/docs/arc42/building-block-view/irs-api.adoc b/docs/src/docs/arc42/building-block-view/irs-api.adoc index ab0c98011b..0cb0d7a788 100644 --- a/docs/src/docs/arc42/building-block-view/irs-api.adoc +++ b/docs/src/docs/arc42/building-block-view/irs-api.adoc @@ -11,3 +11,10 @@ Since we cannot rely on synchronous responses regarding the requests of submodel .... include::../../../uml-diagrams/api-specification/irs-api-interaction.puml[] .... + +== ESS Investigation interaction diagram + +[plantuml, target=ess-api, format=svg] +.... +include::../../../uml-diagrams/api-specification/ess-api-interaction.puml[] +.... diff --git a/docs/src/docs/arc42/building-block-view/level-1.adoc b/docs/src/docs/arc42/building-block-view/level-1.adoc index 21903a9414..b9fb143633 100644 --- a/docs/src/docs/arc42/building-block-view/level-1.adoc +++ b/docs/src/docs/arc42/building-block-view/level-1.adoc @@ -43,9 +43,6 @@ A job is processed in this order: 5. Recursively iteration over step 2-4 until an abort criterion is reached. 6. Assembles the complete item graph. -|*Policy Store* -|The *Policy Store* provides an Interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. - |*BlobStore* |The BlobStore is the database where the relationships and tombstones are stored for a requested item. @@ -60,4 +57,11 @@ A job is processed in this order: |*EDC Client* |The EDC Client is used to communicate with the EDC network, negotiate contracts and retrieve submodel data. + +|*EssController* +|The *EssController* provides a REST Interface to perform BPN investigations of supply chain. + +|*PolicyStoreController* +|The *PolicyStoreController* provides a REST Interface for getting, adding and deleting accepted IRS EDC policies. These policies will be used to validate EDC contract offers. + |=== \ No newline at end of file diff --git a/docs/src/docs/arc42/building-block-view/level-2.adoc b/docs/src/docs/arc42/building-block-view/level-2.adoc index c0f3310909..e538a91875 100644 --- a/docs/src/docs/arc42/building-block-view/level-2.adoc +++ b/docs/src/docs/arc42/building-block-view/level-2.adoc @@ -63,6 +63,7 @@ include::../../../uml-diagrams/building-block-view/level-2-int-recursive-job-han |Interface for storing data blobs. |=== + == TransferProcessManagement The TransferProcessManager creates executions and provides them to the executor service. Each execution contains HTTP requests to the asset administration shell registry and to the submodel interface. @@ -95,4 +96,33 @@ include::../../../uml-diagrams/building-block-view/level-2-int-transfer-process- |ExecutorService |The ExecutorService enables the simultaneous execution of requests of transfer processes. +|=== + +== ESS controller + +The ESS REST controller is used to provide a RESTful web service to related Environmental and Social Standards functionalities. + +=== Component diagram + +[plantuml, target=level-2-ess-controller, format=svg] +.... +include::../../../uml-diagrams/building-block-view/level-2-int-ess.puml[] +.... + +=== Component description + +|=== +|Components |Description + +|EssService +|Service contains business logic for investigation if part is inside supply chain. + +|IrsItemGraphQueryService +|Service for retrieving item graph. + +|BpnInvestigationJobCache +|Interface for storing incident data blobs. + +|EssRecursiveNotificationHandler +|Business logic handling recursive investigation and results calculation. Responsible for sending and receiving EDC notifications. |=== \ No newline at end of file diff --git a/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc b/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc index 9502356a0e..e72cf6b2e2 100644 --- a/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc +++ b/docs/src/docs/arc42/building-block-view/whitebox-overall.adoc @@ -50,19 +50,19 @@ include::../../../uml-diagrams/building-block-view/whitebox_overall_decentral.pu |Number |Description | 01 -| IrsApiConsumer calls the **IRS** public **API** +| IrsApiConsumer calls the *IRS* public *API* | 02 -| IrsApiConsumer must authorize using **technical C-X User** +| IrsApiConsumer must authorize using *technical C-X User* | 03 -| Delegate authorization request to **IdP** +| Delegate authorization request to *IdP* | 04 -| IRS requesting for **SubmodelAspects** using **EDC** +| IRS requesting for *SubmodelAspects* using *EDC* | 05 -| IRS requesting the **decentral DigitalTwinRegistry** over **EDC** and service discovery flow +| IRS requesting the *decentral DigitalTwinRegistry* over *EDC* and service discovery flow | 06 | IRS uses EDC to ensure sovereign data consumption @@ -71,31 +71,31 @@ include::../../../uml-diagrams/building-block-view/whitebox_overall_decentral.pu | IRS MUST authorize at central IAM | 08 -| IRS lookup for EDC Provider by given BPNs over the **EDC Discovery Service** +| IRS lookup for EDC Provider by given BPNs over the *EDC Discovery Service* | 09 -| IRS lookup for **EDC Discovery Services** by given type over the **Discovery Finder** +| IRS lookup for *EDC Discovery Services* by given type over the *Discovery Finder* | 10 -| IRS uses **Semantic Hub** to validate of **SubmodelAspects** payloads agains the schema provided in **Semantic Hub** +| IRS uses *Semantic Hub* to validate of *SubmodelAspects* payloads agains the schema provided in *Semantic Hub* | 11 | In case "lookupBPNs" is active IRS provides a lookup of company for given BPN | 12 -| **EDC** is connected to **Managed Identity Wallet** for access policy check for data offers +| *EDC* is connected to *Managed Identity Wallet* for access policy check for data offers | 13 -| **EDC** communication covering negotiation and data consumption +| *EDC* communication covering negotiation and data consumption | 14 -| **EDC** is connected to **Managed Identity Wallet** for access policy check for data offers +| *EDC* is connected to *Managed Identity Wallet* for access policy check for data offers | 15 -| **IRS** accessing to **SubmodelServer** on Tier Level using the **EDC** +| *IRS* accessing to *SubmodelServer* on Tier Level using the *EDC* | 16 -| **IRS** accessing the **decentral DigitalTwinRegistry** on Tier Level using the **EDC** +| *IRS* accessing the *decentral DigitalTwinRegistry* on Tier Level using the *EDC* |=== diff --git a/docs/src/docs/arc42/cross-cutting/safety-security.adoc b/docs/src/docs/arc42/cross-cutting/safety-security.adoc index a5e7faee62..6d10d3c4e1 100644 --- a/docs/src/docs/arc42/cross-cutting/safety-security.adoc +++ b/docs/src/docs/arc42/cross-cutting/safety-security.adoc @@ -11,7 +11,7 @@ JWT token should also contain two claims: - 'bpn' which is equal to the configuration value from `API_ALLOWED_BPN` property - 'resource_access' with the specific 'Cl20-CX-IRS' key for C-X environments. (The keys are configurable. For more details see chapter "IRS OAuth2 JWT Token"). The list of values will be converted to roles by IRS. -Currently, IRS API handles two roles: **'admin_irs'** and **'view_irs'.** A valid token with the **'admin_irs'** role can access any endpoint exposed by the IRS API, while a token with the **'view_irs'** role does not have access to policies endpoints and can operate only on resources it owns. +Currently, IRS API handles two roles: *'admin_irs'* and *'view_irs'.* A valid token with the *'admin_irs'* role can access any endpoint exposed by the IRS API, while a token with the *'view_irs'* role does not have access to policies endpoints and can operate only on resources it owns. That means that he only has access to the resources he has created, e.g. jobs and batches. This behavior is shown in the table below. diff --git a/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc b/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc index 63f3a3034c..b6c560ea99 100644 --- a/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc +++ b/docs/src/docs/arc42/cross-cutting/under-the-hood.adoc @@ -20,7 +20,7 @@ There currently is no transaction management in the IRS. There is no session handling in the IRS, access is solely based on bearer tokens, the API is stateless. == Communication and integration -All interfaces to other systems are using RESTful calls over HTTP(S). Where central authentication is required, a common Keycloak instance is used. +All interfaces to other systems are using RESTful calls over HTTP(S). Where central authentication is required, a common OAuth2 provider is used. For outgoing calls, the Spring RestTemplate mechanism is used and separate RestTemplates are created for the different ways of authentication. diff --git a/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc b/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc index b7929f23bf..5062d1b797 100644 --- a/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc +++ b/docs/src/docs/arc42/runtime-view/ess-top-down/ess-top-down.adoc @@ -54,7 +54,7 @@ Note: ESS supplier responses are involved in each step of the process. include::../../../../uml-diagrams/runtime-view/use-case-ess-top-down/1_ess-top-down-sequence-highlevel.puml[] .... -=== Step 0: Process initiation: +=== Step 0: Process initiation The process is initiated by an ESS incident, that is received by (or created within) the inquiring company. This ESS incident acts as the root incident for the overall process The incident contains a company name (incl. address) and a valid BPN exists for that company. diff --git a/docs/src/docs/arc42/scope-context/technical-context.adoc b/docs/src/docs/arc42/scope-context/technical-context.adoc index 0534735f02..c19adcb104 100644 --- a/docs/src/docs/arc42/scope-context/technical-context.adoc +++ b/docs/src/docs/arc42/scope-context/technical-context.adoc @@ -8,9 +8,9 @@ include::../../../uml-diagrams/scope-context/irs-overall-decentral-system-view.p == Component overview === IRS-API -We provide a REST API that can be consumed by any system registered in the Catena-X Keycloak, e.g. the Dismantler Dashboard. The development of such a consumer service is not part of the IRS application. Each system that acts as a client to the Restful application IRS can be used instead, if it supports any REST call of the designed REST endpoints in the REST Controller of the IRS application. For communication, the transport protocol HTTP(S) should be established. +We provide a REST API that can be consumed by any system registered in the Catena-X OAuth2 protocol provider, e.g. the Dismantler Dashboard. The development of such a consumer service is not part of the IRS application. Each system that acts as a client to the Restful application IRS can be used instead, if it supports any REST call of the designed REST endpoints in the REST Controller of the IRS application. For communication, the transport protocol HTTP(S) should be established. -In order to consume the Restful application IRS, the security aspect should be taken in consideration. IRS is a Spring Boot based application and is secured with the OpenID connector provider Keycloak and the OAuth2. This means for the consumers (users) that they need to authenticate themselves in order to be authorized to get access to the IRS. They generate a bearer token that they get from Keycloak and attach it to the HTTP header parameter Authorization. Certainly, both a consumer and the IRS should use the same configured Keycloak Realm. +In order to consume the Restful application IRS, the security aspect should be taken in consideration. IRS is a Spring Boot based application and is secured with the OpenID connector provider with OAuth2 protocol. This means for the consumers (users) that they need to authenticate themselves in order to be authorized to get access to the IRS. They generate a bearer token that they get from OAuth2 provider and attach it to the HTTP header parameter Authorization. === Registry API The IRS acts as a consumer of the component Asset Administration Shell Registry. The IRS contains a Restful client (REST template) that build a REST call to the mentioned Digital Twin Registry API based on its known URL (the AAS registry URL is configured in the IRS Restful API). The request contains the given "globalAssetId" by the consumer. Like described in the above section, the security aspect is required in order to achieve a REST call against the AAS Registry. As a response, the IRS gets the corresponding asset administration shell descriptor. The last one contains a list of submodel descriptors which can be filtered by the aspect type entered by the consumer. An aspect type like SingleLevelBomAsBuilt, SerialPart etc. And as mentioned above, the transport protocol HTTP(S) is used for the REST call communication. diff --git a/docs/src/uml-diagrams/api-specification/ess-api-interaction.puml b/docs/src/uml-diagrams/api-specification/ess-api-interaction.puml new file mode 100644 index 0000000000..0b4f872537 --- /dev/null +++ b/docs/src/uml-diagrams/api-specification/ess-api-interaction.puml @@ -0,0 +1,34 @@ +@startuml +skinparam monochrome true +skinparam shadowing false +skinparam linetype ortho +skinparam defaultFontName "Architects daughter" + +actor APIConsumer +activate APIConsumer + +box "IRS" #LightBlue +participant WebService as "ESS API" +activate WebService + +APIConsumer -> WebService : POST /ess/bpn/investigations +opt +APIConsumer <-- WebService : 201: Returns jobId of registered Investigation job. + + loop poll is "200" http + APIConsumer -> WebService : GET /ess/bpn/investigations/{jobId} + + opt job.hasCompleted() + APIConsumer <-- WebService : "200" Item Graph for given jobId with additional supplyChainImpacted information. + else job.isRunning() + APIConsumer <-- WebService : "200" Item Graph for given jobId with partial results about supplyChainImpacted information. + end opt + end loop + +else +APIConsumer <-- WebService : 400: Registering Investigation job failed. +end opt + + + +@enduml \ No newline at end of file diff --git a/docs/src/uml-diagrams/building-block-view/building-block-view.puml b/docs/src/uml-diagrams/building-block-view/building-block-view.puml index 2016ccfe8b..a15742f8b0 100644 --- a/docs/src/uml-diagrams/building-block-view/building-block-view.puml +++ b/docs/src/uml-diagrams/building-block-view/building-block-view.puml @@ -8,11 +8,13 @@ skinparam defaultFontName "Architects daughter" component [**IRS-Application**] <> as IRS { component [**RecursiveJobHandler**] <> as RecursiveJobHandler component [**IrsController**] <> as IrsController + component [**PolicyStoreController**] <> as PolicyStoreController + component [**EssController**] <> as EssController component [**JobOrchestrator**] <> as JobOrchestrator - component [**TransferProcessManagment**] <> as TransferProcessManagement - component [**Policy Store**] <> as PolicyStore + component [**TransferProcessManagement**] <> as TransferProcessManagement - port "IRS API" as API_PORT + + port "API" as API_PORT port "Digital Twin Client" as AAS_PORT port "EDC Client" as EDC_PORT @@ -23,18 +25,21 @@ skinparam defaultFontName "Architects daughter" JobOrchestrator <..> TransferProcessManagement JobOrchestrator <..> RecursiveJobHandler TransferProcessManagement --( StoreInterface - PolicyStore --( StoreInterface - PolicyStore <..> TransferProcessManagement - IrsController <..> PolicyStore - + PolicyStoreController -( StoreInterface + EssController <..> JobOrchestrator } component [**Digital Twin Registry**] <> as DTR component [**EDC**] <> as EDC actor IrsApiConsumer +actor EssApiConsumer +actor PolicyStoreApiConsumer IrsController -up- API_PORT PolicyStoreController -down- API_PORT +EssController -down- API_PORT IrsApiConsumer -(0- API_PORT +EssApiConsumer -(0- API_PORT +PolicyStoreApiConsumer -(0- API_PORT TransferProcessManagement --- AAS_PORT diff --git a/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml b/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml new file mode 100644 index 0000000000..484dcf9dec --- /dev/null +++ b/docs/src/uml-diagrams/building-block-view/level-2-int-ess.puml @@ -0,0 +1,24 @@ +@startuml +skinparam monochrome true +skinparam shadowing false +skinparam linetype ortho +skinparam defaultFontName "Architects daughter" + + component [**EssController**] <> as EssController { + component [**EssService**] <> as EssService + component [**EssRecursiveNotificationHandler**] <> as EssRecursiveNotificationHandler + component [**IrsItemGraphQueryService**] <> as IrsItemGraphQueryService + port "ESS API" as API_PORT + interface BpnInvestigationJobCache + + EssService <.> IrsItemGraphQueryService + EssService <..> EssRecursiveNotificationHandler + EssService --( BpnInvestigationJobCache + + } + + actor EssApiConsumer + EssService -up- API_PORT + EssApiConsumer -(0- API_PORT + +@enduml \ No newline at end of file diff --git a/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml b/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml index 4e59979595..9789468118 100644 --- a/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml +++ b/docs/src/uml-diagrams/building-block-view/whitebox_overall.puml @@ -13,7 +13,7 @@ component [**IRSApplication**] <> { } component [**CatenaX-Network**] <> { - component [**IAM/KeyCloak**] <> as IAM_IRS + component [**IAM/OAuth2**] <> as IAM_IRS component [**Digital Twin Registry**] <> as DT_REG component [**IAM/DAPS**] <> as IAM_DAPS IAM_IRS --[hidden]> DT_REG diff --git a/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml b/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml index 9c60001521..fb52eccddd 100644 --- a/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml +++ b/docs/src/uml-diagrams/building-block-view/whitebox_overall_decentral.puml @@ -26,7 +26,7 @@ package [**OEM**] <> as consumer { package [**CatenaX-Network**] as network { component [**Managed Identity Wallet**] <> as miw component [**Portal Application**] <> as IAM_IRS - component [**Portal (IAM/IdP/KeyCloak)**] <> as Portal_IdP + component [**Portal (IAM/IdP/OAuth2)**] <> as Portal_IdP component [**EDC Discovery Service**] <> as edc_discovery component [**Discovery Finder**] <> as discovery_finder component [**Semantic Hub**] <> as semantic_hub diff --git a/docs/src/uml-diagrams/deployment-view/level-0-dev.puml b/docs/src/uml-diagrams/deployment-view/level-0-dev.puml index 7f6528a9c9..f3ed29d642 100644 --- a/docs/src/uml-diagrams/deployment-view/level-0-dev.puml +++ b/docs/src/uml-diagrams/deployment-view/level-0-dev.puml @@ -5,7 +5,7 @@ skinparam nodesep 100 skinparam ranksep 20 skinparam defaultFontName "Architects daughter" -cloud Keycloak +cloud OAuth2 node "Kubernetes Cluster" as k8s { @@ -28,6 +28,6 @@ node "Kubernetes Cluster" as k8s { } -IRS --> Keycloak +IRS --> OAuth2 @enduml \ No newline at end of file diff --git a/docs/src/uml-diagrams/deployment-view/level-0-int.puml b/docs/src/uml-diagrams/deployment-view/level-0-int.puml index 6062ac43e7..c00f9879b8 100644 --- a/docs/src/uml-diagrams/deployment-view/level-0-int.puml +++ b/docs/src/uml-diagrams/deployment-view/level-0-int.puml @@ -7,7 +7,7 @@ skinparam defaultFontName "Architects daughter" cloud "Digital Twin Registry" as dtr cloud "EDC Providers" as providers -cloud Keycloak +cloud OAuth2 cloud "HashiCorp Vault" as vault node "IRS Kubernetes Cluster" as k8s { @@ -23,7 +23,7 @@ node "IRS Kubernetes Cluster" as k8s { } -IRS -> Keycloak +IRS -> OAuth2 providers -- dtr consumer -- providers consumer -- vault diff --git a/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml b/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml index a746d88423..370162facd 100644 --- a/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml +++ b/docs/src/uml-diagrams/deployment-view/level-0-isolated.puml @@ -21,7 +21,7 @@ node "Kubernetes Cluster" as k8s { component "Decentral Registry" as dtr } - component Keycloak + component OAuth2 component "Managed IdentityWallet" as MIW component "Discovery Service" as ds @@ -40,9 +40,9 @@ node "Kubernetes Cluster" as k8s { provider -- submodel provider -- dtr - Keycloak ---> ds - Keycloak ---> IRS - Keycloak ---> semHub + OAuth2 ---> ds + OAuth2 ---> IRS + OAuth2 ---> semHub IRS -> semHub IRS -> frontend diff --git a/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml b/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml index 8348b2990c..c43f98e064 100644 --- a/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml +++ b/docs/src/uml-diagrams/scope-context/irs-overall-decentral-system-view.puml @@ -18,7 +18,7 @@ node "Group of Submodel Endpoints" { } node "Central Services" { node "IAM" { - [**Keycloak**] <> as KIAM + [**OAuth2**] <> as OAuth2 } [**Discovery Service**] <> as DS interface "Discovery API" as DAPI @@ -35,10 +35,10 @@ interface "Submodel API" as ISubModelAPI Consumer -( IAPI IAPI - IRS IRS --( DAPI -IRS -- KIAM +IRS -- OAuth2 IRS -( IEDC -DS -- KIAM +DS -- OAuth2 DS - DAPI IEDC - EDC diff --git a/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml b/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml index 237acf9dce..9182f02196 100644 --- a/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml +++ b/docs/src/uml-diagrams/scope-context/irs-overall-system-view.puml @@ -17,7 +17,7 @@ node "Group of Submodel Endpoints" { [**Submodel-Server**] <> as SN } node "IAM" { - [**Keycloak**] <> as KIAM + [**OAuth2**] <> as OAuth2 } actor Consumer @@ -37,5 +37,5 @@ IRS --( IRAPI IRAPI -- AASR IRS --down( IAMAPI AASR --( IAMAPI -KIAM -- IAMAPI +OAuth2 -- IAMAPI @enduml \ No newline at end of file diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java index 14eac06c63..5a710143ee 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiConfiguration.java @@ -59,7 +59,7 @@ public class OpenApiConfiguration { @Bean public OpenAPI customOpenAPI() { return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString())) - .addSecurityItem(new SecurityRequirement().addList("oAuth2", "profile email")) + .addSecurityItem(new SecurityRequirement().addList("oAuth2")) .info(new Info().title("IRS API") .version(IrsApplication.API_VERSION) .description( @@ -69,19 +69,18 @@ public OpenAPI customOpenAPI() { /** * Generates example values in Swagger * - * @param tokenUri the keycloak token uri loaded from application.yaml + * @param tokenUri the OAuth2 token uri loaded from application.yaml * @return the customizer */ @Bean public OpenApiCustomizer customizer( - @Value("${spring.security.oauth2.client.provider.keycloak.token-uri}") final String tokenUri) { + @Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) { return openApi -> { final Components components = openApi.getComponents(); components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2) .flows(new OAuthFlows().clientCredentials( new OAuthFlow().scopes( - new Scopes().addString( - "profile email", "")) + new Scopes()) .tokenUrl(tokenUri)))); openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false)); new OpenApiExamples().createExamples(components); diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiExamples.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiExamples.java index 0d5acc73cc..18ded7e627 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiExamples.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/OpenApiExamples.java @@ -141,12 +141,12 @@ private Example createAspectModelsResult() { .type("BAMM") .build(); final AspectModel serialPart = AspectModel.builder() - .name("SerialPart") - .urn("urn:bamm:io.catenax.serial_part:1.0.0#SerialPart") - .version("1.0.0") - .status("RELEASED") - .type("BAMM") - .build(); + .name("SerialPart") + .urn("urn:bamm:io.catenax.serial_part:1.0.0#SerialPart") + .version("1.0.0") + .status("RELEASED") + .type("BAMM") + .build(); return toExample(AspectModels.builder() .lastUpdated("2023-02-13T08:18:11.990659500Z") @@ -275,8 +275,12 @@ private Example createCompleteEssJobResult() { .submodel(createEssSubmodel()) .bpn(Bpn.withManufacturerId(EXAMPLE_BPN).updateManufacturerName("AB CD")) .build(); - final NotificationSummary newSummary = new NotificationSummary( - AsyncFetchedItems.builder().running(NO_RUNNING_OR_FAILED_ITEMS).completed(FETCHED_ITEMS_SIZE).failed(NO_RUNNING_OR_FAILED_ITEMS).build(), + final NotificationSummary newSummary = new NotificationSummary(AsyncFetchedItems.builder() + .running( + NO_RUNNING_OR_FAILED_ITEMS) + .completed(FETCHED_ITEMS_SIZE) + .failed(NO_RUNNING_OR_FAILED_ITEMS) + .build(), FetchedItems.builder().completed(FETCHED_ITEMS_SIZE).failed(NO_RUNNING_OR_FAILED_ITEMS).build(), SENT_NOTIFICATIONS_SIZE, SENT_NOTIFICATIONS_SIZE); final Job job = essJobsJobs.getJob().toBuilder().summary(newSummary).build(); @@ -381,7 +385,7 @@ private AssetAdministrationShellDescriptor createShell() { .build())) .globalAssetId("urn:uuid:a45a2246-f6e1-42da-b47d-5c3b58ed62e9") .idShort("future concept x") - .id("882fc530-b69b-4707-95f6-5dbc5e9baaa8") + .id("urn:uuid:882fc530-b69b-4707-95f6-5dbc5e9baaa8") .specificAssetIds(List.of(IdentifierKeyValuePair.builder() .name("engineserialid") .value("12309481209312") @@ -427,12 +431,12 @@ private SubmodelDescriptor createBaseSubmodelDescriptor() { .language("en") .text("Provides base vehicle information") .build())) - .idShort("vehicle base details") - .id("4a738a24-b7d8-4989-9cd6-387772f40565") + .idShort("SingleLevelBomAsPlanned") + .id("urn:uuid:5d25a897-6571-4800-b98c-a3352fbf996d") .semanticId(Reference.builder() .keys(List.of(SemanticId.builder() - .type("Submodel") - .value("urn:bamm:com.catenax.vehicle:0.1.1") + .type("ExternalReference") + .value("urn:bamm:io.catenax.single_level_bom_as_planned:2.0.0#SingleLevelBomAsPlanned") .build())) .type("ModelReference") .build()) @@ -447,6 +451,10 @@ private Endpoint createEndpoint(final String endpointAddress) { .href(endpointAddress) .endpointProtocol("HTTPS") .endpointProtocolVersion(List.of("1.0")) + .subprotocol("DSP") + .subprotocolBody( + "id=urn:uuid:c8159379-4613-48b8-ad52-6baed7afe923;dspEndpoint=https://irs-provider-controlplane3.dev.demo.catena-x.net") + .subprotocolBodyEncoding("plain") .build()) .build(); } @@ -458,7 +466,7 @@ private SubmodelDescriptor createPartSubmodelDescriptor() { .text("Provides base vehicle information") .build())) .idShort("vehicle part details") - .id("dae4d249-6d66-4818-b576-bf52f3b9ae90") + .id("urn:uuid:dae4d249-6d66-4818-b576-bf52f3b9ae90") .semanticId(Reference.builder() .keys(List.of(SemanticId.builder() .type("Submodel") diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java index 9d5da4650a..6d0aa8dab1 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RestTemplateConfig.java @@ -68,9 +68,9 @@ @SuppressWarnings("PMD.ExcessiveImports") public class RestTemplateConfig { - public static final String DTR_REST_TEMPLATE = "oAuthRestTemplate"; - public static final String BPDM_REST_TEMPLATE = "oAuthRestTemplate"; - public static final String SEMHUB_REST_TEMPLATE = "oAuthRestTemplate"; + public static final String DTR_REST_TEMPLATE = "dtrRestTemplate"; + public static final String BPDM_REST_TEMPLATE = "bpdmRestTemplate"; + public static final String SEMHUB_REST_TEMPLATE = "semhubRestTemplate"; public static final String NO_ERROR_REST_TEMPLATE = "noErrorRestTemplate"; public static final String DISCOVERY_REST_TEMPLATE = "discoveryRestTemplate"; public static final String EDC_REST_TEMPLATE = "edcClientRestTemplate"; diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java index d1a3ebc20c..f638ac0bcb 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java @@ -84,7 +84,7 @@ public class BatchController { @Operation(operationId = "registerOrder", summary = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Registers an IRS order with an array of {globalAssetIds}. " + "Each globalAssetId will be processed in an IRS Job, grouped in batches.") @@ -124,7 +124,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa @Operation(operationId = "registerESSInvestigationOrder", summary = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an order for an ESS investigation with an array of {globalAssetIds}. Each globalAssetId will be processed in an separate job, grouped in batches.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns orderId of registered Batch order.", @@ -164,7 +164,7 @@ public BatchOrderCreated registerESSInvestigationOrder(final @Valid @RequestBody @Operation(description = "Get a batch order for a given orderId.", operationId = "getBatchOrder", summary = "Get a batch order for a given orderId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch order for a given orderId.", @@ -210,7 +210,7 @@ public BatchOrderResponse getBatchOrder( @Operation(description = "Get a batch with a given batchId for a given orderId.", operationId = "getBatch", summary = "Get a batch with a given batchId for a given orderId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Get a batch with a given batchId for a given orderId.", @@ -259,7 +259,7 @@ public BatchResponse getBatch( @Operation(description = "Cancel a batch order for a given orderId.", operationId = "cancelBatchOrder", summary = "Cancel a batch order for a given orderId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Cancel a batch order for a given orderId.", diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java index 129b733c30..4c89914ed7 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/IrsController.java @@ -95,7 +95,7 @@ public class IrsController { @Operation(operationId = "registerJobForGlobalAssetId", summary = "Register an IRS job to retrieve an item graph for given {globalAssetId}.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register an IRS job to retrieve an item graph for given {globalAssetId}.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -135,7 +135,7 @@ public JobHandle registerJobForGlobalAssetId(final @Valid @RequestBody RegisterJ @Operation(description = "Return job with optional item graph result for requested id.", operationId = "getJobForJobId", summary = "Return job with optional item graph result for requested id.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", @@ -192,7 +192,7 @@ public Jobs getJobById( @Operation(description = "Cancel job for requested jobId.", operationId = "cancelJobByJobId", summary = "Cancel job for requested jobId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Job with requested jobId canceled.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, @@ -238,7 +238,7 @@ public Job cancelJobByJobId( @Operation(description = "Returns paginated jobs with state and execution times.", operationId = "getJobsByJobStates", summary = "Returns paginated jobs with state and execution times.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Paginated list of jobs with state and execution times for requested job states.", @@ -281,7 +281,7 @@ public PageResult getJobsByState( @Operation(operationId = "getAllAspectModels", summary = "Get all available aspect models from semantic hub or local models.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), tags = { "Aspect Models" }, + security = @SecurityRequirement(name = "oAuth2"), tags = { "Aspect Models" }, description = "Get all available aspect models from semantic hub or local models.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns all available aspect models.", content = { @Content(mediaType = APPLICATION_JSON_VALUE, diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java index 9c33044fb8..2ba3374983 100644 --- a/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java +++ b/irs-api/src/main/java/org/eclipse/tractusx/irs/ess/controller/EssController.java @@ -77,7 +77,7 @@ class EssController { @Operation(operationId = "registerBPNInvestigation", summary = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }, description = "Registers an IRS job to start an investigation if a given bpn is contained in a part chain of a given globalAssetId.") @ApiResponses(value = { @ApiResponse(responseCode = "201", description = "Returns id of registered job.", @@ -116,7 +116,7 @@ public JobHandle registerBPNInvestigation(final @Valid @RequestBody RegisterBpnI @Operation(description = "Return job with additional supplyChainImpacted information.", operationId = "getBPNInvestigation", summary = "Return job with additional supplyChainImpacted information.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Environmental and Social Standards" }) @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Return job with item graph for the requested id.", diff --git a/irs-api/src/main/resources/application-local.yml b/irs-api/src/main/resources/application-local.yml index ccef9d1490..edf68dcfce 100644 --- a/irs-api/src/main/resources/application-local.yml +++ b/irs-api/src/main/resources/application-local.yml @@ -30,7 +30,7 @@ spring: jwk-set-uri: https://localhost client: provider: - keycloak: + common: token-uri: https://localhost # ESS Module specific properties diff --git a/irs-api/src/main/resources/application.yml b/irs-api/src/main/resources/application.yml index be011ca1ef..5e371d20e1 100644 --- a/irs-api/src/main/resources/application.yml +++ b/irs-api/src/main/resources/application.yml @@ -9,22 +9,22 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM + client-id: ${OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM + client-secret: ${OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM portal: authorization-grant-type: client_credentials client-id: ${PORTAL_OAUTH2_CLIENT_ID} # OAuth2 client ID used to authenticate with the IAM client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # OAuth2 client secret used to authenticate with the IAM provider: - keycloak: - token-uri: ${KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials + common: + token-uri: ${OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials portal: token-uri: ${PORTAL_OAUTH2_CLIENT_TOKEN_URI:https://default} # OAuth2 endpoint to request tokens using the client credentials resourceserver: jwt: - jwk-set-uri: ${KEYCLOAK_OAUTH2_JWK_SET_URI:https://default} # OAuth2 endpoint to request the JWK set + jwk-set-uri: ${OAUTH2_JWK_SET_URI:https://default} # OAuth2 endpoint to request the JWK set management: # Spring management API config, see https://spring.io/guides/gs/centralized-configuration/ endpoints: @@ -181,7 +181,7 @@ digitalTwinRegistry: shellLookupEndpoint: ${DIGITALTWINREGISTRY_SHELL_LOOKUP_URL:} # The endpoint to lookup shells from the DTR, must contain the placeholder {assetIds} shellDescriptorTemplate: ${DIGITALTWINREGISTRY_SHELL_DESCRIPTOR_TEMPLATE:/shell-descriptors/{aasIdentifier}} # The path to retrieve AAS descriptors from the decentral DTR, must contain the placeholder {aasIdentifier} lookupShellsTemplate: ${DIGITALTWINREGISTRY_QUERY_SHELLS_PATH:/lookup/shells?assetIds={assetIds}} # The path to lookup shells from the decentral DTR, must contain the placeholder {assetIds} - oAuthClientId: keycloak # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client discoveryFinderUrl: ${DIGITALTWINREGISTRY_DISCOVERY_FINDER_URL:} # The endpoint to discover EDC endpoints to a particular BPN. timeout: read: PT90S # HTTP read timeout for the digital twin registry client @@ -206,7 +206,7 @@ semanticshub: # │ │ │ │ │ │ scheduler: 0 0 23 * * * # How often to clear the semantic model cache defaultUrns: "${SEMANTICSHUB_DEFAULT_URNS:urn:bamm:io.catenax.serial_part:1.0.0#SerialPart}" # IDs of models to cache at IRS startup - oAuthClientId: keycloak # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the semantic hub client connect: PT90S # HTTP connect timeout for the semantic hub client @@ -214,7 +214,7 @@ semanticshub: bpdm: bpnEndpoint: "${BPDM_URL:}" # Endpoint to resolve BPNs, must contain the placeholders {partnerId} and {idType} - oAuthClientId: keycloak # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client + oAuthClientId: common # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client timeout: read: PT90S # HTTP read timeout for the bpdm client connect: PT90S # HTTP connect timeout for the bpdm client diff --git a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java index 9696ae5477..585a058012 100644 --- a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java +++ b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/AuthenticationProperties.java @@ -37,16 +37,16 @@ private final String uri; private final String clientId; private final String clientSecret; - private final String keycloakUrl; + private final String oauth2Url; private final String grantType; private final String tokenPath; /* package */ AuthenticationProperties(final String uri, final String clientId, final String clientSecret, - final String keycloakUrl, final String grantType, final String tokenPath) { + final String oauth2Url, final String grantType, final String tokenPath) { this.uri = uri; this.clientId = clientId; this.clientSecret = clientSecret; - this.keycloakUrl = keycloakUrl; + this.oauth2Url = oauth2Url; this.grantType = grantType; this.tokenPath = tokenPath; } @@ -57,7 +57,7 @@ private String obtainAccessToken() { oauth2Payload.put("client_id", clientId); oauth2Payload.put("client_secret", clientSecret); - return given().params(oauth2Payload).post(keycloakUrl).then().extract().jsonPath().getString(tokenPath); + return given().params(oauth2Payload).post(oauth2Url).then().extract().jsonPath().getString(tokenPath); } /* package */ RequestSpecification getNewAuthenticationRequestSpecification() { diff --git a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java index 78337b47ba..3f6e2597f2 100644 --- a/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java +++ b/irs-cucumber-tests/src/test/java/org/eclipse/tractusx/irs/cucumber/E2ETestStepDefinitions.java @@ -103,18 +103,18 @@ public void theIRSURL(String irsUrl) { @And("the user {string} with authentication") public void theUser(String clientId) throws PropertyNotFoundException { authenticationPropertiesBuilder.clientId(clientId); - final String keycloakClientSecretKey = "KEYCLOAK_CLIENT_SECRET"; - String clientSecret = System.getenv(keycloakClientSecretKey); + final String oauth2UrlClientSecretKey = "OAUTH2_CLIENT_SECRET"; + String clientSecret = System.getenv(oauth2UrlClientSecretKey); if (clientSecret != null) { authenticationPropertiesBuilder.clientSecret(clientSecret); } else { - throw new PropertyNotFoundException("Environment Variable missing: " + keycloakClientSecretKey); + throw new PropertyNotFoundException("Environment Variable missing: " + oauth2UrlClientSecretKey); } } - @And("the keycloak token url {string}") - public void theKeycloakTokenUrl(String tokenUrl) { - authenticationPropertiesBuilder.keycloakUrl(tokenUrl); + @And("the OAuth2 token url {string}") + public void theOAuth2TokenUrl(String tokenUrl) { + authenticationPropertiesBuilder.oauth2Url(tokenUrl); } @Given("I register an IRS job for globalAssetId {string}") diff --git a/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java b/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java index 787348370e..4e4dfbc67f 100644 --- a/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java +++ b/irs-integration-tests/src/test/java/org/eclipse/tractusx/irs/configuration/SmokeTestConfiguration.java @@ -39,7 +39,7 @@ public SmokeTestConnectionProperties connection() { } @Bean - @ConfigurationProperties(prefix = "spring.security.oauth2.client.registration.keycloak") + @ConfigurationProperties(prefix = "spring.security.oauth2.client.registration.common") public SmokeTestCredentialsProperties credentials() { return new SmokeTestCredentialsProperties(); } diff --git a/irs-integration-tests/src/test/resources/application-dev.yml b/irs-integration-tests/src/test/resources/application-dev.yml index a86399429a..380549a462 100644 --- a/irs-integration-tests/src/test/resources/application-dev.yml +++ b/irs-integration-tests/src/test/resources/application-dev.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: dev diff --git a/irs-integration-tests/src/test/resources/application-int.yml b/irs-integration-tests/src/test/resources/application-int.yml index f9e69c315c..8afd655f47 100644 --- a/irs-integration-tests/src/test/resources/application-int.yml +++ b/irs-integration-tests/src/test/resources/application-int.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: int diff --git a/irs-integration-tests/src/test/resources/application-local.yml b/irs-integration-tests/src/test/resources/application-local.yml index 92e8f0273b..6da9f147f0 100644 --- a/irs-integration-tests/src/test/resources/application-local.yml +++ b/irs-integration-tests/src/test/resources/application-local.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: local diff --git a/irs-integration-tests/src/test/resources/application-prd.yml b/irs-integration-tests/src/test/resources/application-prd.yml index 451d50d1b4..f00c0bdf1d 100644 --- a/irs-integration-tests/src/test/resources/application-prd.yml +++ b/irs-integration-tests/src/test/resources/application-prd.yml @@ -5,10 +5,10 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} config: activate: on-profile: prd diff --git a/irs-integration-tests/src/test/resources/application.yml b/irs-integration-tests/src/test/resources/application.yml index a15afb8eb9..0e47a8fab6 100644 --- a/irs-integration-tests/src/test/resources/application.yml +++ b/irs-integration-tests/src/test/resources/application.yml @@ -8,9 +8,9 @@ spring: oauth2: client: registration: - keycloak: + common: authorization-grant-type: client_credentials - client-id: ${KEYCLOAK_OAUTH2_CLIENT_ID} - client-secret: ${KEYCLOAK_OAUTH2_CLIENT_SECRET} + client-id: ${OAUTH2_CLIENT_ID} + client-secret: ${OAUTH2_CLIENT_SECRET} profiles: active: ${SPRING_PROFILES_ACTIVE:dev} diff --git a/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java b/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java index 35edaab1ea..c31b6d4faa 100644 --- a/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java +++ b/irs-load-tests/src/test/java/org/eclipse/tractusx/irs/IRSLoadTestSimulation.java @@ -17,9 +17,9 @@ public class IRSLoadTestSimulation extends Simulation { { - final String keycloak_host = System.getenv("KEYCLOAK_HOST"); - final String clientSecret = System.getenv("KEYCLOAK_CLIENT_SECRET"); - final String clientId = System.getenv("KEYCLOAK_CLIENT_ID"); + final String oauth2_host = System.getenv("OAUTH2_HOST"); + final String clientSecret = System.getenv("OAUTH2_CLIENT_SECRET"); + final String clientId = System.getenv("OAUTH2_CLIENT_ID"); String body = "grant_type=client_credentials&client_id=" + clientId + "&client_secret=" + clientSecret; final String irsUrl = System.getenv("IRS_HOST"); final int testCycles = Integer.parseInt(System.getenv("TEST_CYCLES")); @@ -36,7 +36,7 @@ public class IRSLoadTestSimulation extends Simulation { ScenarioBuilder scn = scenario("IRS Load Test") .exec(http("Get access token") - .post(keycloak_host) + .post(oauth2_host) .body(StringBody(body)) .asFormUrlEncoded() .headers(headers_0) diff --git a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java index 5f3069a397..efad6f94d8 100644 --- a/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java +++ b/irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/controllers/PolicyStoreController.java @@ -74,7 +74,7 @@ public class PolicyStoreController { @Operation(operationId = "registerAllowedPolicy", summary = "Register a policy that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Register a policy that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "201"), @@ -106,7 +106,7 @@ public void registerAllowedPolicy(final @Valid @RequestBody CreatePolicyRequest @Operation(operationId = "getAllowedPolicies", summary = "Lists the registered policies that should be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Lists the registered policies that should be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200", description = "Returns the policies.", @@ -135,7 +135,7 @@ public List getPolicies() { @Operation(operationId = "deleteAllowedPolicy", summary = "Removes a policy that should no longer be accepted in EDC negotiation.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Removes a policy that should no longer be accepted in EDC negotiation.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), @@ -166,7 +166,7 @@ public void deleteAllowedPolicy(@PathVariable("policyId") final String policyId) } @Operation(operationId = "updateAllowedPolicy", summary = "Updates an existing policy with new validUntil value.", - security = @SecurityRequirement(name = "oAuth2", scopes = "profile email"), + security = @SecurityRequirement(name = "oAuth2"), tags = { "Item Relationship Service" }, description = "Updates an existing policy with new validUntil value.") @ApiResponses(value = { @ApiResponse(responseCode = "200"), diff --git a/local/testing/IRS_Request_Collection.json b/local/testing/IRS_Request_Collection.json index 94d93b2f7c..4720b2e97a 100644 --- a/local/testing/IRS_Request_Collection.json +++ b/local/testing/IRS_Request_Collection.json @@ -19,7 +19,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -82,7 +82,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -119,7 +119,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -156,7 +156,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.ADMIN_ID }}", "clientSecret": "{{ _.ADMIN_SECRET }}" }, @@ -193,7 +193,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "credentialsInBody": false @@ -243,7 +243,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "credentialsInBody": false @@ -323,7 +323,7 @@ "type": "oauth2", "grantType": "client_credentials", "credentialsInBody": false, - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -359,7 +359,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -395,7 +395,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -432,7 +432,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -469,7 +469,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -514,7 +514,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "credentialsInBody": false @@ -552,7 +552,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -601,7 +601,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -638,7 +638,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -675,7 +675,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -712,7 +712,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -749,7 +749,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -786,7 +786,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -823,7 +823,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -860,7 +860,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -897,7 +897,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -934,7 +934,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -971,7 +971,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1008,7 +1008,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1045,7 +1045,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1082,7 +1082,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1119,7 +1119,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1156,7 +1156,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1193,7 +1193,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1230,7 +1230,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1267,7 +1267,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1304,7 +1304,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1341,7 +1341,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1378,7 +1378,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1415,7 +1415,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1455,7 +1455,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1495,7 +1495,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1535,7 +1535,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1569,7 +1569,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1609,7 +1609,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1649,7 +1649,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1683,7 +1683,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1717,7 +1717,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1751,7 +1751,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1785,7 +1785,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1822,7 +1822,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "disabled": false @@ -1872,7 +1872,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "disabled": false @@ -1910,7 +1910,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}", "disabled": false @@ -1948,7 +1948,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -1994,7 +1994,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2048,7 +2048,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2088,7 +2088,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2122,7 +2122,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2156,7 +2156,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2198,7 +2198,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2239,7 +2239,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2268,7 +2268,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2303,7 +2303,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2349,7 +2349,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2398,7 +2398,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2444,7 +2444,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2481,7 +2481,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2530,7 +2530,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2564,7 +2564,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2598,7 +2598,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, @@ -2632,7 +2632,7 @@ "authentication": { "type": "oauth2", "grantType": "client_credentials", - "accessTokenUrl": "{{ _.KEYCLOAK_TOKEN_URL }}", + "accessTokenUrl": "{{ _.OAUTH2_TOKEN_URL }}", "clientId": "{{ _.CLIENT_ID }}", "clientSecret": "{{ _.CLIENT_SECRET }}" }, diff --git a/local/testing/IRS_TEMPLATE_environment.json b/local/testing/IRS_TEMPLATE_environment.json index 89804e4d79..70a5ba5206 100644 --- a/local/testing/IRS_TEMPLATE_environment.json +++ b/local/testing/IRS_TEMPLATE_environment.json @@ -1,6 +1,6 @@ { "IRS_HOST": "http://localhost:8080", - "KEYCLOAK_TOKEN_URL": "", + "OAUTH2_TOKEN_URL": "", "CLIENT_ID": "", "CLIENT_SECRET": "", "DIGITAL_TWIN_REGISTRY": "", diff --git a/local/testing/api-tests/README.md b/local/testing/api-tests/README.md index 66812d7af9..8ea0c966b7 100644 --- a/local/testing/api-tests/README.md +++ b/local/testing/api-tests/README.md @@ -12,9 +12,9 @@ export IRS_HOST="http://localhost:8080" export GLOBAL_ASSET_ID=urn:uuid:a4a2ba57-1c50-48ad-8981-7a0ef032146b # cannot put secrets here, please set it manually -export KEYCLOAK_HOST="" -export KEYCLOAK_CLIENT_ID= -export KEYCLOAK_CLIENT_SECRET= +export OAUTH2_HOST="" +export OAUTH2_CLIENT_ID= +export OAUTH2_CLIENT_SECRET= ``` * Execute command ```console diff --git a/local/testing/api-tests/tavern_helpers.py b/local/testing/api-tests/tavern_helpers.py index f273182c1e..ad08bbfc2a 100644 --- a/local/testing/api-tests/tavern_helpers.py +++ b/local/testing/api-tests/tavern_helpers.py @@ -340,9 +340,9 @@ def job_parameter_are_as_requested(response): def create_bearer_token(): - url = os.getenv('KEYCLOAK_HOST') - client_id = os.getenv('KEYCLOAK_CLIENT_ID') - client_secret = os.getenv('KEYCLOAK_CLIENT_SECRET') + url = os.getenv('OAUTH2_HOST') + client_id = os.getenv('OAUTH2_CLIENT_ID') + client_secret = os.getenv('OAUTH2_CLIENT_SECRET') data = {"grant_type": "client_credentials", "client_id": client_id, "client_secret": client_secret} token = requests.post(url, data).json().get('access_token')