Merge pull request #782 from catenax-ng/main

Several refactorings

.github/codeql/codeql-config.yml

@@ -22,6 +22,9 @@ query-filters:
       id:
         - java/unused-reference-type
         - java/spring-disabled-csrf-protection
+      problem.severity:
+        - warning
+        - recommendation
 
 paths-ignore:
   - frontend/dist
@@ -32,4 +35,4 @@ paths-ignore:
   - frontend/src/mockServiceWorker.js
   - tx-backend/src/main/resources/application-integration-spring-boot.yml
   - docs/src/post-processing
-  - tx-backend/target/generated-sources/jsonschema2pojo
+  - tx-backend/target

CHANGELOG.md

@@ -8,18 +8,25 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 _**For better traceability add the corresponding GitHub issue number in each changelog entry, please.**_
 
 ## [UNRELEASED - DD.MM.YYYY]
-
 ### Added
+- #695 OAuth2.0 Client scope configuration
 - #606 Added error message into notifications on failure
+- #596 Added Policy management documentation
+- Added overview of the scheduler tasks in documentation
 
 ### Changed
-
 - #709 Bumped spring-core from 6.0.17 to 6.1.5
 - #606 cucumber tests retry on error
 - #606 refactored response model to only be used by common model package tx-models
-
+- #709 Fixed CVE-2024-22257 overriding spring-security-core from 6.1.7 to 6.2.3
+- #596 Policy management has been moved to different module
+- #762 updated documentation for release 24.5
 
 ### Removed
+- Shedlock, resilence4j, templateResolver as not used anymore
+
+### Added
+- #630 Added Parts extended detailed view
 
 ## [10.7.0 - 18.03.2024]
 

charts/traceability-foss/charts/backend/templates/deployment.yaml

@@ -90,6 +90,8 @@ spec:
               value: {{ .Values.oauth2.clientId | quote }}
             - name: OAUTH2_CLIENT_SECRET
               value: {{ .Values.oauth2.clientSecret | quote }}
+            - name: OAUTH2_CLIENT_SCOPE
+              value: {{ .Values.oauth2.clientScope | quote }}
             - name: OAUTH2_PROVIDER_TOKEN_URI
               value: {{ .Values.oauth2.clientTokenUri | quote }}
             - name: OAUTH2_JWK_SET_URI

docs/src/docs/arc42/building-block-view/whitebox-overall.adoc → docs/src/docs/arc42/building-block-view/blackbox-overall.adoc

@@ -1,13 +1,13 @@
-= Whitebox overall system
+= Blackbox overall system
 
-== [Outdated] Component diagram
+== Component diagram
 
 [plantuml, target=whitebox-overview, format=svg]
 ....
 include::../../../uml-diagrams/arc42/building-block-view/whitebox_overall.puml[]
 ....
 
-== [Outdated] Component description
+== Component description
 
 |===
 |Components |Description
@@ -19,11 +19,9 @@ include::../../../uml-diagrams/arc42/building-block-view/whitebox_overall.puml[]
 |The EDC Consumer Component is there to fulfill the GAIA-X and IDSA-data sovereignty principles. The EDC Consumer consists out of a control plane and a data plane.
 
 |EDC Provider
-|The EDC Provider Component connects with EDC Consumer component and  forms the end point for the actual exchange of data. It handles automatic contract negotiation and the subsequent exchange of data assets for connected applications.
+|The EDC Provider Component connects with EDC Consumer component and forms the endpoint for the actual exchange of data. It handles automatic contract negotiation and the subsequent exchange of data assets for connected applications.
 
 |Submodel Server
 |The Submodel Server offers endpoints for requesting the Submodel aspects.
 
-|IAM/DAPS
-|DAPS as central Identity Provider
 |===

docs/src/docs/arc42/building-block-view/full.adoc

@@ -1,5 +1,5 @@
 = Building block view
 
-include::whitebox-overall.adoc[leveloffset=+1]
+include::blackbox-overall.adoc[leveloffset=+1]
 include::level-1.adoc[leveloffset=+1]
 

docs/src/docs/arc42/building-block-view/index.adoc

@@ -2,6 +2,5 @@
 
 == Chapters
 
-- xref:whitebox-overall.adoc[Whitebox overall system]
+- xref:blackbox-overall.adoc[Blackbox overall system]
 - xref:level-1.adoc[Level 1]
-- xref:level-2.adoc[Level 2]

docs/src/docs/arc42/runtime-view/assets/return-all-assets.adoc

@@ -9,7 +9,7 @@ The same can be done with as planned assets.
 include::../../../../uml-diagrams/arc42/runtime-view/assets/return-all-assets.puml[]
 ....
 
-==== Overview
+== Overview
 
 When a user requests stored assets, TraceX-FOSS checks if the user has an adequate role ('ROLE_ADMIN', 'ROLE_SUPERVISOR', 'ROLE_USER').
 If yes, then the endpoint returns a pageable result of assets.

docs/src/docs/arc42/runtime-view/assets/return-specific-assets.adoc

@@ -9,7 +9,7 @@ The same can be done with as planned assets.
 include::../../../../uml-diagrams/arc42/runtime-view/assets/return-specific-assets.puml[]
 ....
 
-==== Overview
+== Overview
 
 When a user requests a specific asset, TraceX-FOSS checks if the user has an adequate role ('ROLE_ADMIN', 'ROLE_SUPERVISOR', 'ROLE_USER'). If yes, then the endpoint returns a precise Asset for the given assetId, if it is found.
 

docs/src/docs/arc42/runtime-view/data-sovereignty/return_asset_contracts.adoc

@@ -2,12 +2,12 @@
 
 This section describes functionality and the behavior in case a user requests contract agreements from Trace-X via the Trace-X contracts API (/contracts).
 
-[plantuml,target=return-all-assets,format=svg]
+[plantuml,target=return-all-contracts,format=svg]
 ....
 include::../../../../uml-diagrams/arc42/runtime-view/data-sovereignty/get-all-contracts-sequenceflow.puml[]
 ....
 
-==== Overview
+== Overview
 
 In case a user requests contract agreements, Trace-X checks if the user has required roles ('ROLE_ADMIN', 'ROLE_SUPERVISOR').
 If yes, then the requested assets will be mapped to the related contract agreement id.

docs/src/docs/arc42/runtime-view/full.adoc

@@ -7,3 +7,5 @@ include::notifications.adoc[leveloffset=+1]
 include::data-consumption.adoc[leveloffset=+1]
 include::data-provisioning.adoc[leveloffset=+1]
 include::data-sovereignty.adoc[leveloffset=+1]
+include::policies.adoc[leveloffset=+1]
+include::scheduler.adoc[leveloffset=+1]

docs/src/docs/arc42/runtime-view/policies.adoc

@@ -0,0 +1,45 @@
+= Policies
+
+== Overview
+=== Scenario 1: Start Up interaction with IRS Policy Store
+Trace-X instance define a constraint which is required for data consumption and provisioning.
+Trace-X retrieves all policies by IRS and validates if one of the policies contains the required constraint given by Trace-X.
+If a policy with the constraint exists and is valid process ends. If the policy is not valid it will create one with the given constraint.
+
+This sequence diagram describes the process of retrieving or creating policies within the IRS Policy Store based on Trace-X given constraint.
+
+[plantuml, target=policy-startup-configuration, format=svg]
+....
+include::../../../uml-diagrams/arc42/runtime-view/policies/policy-startup-configuration.puml[]
+....
+
+=== Scenario 2: Start Up interaction with EDC
+Trace-X instance uses the policy which includes the defined constraint and transforms it into a valid EDC Policy Request.
+The EDC Policy Request will be used for creating a policy for the required notification contracts.
+
+This sequence diagram describes the process of retrieving the correct policy by IRS Policy Store based on Trace-X given constraint and reuses it for creating an EDC Policy.
+
+[plantuml, target=policy-startup-notification-contract, format=svg]
+....
+include::../../../uml-diagrams/arc42/runtime-view/policies/policy-startup-notification-contract.puml[]
+....
+
+=== Scenario 3: Provisioning of notifications
+Trace-X instance uses the policy which includes the defined constraint and reuses it for validation of catalog offers by the receiver edc.
+
+This sequence diagram describes the process of how the policy with the defined constraint will be used for validation of catalog offers by the receiver edc, to validate if sending is valid.
+
+[plantuml, target=policy-notifications, format=svg]
+....
+include::../../../uml-diagrams/arc42/runtime-view/policies/policy-notifications.puml[]
+....
+
+=== Scenario 4: Provisioning of assets
+Trace-X instance uses the policy which includes the defined constraint and reuses it for creating edc assets .
+
+This sequence diagram describes the process of how the policy with the defined constraint will be reused for registering edc data assets.
+
+[plantuml, target=policy-assets, format=svg]
+....
+include::../../../uml-diagrams/arc42/runtime-view/policies/policy-assets.puml[]
+....

docs/src/docs/arc42/runtime-view/scheduler.adoc

@@ -0,0 +1,4 @@
+= Scheduler
+
+include::scheduler/scheduler.adoc[leveloffset=+1]
+

docs/src/docs/arc42/runtime-view/scheduler/scheduler.adoc

@@ -0,0 +1,8 @@
+An overview of the scheduler tasks configured in the system.
+
+[options="header"]
+|===
+|Scheduler Name | Execution Interval | Description
+|PublishAssetsJob | Every hour at 30min | Publishes assets in IN_SYNCHRONIZATION state to core services. The process combines 'as-built' and 'as-planned' assets and initiates their publication for synchronization in the traceability system.
+|AssetsRefreshJob | Every 2 hours | Invokes the synchronization of asset shell descriptors with the decentralized registry. It ensures the latest asset information is fetched and updated in the system from external sources.
+|===

docs/src/docs/arc42/scope-context/technical-context.adoc

@@ -41,8 +41,10 @@ Request contains details required to start IRS fetch job provided by the compone
 include::../../../uml-diagrams/arc42/scope-context/technical-context/portal-api-view.puml[]
 ....
 
-The Trace-X acts as a consumer of the Portal component. The Trace-X contains a Restful client (REST template) that build a REST call to the mentioned Portal API based on its known URL (the Portal URL is configurable in the Trace-X).
-Request contains "bpns" provided by the component during sending notifications. Like described in the above section, the security aspect is required in order to achieve a REST call against the Portal. As a response, the Trace-X gets the corresponding BPN mappings to EDC urls where a notification should be send over. And as mentioned above, the transport protocol HTTP(S) is used for the REST call communication.
+The Trace-X acts as a consumer of the Portal component.
+The Trace-X contains a Restful client (REST template) that builds a REST call to the mentioned Portal API based on its known URL (the Portal URL is configurable in the Trace-X).
+The Portal is used to authenticate users and requests against the backend.
+And as mentioned above, the transport protocol HTTP(S) is used for the REST call communication.
 
 === [Outdated] EDC API
 
@@ -51,4 +53,8 @@ Request contains "bpns" provided by the component during sending notifications.
 include::../../../uml-diagrams/arc42/scope-context/technical-context/edc-api-view.puml[]
 ....
 
-The Trace-X acts as a consumer of the EDC component. In Trace-X we communicate with EDC directly only for the sake of fulfilling quality-investigation functionality. Specific use cases can be viewed in xref:../runtime-view/index.adoc[Runtime view] section. For this purposes the integrated EDC clients in the Trace-X are responsible for creating restful requests to the EDC component. And as mentioned above, the transport protocol HTTP(S) is used for the REST call communication.
+The Trace-X acts as a consumer and provider of the EDC component.
+In Trace-X we communicate with EDC directly only for the sake of fulfilling quality-investigation functionality.
+Specific use cases can be viewed in xref:../runtime-view/index.adoc[Runtime view] section.
+For these purposes the integrated EDC clients in the Trace-X are responsible for creating restful requests to the EDC component.
+And as mentioned above, the transport protocol HTTP(S) is used for the REST call communication.

docs/src/docs/user/user-manual.adoc

@@ -271,6 +271,23 @@ Detailed information on the IDs for the manufactured part/batch.
 
 Information about the identifiers at the customer for the respective part/batch.
 
+==== Traction battery code data
+
+If the asset has the "traction battery code" aspect model, an additional section underneath will be displayed.
+In this section there are detailed information about the traction battery and a table with its subcomponents
+
+==== Creation of a quality incident from detailed view
+
+By clicking on the "announcement" icon you can create a quality incident from the detailed view, containing the part information in the currently opened detailed view. If this
+functionality is disabled, a tooltip will provide information explaining the reason. You can trigger the tooltip by hovering above the button.
+
+==== Publish asset from detailed view
+
+By clicking on the "publish" icon, you can publish the currently opened part from the detailed view. If the icon is disabled,
+a tooltip will provide information explaining the reason. You can trigger the tooltip by hovering above the button
+
+
+
 == Other parts
 
 List view of the supplied/delivered parts and batches (Supplier parts / Customer parts).

docs/src/uml-diagrams/arc42/building-block-view/whitebox_overall.puml

@@ -17,11 +17,11 @@ component [**TraceXApplication**] <<System>> {
 }
 
 component [**CatenaX-Network**] <<CX-Environment>> {
-    component [**IAM/KeyCloak**] <<System>> as IAM_IRS
+    component [**Portal**] <<System>> as PORTAL
     component [**Digital Twin Registry**] <<System>> as DT_REG
-    component [**IRS**] <<System>> as IAM_DAPS
-    IAM_IRS --[hidden]> DT_REG
-    DT_REG --[hidden]>  IAM_DAPS
+    component [**IRS**] <<System>> as IRS
+    PORTAL --[hidden]> DT_REG
+    DT_REG --[hidden]>  IRS
 }
 
 component [**Tier/OEM**] <<Tier/OEM-Environment>> {
@@ -38,19 +38,20 @@ component [**Tier/OEM**] <<Tier/OEM-Environment>> {
 actor IrsApiConsumer
 
 IrsApiConsumer -right(0- TraceX
-IrsApiConsumer <.r.> IAM_IRS
+IrsApiConsumer <.r.> PORTAL
 TraceX <.d.> EDC
-TraceX <.l.> IAM_IRS
-TraceX <.> DT_REG
-EDC <..> IAM_DAPS
+TraceX <.l.> PORTAL
+TraceX <..> IRS
+EDC <..> DT_REG
 EDC <..> EDCProviderOEM
 EDC <...> EDCProviderTier1
 EDC <....> EDCProviderTier11
-IAM_DAPS <..> EDCProviderOEM
-IAM_DAPS <...> EDCProviderTier1
-IAM_DAPS <....> EDCProviderTier11
+IRS <..> EDCProviderOEM
+IRS <...> EDCProviderTier1
+IRS <....> EDCProviderTier11
 EDCProviderOEM <..> SubmodelServerOEM
 EDCProviderTier1 <..> SubmodelServerTier1
+EDCProviderTier1 <..> SubmodelServerTier1
 EDCProviderTier11 <..> SubmodelServerTier11
 
 @enduml

docs/src/uml-diagrams/arc42/runtime-view/policies/policy-assets.puml

@@ -0,0 +1,18 @@
+@startuml
+skinparam monochrome true
+skinparam shadowing false
+skinparam defaultFontName "Architects daughter"
+
+title Sequence Diagram: Policy Handling on asset provisioning flow
+participant "TraceX" as TraceX
+participant "EDC Consumer" as EdcConsumer
+participant "EDC Provider (other) " as EdcProvider
+
+TraceX -> TraceX: Publish Asset to Core Services
+TraceX -> EdcConsumer: Register policy
+EdcConsumer -> EdcProvider: Register policy
+EdcProvider -> EdcConsumer: Return ok
+EdcConsumer -> TraceX: Return ok
+TraceX -> TraceX: Reuse policy for contract definition creation
+
+@enduml

docs/src/uml-diagrams/arc42/runtime-view/policies/policy-notifications.puml

@@ -0,0 +1,49 @@
+@startuml
+skinparam monochrome true
+skinparam shadowing false
+skinparam defaultFontName "Architects daughter"
+
+title Sequence Diagram: Policy Handling on notification flow
+participant "TraceX" as TraceX
+participant "IRS " as IRS
+participant "EDC Consumer" as EdcConsumer
+participant "EDC Provider (other) " as EdcProvider
+
+TraceX -> TraceX: Approve, Acknowledge, Accept, Decline or Close Notification
+TraceX -> EdcConsumer: Get catalog of receiver
+EdcConsumer -> EdcProvider: Get catalog of receiver
+EdcProvider -> EdcConsumer: Return catalog
+EdcConsumer -> TraceX: Return catalog
+TraceX -> TraceX: Validate Contract Type, Method and Policy
+
+alt Notification Type: Alert
+    TraceX -> TraceX: Filter for method (update, receive)
+    TraceX -> TraceX: Validate if catalog policy matches the configured policies in IRS Lib (3 Default Policies)
+    alt Method: Update
+        TraceX -> EdcConsumer: Send out alert notification (update method)
+         EdcConsumer -> EdcProvider: Send out alert notification (update method)
+                  EdcProvider -> EdcConsumer: ok
+                  EdcConsumer -> TraceX: ..
+    else Method: Receive
+        TraceX -> EdcConsumer: Send out alert notification (receive method)
+         EdcConsumer -> EdcProvider: Send out alert notification (receive method)
+         EdcProvider -> EdcConsumer: ok
+         EdcConsumer -> TraceX: ..
+    end
+else Notification Type: Investigation
+    TraceX -> TraceX: Filter for method (update, receive)
+    TraceX -> TraceX: Validate if catalog policy matches the configured policies in IRS Lib (3 Default Policies)
+    alt Method: Update
+        TraceX -> EdcConsumer: Send out Investigation notification (update method)
+         EdcConsumer -> EdcProvider: Send out Investigation notification (update method)
+                  EdcProvider -> EdcConsumer: ok
+                  EdcConsumer -> TraceX: ..
+    else Method: Receive
+        TraceX -> EdcConsumer: Send out Investigation notification (receive method)
+         EdcConsumer -> EdcProvider: Send out Investigation notification (receive method)
+                  EdcProvider -> EdcConsumer: ok
+                  EdcConsumer -> TraceX: ..
+    end
+end
+
+@enduml

docs/src/docs/concepts/#534-policies/policy-handling-tracex.puml → docs/src/uml-diagrams/arc42/runtime-view/policies/policy-startup-configuration.puml

@@ -7,9 +7,11 @@ participant "TraceXConfig" as Config
 participant "TraceX" as TraceX
 participant "IRS " as IRS
 
-Config -> TraceX : ID 3.0 Trace
+Config -> TraceX : Constraint
 TraceX -> IRS : Get Policies
-IRS -> TraceX: Return policies (Default Policies from IRS (C1: Membership, C2: Framework, C3: ID3.0)
+IRS -> TraceX: Return policies
+TraceX -> TraceX: Check if a policy matches own constraint
+
 TraceX -> IRS : Create(not exists) or update(exists)
 
 @enduml