Merge pull request #159 from catenax-ng/main

Merge hotfix release with new DTR version updates
eclipse-tractusx · Aug 30, 2023 · 35c9c9e · 35c9c9e
2 parents f04fa78 + c262bd2
commit 35c9c9e
Show file tree

Hide file tree

Showing 62 changed files with 10,124 additions and 4,981 deletions.
diff --git a/.github/workflows/tavern-integration.yml b/.github/workflows/tavern-integration.yml
@@ -26,7 +26,7 @@ on:
       global-asset-id-asBuilt:
         type: string
         description: Global-asset-id to use for the asBuilt tests.
-        default: 'urn:uuid:7940e0cc-7814-41eb-8b04-d984a325deec'
+        default: 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb'
         required: true
       bpn-asBuilt:
         type: string
@@ -66,7 +66,7 @@ jobs:
           KEYCLOAK_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }}
           GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }}
           BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }}
-          GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:7940e0cc-7814-41eb-8b04-d984a325deec' }}
+          GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb' }}
           BPN_AS_BUILT: ${{ github.event.inputs.bpn-asBuilt || 'BPNL00000003AYRE' }}
         run: |
           python -m pytest local/testing/api-tests/irs-api-tests.tavern.yaml --junitxml=tavern-results.xml

diff --git a/.github/workflows/tavern.yml b/.github/workflows/tavern.yml
@@ -26,7 +26,7 @@ on:
       global-asset-id-asBuilt:
         type: string
         description: Global-asset-id to use for the asBuilt tests.
-        default: 'urn:uuid:7940e0cc-7814-41eb-8b04-d984a325deec'
+        default: 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb'
         required: true
       bpn-asBuilt:
         type: string
@@ -68,7 +68,7 @@ jobs:
           KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }}
           GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }}
           BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }}
-          GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:7940e0cc-7814-41eb-8b04-d984a325deec' }}
+          GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb' }}
           BPN_AS_BUILT: ${{ github.event.inputs.bpn-asBuilt || 'BPNL00000003AYRE' }}
         run: |
           python -m pytest local/testing/api-tests/irs-api-tests.tavern.yaml --junitxml=tavern-results.xml

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
 ### Added
 - Added fetchCatalog to EDCCatalogFacade
+- Introduced new API endpoint to update 'validUntil' property of Policy - PUT {{IRS_HOST}}/irs/policies/{policyId}
+
+### Fixed
+- Fixed bug where BPN's were delivered without 'manufacturerName' property filled
+
+## [3.3.5] - 2023-08-30
+### Changed
+- Updated IRS Digital Twin Registry Client to support latest version 0.3.14-M1
 
 ## [3.3.4] - 2023-08-24
 ### Fixed
@@ -313,7 +321,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Unresolved
 - **Select Aspects you need**  You are able to select the needed aspects for which you want to collect the correct endpoint information.
 
-[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.4...HEAD
+[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.5...HEAD
+[3.3.5]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.4...3.3.5
 [3.3.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.3...3.3.4
 [3.3.3]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.2...3.3.3
 [3.3.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.3.1...3.3.2

diff --git a/DEPENDENCIES b/DEPENDENCIES
@@ -158,7 +158,7 @@ maven/mavencentral/org.eclipse.tractusx.irs/irs-edc-client/0.0.2-SNAPSHOT, Apach
 maven/mavencentral/org.eclipse.tractusx.irs/irs-ess/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-models/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.irs/irs-policy-store/0.0.2-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.1.1-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.irs/irs-registry-client/1.2.0-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
 maven/mavencentral/org.graalvm.sdk/graal-sdk/23.0.1, UPL-1.0, approved, #9850
 maven/mavencentral/org.hamcrest/hamcrest-core/2.2, BSD-3-Clause, approved, clearlydefined

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,7 +1,19 @@
 # Security Policy
 
-
 ## Reporting a Vulnerability
 
-Please report a found vulnerability here:
-[https://www.eclipse.org/security/](https://www.eclipse.org/security/)
+Please do **not** report security vulnerabilities through public GitHub issues.
+
+Please report vulnerabilities to this repository via **GitHub security advisories** instead.
+
+__How?__ Inside affected repository --> security tab
+
+for contributor:
+--> Report a vulnerability
+
+for committer:
+--> advisories --> New draft security advisory
+
+In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/
+
+See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability).
diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md
@@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.5.0] - 2023-08-30
+### Added
+- Added configurable values for `digitalTwinRegistry.shellDescriptorTemplate` and `digitalTwinRegistry.lookupShellsTemplate`
+
+### Changed
+- Update IRS version to 3.3.5
+
 ## [6.4.2] - 2023-08-11
 ### Added
 - Added entry to .helmignore to only accept values.yaml

diff --git a/charts/irs-helm/Chart.yaml b/charts/irs-helm/Chart.yaml
@@ -35,12 +35,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 6.4.2
+version: 6.5.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "3.3.4"
+appVersion: "3.3.5"
 dependencies:
   - name: common
     repository: https://charts.bitnami.com/bitnami

diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml
@@ -70,6 +70,8 @@ data:
       descriptorEndpoint: {{ tpl (.Values.digitalTwinRegistry.descriptorEndpoint | default "") . | quote }}
       shellLookupEndpoint: {{ tpl (.Values.digitalTwinRegistry.shellLookupEndpoint | default "") . | quote }}
       discoveryFinderUrl: {{ tpl (.Values.digitalTwinRegistry.discoveryFinderUrl | default "") . | quote }}
+      shellDescriptorTemplate: {{ .Values.digitalTwinRegistry.shellDescriptorTemplate | default "" | quote }}
+      lookupShellsTemplate: {{ .Values.digitalTwinRegistry.lookupShellsTemplate | default "" | quote }}
       type: {{ tpl (.Values.digitalTwinRegistry.type | default "") . | quote }}
 
     semanticshub:

diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml
@@ -116,6 +116,8 @@ digitalTwinRegistry:
     {{ tpl (.Values.digitalTwinRegistry.url | default "") . }}/shell-descriptors/{aasIdentifier}
   shellLookupEndpoint: >-
     {{ tpl (.Values.digitalTwinRegistry.url | default "") . }}/lookup/shells?assetIds={assetIds}
+  shellDescriptorTemplate: /shell-descriptors/{aasIdentifier}  # The path to retrieve AAS descriptors from the decentral DTR, must contain the placeholder {aasIdentifier}
+  lookupShellsTemplate: /lookup/shells?assetIds={assetIds}  # The path to lookup shells from the decentral DTR, must contain the placeholder {assetIds}
   discoveryFinderUrl:  # "https://<discovery-finder-url>
 semanticshub:
   url:  # https://<semantics-hub-url>

diff --git a/docs/src/api/irs-v1.0.yaml b/docs/src/api/irs-v1.0.yaml
@@ -880,6 +880,57 @@ paths:
       summary: Removes a policy that should no longer be accepted in EDC negotiation.
       tags:
         - Item Relationship Service
+    put:
+      description: Updates an existing policy with new validUntil value.
+      operationId: updateAllowedPolicy
+      parameters:
+        - in: path
+          name: policyId
+          required: true
+          schema:
+            type: string
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/UpdatePolicyRequest'
+        required: true
+      responses:
+        "200":
+          description: OK
+        "400":
+          content:
+            application/json:
+              examples:
+                error:
+                  $ref: '#/components/examples/error-response-400'
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+          description: Policy update failed.
+        "401":
+          content:
+            application/json:
+              examples:
+                error:
+                  $ref: '#/components/examples/error-response-401'
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+          description: No valid authentication credentials.
+        "403":
+          content:
+            application/json:
+              examples:
+                error:
+                  $ref: '#/components/examples/error-response-403'
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+          description: Authorization refused by server.
+      security:
+        - oAuth2:
+            - profile email
+      summary: Updates an existing policy with new validUntil value.
+      tags:
+        - Item Relationship Service
 components:
   examples:
     canceled-job-response:
@@ -2335,6 +2386,18 @@ components:
           type: array
           items:
             $ref: '#/components/schemas/AspectModel'
+    UpdatePolicyRequest:
+      type: object
+      additionalProperties: false
+      description: Request to add a policy
+      properties:
+        validUntil:
+          type: string
+          format: date-time
+          description: Timestamp after which the policy will no longer be accepted
+            in negotiations
+      required:
+        - validUntil
   securitySchemes:
     oAuth2:
       flows:

diff --git a/docs/src/uml-diagrams/policy-store/policy-store-model.puml b/docs/src/uml-diagrams/policy-store/policy-store-model.puml
@@ -0,0 +1,72 @@
+@startuml
+'https://plantuml.com/class-diagram
+
+'https://www.w3.org/TR/odrl-model/'
+
+class Policy {
+    * policyId : String
+    createdOn : OffsetDateTime
+    validUntil : OffsetDateTime
+    permissions : Collection<Permission>
+}
+
+class Permission {
+    action : PolicyType
+    constraints : List<Constraint>
+}
+
+note left
+    AND (and)
+    OR (or)
+    XONE (xone)
+    ANDSEQUENCE (andsequence)
+end note
+
+class Constraint {
+     leftOperand  : String
+     operator : OperatorType
+     rightOperand : List<String>
+}
+
+'https://www.w3.org/TR/odrl-vocab/#constraintRelationalOperators'
+enum OperatorType {
+    EQ (eq, "Equals to")
+    NEQ (neq, "Not equal to")
+    LT (lt, "Less than")
+    GT (gt, "Greater than")
+    IN (in, "In")
+    LTEQ (lteq, "Less than or equal to")
+    GTEQ (gteq, "Greater than or equal to")
+    ISA (isA, "Is a")
+    HASPART (hasPart, "Has part")
+    ISPARTOF (isPartOf, "Is part of")
+    IAO (isAllOf, "Is all of")
+    ISALLOF (isAllOf, "Is all of")
+    ISNONEOF (isNoneOf, "Is none of")
+}
+
+'"@id": "http://www.w3.org/ns/odrl/2/gt"'
+'"@id": "http://www.w3.org/ns/odrl/2/gteq"'
+'"@id": "http://www.w3.org/ns/odrl/2/isPartOf"'
+'"@id": "http://www.w3.org/ns/odrl/2/hasPart"'
+'"@id": "http://www.w3.org/ns/odrl/2/isAnyOf"'
+'"@id": "http://www.w3.org/ns/odrl/2/lteq"'
+'"@id": "http://www.w3.org/ns/odrl/2/eq"'
+'"@id": "http://www.w3.org/ns/odrl/2/neq"'
+'"@id": "http://www.w3.org/ns/odrl/2/isNoneOf"'
+'"@id": "http://www.w3.org/ns/odrl/2/lt"'
+'"@id": "http://www.w3.org/ns/odrl/2/isAllOf"'
+'"@id": "http://www.w3.org/ns/odrl/2/isA"'
+
+enum PolicyType {
+    ACCESS
+    USE
+}
+
+
+
+Policy ||--|{  Permission
+Permission ||--|| PolicyType
+Permission ||--|{  Constraint
+Constraint ||--|| OperatorType
+@enduml
diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RegistryConfiguration.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/RegistryConfiguration.java
@@ -67,15 +67,18 @@ public DigitalTwinRegistryClient digitalTwinRegistryClientImpl(
     @ConditionalOnProperty(prefix = "digitalTwinRegistry", name = "type", havingValue = "decentral")
     public DecentralDigitalTwinRegistryService decentralDigitalTwinRegistryService(
             @Qualifier(RestTemplateConfig.EDC_REST_TEMPLATE) final RestTemplate edcRestTemplate,
-            final ConnectorEndpointsService connectorEndpointsService, final EdcSubmodelFacade facade) {
+            final ConnectorEndpointsService connectorEndpointsService, final EdcSubmodelFacade facade,
+            @Value("${digitalTwinRegistry.shellDescriptorTemplate:}") final String shellDescriptorTemplate,
+            @Value("${digitalTwinRegistry.lookupShellsTemplate:}") final String lookupShellsTemplate) {
         return new DecentralDigitalTwinRegistryService(connectorEndpointsService,
                 new EndpointDataForConnectorsService((edcConnectorEndpoint, assetType, assetValue) -> {
                     try {
                         return facade.getEndpointReferenceForAsset(edcConnectorEndpoint, assetType, assetValue);
                     } catch (EdcClientException e) {
                         throw new EdcRetrieverException(e);
                     }
-                }), new DecentralDigitalTwinRegistryClient(edcRestTemplate));
+                }),
+                new DecentralDigitalTwinRegistryClient(edcRestTemplate, shellDescriptorTemplate, lookupShellsTemplate));
     }
 
     @Bean

diff --git a/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java b/irs-api/src/main/java/org/eclipse/tractusx/irs/controllers/BatchController.java
@@ -41,6 +41,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.eclipse.tractusx.irs.IrsApplication;
+import org.eclipse.tractusx.irs.common.auth.IrsRoles;
 import org.eclipse.tractusx.irs.component.BatchOrderCreated;
 import org.eclipse.tractusx.irs.component.BatchOrderResponse;
 import org.eclipse.tractusx.irs.component.BatchResponse;
@@ -113,7 +114,7 @@ public class BatchController {
     })
     @PostMapping("/orders")
     @ResponseStatus(HttpStatus.CREATED)
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('view_irs')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBatchOrder request) {
         final UUID batchOrderId = creationBatchService.create(request);
         return BatchOrderCreated.builder().id(batchOrderId).build();
@@ -157,7 +158,7 @@ public BatchOrderCreated registerBatchOrder(final @Valid @RequestBody RegisterBa
                                          }),
     })
     @GetMapping("/orders/{orderId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('view_irs')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderResponse getBatchOrder(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -203,7 +204,7 @@ public BatchOrderResponse getBatchOrder(
                                          }),
     })
     @GetMapping("/orders/{orderId}/batches/{batchId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('view_irs')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchResponse getBatch(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,
@@ -252,7 +253,7 @@ public BatchResponse getBatch(
                                          }),
     })
     @PutMapping("/orders/{orderId}")
-    @PreAuthorize("@authorizationService.verifyBpn() && hasAuthority('view_irs')")
+    @PreAuthorize("@authorizationService.verifyBpn() && hasAnyAuthority('" + IrsRoles.ADMIN_IRS + "', '" + IrsRoles.VIEW_IRS + "')")
     public BatchOrderResponse cancelBatchOrder(
             @Parameter(description = "Id of the order.", schema = @Schema(implementation = UUID.class), name = "orderId",
                        example = "6c311d29-5753-46d4-b32c-19b918ea93b0") @Size(min = IrsAppConstants.JOB_ID_SIZE,