ci: local deployment squashed

backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java

@@ -229,7 +229,8 @@ private void setupSupplierRole() {
     private Partner createAndGetCustomerPartner() {
         Partner customerPartnerEntity = new Partner(
                 "Scenario Customer",
-                "http://sokrates-controlplane:8084/api/v1/ids",
+                //"http://sokrates-controlplane:8084/api/v1/ids",
+                "http://customer-control-plane:8184/api/v1/ids",
                 "BPNL4444444444XX",
                 "BPNS4444444444XX"
         );
@@ -248,7 +249,8 @@ private Partner createAndGetCustomerPartner() {
     private Partner createAndGetSupplierPartner() {
         Partner supplierPartnerEntity = new Partner(
                 "Scenario Supplier",
-                "http://plato-controlplane:8084/api/v1/ids",
+                //"http://plato-controlplane:8084/api/v1/ids",
+                "http://supplier-control-plane:9184/api/v1/ids",
                 "BPNL1234567890ZZ",
                 "BPNS1234567890ZZ"
         );
@@ -315,7 +317,8 @@ private void createRequest() throws JsonProcessingException {
         messageHeader.setRespondAssetId("product-stock-response-api");
         messageHeader.setContractAgreementId("some cid");
         messageHeader.setSender("BPNL1234567890ZZ");
-        messageHeader.setSenderEdc("http://plato-controlplane:8084/api/v1/ids");
+        //messageHeader.setSenderEdc("http://plato-controlplane:8084/api/v1/ids");
+        messageHeader.setSenderEdc("http://supplier-control-plane:9184/api/v1/ids");
         messageHeader.setReceiver("BPNL4444444444XX");
         messageHeader.setUseCase(DT_UseCaseEnum.PURIS);
         messageHeader.setCreationDate(new Date());

backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/service/EdcAdapterService.java

@@ -65,6 +65,12 @@ public class EdcAdapterService {
     @Value("${edc.controlplane.data.port}")
     private Integer dataPort;
 
+    /**
+     * Path to data management api
+     */
+    @Value("${edc.controlplane.data.path}")
+    private String dataPath;
+
     @Value("${edc.backend.url}")
     private String backendUrl;
 
@@ -113,13 +119,13 @@ public boolean publishOrderAtEDC(String orderId) throws IOException {
             var policyBody = edcRequestBodyBuilder.buildPolicyRequestBody(orderId);
             var contractBody = edcRequestBodyBuilder.buildContractRequestBody(orderId);
 
-            var response = sendEdcRequest(assetBody, "/data/assets");
+            var response = sendEdcRequest(assetBody, "/assets");
             var success = response.isSuccessful();
             response.body().close();
-            response = sendEdcRequest(policyBody, "/data/policydefinitions");
+            response = sendEdcRequest(policyBody, "/policydefinitions");
             success &= response.isSuccessful();
             response.body().close();
-            response = sendEdcRequest(contractBody, "/data/contractdefinitions");
+            response = sendEdcRequest(contractBody, "/contractdefinitions");
             success &= response.isSuccessful();
             response.body().close();
             return success;
@@ -146,15 +152,15 @@ public boolean publishAssetAtEDC(CreateAssetDto createAssetDto) throws IOExcepti
         JsonNode contractBody = edcRequestBodyBuilder.buildContractRequestBody(assetId);
         log.info(String.format("Contract Body: \n%s", contractBody.toPrettyString()));
         log.info(String.format("Asset Body: \n%s", assetBody.toPrettyString()));
-        var response = sendEdcRequest(assetBody, "/data/assets");
+        var response = sendEdcRequest(assetBody, "/assets");
         success &= response.isSuccessful();
         log.info(String.format("Creation of asset was successfull: %b", success));
         response.body().close();
-        response = sendEdcRequest(policyBody, "/data/policydefinitions");
+        response = sendEdcRequest(policyBody, "/policydefinitions");
         log.info(String.format("Creation of policy was successfull: %b", response.isSuccessful()));
         success &= response.isSuccessful();
         response.body().close();
-        response = sendEdcRequest(contractBody, "/data/contractdefinitions");
+        response = sendEdcRequest(contractBody, "/contractdefinitions");
         success &= response.isSuccessful();
         log.info(String.format("Created Contract Definition (%b) for Asset %s", response.isSuccessful(),
                 objectMapper.writeValueAsString(createAssetDto)));
@@ -188,6 +194,8 @@ public String getCatalog(String idsUrl, Optional<Map<String, String>> filterProp
         urlBuilder.scheme("http")
                 .host(edcHost)
                 .port(dataPort)
+            .addPathSegment("api")
+                .addPathSegment("v1")
                 .addPathSegment("data")
                 .addPathSegment("catalog")
                 .addEncodedQueryParameter("providerUrl", idsUrl + "/data");
@@ -268,7 +276,7 @@ public String startNegotiation(String connectorAddress,
         var negotiationRequestBody =
                 edcRequestBodyBuilder.buildNegotiationRequestBody(connectorAddress,
                         contractDefinitionId, assetId);
-        var response = sendEdcRequest(negotiationRequestBody, "/data/contractnegotiations");
+        var response = sendEdcRequest(negotiationRequestBody, "/contractnegotiations");
         String stringData = response.body().string();
         response.body().close();
         return stringData;
@@ -283,7 +291,7 @@ public String startNegotiation(String connectorAddress,
      * @throws IOException
      */
     public String getNegotiationState(String negotiationId) throws IOException {
-        var response = sendEdcRequest("/data/contractnegotiations/" + negotiationId);
+        var response = sendEdcRequest("/contractnegotiations/" + negotiationId);
         String stringData = response.body().string();
         response.body().close();
         return stringData;
@@ -305,7 +313,7 @@ public String startTransfer(String transferId,
                                 String orderId) throws IOException {
         var transferNode = edcRequestBodyBuilder.buildTransferRequestBody(transferId, connectorAddress, contractId, orderId);
         log.debug("TransferRequestBody:\n" + transferNode.toPrettyString());
-        var response = sendEdcRequest(transferNode, "/data/transferprocess");
+        var response = sendEdcRequest(transferNode, "/transferprocess");
         String stringData = response.body().string();
         response.body().close();
         return stringData;
@@ -320,7 +328,7 @@ public String startTransfer(String transferId,
      * @throws IOException
      */
     public String getTransferState(String transferId) throws IOException {
-        var response = sendEdcRequest("/data/transferprocess/" + transferId);
+        var response = sendEdcRequest("/transferprocess/" + transferId);
         String stringData = response.body().string();
         response.body().close();
         return stringData;
@@ -402,9 +410,9 @@ public Response sendEdcRequest(JsonNode requestBody, String urlSuffix) throws IO
                 .header("X-Api-Key", edcApiKey)
                 .header("Content-Type", "application/json")
                 .post(RequestBody.create(MediaType.parse("application/json"), requestBody.toString()))
-                .url("http://" + edcHost + ":" + dataPort + urlSuffix)
+                .url("http://" + edcHost + ":" + dataPort + dataPath + urlSuffix)
                 .build();
-
+        log.debug(String.format("Request send to url: %s", request.urlString()));
         log.debug(String.format("Request body of EDC Request: %s", requestBody));
         return CLIENT.newCall(request).execute();
     }
@@ -422,7 +430,7 @@ public Response sendEdcRequest(String urlSuffix) throws IOException {
         Request request = new Request.Builder()
                 .header("X-Api-Key", edcApiKey)
                 .header("Content-Type", "application/json")
-                .url("http://" + edcHost + ":" + dataPort + urlSuffix)
+                .url("http://" + edcHost + ":" + dataPort + dataPath + urlSuffix)
                 .build();
         log.debug(String.format("Send Request to url: %s", request.urlString()));
 
@@ -442,6 +450,7 @@ public Response sendEdcRequest(String urlSuffix) throws IOException {
      * @return the response from your dataplane
      */
     public Response sendDataPullRequest(String url, String authKey, String authCode, String requestBodyString){
+        log.debug(String.format("Sending proxy call to endpoint '%s' with auth key '%s' and auth code '%s' with request body '%s'", url, authKey, authCode, requestBodyString));
         try {
             RequestBody requestBody = RequestBody.create(MediaType.parse("application/json"), requestBodyString);
             Request request = new Request.Builder()

backend/src/main/resources/application-customer.properties

@@ -16,6 +16,7 @@ spring.jpa.hibernate.ddl-auto=create
 server.servlet.context-path=${API_ROOTDIR:/catena}
 # EDC Config
 edc.controlplane.host=${EDC_CONTROLPLANE_HOST:192.168.49.2}
+edc.controlplane.data.path=/api/v1/data
 edc.controlplane.data.port=${EDC_CONTROLPLANE_DATA_PORT:31944}
 edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password}
 

backend/src/main/resources/application-supplier.properties

@@ -17,6 +17,7 @@ server.servlet.context-path=${API_ROOTDIR:/catena}
 # EDC Config
 edc.controlplane.host=${EDC_CONTROLPLANE_HOST:192.168.49.2}
 edc.controlplane.data.port=${EDC_CONTROLPLANE_DATA_PORT:32272}
+edc.controlplane.data.path=/api/v1/data
 edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password}
 
 edc.applydataplaneworkaround=true

backend/src/main/resources/application.properties

@@ -19,6 +19,7 @@ server.servlet.context-path=${API_ROOTDIR:/catena}
 # EDC Config
 edc.controlplane.host=${EDC_CONTROLPLANE_HOST:172.17.0.2}
 edc.controlplane.data.port=${EDC_CONTROLPLANE_DATA_PORT:31960}
+edc.controlplane.data.path=/api/v1/data
 edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password}
 edc.backend.url=${EDC_BACKEND_URL:http://172.17.0.2:31048}
 minikube.ip=${MINIKUBE_IP:host.minikube.internal}

local/.env

@@ -0,0 +1,4 @@
+VAULT_DEV_ROOT_TOKEN_ID=
+EDC_API_PW=
+PG_USER=
+PG_PW=

local/.gitignore

@@ -0,0 +1,4 @@
+*.key
+*.cert
+*.keys
+local/.env

local/INSTALL.md

@@ -0,0 +1,53 @@
+# Initial Setup
+1. generate keys
+```shell
+cd local
+sh generate-keys.sh
+>> outputs transportCertsSha256
+```
+2. update daps/config/clients.yaml with the respective transportCertsSha256
+3. define remaining secrets in .env
+- set root token for vault instance VAULT_DEV_ROOT_TOKEN_ID (e.g. "4Ko6r3UcHM4dXnOGmPKTHds3")
+- set password for edc control plane EDC_API_PW (e.g. "password")
+- set user PG_USER and password PG_PW for postgres (e.g. "edc-pg-user" and "edc-pg-passw0rd")
+- set vault secrets dir as mapped via volume (e.g. "/vault/secrets"/)
+
+# Start
+```shell
+cd local
+docker-compose up
+
+# or use
+sh restart.sh
+```
+
+## Notes on debugging
+
+### DAPS
+The omejdn-daps does not provide any further logging configuration.
+It may make sense to log the whole tokens or responses to decode the JWT or similar.
+
+Requires ruby, which can be installed on Ubuntu as follows:
+```shell
+sudo apt-get install ruby
+```
+
+Then download the respective [omejdn release](https://github.com/Fraunhofer-AISEC/omejdn-server/releases/tag/v1.7.1) and unzip it.
+In the omejdn-server/omejdn.rb
+- search for token POST endpoint ("endpoint '/token', ['POST'],")
+- go to end of endpoint definition (most left-hand end)
+- add your echo / log upfront the status codes return (e.g. "puts.response.compact.to_json")
+- build the omejdn server
+```shell
+docker build -t omejdn-server:local
+```
+
+Finally update the ./daps/docker-compose.yaml to use this image instead.
+
+### Vault & Certs
+When having problems with the certs or the vault, one need to delete the vault container.
+Following script helps faster restarting
+```shell
+cd local
+sh restart.sh
+```

local/daps/config/clients.yml

@@ -0,0 +1,41 @@
+---
+# Customer
+- client_id: customer
+  name: customer
+  import_certfile: keys/clients/customer.cert
+  token_endpoint_auth_method: private_key_jwt
+  grant_types: client_credentials
+  scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
+  attributes:
+  - key: idsc
+    value: IDS_CONNECTOR_ATTRIBUTES_ALL
+  - key: securityProfile
+    value: idsc:BASE_SECURITY_PROFILE
+  - key: referringConnector
+    value: http://customer-control-plane/
+  - key: "@type"
+    value: ids:datPayload
+  - key: "@context"
+    value: https://w3id.org/idsa/contexts/context.jsonld
+  - key: transportCertsSha256
+    value: ea3593699acad45973321dbe0011122fa965062ce68c0edcd7a8198d493be91d
+# Supplier
+- client_id: supplier
+  name: supplier
+  import_certfile: keys/clients/supplier.cert
+  token_endpoint_auth_method: private_key_jwt
+  grant_types: client_credentials
+  scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
+  attributes:
+  - key: idsc
+    value: IDS_CONNECTOR_ATTRIBUTES_ALL
+  - key: securityProfile
+    value: idsc:BASE_SECURITY_PROFILE
+  - key: referringConnector
+    value: http://supplier-control-plane/ #TODO
+  - key: "@type"
+    value: ids:datPayload
+  - key: "@context"
+    value: https://w3id.org/idsa/contexts/context.jsonld
+  - key: transportCertsSha256
+    value: 89ab21422a70a198bd891d03e165297ce930a766b0c7eee0e24adb5e9bc92115

local/daps/config/omejdn.yml

@@ -0,0 +1,19 @@
+---
+host: http://ids-daps:4567/
+path_prefix: ''
+bind_to: 0.0.0.0
+allow_origin: "*"
+issuer: http://ids-daps:4567/
+openid: false
+accept_audience: idsc:IDS_CONNECTORS_ALL
+default_audience:
+- idsc:IDS_CONNECTORS_ALL
+app_env: debug
+environment: development
+access_token:
+  expiration: 3600
+  algorithm: RS256
+id_token:
+  expiration: 3600
+  algorithm: RS256
+front_url: http://ids-daps:4567/

local/daps/config/plugins.yml

@@ -0,0 +1,9 @@
+---
+plugins:
+  admin_api:
+  user_selfservice:
+    allow_deletion: false
+    allow_password_change: true
+    editable_attributes: []
+  token_user_attributes:
+    skip_id_token: true

local/daps/config/scope_description.yml

@@ -0,0 +1,9 @@
+---
+omejdn:read: Read access to the Omejdn server API
+omejdn:write: Write access to the Omejdn server API
+omejdn:admin: Access to the Omejdn server admin API
+profile: 'Standard profile claims (e.g.: Name, picture, website, gender, birthdate,
+  location)'
+email: Email-Address
+address: Address
+phone: Phone-number

local/daps/config/scope_mapping.yml

@@ -0,0 +1,4 @@
+---
+idsc:IDS_CONNECTOR_ATTRIBUTES_ALL:
+- securityProfile
+- referringConnector

local/daps/config/webfinger.yml

@@ -0,0 +1 @@
+--- {}

local/daps/docker-compose.yaml

@@ -0,0 +1,39 @@
+#
+# Copyright (c) 2023 Volkswagen AG
+# Copyright (c) 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST)
+# Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+version: '1'
+services:
+    omejdn-daps:
+        image: ghcr.io/fraunhofer-aisec/omejdn-server:1.7.1
+        container_name: omejdn-daps
+        ports:
+            - 4567:4567
+#        networks:
+#            - ids-network
+        environment:
+            OMEJDN_JWT_AUD_OVERRIDE: idsc:IDS_CONNECTORS_ALL
+            OMEJDN_PLUGINS: config/plugins.yml
+        volumes:
+            - ./config:/opt/config
+            - ./keys:/opt/keys/omejdn
+
+#networks:
+#    ids-network:
+#        driver: bridge