Merge pull request eclipse-tractusx#573 from catenax-ng/feature/TRI-1…

…594-improve-default-policy-creation

Feature/tri 1594 improve default policy creation

CHANGELOG.md

@@ -5,6 +5,31 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Fixed default policy creation.
+
+### Changed
+- Changed configuration for default policies from:
+  ```
+  irs-edc-client:
+    catalog:
+      policies:
+        allowedNames: A, B
+        acceptedLeftOperands: X
+        acceptedRightOperands: Y
+  ```
+  to:
+  ```
+  irs-edc-client:
+    catalog:
+      acceptedPolicies:
+      - leftOperand: "X"
+        operator: "eq"
+        rightOperand: "A"
+      - leftOperand: "B"
+        operator: "eq"
+        rightOperand: Y"
+  ```
 
 ## [3.5.2] - 2023-10-06
 ### Changed
@@ -359,7 +384,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - **Select Aspects you need**  You are able to select the needed aspects for which you want to collect the correct endpoint information.
 
 [Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.2...HEAD
-[3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2
+[3.5.2]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.1...3.5.2
 [3.5.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.0...3.5.1
 [3.5.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.1...3.5.0
 [3.4.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.4.0...3.4.1

charts/irs-helm/CHANGELOG.md

@@ -5,7 +5,28 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-
+### Changed
+- Changed configuration for default policies from:
+  ```
+  edc:
+    catalog:
+      policies:
+        allowedNames: A, B
+        acceptedLeftOperands: X
+        acceptedRightOperands: Y
+  ```
+  to:
+  ```
+  edc:
+    catalog:
+      acceptedPolicies:
+      - leftOperand: "X"
+        operator: "eq"
+        rightOperand: "A"
+      - leftOperand: "B"
+        operator: "eq"
+        rightOperand: Y"
+  ```
 ## [6.7.3] - 2023-10-06
 ### Changed
 - Update IRS version to 3.5.2

charts/irs-helm/templates/configmap-spring-app-config.yaml

@@ -108,15 +108,12 @@ data:
         urn-prefix: {{ tpl (.Values.edc.submodel.urnprefix | default "/urn") . | quote }}
 
       catalog:
-        policies:
-          acceptedRightOperands: {{ .Values.edc.catalog.policies.acceptedRightOperands | default "" | quote }}
-          acceptedLeftOperands: {{ .Values.edc.catalog.policies.acceptedLeftOperands | default "" | quote }}
-
-    edc:
-      catalog:
-        policies:
-          allowedNames: {{ .Values.edc.catalog.policies.allowedNames | default "" | quote }}
-
+        acceptedPolicies:
+          {{- range .Values.edc.catalog.acceptedPolicies}}
+          - leftOperand: {{ .leftOperand | quote }}
+            operator: {{ .operator | quote }}
+            rightOperand: {{ .rightOperand | quote }}
+          {{- end }}
     ess:
       localBpn: {{ tpl (.Values.bpn | default "") . | quote }}
       localEdcEndpoint: {{ tpl (.Values.edc.provider.host | default "") . | quote }}

charts/irs-helm/values.yaml

@@ -178,12 +178,24 @@ edc:
       ttl: PT10M  # Requests to dataplane will time out after this duration (see https://en.wikipedia.org/wiki/ISO_8601#Durations)
     urnprefix: /urn
   catalog:
-    policies:
-      # IRS will only negotiate contracts for offers with a policy as defined in the allowedNames list.
-      # If a requested asset does not provide one of these policies, a tombstone will be created and this node will not be processed.
-      allowedNames: ID 3.0 Trace, ID 3.1 Trace, R2_Traceability, FrameworkAgreement.traceability, Membership  # List of comma separated names of the policies to accept.
-      acceptedRightOperands: active  # List of comma separated names of the rightOperands to accept.
-      acceptedLeftOperands: PURPOSE  # List of comma separated names of the leftOperands to accept.
+    # IRS will only negotiate contracts for offers with a policy as defined in the allowedNames list.
+    # If a requested asset does not provide one of these policies, a tombstone will be created and this node will not be processed.
+    acceptedPolicies:
+      - leftOperand: "PURPOSE"
+        operator: "eq"
+        rightOperand: "ID 3.0 Trace"
+      - leftOperand: "PURPOSE"
+        operator: "eq"
+        rightOperand: "ID 3.1 Trace"
+      - leftOperand: "PURPOSE"
+        operator: "eq"
+        rightOperand: R2_Traceability
+      - leftOperand: "FrameworkAgreement.traceability"
+        operator: "eq"
+        rightOperand: "active"
+      - leftOperand: "Membership"
+        operator: "eq"
+        rightOperand: "active"
 
 discovery:
   oAuthClientId: portal  # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client

irs-api/src/main/resources/application.yml

@@ -151,16 +151,24 @@ irs-edc-client:
       connect: PT90S # HTTP connect timeout for the submodel client
 
   catalog:
-    policies:
-      acceptedRightOperands: active # List of comma separated names of the rightOperands to accept.
-      acceptedLeftOperands: PURPOSE # List of comma separated names of the leftOperands to accept.
-
-edc:
-  catalog:
-    policies:
-      # IRS will only negotiate contracts for offers with a policy as defined in the allowedNames list.
-      # If a requested asset does not provide one of these policies, a tombstone will be created and this node will not be processed.
-      allowedNames: ID 3.0 Trace, ID 3.1 Trace, R2_Traceability, FrameworkAgreement.traceability # List of comma separated names of the policies to accept.
+    # IRS will only negotiate contracts for offers with a policy as defined in the acceptedPolicies list.
+    # If a requested asset does not provide one of these policies, a tombstone will be created and this node will not be processed.
+    acceptedPolicies:
+      - leftOperand: "PURPOSE"
+        operator: "eq"
+        rightOperand: "ID 3.0 Trace"
+      - leftOperand: "PURPOSE"
+        operator: "eq"
+        rightOperand: "ID 3.1 Trace"
+      - leftOperand: "PURPOSE"
+        operator: "eq"
+        rightOperand: R2_Traceability
+      - leftOperand: "FrameworkAgreement.traceability"
+        operator: "eq"
+        rightOperand: "active"
+      - leftOperand: "Membership"
+        operator: "eq"
+        rightOperand: "active"
 
 digitalTwinRegistry:
   type: ${DIGITALTWINREGISTRY_TYPE:decentral} # The type of DTR. This can be either "central" or "decentral". If "decentral", descriptorEndpoint, shellLookupEndpoint and oAuthClientId is not required.

irs-edc-client/src/test/java/org/eclipse/tractusx/irs/edc/client/policy/PolicyCheckerServiceTest.java

@@ -27,6 +27,7 @@
 import static org.eclipse.tractusx.irs.edc.client.testutil.TestMother.createAndConstraintPolicy;
 import static org.eclipse.tractusx.irs.edc.client.testutil.TestMother.createAtomicConstraint;
 import static org.eclipse.tractusx.irs.edc.client.testutil.TestMother.createAtomicConstraintPolicy;
+import static org.eclipse.tractusx.irs.edc.client.testutil.TestMother.createOrConstraintPolicy;
 import static org.eclipse.tractusx.irs.edc.client.testutil.TestMother.createXOneConstraintPolicy;
 import static org.mockito.Mockito.when;
 
@@ -135,6 +136,82 @@ void shouldRejectAndConstraintsWhenOnlyOneMatch() {
         assertThat(result).isFalse();
     }
 
+    @Test
+    void shouldAcceptAndConstraintsWhenAcceptedPolicyContainsMoreConstraintsSuperSetOfProvidedPolicy() {
+        // given
+        final Constraint constraint1 = new Constraint(TestConstants.FRAMEWORK_AGREEMENT_TRACEABILITY, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final Constraint constraint2 = new Constraint(TestConstants.MEMBERSHIP, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final Constraint constraint3 = new Constraint(TestConstants.FRAMEWORK_AGREEMENT_DISMANTLER, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final var policyList = List.of(
+                new AcceptedPolicy(policy("and-policy", List.of(constraint1, constraint2, constraint3), List.of()),
+                        OffsetDateTime.now().plusYears(1)));
+
+        when(policyStore.getAcceptedPolicies()).thenReturn(policyList);
+        Policy policy = createAndConstraintPolicy(
+                List.of(createAtomicConstraint(TestConstants.FRAMEWORK_AGREEMENT_TRACEABILITY,
+                                TestConstants.STATUS_ACTIVE),
+                        createAtomicConstraint(TestConstants.MEMBERSHIP, TestConstants.STATUS_ACTIVE)));
+        // when
+        boolean result = policyCheckerService.isValid(policy);
+
+        // then
+        assertThat(result).isTrue();
+    }
+
+    @Test
+    void shouldAcceptOrConstraintsWhenAcceptedPolicyContainsMoreConstraintsSuperSetOfProvidedPolicy() {
+        // given
+        final Constraint constraint1 = new Constraint(TestConstants.FRAMEWORK_AGREEMENT_TRACEABILITY, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final Constraint constraint2 = new Constraint(TestConstants.MEMBERSHIP, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final Constraint constraint3 = new Constraint(TestConstants.FRAMEWORK_AGREEMENT_DISMANTLER, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final var policyList = List.of(
+                new AcceptedPolicy(policy("and-policy", List.of(), List.of(constraint1, constraint2, constraint3)),
+                        OffsetDateTime.now().plusYears(1)));
+
+        when(policyStore.getAcceptedPolicies()).thenReturn(policyList);
+        Policy policy = createOrConstraintPolicy(
+                List.of(createAtomicConstraint(TestConstants.FRAMEWORK_AGREEMENT_TRACEABILITY,
+                                TestConstants.STATUS_ACTIVE),
+                        createAtomicConstraint(TestConstants.MEMBERSHIP, TestConstants.STATUS_ACTIVE)));
+        // when
+        boolean result = policyCheckerService.isValid(policy);
+
+        // then
+        assertThat(result).isTrue();
+    }
+
+    @Test
+    void shouldAcceptConstraintsWithDefaultPolicy() {
+        // given
+        final Constraint constraint1 = new Constraint(TestConstants.FRAMEWORK_AGREEMENT_TRACEABILITY, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final Constraint constraint2 = new Constraint(TestConstants.MEMBERSHIP, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+        final Constraint constraint3 = new Constraint(TestConstants.FRAMEWORK_AGREEMENT_DISMANTLER, OperatorType.EQ,
+                List.of(TestConstants.STATUS_ACTIVE));
+
+        final var policyList = List.of(new AcceptedPolicy(
+                policy("default-policy", List.of(constraint1, constraint2, constraint3),
+                        List.of(constraint1, constraint2, constraint3)), OffsetDateTime.now().plusYears(1)));
+        when(policyStore.getAcceptedPolicies()).thenReturn(policyList);
+
+        Policy policy = createOrConstraintPolicy(
+                List.of(createAtomicConstraint(TestConstants.FRAMEWORK_AGREEMENT_TRACEABILITY,
+                                TestConstants.STATUS_ACTIVE),
+                        createAtomicConstraint(TestConstants.MEMBERSHIP, TestConstants.STATUS_ACTIVE)));
+        // when
+        boolean result = policyCheckerService.isValid(policy);
+
+        // then
+        assertThat(result).isTrue();
+    }
+
     @Test
     void shouldRejectOrConstraintsWhenNoneMatch() {
         // given
@@ -191,8 +268,17 @@ void shouldRejectXOneConstraintsWhenMoreThanOneMatch() {
         assertThat(result).isFalse();
     }
 
-    private org.eclipse.tractusx.irs.edc.client.policy.Policy policy(String policyId) {
+    private org.eclipse.tractusx.irs.edc.client.policy.Policy policy(final String policyId) {
         return new org.eclipse.tractusx.irs.edc.client.policy.Policy(policyId, OffsetDateTime.now(),
                 OffsetDateTime.now().plusYears(1), Collections.emptyList());
     }
+
+    private org.eclipse.tractusx.irs.edc.client.policy.Policy policy(final String policyId,
+            final List<Constraint> andConstraint, final List<Constraint> orConstraint) {
+        final List<Constraints> constraints = List.of(new Constraints(andConstraint, orConstraint));
+        final List<Permission> permissions = List.of(new Permission(PolicyType.USE, constraints));
+        return new org.eclipse.tractusx.irs.edc.client.policy.Policy(policyId, OffsetDateTime.now(),
+                OffsetDateTime.now().plusYears(1), permissions);
+    }
+
 }

irs-policy-store/src/main/java/org/eclipse/tractusx/irs/policystore/config/DefaultAcceptedPoliciesConfig.java

@@ -0,0 +1,53 @@
+/********************************************************************************
+ * Copyright (c) 2021,2022,2023
+ *       2022: ZF Friedrichshafen AG
+ *       2022: ISTOS GmbH
+ *       2022,2023: Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+ *       2022,2023: BOSCH AG
+ * Copyright (c) 2021,2022,2023 Contributors to the Eclipse Foundation
+ *
+ * See the NOTICE file(s) distributed with this work for additional
+ * information regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Apache License, Version 2.0 which is available at
+ * https://www.apache.org/licenses/LICENSE-2.0.
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ ********************************************************************************/
+package org.eclipse.tractusx.irs.policystore.config;
+
+import java.util.List;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * Config for accepted EDC policies
+ */
+@Configuration
+@ConfigurationProperties(prefix = "irs-edc-client.catalog")
+@Data
+public class DefaultAcceptedPoliciesConfig {
+    private List<AcceptedPolicy> acceptedPolicies;
+
+    /**
+     * Accepted Policy for
+     */
+    @Data
+    @AllArgsConstructor
+    public static class AcceptedPolicy {
+        private String leftOperand;
+        private String operator;
+        private String rightOperand;
+    }
+
+}