diff --git a/README.md b/README.md index 54263fea..078b00a0 100644 --- a/README.md +++ b/README.md @@ -735,18 +735,7 @@ DataProcessor VC. > Hint: all credentials, where the `credentialSubject` has the same shape/schema can be evaluated by the same function! -### 8.5 Scope-to-criterion transformer - -When IdentityHub receives a Presentation query, that carries an access token, it must be able to convert a scope string -into a filter expression, for example `org.eclipse.edc.vc.type:DataProcessorCredential:read` is converted into -`verifiableCredential.credential.type = DataProcessorCredential`. This filter expression is then used by IdentityHub to -query for `DataProcessorCredentials` in the database. - -This is implemented in the -[MvdScopeTransformer.java](launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java) -class. - -### 8.6 Super-user seeding +### 8.5 Super-user seeding IdentityHub's [Identity API](https://github.com/eclipse-edc/IdentityHub/blob/main/docs/developer/architecture/identityhub-apis.md#identity-api) @@ -860,4 +849,14 @@ into the stores by an extension called `IdentityHubExtension.java` and are **dif Kubernetes deployments. The [JwtSigner.java](launchers/identity-hub/src/test/java/org/eclipse/edc/demo/dcp/JwtSigner.java) test class can be -used to re-generate and sign all credentials. \ No newline at end of file +used to re-generate and sign all credentials. + +### 10.4 Default scope-to-criterion transformer + +When IdentityHub receives a Presentation query, that carries an access token, it must be able to convert a scope string +into a filter expression, for example `org.eclipse.edc.vc.type:DataProcessorCredential:read` is converted into +`verifiableCredential.credential.type = DataProcessorCredential`. This filter expression is then used by IdentityHub to +query for `DataProcessorCredentials` in the database. + +The MVD uses the default `EdcScopeToCriterionTransformer` to achieve this. It is recommended to implement a custom +`ScopeToCriterionTransformer` for an actual production scenario. \ No newline at end of file diff --git a/deployment/assets/env/consumer_identityhub.env b/deployment/assets/env/consumer_identityhub.env index 72d66bc9..e4b621af 100644 --- a/deployment/assets/env/consumer_identityhub.env +++ b/deployment/assets/env/consumer_identityhub.env @@ -6,6 +6,12 @@ WEB_HTTP_IDENTITY_PORT=7082 WEB_HTTP_IDENTITY_PATH="/api/identity" WEB_HTTP_DID_PORT=7083 WEB_HTTP_DID_PATH="/" +WEB_HTTP_ACCOUNTS_PORT=7084 +WEB_HTTP_ACCOUNTS_PATH="/api/accounts" +WEB_HTTP_VERSION_PORT=7085 +WEB_HTTP_VERSION_PATH="/api/version" +WEB_HTTP_STS_PORT=7086 +WEB_HTTP_STS_PATH="/api/sts" EDC_IAM_DID_WEB_USE_HTTPS="false" EDC_IAM_STS_PRIVATEKEY_ALIAS="key-1" EDC_IAM_STS_PUBLICKEY_ID="did:web:localhost%3A7083#key-1" @@ -13,3 +19,4 @@ EDC_IH_IAM_PUBLICKEY_PATH="./deployment/assets/consumer_public.pem" EDC_IH_IAM_ID="did:web:localhost%3A7083" EDC_IH_API_SUPERUSER_KEY="c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo=" EDC_MVD_CREDENTIALS_PATH="deployment/assets/credentials/local/consumer/" +EDC_API_ACCOUNTS_KEY="password" \ No newline at end of file diff --git a/deployment/assets/env/provider_identityhub.env b/deployment/assets/env/provider_identityhub.env index e624adab..ce8da265 100644 --- a/deployment/assets/env/provider_identityhub.env +++ b/deployment/assets/env/provider_identityhub.env @@ -6,6 +6,12 @@ WEB_HTTP_IDENTITY_PORT=7092 WEB_HTTP_IDENTITY_PATH="/api/identity" WEB_HTTP_DID_PORT=7093 WEB_HTTP_DID_PATH="/" +WEB_HTTP_ACCOUNTS_PORT=7094 +WEB_HTTP_ACCOUNTS_PATH="/api/accounts" +WEB_HTTP_VERSION_PORT=7095 +WEB_HTTP_VERSION_PATH="/api/version" +WEB_HTTP_STS_PORT=7096 +WEB_HTTP_STS_PATH="/api/sts" EDC_IAM_DID_WEB_USE_HTTPS="false" EDC_IAM_STS_PRIVATEKEY_ALIAS="key-1" EDC_IAM_STS_PUBLICKEY_ID="did:web:localhost%3A7093#key-1" @@ -13,3 +19,4 @@ EDC_IH_IAM_PUBLICKEY_PATH="./deployment/assets/provider_public.pem" EDC_IH_IAM_ID="did:web:localhost%3A7093" EDC_IH_API_SUPERUSER_KEY="c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo=" EDC_MVD_CREDENTIALS_PATH="deployment/assets/credentials/local/provider/" +EDC_API_ACCOUNTS_KEY="password" \ No newline at end of file diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 9e1b5fed..2b8cccde 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -2,21 +2,13 @@ format.version = "1.1" [versions] -assertj = "3.24.2" awaitility = "4.2.2" -edc = "0.10.0-SNAPSHOT" -failsafe = "3.3.2" -jackson = "2.18.0" +edc = "0.11.0-SNAPSHOT" +jackson = "2.18.1" jakarta-json = "2.1.3" -jupiter = "5.10.1" -mockserver = "5.15.0" -nimbus = "9.41.2" parsson = "1.1.6" postgres = "42.7.3" restAssured = "5.5.0" -swagger = "2.2.18" -rsApi = "3.1.0" -testcontainers = "1.19.1" [libraries] # upstream EDC dependencies @@ -25,7 +17,6 @@ edc-junit = { module = "org.eclipse.edc:junit", version.ref = "edc" } edc-did-core = { module = "org.eclipse.edc:identity-did-core", version.ref = "edc" } edc-did-web = { module = "org.eclipse.edc:identity-did-web", version.ref = "edc" } edc-core-connector = { module = "org.eclipse.edc:connector-core", version.ref = "edc" } -edc-core-crypto = { module = "org.eclipse.edc:crypto-core", version.ref = "edc" } edc-core-token = { module = "org.eclipse.edc:token-core", version.ref = "edc" } edc-core-edrstore = { module = "org.eclipse.edc:edr-store-core", version.ref = "edc" } edc-ext-http = { module = "org.eclipse.edc:http", version.ref = "edc" } @@ -35,35 +26,17 @@ edc-dcp = { module = "org.eclipse.edc:identity-trust-service", version.ref = "ed edc-controlplane-core = { module = "org.eclipse.edc:control-plane-core", version.ref = "edc" } edc-controlplane-transform = { module = "org.eclipse.edc:control-plane-transform", version.ref = "edc" } edc-controlplane-services = { module = "org.eclipse.edc:control-plane-aggregate-services", version.ref = "edc" } -edc-config-filesystem = { module = "org.eclipse.edc:configuration-filesystem", version.ref = "edc" } -edc-auth-tokenbased = { module = "org.eclipse.edc:auth-tokenbased", version.ref = "edc" } -edc-auth-configuration = { module = "org.eclipse.edc:auth-configuration", version.ref = "edc" } edc-api-management-config = { module = "org.eclipse.edc:management-api-configuration", version.ref = "edc" } edc-api-version = { module = "org.eclipse.edc:version-api", version.ref = "edc" } edc-api-management = { module = "org.eclipse.edc:management-api", version.ref = "edc" } -edc-api-management-asset = { module = "org.eclipse.edc:asset-api", version.ref = "edc" } -edc-api-management-edr = { module = "org.eclipse.edc:edr-cache-api", version.ref = "edc" } -edc-api-management-policy = { module = "org.eclipse.edc:policy-definition-api", version.ref = "edc" } -edc-api-management-contractdef = { module = "org.eclipse.edc:contract-definition-api", version.ref = "edc" } -edc-api-management-dataplaneselector = { module = "org.eclipse.edc:data-plane-selector-api", version.ref = "edc" } edc-api-observability = { module = "org.eclipse.edc:api-observability", version.ref = "edc" } -edc-api-control-configuration = { module = "org.eclipse.edc:control-api-configuration", version.ref = "edc" } edc-dsp = { module = "org.eclipse.edc:dsp", version.ref = "edc" } -edc-edr-storereceiver = { module = "org.eclipse.edc:edr-store-receiver", version.ref = "edc" } -edc-controlplane-callback-dispatcher-event = { module = "org.eclipse.edc:callback-event-dispatcher", version.ref = "edc" } -edc-controlplane-callback-dispatcher-http = { module = "org.eclipse.edc:callback-http-dispatcher", version.ref = "edc" } edc-dcp-core = { module = "org.eclipse.edc:identity-trust-core", version.ref = "edc" } -edc-identity-trust-transform = { module = "org.eclipse.edc:identity-trust-transform", version.ref = "edc" } -edc-identity-core-did = { module = "org.eclipse.edc:identity-did-core", version.ref = "edc" } -edc-identity-vc-ldp = { module = "org.eclipse.edc:ldp-verifiable-credentials", version.ref = "edc" } -edc-identity-vc-jwt = { module = "org.eclipse.edc:jwt-verifiable-credentials", version.ref = "edc" } edc-vault-hashicorp = { module = "org.eclipse.edc:vault-hashicorp", version.ref = "edc" } -edc-spi-core = { module = "org.eclipse.edc:core-spi", version.ref = "edc" } edc-spi-identity-trust = { module = "org.eclipse.edc:identity-trust-spi", version.ref = "edc" } edc-spi-transform = { module = "org.eclipse.edc:transform-spi", version.ref = "edc" } edc-spi-catalog = { module = "org.eclipse.edc:catalog-spi", version.ref = "edc" } -edc-spi-jwt = { module = "org.eclipse.edc:jwt-spi", version.ref = "edc" } edc-spi-identity-did = { module = "org.eclipse.edc:identity-did-spi", version.ref = "edc" } @@ -74,28 +47,6 @@ edc-lib-crypto = { module = "org.eclipse.edc:crypto-common-lib", version.ref = " edc-lib-keys = { module = "org.eclipse.edc:keys-lib", version.ref = "edc" } edc-lib-jsonld = { module = "org.eclipse.edc:json-ld-lib", version.ref = "edc" } -# EDC dataplane client modules (used in controlplane) -edc-dpf-transfer = { module = "org.eclipse.edc:transfer-data-plane", version.ref = "edc" } -edc-dpf-transfer-signaling = { module = "org.eclipse.edc:transfer-data-plane-signaling", version.ref = "edc" } -edc-dpf-selector-client = { module = "org.eclipse.edc:data-plane-selector-client", version.ref = "edc" } -edc-spi-dataplane-selector = { module = "org.eclipse.edc:data-plane-selector-spi", version.ref = "edc" } -edc-dpf-selector-core = { module = "org.eclipse.edc:data-plane-selector-core", version.ref = "edc" } -edc-dpf-selector-control-api = { module = "org.eclipse.edc:data-plane-selector-control-api", version.ref = "edc" } -edc-dpf-signaling-client = { module = "org.eclipse.edc:data-plane-signaling-client", version.ref = "edc" } - -# EDC dataplane modules -edc-dataplane-core = { module = "org.eclipse.edc:data-plane-core", version.ref = "edc" } -edc-dataplane-api-control-config = { module = "org.eclipse.edc:control-api-configuration", version.ref = "edc" } -edc-dataplane-api-control-client = { module = "org.eclipse.edc:control-plane-api-client", version.ref = "edc" } -edc-dataplane-selfregistration = { module = "org.eclipse.edc:data-plane-self-registration", version.ref = "edc" } -edc-dataplane-http = { module = "org.eclipse.edc:data-plane-http", version.ref = "edc" } -edc-dataplane-http-oauth2 = { module = "org.eclipse.edc:data-plane-http-oauth2", version.ref = "edc" } -edc-dataplane-api-control = { module = "org.eclipse.edc:data-plane-control-api", version.ref = "edc" } -edc-dataplane-api-public = { module = "org.eclipse.edc:data-plane-public-api-v2", version.ref = "edc" } -edc-dataplane-api-signaling = { module = "org.eclipse.edc:data-plane-signaling-api", version.ref = "edc" } -edc-dataplane-iam = { module = "org.eclipse.edc:data-plane-iam", version.ref = "edc" } - - # EDC Postgres modules edc-sql-assetindex = { module = "org.eclipse.edc:asset-index-sql", version.ref = "edc" } edc-sql-edrcache = { module = "org.eclipse.edc:edr-index-sql", version.ref = "edc" } @@ -107,41 +58,18 @@ edc-sql-core = { module = "org.eclipse.edc:sql-core", version.ref = "edc" } edc-sql-lease = { module = "org.eclipse.edc:sql-lease", version.ref = "edc" } edc-sql-pool = { module = "org.eclipse.edc:sql-pool-apache-commons", version.ref = "edc" } edc-sql-transactionlocal = { module = "org.eclipse.edc:transaction-local", version.ref = "edc" } -edc-sql-accesstokendata = { module = "org.eclipse.edc:accesstokendata-store-sql", version.ref = "edc" } -edc-sql-dataplane = { module = "org.eclipse.edc:data-plane-store-sql", version.ref = "edc" } edc-sql-dataplane-instancestore = { module = "org.eclipse.edc:data-plane-instance-store-sql", version.ref = "edc" } edc-sql-jtivdalidation = { module = "org.eclipse.edc:jti-validation-store-sql", version.ref = "edc" } # identity hub SQL implementations -edc-sql-ih-credstore-sql = { module = "org.eclipse.edc:identity-hub-credentials-store-sql", version.ref = "edc" } -edc-sql-ih-didstore-sql = { module = "org.eclipse.edc:identity-hub-did-store-sql", version.ref = "edc" } -edc-sql-ih-keypairstore-sql = { module = "org.eclipse.edc:identity-hub-keypair-store-sql", version.ref = "edc" } -edc-sql-ih-pcstore-sql = { module = "org.eclipse.edc:identity-hub-participantcontext-store-sql", version.ref = "edc" } edc-sql-ih-stsstore-sql = { module = "org.eclipse.edc:sts-client-store-sql", version.ref = "edc" } - -# identityhub dependencies -edc-ih-core = { module = "org.eclipse.edc:identity-hub-core", version.ref = "edc" } -edc-ih-keypairs = { module = "org.eclipse.edc:identity-hub-keypairs", version.ref = "edc" } -edc-ih-did = { module = "org.eclipse.edc:identity-hub-did", version.ref = "edc" } -edc-ih-participants = { module = "org.eclipse.edc:identity-hub-participants", version.ref = "edc" } - # identityhub SPI modules edc-ih-spi-did = { module = "org.eclipse.edc:did-spi", version.ref = "edc" } edc-ih-spi-store = { module = "org.eclipse.edc:identity-hub-store-spi", version.ref = "edc" } -edc-ih-spi-participant = { module = "org.eclipse.edc:participant-context-spi", version.ref = "edc" } # identityhub API modules -edc-ih-api-presentation = { module = "org.eclipse.edc:presentation-api", version.ref = "edc" } -edc-ih-mgmt-config = { module = "org.eclipse.edc:api-configuration", version.ref = "edc" } -edc-ih-mgmt-authentication = { module = "org.eclipse.edc:identityhub-api-authentication", version.ref = "edc" } -edc-ih-mgmt-authorization = { module = "org.eclipse.edc:identityhub-api-authorization", version.ref = "edc" } -edc-ih-mgmt-participantcontext = { module = "org.eclipse.edc:participant-context-api", version.ref = "edc" } -edc-ih-mgmt-verifiablecredential = { module = "org.eclipse.edc:verifiable-credentials-api", version.ref = "edc" } -edc-ih-mgmt-did = { module = "org.eclipse.edc:did-api", version.ref = "edc" } -edc-ih-mgmt-keypairs = { module = "org.eclipse.edc:keypair-api", version.ref = "edc" } -edc-ih-did-localpub = { module = "org.eclipse.edc:local-did-publisher", version.ref = "edc" } edc-ih-lib-credentialquery = { module = "org.eclipse.edc:credential-query-lib", version.ref = "edc" } edc-oauth2-client = { module = "org.eclipse.edc:oauth2-client", version.ref = "edc" } @@ -150,8 +78,6 @@ edc-sts-spi = { module = "org.eclipse.edc:identity-trust-sts-spi", version.ref = edc-sts-core = { module = "org.eclipse.edc:identity-trust-sts-core", version.ref = "edc" } edc-sts = { module = "org.eclipse.edc:identity-trust-sts-embedded", version.ref = "edc" } edc-sts-api = { module = "org.eclipse.edc:identity-trust-sts-api", version.ref = "edc" } -edc-sts-accountprovisioner = { module = "org.eclipse.edc:sts-account-provisioner", version.ref = "edc" } -edc-sts-accountservice-local = { module = "org.eclipse.edc:sts-account-service-local", version.ref = "edc" } edc-sts-accountservice-remote = { module = "org.eclipse.edc:sts-account-service-remote", version.ref = "edc" } edc-sts-remote-client = { module = "org.eclipse.edc:identity-trust-sts-remote-client", version.ref = "edc" } edc-sts-api-accounts = { module = "org.eclipse.edc:identity-trust-sts-accounts-api", version.ref = "edc" } @@ -160,14 +86,8 @@ edc-sts-api-accounts = { module = "org.eclipse.edc:identity-trust-sts-accounts-a edc-fc-spi-crawler = { module = "org.eclipse.edc:crawler-spi", version.ref = "edc" } edc-fc-core = { module = "org.eclipse.edc:federated-catalog-core", version.ref = "edc" } edc-fc-api = { module = "org.eclipse.edc:federated-catalog-api", version.ref = "edc" } -edc-fc-cache-sql = { module = "org.eclipse.edc:federated-catalog-cache-sql", version.ref = "edc" } - -# specific dependencies needed by the catalog server -edc-controlplane-catalog = { module = "org.eclipse.edc:control-plane-catalog", version.ref = "edc" } -edc-controlplane-contract = { module = "org.eclipse.edc:control-plane-contract", version.ref = "edc" } # Third party libs -nimbus-jwt = { module = "com.nimbusds:nimbus-jose-jwt", version.ref = "nimbus" } postgres = { module = "org.postgresql:postgresql", version.ref = "postgres" } awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility" } restAssured = { module = "io.rest-assured:rest-assured", version.ref = "restAssured" } @@ -175,36 +95,25 @@ jakarta-json-api = { module = "jakarta.json:jakarta.json-api", version.ref = "ja jackson-datatype-jakarta-jsonp = { module = "com.fasterxml.jackson.datatype:jackson-datatype-jakarta-jsonp", version.ref = "jackson" } parsson = { module = "org.eclipse.parsson:parsson", version.ref = "parsson" } -[bundles] -dpf = ["edc-dpf-selector-core", "edc-spi-dataplane-selector", "edc-dpf-selector-control-api", "edc-dpf-signaling-client", "edc-dpf-transfer-signaling"] +# BOM modules +edc-bom-controlplane = { module = "org.eclipse.edc:controlplane-dcp-bom", version.ref = "edc" } +edc-bom-dataplane = { module = "org.eclipse.edc:dataplane-base-bom", version.ref = "edc" } +edc-bom-controlplane-sql = { module = "org.eclipse.edc:controlplane-feature-sql-bom", version.ref = "edc" } +edc-bom-dataplane-sql = { module = "org.eclipse.edc:dataplane-feature-sql-bom", version.ref = "edc" } +edc-bom-identithub = { module = "org.eclipse.edc:identityhub-bom", version.ref = "edc" } +edc-bom-identithub-sts = { module = "org.eclipse.edc:identityhub-with-sts-bom", version.ref = "edc" } +edc-bom-identithub-sql = { module = "org.eclipse.edc:identityhub-feature-sql-bom", version.ref = "edc" } +[bundles] connector = ["edc-boot", "edc-core-connector", "edc-ext-http", "edc-api-observability", "edc-ext-jsonld", "edc-core-token"] -controlplane = ["edc-controlplane-core", "edc-config-filesystem", "edc-auth-tokenbased", "edc-auth-configuration", "edc-api-management", - "edc-api-management-config", "edc-api-management-edr", "edc-api-management-dataplaneselector", - "edc-api-observability", "edc-dsp", "edc-spi-jwt", "edc-ext-http", "edc-controlplane-callback-dispatcher-event", "edc-controlplane-callback-dispatcher-http", - "edc-identity-core-did", "edc-identity-trust-transform", "edc-api-control-configuration", "edc-lib-transform", - "edc-identity-vc-ldp", "edc-lib-jws2020", "edc-core-edrstore", "edc-edr-storereceiver"] - -did = ["edc-did-web", "edc-did-core", "edc-ih-did", "edc-ih-did-localpub"] - -identity-api = ["edc-ih-mgmt-config", "edc-ih-mgmt-did", "edc-ih-mgmt-participantcontext", "edc-ih-mgmt-verifiablecredential", - "edc-ih-mgmt-keypairs", "edc-ih-mgmt-authentication", "edc-ih-mgmt-authorization"] - -identityhub = ["edc-ih-core", "edc-ih-api-presentation", "edc-ih-participants", "edc-ih-keypairs", "edc-sts-accountprovisioner"] - dcp = ["edc-dcp", "edc-did-core", "edc-did-web", "edc-oauth2-client", "edc-dcp-core"] sql-edc = ["edc-sql-assetindex", "edc-sql-contractdef", "edc-sql-contractneg", "edc-sql-policydef", "edc-sql-edrcache", "edc-sql-transferprocess", "edc-sql-dataplane-instancestore", "edc-sql-core", "edc-sql-lease", "edc-sql-pool", "edc-sql-transactionlocal", "postgres"] -sql-edc-dataplane = ["edc-sql-accesstokendata", "edc-sql-dataplane", "edc-sql-core", "edc-sql-lease", "edc-sql-pool", "edc-sql-transactionlocal", "edc-sql-dataplane-instancestore", "postgres"] - -sql-ih = ["edc-sql-ih-credstore-sql","edc-sql-jtivdalidation", "edc-sql-ih-didstore-sql", "edc-sql-ih-keypairstore-sql", "edc-sql-ih-pcstore-sql", "edc-sql-ih-stsstore-sql", "edc-sql-core", "edc-sql-pool", "edc-sql-transactionlocal", "postgres"] sql-sts = ["edc-sql-ih-stsstore-sql", "edc-sql-jtivdalidation", "edc-sql-core", "edc-sql-pool", "edc-sql-transactionlocal", "postgres"] sts = ["edc-sts-core", "edc-sts-api", "edc-sts-spi", "edc-sts"] -sql-fc = ["edc-fc-cache-sql"] - [plugins] shadow = { id = "com.github.johnrengelman.shadow", version = "8.1.1" } diff --git a/launchers/catalog-server/src/main/docker/Dockerfile b/launchers/catalog-server/src/main/docker/Dockerfile index 17eae25b..d469671d 100644 --- a/launchers/catalog-server/src/main/docker/Dockerfile +++ b/launchers/catalog-server/src/main/docker/Dockerfile @@ -1,5 +1,5 @@ # -buster is required to have apt available -FROM eclipse-temurin:23_37-jre-alpine +FROM eclipse-temurin:23.0.1_11-jre-alpine # Optional JVM arguments, such as memory settings ARG JVM_ARGS="" diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index 16bc476a..0ded57b2 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -19,26 +19,16 @@ plugins { } dependencies { - implementation(project(":extensions:did-example-resolver")) - implementation(project(":extensions:dcp-impl")) // some patches/impls for DCP + runtimeOnly(project(":extensions:did-example-resolver")) + runtimeOnly(project(":extensions:dcp-impl")) // some patches/impls for DCP runtimeOnly(project(":extensions:catalog-node-resolver")) // to trigger the federated catalog - implementation(libs.edc.spi.core) // we need some constants - - implementation(libs.bundles.controlplane) - implementation(libs.bundles.dcp) - implementation(libs.edc.core.connector) - implementation(libs.edc.core.token) + runtimeOnly(libs.edc.bom.controlplane) if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) - runtimeOnly(libs.bundles.sql.edc) - runtimeOnly(libs.bundles.sql.fc) - runtimeOnly(libs.edc.sts.remote.client) + runtimeOnly(libs.edc.bom.controlplane.sql) println("This runtime compiles with a remote STS client, Hashicorp Vault and PostgreSQL. You will need properly configured Postgres and HCV instances.") } - runtimeOnly(libs.bundles.dpf) - runtimeOnly(libs.edc.api.version) - } tasks.withType { diff --git a/launchers/controlplane/src/main/docker/Dockerfile b/launchers/controlplane/src/main/docker/Dockerfile index 7de162bd..1b07f1ea 100644 --- a/launchers/controlplane/src/main/docker/Dockerfile +++ b/launchers/controlplane/src/main/docker/Dockerfile @@ -1,5 +1,5 @@ # -buster is required to have apt available -FROM eclipse-temurin:23_37-jre-alpine +FROM eclipse-temurin:23.0.1_11-jre-alpine # Optional JVM arguments, such as memory settings ARG JVM_ARGS="" diff --git a/launchers/dataplane/build.gradle.kts b/launchers/dataplane/build.gradle.kts index 19d66332..fdef32df 100644 --- a/launchers/dataplane/build.gradle.kts +++ b/launchers/dataplane/build.gradle.kts @@ -19,27 +19,14 @@ plugins { } dependencies { - runtimeOnly(libs.bundles.connector) - runtimeOnly(libs.edc.api.observability) - runtimeOnly(libs.edc.dataplane.core) - runtimeOnly(libs.edc.dataplane.api.control.config) - runtimeOnly(libs.edc.dataplane.api.control.client) - runtimeOnly(libs.edc.dataplane.selfregistration) - runtimeOnly(libs.edc.dataplane.http) - runtimeOnly(libs.edc.dataplane.http.oauth2) - runtimeOnly(libs.edc.dataplane.api.public) - runtimeOnly(libs.edc.dataplane.api.signaling) - runtimeOnly(libs.edc.dataplane.iam) - runtimeOnly(libs.edc.ext.jsonld) // needed by the DataPlaneSignalingApi - runtimeOnly(libs.edc.dpf.selector.client) // for the selector service -> self registration + runtimeOnly(libs.edc.bom.dataplane) if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) - runtimeOnly(libs.bundles.sql.edc.dataplane) + runtimeOnly(libs.edc.bom.dataplane.sql) runtimeOnly(libs.edc.sts.remote.client) println("This runtime compiles with a remote STS client, Hashicorp Vault and PostgreSQL. You will need properly configured Postgres and HCV instances.") } - } tasks.withType { diff --git a/launchers/dataplane/src/main/docker/Dockerfile b/launchers/dataplane/src/main/docker/Dockerfile index 79336c22..463f9db5 100644 --- a/launchers/dataplane/src/main/docker/Dockerfile +++ b/launchers/dataplane/src/main/docker/Dockerfile @@ -1,5 +1,5 @@ # -buster is required to have apt available -FROM eclipse-temurin:23_37-jre-alpine +FROM eclipse-temurin:23.0.1_11-jre-alpine # Optional JVM arguments, such as memory settings ARG JVM_ARGS="" diff --git a/launchers/identity-hub/build.gradle.kts b/launchers/identity-hub/build.gradle.kts index f38b37b9..c691e254 100644 --- a/launchers/identity-hub/build.gradle.kts +++ b/launchers/identity-hub/build.gradle.kts @@ -19,24 +19,22 @@ plugins { } dependencies { - runtimeOnly(libs.bundles.identityhub) - runtimeOnly(libs.edc.api.observability) + runtimeOnly(project(":extensions:superuser-seed")) + runtimeOnly(project(":extensions:did-example-resolver")) + + implementation(libs.edc.ih.lib.credentialquery) // needed in the extensions here + + if (project.properties.getOrDefault("persistence", "false") == "true") { + runtimeOnly(libs.edc.bom.identithub) runtimeOnly(libs.edc.vault.hashicorp) - runtimeOnly(libs.bundles.sql.ih) + runtimeOnly(libs.edc.bom.identithub.sql) runtimeOnly(libs.edc.sts.accountservice.remote) println("This runtime compiles with a remote STS, Hashicorp Vault and PostgreSQL. You will need properly configured STS, Postgres and HCV instances.") + }else{ + runtimeOnly(libs.edc.bom.identithub.sts) } - runtimeOnly(project(":extensions:superuser-seed")) - - runtimeOnly(libs.bundles.identity.api) - implementation(libs.bundles.did) - implementation(project(":extensions:did-example-resolver")) - implementation(libs.bundles.connector) - implementation(libs.edc.ih.spi.store) - implementation(libs.edc.identity.vc.ldp) - implementation(libs.edc.ih.lib.credentialquery) testImplementation(libs.edc.lib.crypto) testImplementation(libs.edc.lib.keys) diff --git a/launchers/identity-hub/src/main/docker/Dockerfile b/launchers/identity-hub/src/main/docker/Dockerfile index 0f920793..75bae751 100644 --- a/launchers/identity-hub/src/main/docker/Dockerfile +++ b/launchers/identity-hub/src/main/docker/Dockerfile @@ -1,5 +1,5 @@ # -buster is required to have apt available -FROM eclipse-temurin:23_37-jre-alpine +FROM eclipse-temurin:23.0.1_11-jre-alpine # Optional JVM arguments, such as memory settings ARG JVM_ARGS="" diff --git a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java index 48e2a5cc..06d15dd8 100644 --- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java +++ b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/IdentityHubExtension.java @@ -14,12 +14,10 @@ package org.eclipse.edc.demo.dcp.ih; -import org.eclipse.edc.identityhub.spi.ScopeToCriterionTransformer; import org.eclipse.edc.identityhub.spi.store.CredentialStore; import org.eclipse.edc.identityhub.spi.verifiablecredentials.model.VerifiableCredentialResource; import org.eclipse.edc.runtime.metamodel.annotation.Extension; import org.eclipse.edc.runtime.metamodel.annotation.Inject; -import org.eclipse.edc.runtime.metamodel.annotation.Provider; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; @@ -27,7 +25,6 @@ import java.io.File; import java.io.IOException; -import java.util.List; import java.util.stream.Stream; import static org.eclipse.edc.spi.constants.CoreConstants.JSON_LD; @@ -60,11 +57,6 @@ public void start() { } } - @Provider - public ScopeToCriterionTransformer createScopeTransformer() { - return new MvdScopeTransformer(List.of("MembershipCredential", "DataProcessorCredential")); - } - private void seedCredentials(String credentialsSourceDirectory, Monitor monitor) throws IOException { var absPath = new File(credentialsSourceDirectory).getAbsoluteFile(); diff --git a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java b/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java deleted file mode 100644 index 5f4fb54f..00000000 --- a/launchers/identity-hub/src/main/java/org/eclipse/edc/demo/dcp/ih/MvdScopeTransformer.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation - * - */ - -package org.eclipse.edc.demo.dcp.ih; - -import org.eclipse.edc.identityhub.query.EdcScopeToCriterionTransformer; -import org.eclipse.edc.spi.query.Criterion; -import org.eclipse.edc.spi.result.Result; - -import java.util.List; - -import static org.eclipse.edc.spi.result.Result.failure; -import static org.eclipse.edc.spi.result.Result.success; - -public class MvdScopeTransformer extends EdcScopeToCriterionTransformer { - - private final List knownCredentialTypes; - - public MvdScopeTransformer(List knownCredentialTypes) { - this.knownCredentialTypes = knownCredentialTypes; - } - - @Override - public Result transform(String scope) { - var tokens = tokenize(scope); - if (tokens.failed()) { - return failure("Scope string cannot be converted: %s".formatted(tokens.getFailureDetail())); - } - var credentialType = tokens.getContent()[1]; - - if (!knownCredentialTypes.contains(credentialType)) { - //select based on the credentialSubject.level property - // even though "claims" is a Map, we need to access it using the dot notation. See ReflectionUtil.java - return success(new Criterion("verifiableCredential.credential.credentialSubject.claims.level", "=", credentialType)); - } else { - return success(new Criterion(TYPE_OPERAND, CONTAINS_OPERATOR, credentialType)); - } - } -} diff --git a/launchers/runtime-embedded/build.gradle.kts b/launchers/runtime-embedded/build.gradle.kts index 514d62e8..5ac2355e 100644 --- a/launchers/runtime-embedded/build.gradle.kts +++ b/launchers/runtime-embedded/build.gradle.kts @@ -22,6 +22,8 @@ dependencies { runtimeOnly(project(":launchers:controlplane")) { // this will remove the RemoteDataPlaneSelectorService exclude(group = "org.eclipse.edc", "data-plane-selector-client") + // exclude the Remote STS client + exclude(group = "org.eclipse.edc", "identity-trust-sts-remote-client") } runtimeOnly(project(":launchers:dataplane")) { // this will remove the RemoteDataPlaneSelectorService