Merge pull request #223 from FraunhoferISST/feat/frameworkagreement

Feat/frameworkagreement

backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/service/EdcAdapterService.java

@@ -103,7 +103,8 @@ private Response sendPostRequest(JsonNode requestBody, List<String> pathSegments
 
     /**
      * Call this method at startup to register the necessary request and
-     * response apis.
+     * response apis. In case you are using the framework agreement feature,
+     * the framework agreement policy will be registered as well here.
      *
      * @return true if all registrations were successful, otherwise false
      */
@@ -114,6 +115,11 @@ public boolean registerAssetsInitially() {
         log.info("Registration of item-stock response api successful " + (result = registerApiAsset(DT_ApiMethodEnum.RESPONSE)));
         if(!result) return false;
         log.info("Registration of item-stock status-request api successful " + (result = registerApiAsset(DT_ApiMethodEnum.STATUS_REQUEST)));
+        if(variablesService.isUseFrameworkPolicy()) {
+            log.info("Registration of framework agreement policy successful " + (result = createFrameWorkPolicy()));
+        } else {
+            log.info("Skipping registration of framework agreement policy");
+        }
         return result;
     }
 
@@ -158,7 +164,7 @@ private boolean createContractDefinitionForPartner(Partner partner, DT_ApiMethod
     }
 
     /**
-     * Registers a policy definitions that allows only the given partner's
+     * Registers a policy definition that allows only the given partner's
      * BPNL.
      *
      * @param partner the partner
@@ -180,6 +186,27 @@ private boolean createPolicyDefinitionForPartner(Partner partner) {
         }
     }
 
+    /**
+     * Registers the framework agreement policy definition
+     *
+     * @return true, if registration ran successfully
+     */
+    private boolean createFrameWorkPolicy() {
+        var body = edcRequestBodyBuilder.buildFrameworkAgreementPolicy();
+        try {
+            var response = sendPostRequest(body, List.of("v2", "policydefinitions"));
+            boolean result = response.isSuccessful();
+            if(!result) {
+                log.warn("Framework Policy Registration failed \n" + response.body().string());
+            }
+            response.body().close();
+            return result;
+        } catch (Exception e) {
+            log.error("Failed to register Framework Policy", e);
+            return false;
+        }
+    }
+
     /**
      * Util method to register an API asset to your control plane.
      *

backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/util/EdcRequestBodyBuilder.java

@@ -50,6 +50,7 @@ public class EdcRequestBodyBuilder {
     private final String CX_TAXO_NAMESPACE = "https://w3id.org/catenax/taxonomy#";
     private final String CX_COMMON_NAMESPACE = "https://w3id.org/catenax/ontology/common#";
     private final String DCT_NAMESPACE = "https://purl.org/dc/terms/";
+    private final String FRAMEWORK_POLICY_ID = "Framework_Agreement_Policy";
 
     /**
      * Creates a request body for requesting a catalog in DSP protocol.
@@ -120,6 +121,7 @@ public JsonNode buildBpnRestrictedPolicy(Partner partner) {
         var context = MAPPER.createObjectNode();
         context.put("odrl", ODRL_NAMESPACE);
         body.set("@context", context);
+        body.put("@type", "PolicyDefinitionRequestDto");
         body.put("@id", getBpnPolicyId(partner));
         var policy = MAPPER.createObjectNode();
         body.set("policy", policy);
@@ -140,9 +142,42 @@ public JsonNode buildBpnRestrictedPolicy(Partner partner) {
         return body;
     }
 
+    /**
+     * Creates a request body in order to register a policy that
+     * allows only participants of the framework agreement.
+     *
+     * @return the request body
+     */
+    public JsonNode buildFrameworkAgreementPolicy() {
+        var body = MAPPER.createObjectNode();
+        var context = MAPPER.createObjectNode();
+        context.put("odrl", ODRL_NAMESPACE);
+        body.set("@context", context);
+        body.put("@type", "PolicyDefinitionRequestDto");
+        body.put("@id", FRAMEWORK_POLICY_ID);
+        var policy = MAPPER.createObjectNode();
+        body.set("policy", policy);
+        policy.put("@type", "Policy");
+        var permissionsArray = MAPPER.createArrayNode();
+        policy.set("odrl:permission", permissionsArray);
+        var permissionsObject = MAPPER.createObjectNode();
+        permissionsArray.add(permissionsObject);
+        permissionsObject.put("odrl:action", "USE");
+        var constraintObject = MAPPER.createObjectNode();
+        permissionsObject.set("odrl:constraint", constraintObject);
+        constraintObject.put("@type", "LogicalConstraint");
+        constraintObject.put("odrl:leftOperand", variablesService.getPurisFrameworkAgreement());
+        var operatorObject = MAPPER.createObjectNode();
+        constraintObject.set("odrl:operator", operatorObject);
+        operatorObject.put("@id", "odrl:eq");
+        constraintObject.put("odrl:rightOperand", "active");
+        return body;
+    }
+
     /**
      * Creates a request body in order to register a contract definition for the given partner and the given
      * api method that uses the BPNL-restricted policy created with the buildBpnRestrictedPolicy - method.
+     * Depending on your configuration, it will also use the Framework Agreement Policy as the contract policy.
      *
      * @param partner   the partner
      * @param apiMethod the api method
@@ -152,7 +187,11 @@ public JsonNode buildContractDefinitionWithBpnRestrictedPolicy(Partner partner,
         var body = getEdcContextObject();
         body.put("@id", partner.getBpnl() + "_contractdefinition_for_" + apiMethod);
         body.put("accessPolicyId", getBpnPolicyId(partner));
-        body.put("contractPolicyId", getBpnPolicyId(partner));
+        if(variablesService.isUseFrameworkPolicy()) {
+            body.put("contractPolicyId", FRAMEWORK_POLICY_ID);
+        } else {
+            body.put("contractPolicyId", getBpnPolicyId(partner));
+        }
         var assetsSelector = MAPPER.createObjectNode();
         body.set("assetsSelector", assetsSelector);
         assetsSelector.put("@type", "CriterionDto");

backend/src/main/java/org/eclipse/tractusx/puris/backend/common/util/VariablesService.java

@@ -93,6 +93,17 @@ public class VariablesService {
      * can be reached by external machines.
      */
     private String statusRequestServerEndpoint;
+    @Value("${puris.frameworkagreement.use}")
+    /**
+     * A flag that signals whether a framework policy
+     * shall be used as contract policy for your api assets.
+     */
+    private boolean useFrameworkPolicy;
+    @Value("${puris.frameworkagreement.credential}")
+    /**
+     * The name of the framework agreement to be used.
+     */
+    private String purisFrameworkAgreement;
     @Value("${puris.api.key}")
     /**
      * The key for accessing the api.

backend/src/main/resources/application.properties

@@ -9,6 +9,8 @@ puris.response.serverendpoint=${PURIS_RESPONSE_SERVERENDPOINT:http://customer-ba
 puris.response.apiassetid=${PURIS_RESPONSE_APIASSETID:response-api-asset}
 puris.statusrequest.apiassetid=${PURIS_STATUSREQUEST_APIASSETID:statusrequest-api-asset}
 puris.statusrequest.serverendpoint=${PURIS_STATUSREQUEST_SERVERENDPOINT:http://customer-backend:8081/catena/item-stock/status}
+puris.frameworkagreement.use=${PURIS_FRAMEWORKAGREEMENT_USE:false}
+puris.frameworkagreement.credential=${PURIS_FRAMEWORKAGREEMENT_CREDENTIAL:FrameworkAgreement.traceability}
 puris.api.key=${PURIS_API_KEY:test}
 
 # DB Configuration

backend/src/test/resources/application.properties

@@ -9,6 +9,8 @@ puris.response.serverendpoint=${PURIS_RESPONSE_SERVERENDPOINT:http://customer-ba
 puris.response.apiassetid=${PURIS_RESPONSE_APIASSETID:response-api-asset}
 puris.statusrequest.apiassetid=${PURIS_STATUSREQUEST_APIASSETID:statusrequest-api-asset}
 puris.statusrequest.serverendpoint=${PURIS_STATUSREQUEST_SERVERENDPOINT:http://customer-backend:8081/catena/item-stock/status}
+puris.frameworkagreement.use=${PURIS_FRAMEWORKAGREEMENT_USE:false}
+puris.frameworkagreement.credential=${PURIS_FRAMEWORKAGREEMENT_CREDENTIAL:FrameworkAgreement.traceability}
 puris.api.key=${PURIS_API_KEY:test}
 
 # DB Configuration
@@ -24,8 +26,6 @@ edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password}
 edc.controlplane.management.url=${EDC_CONTROLPLANE_MANAGEMENT_URL:http://customer-control-plane:8181/management}
 edc.controlplane.protocol.url=${EDC_CONTROLPLANE_PROTOCOL_URL:http://customer-control-plane:8184/api/v1/dsp}
 
-# Needs to be set for forwarding http --> https
-edc.web.rest.cors.enabled=true
 
 # Jackson (JSON)
 #spring.jackson.default-property-inclusion=non_empty

charts/puris/README.md

@@ -70,6 +70,8 @@ $ helm install puris --namespace puris --create-namespace .
 | backend.puris.edc.web.rest.cors.enabled | bool | `true` |  |
 | backend.puris.edr.deletiontimer | int | `2` | Number of minutes before received authentication data of a consumer pull is removed from memory |
 | backend.puris.edr.endpoint | string | `"your-backend-host-address.com"` | Endpoint for EDR |
+| backend.puris.frameworkagreement.credential | string | `"FrameworkAgreement.traceability"` | The name of the framework agreement |
+| backend.puris.frameworkagreement.use | bool | `false` | Flag to determine whether to use a framework agreement in puris |
 | backend.puris.jpa.hibernate.ddl-auto | string | `"create"` | Initialises SQL database with Hibernate property "create" to allow Hibernate to first drop all tables and then create new ones |
 | backend.puris.jpa.properties.hibernate.enable_lazy_load_no_trans | bool | `true` | Enables "Lazy load no trans" property to fetch of each lazy entity to open a temporary session and run inside a separate transaction |
 | backend.puris.own.bpna | string | `"BPNA4444444444ZZ"` | Own BPNA of the EDC |

charts/puris/templates/backend-deployment.yaml

@@ -103,6 +103,10 @@ spec:
               value: "http://{{ .Values.backend.puris.statusrequest.serverendpoint }}/catena/item-stock/status"
             - name: PURIS_STATUSREQUEST_APIASSETID
               value: "{{ .Values.backend.puris.statusrequest.apiassetid }}"
+            - name: PURIS_FRAMEWORKAGREEMENT_USE
+              value: "{{ .Values.backend.puris.frameworkagreement.use }}"
+            - name: PURIS_FRAMEWORKAGREEMENT_CREDENTIAL
+              value: "{{ .Values.backend.puris.frameworkagreement.credential }}"
           ports:
             - name: http
               containerPort: {{ .Values.backend.service.port }}

charts/puris/values.yaml

@@ -427,6 +427,11 @@ backend:
           serverendpoint: *domain
           # -- Asset ID for status-request API
           apiassetid: statusrequest-api-asset
+        frameworkagreement:
+          # -- Flag to determine whether to use a framework agreement in puris
+          use: false
+          # -- The name of the framework agreement
+          credential : FrameworkAgreement.traceability
         edr:
           # -- Number of minutes before received authentication data of a consumer pull is removed from memory
           deletiontimer: 2

local/init-wallets.sh

@@ -1,13 +1,21 @@
 #!/bin/bash
 
+# retrieve access token for miw from keycloak
 response=$(curl -X POST -d 'client_id=miw_private_client&grant_type=client_credentials&client_secret=miw_private_client&scope=openid' http://localhost:8080/realms/miw_test/protocol/openid-connect/token)
 
 token=$(echo "$response" | jq -r '.access_token')
 
-echo $result
-
-curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d '{ "name": "customer wallet", "bpn": "BPNL4444444444XX" }' http://localhost:8000/api/wallets
-
-curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d '{ "name": "supplier wallet", "bpn": "BPNL1234567890ZZ" }' http://localhost:8000/api/wallets
+echo "$response" | jq
 
+# register customer wallet at miw
+curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d '{ "name": "customer wallet", "bpn": "BPNL4444444444XX" }' http://localhost:8000/api/wallets | jq
+echo ""
+# register supplier wallet at miw
+curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d '{ "name": "supplier wallet", "bpn": "BPNL1234567890ZZ" }' http://localhost:8000/api/wallets | jq
+echo ""
+# register customer for framework agreement at miw
+curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d '{ "holderIdentifier": "BPNL4444444444XX", "type": "TraceabilityCredential", "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", "contract-version": "1.0.0" }' http://localhost:8000/api/credentials/issuer/framework | jq
+echo ""
+# register supplier for framework agreement at miw
+curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d '{ "holderIdentifier": "BPNL1234567890ZZ", "type": "TraceabilityCredential", "contract-template": "https://public.catena-x.org/contracts/traceabilty.v1.pdf", "contract-version": "1.0.0" }' http://localhost:8000/api/credentials/issuer/framework | jq
 echo ""

local/tractus-x-edc/config/customer/puris-backend.properties

@@ -8,6 +8,8 @@ puris.statusrequest.serverendpoint=http://customer-backend:8081/catena/item-stoc
 puris.statusrequest.apiassetid=statusrequest-api-asset
 puris.response.serverendpoint=http://customer-backend:8081/catena/item-stock/response
 puris.response.apiassetid=response-api-asset
+puris.frameworkagreement.use=true
+puris.frameworkagreement.crednetial=FrameworkAgreement.traceability
 puris.api.key=${CUSTOMER_BACKEND_API_KEY}
 
 edc.controlplane.key=${EDC_API_PW}

local/tractus-x-edc/config/supplier/puris-backend.properties

@@ -8,6 +8,8 @@ puris.statusrequest.serverendpoint=http://supplier-backend:8082/catena/item-stoc
 puris.statusrequest.apiassetid=statusrequest-api-asset
 puris.response.serverendpoint=http://supplier-backend:8082/catena/item-stock/response
 puris.response.apiassetid=response-api-asset
+puris.frameworkagreement.use=true
+puris.frameworkagreement.credential=FrameworkAgreement.traceability
 puris.api.key=${SUPPLIER_BACKEND_API_KEY}
 
 edc.controlplane.key=${EDC_API_PW}