diff --git a/README.md b/README.md index 1727932bca..c0acbfb12c 100644 --- a/README.md +++ b/README.md @@ -1,75 +1,93 @@ -# Construct-X EDC +# Tractus-X EDC (Eclipse Dataspace Connector) +[![Contributors][contributors-shield]][contributors-url] +[![Stargazers][stars-shield]][stars-url] [![Apache 2.0 License][license-shield]][license-url] -[Construct-X](https://www.construct-x.org/) specific Eclipse Dataspace Connector distributions and extensions, based on the [Eclipse Tractus-X EDC](https://github.com/eclipse-tractusx/tractusx-edc). +[![Latest Release][release-shield]][release-url] +[![Latest Snapshot][snapshot-shield]]() -## Overview +[![Quality Gate Status](https://sonarcloud.io/api/project_badges/measure?project=eclipse-tractusx_tractusx-edc&metric=alert_status)](https://sonarcloud.io/summary/new_code?id=eclipse-tractusx_tractusx-edc) -The Construct-X EDC extends the Eclipse Tractus-X EDC with -Construct-X specific policies, extensions and configurations. +Container images and deployments of the Eclipse Dataspace Components for the Tractus-X project. -This repository provides: -- Construct-X specific EDC extensions -- Control-Plane and Data-Plane distributions -- Helm charts and docker compose -- Local development and testing environments +Please also refer to: -## Inventory +- [Our docs](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/docs) +- [Our Releases](https://github.com/eclipse-tractusx/tractusx-edc/releases) +- [Eclipse Dataspace Components](https://github.com/eclipse-edc/Connector) +- [Report Bug / Request Feature](https://github.com/eclipse-tractusx/tractusx-edc/issues) -The Construct-X EDC is split into a Control Plane and a Data Plane. +## About The Project -The Control Plane is responsible for resource management, -contract negotiation and transfer orchestration. +The project provides pre-built control- and data-plane [docker](https://www.docker.com/) images +and [helm](https://helm.sh/) charts of +the [Eclipse DataSpaceConnector Project](https://github.com/eclipse-edc/Connector). -The Data Plane handles the actual transfer of data streams. +## Inventory -### Control Plane distributions +The eclipse data space connector is split up into Control-Plane and Data-Plane, whereas the Control-Plane functions as +administration layer and has responsibility of resource management, contract negotiation and administer data transfer. +The Data-Plane does the heavy lifting of transferring and receiving data streams. -- [edc-controlplane-postgresql-hashicorp-vault](edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault) with - dependencies on +Control-Plane distribution: + +- [edc-controlplane-postgresql-hashicorp-vault](edc-controlplane/edc-controlplane-postgresql-hashicorp-vault) with + dependency onto - [Hashicorp Vault](https://www.vaultproject.io/) - [PostgreSQL 8.2 or newer](https://www.postgresql.org/) -- [edc-runtime-memory](edc-controlplane/edc-runtime-memory) -### Data Plane distributions +Data-Plane distribution: -- [edc-dataplane-hashicorp-vault](edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault) with dependencies on +- [edc-dataplane-hashicorp-vault](edc-dataplane/edc-dataplane-hashicorp-vault) with dependency onto - [Hashicorp Vault](https://www.vaultproject.io/) -## Upstream References +For testing/development purposes: -- [Eclipse Tractus-X EDC](https://github.com/eclipse-tractusx/tractusx-edc) -- [Eclipse Dataspace Components](https://github.com/eclipse-edc/Connector) +- [edc-runtime-memory](edc-controlplane/edc-runtime-memory) -## Construct-X Extensions +## Getting Started -Construct-X adds custom integrations and runtime extensions -on top of the Eclipse Tractus-X EDC. +### Build -This includes: -- Construct-X specific policy extensions -- Custom credential handling -- Wallet integration support -- Local testbed environments +Build Tractus-X EDC together with its Container Images -## Getting Started +```shell +./gradlew dockerize +``` -The local testbed provides a lightweight environment for local Construct-X EDC development and integration testing. -It is the recommended starting point for developers getting started with the Construct-X EDC. +## Known Incompatibilities + +- Hashicorp Vault 1.18.1 is not compatible with the EDC due to a bug in the vault concerning path handling + - [Internal Issue](https://github.com/eclipse-tractusx/tractusx-edc/issues/1772) + - [Hashicorp Vault Issue](https://github.com/hashicorp/vault/issues/29357) -- [Construct-X Local Testbed](https://github.com/project-construct-x/constructx-edc/blob/develop/edc-controlplane/edc-controlplane-construct-x/local/README.md) ## Contributing -See [CONTRIBUTING](https://github.com/project-construct-x/constructx-edc/blob/develop/CONTRIBUTING.md). +See [CONTRIBUTING](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/CONTRIBUTING.md). ## License Distributed under the Apache 2.0 License. -See [LICENSE](https://github.com/project-construct-x/constructx-edc/blob/develop/LICENSE) for more information. +See [LICENSE](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE) for more information. -[license-shield]: https://img.shields.io/github/license/project-construct-x/constructx-edc.svg?style=for-the-badge -[license-url]: https://github.com/project-construct-x/constructx-edc/blob/develop/LICENSE \ No newline at end of file +[contributors-shield]: https://img.shields.io/github/contributors/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge + +[contributors-url]: https://github.com/eclipse-tractusx/tractusx-edc/graphs/contributors + +[stars-shield]: https://img.shields.io/github/stars/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge + +[stars-url]: https://github.com/eclipse-tractusx/tractusx-edc/stargazers + +[license-shield]: https://img.shields.io/github/license/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge + +[license-url]: https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE + +[release-shield]: https://img.shields.io/github/v/release/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge + +[release-url]: https://github.com/eclipse-tractusx/tractusx-edc/releases + +[snapshot-shield]: https://img.shields.io/badge/dynamic/regex?url=https%3A%2F%2Fraw.githubusercontent.com%2Feclipse-tractusx%2Ftractusx-edc%2Frefs%2Fheads%2Fgh-pages%2Fmisc%2Flatest-versioned-snapshot.txt&search=.*&style=for-the-badge&label=Latest-Snapshot \ No newline at end of file diff --git a/charts/tractusx-connector/Chart.yaml b/charts/tractusx-connector/Chart.yaml index ff4e000e0e..7a4d895c71 100644 --- a/charts/tractusx-connector/Chart.yaml +++ b/charts/tractusx-connector/Chart.yaml @@ -58,8 +58,8 @@ dependencies: repository: https://helm.releases.hashicorp.com condition: install.vault # PostgreSQL - - name: postgresql + - name: postgres alias: postgresql - version: "15.2.1" - repository: https://charts.bitnami.com/bitnami + version: 0.19.5 + repository: oci://registry-1.docker.io/cloudpirates condition: install.postgresql diff --git a/charts/tractusx-connector/templates/configmap-vault-init.yaml b/charts/tractusx-connector/templates/configmap-vault-init.yaml new file mode 100644 index 0000000000..ed687da5ba --- /dev/null +++ b/charts/tractusx-connector/templates/configmap-vault-init.yaml @@ -0,0 +1,140 @@ +################################################################################# +# Copyright (c) 2026 Zentralverband der Deutschen Elektro- und Informationstechnischen Handwerke (ZVEH) +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# + +# this configmap contains the initialization script to generate and store aes and rsa keys into the vault. + +{{ if .Values.vault.hashicorp.init.enabled }} +{{- $fullName := .Values.fullnameOverride -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ $fullName }}-vault-init + namespace: {{ .Release.Namespace | default "default" | quote }} + labels: + {{- include "txdc.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +data: + init.sh: | + #!/usr/bin/env sh + set -eu + + VAULT="${VAULT_ADDR:?VAULT_ADDR is required}" + TOKEN="${VAULT_TOKEN:?VAULT_TOKEN is required}" + FORCE="${FORCE_REGENERATE:-false}" + SECRETS="${VAULT_SECRET_PATH:-/v1/secret}" + HEALTH="${VAULT_HEALTH_PATH:-/v1/sys/health}" + + AES_ALIAS="${AES_KEY_ALIAS:-}" + PRIV_ALIAS="${PRIVATE_KEY_ALIAS:-}" + PUB_ALIAS="${PUBLIC_KEY_ALIAS:-}" + + log() { echo "[$(date -u +%Y-%m-%dT%H:%M:%SZ)] $*" >&2; } + + # Check provided Aliases for plausibility (AES or RSA pair must be requested) + if [ -z "$AES_ALIAS" ] && [ -z "$PRIV_ALIAS" ] && [ -z "$PUB_ALIAS" ]; then + log "ERROR: no alias provided. Set AES_KEY_ALIAS and/or PRIVATE_KEY_ALIAS+PUBLIC_KEY_ALIAS." + exit 1 + fi + if { [ -n "$PRIV_ALIAS" ] && [ -z "$PUB_ALIAS" ]; } || \ + { [ -z "$PRIV_ALIAS" ] && [ -n "$PUB_ALIAS" ]; }; then + log "ERROR: RSA generation requires BOTH PRIVATE_KEY_ALIAS and PUBLIC_KEY_ALIAS." + exit 1 + fi + + # Install required tools + if ! command -v openssl >/dev/null 2>&1 \ + || ! command -v curl >/dev/null 2>&1 \ + || ! command -v jq >/dev/null 2>&1; then + log "Installing curl, jq, openssl..." + apk add --no-cache curl jq openssl >/dev/null + fi + + log "Waiting for Vault at $VAULT$HEALTH..." + i=0 + until curl -fsS --connect-timeout 2 --max-time 5 "$VAULT$HEALTH" >/dev/null 2>&1; do + i=$((i+1)) + [ "$i" -gt 60 ] && { log "Vault not ready after 60 attempts."; exit 1; } + sleep 3 + done + log "Vault ready." + + # Check for existing Secret + secret_exists() { + [ "$(curl -sS -o /dev/null -w "%{http_code}" \ + -H "X-Vault-Token: $TOKEN" \ + "$VAULT$SECRETS/data/$1")" = "200" ] + } + + # Store Secret in Vault + put_secret() { + local alias="$1" payload="$2" + local code + code=$(printf '%s' "$payload" | curl -sS -o /dev/null -w "%{http_code}" \ + -H "X-Vault-Token: $TOKEN" \ + -H "Content-Type: application/json" \ + -X POST --data-binary @- \ + "$VAULT$SECRETS/data/$alias") + if [ "$code" != "200" ] && [ "$code" != "204" ]; then + log "Failed to store '$alias' (HTTP $code)" + exit 1 + fi + } + + # Generate AES Key + if [ -n "$AES_ALIAS" ]; then + if [ "$FORCE" != "true" ] && secret_exists "$AES_ALIAS"; then + log "AES key '$AES_ALIAS' already present — skipping." + else + log "Generating AES-256 key for '$AES_ALIAS'..." + key=$(openssl rand -base64 32 | tr -d '\n') + payload=$(jq -n --arg content "$key" '{data:{content:$content}}') + put_secret "$AES_ALIAS" "$payload" + log "AES key stored at $VAULT$SECRETS/data/$AES_ALIAS" + fi + fi + + # Generate RSA Keypair + if [ -n "$PRIV_ALIAS" ] && [ -n "$PUB_ALIAS" ]; then + if [ "$FORCE" != "true" ] \ + && secret_exists "$PRIV_ALIAS" \ + && secret_exists "$PUB_ALIAS"; then + log "RSA keypair ('$PRIV_ALIAS' / '$PUB_ALIAS') already present — skipping." + else + log "Generating RSA keypair ('$PRIV_ALIAS' / '$PUB_ALIAS')..." + umask 077 + dir=$(mktemp -d) + openssl genrsa -out "$dir/k.pem" 2048 2>/dev/null + openssl pkcs8 -topk8 -nocrypt -in "$dir/k.pem" -out "$dir/priv.pem" + openssl rsa -in "$dir/k.pem" -pubout -out "$dir/pub.pem" 2>/dev/null + + put_secret "$PRIV_ALIAS" \ + "$(jq -n --rawfile content "$dir/priv.pem" '{data:{content:$content}}')" + put_secret "$PUB_ALIAS" \ + "$(jq -n --rawfile content "$dir/pub.pem" '{data:{content:$content}}')" + + rm -rf "$dir" + log "RSA keypair stored at $VAULT$SECRETS/data/{$PRIV_ALIAS,$PUB_ALIAS}" + fi + fi + + log "Vault initialization complete." +{{- end }} diff --git a/charts/tractusx-connector/templates/job-vault-init.yaml b/charts/tractusx-connector/templates/job-vault-init.yaml new file mode 100644 index 0000000000..f2841474df --- /dev/null +++ b/charts/tractusx-connector/templates/job-vault-init.yaml @@ -0,0 +1,87 @@ +################################################################################# +# Copyright (c) 2026 Zentralverband der Deutschen Elektro- und Informationstechnischen Handwerke (ZVEH) +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# + +{{ if .Values.vault.hashicorp.init.enabled -}} +{{- $fullName := .Values.fullnameOverride -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $fullName }}-vault-init + namespace: {{ .Release.Namespace | default "default" | quote }} + labels: + {{- include "txdc.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 3 + ttlSecondsAfterFinished: 600 + activeDeadlineSeconds: 300 + template: + metadata: + labels: + {{- include "txdc.labels" . | nindent 8 }} + spec: + restartPolicy: OnFailure + serviceAccountName: {{ include "txdc.serviceAccountName" . }} + containers: + - name: vault-init + {{- $img := index .Values "vault" "hashicorp" "init" "image" | default dict }} + image: {{ $img.repository | default "alpine" }}:{{ $img.tag | default "3.20" }} + command: ["/bin/sh", "-c"] + args: + - | + tr -d '\r' < /scripts/init.sh > /tmp/init.sh + exec sh /tmp/init.sh + env: + - name: VAULT_ADDR + value: {{ tpl .Values.vault.hashicorp.url . | quote }} + - name: VAULT_TOKEN + value: {{ .Values.vault.hashicorp.token | required "vault.hashicorp.token is required" }} + - name: VAULT_SECRET_PATH + value: {{ .Values.vault.hashicorp.paths.secret | quote }} + - name: VAULT_HEALTH_PATH + value: {{ .Values.vault.hashicorp.paths.health | quote }} + {{- with .Values.vault.hashicorp.init.forceRegenerate }} + - name: FORCE_REGENERATE + value: {{ . | quote }} + {{- end }} + {{- with .Values.vault.hashicorp.init.aesKeyAlias }} + - name: AES_KEY_ALIAS + value: {{ . | quote }} + {{- end }} + {{- with .Values.dataplane.token.signer.privatekey_alias }} + - name: PRIVATE_KEY_ALIAS + value: {{ . | quote }} + {{- end }} + {{- with .Values.dataplane.token.verifier.publickey_alias }} + - name: PUBLIC_KEY_ALIAS + value: {{ . | quote }} + {{- end }} + volumeMounts: + - name: script + mountPath: /scripts + readOnly: true + volumes: + - name: script + configMap: + name: {{ $fullName }}-vault-init + defaultMode: 0555 +{{- end }} diff --git a/charts/tractusx-connector/templates/post-install-vault-setup.yaml b/charts/tractusx-connector/templates/post-install-vault-setup.yaml deleted file mode 100644 index ce648d251e..0000000000 --- a/charts/tractusx-connector/templates/post-install-vault-setup.yaml +++ /dev/null @@ -1,86 +0,0 @@ -################################################################################# - - # Copyright (c) 2026 ARENA2036 e.V. - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - ################################################################################# ---- -{{ $vaultToken := index .Values "vault" "hashicorp" "token" -}} -{{- $vaultUrl := tpl (index .Values "vault" "hashicorp" "url") . -}} -{{ $fullName := default "connector" .Values.nameOverride -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: post-install-vault-setup - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - restartPolicy: Never - containers: - - name: post-install-job - image: busybox - imagePullPolicy: "IfNotPresent" - command: - - "/bin/sh" - - "-c" - - | - sleep 10 - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/cert.json "{{ $vaultUrl }}/v1/secret/data/tokenSignerPublicKey" - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/key.json "{{ $vaultUrl }}/v1/secret/data/tokenSignerPrivateKey" - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/aes-secret.json "{{ $vaultUrl }}/v1/secret/data/tokenEncryptionAesKey" - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/cons_priv.json "{{ $vaultUrl }}/v1/secret/data/cons_priv" - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/cons_pub.json "{{ $vaultUrl }}/v1/secret/data/cons_pub" - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/prov_priv.json "{{ $vaultUrl }}/v1/secret/data/prov_priv" - - wget --header 'Content-Type: application/json' --header 'X-Vault-Token: {{ $vaultToken }}' \ - --post-file=/opt/config/prov_pub.json "{{ $vaultUrl }}/v1/secret/data/prov_pub" - volumeMounts: - - name: config-volume - mountPath: /opt/config - volumes: - - name: config-volume - configMap: - name: {{ $fullName }}-vault-edc-configmap - defaultMode: 0777 diff --git a/charts/tractusx-connector/templates/vault-edc-configmap.yaml b/charts/tractusx-connector/templates/vault-edc-configmap.yaml deleted file mode 100644 index c3aa7fbfff..0000000000 --- a/charts/tractusx-connector/templates/vault-edc-configmap.yaml +++ /dev/null @@ -1,69 +0,0 @@ -################################################################################# - - # Copyright (c) 2026 ARENA2036 e.V. - # - # See the NOTICE file(s) distributed with this work for additional - # information regarding copyright ownership. - # - # This program and the accompanying materials are made available under the - # terms of the Apache License, Version 2.0 which is available at - # https://www.apache.org/licenses/LICENSE-2.0 - # - # Unless required by applicable law or agreed to in writing, software - # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the - # License for the specific language governing permissions and limitations - # under the License. - # - # SPDX-License-Identifier: Apache-2.0 - ################################################################################# ---- -{{ $fullName := default "connector" .Values.nameOverride -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ $fullName }}-vault-edc-configmap -data: - cert.json: |- - { - "data": { - "content": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsP1Wl50viKzVqw8HGFWP\nis+M8Im4daTFMned5Qr2z90FNgkj1EVhip0mOdD6kDg3bW4RxyL6z3jWi19JKBHZ\n68UTgZNdPbhhPNLEGcQpu8uwgFcWKL4P/IOykEeE8ResGOVg/HzNE7HkTgiBdr2C\nMTEXL3zTmdr0vbFGMbOTPyOvKMoy/2FaJaJAPXo3poGqfRvr6Gu6top2ktRd/z8N\nhBpuzx9QypIsE62ooLNPpqzjezfvzJbc3tko/cXNOyGoZWuEKMTfKwYq3ZjsTZKk\nbjVNgdoEFSWpd6Tqk76B1Cboxv1CD8xw0cQ149eW0IuLkAk3eF5eZR4iQ5YAOZqA\nUQIDAQAB\n-----END PUBLIC KEY-----\n" - } - } - - key.json: |- - { - "data": { - "content": "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCw/VaXnS+IrNWr\nDwcYVY+Kz4zwibh1pMUyd53lCvbP3QU2CSPURWGKnSY50PqQODdtbhHHIvrPeNaL\nX0koEdnrxROBk109uGE80sQZxCm7y7CAVxYovg/8g7KQR4TxF6wY5WD8fM0TseRO\nCIF2vYIxMRcvfNOZ2vS9sUYxs5M/I68oyjL/YVolokA9ejemgap9G+voa7q2inaS\n1F3/Pw2EGm7PH1DKkiwTraigs0+mrON7N+/Mltze2Sj9xc07Iahla4QoxN8rBird\nmOxNkqRuNU2B2gQVJal3pOqTvoHUJujG/UIPzHDRxDXj15bQi4uQCTd4Xl5lHiJD\nlgA5moBRAgMBAAECggEAKD8XjYb8G+WHeexDJgSwzTUonLsIg9H52KHMORz+5mIh\nUPoPmHHFfj6BhoSvsZNjAUKWDtU0uPCGwu8iRNcYWa15I841lfcjP3BDEQPjJJXr\nNyf2fUHJA1gURwxIXgWOyCOC5C9h9/BMFPWIsQ5jeFmsJsuJF5OrcyZIar1lxqWu\nQ+HC7f/7JNkpR26uIyGjs1OXwfp+mHqze2Qf8hLWIXcN9tBCQZ75Cg7rarNVimMC\n59QD80JZCHTaCX1ZtE1T8HM+53Ob78lnFCuBfiBT/S3O/NXVsEN9q6rMWKhETVWR\nUX56EqZ7XGSMOzuZyK7kj1QsHzEMrrHjwDSNSjAqFQKBgQC6hEeAWPCEM+WVoF9n\nmhvwZVZv/PPyLAarykBTGoeHR2hqNyih9JmcXL+XQHMlhy1Ka8NtJHvfyB1xhXgF\n/d91i/Yq02+nZoJPNnVWo8zoXIAIq+xg9CBiu0agBxv45PjJkEkQmmEG4Iej1+Kf\n5/+dI7sFjE2T4q/lLK0Aw3x+zQKBgQDy7Ho7eRi5CV1Ks+r5lpGGdM15hbE5tviE\nfmJvaEUh3oWuwdkyFjD/QEPITG1bFuvhATdEEWxTbuswNEbELLhKCPcixcI0sLUO\n6BeNi1YD6ouuqsWBLvmE4hvoDR7RlkpUduxWpZ2tNIDJYYTwCERhcYK9OtHU15kc\nlS0pEjF/lQKBgEh+28/OQgYQqd7ji9GX+94PdW5n0mXBqQIixafHewAgyDvonpl8\nmixFfI6MlXTzuq3ffwEwGhncDV2vc/xYNf/ZW+A/eHmHhYTGdQss9ZsnQPid4m24\n1dGqWwQeX0f5r52gwFV8u9PRd8c+RS7EHP12At5gL1MY3CdmmwPd98jNAoGASvPV\n/xWtICKYi10aCip/+kl9wJoUhadD5LWOL6uvcPTUsIgVONQKCCfPAjU6pJlc7E7Q\nu4rYrqGRpYzrrMnTjtxXTH5SHqnLI69O3Rh50LmEob8FM4fH601MqPurX6WMh6Ut\n5Moy7Wc+uWQCfYE/gAVi/nnwlkhzcJNCnOKFLUUCgYA4nbhLrdEeCBJas2+Z9aGw\n/SurtHF2z2meAPO3VaYslf0D0xKzUIv5hkkzaNgs0pFGt0BcKfTWkYy/Hh4QXZhm\n//ZrqbkVsqzDOcqGwQcDmUEN/T+vprUJVKqpNHXT6fz3OTydxLQ7K7SXzwXWYfRW\ncpjdr0c1tVVLMyNG+Wahrg==\n-----END PRIVATE KEY-----\n" - } - } - aes-secret.json: |- - { - "data": { - "content": {{ randAlphaNum 32 | b64enc | quote }} - } - } - cons_priv.json: |- - { - "data": { - "content": "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC9zbB90iPotlvz\nsTCAt246XNL+dHoiSlEYgBsPgroqfEuLWQkVeM2F0L2fWEsvNc6ZU5SJBEDqPTVe\noaYnv6iXShbTaBaZVoFbt2L8+rJmQQ2YoB5qQwLtfsqIDIwuTwQUgiNe747NDtsb\nJmjMpib3fTsB6m+0CsWYDPuU/7bmUJvYytnw/MOLhaUiHAC68jKsgsAemyDzOSUN\nYJfcIbnS/o12OFZ4Na3nKdr96kMB1zN+PE4+K2oTgFRh69zq+z/G5au7mliBdwns\n5Efmf1ijlH6MFZeaeTVMjfHSq8IOIpOSvigjjK5p8T7vCSYettej2rfcgZpBRa44\n3V8m+F7zAgMBAAECggEAF/cnyMtG03RrKdr+p9IBbgcYcR6d6UR+9tv+DrhP71tg\nYojsd7SYJsRTnRIV9DEUFBIUmDRcSfdOjNNWWoB9thSZyznCWLwuezktm4nACt89\n6z6UeJBbh0dSJVmIPbSmbDx+YNdYrZWpnsT7yJNWKju6vqQuVIpjpq5E+exL2Mqu\nj44wW/5ro9jaOhm8mUbAacEctQYixBmy8HXPBm6AtezdD7HpftdI+VWN0LO7IlLn\naWICR8vx18dEF+706JHPKpsovZbolu0Zvl19RSG4Zj3dhVoTw+vbeXTOkHR2wNdP\nDfL4m0exKl6McPos3CG9kEAUwceGR2CZpy0xssBkGQKBgQD/K/Svv/xrMK8pVQVv\nY699OX9pwm6NBq3Ti8LIKejPUW5V2ZZVtSb8njWmgAi6RPp6vO/mWhuUrXahoUrY\nfe0AqW7wTgKmmjXbTvy47VS5Z5S30DT8DAYp8CJekibnU4jwsIgYJgao1TeOTOq3\ngnGdPLlvSa4BagyogWp7+keaTwKBgQC+a2nbyuL3e/Sk+qio0kDkpI6hYIKWg+7u\n0FOsHJjItcwkSkfRKIFRdI7iGYlukE/38xfizs0tLJXYRbdrlUgq/lTgd4i3UoVw\nOAXzEJX0lunZgXNd9jjnADh3pgVbwX9AKDhFz+nu3yL5Egc8FN+caP9Is5xPxYfg\n8J/Pp8DcHQKBgDOc6HlEFAJ6bnOlxtupBi4GG0eBFGtiFnbbpiJml7iXeAHVaRsc\n8S3XsnJjI2DJ4wBAhyXIxBtmmsBGp6Tyk6W2n8HrhY29U3dwmp2tI5383Y/whUcW\nB4kkEU+fsE7KDsDgdCauSlqMBhi6Zh+IOwLa7YcdGB0hHj5XLvq0vRbxAoGAQCpp\n7YqcmNDIS5+7ncfb3jAlb/PZjWa/6PGCgIjSYy//rmrpcG25xf0E+OOqD/vJNsBP\n2Dnfoc1YYRx9Bl+zhelWKJ2fEEdad8opFxMLtPP1sTmR6qPB4PWOEaN8QsMdYj0r\nWTsKlVfTrSKKFZDjGQ24mIMNtUPW2dG7yHm633ECgYEAqaLLo4VYUcjTKnYdBChA\nPFAk/ZwSR+/TY0vXw3Ghm/oiBNVSMVHFBoAFdbt4lWKJlryW+1Wi11cFYXfsBrmb\nJTnK1u7EZDebm9hFBzpp7/yY5uu38NduGKh5+goAVtPXZR9s/8ypyt3xVflcDxzA\nt7VMyFNRxj517ZJPCNN+ImU=\n-----END PRIVATE KEY-----\n" - } - } - cons_pub.json: |- - { - "data": { - "content": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvc2wfdIj6LZb87EwgLdu\nOlzS/nR6IkpRGIAbD4K6KnxLi1kJFXjNhdC9n1hLLzXOmVOUiQRA6j01XqGmJ7+o\nl0oW02gWmVaBW7di/PqyZkENmKAeakMC7X7KiAyMLk8EFIIjXu+OzQ7bGyZozKYm\n9307AepvtArFmAz7lP+25lCb2MrZ8PzDi4WlIhwAuvIyrILAHpsg8zklDWCX3CG5\n0v6NdjhWeDWt5yna/epDAdczfjxOPitqE4BUYevc6vs/xuWru5pYgXcJ7ORH5n9Y\no5R+jBWXmnk1TI3x0qvCDiKTkr4oI4yuafE+7wkmHrbXo9q33IGaQUWuON1fJvhe\n8wIDAQAB\n-----END PUBLIC KEY-----\n" - } - } - prov_priv.json: |- - { - "data": { - "content": "-----BEGIN PRIVATE KEY-----\nMIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDN/ECrw6rbkvkw\nNGoJX1TatjytEvfwhFm/IViYPXfPccQHyVhG9YiQNS1e9v5UhUc8BGNvrZjIm7e9\nHNhPGlOlLiHh3wfU/wG5srcqz1aSV2omFVPz9Nc9TSkwaF6oJcs4AL+Z0+IyQN1e\nPThoqu9aVd5wtRXnS0nh5Dd0CC0spchZdUbtslQXs4c8uBDRGdT2/mkBu5isMxW0\nCg+muQWk1t8vgYVxlokGGvsKjQXFV3RPJQ6hNjsZjVmAqDGYFcA/AxK1WYBV5Hyu\nAZHUU2yityva/IqQPLXN/4fcXQcLxLjrl0MSpWUik/YeuV2bQFyakpvj5wox/w7E\nMNjWBodnAgMBAAECggEADELlO83Tm4ScQuNqPArJyGEYeIby0+uhufy+qZ7f3sab\nXO+xZDvuXpzDvO2zH8EO1FxAg2yc3E6LBkqAXikN7JaAtTf4K+FOe+LPADd3JEWC\nAvVT2edrpPFoYvWVGNymRAjYK7Lb019eesl/7f8ROcCqk1PvYCUjpzruybN8GOmq\naAuvCmrn9+zW8nPDSvFvNC7TTV4LnaRGsWabCA2589c6rDr52ddbXQZ2bXhIkVlw\n+RcfCIA2yZhrYfwDynQP/dPIwaC12y/phONIOFgDmurJHTTm0/3GmyDgU4xdfEan\nqWN2BwYfG2eOaGRTktUxjvmfj4kQF+6V8BiEA1KGAQKBgQDz0tuJBolkCn4nTMXl\nQx/QaacZBLJdHeniD2B6s7715TOgv+6DYzJypxYsNkKX4jLKykOJAQ3SUmWNq+ar\n6HJUE9Ral27zg8AAgZwQBCBr3hXulUkN3Ca2Qe3zhM6OtKlQvCY91zkXIecvQ7/s\ncLepmEXqMe0VXsR6c5C2VFiOAQKBgQDYRaeTcES+LSqHeAUqNytc4qy27lIEA4Vm\nzCd2oK0B1QuBCe2nVPsIMPnv92yfZ2RExEkqJXk0WfxB0fKM6BphTWFGnzbleHH3\nE+0BAfi/JmvOtJUbsbQdqTnV1OjCBL3YsubOJJwF+u9yzYoJdy7oldOmqrKC3zgs\nSOehRF9lZwKBgHEqwv58bDRkslznQ0q/tvpyrz3rciXKBo4H+Q26c72JnkbUDo4o\n8ndImf/3Rz1bnZuF+YaTWKjv2XbB/JR5lOb1NTC+7J5V3j3d6mN8pteqAp/z5i5q\nqgUZ4KmQUJbnv1ZbnZxCUpsr/zNuzJufTX+Hz5t9hL7Qd30mOlqGF3wBAoGBAKKb\nhIqTf+wpU2+1qtR51I2rFMcZ2uqPpy6KUyWbW1kkUNj9mQUWHQSkpldphe84MqiN\nmKEqub3F5qeqbh7JqIP+RSRvMzxHWhC2l50JWXiHL8mj9vRyoQUoJocC5Npz7DXR\nFT5rQjAw4vZDWgUR6mAPvqnyb/N8V+TcD+Qt3zgDAoGBAL001/N43dI6NR+Mlcw8\nYtrfTO5xoakVzx7tdC1g3gry/MiJn/+iftpFSf/hNp8HyQEHlRkubQuL4j0I/Fe3\nHjTc3wPIZhcOpitfbn9VMgpXXWmguK/s4oMMNxoe+Ey71/hlp5UdGOidGhaWq9Jk\nAsqJhS57iz0RP3ikSic9Tb3s\n-----END PRIVATE KEY-----\n" - } - } - prov_pub.json: |- - { - "data": { - "content": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfxAq8Oq25L5MDRqCV9U\n2rY8rRL38IRZvyFYmD13z3HEB8lYRvWIkDUtXvb+VIVHPARjb62YyJu3vRzYTxpT\npS4h4d8H1P8BubK3Ks9WkldqJhVT8/TXPU0pMGheqCXLOAC/mdPiMkDdXj04aKrv\nWlXecLUV50tJ4eQ3dAgtLKXIWXVG7bJUF7OHPLgQ0RnU9v5pAbuYrDMVtAoPprkF\npNbfL4GFcZaJBhr7Co0FxVd0TyUOoTY7GY1ZgKgxmBXAPwMStVmAVeR8rgGR1FNs\norcr2vyKkDy1zf+H3F0HC8S465dDEqVlIpP2Hrldm0BcmpKb4+cKMf8OxDDY1gaH\nZwIDAQAB\n-----END PUBLIC KEY-----\n" - } - } diff --git a/charts/tractusx-connector/values-consumer.yaml b/charts/tractusx-connector/values-consumer.yaml index 2e7c0ef4e7..40f950cd30 100644 --- a/charts/tractusx-connector/values-consumer.yaml +++ b/charts/tractusx-connector/values-consumer.yaml @@ -33,9 +33,6 @@ controlplane: hostname: consumer-edc-controlplane imagePullSecrets: - name: *imagePullSecret - env: - EDC_IAM_ISSUER_ID: *connectorId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: *secretAlias ingresses: ## Public / Internet facing Ingress - enabled: true @@ -80,10 +77,6 @@ dataplane: privatekey_alias: cons_priv verifier: publickey_alias: cons_pub - env: - EDC_IAM_ISSUER_ID: *connectorId - EDC_IAM_TRUSTED-ISSUER_EXAMPLE_ID: *trustedIssuerId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: *secretAlias ingresses: ## Public / Internet facing Ingress - enabled: true @@ -120,9 +113,12 @@ dataplane: clusterIssuer: *clusterIssuer postgresql: - primary: - persistence: - enabled: true - readReplicas: - persistence: - enabled: true + persistence: + enabled: true + size: 10Gi + storageClass: "" + +vault: + hashicorp: + init: + enabled: true \ No newline at end of file diff --git a/charts/tractusx-connector/values-provider.yaml b/charts/tractusx-connector/values-provider.yaml index 60507edda1..937f669611 100644 --- a/charts/tractusx-connector/values-provider.yaml +++ b/charts/tractusx-connector/values-provider.yaml @@ -33,9 +33,6 @@ controlplane: hostname: provider-edc-controlplane imagePullSecrets: - name: *imagePullSecret - env: - EDC_IAM_ISSUER_ID: *connectorId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: *secretAlias ingresses: ## Public / Internet facing Ingress - enabled: true @@ -80,10 +77,6 @@ dataplane: privatekey_alias: prov_priv verifier: publickey_alias: prov_pub - env: - EDC_IAM_ISSUER_ID: *connectorId - EDC_IAM_TRUSTED-ISSUER_EXAMPLE_ID: *trustedIssuerId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: *secretAlias ingresses: ## Public / Internet facing Ingress - enabled: true @@ -120,9 +113,12 @@ dataplane: clusterIssuer: *clusterIssuer postgresql: - primary: - persistence: - enabled: true - readReplicas: - persistence: - enabled: true + persistence: + enabled: true + size: 10Gi + storageClass: "" + +vault: + hashicorp: + init: + enabled: true \ No newline at end of file diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index af390116f5..6c0c72c082 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -270,7 +270,6 @@ controlplane: # -- Extra environment variables that will be passed onto deployment pods env: EDC_IAM_DID_WEB_USE_HTTPS: true - EDC_IAM_ISSUER_ID: did:web:wallet.staging.construct-x.net:user TX_EDC_POSTGRESQL_MIGRATION_ASSET_ENABLED: false TX_EDC_POSTGRESQL_MIGRATION_AGREEMENTBPNS_ENABLED: false TX_EDC_POSTGRESQL_MIGRATION_BPN_ENABLED: false @@ -283,8 +282,10 @@ controlplane: TX_EDC_POSTGRESQL_MIGRATION_POLICY-MONITOR_ENABLED: false TX_EDC_POSTGRESQL_MIGRATION_POLICY_ENABLED: false TX_EDC_POSTGRESQL_MIGRATION_TRANSFERPROCESS_ENABLED: false - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: usersecret EDC_IAM_CREDENTIAL_REVOCATION_MIMETYPE: application/json + TX_EDC_IAM_IATP_DEFAULT-SCOPES_TEST_ALIAS: org.eclipse.dspace.dcp.vc.type + TX_EDC_IAM_IATP_DEFAULT-SCOPES_TEST_TYPE: MembershipCredential + TX_EDC_IAM_IATP_DEFAULT-SCOPES_TEST_OPERATION: read # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core @@ -576,9 +577,6 @@ dataplane: EDC_IAM_DID_WEB_USE_HTTPS: true EDC_DATA_PLANE_SELF_UNREGISTRATION: true EDC_IAM_CREDENTIAL_REVOCATION_MIMETYPE: application/json - EDC_IAM_ISSUER_ID: did:web:wallet.staging.construct-x.net:user - EDC_IAM_TRUSTED-ISSUER_EXAMPLE_ID: did:web:issuer-wallet.staging.construct-x.net:issuer - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS: usersecret # -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core @@ -701,20 +699,30 @@ dataplane: public: "" postgresql: - image: - repository: "bitnamilegacy/postgresql" - tag: "16.2.0-debian-12-r10" + # JDBC connection URL passed to the edc runtime. jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" - primary: - persistence: - enabled: false - readReplicas: - persistence: - enabled: false auth: + # Name of the PostgreSQL database created on first start. Must match with postgresql.jdbcUrl path. database: "edc" + # PostgreSQL user that the issuer-wallet connects as. username: "user" + # Password for the PostgreSQL user. Change before production use. password: "password" + persistence: + # Persist data across pod restarts. + enabled: true + size: 10Gi + storageClass: "" + # Initialization scripts ConfigMap + initdb: + scriptsConfigMap: "" # Optional: ConfigMap with init scripts + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 250m + memory: 256Mi vault: injector: @@ -735,6 +743,9 @@ vault: secret: /v1/secret health: /v1/sys/health folder: "" + init: + # Whether to run the post-install vault-init job that seeds required secrets. Creates RSA Keys for dataplane.token.signer and dataplane.token.verifier. + enabled: false networkPolicy: # -- If `true` network policy will be created to restrict access to control- and dataplane diff --git a/edc-controlplane/edc-controlplane-construct-x/local/README.md b/edc-controlplane/edc-controlplane-construct-x/local/README.md index 342ba4e575..dac9e8daca 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/README.md +++ b/edc-controlplane/edc-controlplane-construct-x/local/README.md @@ -5,8 +5,9 @@ This `docker-compose.yaml` provides you a minimal environment for testing a pair It will start the following containers on your local machine: -- two instances of con-x wallets (one for a con-x issuer and one for a consumer and a provider each) -- two instances of our current Construct-X controlplanes (one for a consumer and a provider each) +- one instance of an issuer-service +- two instances of identity-hubs (for consumer and provider each) +- two instances of our current Construct-X controlplanes (as above) - two instances of our current Construct-X dataplanes (as above) - one Postgres DB (which is, for the sake of saving you resources on your local machine, shared by all aforementioned containers) - one HashiCorp Vault (also shared) @@ -16,11 +17,8 @@ It will start the following containers on your local machine: Before anything else, please make sure you have the docker images for con-x-controlplane-postgresql-hashicorp-vault in your local docker repository, see [here](../con-x-controlplane-postgresql-hashicorp-vault/README.md) and [here](../../../edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/README.md). -Beyond that, you need to obtain the docker image needed to run the wallets. The image is hosted on ghcr.io and should -be downloaded automatically as soon as you start the docker-compose (see below). If the image download fails, the most -likely reason is that you need to do a docker login first. Please use a GitHub account, that is a member of the project-construct-x GitHub organization. If you don't already have one, you will need to create a Personal Access Token (classic) on your GitHub account. This token should minimally have the 'read:packages' privilege. - -Then please open a shell and do a docker login with that token as described [here](https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#authenticating-with-a-personal-access-token-classic). +Beyond that, you need to obtain the docker images needed to run the identity hub and the issuer services. In order to do so, please check out this [repository](https://github.com/FraunhoferISST/dev-identity-services) and clone it onto your local machine. The upper section of this [README](https://github.com/FraunhoferISST/dev-identity-services/blob/main/runtimes/dev/README.md) informs +you about the steps necessary to create the docker images. ### Start the environment @@ -61,10 +59,11 @@ The issuer-participant will act as the dataspaces' trusted issuer. This issuer i out verifiable credentials, which the members of the dataspace can use to prove their membership (or potentially other relevant properties of themselves) to other partners in the same dataspace. After the registration of the issuer we are also providing the basic definition of the credential that shall be issued. And we also need register the expected ( -user-) members of the dataspace at the issuer service as holders at the trusted issuer's participant context. +user-) members of the dataspace at the issuer service as holders at the trusted issuer's participant context. + +Assuming that the majority of users does not (at least in the beginning) want to get into the details of designing credentials, you can most probably skip the `Optionalconfig` folder (though it does no harm, if you run these requests, as long as you don't edit these requests in any way). If you're interested in the (rather advanced) topic of using customized credential subject contents in your credentials, you can take a further look at this [README](https://github.com/FraunhoferISST/dev-identity-services/blob/main/runtimes/dev/README.md). -The `createAttestation` and the `createCredentialDef` requests are technically necessary to prepare the issuer to handle -incoming credential requests from the consumer and provider wallet. If you're an average user, you just need to know that +Pretty much the same goes for the `createAttestation` and the `createCredentialDef` requests. If you're an average user, you just need to know that they are a technical necessity at this point and you just to need to run them to ensure that rest of the requests in this collection can be executed properly. ### Create a consumer and a provider identity @@ -80,6 +79,15 @@ respectively. And we can also do some kind of a simulated DCP flow with the just documentation in the Bruno collection if you are interested in learning some more details (though that is directed at the more advanced members of the audience here, beginners can definitely skip that part). +#### Known issue / validating the identity setup +In rare cases (chances seem to be below 0.5 %) there is currently a possibility, that one of the `CreateParticipant` calls may (silently) fail. We assume that this is something that needs to be fixed on the upstream EDC identity hub project. See this [issue](https://github.com/eclipse-edc/IdentityHub/issues/913) for details. If you are unfortunate enough encounter this bug, you should notice that one of the calls in the `InspectOutcome` folder shows an empty response and that (at least) the last call of `Simulated DCP Flow` shows a negative test result. + +If one encounter one these symptoms, we would suggest that you cleanly restart the entire docker compose (see below). Chances +are near 99 % that on your next attempt, you won't encounter this problem again. + +Also, if you're interested in some more details + + ### Do a transaction between provider and consumer Finally, we are ready now to do a more or less 'normal' DSP/DCP protocol backed transaction between the consumer and the diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/logging.properties b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/logging.properties new file mode 100644 index 0000000000..5c9a7fbcb3 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/logging.properties @@ -0,0 +1,18 @@ +handlers = java.util.logging.ConsoleHandler + +# Console Handler Config + +java.util.logging.ConsoleHandler.formatter = org.eclipse.tractusx.identityhub.monitor.ColorfulFormatter +java.util.logging.ConsoleHandler.level = FINE + +# Root level und Package-level + +.level = INFO +jakarta.json.level = OFF +jdk.event.level = OFF +okhttp3.internal.level = OFF +org.eclipse.edc.level = FINE +org.flywaydb.level = OFF +org.glassfish.level = OFF +org.jvnet.level = OFF +org.postgresql.level = OFF \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/mc-cred-def.json b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/mc-cred-def.json new file mode 100644 index 0000000000..9defee0bfa --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/mc-cred-def.json @@ -0,0 +1,10 @@ +{ + "MC-Cred-Def": { + "blackList": [], + "default": { + "credentialSubject": { + "isMember": true + } + } + } +} \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh index 22e478363f..996c237bba 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh @@ -49,29 +49,4 @@ create_and_store_keypair() { # create keypair for consumer and provider dataplane: create_and_store_keypair "cons" -create_and_store_keypair "prov" - -create_and_store_aes_key() { - local prefix=$1 - local aes_key - - # AES-Key erzeugen - aes_key="$(openssl rand -base64 32 | tr -d '\n')" - - # write AES-Key to vault, bind path to prefix - jq -n --arg content "$aes_key" '{data:{content:$content}}' | \ - curl -sSf \ - -H "X-Vault-Token: $TOKEN" \ - -H "Content-Type: application/json" \ - -X POST \ - --data-binary @- \ - "$VAULT/v1/secret/data/${prefix}-aes-key-alias" \ - || { echo "Failed to create aes key entry for ${prefix}"; exit 1; } - - echo "AES key stored at secret/data/${prefix}-aes-key-alias" -} - -# create AES keys for wallets -create_and_store_aes_key "issuer-wallet" -create_and_store_aes_key "consumer-wallet" -create_and_store_aes_key "provider-wallet" \ No newline at end of file +create_and_store_keypair "prov" \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru index df66b443df..09f0b73b0e 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru @@ -19,9 +19,12 @@ vars { PROVIDER_IDHUB_ID_API: http://localhost:21100/api/identity PROVIDER_IDHUB_STS_API: http://localhost:21500/api/sts PROVIDER_IDHUB_CREDS_API: http://localhost:21600/api/credentials - ISS_ID: did:web:local-issuer-wallet:con-x-issuer - CONS_ID: did:web:consumer-wallet:user:consumer - PROV_ID: did:web:provider-wallet:user:provider + ISS_ID: did:web:local-issuer-service:con-x-issuer + CONS_ID: did:web:consumer-idhub:user:consumer + PROV_ID: did:web:provider-idhub:user:provider + B64_ISS_ID: + B64_CONS_ID: + B64_PROV_ID: cons_access_token: eyJraWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIja2V5LTEiLCJhbGciOiJFZDI1NTE5In0.eyJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIiLCJuYmYiOjE3NzAyNzg5NTQsInNjb3BlIjoib3JnLmVjbGlwc2UudHJhY3R1c3gudmMudHlwZTpNZW1iZXJzaGlwQ3JlZGVudGlhbDpyZWFkIiwiaXNzIjoiZGlkOndlYjpjb25zdW1lci1pZGh1Yjp1c2VyOmNvbnN1bWVyIiwiZXhwIjoxNzcwMjc5MjU0LCJpYXQiOjE3NzAyNzg5NTQsImp0aSI6ImFjY2Vzc3Rva2VuLTcxYThmNTA5LTgwYTktNDMwZC1iMjU0LTMxNGFiYTBkNjY5OSJ9.ipRpdi_Ekh7y4IIqhqLgHU35Fn7NNkv6e6hILXy8pZObdy33y3MKppI61424eyHwqzmh7X2kwV2S5gDy3aOKCQ prov_access_token: eyJraWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIja2V5LTEiLCJhbGciOiJFZDI1NTE5In0.eyJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJuYmYiOjE3NzAyNzg5NTUsImlzcyI6ImRpZDp3ZWI6cHJvdmlkZXItaWRodWI6dXNlcjpwcm92aWRlciIsImV4cCI6MTc3MDI3OTI1NSwiaWF0IjoxNzcwMjc4OTU1LCJqdGkiOiJkNjA0MTVjOS1kMGM0LTRiNWQtYjI4My01ZmNmYjhlMDY2OGQiLCJ0b2tlbiI6ImV5SnJhV1FpT2lKa2FXUTZkMlZpT21OdmJuTjFiV1Z5TFdsa2FIVmlPblZ6WlhJNlkyOXVjM1Z0WlhJamEyVjVMVEVpTENKaGJHY2lPaUpGWkRJMU5URTVJbjAuZXlKaGRXUWlPaUprYVdRNmQyVmlPbU52Ym5OMWJXVnlMV2xrYUhWaU9uVnpaWEk2WTI5dWMzVnRaWElpTENKemRXSWlPaUprYVdRNmQyVmlPbkJ5YjNacFpHVnlMV2xrYUhWaU9uVnpaWEk2Y0hKdmRtbGtaWElpTENKdVltWWlPakUzTnpBeU56ZzVOVFFzSW5OamIzQmxJam9pYjNKbkxtVmpiR2x3YzJVdWRISmhZM1IxYzNndWRtTXVkSGx3WlRwTlpXMWlaWEp6YUdsd1EzSmxaR1Z1ZEdsaGJEcHlaV0ZrSWl3aWFYTnpJam9pWkdsa09uZGxZanBqYjI1emRXMWxjaTFwWkdoMVlqcDFjMlZ5T21OdmJuTjFiV1Z5SWl3aVpYaHdJam94Tnpjd01qYzVNalUwTENKcFlYUWlPakUzTnpBeU56ZzVOVFFzSW1wMGFTSTZJbUZqWTJWemMzUnZhMlZ1TFRjeFlUaG1OVEE1TFRnd1lUa3RORE13WkMxaU1qVTBMVE14TkdGaVlUQmtOalk1T1NKOS5pcFJwZGlfRWtoN3k0SUlxaHFMZ0hVMzVGbjdOTmt2NmU2aElMWHk4cFpPYmR5MzN5M01LcHBJNjE0MjRleUh3cXptaDdYMmt3VjJTNWdEeTNhT0tDUSJ9.42YDTnuzZ0RprqLjFw6hUoAXrgpPxyzKNFrqLdbWz6HXAiujkq32QAFU-M9gtQ0hMNcjshRZUX6DryBWxhGNDw offerId: MQ==:YXNzZXRJZA==:MDFhN2ZjYWYtODgzOS00N2JmLTllZDAtM2Y0YjliMTFiOWM5 @@ -29,7 +32,4 @@ vars { contractId: 3345f7f1-f735-4c92-8aa2-6e137203b2f9 transferId: 3ebe55c6-900a-4c03-b213-20c5c3f0274d pullSecret: eyJraWQiOiJwcm92X3B1YiIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJhbm9ueW1vdXMiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJzdWIiOiJhbm9ueW1vdXMiLCJpYXQiOjE3NzAyNzg5ODgsImp0aSI6IjUwYWQxMjk3LWZhN2QtNDI0ZC1hNjBhLTg5M2MwMGE4OTZhYyJ9.GkSz0qXhFmqPaLQpfPLkAvODX-iekoAQvLh3Kglhm7DApNF3PsGnv-Qzm7m8eNAqTUTWB9XXkRng_XqWmuAd-FWvzwG8d7ZaAahuykkOgX1W7vHWBMdJa-zvNm0cnzm-TQLWYCU-tDSKk_g_UrDUaFf9Jdq-avCoer3wcZrEmrf0K4o_WWs-l5hZEfDIOYHRsgoCY3P8pMcZYRjV57zdLUDl9SvLuCRR0ex0fKxJ2pb7mlaCL5ooD6fRaqWyrLvrIKZaDYfwKrX7IRJT9ePKyls9VKA9JBakh676L0jBr5-2TYG3uE9Xhyv4CZlqyck-_NyiL4Jao8-lL5FVCbPDVQ - ISS_PART_CONT: localissuer - CONS_PART_CONT: consumer - PROV_PART_CONT: provider } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru index 5886d0f70b..679b88d710 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru @@ -14,19 +14,6 @@ headers { x-api-key: YWRtaW4.adminKey } -script:pre-request { - const t = Date.now(); - await new Promise(resolve => setTimeout(resolve, 2500)); - console.log("Waited " + (Date.now() - t) + " ms"); -} - -tests { - test("Got non-empty response", function(){ - const body = res.getBody(); - expect(body).to.be.an("array").that.is.not.empty; - }) -} - settings { encodeUrl: true timeout: 0 diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials.bru index 072de2cdd0..6f276a3a00 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials.bru @@ -14,13 +14,6 @@ headers { x-api-key: YWRtaW4.adminKey } -tests { - test("Got non-empty response", function(){ - const body = res.getBody() - expect(body).to.be.an("array").that.is.not.empty; - }) -} - settings { encodeUrl: true timeout: 0 diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru index 6c2d065aa4..85b5611188 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru @@ -16,37 +16,30 @@ headers { body:json { { - "roles": [], - "serviceEndpoints": [ - { + "roles":[], + "serviceEndpoints":[{ "id": "ConsumerCredentialService-ID", - "type": "CredentialService", - "serviceEndpoint": "http://consumer-wallet:13131/api/credentials/v1/participants/{{CONS_PART_CONT}}" - }, - { - "id": "ConsumerIssuerService-ID", - "type": "IssuerService", - "serviceEndpoint": "http://consumer-wallet:13132/api/issuance/v1alpha/participants/{{CONS_PART_CONT}}" + "type": "CredentialService", + "serviceEndpoint": "http://consumer-idhub:13131/api/credentials/v1/participants/{{B64_CONS_ID}}" + }], + "active": true, + "participantContextId": "{{CONS_ID}}", + "did": "{{CONS_ID}}", + "key":{ + "keyId": "{{CONS_ID}}#key-1", + "privateKeyAlias": "{{CONS_ID}}-alias", + "keyGeneratorParams":{ + "algorithm": "EdDSA", + "curve": "Ed25519" + } } - ], - "active": true, - "participantContextId": "{{CONS_PART_CONT}}", - "did": "{{CONS_ID}}", - "key": { - "keyId": "{{CONS_ID}}#key-1", - "privateKeyAlias": "{{CONS_ID}}-alias", - "keyGeneratorParams": { - "algorithm": "EdDSA", - "curve": "Ed25519" - } - } } } script:pre-request { + const btoa = require("btoa"); const cons_id = bru.getEnvVar("CONS_ID"); - const participantContext = cons_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("CONS_PART_CONT", participantContext); + bru.setEnvVar("B64_CONS_ID", btoa(cons_id)); } script:post-response { diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru index 557b4b54a5..fdb531e548 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru @@ -1,7 +1,7 @@ meta { name: Get Consumer DID Doc type: http - seq: 3 + seq: 2 } get { @@ -11,7 +11,7 @@ get { } headers { - Host: consumer-wallet + Host: consumer-idhub } settings { diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerDevMemCredential.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru similarity index 55% rename from edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerDevMemCredential.bru rename to edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru index 922b9e7b11..caa59e2563 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerDevMemCredential.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru @@ -1,11 +1,11 @@ meta { - name: RequestConsumerDevMemCredential + name: RequestConsumerCredential type: http - seq: 2 + seq: 3 } post { - url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/participants/{{CONS_PART_CONT}}/credentials/request + url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/participants/{{B64_CONS_ID}}/credentials/request body: json auth: none } @@ -16,15 +16,15 @@ body:json { "credentials": [{ "format": "VC1_0_JWT", "type": "MembershipCredential", - "id": "dev-credential-def-1" + "id": "MC-Cred-Def" }] } } script:pre-request { + const btoa = require("btoa"); const cons_id = bru.getEnvVar("CONS_ID"); - const participantContext = cons_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("CONS_PART_CONT", participantContext); + bru.setEnvVar("B64_CONS_ID", btoa(cons_id)); req.setHeader("x-api-key", bru.getEnvVar("CONSUMER_IH_APIKEY")); } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru index 380ab5c193..92ac1fc389 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru @@ -19,18 +19,13 @@ body:json { "roles": [], "serviceEndpoints": [ { - "id": "IssuerIssuerService-ID", - "type": "IssuerService", - "serviceEndpoint": "http://local-issuer-wallet:13132/api/issuance/v1alpha/participants/{{ISS_PART_CONT}}" - }, - { - "id": "IssuerCredentialService-ID", - "type": "CredentialService", - "serviceEndpoint": "http://local-issuer-wallet:13131/api/credentials/v1/participants/{{ISS_PART_CONT}}" + "id": "Issuer-IssuerService", + "type": "IssuerService", + "serviceEndpoint": "http://local-issuer-service:13132/api/issuance/v1alpha/participants/{{B64_ISS_ID}}" } ], "active": true, - "participantContextId": "{{ISS_PART_CONT}}", + "participantContextId": "{{ISS_ID}}", "did": "{{ISS_ID}}", "key": { "keyId": "{{ISS_ID}}#key-1", @@ -44,9 +39,9 @@ body:json { } script:pre-request { + const btoa = require("btoa"); const iss_id = bru.getEnvVar("ISS_ID"); - const participantContext = iss_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("ISS_PART_CONT", participantContext); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); } script:post-response { diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Get Issuer DID Doc.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Get Issuer DID Doc.bru deleted file mode 100644 index 0c5112c435..0000000000 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Get Issuer DID Doc.bru +++ /dev/null @@ -1,20 +0,0 @@ -meta { - name: Get Issuer DID Doc - type: http - seq: 2 -} - -get { - url: {{ISSUER_DID_API}}/con-x-issuer/did.json - body: none - auth: inherit -} - -headers { - Host: local-issuer-wallet -} - -settings { - encodeUrl: true - timeout: 0 -} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/GetConfig.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/GetConfig.bru new file mode 100644 index 0000000000..03b59dab22 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/GetConfig.bru @@ -0,0 +1,26 @@ +meta { + name: GetConfig + type: http + seq: 1 +} + +get { + url: {{ISSUER_ISS_API}}/v1alpha/credentialsetup/{{B64_ISS_ID}} + body: none + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/SetConfig.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/SetConfig.bru new file mode 100644 index 0000000000..b20210edde --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/SetConfig.bru @@ -0,0 +1,39 @@ +meta { + name: SetConfig + type: http + seq: 2 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/credentialsetup/{{B64_ISS_ID}} + body: json + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +body:json { + { + "MC-Cred-Def": { + "blackList": [], + "default": { + "credentialSubject": { + "isMember": true + } + } + } + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/folder.bru new file mode 100644 index 0000000000..b4adf7b488 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/folder.bru @@ -0,0 +1,16 @@ +meta { + name: Optionalconfig +} + +auth { + mode: inherit +} + +docs { + The requests in this folder are only for advanced users who are interested in creating different types of credentials. Other users can safely ignore this. + + Additional info can be found here: + + https://github.com/factory-x-contributions/fx-id-hub-charts/tree/feat/quickfix_main/extensions/quickfix + +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru index 11f36cebcf..2fed748a75 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru @@ -1,11 +1,11 @@ meta { name: addConsumerHolder type: http - seq: 3 + seq: 2 } post { - url: {{ISSUER_ISS_API}}/v1alpha/participants/{{ISS_PART_CONT}}/holders + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/holders body: json auth: inherit } @@ -14,14 +14,17 @@ body:json { { "holderId" : "{{CONS_ID}}", "did" : "{{CONS_ID}}", - "name" : "{{CONS_PART_CONT}}" + "name" : "{{CONS_ID}}" } } script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + const cons_id = bru.getEnvVar("CONS_ID"); - const participantContext = cons_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("CONS_PART_CONT", participantContext); + bru.setEnvVar("B64_CONS_ID", btoa(cons_id)); req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru index e10bfc6ac6..d31390290d 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru @@ -1,11 +1,11 @@ meta { name: addProviderHolder type: http - seq: 4 + seq: 3 } post { - url: {{ISSUER_ISS_API}}/v1alpha/participants/{{ISS_PART_CONT}}/holders + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/holders body: json auth: inherit } @@ -14,14 +14,16 @@ body:json { { "holderId" : "{{PROV_ID}}", "did" : "{{PROV_ID}}", - "name" : "{{PROV_PART_CONT}}" + "name" : "{{PROV_ID}}" } } script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); const prov_id = bru.getEnvVar("PROV_ID"); - const participantContext = prov_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("PROV_PART_CONT", participantContext); + bru.setEnvVar("B64_PROV_ID", btoa(prov_id)); req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createAttestation.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createAttestation.bru new file mode 100644 index 0000000000..05874d6ee5 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createAttestation.bru @@ -0,0 +1,39 @@ +meta { + name: createAttestation + type: http + seq: 4 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/attestations + body: json + auth: none +} + +headers { + ~x-api-key: {{ISSUER_APIKEY}} +} + +body:json { + { + "attestationType": "presentation", + "configuration": { + "credentialType": "MembershipCredential", + "outputClaim": "isMember", + "required": false + }, + "id": "MC-Attestation" + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createCredentialDef.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createCredentialDef.bru new file mode 100644 index 0000000000..e188d5475e --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createCredentialDef.bru @@ -0,0 +1,38 @@ +meta { + name: createCredentialDef + type: http + seq: 5 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/credentialdefinitions + body: json + auth: inherit +} + +body:json { + { + "attestations": ["MC-Attestation"], + "credentialType": "MembershipCredential", + "format": "VC1_0_JWT", + "id": "MC-Cred-Def", + "jsonSchema": "{}", + "jsonSchemaUrl": "", + "mappings": [ + ], + "validity": 15552000 + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + + req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createDevAttestation.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createDevAttestation.bru deleted file mode 100644 index 1e9801e71c..0000000000 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createDevAttestation.bru +++ /dev/null @@ -1,55 +0,0 @@ -meta { - name: createDevAttestation - type: http - seq: 5 -} - -post { - url: {{ISSUER_ISS_API}}/v1alpha/participants/{{ISS_PART_CONT}}/attestations - body: json - auth: none -} - -headers { - ~x-api-key: {{ISSUER_APIKEY}} -} - -body:json { - { - "attestationType": "dev", - "id": "dev-def-1", - "configuration": { - "{{CONS_ID}}": { - "isConsumer": true, - "isProvider": false, - "foo": { - "bar": 123 - } - }, - "{{PROV_ID}}": { - "isConsumer": false, - "isProvider": true, - "foo": { - "bar": 789 - } - }, - "default": { - "isConsumer": false, - "isProvider": false, - "foo": { - "bar": 0 - } - }, - "blackList": [] - } - } -} - -script:pre-request { - req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); -} - -settings { - encodeUrl: true - timeout: 0 -} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createDevMemCredentialDef.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createDevMemCredentialDef.bru deleted file mode 100644 index fe36fe1f4e..0000000000 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createDevMemCredentialDef.bru +++ /dev/null @@ -1,42 +0,0 @@ -meta { - name: createDevMemCredentialDef - type: http - seq: 6 -} - -post { - url: {{ISSUER_ISS_API}}/v1alpha/participants/{{ISS_PART_CONT}}/credentialdefinitions - body: json - auth: inherit -} - -body:json { - { - "attestations": [ - "dev-def-1" - ], - "credentialType": "MembershipCredential", - "id": "dev-credential-def-1", - "jsonSchema": "{}", - "jsonSchemaUrl": "https://example.com/schema/dev-credential.json", - "mappings": [ - { - "input": "content", - "output": "credentialSubject", - "required": true - } - ], - "rules": [], - "format": "VC1_0_JWT", - "validity": 15552000 - } -} - -script:pre-request { - req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); -} - -settings { - encodeUrl: true - timeout: 0 -} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru index d37af1d728..2c43e1e115 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru @@ -16,37 +16,30 @@ headers { body:json { { - "roles": [], - "serviceEndpoints": [ - { - "id": "ProviderCredentialService-ID", - "type": "CredentialService", - "serviceEndpoint": "http://provider-wallet:13131/api/credentials/v1/participants/{{PROV_PART_CONT}}" - }, - { - "id": "ProviderIssuerService-ID", - "type": "IssuerService", - "serviceEndpoint": "http://provider-wallet:13132/api/issuance/v1alpha/participants/{{PROV_PART_CONT}}" + "roles":[], + "serviceEndpoints":[{ + "id": "ConsumerCredentialService-ID", + "type": "CredentialService", + "serviceEndpoint": "http://provider-idhub:13131/api/credentials/v1/participants/{{B64_PROV_ID}}" + }], + "active": true, + "participantContextId": "{{PROV_ID}}", + "did": "{{PROV_ID}}", + "key":{ + "keyId": "{{PROV_ID}}#key-1", + "privateKeyAlias": "{{PROV_ID}}-alias", + "keyGeneratorParams":{ + "algorithm": "EdDSA", + "curve": "Ed25519" + } } - ], - "active": true, - "participantContextId": "{{PROV_PART_CONT}}", - "did": "{{PROV_ID}}", - "key": { - "keyId": "{{PROV_ID}}#key-1", - "privateKeyAlias": "{{PROV_ID}}-alias", - "keyGeneratorParams": { - "algorithm": "EdDSA", - "curve": "Ed25519" - } - } } } script:pre-request { + const btoa = require("btoa"); const prov_id = bru.getEnvVar("PROV_ID"); - const participantContext = prov_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("PROV_PART_CONT", participantContext); + bru.setEnvVar("B64_PROV_ID", btoa(prov_id)); } script:post-response { diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru index 0187613b95..67dc6c4baa 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru @@ -1,7 +1,7 @@ meta { name: Get Provider DID Doc type: http - seq: 3 + seq: 2 } get { @@ -11,7 +11,7 @@ get { } headers { - Host: provider-wallet + Host: provider-idhub } settings { diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderDevMemCredential.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderCredential.bru similarity index 55% rename from edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderDevMemCredential.bru rename to edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderCredential.bru index b71fd56e0c..364ca2a4a6 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderDevMemCredential.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderCredential.bru @@ -1,11 +1,11 @@ meta { - name: RequestProviderDevMemCredential + name: RequestProviderCredential type: http - seq: 2 + seq: 3 } post { - url: {{PROVIDER_IDHUB_ID_API}}/v1alpha/participants/{{PROV_PART_CONT}}/credentials/request + url: {{PROVIDER_IDHUB_ID_API}}/v1alpha/participants/{{B64_PROV_ID}}/credentials/request body: json auth: none } @@ -16,15 +16,15 @@ body:json { "credentials": [{ "format": "VC1_0_JWT", "type": "MembershipCredential", - "id": "dev-credential-def-1" + "id": "MC-Cred-Def" }] } } script:pre-request { + const btoa = require("btoa"); const prov_id = bru.getEnvVar("PROV_ID"); - const participantContext = prov_id.split(":").slice(3).join(":").replace(/:/g, "-"); - bru.setEnvVar("PROV_PART_CONT", participantContext); + bru.setEnvVar("B64_PROV_ID", btoa(prov_id)); req.setHeader("x-api-key", bru.getEnvVar("PROVIDER_IH_APIKEY")); } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru index 16b2325aa7..1cf237a75b 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru @@ -15,7 +15,7 @@ body:form-urlencoded { client_secret: {{CONSUMER_STS_SECRET}} client_id: {{CONS_ID}} audience: {{PROV_ID}} - bearer_access_scope: org.eclipse.dspace.dcp.vc.type:MembershipCredential:read + bearer_access_scope: org.eclipse.tractusx.vc.type:MembershipCredential:read } script:post-response { diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru index 8ea42d7663..a8d2564895 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru @@ -5,7 +5,7 @@ meta { } post { - url: {{CONSUMER_IDHUB_CREDS_API}}/v1/participants/{{CONS_PART_CONT}}/presentations/query + url: {{CONSUMER_IDHUB_CREDS_API}}/v1/participants/{{B64_CONS_ID}}/presentations/query body: json auth: bearer } @@ -17,27 +17,23 @@ auth:bearer { body:json { { "@context": [ - "https://w3id.org/dspace-dcp/v1.0/dcp.jsonld", + "https://w3id.org/tractusx-trust/v0.8", "https://identity.foundation/presentation-exchange/submission/v1" ], "type": "PresentationQueryMessage", "presentationDefinition": null, "scope": [ - "org.eclipse.dspace.dcp.vc.type:MembershipCredential:read" + "org.eclipse.tractusx.vc.type:MembershipCredential:read" ] } } tests { - test("Contains VerifiableCredential", function(){ - const atob = require("atob"); - const presentation = res.getBody().presentation[0]; - const decodedPayload = JSON.parse(atob(presentation.split(".")[1])); - - const verifiableCred = atob(decodedPayload.vp.verifiableCredential[0].split(".")[1]); - - const success = verifiableCred.includes("VerifiableCredential") - expect(success); + test("contains presentation", function(){ + const presentation = res.getBody().presentation; + const isString = typeof(presentation) == "string"; + const success = isString && presentation.split(".").length == 3; + expect(success == true); }) } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/RevokeCred.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/RevokeCred.bru deleted file mode 100644 index 059dddd91d..0000000000 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/RevokeCred.bru +++ /dev/null @@ -1,20 +0,0 @@ -meta { - name: RevokeCred - type: http - seq: 2 -} - -post { - url: {{ISSUER_ISS_API}}/v1alpha/participants/{{ISS_PART_CONT}}/credentials/{{credentialId}}/revoke - body: none - auth: inherit -} - -headers { - x-api-key: YWRtaW4.adminKey -} - -settings { - encodeUrl: true - timeout: 0 -} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/Version.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/Version.bru deleted file mode 100644 index d2197897e2..0000000000 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/Version.bru +++ /dev/null @@ -1,20 +0,0 @@ -meta { - name: Version - type: http - seq: 7 -} - -get { - url: http://localhost:29020/dsp/.well-known/dspace-version - body: none - auth: inherit -} - -headers { - Accept: application/json -} - -settings { - encodeUrl: true - timeout: 0 -} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/folder.bru deleted file mode 100644 index 70b6b92c45..0000000000 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/other/folder.bru +++ /dev/null @@ -1,8 +0,0 @@ -meta { - name: other - seq: 3 -} - -auth { - mode: inherit -} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru index b7635d665c..fa82fb9d44 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru @@ -16,9 +16,9 @@ body:json { "edc": "https://w3id.org/edc/v0.0.1/ns/" }, "@type": "TransferRequestDto", - "protocol": "dataspace-protocol-http:2025-1", + "protocol": "dataspace-protocol-http", "contractId": "{{contractId}}", - "counterPartyAddress": "http://provider-controlplane:9020/dsp/2025-1", + "counterPartyAddress": "http://provider-controlplane:9020/dsp", "connectorId": "{{PROV_ID}}", "transferType": "HttpData-PULL" } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru index 80e72fa844..b4cb6316a2 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru @@ -21,9 +21,9 @@ body:json { "odrl": "http://www.w3.org/ns/odrl/2/" }, "@type": "ContractRequest", - "counterPartyAddress": "http://provider-controlplane:9020/dsp/2025-1", + "counterPartyAddress": "http://provider-controlplane:9020/dsp", "connectorId": "{{PROV_ID}}", - "protocol": "dataspace-protocol-http:2025-1", + "protocol": "dataspace-protocol-http", "policy": { "@context": "http://www.w3.org/ns/odrl.jsonld", "@id": "{{offerId}}", diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru index 128f08a1c7..aab44ce5f5 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru @@ -15,22 +15,15 @@ body:json { "@context": { "@vocab": "https://w3id.org/edc/v0.0.1/ns/" }, - "counterPartyAddress": "http://provider-controlplane:9020/dsp/2025-1", + "counterPartyAddress": "http://provider-controlplane:9020/dsp", "counterPartyId": "{{PROV_ID}}", - "protocol": "dataspace-protocol-http:2025-1" + "protocol": "dataspace-protocol-http" + } } script:post-response { - const offerArray = res.getBody().dataset[0].hasPolicy; - var offerId; - res.getBody().dataset[0].hasPolicy.forEach(item => { - const type = item['@type']; - const id = item['@id']; - if (type != null && type == "Offer" && id != null) { - offerId = id; - } - }); + const offerId = res.getBody()['dcat:dataset']['odrl:hasPolicy']['@id']; bru.setEnvVar("offerId", offerId); } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru index 1ef94a8456..c54282bb58 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru @@ -3,10 +3,6 @@ meta { seq: 2 } -headers { - x-api-key: cons-management-api-key -} - auth { mode: inherit } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru index 3a2cc52bdf..8c38fee8f1 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru @@ -3,10 +3,6 @@ meta { seq: 1 } -headers { - x-api-key: prov-management-api-key -} - auth { mode: inherit } diff --git a/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml b/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml index a31e8e50d5..bf1c383ed2 100644 --- a/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml +++ b/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml @@ -19,15 +19,15 @@ # services: - local-issuer-wallet: - container_name: local-issuer-wallet - image: ghcr.io/project-construct-x/wallet:0.17.0-1 - pull_policy: missing + local-issuer-service: + container_name: local-issuer-service + image: issuerservice-dev:latest + pull_policy: never depends_on: shared-postgres: condition: service_healthy - vault-init: - condition: service_completed_successfully + shared-vault: + condition: service_healthy ports: - "1044:1044" # debugger - "10000:80" # did API -> / @@ -40,26 +40,25 @@ services: environment: - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:1044 - - EDC_STATUSLIST_CALLBACK_ADDRESS=http://local-issuer-wallet:9999/statuslist - - EDC_HOSTNAME=local-issuer-wallet - - EDC_ISSUER_ISSUANCE_SEND_RETRY_LIMIT=0 - - EDC_IAM_CREDENTIAL_RENEWAL_GRACEPERIOD=172800 - - EDC_IAM_DID_WEB_USE_HTTPS=false - - EDC_IH_API_SUPERUSER_ID=admin - - EDC_IH_API_KEY_SUPERUSER=YWRtaW4.adminKey - - EDC_ISSUER_STATUSLIST_SIGNING_KEY_ALIAS=foo - - EDC_ENCRYPTION_AES_KEY_ALIAS=issuer-wallet-aes-key-alias - - EDC_IAM_KEY_ALGORITHM=RSA - - EDC_IH_API_SUPERUSER_PUBLIC_KEY_ALIAS=admin1#pubkey - - EDC_IH_API_SUPERUSER_PRIVATE_KEY_ALIAS=admin1#privkey - - WEB_HTTP_DID_PORT=80 - - EDC_SQL_SCHEMA_AUTOCREATE=true - - EDC_DATASOURCE_DEFAULT_URL=jdbc:postgresql://shared-postgres:5432/iss_db - - EDC_DATASOURCE_DEFAULT_USER=admin - - EDC_DATASOURCE_DEFAULT_PASSWORD=password - - EDC_VAULT_HASHICORP_URL=http://shared-vault:8200 - - EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED=true - - EDC_VAULT_HASHICORP_TOKEN=vaultsecret0123456789 + - edc.statuslist.callback.address=http://local-issuer-service:9999/statuslist + - edc.hostname=local-issuer-service + - edc.ih.issuer.dev.defaultconfig=/app/setup.json + - edc.issuer.issuance.send.retry.limit=0 + - edc.iam.did.web.use.https=false + - edc.ih.api.superuser.id=admin + - edc.ih.api.superuser.key=YWRtaW4.adminKey + - edc.issuer.statuslist.signing.key.alias=foo + - web.http.did.port=80 + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/iss_db + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/mc-cred-def.json:/app/setup.json + - ./additional_config/logging.properties:/app/logging.properties networks: - con-x-test-network @@ -119,15 +118,15 @@ services: networks: - con-x-test-network - consumer-wallet: - container_name: consumer-wallet - image: ghcr.io/project-construct-x/wallet:0.17.0-1 - pull_policy: missing + consumer-idhub: + container_name: consumer-idhub + image: identityhub-dev:latest + pull_policy: never depends_on: shared-postgres: condition: service_healthy - vault-init: - condition: service_completed_successfully + shared-vault: + condition: service_healthy ports: - "1045:1045" # debugger - "20000:80" # did API -> / @@ -138,37 +137,32 @@ services: # - "9999:9999" # statuslist API -> /statuslist environment: - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:1045 - - EDC_HOSTNAME=consumer-wallet - - EDC_IAM_DID_WEB_USE_HTTPS=false - - EDC_ISSUER_ISSUANCE_SEND_RETRY_LIMIT=0 - - EDC_IAM_CREDENTIAL_RENEWAL_GRACEPERIOD=172800 - - EDC_IH_API_SUPERUSER_ID=admin - - EDC_IH_API_KEY_SUPERUSER=YWRtaW4.adminKey - - EDC_ISSUER_STATUSLIST_SIGNING_KEY_ALIAS=foo - - EDC_ENCRYPTION_AES_KEY_ALIAS=consumer-wallet-aes-key-alias - - EDC_IAM_KEY_ALGORITHM=RSA - - EDC_IH_API_SUPERUSER_PUBLIC_KEY_ALIAS=admin2#pubkey - - EDC_IH_API_SUPERUSER_PRIVATE_KEY_ALIAS=admin2#privkey - - WEB_HTTP_DID_PORT=80 - - EDC_SQL_SCHEMA_AUTOCREATE=true - - EDC_DATASOURCE_DEFAULT_URL=jdbc:postgresql://shared-postgres:5432/cons_ih_db - - EDC_DATASOURCE_DEFAULT_USER=admin - - EDC_DATASOURCE_DEFAULT_PASSWORD=password - - EDC_VAULT_HASHICORP_URL=http://shared-vault:8200 - - EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED=true - - EDC_VAULT_HASHICORP_TOKEN=vaultsecret0123456789 + - edc.hostname=consumer-idhub + - edc.iam.did.web.use.https=false + - edc.ih.api.superuser.id=admin + - edc.ih.api.superuser.key=YWRtaW4.adminKey + - web.http.did.port=80 + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/cons_ih_db + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/logging.properties:/app/logging.properties networks: - con-x-test-network - provider-wallet: - container_name: provider-wallet - image: ghcr.io/project-construct-x/wallet:0.17.0-1 - pull_policy: missing + provider-idhub: + container_name: provider-idhub + image: identityhub-dev:latest + pull_policy: never depends_on: shared-postgres: condition: service_healthy - vault-init: - condition: service_completed_successfully + shared-vault: + condition: service_healthy ports: - "1046:1045" # debugger - "21000:80" # did API -> / @@ -179,25 +173,20 @@ services: # - "9999:9999" # statuslist API -> /statuslist environment: - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:1045 - - EDC_HOSTNAME=provider-wallet - - EDC_IAM_DID_WEB_USE_HTTPS=false - - EDC_ISSUER_ISSUANCE_SEND_RETRY_LIMIT=0 - - EDC_IAM_CREDENTIAL_RENEWAL_GRACEPERIOD=172800 - - EDC_IH_API_SUPERUSER_ID=admin - - EDC_IH_API_KEY_SUPERUSER=YWRtaW4.adminKey - - EDC_ISSUER_STATUSLIST_SIGNING_KEY_ALIAS=foo - - EDC_ENCRYPTION_AES_KEY_ALIAS=provider-wallet-aes-key-alias - - EDC_IAM_KEY_ALGORITHM=RSA - - EDC_IH_API_SUPERUSER_PUBLIC_KEY_ALIAS=admin3#pubkey - - EDC_IH_API_SUPERUSER_PRIVATE_KEY_ALIAS=admin3#privkey - - WEB_HTTP_DID_PORT=80 - - EDC_SQL_SCHEMA_AUTOCREATE=true - - EDC_DATASOURCE_DEFAULT_URL=jdbc:postgresql://shared-postgres:5432/prov_ih_db - - EDC_DATASOURCE_DEFAULT_USER=admin - - EDC_DATASOURCE_DEFAULT_PASSWORD=password - - EDC_VAULT_HASHICORP_URL=http://shared-vault:8200 - - EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED=true - - EDC_VAULT_HASHICORP_TOKEN=vaultsecret0123456789 + - edc.hostname=provider-idhub + - edc.iam.did.web.use.https=false + - edc.ih.api.superuser.id=admin + - edc.ih.api.superuser.key=YWRtaW4.adminKey + - web.http.did.port=80 + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/prov_ih_db + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/logging.properties:/app/logging.properties networks: - con-x-test-network @@ -219,19 +208,17 @@ services: - tx.edc.postgresql.migration.policy-monitor.enabled=false - tx.edc.postgresql.migration.policy.enabled=false - tx.edc.postgresql.migration.transferprocess.enabled=false - - edc.iam.trusted-issuer.example.id=did:web:local-issuer-wallet:con-x-issuer + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer - edc.iam.did.web.use.https=false - edc.iam.sts.oauth.client.secret.alias=consumersecret - edc.iam.credential.revocation.mimetype=application/json - - edc.iam.sts.oauth.token.url=http://consumer-wallet:9292/api/sts/token - - edc.iam.sts.oauth.client.id=did:web:consumer-wallet:user:consumer - - edc.iam.issuer.id=did:web:consumer-wallet:user:consumer + - edc.iam.sts.oauth.token.url=http://consumer-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:consumer-idhub:user:consumer + - edc.iam.issuer.id=did:web:consumer-idhub:user:consumer - web.http.port=9000 - web.http.path=/api - web.http.management.port=9010 - web.http.management.path=/management - - web.http.management.auth.key=cons-management-api-key - - web.http.management.auth.type=tokenbased - web.http.protocol.port=9020 - web.http.protocol.path=/dsp - web.http.validation.port=9030 @@ -239,7 +226,7 @@ services: - web.http.control.port=9050 - web.http.control.path=/control - edc.hostname=consumer-controlplane - - edc.participant.id=did:web:consumer-wallet:user:consumer + - edc.participant.id=did:web:consumer-idhub:user:consumer - edc.dsp.callback.address=http://consumer-controlplane:9020/dsp - edc.sql.schema.autocreate=true - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/cons_cpl @@ -248,14 +235,8 @@ services: - edc.vault.hashicorp.url=http://shared-vault:8200 - edc.vault.hashicorp.health.check.enabled=true - edc.vault.hashicorp.token=vaultsecret0123456789 - - tx.edc.iam.iatp.default-scopes.test.alias=org.eclipse.dspace.dcp.vc.type - - tx.edc.iam.iatp.default-scopes.test.type=MembershipCredential - - tx.edc.iam.iatp.default-scopes.test.operation=read - healthcheck: - test: ["CMD-SHELL", "wget --spider http://localhost:9000/api/check/readiness || exit 1"] - start_period: 10s - interval: 3s - retries: 30 + volumes: + - ./additional_config/logging.properties:/app/dataspaceconnector-configuration.properties depends_on: shared-postgres: condition: service_healthy @@ -294,16 +275,18 @@ services: - edc.vault.hashicorp.url=http://shared-vault:8200 - edc.vault.hashicorp.health.check.enabled=true - edc.vault.hashicorp.token=vaultsecret0123456789 - - edc.iam.trusted-issuer.example.id=did:web:local-issuer-wallet:con-x-issuer + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer - edc.iam.did.web.use.https=false - edc.iam.sts.oauth.client.secret.alias=consumersecret - edc.iam.credential.revocation.mimetype=application/json - - edc.iam.sts.oauth.token.url=http://consumer-wallet:9292/api/sts/token - - edc.iam.sts.oauth.client.id=did:web:consumer-wallet:user:consumer - - edc.iam.issuer.id=did:web:consumer-wallet:user:consumer + - edc.iam.sts.oauth.token.url=http://consumer-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:consumer-idhub:user:consumer + - edc.iam.issuer.id=did:web:consumer-idhub:user:consumer depends_on: - consumer-controlplane: + shared-postgres: condition: service_healthy + vault-init: + condition: service_completed_successfully entrypoint: [ "java", "-jar", "edc-runtime.jar", "--log-level=DEBUG" ] ports: - "5008:5005" # Debugger @@ -329,19 +312,17 @@ services: - tx.edc.postgresql.migration.policy-monitor.enabled=false - tx.edc.postgresql.migration.policy.enabled=false - tx.edc.postgresql.migration.transferprocess.enabled=false - - edc.iam.trusted-issuer.example.id=did:web:local-issuer-wallet:con-x-issuer + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer - edc.iam.did.web.use.https=false - edc.iam.sts.oauth.client.secret.alias=providersecret - edc.iam.credential.revocation.mimetype=application/json - - edc.iam.sts.oauth.token.url=http://provider-wallet:9292/api/sts/token - - edc.iam.sts.oauth.client.id=did:web:provider-wallet:user:provider - - edc.iam.issuer.id=did:web:provider-wallet:user:provider + - edc.iam.sts.oauth.token.url=http://provider-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:provider-idhub:user:provider + - edc.iam.issuer.id=did:web:provider-idhub:user:provider - web.http.port=9000 - web.http.path=/api - web.http.management.port=9010 - web.http.management.path=/management - - web.http.management.auth.key=prov-management-api-key - - web.http.management.auth.type=tokenbased - web.http.protocol.port=9020 - web.http.protocol.path=/dsp - web.http.validation.port=9030 @@ -349,7 +330,7 @@ services: - web.http.control.port=9050 - web.http.control.path=/control - edc.hostname=provider-controlplane - - edc.participant.id=did:web:provider-wallet:user:provider + - edc.participant.id=did:web:provider-idhub:user:provider - edc.dsp.callback.address=http://provider-controlplane:9020/dsp - edc.sql.schema.autocreate=true - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/prov_cpl @@ -358,14 +339,8 @@ services: - edc.vault.hashicorp.url=http://shared-vault:8200 - edc.vault.hashicorp.health.check.enabled=true - edc.vault.hashicorp.token=vaultsecret0123456789 - - tx.edc.iam.iatp.default-scopes.test.alias=org.eclipse.dspace.dcp.vc.type - - tx.edc.iam.iatp.default-scopes.test.type=MembershipCredential - - tx.edc.iam.iatp.default-scopes.test.operation=read - healthcheck: - test: [ "CMD-SHELL", "wget --spider http://localhost:9000/api/check/readiness || exit 1" ] - start_period: 10s - interval: 3s - retries: 30 + volumes: + - ./additional_config/logging.properties:/app/dataspaceconnector-configuration.properties depends_on: shared-postgres: condition: service_healthy @@ -404,16 +379,18 @@ services: - edc.vault.hashicorp.url=http://shared-vault:8200 - edc.vault.hashicorp.health.check.enabled=true - edc.vault.hashicorp.token=vaultsecret0123456789 - - edc.iam.trusted-issuer.example.id=did:web:local-issuer-wallet:con-x-issuer + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer - edc.iam.did.web.use.https=false - edc.iam.sts.oauth.client.secret.alias=providersecret - edc.iam.credential.revocation.mimetype=application/json - - edc.iam.sts.oauth.token.url=http://provider-wallet:9292/api/sts/token - - edc.iam.sts.oauth.client.id=did:web:provider-wallet:user:provider - - edc.iam.issuer.id=did:web:provider-wallet:user:provider + - edc.iam.sts.oauth.token.url=http://provider-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:provider-idhub:user:provider + - edc.iam.issuer.id=did:web:provider-idhub:user:provider depends_on: - provider-controlplane: + shared-postgres: condition: service_healthy + vault-init: + condition: service_completed_successfully entrypoint: [ "java", "-jar", "edc-runtime.jar", "--log-level=DEBUG" ] ports: - "5007:5005" # Debugger