diff --git a/CHANGELOG.md b/CHANGELOG.md index e4c2e952e..337293616 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,9 +25,35 @@ SPDX-License-Identifier: CC-BY-4.0 The changelog format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - ## [Unreleased] +## [released] +## [v4.0.1] - 24-07-2024 + +### Added + +- Added unit tests for the dsp endpoint parsing functionality +- Added digital product pass compatibility matrix file to the repo root path + +### Updated + +- Updated typos and missing explanations in the dpp-verification documentation. +- Fixed typo in `AttributeCertificationRecord` which short name was `amr`, it was a typo and was corrected to `acr`. +- Aligned charts for dpp-verification add-on configuration in the configmap -> [#390](https://github.com/eclipse-tractusx/digital-product-pass/issues/390) +- @Deprecated old function to parse dsp endpoint with bpns. +- Updated default INT urls to the Association INT environement url path. +- Managed integration of latest IRS version chart: 7.4.0 and tested compatibility + +### Deleted + +- AssetId field removed from `transfer-request` model. Deprecated by the EDC v0.7.3 V3 Management Api -> [#390](https://github.com/eclipse-tractusx/digital-product-pass/issues/390) + +### Issues Fixed + +- Fixed issue with dsp endpoint parsing/building from Digital Twin submodelBody field. -> [#390](https://github.com/eclipse-tractusx/digital-product-pass/issues/390) +- Fixed policy chart misconfiguration for the passport and digital twin registry -> [#390](https://github.com/eclipse-tractusx/digital-product-pass/issues/390) + + ## [released] ## [v4.0.0] - 19-07-2024 diff --git a/COMPATIBILITY_MATRIX.md b/COMPATIBILITY_MATRIX.md new file mode 100644 index 000000000..7ef83a91a --- /dev/null +++ b/COMPATIBILITY_MATRIX.md @@ -0,0 +1,71 @@ + + +# Digital Product Pass Compatibility Matrix + +# v4.0.1 - R24.08 + +## dpp-backend-v4.0.1 + +| Dependency | Version | Helm | Comments | +|------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|-------|-----------------| +| [EDC](https://github.com/eclipse-tractusx/tractusx-edc) | 0.7.3 | [0.7.3](https://github.com/eclipse-tractusx/tractusx-edc/releases/tag/0.7.3) | Management API V3 | +| [Digital Twin Registry](https://github.com/eclipse-tractusx/sldt-digital-twin-registry) | 0.5.0 | [0.5.2](https://github.com/eclipse-tractusx/sldt-digital-twin-registry/releases/tag/digital-twin-registry-0.5.2) | | +| [Data Service](https://github.com/eclipse-tractusx/tractus-x-umbrella/tree/main/simple-data-backend) | 0.0.1 | [0.1.0](https://github.com/eclipse-tractusx/tractus-x-umbrella/blob/main/charts/simple-data-backend/Chart.yaml) | Available at TX Umbrella | +| [Item Relationship Service](https://github.com/eclipse-tractusx/item-relationship-service) | 5.4.0 | [7.4.0](https://github.com/eclipse-tractusx/item-relationship-service/releases/tag/item-relationship-service-7.4.0) | Component/Part Drill Down Add-on | +| [Simple Wallet](https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-verification/simple-wallet) | 1.0.0 | [1.0.0](https://github.com/eclipse-tractusx/digital-product-pass/blob/main/dpp-verification/charts/simple-wallet/Chart.yaml) | DPP Verification Add-on | +| [Certified Data Credential](https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-verification/semantics/io.catenax.dpp_verification.cdc/) | 1.0.0 | - | DPP Verification Add-on | + +The `dpp-backend` component can retrieve any model version thought the EDC proxy, however semantic Ids **MUST** be specified in priority order at the chart values.yaml. + +The models can be embedded in a `CertifiedDataCredential` as described in the [`dpp-verification` add-on](./dpp-verification/), but the search process is still performed by the "aspect model" payload semanticId. + +## dpp-frontend-v4.0.1 + +The frontend can visualize the following models only: + +| Model | Version | SemanticId | Comments | +| -- | -- | -- | -- | +| [Digital Product Passport](https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.generic.digital_product_passport) | 5.0.0 | `urn:samm:io.catenax.generic.digital_product_passport:5.0.0#DigitalProductPassport` | | +| [Battery Pass](https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.battery.battery_pass) | 6.0.0 | `urn:samm:io.catenax.battery.battery_pass:6.0.0#BatteryPass` | | +| [Transmission Pass](https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.transmission.transmission_pass) | 3.0.0 | `urn:samm:io.catenax.transmission.transmission_pass:3.0.0#TransmissionPass` | | +| [Certified Data Credential](https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-verification/semantics/io.catenax.dpp_verification.cdc/) | 1.0.0 | `urn:samm:io.catenax.dpp_verification.cdc:1.0.0#CertifiedDataCredential`| DPP Verification Add-on | + +## dpp-verification/simple-wallet-v1.0.0 + +| Model | Version | SemanticId | Comments | +| -- | -- | -- | -- | +| [Verifiable Credentials](https://www.w3.org/TR/vc-data-model-2.0/) | 2.0.0 | https://www.w3.org/ns/credentials/v2 | W3C Data Model | +| [Certified Data Credential](https://github.com/eclipse-tractusx/digital-product-pass/tree/main/dpp-verification/semantics/io.catenax.dpp_verification.cdc/) | 1.0.0 | `urn:samm:io.catenax.dpp_verification.cdc:1.0.0#CertifiedDataCredential`| DPP Verification Add-on with Catena-X semantic Models | +| [JsonWebSignature2020 & JsonWebKey2020 Proofs](https://www.w3.org/TR/vc-jws-2020/) | 1.0.0 | https://w3c.github.io/vc-jws-2020/contexts/v1/ | DPP Verification Signature & Keys types, used by Gaia-X | + +## NOTICE + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2022, 2024 BMW AG +- SPDX-FileCopyrightText: 2022, 2024 Henkel AG & Co. KGaA +- SPDX-FileCopyrightText: 2023, 2024 CGI Deutschland B.V. & Co. KG +- SPDX-FileCopyrightText: 2023, 2024 Contributors to the Eclipse Foundation +- Source URL: https://github.com/eclipse-tractusx/digital-product-pass diff --git a/README.md b/README.md index 0c75f7fa5..de9a2cce1 100644 --- a/README.md +++ b/README.md @@ -35,22 +35,22 @@ SPDX-License-Identifier: CC-BY-4.0 ## Description -The digital product passport application provides a consumer user interface to request a battery passport from a battery manufacturer using the standardized components and technologies in a Catena-X network. The passport will be displayed in a human-readable from any browser. The data exchange standards given by Catena-X are used to provide the battery passport to different personas (roles) in the network. +The digital product passport application provides a consumer user interface to request a battery passport from a battery manufacturer using the standardized components and technologies in a Catena-X network. The passport will be displayed in a human-readable from any browser. The data exchange standards given by Catena-X are used to provide the battery passport to different personas (roles) in the network. -In particular, the application is used to access the battery passport data provided by battery manufacturer. By scanning QR-code or knowing the manufacturer and battery-ID, a user can request the passport through **Eclipse Dataspace Connectors (EDCs)** over the Catena-X network. The passport provider will provide data attributes that is only visible to a permitted signed-in user. +In particular, the application is used to access the battery passport data provided by battery manufacturer. By scanning QR-code or knowing the manufacturer and battery-ID, a user can request the passport through **Eclipse Dataspace Connectors (EDCs)** over the Catena-X network. The passport provider will provide data attributes that is only visible to a permitted signed-in user. ### Software Version #### Helm Chart Version -
4.0.0
+
4.0.1
#### Application Version -
v4.0.0
+
v4.0.1
## Application Preview -Here is a preview from the DPP App UI, where we visualize a test battery passport in this case. +Here is a preview from the DPP App UI, where we visualize a test Digital Product Pass in this case. -![General Info View](./docs/architecture/media/GraphicBatteryPassportViewGeneralInfo.png) +![General Info View](./docs/media/passport-view.png) > **Note**: For more information check the [documentation section](./docs/README.md) @@ -90,6 +90,8 @@ It provides a generic concept for **Attribute Verification/Certification** by ex Furthermore, it gives guidance and ready to use components for verifying the data received from their Data Providers. The Digital Product Pass Add-on offers the consumers components like the [simple-wallet](./simple-wallet/), an **MVP decentral wallet** able to issue and verify aspect model Verifiable Credential Documents. It also provides a proof of concept (PoC) in the `dpp-backend` and `dpp-frontend` components for complete data payloads to be verified. +![Verification Add-on](./docs/media/verification-addon.png) + | Name | Description | | ------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------- | | [DPP Verification Docs](./dpp-verification/README.md) | The main documentation of the Digital Product Pass Verification Add-on contains the complete architecture blueprint and details about implementation in the application. | diff --git a/charts/digital-product-pass/Chart.yaml b/charts/digital-product-pass/Chart.yaml index 488f0af3d..681a1fca2 100644 --- a/charts/digital-product-pass/Chart.yaml +++ b/charts/digital-product-pass/Chart.yaml @@ -43,10 +43,10 @@ type: application # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 4.0.0 +version: 4.0.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "4.0.0" +appVersion: "4.0.1" diff --git a/charts/digital-product-pass/README.md b/charts/digital-product-pass/README.md index ce13a50d0..37ad98918 100644 --- a/charts/digital-product-pass/README.md +++ b/charts/digital-product-pass/README.md @@ -1,6 +1,6 @@ # digital-product-pass -![Version: 4.0.0](https://img.shields.io/badge/Version-4.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0.0](https://img.shields.io/badge/AppVersion-4.0.0-informational?style=flat-square) +![Version: 4.0.1](https://img.shields.io/badge/Version-4.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 4.0.1](https://img.shields.io/badge/AppVersion-4.0.1-informational?style=flat-square) A Helm chart for Tractus-X Digital Product Pass Kubernetes @@ -23,17 +23,17 @@ helm install digital-product-pass tractusx/digital-product-pass ## Source Code -* ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"policyCheck":{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false},"temporaryStorage":{"enabled":true,"lifetime":12},"timeouts":{"digitalTwin":40,"negotiation":60,"search":50,"transfer":20}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","readiness":"/api/check/readiness","transfer":"/transferprocesses"},"authorizationKey":"X-Api-Key","delay":100,"hostname":"","participantId":"","xApiKey":""},"hostname":"","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"annotations":{"ingressClassName":"nginx","nginx.ingress.kubernetes.io/backend-protocol":"HTTP","nginx.ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/ssl-passthrough":"false"},"enabled":false,"hosts":[{"host":"","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"apiKey":"","enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:samm:io.catenax.battery.battery_pass:6.0.0#BatteryPass","urn:samm:io.catenax.transmission.transmission_pass:3.0.0#TransmissionPass","urn:samm:io.catenax.generic.digital_product_passport:5.0.0#DigitalProductPassport"],"policyCheck":{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"CircularEconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}},"podSecurityContext":{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10000},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"},"singleApi":{"delay":1000,"maxRetries":30},"verification":{"autoVerify":true,"enabled":true,"wallet":{"apiKey":"","endpoints":{"health":"/health","verify":"/verify"},"url":"https://"}},"volumeMounts":[{"mountPath":"/app/config","name":"backend-config"},{"mountPath":"/app/data/process","name":"pvc-backend","subPath":"data/process"},{"mountPath":"/app/log","name":"tmpfs","subPath":"log"},{"mountPath":"/tmp","name":"tmpfs"},{"mountPath":"/app/data/VaultConfig","name":"tmpfs","subPath":"VaultConfig/vault.token.yml"},{"mountPath":"/app/tmp","name":"tmpfs"}],"volumes":[{"configMap":{"name":"{{ .Release.Name }}-backend-config"},"name":"backend-config"},{"name":"pvc-backend","persistentVolumeClaim":{"claimName":"{{ .Release.Name }}-pvc-data"}},{"emptyDir":{},"name":"tmpfs"}]}` | Backend configuration | -| backend.digitalTwinRegistry.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | policy configuration for the digital twin assets in the edc catalog | +| backend | object | `{"digitalTwinRegistry":{"endpoints":{"digitalTwin":"/shell-descriptors","search":"/lookup/shells","subModel":"/submodel-descriptors"},"policyCheck":{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"odrl:use","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false},"temporaryStorage":{"enabled":true,"lifetime":12},"timeouts":{"digitalTwin":40,"negotiation":60,"search":50,"transfer":20}},"discovery":{"bpnDiscovery":{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"},"edcDiscovery":{"key":"bpn"},"hostname":""},"edc":{"apis":{"catalog":"/catalog/request","management":"/management/v3","negotiation":"/contractnegotiations","readiness":"/api/check/readiness","transfer":"/transferprocesses"},"authorizationKey":"X-Api-Key","delay":100,"hostname":"","participantId":"","xApiKey":""},"hostname":"","image":{"pullPolicy":"IfNotPresent","repository":"docker.io/tractusx/digital-product-pass-backend"},"imagePullSecrets":[],"ingress":{"annotations":{"ingressClassName":"nginx","nginx.ingress.kubernetes.io/backend-protocol":"HTTP","nginx.ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/ssl-passthrough":"false"},"enabled":false,"hosts":[{"host":"","paths":[{"path":"/","pathType":"Prefix"}]}]},"irs":{"apiKey":"","enabled":false,"hostname":""},"logging":{"level":{"root":"INFO","utils":"INFO"}},"maxRetries":5,"name":"dpp-backend","passport":{"aspects":["urn:samm:io.catenax.battery.battery_pass:6.0.0#BatteryPass","urn:samm:io.catenax.transmission.transmission_pass:3.0.0#TransmissionPass","urn:samm:io.catenax.generic.digital_product_passport:5.0.0#DigitalProductPassport"],"policyCheck":{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"odrl:use","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}},"podSecurityContext":{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}},"process":{"encryptionKey":""},"securityCheck":{"bpn":false,"edc":false},"securityContext":{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsGroup":10001,"runAsNonRoot":true,"runAsUser":10000},"serverPort":8888,"service":{"port":8888,"type":"ClusterIP"},"singleApi":{"delay":1000,"maxRetries":30},"verification":{"autoVerify":true,"enabled":true,"wallet":{"apiKey":"","endpoints":{"health":"/health","verify":"/verify"},"url":"https://"}},"volumeMounts":[{"mountPath":"/app/config","name":"backend-config"},{"mountPath":"/app/data/process","name":"pvc-backend","subPath":"data/process"},{"mountPath":"/app/log","name":"tmpfs","subPath":"log"},{"mountPath":"/tmp","name":"tmpfs"},{"mountPath":"/app/data/VaultConfig","name":"tmpfs","subPath":"VaultConfig/vault.token.yml"},{"mountPath":"/app/tmp","name":"tmpfs"}],"volumes":[{"configMap":{"name":"{{ .Release.Name }}-backend-config"},"name":"backend-config"},{"name":"pvc-backend","persistentVolumeClaim":{"claimName":"{{ .Release.Name }}-pvc-data"}},{"emptyDir":{},"name":"tmpfs"}]}` | Backend configuration | +| backend.digitalTwinRegistry.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"odrl:use","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | policy configuration for the digital twin assets in the edc catalog | | backend.digitalTwinRegistry.policyCheck.enabled | bool | `true` | condition to enable and disable the policy check | -| backend.digitalTwinRegistry.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | +| backend.digitalTwinRegistry.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"odrl:use","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.core.digitalTwinRegistry:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | | backend.digitalTwinRegistry.policyCheck.strictMode | bool | `false` | the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value | | backend.digitalTwinRegistry.temporaryStorage | object | `{"enabled":true,"lifetime":12}` | temporary storage of dDTRs for optimization | | backend.digitalTwinRegistry.temporaryStorage.lifetime | int | `12` | lifetime of the temporaryStorage in hours | @@ -42,7 +42,7 @@ helm install digital-product-pass tractusx/digital-product-pass | backend.discovery.bpnDiscovery | object | `{"key":"manufacturerPartId","path":"/api/v1.0/administration/connectors/bpnDiscovery/search"}` | bpn discovery configuration | | backend.discovery.edcDiscovery | object | `{"key":"bpn"}` | edc discovery configuration | | backend.discovery.hostname | string | `""` | discovery finder configuration | -| backend.edc | object | `{"apis":{"catalog":"/catalog/request","management":"/management/v2","negotiation":"/contractnegotiations","readiness":"/api/check/readiness","transfer":"/transferprocesses"},"authorizationKey":"X-Api-Key","delay":100,"hostname":"","participantId":"","xApiKey":""}` | in this section we configure the values that are inserted as secrets in the backend | +| backend.edc | object | `{"apis":{"catalog":"/catalog/request","management":"/management/v3","negotiation":"/contractnegotiations","readiness":"/api/check/readiness","transfer":"/transferprocesses"},"authorizationKey":"X-Api-Key","delay":100,"hostname":"","participantId":"","xApiKey":""}` | in this section we configure the values that are inserted as secrets in the backend | | backend.edc.delay | int | `100` | Negotiation status Delay in milliseconds in between async requests [<= 500] | | backend.edc.hostname | string | `""` | edc consumer connection configuration | | backend.edc.participantId | string | `""` | BPN Number | @@ -55,9 +55,9 @@ helm install digital-product-pass tractusx/digital-product-pass | backend.logging.level.root | string | `"INFO"` | general logging level | | backend.logging.level.utils | string | `"INFO"` | logging for the util components | | backend.maxRetries | int | `5` | max retries for the backend services | -| backend.passport.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"CircularEconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | configuration for policies to filter in the digital product pass asset negotiation | +| backend.passport.policyCheck | object | `{"enabled":true,"policies":[{"obligation":[],"permission":[{"action":"odrl:use","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}],"strictMode":false}` | configuration for policies to filter in the digital product pass asset negotiation | | backend.passport.policyCheck.enabled | bool | `true` | condition to enable and disable the policy check | -| backend.passport.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"USE","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:FrameworkAgreement","operator":"odrl:eq","rightOperand":"CircularEconomy:1.0"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | +| backend.passport.policyCheck.policies | list | `[{"obligation":[],"permission":[{"action":"odrl:use","constraints":[{"leftOperand":"cx-policy:Membership","operator":"odrl:eq","rightOperand":"active"},{"leftOperand":"cx-policy:UsagePurpose","operator":"odrl:eq","rightOperand":"cx.circular.dpp:1"}],"logicalConstraint":"odrl:and"}],"prohibition":[]}]` | list of allowed policies that can be selected from the edc catalog in negotiations | | backend.passport.policyCheck.strictMode | bool | `false` | the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value | | backend.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10000,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | | backend.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | @@ -97,7 +97,7 @@ helm install digital-product-pass tractusx/digital-product-pass | frontend.image.pullPolicy | string | `"IfNotPresent"` | | | frontend.image.repository | string | `"docker.io/tractusx/digital-product-pass-frontend"` | | | frontend.imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| frontend.ingress | object | `{"annotations":{"ingressClassName":"nginx","nginx.ingress.kubernetes.io/backend-protocol":"HTTP","nginx.ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/ssl-passthrough":"false"},"enabled":false,"hosts":[]}` | ingress declaration to expose the dpp-frontend service | +| frontend.ingress | object | `{"annotations":{"ingressClassName":"nginx","nginx.ingress.kubernetes.io/backend-protocol":"HTTP","nginx.ingress.kubernetes.io/force-ssl-redirect":"true","nginx.ingress.kubernetes.io/rewrite-target":"/$2","nginx.ingress.kubernetes.io/service-upstream":"true"},"enabled":false,"hosts":[]}` | ingress declaration to expose the dpp-frontend service | | frontend.ingress.annotations.ingressClassName | string | `"nginx"` | ingress class name | | frontend.irs | object | `{"maxWaitingTime":30,"requestDelay":30000}` | irs api timeouts | | frontend.irs.maxWaitingTime | int | `30` | maximum waiting time to get the irs job status | diff --git a/charts/digital-product-pass/templates/configmap-backend.yaml b/charts/digital-product-pass/templates/configmap-backend.yaml index a12e5d848..1612cd5fe 100644 --- a/charts/digital-product-pass/templates/configmap-backend.yaml +++ b/charts/digital-product-pass/templates/configmap-backend.yaml @@ -157,23 +157,23 @@ data: strictMode: {{ .Values.backend.passport.policyCheck.strictMode }} policies: {{- toYaml .Values.backend.passport.policyCheck.policies | nindent 10 }} # -- digital product pass verification add-on configuration - verification: - enabled: {{ .Values.backend.verification.enabled }} - autoVerify: {{ .Values.backend.verification.autoVerify }} - wallet: - url: {{ .Values.backend.verification.wallet.url }} - endpoints: - health: {{ .Values.backend.verification.wallet.endpoints.health }} - verify: {{ .Values.backend.verification.wallet.endpoints.verify }} - certifiedDataCredential: - ## -- These keys are used in order to find if a subModel contains a verifiable credential, defined in the verification documentation - semanticIdKeys: - - key: "Entity" - value: "https://www.w3.org/ns/credentials/v2" - - key: "DataElement" - value: "urn:samm:io.catenax.dpp_verification.cdc:1.0.0#CertifiedDataCredential" - - key: "Operation" - value: "https://w3c.github.io/vc-jws-2020/contexts/v1/" + verification: + enabled: {{ .Values.backend.verification.enabled }} + autoVerify: {{ .Values.backend.verification.autoVerify }} + wallet: + url: {{ .Values.backend.verification.wallet.url }} + endpoints: + health: {{ .Values.backend.verification.wallet.endpoints.health }} + verify: {{ .Values.backend.verification.wallet.endpoints.verify }} + certifiedDataCredential: + ## -- These keys are used in order to find if a subModel contains a verifiable credential, defined in the verification documentation + semanticIdKeys: + - key: "Entity" + value: "https://www.w3.org/ns/credentials/v2" + - key: "DataElement" + value: "urn:samm:io.catenax.dpp_verification.cdc:1.0.0#CertifiedDataCredential" + - key: "Operation" + value: "https://w3c.github.io/vc-jws-2020/contexts/v1/" # -- configuration of the spring boot server server: # -- configuration of backend errors diff --git a/charts/digital-product-pass/templates/deployment-frontend.yaml b/charts/digital-product-pass/templates/deployment-frontend.yaml index 2d4c2543a..a7b84d473 100644 --- a/charts/digital-product-pass/templates/deployment-frontend.yaml +++ b/charts/digital-product-pass/templates/deployment-frontend.yaml @@ -25,7 +25,7 @@ --- -{{- if .Values.frontend.enabled -}} +{{- if .Values.frontend.enabled }} apiVersion: apps/v1 kind: Deployment diff --git a/charts/digital-product-pass/templates/ingress-frontend.yaml b/charts/digital-product-pass/templates/ingress-frontend.yaml index ff09c9b6c..2d816c79b 100644 --- a/charts/digital-product-pass/templates/ingress-frontend.yaml +++ b/charts/digital-product-pass/templates/ingress-frontend.yaml @@ -35,15 +35,14 @@ {{- end }} {{- end }} -#{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -#apiVersion: networking.k8s.io/v1 -#{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -#apiVersion: networking.k8s.io/v1beta1 -#{{- else -}} -#apiVersion: extensions/v1beta1 -#{{- end }} - +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} + kind: Ingress metadata: name: {{ $fullName }} diff --git a/charts/digital-product-pass/templates/service-frontend.yaml b/charts/digital-product-pass/templates/service-frontend.yaml index 962fce03c..c6fefc19a 100644 --- a/charts/digital-product-pass/templates/service-frontend.yaml +++ b/charts/digital-product-pass/templates/service-frontend.yaml @@ -25,7 +25,7 @@ --- -{{- if .Values.frontend.enabled -}} +{{- if .Values.frontend.enabled }} apiVersion: v1 kind: Service diff --git a/charts/digital-product-pass/values-int.yaml b/charts/digital-product-pass/values-int.yaml index a92573cf7..fb1d27de0 100644 --- a/charts/digital-product-pass/values-int.yaml +++ b/charts/digital-product-pass/values-int.yaml @@ -36,18 +36,18 @@ backend: nginx.ingress.kubernetes.io/ssl-passthrough: "false" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" hosts: - - host: &hostname "dpp.int.demo.catena-x.net" + - host: &hostname "dpp.int.catena-x.net" paths: - path: / pathType: Prefix tls: - - secretName: tls-secret + - secretName: tls-secret-digital-product-pass-backend hosts: - *hostname edc: - xApiKey: - participantId: &bpn - hostname: "materialpass.int.demo.catena-x.net/consumer" + xApiKey: + participantId: &bpn + hostname: "dpp.int.catena-x.net/consumer" hostname: *hostname @@ -57,14 +57,14 @@ backend: irs: enabled: true - hostname: "materialpass-irs.int.demo.catena-x.net" - apiKey: "" + hostname: "dpp-irs.int.catena-x.net" + apiKey: "" process: - encryptionKey: "" + encryptionKey: "" discovery: - hostname: "semantics.int.demo.catena-x.net/discoveryfinder" + hostname: "semantics.int.catena-x.net/discoveryfinder" singleApi: maxRetries: 30 @@ -72,7 +72,8 @@ backend: verification: wallet: - url: "https://dpp-consumer-wallet.int.demo.catena-x.net" + url: "https://dpp-consumer-wallet.int.catena-x.net" + apiKey: "" frontend: enabled: true @@ -86,18 +87,18 @@ frontend: # kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "false" - nginx.ingress.kubernetes.io/rewrite-target: /$2 + nginx.ingress.kubernetes.io/rewrite-target: "/$2" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" nginx.ingress.kubernetes.io/service-upstream: "true" hosts: - - host: dpp.int.demo.catena-x.net + - host: dpp.int.catena-x.net paths: - path: /passport(/|$)(.*) pathType: Prefix tls: - - secretName: tls-secret + - secretName: tls-secret-digital-product-pass-frontend hosts: - - dpp.int.demo.catena-x.net + - dpp.int.catena-x.net backend: hostname: *hostname @@ -106,16 +107,16 @@ frontend: adminEmail: "admin@example.com" portal: - hostname: "portal.int.demo.catena-x.net" + hostname: "portal.int.catena-x.net" oauth: - hostname: "centralidp.int.demo.catena-x.net" + hostname: "centralidp.int.catena-x.net" techUser: - clientId: - clientSecret: - realm: - appId: + clientId: + clientSecret: + realm: + appId: bpnCheck: enabled: true bpn: *bpn @@ -123,5 +124,5 @@ oauth: enabled: false apiKey: header: "X-Api-Key" - secret: + secret: diff --git a/charts/digital-product-pass/values.yaml b/charts/digital-product-pass/values.yaml index 9bd9eb6e1..2305f612f 100644 --- a/charts/digital-product-pass/values.yaml +++ b/charts/digital-product-pass/values.yaml @@ -142,7 +142,7 @@ backend: hostname: "" apis: readiness: "/api/check/readiness" - management: "/management/v2" + management: "/management/v3" catalog: "/catalog/request" negotiation: "/contractnegotiations" transfer: "/transferprocesses" @@ -206,15 +206,12 @@ backend: # -- list of allowed policies that can be selected from the edc catalog in negotiations policies: - permission: - - action: "USE" + - action: "odrl:use" logicalConstraint: "odrl:and" constraints: - leftOperand: "cx-policy:Membership" operator: "odrl:eq" rightOperand: "active" - - leftOperand: "cx-policy:FrameworkAgreement" - operator: "odrl:eq" - rightOperand: "CircularEconomy:1.0" - leftOperand: "cx-policy:UsagePurpose" operator: "odrl:eq" rightOperand: "cx.circular.dpp:1" @@ -246,7 +243,7 @@ backend: # -- list of allowed policies that can be selected from the edc catalog in negotiations policies: - permission: - - action: "USE" + - action: "odrl:use" logicalConstraint: "odrl:and" constraints: - leftOperand: "cx-policy:Membership" @@ -295,8 +292,9 @@ frontend: ingressClassName: nginx # kubernetes.io/tls-acme: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" - nginx.ingress.kubernetes.io/ssl-passthrough: "false" + nginx.ingress.kubernetes.io/rewrite-target: "/$2" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" + nginx.ingress.kubernetes.io/service-upstream: "true" hosts: [] # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment diff --git a/deployment/infrastructure/data-consumer/edc-consumer/Chart.yaml b/deployment/infrastructure/data-consumer/edc-consumer/Chart.yaml index 3dc159463..d16a27e72 100644 --- a/deployment/infrastructure/data-consumer/edc-consumer/Chart.yaml +++ b/deployment/infrastructure/data-consumer/edc-consumer/Chart.yaml @@ -47,5 +47,5 @@ dependencies: condition: postgresql.enabled - name: item-relationship-service repository: https://eclipse-tractusx.github.io/item-relationship-service - version: 7.1.3 + version: 7.4.0 condition: item-relationship-service.enabled diff --git a/deployment/infrastructure/data-consumer/edc-consumer/values-int.yaml b/deployment/infrastructure/data-consumer/edc-consumer/values-int.yaml index 96782dfd6..12422f4cf 100644 --- a/deployment/infrastructure/data-consumer/edc-consumer/values-int.yaml +++ b/deployment/infrastructure/data-consumer/edc-consumer/values-int.yaml @@ -42,15 +42,15 @@ tractusx-connector: # Decentralized IDentifier id: "did:web:portal-backend.int.catena-x.net:api:administration:staticdata:did:BPNL000000000FV1" trustedIssuers: # array [] that needs to be expand but likely like (sorry unconfirmed on how this is done, as I also would need to check) - - "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp" + - "did:web:portal-backend.int.catena-x.net:api:administration:staticdata:did:BPNL00000003CRHK" sts: dim: url: "https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal" oauth: - token_url: "https://bpnl000000000FV1-dpp.authentication.eu10.hana.ondemand.com/oauth/token" + token_url: "https://bpnl000000000fv1-dpp.authentication.eu10.hana.ondemand.com/oauth/token" client: id: "" - secret_alias: "" + secret_alias: int-client-secret controlplane: enabled: true @@ -171,8 +171,9 @@ tractusx-connector: clusterIssuer: "" postgresql: - username: - password: + auth: + username: + password: vault: hashicorp: @@ -188,7 +189,7 @@ postgresql: password: item-relationship-service: - enabled: false + enabled: true bpn: irsUrl: "https://dpp-irs.int.catena-x.net" @@ -199,6 +200,7 @@ item-relationship-service: enabled: true annotations: ingressClassName: nginx + cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/backend-protocol: HTTP nginx.ingress.kubernetes.io/force-ssl-redirect: 'true' nginx.ingress.kubernetes.io/ssl-passthrough: 'false' @@ -220,7 +222,7 @@ item-relationship-service: oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client discoveryFinderUrl: https://semantics.int.catena-x.net/discoveryfinder/api/v1.0/administration/connectors/discovery/search semanticshub: - url: https://semantics.int.catena-x.net/hub/api/v1/models + url: https://semantics.int.catena-x.net/hub/apimodels oAuthClientId: semantics bpdm: url: https://partners-pool.int.catena-x.net @@ -249,19 +251,63 @@ item-relationship-service: edc: catalog: - acceptedPolicies: - - leftOperand: "cx-policy:FrameworkAgreement" - operator: "eq" - rightOperand: "CircularEconomy:1.0" - - leftOperand: "cx-policy:Membership" - operator: "eq" - rightOperand: "active" - - leftOperand: "cx-policy:UsagePurpose" - operator: "eq" - rightOperand: "cx.circular.dpp:1" - - leftOperand: "cx-policy:UsagePurpose" - operator: "eq" - rightOperand: "cx.core.digitalTwinRegistry:1" + acceptedPolicies: > + [{ + "policyId": "dpp-policy-id", + "createdOn": "2024-07-17T16:15:14.12345678Z", + "validUntil": "9999-01-01T00:00:00.00000000Z", + "permissions": [ + { + "action": "use", + "constraint": { + "and": [ + { + "leftOperand": "https://w3id.org/catenax/policy/Membership", + "operator": { + "@id": "eq" + }, + "rightOperand": "active" + }, + { + "leftOperand": "https://w3id.org/catenax/policy/UsagePurpose", + "operator": { + "@id": "eq" + }, + "rightOperand": "cx.circular.dpp:1" + } + ] + } + } + ] + }, + { + "policyId": "default-policy", + "createdOn": "2024-07-17T16:15:14.12345678Z", + "validUntil": "9999-01-01T00:00:00.00000000Z", + "permissions": [ + { + "action": "use", + "constraint": { + "and": [ + { + "leftOperand": "https://w3id.org/catenax/policy/Membership", + "operator": { + "@id": "eq" + }, + "rightOperand": "active" + }, + { + "leftOperand": "https://w3id.org/catenax/policy/UsagePurpose", + "operator": { + "@id": "eq" + }, + "rightOperand": "cx.core.digitalTwinRegistry:1" + } + ] + } + } + ] + }] controlplane: endpoint: data: https://dpp.int.catena-x.net/consumer/management diff --git a/deployment/infrastructure/data-consumer/edc-consumer/values.yaml b/deployment/infrastructure/data-consumer/edc-consumer/values.yaml index f801104e1..36aa65775 100644 --- a/deployment/infrastructure/data-consumer/edc-consumer/values.yaml +++ b/deployment/infrastructure/data-consumer/edc-consumer/values.yaml @@ -659,13 +659,49 @@ item-relationship-service: clientSecret: "" edc: catalog: - acceptedPolicies: - - leftOperand: "cx-policy:FrameworkAgreement" - operator: "eq" - rightOperand: "CircularEconomy:1.0" - - leftOperand: "cx-policy:Membership" - operator: "eq" - rightOperand: "active" + acceptedPolicies: > + [{ + "policyId": "default-policy", + "createdOn": "2024-07-17T16:15:14.12345678Z", + "validUntil": "9999-01-01T00:00:00.00000000Z", + "permissions": [ + { + "action": "use", + "constraint": { + "and": [ + { + "leftOperand": "https://w3id.org/catenax/policy/FrameworkAgreement", + "operator": { + "@id": "eq" + }, + "rightOperand": "CircularEconomy:1.0" + }, + { + "leftOperand": "https://w3id.org/catenax/policy/UsagePurpose", + "operator": { + "@id": "eq" + }, + "rightOperand": "cx.core.digitalTwinRegistry:1" + }, + { + "leftOperand": "https://w3id.org/catenax/policy/UsagePurpose", + "operator": { + "@id": "eq" + }, + "rightOperand": "cx.circular.dpp:1" + }, + { + "leftOperand": "cx-policy:Membership", + "operator": { + "@id": "eq" + }, + "rightOperand": "active" + } + ] + } + } + ] + }] controlplane: endpoint: data: "" diff --git a/deployment/infrastructure/data-provider/edc-provider/values-int.yaml b/deployment/infrastructure/data-provider/edc-provider/values-int.yaml index 452600869..b3ac19176 100644 --- a/deployment/infrastructure/data-provider/edc-provider/values-int.yaml +++ b/deployment/infrastructure/data-provider/edc-provider/values-int.yaml @@ -37,7 +37,7 @@ tractusx-connector: # Decentralized IDentifier id: "did:web:portal-backend.int.catena-x.net:api:administration:staticdata:did:BPNL000000000FV1" trustedIssuers: # array [] that needs to be expand but likely like (sorry unconfirmed on how this is done, as I also would need to check) - - "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp" + - "did:web:portal-backend.int.catena-x.net:api:administration:staticdata:did:BPNL00000003CRHK" sts: dim: url: "https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal" @@ -45,7 +45,7 @@ tractusx-connector: token_url: "https://bpnl000000000FV1-dpp.authentication.eu10.hana.ondemand.com/oauth/token" client: id: "" - secret_alias: "" + secret_alias: int-client-secret controlplane: enabled: true @@ -55,13 +55,13 @@ tractusx-connector: # -- port for incoming api calls port: 8080 # -- path for incoming api calls - path: /BPNL000000000000/api + path: /provider/api # -- data management api, used by internal users, can be added to an ingress and must not be internet facing management: # -- port for incoming api calls port: 8081 # -- path for incoming api calls - path: /BPNL000000000000/management + path: /provider/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not @@ -69,19 +69,19 @@ tractusx-connector: # -- port for incoming api calls port: 8083 # -- path for incoming api calls - path: /BPNL000000000000/control + path: /provider/control # -- ids api, used for inter connector communication and must be internet facing protocol: # -- port for incoming api calls port: 8084 # -- path for incoming api calls - path: /BPNL000000000000/api/v1/dsp + path: /provider/api/v1/dsp # -- metrics api, used for application metrics, must not be internet facing metrics: # -- port for incoming api calls port: 9090 # -- path for incoming api calls - path: /BPNL000000000000/metrics + path: /provider/metrics ## Ingress declaration to expose the network service. ingresses: @@ -111,20 +111,20 @@ tractusx-connector: endpoints: default: port: 8080 - path: /BPNL000000000000/api + path: /provider/api public: port: 8081 - path: /BPNL000000000000/api/public + path: /provider/api/public control: port: 8084 - path: /BPNL000000000000/api/dataplane/control + path: /provider/api/dataplane/control proxy: port: 8186 - path: /BPNL000000000000/proxy + path: /provider/proxy authKey: metrics: port: 9090 - path: /BPNL000000000000/metrics + path: /provider/metrics token: refresh: @@ -167,16 +167,17 @@ tractusx-connector: clusterIssuer: "" postgresql: - username: - password: + auth: + username: + password: vault: fullnameOverride: "vault" hashicorp: - url: - token: + url: + token: paths: - secret: + secret: health: /v1/sys/health postgresql: diff --git a/deployment/infrastructure/data-provider/edc-provider/values.yaml b/deployment/infrastructure/data-provider/edc-provider/values.yaml index ab7630836..43b5fc97a 100644 --- a/deployment/infrastructure/data-provider/edc-provider/values.yaml +++ b/deployment/infrastructure/data-provider/edc-provider/values.yaml @@ -106,13 +106,13 @@ tractusx-connector: # -- port for incoming api calls port: 8080 # -- path for incoming api calls - path: /BPNL000000000000/api + path: /provider/api # -- data management api, used by internal users, can be added to an ingress and must not be internet facing management: # -- port for incoming api calls port: 8081 # -- path for incoming api calls - path: /BPNL000000000000/management + path: /provider/management # -- authentication key, must be attached to each 'X-Api-Key' request header authKey: "" # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not @@ -120,19 +120,19 @@ tractusx-connector: # -- port for incoming api calls port: 8083 # -- path for incoming api calls - path: /BPNL000000000000/control + path: /provider/control # -- ids api, used for inter connector communication and must be internet facing protocol: # -- port for incoming api calls port: 8084 # -- path for incoming api calls - path: /BPNL000000000000/api/v1/dsp + path: /provider/api/v1/dsp # -- metrics api, used for application metrics, must not be internet facing metrics: # -- port for incoming api calls port: 9090 # -- path for incoming api calls - path: /BPNL000000000000/metrics + path: /provider/metrics bdrs: # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min @@ -349,20 +349,20 @@ tractusx-connector: endpoints: default: port: 8080 - path: /BPNL000000000000/api + path: /provider/api public: port: 8081 - path: /BPNL000000000000/api/public + path: /provider/api/public control: port: 8084 - path: /BPNL000000000000/api/dataplane/control + path: /provider/api/dataplane/control proxy: port: 8186 - path: /BPNL000000000000/proxy + path: /provider/proxy authKey: "" metrics: port: 9090 - path: /BPNL000000000000/metrics + path: /provider/metrics token: refresh: diff --git a/docs/RELEASE_USER.md b/docs/RELEASE_USER.md index 5e731ee64..69651333f 100644 --- a/docs/RELEASE_USER.md +++ b/docs/RELEASE_USER.md @@ -25,6 +25,33 @@ SPDX-License-Identifier: CC-BY-4.0 User friendly relase notes without specific technical details. +**July 25 2024 (Version 4.0.1)** +*25.07.2024* + +### Added + +#### Added Compatibility Matrix + +I have added the compatibility matrix for the Digital Product Pass, in this way the different dependencies can be visualized properly. + +#### Added compatibility to IRS 7.4.0 + +Now the backend is compatible with the latest IRS 7.4.0 helm version. Enabling even faster relationships retrievals. + +### Issues Fixed + +#### Fixed Integration Between EDC 0.7.3 and the backend + +There was a policy definition problem in the backend helm charts that do not allowed the backend to accept the EDC policies. Because of data sovereignty. + +#### Fixed DSP Endpoint Resolution Bug + +There was a bug related to the dsp endpoint resolution, when we received it from the Digital Twin, we were not able to build correctly the dsp endpoint with the provider endpoint. + +#### Fixed Digital Product Pass Verification Typos + +There were some typos in the digital product pass verification add-on. They were fixed in this released. + **July 3 2024 (Version 4.0.0)** *03.07.2024* diff --git a/docs/interoperability/InteroperabilityGuide.md b/docs/interoperability/InteroperabilityGuide.md index f8a7df4a3..f4b98fa23 100644 --- a/docs/interoperability/InteroperabilityGuide.md +++ b/docs/interoperability/InteroperabilityGuide.md @@ -65,7 +65,7 @@ BMW, CGI and Henkel have jointly decided to initiate and drive the topic of data ![Architecture Functional Cut](./media/graphArchitectureFunctionalCut.svg) -## Business Semantic Alignment +## Business Semantic Alignment The business semantic alignment is limited to the business domain sustainability/circular economy. The main goal of this app is to visualize the digital product pass and in the first step the battery pass and transmission pass. The data models for the battery pass, digital product pass and transmission pass were made by the digital product pass team and are standardized in Catena-X. @@ -75,22 +75,31 @@ Which standardization candidates are you intending to use in your scenario, whic The Digital Product Passport App is using the following standardization candidates: -* Battery Passport (For Release 24.05 version 5.0.0 of the Battery Pass is used) → https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.battery.battery_pass/5.0.0 -* Digital Product Passport (For Release 24.05 version 4.0.0 of the DPP is used) → https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.generic.digital_product_passport/4.0.0 -* Gearbox/Transmission Passport (For Release 24.05 version 1.0.0 of the Transmission Pass is used) ->https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.transmission.transmission_pass/1.0.0 +* Battery Passport (For Release 24.08 version 6.0.0 of the Battery Pass is used) → https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.battery.battery_pass/6.0.0 +* Digital Product Passport (For Release 24.08 version 5.0.0 of the DPP is used) → https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.generic.digital_product_passport/5.0.0 +* Gearbox/Transmission Passport (For Release 24.08 version 3.0.0 of the Transmission Pass is used) ->https://github.com/eclipse-tractusx/sldt-semantic-models/tree/main/io.catenax.transmission.transmission_pass/3.0.0 The following candidates are not yet implemented: * Sealant Passport, Tire Passport * E-Drive -The digital product pass is using the [EDC v0.7.0](https://github.com/eclipse-tractusx/tractusx-edc/releases/tag/0.7.0) and enables the [data sovereignty policy configurations](https://github.com/eclipse-tractusx/digital-product-pass/blob/main/docs/data-sovereignty/PolicyConfigGuide.md) +The digital product pass is using the [EDC v0.7.0](https://github.com/eclipse-tractusx/tractusx-edc/releases/tag/0.7.0) and enables the [data sovereignty policy configurations](https://github.com/eclipse-tractusx/digital-product-pass/blob/main/docs/data-sovereignty/PolicyConfigGuide.md) +## Data Verification Add-on + +The Digital Product Pass App as a consumer shall be able to verify the data received from the EDC. +For that the [`dpp-verification` add-on](../../dpp-verification/) was defined. + +The implementation technical integration design from the add-on in R24.08 is documented in [this chapter](../../dpp-verification/README.md#verification-implementation-in-the-digital-product-pass) from the dpp-verification add-on. ## Technical Integration Design The technical integration design can be found in the [arc42 documentation](../architecture/Arc42.md) +## Compatibility Matrix + +More compatibility requirements can be found in the [compatibility-matrix](../../COMPATIBILITY_MATRIX.md). ## NOTICE diff --git a/dpp-verification/resources/implementation/amr-document-credential.svg.license b/docs/media/dpp-tx-logo.png.license similarity index 100% rename from dpp-verification/resources/implementation/amr-document-credential.svg.license rename to docs/media/dpp-tx-logo.png.license diff --git a/docs/media/passport-view.png b/docs/media/passport-view.png new file mode 100644 index 000000000..2f18ba789 Binary files /dev/null and b/docs/media/passport-view.png differ diff --git a/docs/media/verification-addon.png b/docs/media/verification-addon.png new file mode 100644 index 000000000..7be602ec3 Binary files /dev/null and b/docs/media/verification-addon.png differ diff --git a/dpp-backend/digitalproductpass/pom.xml b/dpp-backend/digitalproductpass/pom.xml index 15c94c9cd..4fedb7055 100644 --- a/dpp-backend/digitalproductpass/pom.xml +++ b/dpp-backend/digitalproductpass/pom.xml @@ -36,7 +36,7 @@ org.eclipse.tractusx digitalproductpass - 4.0.0 + 4.0.1 jar Catena-X Digital Product Passport Core + Verification Add-on @@ -244,7 +244,7 @@ org.eclipse.dash license-tool-plugin - 0.0.1-SNAPSHOT + 1.1.1-SNAPSHOT license-check diff --git a/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/http/controllers/AppController.java b/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/http/controllers/AppController.java index 6405d4e32..3780520b3 100644 --- a/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/http/controllers/AppController.java +++ b/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/http/controllers/AppController.java @@ -229,7 +229,7 @@ public Response getDigitalTwin(@RequestBody Object body, @PathVariable String pr } try { - connectorAddress = CatenaXUtil.buildEndpoint(connectorAddress); + connectorAddress = CatenaXUtil.buildDspEndpoint(connectorAddress); } catch (Exception e) { return null; } diff --git a/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/models/negotiation/request/TransferRequest.java b/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/models/negotiation/request/TransferRequest.java index c851d52a5..b334f2582 100644 --- a/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/models/negotiation/request/TransferRequest.java +++ b/dpp-backend/digitalproductpass/src/main/java/org/eclipse/tractusx/digitalproductpass/core/models/negotiation/request/TransferRequest.java @@ -44,8 +44,6 @@ public class TransferRequest extends DidDocument { /** ATTRIBUTES **/ - @JsonProperty("assetId") - String assetId; @JsonProperty("counterPartyAddress") String counterPartyAddress; @JsonProperty("contractId") @@ -66,9 +64,8 @@ public class TransferRequest extends DidDocument { public TransferRequest() { } - public TransferRequest(String id, String type, String assetId, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { + public TransferRequest(String id, String type, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { super(id, type); - this.assetId = assetId; this.counterPartyAddress = counterPartyAddress; this.contractId = contractId; this.dataDestination = dataDestination; @@ -78,8 +75,7 @@ public TransferRequest(String id, String type, String assetId, String counterPar this.callbackAddresses = callbackAddresses; } - public TransferRequest(String assetId, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { - this.assetId = assetId; + public TransferRequest(String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { this.counterPartyAddress = counterPartyAddress; this.contractId = contractId; this.dataDestination = dataDestination; @@ -89,9 +85,8 @@ public TransferRequest(String assetId, String counterPartyAddress, String contra this.callbackAddresses = callbackAddresses; } - public TransferRequest(String id, String type, JsonNode context, String assetId, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { + public TransferRequest(String id, String type, JsonNode context, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { super(id, type, context); - this.assetId = assetId; this.counterPartyAddress = counterPartyAddress; this.contractId = contractId; this.dataDestination = dataDestination; @@ -101,9 +96,8 @@ public TransferRequest(String id, String type, JsonNode context, String assetId, this.callbackAddresses = callbackAddresses; } - public TransferRequest(String type, String assetId, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { + public TransferRequest(String type, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { super(type); - this.assetId = assetId; this.counterPartyAddress = counterPartyAddress; this.contractId = contractId; this.dataDestination = dataDestination; @@ -113,9 +107,8 @@ public TransferRequest(String type, String assetId, String counterPartyAddress, this.callbackAddresses = callbackAddresses; } - public TransferRequest(JsonNode context, String assetId, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { + public TransferRequest(JsonNode context, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { super(context); - this.assetId = assetId; this.counterPartyAddress = counterPartyAddress; this.contractId = contractId; this.dataDestination = dataDestination; @@ -125,9 +118,8 @@ public TransferRequest(JsonNode context, String assetId, String counterPartyAddr this.callbackAddresses = callbackAddresses; } - public TransferRequest(JsonNode context, String type, String assetId, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { + public TransferRequest(JsonNode context, String type, String counterPartyAddress, String contractId, DataDestination dataDestination, Boolean managedResources, String protocol, String transferType, List callbackAddresses) { super(context, type); - this.assetId = assetId; this.counterPartyAddress = counterPartyAddress; this.contractId = contractId; this.dataDestination = dataDestination; @@ -139,12 +131,6 @@ public TransferRequest(JsonNode context, String type, String assetId, String cou /** GETTERS AND SETTERS **/ - public String getAssetId() { - return assetId; - } - public void setAssetId(String assetId) { - this.assetId = assetId; - } public String getCounterPartyAddress() { return counterPartyAddress; } diff --git a/dpp-backend/digitalproductpass/src/main/java/utils/CatenaXUtil.java b/dpp-backend/digitalproductpass/src/main/java/utils/CatenaXUtil.java index b6a9ddd18..bff2cda75 100644 --- a/dpp-backend/digitalproductpass/src/main/java/utils/CatenaXUtil.java +++ b/dpp-backend/digitalproductpass/src/main/java/utils/CatenaXUtil.java @@ -196,18 +196,47 @@ public static String buildManagementEndpoint(Environment env, String path) { throw new UtilException(CatenaXUtil.class, e, "[ERROR] Invalid edc endpoint or management endpoint"); } } + /** + * Builds a dsp endpoint, adding the /api/v1/dsp endpoint. + *

+ * @param endpoint + * the {@code String} partial endpoint. + * + * @return the built {@code String} endpoint by cleaning the given endpoint and adding the EDC data endpoint and BPN number (if applied). + * + * @throws UtilException + * if the given endpoint is an invalid one. + */ + public static String buildDspEndpoint(String endpoint) { + try { + if (CatenaXUtil.containsEdcEndpoint(endpoint)) { + return endpoint; + } + String cleanUrl = HttpUtil.cleanUrlWithPath(endpoint); + // Remove the trailing slash + if (endpoint.endsWith("/")) { + cleanUrl = endpoint.substring(0, endpoint.length() - 1); + } + //Contact the dsp endpoint + return cleanUrl + edcDataEndpoint; + } catch (Exception e) { + throw new UtilException(CatenaXUtil.class, e, "[ERROR] Invalid url [" + endpoint + "] given!"); + } + + } /** + * @deprecated Use {@code CatenaXUtil.buildEndpointSafe()} instead. This method provided the old logic of parsing dsp endpoints with BPNs * Builds the full Endpoint for a given partial endpoint. *

* @param endpoint * the {@code String} partial endpoint. * * @return the built {@code String} endpoint by cleaning the given endpoint and adding the EDC data endpoint and BPN number (if applied). - * * @throws UtilException * if the given endpoint is an invalid one. */ + @Deprecated public static String buildEndpoint(String endpoint) { try { if (CatenaXUtil.containsEdcEndpoint(endpoint)) { diff --git a/dpp-backend/digitalproductpass/src/main/java/utils/HttpUtil.java b/dpp-backend/digitalproductpass/src/main/java/utils/HttpUtil.java index b25c20f74..083f3aef5 100644 --- a/dpp-backend/digitalproductpass/src/main/java/utils/HttpUtil.java +++ b/dpp-backend/digitalproductpass/src/main/java/utils/HttpUtil.java @@ -456,6 +456,22 @@ public static String cleanUrl(String strUrl) throws MalformedURLException{ String authority = url.getAuthority(); return String.format("%s://%s", protocol, authority); } + /** + * Parses the given {@code String} URL into a String format with protocol and authority information with path + *

+ * @param strUrl + * the {@code String} URL. + * + * @return a {@code String} object with format result. + * + */ + public static String cleanUrlWithPath(String strUrl) throws MalformedURLException{ + URL url = new URL(strUrl); + String protocol = url.getProtocol(); + String authority = url.getAuthority(); + String path = url.getPath(); + return String.format("%s://%s%s", protocol, authority, path); + } /************************************************** diff --git a/dpp-backend/digitalproductpass/src/test/java/managers/ProcessManagerTest.java b/dpp-backend/digitalproductpass/src/test/java/managers/ProcessManagerTest.java index d8daadb9e..269b0fb78 100644 --- a/dpp-backend/digitalproductpass/src/test/java/managers/ProcessManagerTest.java +++ b/dpp-backend/digitalproductpass/src/test/java/managers/ProcessManagerTest.java @@ -571,7 +571,6 @@ void saveTransferRequestAndTransfer() { String connectorId = UUID.randomUUID().toString(); transferRequest.setProtocol("HTTP"); transferRequest.setContractId(contractId); - transferRequest.setAssetId(assetId); transferRequest.setCounterPartyAddress("connectorAddress"); String transferId = UUID.randomUUID().toString(); diff --git a/dpp-backend/digitalproductpass/src/test/java/services/DataTransferServiceTest.java b/dpp-backend/digitalproductpass/src/test/java/services/DataTransferServiceTest.java index b30d1261c..bb7ab2b77 100644 --- a/dpp-backend/digitalproductpass/src/test/java/services/DataTransferServiceTest.java +++ b/dpp-backend/digitalproductpass/src/test/java/services/DataTransferServiceTest.java @@ -325,7 +325,6 @@ void initiateTransferAndSeeTransfer() { List callbackAddresses = List.of(CallbackAddress.builder().transactional(false).uri("http://test.endpoint/4546").events(List.of("transfer.process")).build()); TransferRequest transferRequest = new TransferRequest( jsonUtil.toJsonNode(Map.of("odrl", "http://www.w3.org/ns/odrl/2/")), - dataSet.getAssetId(), status.getEndpoint(), negotiation.getContractAgreementId(), null, diff --git a/dpp-backend/digitalproductpass/src/test/java/utils/CatenaXUtilTest.java b/dpp-backend/digitalproductpass/src/test/java/utils/CatenaXUtilTest.java new file mode 100644 index 000000000..28e5c4ca0 --- /dev/null +++ b/dpp-backend/digitalproductpass/src/test/java/utils/CatenaXUtilTest.java @@ -0,0 +1,98 @@ +/********************************************************************************* + * + * Tractus-X - Digital Product Pass Application + * + * Copyright (c) 2022, 2024 BMW AG + * Copyright (c) 2022, 2024 Henkel AG & Co. KGaA + * Copyright (c) 2023, 2024 CGI Deutschland B.V. & Co. KG + * Copyright (c) 2023, 2024 Contributors to the Eclipse Foundation + * + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the + * License for the specific language govern in permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +package utils; + +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.*; + +class CatenaXUtilTest { + String edcUrlWithoutDsp = "https://edc-url.com/"; + String edcUrlWithoutDspBar = "https://edc-url.com"; + String edcUrlWithPathWithoutDsp = "https://edc-url.com/provider/"; + String edcUrlWithPathWithoutDspBar = "https://edc-url.com/provider"; + String edcUrlWithDsp = "https://edc-url.com"+CatenaXUtil.edcDataEndpoint; + String edcUrlWithPathDsp = "https://edc-url.com/provider"+CatenaXUtil.edcDataEndpoint; + String edcUrlWithBpnDsp = "https://edc-url.com/BPNL000000000000"+CatenaXUtil.edcDataEndpoint; + String edcUrlWithBpnWithoutDsp = "https://edc-url.com/BPNL000000000000"; + String edcUrlWithPort = "https://edc-url.com:8888/BPNL000000000000"; + String edcUrlWithBpnWithoutDspMorePath = "https://edc-url.com/BPNL000000000000/this/is/more/path"; + @Test + void buildEdcUrlWithoutDsp() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithoutDsp); + LogUtil.printTest("[CatenaXUtil.buildEdcUrlWithoutDsp] Input: ["+edcUrlWithoutDsp+"] Output: ["+output+"]"); + assertEquals(edcUrlWithDsp, output); + } + @Test + void buildEdcUrlWithoutDspBar() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithoutDspBar); + LogUtil.printTest("[CatenaXUtil.buildEdcUrlWithoutDspBar] Input: ["+edcUrlWithoutDspBar+"] Output: ["+output+"]"); + assertEquals(edcUrlWithDsp, output); + } + @Test + void buildEdcUrlWithPathWithoutDsp() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithPathWithoutDsp); + LogUtil.printTest("[CatenaXUtil.buildEdcUrlWithPathWithoutDsp] Input: ["+edcUrlWithPathWithoutDsp+"] Output: ["+output+"]"); + assertEquals(edcUrlWithPathDsp, output); + } + + @Test + void buildEdcUrlWithPathWithoutDspBar() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithPathWithoutDspBar); + LogUtil.printTest("[CatenaXUtil.buildEdcUrlWithPathWithoutDspBar] Input: ["+edcUrlWithPathWithoutDspBar+"] Output: ["+output+"]"); + assertEquals(edcUrlWithPathDsp, output); + } + @Test + void buildEdcUrlWithBpnDsp() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithBpnDsp); + LogUtil.printTest("[CatenaXUtil.buildEdcUrlWithBpnDsp] Input: ["+edcUrlWithBpnDsp+"] Output: ["+output+"]"); + assertEquals(edcUrlWithBpnDsp, output); + } + + @Test + void buildEdcUrlWithBpnWithoutDsp() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithBpnWithoutDsp); + LogUtil.printTest("[CatenaXUtil.buildEdcUrlWithBpnWithoutDsp] Input: ["+edcUrlWithBpnWithoutDsp+"] Output: ["+output+"]"); + assertEquals(edcUrlWithBpnDsp, output); + } + + @Test + void buildEdcUrlWithBpnWithoutDspMorePath() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithBpnWithoutDspMorePath); + LogUtil.printTest("[CatenaXUtil.edcUrlWithBpnWithoutDspMorePath] Input: ["+edcUrlWithBpnWithoutDspMorePath+"] Output: ["+output+"]"); + assertEquals(edcUrlWithBpnWithoutDspMorePath+CatenaXUtil.edcDataEndpoint,output); + } + @Test + void buildEdcWithPort() { + String output = CatenaXUtil.buildDspEndpoint(edcUrlWithPort); + LogUtil.printTest("[CatenaXUtil.buildEdcWithPort] Input: ["+edcUrlWithPort+"] Output: ["+output+"]"); + assertEquals(edcUrlWithPort+CatenaXUtil.edcDataEndpoint, output); + } + + +} \ No newline at end of file diff --git a/dpp-frontend/package-lock.json b/dpp-frontend/package-lock.json index 465026d37..7e8e05f06 100644 --- a/dpp-frontend/package-lock.json +++ b/dpp-frontend/package-lock.json @@ -1,12 +1,12 @@ { "name": "digital-product-pass-frontend", - "version": "4.0.0", + "version": "4.0.1", "lockfileVersion": 2, "requires": true, "packages": { "": { "name": "digital-product-pass-frontend", - "version": "4.0.0", + "version": "4.0.1", "dependencies": { "@mdi/font": "5.9.55", "@popperjs/core": "^2.11.2", diff --git a/dpp-frontend/package.json b/dpp-frontend/package.json index 21c624e02..cf5be42db 100644 --- a/dpp-frontend/package.json +++ b/dpp-frontend/package.json @@ -1,6 +1,6 @@ { "name": "digital-product-pass-frontend", - "version": "4.0.0", + "version": "4.0.1", "private": true, "scripts": { "serve": "vite --host localhost", diff --git a/dpp-verification/README.md b/dpp-verification/README.md index d29bf50e2..9cc2dd5c8 100644 --- a/dpp-verification/README.md +++ b/dpp-verification/README.md @@ -24,7 +24,7 @@ SPDX-License-Identifier: CC-BY-4.0

DPP Verificaion Logo

- Version:  v2.0 + Version:  v2.1 STATUS: RELEASED

A Catena-X Data Certification/Verification Framework

Digital Product Pass Verification Add-on

@@ -36,7 +36,7 @@ SPDX-License-Identifier: CC-BY-4.0 | | Date | Authors & Reviewers | | -------------------- | ----------------- | ----------------------------------------------------- | | **Created** | December 29, 2023 | [Mathias Brunkow Moser](https://github.com/matbmoser) | -| **Lastest Revision** | July 19, 2024 | [Mathias Brunkow Moser](https://github.com/matbmoser) | +| **Lastest Revision** | July 24, 2024 | [Mathias Brunkow Moser](https://github.com/matbmoser) | ## Authors @@ -184,9 +184,9 @@ This concept has been proved to be of high interest from the Certification and V - [CDC ID Short](#cdc-id-short) - [CDC Submodel Example](#cdc-submodel-example) - [Attribute Certification Record Submodel](#attribute-certification-record-submodel) - - [AMR Semantic ID Keys](#amr-semantic-id-keys) - - [AMR ID Short](#amr-id-short) - - [AMR Submodel Example](#amr-submodel-example) + - [ACR Semantic ID Keys](#acr-semantic-id-keys) + - [ACR ID Short](#acr-id-short) + - [ACR Submodel Example](#acr-submodel-example) - [Verification Implementation in the Digital Product Pass](#verification-implementation-in-the-digital-product-pass) - [Challenges](#challenges) - [Sequence Diagram](#sequence-diagram) @@ -528,7 +528,7 @@ Once that is done the data will be linked in a `digital twin`, so in this way by Once the EDC Push Notification is received by the `data auditor` the Digital Twin and the Digital Product Pass (JSON aspect model payload to be audited) will be retrieved using the `EDC Connector` and through the `EDC Data Plane proxy`. When the passport aspect is available the data auditor can certify the `specific attributes requested` from the product against the different Catena-X standards and regulations. The `data auditor` will create a new document (a certified snapshot credential) which contains the proof of compliance of the specific attributes audited in the passport using selective disclosure, there the data is not copied it is hashed, so it can be signed and stored in the wallet from the `data auditor` for tracking reasons. -The `CSC Document` (the certificate) will then be sent to the `data provider` using the EDC Push Notification functionality. When the data arrives in the data provider it will be then added to the `Attribute Certification Record (ACR)` or an `Attribute Certification Registry (AMReg) Application` both which contains all the attribute certifications for a specific aspect model payload submodel. It contains a list of credentials provided by one or more auditors for this aspect. It will be linked in the digital twin where the aspect is and if additional certification is required it will be triggered and the process repeats. +The `CSC Document` (the certificate) will then be sent to the `data provider` using the EDC Push Notification functionality. When the data arrives in the data provider it will be then added to the `Attribute Certification Record (ACR)` or an `Attribute Certification Registry (ACReg) Application` both which contains all the attribute certifications for a specific aspect model payload submodel. It contains a list of credentials provided by one or more auditors for this aspect. It will be linked in the digital twin where the aspect is and if additional certification is required it will be triggered and the process repeats. ![csc workflow](./resources/processes/csc-workflow.svg) @@ -586,7 +586,7 @@ In this Diagram we can see the complete attribute certification process and how Once the `CSC` is issued it will be transferred to the Data Provider Premises using the EDC Push Notification. This credential will be placed in a "Verifiable Presentation" aspect called `Attribute Verification Record` that contains the list of verifiable credentials, and it is issued by the Data Provider. -The **Data Consumer** once both aspects are retrieved will be able to verify the specific attributes by hashing the original "Digital Product Pass" and comparing the certified attribute hashes. Additionally, the `CSC` signature will be verified against the wallet from the Data Auditor and the overall signature in the `AMR` will be verified against the wallet of the data provider. +The **Data Consumer** once both aspects are retrieved will be able to verify the specific attributes by hashing the original "Digital Product Pass" and comparing the certified attribute hashes. Additionally, the `CSC` signature will be verified against the wallet from the Data Auditor and the overall signature in the `ACR` will be verified against the wallet of the data provider. If all signature are verified then the data consumer will know that the data certification is still valid and the attributes certified can be trusted! @@ -652,7 +652,7 @@ Additionally, if more specific contexts want to be defined, the following contex - W3C Data Integrity Context: https://w3id.org/security/data-integrity/v2 -For every credential [`Certified Data Credential`](#cdc-json-ld-context-schema), [`Certified Snapshot Credential`](#csc-json-ld-context-schema), [`Attribute Certification Record`](#amr-json-ld-context-schema) the individual JSON-LD context schema specification **MUST** be also added to the `@context` list. +For every credential [`Certified Data Credential`](#cdc-json-ld-context-schema), [`Certified Snapshot Credential`](#csc-json-ld-context-schema), [`Attribute Certification Record`](#acr-json-ld-context-schema) the individual JSON-LD context schema specification **MUST** be also added to the `@context` list. ### Cryptography Signatures & Keys in Self-Descriptions @@ -1582,14 +1582,14 @@ Here is an example of how the Certified Snapshot Credential looks like for a Dig ## Attribute Certification Record Schema -![AMR Schema](./resources/implementation/amr-document-credential.svg) +![ACR Schema](./resources/implementation/acr-document-credential.svg) -The attribute certification record (AMR) is a Verifiable Presentation (VP) file that contains all the certificates (Verifiable Credentials) in the format of Certified Snapshot Credentials. These credentials can be issued from different auditors for different attributes in an Aspect Model Payload. +The attribute certification record (ACR) is a Verifiable Presentation (VP) file that contains all the certificates (Verifiable Credentials) in the format of Certified Snapshot Credentials. These credentials can be issued from different auditors for different attributes in an Aspect Model Payload. -The only requirement is that this attributes belong to a specific submodel referenced in the digital twin. It **MUST** be referenced in the AMR file in the field `origin`, from which file and submodel are the Certified Snapshot Credentials from. +The only requirement is that this attributes belong to a specific submodel referenced in the digital twin. It **MUST** be referenced in the ACR file in the field `origin`, from which file and submodel are the Certified Snapshot Credentials from. > [!NOTE] -> The Attribute Certification Record (AMR) makes reference to a specific file that contains all the certificates. For enableling the storage, access and management of these credentials, and `Attribute Certification Record` can be generated dynamically using an `Attribute Certification Registry (AMReg) Application` which will then generate the Verifiable Presentation Records dynamically. +> The Attribute Certification Record (ACR) makes reference to a specific file that contains all the certificates. For enableling the storage, access and management of these credentials, and `Attribute Certification Record` can be generated dynamically using an `Attribute Certification Registry (ACReg) Application` which will then generate the Verifiable Presentation Records dynamically. ### ACR Credential Fields Definition @@ -1654,7 +1654,7 @@ The Certified Snapshot Credentials listed **MUST** be belonging and linked to th ### ACR Example
-🚀 Expand to see Attribute Certification Record (AMR) Example +🚀 Expand to see Attribute Certification Record (ACR) Example ```json { @@ -1662,7 +1662,7 @@ The Certified Snapshot Credentials listed **MUST** be belonging and linked to th "https://www.w3.org/ns/credentials/v2", "https://w3c.github.io/vc-jws-2020/contexts/v1/", "https://w3id.org/security/data-integrity/v2", - "https://raw.githubusercontent.com/eclipse-tractusx/digital-product-pass/main/dpp-verification/schemas/amr/1.0.0/attributeCertificationRecord.jsonld" + "https://raw.githubusercontent.com/eclipse-tractusx/digital-product-pass/main/dpp-verification/schemas/acr/1.0.0/attributeCertificationRecord.jsonld" ], "type": [ "VerifiablePresentation", @@ -1931,18 +1931,18 @@ Therefore, every aspect model used **MUST** follow the idShort defined in the co The Attribute Certification Record submodel contains the reference to the verifiable presentation with the different attribute verification Certified Snapshot Credentials(CSC). -For the AMR submodel the following structure **MUST** be followed. +For the ACR submodel the following structure **MUST** be followed. -### AMR Semantic ID Keys +### ACR Semantic ID Keys | Type | Value | Description | | --- | -- | -- | | `Entity` | `https://www.w3.org/ns/credentials/v2` | Verifiable Credential Version | -| `DataElement` | `urn:samm:io.catenax.dpp_verification.amr:1.0.0#AttributeCertificationRecord` | Attribute Certification Record Version | +| `DataElement` | `urn:samm:io.catenax.dpp_verification.acr:1.0.0#AttributeCertificationRecord` | Attribute Certification Record Version | | `Submodel` | `urn:samm:io.catenax.generic.digital_product_passport:5.0.0#DigitalProductPassport` | The semanticId from the semantic model attributes certified in the CSC contained in the `verifiableCredential` field in the Verifiable Presentation. | | `Operation` | `https://w3c.github.io/vc-jws-2020/contexts/v1/` | The version and context of the signature type used in the credential | -### AMR ID Short +### ACR ID Short For easing the identification of the Attribute Verification the following structure of ID short was chosen to link the submodels inside a digital twin. @@ -1960,7 +1960,7 @@ Since every aspect model has a standardized idShort the following structure was By concatenating the "Verification" sufix the consumer applications are able to identify to each idShort in the digital twin submodel list. For every standardized aspect model, an idShort **MUST** be provided. This same idShort shall then be provided as a prefix. -### AMR Submodel Example +### ACR Submodel Example ```json { @@ -1997,7 +1997,7 @@ By concatenating the "Verification" sufix the consumer applications are able to }, { "type": "DataElement", - "value": "urn:samm:io.catenax.dpp_verification.amr:1.0.0#AttributeCertificationRecord" + "value": "urn:samm:io.catenax.dpp_verification.acr:1.0.0#AttributeCertificationRecord" }, { "type": "Submodel", @@ -2038,7 +2038,7 @@ When implementing the Digital Product Pass Verification PoC the following challa | Challenge | Description | Solution | | --- | --- | --- | -| **First Implementation and Data Verification Concept in Catena-X** | +| **First Implementation and Data Verification Concept in Catena-X** | Since this was the first implementation of a verification concept in Catena-X there were many unclear points to be clarified with the community. Open points like, if there was already a solution available in Catena-X, what was the opinion of the core architecture team and if it would work using Catena-X Architecture | Broadcasted the message that this concept was being built for the Digital Product Pass and could be used for other products/data models. Conducted several meetings with different products and iniciatives that were interested in the concept. In [Previous Investigation](#previous-investigation) all the resumed findings are documented. The concept was also anounced in the Second Tractus-X Community Days, giving more audience to the topic. As author of this concept and implementation we could only visualize positive feedbacks from the Catena-X Community. | | **The Managed Identity Wallet Component is not Ready** | The MIW Wallet is not ready for signing Aspect Model Verifiable Credentials. And it is currently not decentraly available for each party to host. It is currently just hosted by the data space operator. It is designed to host the "member" credentials and enable the EDC communication with SSI. | Design and Implement a MVP Wallet. There was developed a [simple-wallet](./simple-wallet/) component for issuing and verifying the credentials, imitating the MIW functionality and methods. | | **There are no JSON-LD contexts for the standardized SAMM Models** | Currently there is no open-source component that transforms JSON Schemas into JSON-LD Contexts. This blocks the credentials to be included in the JSON-LD documents, because the attributes are not in context. | As a solution to this problem an **'adapter'** was developed in the wallet an [add-on that convert SAMM Models JSON Schemas into valid JSON-LD contexts](./simple-wallet/passport/sammSchemaParser.py). In this way any Aspect Model Payload can be referenced in a Verifiable Credential. By calling the `/context` API any JSON Schema can be converted. | @@ -2311,8 +2311,6 @@ No content with copyright was copied. All the information used as reference in t | IDTA AAS 3.0 Standard | IDTA | April 2023 | https://industrialdigitaltwin.org/wp-content/uploads/2023/04/IDTA-01002-3-0_SpecificationAssetAdministrationShell_Part2_API.pdf | | SHA-3 Standard | U.S. Federal Infromation Technology Laboratory | August 2015 | https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf | - - # Special Thanks We would like to thank [Matthias Binzer](https://github.com/matgnt) for contributing in the refactoring of the initial concept by giving some insights on how he has done the Supply Chain data integrity concept using Verifiable Credentials (TRS) Data Integrity Demonstrator. He supported us on finding a way and giving the hints for maintaining selective disclosure when it comes to verify specific attributes from an aspect. @@ -2320,7 +2318,6 @@ We also thank for all the Platform Capability Architects for their disposition f Furthermore, we thank the managed identify wallets product owner for the support and availability for answering questions which were relevant to the adaptation of the concept to the architecture. Last but not least a special thanks for all the Tractus-X and Catena-X Stakeholders that participated in the elaboration and review of this concept. - # Glossary Here are the abbreviations and complete terms used during the @@ -2352,8 +2349,8 @@ explanation of this Certification and Verification Concept. | TTL | Terse RDF Triple Language | | VC | Verifiable Credential | | VP | Verifiable Presentation | -| AMReg | Attribute Certification Registry | -| AMR | Attribute Certification Record | +| ACReg | Attribute Certification Registry | +| ACR | Attribute Certification Record | | W3C | World Wide Web Consortium | ## NOTICE diff --git a/dpp-verification/charts/simple-wallet/values.yaml b/dpp-verification/charts/simple-wallet/values.yaml index 6297beeea..579b0dcde 100644 --- a/dpp-verification/charts/simple-wallet/values.yaml +++ b/dpp-verification/charts/simple-wallet/values.yaml @@ -83,7 +83,7 @@ ingress: nginx.ingress.kubernetes.io/ssl-passthrough: "false" nginx.ingress.kubernetes.io/backend-protocol: "HTTP" hosts: - - host: &hostname "dpp-wallet.int.demo.catena-x.net" + - host: &hostname "dpp-wallet.int.catena-x.net" paths: - path: / pathType: Prefix diff --git a/dpp-verification/resources/implementation/amr-document-credential.svg b/dpp-verification/resources/implementation/acr-document-credential.svg similarity index 100% rename from dpp-verification/resources/implementation/amr-document-credential.svg rename to dpp-verification/resources/implementation/acr-document-credential.svg diff --git a/dpp-verification/resources/processes/amr-credential-resume.svg.license b/dpp-verification/resources/implementation/acr-document-credential.svg.license similarity index 100% rename from dpp-verification/resources/processes/amr-credential-resume.svg.license rename to dpp-verification/resources/implementation/acr-document-credential.svg.license diff --git a/dpp-verification/resources/processes/amr-credential-resume.svg b/dpp-verification/resources/processes/acr-credential-resume.svg similarity index 100% rename from dpp-verification/resources/processes/amr-credential-resume.svg rename to dpp-verification/resources/processes/acr-credential-resume.svg diff --git a/dpp-verification/resources/processes/amr-document-credential-resume.svg.license b/dpp-verification/resources/processes/acr-credential-resume.svg.license similarity index 100% rename from dpp-verification/resources/processes/amr-document-credential-resume.svg.license rename to dpp-verification/resources/processes/acr-credential-resume.svg.license diff --git a/dpp-verification/resources/processes/amr-document-credential-resume.svg b/dpp-verification/resources/processes/acr-document-credential-resume.svg similarity index 100% rename from dpp-verification/resources/processes/amr-document-credential-resume.svg rename to dpp-verification/resources/processes/acr-document-credential-resume.svg diff --git a/dpp-verification/resources/processes/acr-document-credential-resume.svg copy.license b/dpp-verification/resources/processes/acr-document-credential-resume.svg copy.license new file mode 100644 index 000000000..6ae72333e --- /dev/null +++ b/dpp-verification/resources/processes/acr-document-credential-resume.svg copy.license @@ -0,0 +1,13 @@ +## NOTICE + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023, 2024 BMW AG +- SPDX-FileCopyrightText: 2023, 2024 CGI Deutschland B.V. & Co. KG +- SPDX-FileCopyrightText: 2024 Contributors to the Eclipse Foundation +- Source URL: https://github.com/eclipse-tractusx/digital-product-pass + +## AUTHORS + +- [Mathias Brunkow Moser](https://github.com/matbmoser) diff --git a/dpp-verification/schemas/amr/1.0.0/attributeCertificationRecord.jsonld b/dpp-verification/schemas/acr/1.0.0/attributeCertificationRecord.jsonld similarity index 85% rename from dpp-verification/schemas/amr/1.0.0/attributeCertificationRecord.jsonld rename to dpp-verification/schemas/acr/1.0.0/attributeCertificationRecord.jsonld index ab9608dfc..641d48da7 100644 --- a/dpp-verification/schemas/amr/1.0.0/attributeCertificationRecord.jsonld +++ b/dpp-verification/schemas/acr/1.0.0/attributeCertificationRecord.jsonld @@ -14,25 +14,25 @@ "@context": { "@definition": "The DID Reference, link to the verifiable credential, or link to specific submodel in the dataModel" }, - "@id": "amr:id", + "@id": "acr:id", "@type": "schema:string" }, "semanticId": { "@context": { "@definition": "The property which contains the semantic id string of the credential subject. It contains the complete identification of which aspect model version its contained. The key can be used to find the model information in the expanded JSON-LD." }, - "@id": "amr:semanticId", + "@id": "acr:semanticId", "@type": "schema:string" }, "type": "@type" }, - "@id": "amr:submodel" + "@id": "acr:submodel" }, "type": "@type" }, - "@id": "amr:AttributeCertificationRecord" + "@id": "acr:AttributeCertificationRecord" }, - "amr": "urn:samm:io.catenax.dpp_verification.amr:1.0.0#", + "acr": "urn:samm:io.catenax.dpp_verification.acr:1.0.0#", "schema": "https://schema.org/" } } \ No newline at end of file diff --git a/dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/AttributeCertificationRecord.ttl b/dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/AttributeCertificationRecord.ttl similarity index 98% rename from dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/AttributeCertificationRecord.ttl rename to dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/AttributeCertificationRecord.ttl index 479f13628..1387b446b 100644 --- a/dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/AttributeCertificationRecord.ttl +++ b/dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/AttributeCertificationRecord.ttl @@ -23,7 +23,7 @@ @prefix rdf: . @prefix rdfs: . @prefix xsd: . -@prefix : . +@prefix : . :AttributeCertificationRecord a samm:Aspect ; samm:preferredName "AttributeCertificationRecord"@en ; diff --git a/dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-Example-Expanded.jsonld b/dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-Example-Expanded.jsonld similarity index 100% rename from dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-Example-Expanded.jsonld rename to dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-Example-Expanded.jsonld diff --git a/dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-Example.jsonld b/dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-Example.jsonld similarity index 100% rename from dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-Example.jsonld rename to dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-Example.jsonld diff --git a/dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-sample.json b/dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-sample.json similarity index 100% rename from dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-sample.json rename to dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-sample.json diff --git a/dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-schema.json b/dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-schema.json similarity index 100% rename from dpp-verification/semantics/io.catenax.dpp_verification.amr/1.0.0/gen/AttributeCertificationRecord-schema.json rename to dpp-verification/semantics/io.catenax.dpp_verification.acr/1.0.0/gen/AttributeCertificationRecord-schema.json