diff --git a/edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault/README.md b/edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault/README.md new file mode 100644 index 0000000000..961933bd1c --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault/README.md @@ -0,0 +1,9 @@ +# con-x-controlplane-postgresql-hashicorp-vault Module + +## Building + +From the project root directory, run + +```shell +./gradlew :edc-controlplane:edc-controlplane-construct-x:con-x-controlplane-postgres-hashicorp-vault:dockerize +``` diff --git a/edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault/build.gradle.kts b/edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault/build.gradle.kts new file mode 100644 index 0000000000..073b26db84 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/con-x-controlplane-postgresql-hashicorp-vault/build.gradle.kts @@ -0,0 +1,54 @@ +/******************************************************************************** + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * Copyright (c) 2026 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) + * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +plugins { + `java-library` + id("application") + alias(libs.plugins.shadow) +} + +dependencies { + val edcVersion = "0.14.1" + val txVersion = "0.11.2" + implementation("org.eclipse.edc:controlplane-dcp-bom:$edcVersion") + implementation("org.eclipse.edc:controlplane-feature-sql-bom:$edcVersion") + + implementation("org.eclipse.edc:vault-hashicorp:$edcVersion") + implementation("org.eclipse.tractusx.edc:agreements:$txVersion") + implementation("org.eclipse.tractusx.edc:retirement-evaluation-store-sql:$txVersion") + implementation("org.eclipse.tractusx.edc:control-plane-migration:$txVersion") + implementation("org.eclipse.tractusx.edc:tx-dcp:${txVersion}") +} + +tasks.withType { + mergeServiceFiles() + duplicatesStrategy = DuplicatesStrategy.INCLUDE + archiveFileName.set("con-x-controlplane-postgresql-hashicorp-vault.jar") + transform(com.github.jengelman.gradle.plugins.shadow.transformers.Log4j2PluginsCacheFileTransformer()) +} + +tasks.named("build") { + dependsOn(tasks.named("shadowJar")) +} + +application { + mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") +} \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/README.md b/edc-controlplane/edc-controlplane-construct-x/local/README.md new file mode 100644 index 0000000000..3437480e05 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/README.md @@ -0,0 +1,75 @@ +# local docker based testbed + + +This docker-compose.yaml provides you a minimal environment for testing a pair of construct-x-edc's against each other. + +Before anything else, please make sure you have the docker images for con-x-controlplane-postgresql-hashicorp-vault in your local docker repository, see [here](../con-x-controlplane-postgresql-hashicorp-vault/README.md) and [here](../../../edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/README.md). + +Beyond that, you need to obtain the docker images needed to run the identity hub and the issuer services. In order to do so, please checckout this [repository](https://github.com/FraunhoferISST/dev-identity-services) and clone it onto your local machine. The upper section of this [README](https://github.com/FraunhoferISST/dev-identity-services/blob/main/runtimes/dev/README.md) informs +you about the steps necessary to create the docker images. + + +### Start the environment +Now we are ready to start the environment. For that, please run + +``` +docker compose up +``` + +Then please use the attached Bruno collection. ([Bruno](https://www.usebruno.com/) is a convenient http client, which +you should install, if you haven't already.) In order to this, choose the "open" (not "import") option item in the Bruno UI and select the respective [folder](bruno/con-x-local-test). After that, please use the icon in the upper right corner +of the Bruno GUI to select the environment (which stores the variables, that the requests will need). + +In that collection you should first run the requests of the ´identities´ folder. +After you have completed all required steps, the provider and the consumer identity are onboarded in your own dataspace +and ready to interact with each other. + +Now you are ready to perform a simple contract negotiation and data transfer between these two actors. + +Be sure to also read the documentation that is attached to the folders in the Bruno collection. You may also want to +check the pre- and postrequest scripts of many requests, because they may give you further insights. + +In a nutshell, we are presenting the following workflows here: + +### Create an issuer-participant + +The issuer-participant will act as the dataspaces' trusted issuer. This issuer is mandated to sign and hand +out verifiable credentials, which the members of the dataspace can use to prove their membership (or potentially other +relevant properties of themselves) to other partners in the same dataspace. After the registration of the issuer we are +also providing the basic definition of the credential that shall be issued. And we also need register the expected ( +user-) members of the dataspace at the issuer service. + +### Create a consumer and a provider identity + +Somewhat similar to the creation of the issuer, we will now create a consumer and a provider identity on their +respective wallets (i.e. identity hubs). After the creation, we receive an api token and a sts secret from the identity +hub. The sts secret is essential for operating the edc. So we need to store that in the hashicorp vault under a given +secret alias, so that the edc can use it later. Also, we can take a look at the DID document, that was generated on the +identity hubs. And we need to tell our identity hub, that we want to request a membership token from the trusted issuer. + +When this is done, we can have a look at the credentials, that the issuer hopefully delivered to consumer and provider +respectively. And we can also do some kind of a simulated DCP flow with the just created credentials. Please see the +documentation in the Bruno collection if you are interested in learning some more details (though that is directed at +the more advanced members of the audience here, beginners can definitely skip that part). + +### Do a transaction between provider and consumer + +Finally, we are ready now to do a more or less 'normal' DSP/DCP protocol backed transaction between the consumer and the +provider. I.e. firstly we need the provider to prepare a data asset, which the consumer can negotiate with him for. Then +the consumer +can discover this asset via a catalog request towards the provider edc, initiate a negotiation and a transfer. If you +are interested +in a more detailed explanation of these interactions, please see +the [EDC Samples](https://github.com/eclipse-edc/Samples/tree/main/transfer). + +When you're done testing and want to end your session (using 'CTRL-C' on the terminal, where you started docker +compose), +you may want to run + +``` +docker compose down -v +``` + +This will delete the data from your previous session and ensure, that the next time, you are starting this, you will +have no data remnants in your containers, which may cause confusion or conflicts, when you start the docker-compose.yaml +and the requests of the Bruno collection later again. diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/logging.properties b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/logging.properties new file mode 100644 index 0000000000..5c9a7fbcb3 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/logging.properties @@ -0,0 +1,18 @@ +handlers = java.util.logging.ConsoleHandler + +# Console Handler Config + +java.util.logging.ConsoleHandler.formatter = org.eclipse.tractusx.identityhub.monitor.ColorfulFormatter +java.util.logging.ConsoleHandler.level = FINE + +# Root level und Package-level + +.level = INFO +jakarta.json.level = OFF +jdk.event.level = OFF +okhttp3.internal.level = OFF +org.eclipse.edc.level = FINE +org.flywaydb.level = OFF +org.glassfish.level = OFF +org.jvnet.level = OFF +org.postgresql.level = OFF \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/mc-cred-def.json b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/mc-cred-def.json new file mode 100644 index 0000000000..9defee0bfa --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/mc-cred-def.json @@ -0,0 +1,10 @@ +{ + "MC-Cred-Def": { + "blackList": [], + "default": { + "credentialSubject": { + "isMember": true + } + } + } +} \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/pg_init/pg_init.sql b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/pg_init/pg_init.sql new file mode 100644 index 0000000000..398f848aac --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/pg_init/pg_init.sql @@ -0,0 +1,8 @@ + CREATE DATABASE iss_db; + CREATE DATABASE cons_ih_db; + CREATE DATABASE prov_ih_db; + CREATE DATABASE cons_cpl; + CREATE DATABASE cons_dpl; + CREATE DATABASE prov_cpl; + CREATE DATABASE prov_dpl; + diff --git a/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh new file mode 100644 index 0000000000..361682921c --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/additional_config/vault-init.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -euo pipefail + +VAULT="${VAULT_ADDR:-http://shared-vault:8200}" +TOKEN="${VAULT_TOKEN:?missing VAULT_TOKEN}" + +# function that creates and deploys a rsa keypair: + +create_and_store_keypair() { + local prefix=$1 + + # create rsa keypair + openssl genrsa -out /tmp/${prefix}_priv_pkcs1.pem 2048 + openssl pkcs8 -topk8 -nocrypt -in /tmp/${prefix}_priv_pkcs1.pem -out /tmp/${prefix}_priv.pem + openssl rsa -in /tmp/${prefix}_priv_pkcs1.pem -pubout -out /tmp/${prefix}_pub.pem + + # deploy secrets to vault + jq -n --rawfile content /tmp/${prefix}_priv.pem '{data:{content:$content}}' | \ + curl -fsS -H "X-Vault-Token: $TOKEN" -H "Content-Type: application/json" \ + -X POST --data-binary @- "$VAULT/v1/secret/data/${prefix}_priv" + + jq -n --rawfile content /tmp/${prefix}_pub.pem '{data:{content:$content}}' | \ + curl -fsS -H "X-Vault-Token: $TOKEN" -H "Content-Type: application/json" \ + -X POST --data-binary @- "$VAULT/v1/secret/data/${prefix}_pub" + + # cleanup temp files + rm -f /tmp/${prefix}_priv_pkcs1.pem /tmp/${prefix}_priv.pem /tmp/${prefix}_pub.pem +} + +# create keypair for consumer and provider dataplane: + +create_and_store_keypair "cons" +create_and_store_keypair "prov" \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/bruno.json b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/bruno.json new file mode 100644 index 0000000000..6a1eba3dd3 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/bruno.json @@ -0,0 +1,9 @@ +{ + "version": "1", + "name": "con-x-local-test", + "type": "collection", + "ignore": [ + "node_modules", + ".git" + ] +} \ No newline at end of file diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru new file mode 100644 index 0000000000..09f0b73b0e --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/environments/local-con-x-env.bru @@ -0,0 +1,35 @@ +vars { + ISSUER_DID_API: http://localhost:10000 + ISSUER_ID_API: http://localhost:10100/api/identity + ISSUER_ISS_API: http://localhost:10200/api/issuer + CONSUMER_IDHUB_DID_API: http://localhost:20000 + CONSUMER_IDHUB_ID_API: http://localhost:20100/api/identity + CONSUMER_IDHUB_STS_API: http://localhost:20500/api/sts + CONSUMER_IDHUB_CREDS_API: http://localhost:20600/api/credentials + ISSUER_APIKEY: ZGlkOndlYjpsb2NhbC1pc3N1ZXItc2VydmljZTpmeC1pc3N1ZXI=.CmYgVcuzneJXqzcbj7vmld5feejy6OguIylflSrz6WTjG1HNQRvO62EafFrQjS/lVlZAwiwz2rwwZgXrbpyhcg== + CONSUMER_IH_APIKEY: ZGlkOndlYjpsb2NhbC11c2VyLWlkaHViOnVzZXI6Y29uc3VtZXI=.ObFly02OtymUNRE43uH9SblWVtsZH0NMddgm1dFYQXRekO3qXX+rHFV7NvM+DUW3lcA2PbILt5rwWYEqm7WNgw== + PROVIDER_IH_APIKEY: ZGlkOndlYjpsb2NhbC11c2VyLWlkaHViOnVzZXI6cHJvdmlkZXI=.Knip+hedL63qedBQfOvZhhrF2ooSCfP2YgjONvtmehofor2ejdw/en0MAXDBZEcXrCwYNppDMNFDsRlG5rB/Mw== + VAULTURL: http://localhost:8200 + CONSUMER_STS_SECRET: VD0q6jOEyslSeFV2 + PROVIDER_STS_SECRET: XjDk9ncaJSrSfkQW + PROVIDER_MANAGEMENT: http://localhost:39010/management + CONSUMER_MANAGEMENT: http://localhost:29010/management + PROVIDER_DATAPLANE_PUBLIC: http://localhost:9500/public + PROVIDER_IDHUB_DID_API: http://localhost:21000 + PROVIDER_IDHUB_ID_API: http://localhost:21100/api/identity + PROVIDER_IDHUB_STS_API: http://localhost:21500/api/sts + PROVIDER_IDHUB_CREDS_API: http://localhost:21600/api/credentials + ISS_ID: did:web:local-issuer-service:con-x-issuer + CONS_ID: did:web:consumer-idhub:user:consumer + PROV_ID: did:web:provider-idhub:user:provider + B64_ISS_ID: + B64_CONS_ID: + B64_PROV_ID: + cons_access_token: eyJraWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIja2V5LTEiLCJhbGciOiJFZDI1NTE5In0.eyJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIiLCJuYmYiOjE3NzAyNzg5NTQsInNjb3BlIjoib3JnLmVjbGlwc2UudHJhY3R1c3gudmMudHlwZTpNZW1iZXJzaGlwQ3JlZGVudGlhbDpyZWFkIiwiaXNzIjoiZGlkOndlYjpjb25zdW1lci1pZGh1Yjp1c2VyOmNvbnN1bWVyIiwiZXhwIjoxNzcwMjc5MjU0LCJpYXQiOjE3NzAyNzg5NTQsImp0aSI6ImFjY2Vzc3Rva2VuLTcxYThmNTA5LTgwYTktNDMwZC1iMjU0LTMxNGFiYTBkNjY5OSJ9.ipRpdi_Ekh7y4IIqhqLgHU35Fn7NNkv6e6hILXy8pZObdy33y3MKppI61424eyHwqzmh7X2kwV2S5gDy3aOKCQ + prov_access_token: eyJraWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIja2V5LTEiLCJhbGciOiJFZDI1NTE5In0.eyJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkaHViOnVzZXI6cHJvdmlkZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJuYmYiOjE3NzAyNzg5NTUsImlzcyI6ImRpZDp3ZWI6cHJvdmlkZXItaWRodWI6dXNlcjpwcm92aWRlciIsImV4cCI6MTc3MDI3OTI1NSwiaWF0IjoxNzcwMjc4OTU1LCJqdGkiOiJkNjA0MTVjOS1kMGM0LTRiNWQtYjI4My01ZmNmYjhlMDY2OGQiLCJ0b2tlbiI6ImV5SnJhV1FpT2lKa2FXUTZkMlZpT21OdmJuTjFiV1Z5TFdsa2FIVmlPblZ6WlhJNlkyOXVjM1Z0WlhJamEyVjVMVEVpTENKaGJHY2lPaUpGWkRJMU5URTVJbjAuZXlKaGRXUWlPaUprYVdRNmQyVmlPbU52Ym5OMWJXVnlMV2xrYUhWaU9uVnpaWEk2WTI5dWMzVnRaWElpTENKemRXSWlPaUprYVdRNmQyVmlPbkJ5YjNacFpHVnlMV2xrYUhWaU9uVnpaWEk2Y0hKdmRtbGtaWElpTENKdVltWWlPakUzTnpBeU56ZzVOVFFzSW5OamIzQmxJam9pYjNKbkxtVmpiR2x3YzJVdWRISmhZM1IxYzNndWRtTXVkSGx3WlRwTlpXMWlaWEp6YUdsd1EzSmxaR1Z1ZEdsaGJEcHlaV0ZrSWl3aWFYTnpJam9pWkdsa09uZGxZanBqYjI1emRXMWxjaTFwWkdoMVlqcDFjMlZ5T21OdmJuTjFiV1Z5SWl3aVpYaHdJam94Tnpjd01qYzVNalUwTENKcFlYUWlPakUzTnpBeU56ZzVOVFFzSW1wMGFTSTZJbUZqWTJWemMzUnZhMlZ1TFRjeFlUaG1OVEE1TFRnd1lUa3RORE13WkMxaU1qVTBMVE14TkdGaVlUQmtOalk1T1NKOS5pcFJwZGlfRWtoN3k0SUlxaHFMZ0hVMzVGbjdOTmt2NmU2aElMWHk4cFpPYmR5MzN5M01LcHBJNjE0MjRleUh3cXptaDdYMmt3VjJTNWdEeTNhT0tDUSJ9.42YDTnuzZ0RprqLjFw6hUoAXrgpPxyzKNFrqLdbWz6HXAiujkq32QAFU-M9gtQ0hMNcjshRZUX6DryBWxhGNDw + offerId: MQ==:YXNzZXRJZA==:MDFhN2ZjYWYtODgzOS00N2JmLTllZDAtM2Y0YjliMTFiOWM5 + negotiation-id: 3745ad50-6b99-4142-bf1a-509b3d0e313d + contractId: 3345f7f1-f735-4c92-8aa2-6e137203b2f9 + transferId: 3ebe55c6-900a-4c03-b213-20c5c3f0274d + pullSecret: eyJraWQiOiJwcm92X3B1YiIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJhbm9ueW1vdXMiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkaHViOnVzZXI6Y29uc3VtZXIiLCJzdWIiOiJhbm9ueW1vdXMiLCJpYXQiOjE3NzAyNzg5ODgsImp0aSI6IjUwYWQxMjk3LWZhN2QtNDI0ZC1hNjBhLTg5M2MwMGE4OTZhYyJ9.GkSz0qXhFmqPaLQpfPLkAvODX-iekoAQvLh3Kglhm7DApNF3PsGnv-Qzm7m8eNAqTUTWB9XXkRng_XqWmuAd-FWvzwG8d7ZaAahuykkOgX1W7vHWBMdJa-zvNm0cnzm-TQLWYCU-tDSKk_g_UrDUaFf9Jdq-avCoer3wcZrEmrf0K4o_WWs-l5hZEfDIOYHRsgoCY3P8pMcZYRjV57zdLUDl9SvLuCRR0ex0fKxJ2pb7mlaCL5ooD6fRaqWyrLvrIKZaDYfwKrX7IRJT9ePKyls9VKA9JBakh676L0jBr5-2TYG3uE9Xhyv4CZlqyck-_NyiL4Jao8-lL5FVCbPDVQ +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru new file mode 100644 index 0000000000..679b88d710 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowConsumerCredentials.bru @@ -0,0 +1,20 @@ +meta { + name: ShowConsumerCredentials + type: http + seq: 1 +} + +get { + url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/credentials + body: none + auth: none +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials copy.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials copy.bru new file mode 100644 index 0000000000..7f724a746d --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/ShowProviderCredentials copy.bru @@ -0,0 +1,20 @@ +meta { + name: ShowProviderCredentials copy + type: http + seq: 2 +} + +get { + url: {{PROVIDER_IDHUB_ID_API}}/v1alpha/credentials + body: none + auth: none +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/folder.bru new file mode 100644 index 0000000000..d3d84605ee --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Inspect Outcome/folder.bru @@ -0,0 +1,12 @@ +meta { + name: Inspect Outcome + seq: 4 +} + +auth { + mode: inherit +} + +docs { + Here we are taking a look at the credentials, that the trusted issuer created for the participants. +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru new file mode 100644 index 0000000000..cf4cd0ae28 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/CreateConsumerParticipant.bru @@ -0,0 +1,59 @@ +meta { + name: CreateConsumerParticipant + type: http + seq: 1 +} + +post { + url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/participants + body: json + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +body:json { + { + "roles":[], + "serviceEndpoints":[{ + "id": "ConsumerCredentialService-ID", + "type": "CredentialService", + "serviceEndpoint": "http://consumer-idhub:13131/api/credentials/v1/participants/{{B64_CONS_ID}}" + }], + "active": true, + "participantContextId": "did:web:consumer-idhub:user:consumer", + "did": "did:web:consumer-idhub:user:consumer", + "key":{ + "keyId": "did:web:consumer-idhub:user:consumer#key-1", + "privateKeyAlias": "did:web:consumer-idhub:user:consumer-alias", + "keyGeneratorParams":{ + "algorithm": "EdDSA", + "curve": "Ed25519" + } + } + } +} + +script:pre-request { + const btoa = require("btoa"); + const cons_id = bru.getEnvVar("CONS_ID"); + bru.setEnvVar("B64_CONS_ID", btoa(cons_id)); +} + +script:post-response { + const apiKey = res.getBody().apiKey.trim(); + if (apiKey) { + bru.setEnvVar("CONSUMER_IH_APIKEY", apiKey); + } + const stsSecret = res.getBody().clientSecret.trim(); + if (stsSecret) { + bru.setEnvVar("CONSUMER_STS_SECRET", stsSecret) + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru new file mode 100644 index 0000000000..fdb531e548 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/Get Consumer DID Doc.bru @@ -0,0 +1,20 @@ +meta { + name: Get Consumer DID Doc + type: http + seq: 2 +} + +get { + url: {{CONSUMER_IDHUB_DID_API}}/user/consumer + body: none + auth: inherit +} + +headers { + Host: consumer-idhub +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru new file mode 100644 index 0000000000..caa59e2563 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/RequestConsumerCredential.bru @@ -0,0 +1,34 @@ +meta { + name: RequestConsumerCredential + type: http + seq: 3 +} + +post { + url: {{CONSUMER_IDHUB_ID_API}}/v1alpha/participants/{{B64_CONS_ID}}/credentials/request + body: json + auth: none +} + +body:json { + { + "issuerDid": "{{ISS_ID}}", + "credentials": [{ + "format": "VC1_0_JWT", + "type": "MembershipCredential", + "id": "MC-Cred-Def" + }] + } +} + +script:pre-request { + const btoa = require("btoa"); + const cons_id = bru.getEnvVar("CONS_ID"); + bru.setEnvVar("B64_CONS_ID", btoa(cons_id)); + req.setHeader("x-api-key", bru.getEnvVar("CONSUMER_IH_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/VaultSecret test.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/VaultSecret test.bru new file mode 100644 index 0000000000..6e3a7833dc --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/VaultSecret test.bru @@ -0,0 +1,20 @@ +meta { + name: VaultSecret test + type: http + seq: 5 +} + +get { + url: {{VAULTURL}}/v1/secret/data/consumersecret + body: none + auth: inherit +} + +headers { + X-Vault-Token: vaultsecret0123456789 +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/VaultSecret.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/VaultSecret.bru new file mode 100644 index 0000000000..b12519e226 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/VaultSecret.bru @@ -0,0 +1,28 @@ +meta { + name: VaultSecret + type: http + seq: 4 +} + +post { + url: {{VAULTURL}}/v1/secret/data/consumersecret + body: json + auth: inherit +} + +headers { + X-Vault-Token: vaultsecret0123456789 +} + +body:json { + { + "data": { + "content": "{{CONSUMER_STS_SECRET}}" + } + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/folder.bru new file mode 100644 index 0000000000..e92dbb38da --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Consumer ID/folder.bru @@ -0,0 +1,13 @@ +meta { + name: Prepare Consumer ID + seq: 2 +} + +auth { + mode: inherit +} + +docs { + The requests in this folder are necessary for creating the identity of the consumer participant. + We are doing an initial registration at the identity hub. Then we take a look at the created DID document. Then we trigger a credential request toward the trusted issuer. And also, we are storing the STS secret that the identity hub gave us, at the vault. +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru new file mode 100644 index 0000000000..92ac1fc389 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/CreateIssuerParticipant.bru @@ -0,0 +1,57 @@ +meta { + name: CreateIssuerParticipant + type: http + seq: 1 +} + +post { + url: {{ISSUER_ID_API}}/v1alpha/participants + body: json + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +body:json { + { + "roles": [], + "serviceEndpoints": [ + { + "id": "Issuer-IssuerService", + "type": "IssuerService", + "serviceEndpoint": "http://local-issuer-service:13132/api/issuance/v1alpha/participants/{{B64_ISS_ID}}" + } + ], + "active": true, + "participantContextId": "{{ISS_ID}}", + "did": "{{ISS_ID}}", + "key": { + "keyId": "{{ISS_ID}}#key-1", + "privateKeyAlias": "{{ISS_ID}}-alias", + "keyGeneratorParams": { + "algorithm": "EdDSA", + "curve": "Ed25519" + } + } + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); +} + +script:post-response { + const apiKey = res.getBody().apiKey.trim(); + if (apiKey) { + bru.setEnvVar("ISSUER_APIKEY", apiKey); + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/GetConfig.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/GetConfig.bru new file mode 100644 index 0000000000..03b59dab22 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/GetConfig.bru @@ -0,0 +1,26 @@ +meta { + name: GetConfig + type: http + seq: 1 +} + +get { + url: {{ISSUER_ISS_API}}/v1alpha/credentialsetup/{{B64_ISS_ID}} + body: none + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/SetConfig.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/SetConfig.bru new file mode 100644 index 0000000000..b20210edde --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/SetConfig.bru @@ -0,0 +1,39 @@ +meta { + name: SetConfig + type: http + seq: 2 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/credentialsetup/{{B64_ISS_ID}} + body: json + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +body:json { + { + "MC-Cred-Def": { + "blackList": [], + "default": { + "credentialSubject": { + "isMember": true + } + } + } + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/folder.bru new file mode 100644 index 0000000000..b4adf7b488 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/Optionalconfig/folder.bru @@ -0,0 +1,16 @@ +meta { + name: Optionalconfig +} + +auth { + mode: inherit +} + +docs { + The requests in this folder are only for advanced users who are interested in creating different types of credentials. Other users can safely ignore this. + + Additional info can be found here: + + https://github.com/factory-x-contributions/fx-id-hub-charts/tree/feat/quickfix_main/extensions/quickfix + +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru new file mode 100644 index 0000000000..2fed748a75 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addConsumerHolder.bru @@ -0,0 +1,35 @@ +meta { + name: addConsumerHolder + type: http + seq: 2 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/holders + body: json + auth: inherit +} + +body:json { + { + "holderId" : "{{CONS_ID}}", + "did" : "{{CONS_ID}}", + "name" : "{{CONS_ID}}" + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + + const cons_id = bru.getEnvVar("CONS_ID"); + bru.setEnvVar("B64_CONS_ID", btoa(cons_id)); + + req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru new file mode 100644 index 0000000000..d31390290d --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/addProviderHolder.bru @@ -0,0 +1,34 @@ +meta { + name: addProviderHolder + type: http + seq: 3 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/holders + body: json + auth: inherit +} + +body:json { + { + "holderId" : "{{PROV_ID}}", + "did" : "{{PROV_ID}}", + "name" : "{{PROV_ID}}" + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + const prov_id = bru.getEnvVar("PROV_ID"); + bru.setEnvVar("B64_PROV_ID", btoa(prov_id)); + + req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createAttestation.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createAttestation.bru new file mode 100644 index 0000000000..05874d6ee5 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createAttestation.bru @@ -0,0 +1,39 @@ +meta { + name: createAttestation + type: http + seq: 4 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/attestations + body: json + auth: none +} + +headers { + ~x-api-key: {{ISSUER_APIKEY}} +} + +body:json { + { + "attestationType": "presentation", + "configuration": { + "credentialType": "MembershipCredential", + "outputClaim": "isMember", + "required": false + }, + "id": "MC-Attestation" + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createCredentialDef.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createCredentialDef.bru new file mode 100644 index 0000000000..e188d5475e --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/createCredentialDef.bru @@ -0,0 +1,38 @@ +meta { + name: createCredentialDef + type: http + seq: 5 +} + +post { + url: {{ISSUER_ISS_API}}/v1alpha/participants/{{B64_ISS_ID}}/credentialdefinitions + body: json + auth: inherit +} + +body:json { + { + "attestations": ["MC-Attestation"], + "credentialType": "MembershipCredential", + "format": "VC1_0_JWT", + "id": "MC-Cred-Def", + "jsonSchema": "{}", + "jsonSchemaUrl": "", + "mappings": [ + ], + "validity": 15552000 + } +} + +script:pre-request { + const btoa = require("btoa"); + const iss_id = bru.getEnvVar("ISS_ID"); + bru.setEnvVar("B64_ISS_ID", btoa(iss_id)); + + req.setHeader("x-api-key", bru.getEnvVar("ISSUER_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/folder.bru new file mode 100644 index 0000000000..ddc334fb1d --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Issuer/folder.bru @@ -0,0 +1,22 @@ +meta { + name: Prepare Issuer + seq: 1 +} + +auth { + mode: inherit +} + +docs { + This folder contains the initial steps for setting up our own dataspace. First, we need to define the participant that is universally trusted by all regular dataspace members, the so-called "trusted issuer". + + First we register him under his own did:web id at the issuer service host. + + Then we will announce the existence of other regular members. This is done in the "addXXXHolder" requests. + + Then we have to tell to issuer participant that there shall be membership credentials, which can be handed out to the entities, which we had announced as holders. + + Since the primary motivation for this collection is not to be a guide for handling the administration of data space issuers, the details of the "createAttestation" and "createCredentialDef" requests don't matter much at this point. It suffices to say that they are technically required to enable the credential issuance process. + + +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru new file mode 100644 index 0000000000..2c43e1e115 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/CreateProviderParticipant.bru @@ -0,0 +1,59 @@ +meta { + name: CreateProviderParticipant + type: http + seq: 1 +} + +post { + url: {{PROVIDER_IDHUB_ID_API}}/v1alpha/participants + body: json + auth: inherit +} + +headers { + x-api-key: YWRtaW4.adminKey +} + +body:json { + { + "roles":[], + "serviceEndpoints":[{ + "id": "ConsumerCredentialService-ID", + "type": "CredentialService", + "serviceEndpoint": "http://provider-idhub:13131/api/credentials/v1/participants/{{B64_PROV_ID}}" + }], + "active": true, + "participantContextId": "{{PROV_ID}}", + "did": "{{PROV_ID}}", + "key":{ + "keyId": "{{PROV_ID}}#key-1", + "privateKeyAlias": "{{PROV_ID}}-alias", + "keyGeneratorParams":{ + "algorithm": "EdDSA", + "curve": "Ed25519" + } + } + } +} + +script:pre-request { + const btoa = require("btoa"); + const prov_id = bru.getEnvVar("PROV_ID"); + bru.setEnvVar("B64_PROV_ID", btoa(prov_id)); +} + +script:post-response { + const apiKey = res.getBody().apiKey.trim(); + if (apiKey) { + bru.setEnvVar("PROVIDER_IH_APIKEY", apiKey); + } + const stsSecret = res.getBody().clientSecret.trim(); + if (stsSecret) { + bru.setEnvVar("PROVIDER_STS_SECRET", stsSecret) + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru new file mode 100644 index 0000000000..67dc6c4baa --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/Get Provider DID Doc.bru @@ -0,0 +1,20 @@ +meta { + name: Get Provider DID Doc + type: http + seq: 2 +} + +get { + url: {{PROVIDER_IDHUB_DID_API}}/user/provider + body: none + auth: inherit +} + +headers { + Host: provider-idhub +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderCredential.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderCredential.bru new file mode 100644 index 0000000000..364ca2a4a6 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/RequestProviderCredential.bru @@ -0,0 +1,35 @@ +meta { + name: RequestProviderCredential + type: http + seq: 3 +} + +post { + url: {{PROVIDER_IDHUB_ID_API}}/v1alpha/participants/{{B64_PROV_ID}}/credentials/request + body: json + auth: none +} + +body:json { + { + "issuerDid": "{{ISS_ID}}", + "credentials": [{ + "format": "VC1_0_JWT", + "type": "MembershipCredential", + "id": "MC-Cred-Def" + }] + } +} + +script:pre-request { + const btoa = require("btoa"); + const prov_id = bru.getEnvVar("PROV_ID"); + bru.setEnvVar("B64_PROV_ID", btoa(prov_id)); + + req.setHeader("x-api-key", bru.getEnvVar("PROVIDER_IH_APIKEY")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/VaultSecret test.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/VaultSecret test.bru new file mode 100644 index 0000000000..03f3b64282 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/VaultSecret test.bru @@ -0,0 +1,20 @@ +meta { + name: VaultSecret test + type: http + seq: 5 +} + +get { + url: {{VAULTURL}}/v1/secret/data/providersecret + body: none + auth: inherit +} + +headers { + X-Vault-Token: vaultsecret0123456789 +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/VaultSecret.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/VaultSecret.bru new file mode 100644 index 0000000000..b05fd6d48a --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/VaultSecret.bru @@ -0,0 +1,28 @@ +meta { + name: VaultSecret + type: http + seq: 4 +} + +post { + url: {{VAULTURL}}/v1/secret/data/providersecret + body: json + auth: inherit +} + +headers { + X-Vault-Token: vaultsecret0123456789 +} + +body:json { + { + "data": { + "content": "{{PROVIDER_STS_SECRET}}" + } + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/folder.bru new file mode 100644 index 0000000000..59be3175bb --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Prepare Provider ID/folder.bru @@ -0,0 +1,13 @@ +meta { + name: Prepare Provider ID + seq: 3 +} + +auth { + mode: inherit +} + +docs { + The requests in this folder are necessary for creating the identity of the provider participant. + We are doing an initial registration at the identity hub. Then we take a look at the created DID document. Then we trigger a credential request toward the trusted issuer. And also, we are storing the STS secret that the identity hub gave us, at the vault. +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru new file mode 100644 index 0000000000..1cf237a75b --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Consumer Token.bru @@ -0,0 +1,35 @@ +meta { + name: Consumer Token + type: http + seq: 1 +} + +post { + url: {{CONSUMER_IDHUB_STS_API}}/token + body: formUrlEncoded + auth: inherit +} + +body:form-urlencoded { + grant_type: client_credentials + client_secret: {{CONSUMER_STS_SECRET}} + client_id: {{CONS_ID}} + audience: {{PROV_ID}} + bearer_access_scope: org.eclipse.tractusx.vc.type:MembershipCredential:read +} + +script:post-response { + const atob = require("atob"); + const accessToken = res.getBody().access_token.trim(); + const parts = accessToken.split("."); + const payload = atob(parts[1]); + const payloadObject = JSON.parse(payload); + const internalToken = payloadObject.token.trim(); + + bru.setEnvVar("cons_access_token", internalToken); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru new file mode 100644 index 0000000000..a8d2564895 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Get Credential.bru @@ -0,0 +1,43 @@ +meta { + name: Get Credential + type: http + seq: 3 +} + +post { + url: {{CONSUMER_IDHUB_CREDS_API}}/v1/participants/{{B64_CONS_ID}}/presentations/query + body: json + auth: bearer +} + +auth:bearer { + token: {{prov_access_token}} +} + +body:json { + { + "@context": [ + "https://w3id.org/tractusx-trust/v0.8", + "https://identity.foundation/presentation-exchange/submission/v1" + ], + "type": "PresentationQueryMessage", + "presentationDefinition": null, + "scope": [ + "org.eclipse.tractusx.vc.type:MembershipCredential:read" + ] + } +} + +tests { + test("contains presentation", function(){ + const presentation = res.getBody().presentation; + const isString = typeof(presentation) == "string"; + const success = isString && presentation.split(".").length == 3; + expect(success == true); + }) +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Provider Token.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Provider Token.bru new file mode 100644 index 0000000000..3ec92f6e2c --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/Provider Token.bru @@ -0,0 +1,30 @@ +meta { + name: Provider Token + type: http + seq: 2 +} + +post { + url: {{PROVIDER_IDHUB_STS_API}}/token + body: formUrlEncoded + auth: inherit +} + +body:form-urlencoded { + grant_type: client_credentials + client_secret: {{PROVIDER_STS_SECRET}} + client_id: {{PROV_ID}} + audience: {{CONS_ID}} + token: {{cons_access_token}} +} + +script:post-response { + const accessToken = res.getBody().access_token.trim(); + + bru.setEnvVar("prov_access_token", accessToken); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/folder.bru new file mode 100644 index 0000000000..5e25d1602e --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/Simulated DCP Flow/folder.bru @@ -0,0 +1,34 @@ +meta { + name: Simulated DCP Flow + seq: 5 +} + +auth { + mode: inherit +} + +docs { + This section is meant to show in principle, what happens during a DCP protocol validated interaction between two controlplanes. It also serves as a final test. If these requests do succeed, then we can be sure that all previous steps went well. + + Let's assume that the consumer intends to obtain the DSP catolog from the provider. + Then the consumer will request a self signed SI token from his own Identity-Hub's secure token service (STS), see the "Consumer Token" request. + + In that request body, the consumer informs the STS about the intended audience and the credential type he wants to show to the other side. + + In the request body, we should receive an access token in JWT format, the "consumer-access-token". + + Please feel free to decode the "consumer-access-token" with a tool of your choice and observe that token's payload. You will find, that this payload itself contains another JWT inside the "token" claim. + + The entire "consumer-access-token" will now be sent by the consumer-side-EDC to the provider-side-EDC via the "Authentication" header of a request to the according DSP-catolog request api endpoint. Since the "consumer-access-token" is signed with the consumer private key, the provider can now download the consumer's DID document, read the consumer's public key and use it to check that the JWT's signature is valid. + + We are not doing the signature check here in this small simulation, so let's just assume that it turned out positive. + + Now the provider wants to see, which credentials the consumer is going to show him. For that, he needs to retrieve it from the consumer's credential service. The URL can be found in the consumer's DID document. + + But first, he needs to talk to his own secure token service (STS). So he is unwrapping the "token" claim and sending it to his own STS, see the "Post Request Script" of the "Consumer Token" request and the request body in the "Provider Token" request. + + The response of the provider's STS will contain another access token, we are calling it "provider access token". This "provider access token" can now be attached as an "authorization" header to the provider's request to the consumer's credential service. + + The response of the consumer credential service contains the verifiable presentation, which itself now contains the verfiable credential, which the trusted issuer initially handed out to the consumer. + +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/folder.bru new file mode 100644 index 0000000000..9b98e35a2d --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/identities/folder.bru @@ -0,0 +1,8 @@ +meta { + name: identities + seq: 1 +} + +auth { + mode: inherit +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/CheckNegotiationResult.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/CheckNegotiationResult.bru new file mode 100644 index 0000000000..d475666650 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/CheckNegotiationResult.bru @@ -0,0 +1,25 @@ +meta { + name: CheckNegotiationResult + type: http + seq: 3 +} + +get { + url: {{CONSUMER_MANAGEMENT}}/v3/contractnegotiations/{{negotiation-id}} + body: none + auth: inherit +} + +headers { + Accept: application/json +} + +script:post-response { + const contractId = res.getBody()['contractAgreementId']; + bru.setEnvVar("contractId", contractId); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/Get EDR.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/Get EDR.bru new file mode 100644 index 0000000000..cc00b204b0 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/Get EDR.bru @@ -0,0 +1,25 @@ +meta { + name: Get EDR + type: http + seq: 5 +} + +get { + url: {{CONSUMER_MANAGEMENT}}/v3/edrs/{{transferId}}/dataaddress + body: none + auth: inherit +} + +headers { + Accept: application/json +} + +script:post-response { + const authToken = res.getBody().authorization; + bru.setEnvVar("pullSecret", authToken); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru new file mode 100644 index 0000000000..fa82fb9d44 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitPullTransfer.bru @@ -0,0 +1,35 @@ +meta { + name: InitPullTransfer + type: http + seq: 4 +} + +post { + url: {{CONSUMER_MANAGEMENT}}/v3/transferprocesses + body: json + auth: inherit +} + +body:json { + { + "@context": { + "edc": "https://w3id.org/edc/v0.0.1/ns/" + }, + "@type": "TransferRequestDto", + "protocol": "dataspace-protocol-http", + "contractId": "{{contractId}}", + "counterPartyAddress": "http://provider-controlplane:9020/dsp", + "connectorId": "{{PROV_ID}}", + "transferType": "HttpData-PULL" + } +} + +script:post-response { + const transferId = res.getBody()['@id']; + bru.setEnvVar("transferId", transferId); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru new file mode 100644 index 0000000000..b4cb6316a2 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/InitiateNegotiation.bru @@ -0,0 +1,47 @@ +meta { + name: InitiateNegotiation + type: http + seq: 2 +} + +post { + url: {{CONSUMER_MANAGEMENT}}/v3/contractnegotiations + body: json + auth: inherit +} + +headers { + Accept: application/json +} + +body:json { + { + "@context": { + "@vocab": "https://w3id.org/edc/v0.0.1/ns/", + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@type": "ContractRequest", + "counterPartyAddress": "http://provider-controlplane:9020/dsp", + "connectorId": "{{PROV_ID}}", + "protocol": "dataspace-protocol-http", + "policy": { + "@context": "http://www.w3.org/ns/odrl.jsonld", + "@id": "{{offerId}}", + "@type": "Offer", + "assigner": "{{PROV_ID}}", + "assignee": "{{CONS_ID}}", + "target": "assetId" + } + } +} + +script:post-response { + var x = res.getBody()['@id']; + console.log("id " + x); + bru.setEnvVar("negotiation-id", res.getBody()['@id']); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/PullAssetData.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/PullAssetData.bru new file mode 100644 index 0000000000..df33451a12 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/PullAssetData.bru @@ -0,0 +1,20 @@ +meta { + name: PullAssetData + type: http + seq: 6 +} + +get { + url: {{PROVIDER_DATAPLANE_PUBLIC}} + body: none + auth: inherit +} + +script:pre-request { + req.setHeader("Authorization", bru.getEnvVar("pullSecret")); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru new file mode 100644 index 0000000000..aab44ce5f5 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/RequestProviderCatalog.bru @@ -0,0 +1,34 @@ +meta { + name: RequestProviderCatalog + type: http + seq: 1 +} + +post { + url: {{CONSUMER_MANAGEMENT}}/v3/catalog/request + body: json + auth: inherit +} + +body:json { + { + "@context": { + "@vocab": "https://w3id.org/edc/v0.0.1/ns/" + }, + "counterPartyAddress": "http://provider-controlplane:9020/dsp", + "counterPartyId": "{{PROV_ID}}", + "protocol": "dataspace-protocol-http" + + } +} + +script:post-response { + const offerId = res.getBody()['dcat:dataset']['odrl:hasPolicy']['@id']; + + bru.setEnvVar("offerId", offerId); +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru new file mode 100644 index 0000000000..c54282bb58 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/consumer/folder.bru @@ -0,0 +1,20 @@ +meta { + name: consumer + seq: 2 +} + +auth { + mode: inherit +} + +docs { + Here, we are taking the role of the consumer participant. + + First, we inspect the providers catalog. There we should find the asset, that was prepared in the previous stage. + + Then we trigger a negotiation process, and check its (hopefully positive) outcome. + + After that, we initiate a transfer process based on the previously negotiated contract. In the following step, we retrieve the authorization token, which the provider will give us. + + And finally, we are using that token to get access to the data, that was placed inside the provider's asset. +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/folder.bru new file mode 100644 index 0000000000..d3bae9f5a8 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/folder.bru @@ -0,0 +1,11 @@ +meta { + name: transactions +} + +auth { + mode: inherit +} + +docs { + This section showcases the typical negotiation and transfer flows between EDC connectors. +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreateAsset.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreateAsset.bru new file mode 100644 index 0000000000..96a4953cee --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreateAsset.bru @@ -0,0 +1,35 @@ +meta { + name: CreateAsset + type: http + seq: 1 +} + +post { + url: {{PROVIDER_MANAGEMENT}}/v3/assets + body: json + auth: inherit +} + +body:json { + { + "@context": { + "@vocab": "https://w3id.org/edc/v0.0.1/ns/" + }, + "@id": "assetId", + "properties": { + "name": "product description", + "contenttype": "application/json" + }, + "dataAddress": { + "type": "HttpData", + "name": "Test asset", + "baseUrl": "https://jsonplaceholder.typicode.com/users", + "proxyPath": "true" + } + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreateContractDefinition.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreateContractDefinition.bru new file mode 100644 index 0000000000..e7b3b069fa --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreateContractDefinition.bru @@ -0,0 +1,28 @@ +meta { + name: CreateContractDefinition + type: http + seq: 3 +} + +post { + url: {{PROVIDER_MANAGEMENT}}/v3/contractdefinitions + body: json + auth: inherit +} + +body:json { + { + "@context": { + "@vocab": "https://w3id.org/edc/v0.0.1/ns/" + }, + "@id": "1", + "accessPolicyId": "aPolicy", + "contractPolicyId": "aPolicy", + "assetsSelector": [] + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreatePolicy.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreatePolicy.bru new file mode 100644 index 0000000000..ede9c2a378 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/CreatePolicy.bru @@ -0,0 +1,33 @@ +meta { + name: CreatePolicy + type: http + seq: 2 +} + +post { + url: {{PROVIDER_MANAGEMENT}}/v3/policydefinitions + body: json + auth: inherit +} + +body:json { + { + "@context": { + "@vocab": "https://w3id.org/edc/v0.0.1/ns/", + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@id": "aPolicy", + "policy": { + "@context": "http://www.w3.org/ns/odrl.jsonld", + "@type": "Set", + "permission": [], + "prohibition": [], + "obligation": [] + } + } +} + +settings { + encodeUrl: true + timeout: 0 +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru new file mode 100644 index 0000000000..8c38fee8f1 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/bruno/con-x-local-test/transactions/provider/folder.bru @@ -0,0 +1,12 @@ +meta { + name: provider + seq: 1 +} + +auth { + mode: inherit +} + +docs { + In this section we are creating a simple data asset on the provider side, i.e. we register an asset, create a policy- and a contract definition. +} diff --git a/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml b/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml new file mode 100644 index 0000000000..5be605c1d6 --- /dev/null +++ b/edc-controlplane/edc-controlplane-construct-x/local/docker-compose.yaml @@ -0,0 +1,378 @@ +services: + local-issuer-service: + container_name: local-issuer-service + image: issuerservice-dev:latest + pull_policy: missing + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + ports: + - "1044:1044" # debugger + - "10000:80" # did API -> / + - "10100:15151" # identity API -> /api/identity + - "10200:15152" # issueradmin API -> /api/issuer +# - "9292:9292" # sts API -> /api/sts +# - "8181:8181" # default API -> /api +# - "9999:9999" # statuslist API -> /statuslist +# - "13132:13132" # issuance API -> /api/issuance + + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:1044 + - edc.statuslist.callback.address=http://local-issuer-service:9999/statuslist + - edc.hostname=local-issuer-service + - edc.ih.issuer.dev.defaultconfig=/app/setup.json + - edc.issuer.issuance.send.retry.limit=0 + - edc.iam.did.web.use.https=false + - edc.ih.api.superuser.id=admin + - edc.ih.api.superuser.key=YWRtaW4.adminKey + - edc.issuer.statuslist.signing.key.alias=foo + - web.http.did.port=80 + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/iss_db + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/mc-cred-def.json:/app/setup.json + - ./additional_config/logging.properties:/app/logging.properties + networks: + - con-x-test-network + + shared-postgres: + container_name: shared-postgres + image: postgres:16.4-alpine + environment: + - POSTGRES_USER=admin + - POSTGRES_PASSWORD=password + volumes: + - ./additional_config/pg_init:/docker-entrypoint-initdb.d + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $${POSTGRES_USER} -h 127.0.0.1 || exit 1"] + interval: 3s + timeout: 3s + retries: 20 + networks: + - con-x-test-network + + shared-vault: + container_name: shared-vault + image: vault:1.13.3 + command: server -dev -dev-root-token-id=vaultsecret0123456789 -dev-listen-address=0.0.0.0:8200 + environment: + VAULT_ADDR: http://0.0.0.0:8200 + SKIP_SETCAP: true + SKIP_CHOWN: true + healthcheck: + test: ["CMD", "sh", "-c", "VAULT_ADDR=http://127.0.0.1:8200 vault status >/dev/null 2>&1"] + interval: 4s + timeout: 3s + retries: 20 + ports: + - "8200:8200" + networks: + - con-x-test-network + + vault-init: + container_name: vault-init + image: alpine:3.19 + depends_on: + shared-vault: + condition: service_healthy + environment: + VAULT_ADDR: http://shared-vault:8200 + VAULT_TOKEN: vaultsecret0123456789 + volumes: + - ./additional_config/vault-init.sh:/scripts/init.sh:ro + entrypoint: [ "sh", "-c", "apk add --no-check-certificate --no-cache curl jq openssl && sh /scripts/init.sh" ] + restart: "no" + networks: + - con-x-test-network + + consumer-idhub: + container_name: consumer-idhub + image: identityhub-dev:latest + pull_policy: missing + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + ports: + - "1045:1045" # debugger + - "20000:80" # did API -> / + - "20100:15151" # identity API -> /api/identity + - "20500:9292" # sts API -> /api/sts + - "20600:13131" # credentials API -> /api/credentials +# - "8181:8181" # default API -> /api +# - "9999:9999" # statuslist API -> /statuslist + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:1045 + - edc.hostname=consumer-idhub + - edc.iam.did.web.use.https=false + - edc.ih.api.superuser.id=admin + - edc.ih.api.superuser.key=YWRtaW4.adminKey + - web.http.did.port=80 + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/cons_ih_db + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/logging.properties:/app/logging.properties + networks: + - con-x-test-network + + provider-idhub: + container_name: provider-idhub + image: identityhub-dev:latest + pull_policy: missing + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + ports: + - "1046:1045" # debugger + - "21000:80" # did API -> / + - "21100:15151" # identity API -> /api/identity + - "21500:9292" # sts API -> /api/sts + - "21600:13131" # credentials API -> /api/credentials + # - "8181:8181" # default API -> /api + # - "9999:9999" # statuslist API -> /statuslist + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:1045 + - edc.hostname=provider-idhub + - edc.iam.did.web.use.https=false + - edc.ih.api.superuser.id=admin + - edc.ih.api.superuser.key=YWRtaW4.adminKey + - web.http.did.port=80 + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/prov_ih_db + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/logging.properties:/app/logging.properties + networks: + - con-x-test-network + + consumer-controlplane: + container_name: consumer-controlplane + image: con-x-controlplane-postgresql-hashicorp-vault:latest + pull_policy: missing + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 + - tx.edc.postgresql.migration.asset.enabled=false + - tx.edc.postgresql.migration.agreementbpns.enabled=false + - tx.edc.postgresql.migration.bpn.enabled=false + - tx.edc.postgresql.migration.contractdefinition.enabled=false + - tx.edc.postgresql.migration.contractnegotiation.enabled=false + - tx.edc.postgresql.migration.dataplaneinstance.enabled=false + - tx.edc.postgresql.migration.edr.enabled=false + - tx.edc.postgresql.migration.federatedcatalog.enabled=false + - tx.edc.postgresql.migration.jti-validation.enabled=false + - tx.edc.postgresql.migration.policy-monitor.enabled=false + - tx.edc.postgresql.migration.policy.enabled=false + - tx.edc.postgresql.migration.transferprocess.enabled=false + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer + - edc.iam.did.web.use.https=false + - edc.iam.sts.oauth.client.secret.alias=consumersecret + - edc.iam.credential.revocation.mimetype=application/json + - edc.iam.sts.oauth.token.url=http://consumer-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:consumer-idhub:user:consumer + - edc.iam.issuer.id=did:web:consumer-idhub:user:consumer + - web.http.port=9000 + - web.http.path=/api + - web.http.management.port=9010 + - web.http.management.path=/management + - web.http.protocol.port=9020 + - web.http.protocol.path=/dsp + - web.http.validation.port=9030 + - web.http.validation.path=/validation + - web.http.control.port=9050 + - web.http.control.path=/control + - edc.hostname=consumer-controlplane + - edc.participant.id=did:web:consumer-idhub:user:consumer + - edc.dsp.callback.address=http://consumer-controlplane:9020/dsp + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/cons_cpl + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/logging.properties:/app/dataspaceconnector-configuration.properties + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + entrypoint: [ "java", "-jar", "edc-runtime.jar", "--log-level=DEBUG" ] + ports: + - "5005:5005" # Debugger + - "29000:9000" # Default port + - "29010:9010" # Management API + - "29020:9020" # DSP API + networks: + - con-x-test-network + + consumer-dataplane: + container_name: consumer-dataplane + image: con-x-dataplane-postgresql-hashicorp-vault:latest + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 + - web.http.public.port=9500 + - web.http.public.path=/public + - web.http.management.port=9510 + - web.http.management.path=/management + - web.http.control.port=9550 + - web.http.control.path=/control + - edc.hostname=consumer-dataplane + - edc.dpf.selector.url=http://consumer-controlplane:9050/control/v1/dataplanes + - edc.data.plane.self.unregistration=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/cons_dpl + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.sql.schema.autocreate=true + - edc.transfer.proxy.token.signer.privatekey.alias=cons_priv + - edc.transfer.proxy.token.verifier.publickey.alias=cons_pub + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer + - edc.iam.did.web.use.https=false + - edc.iam.sts.oauth.client.secret.alias=consumersecret + - edc.iam.credential.revocation.mimetype=application/json + - edc.iam.sts.oauth.token.url=http://consumer-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:consumer-idhub:user:consumer + - edc.iam.issuer.id=did:web:consumer-idhub:user:consumer + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + entrypoint: [ "java", "-jar", "edc-runtime.jar", "--log-level=DEBUG" ] + ports: + - "5008:5005" # Debugger + - "9600:9500" # Public API + networks: + - con-x-test-network + + provider-controlplane: + container_name: provider-controlplane + image: con-x-controlplane-postgresql-hashicorp-vault:latest + pull_policy: missing + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 + - tx.edc.postgresql.migration.asset.enabled=false + - tx.edc.postgresql.migration.agreementbpns.enabled=false + - tx.edc.postgresql.migration.bpn.enabled=false + - tx.edc.postgresql.migration.contractdefinition.enabled=false + - tx.edc.postgresql.migration.contractnegotiation.enabled=false + - tx.edc.postgresql.migration.dataplaneinstance.enabled=false + - tx.edc.postgresql.migration.edr.enabled=false + - tx.edc.postgresql.migration.federatedcatalog.enabled=false + - tx.edc.postgresql.migration.jti-validation.enabled=false + - tx.edc.postgresql.migration.policy-monitor.enabled=false + - tx.edc.postgresql.migration.policy.enabled=false + - tx.edc.postgresql.migration.transferprocess.enabled=false + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer + - edc.iam.did.web.use.https=false + - edc.iam.sts.oauth.client.secret.alias=providersecret + - edc.iam.credential.revocation.mimetype=application/json + - edc.iam.sts.oauth.token.url=http://provider-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:provider-idhub:user:provider + - edc.iam.issuer.id=did:web:provider-idhub:user:provider + - web.http.port=9000 + - web.http.path=/api + - web.http.management.port=9010 + - web.http.management.path=/management + - web.http.protocol.port=9020 + - web.http.protocol.path=/dsp + - web.http.validation.port=9030 + - web.http.validation.path=/validation + - web.http.control.port=9050 + - web.http.control.path=/control + - edc.hostname=provider-controlplane + - edc.participant.id=did:web:provider-idhub:user:provider + - edc.dsp.callback.address=http://provider-controlplane:9020/dsp + - edc.sql.schema.autocreate=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/prov_cpl + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + volumes: + - ./additional_config/logging.properties:/app/dataspaceconnector-configuration.properties + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + entrypoint: [ "java", "-jar", "edc-runtime.jar", "--log-level=DEBUG" ] + ports: + - "5006:5005" # Debugger + - "39000:9000" # Default port + - "39010:9010" # Management API + - "39020:9020" # DSP API + + networks: + - con-x-test-network + + provider-dataplane: + container_name: provider-dataplane + image: con-x-dataplane-postgresql-hashicorp-vault:latest + environment: + - JAVA_TOOL_OPTIONS=-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 + - web.http.public.port=9500 + - web.http.public.path=/public + - web.http.management.port=9510 + - web.http.management.path=/management + - web.http.control.port=9550 + - web.http.control.path=/control + - edc.hostname=provider-dataplane + - edc.dpf.selector.url=http://provider-controlplane:9050/control/v1/dataplanes + - edc.data.plane.self.unregistration=true + - edc.datasource.default.url=jdbc:postgresql://shared-postgres:5432/prov_dpl + - edc.datasource.default.user=admin + - edc.datasource.default.password=password + - edc.sql.schema.autocreate=true + - edc.transfer.proxy.token.signer.privatekey.alias=prov_priv + - edc.transfer.proxy.token.verifier.publickey.alias=prov_pub + - edc.vault.hashicorp.url=http://shared-vault:8200 + - edc.vault.hashicorp.health.check.enabled=true + - edc.vault.hashicorp.token=vaultsecret0123456789 + - edc.iam.trusted-issuer.example.id=did:web:local-issuer-service:con-x-issuer + - edc.iam.did.web.use.https=false + - edc.iam.sts.oauth.client.secret.alias=providersecret + - edc.iam.credential.revocation.mimetype=application/json + - edc.iam.sts.oauth.token.url=http://provider-idhub:9292/api/sts/token + - edc.iam.sts.oauth.client.id=did:web:provider-idhub:user:provider + - edc.iam.issuer.id=did:web:provider-idhub:user:provider + + depends_on: + shared-postgres: + condition: service_healthy + shared-vault: + condition: service_healthy + entrypoint: [ "java", "-jar", "edc-runtime.jar", "--log-level=DEBUG" ] + ports: + - "5007:5005" # Debugger + - "9500:9500" # Public API + networks: + - con-x-test-network + +networks: + con-x-test-network: + name: con-x-test-network + driver: bridge \ No newline at end of file diff --git a/edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/README.md b/edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/README.md new file mode 100644 index 0000000000..b0595fdfcd --- /dev/null +++ b/edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/README.md @@ -0,0 +1,9 @@ +# con-x-dataplane-postgresql-hashicorp-vault Module + +## Building + +From the project root directory, run + +```shell +./gradlew :edc-dataplane:edc-dataplane-construct-x:con-x-dataplane-postgres-hashicorp-vault:dockerize +``` diff --git a/edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/build.gradle.kts b/edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/build.gradle.kts new file mode 100644 index 0000000000..d4248bb096 --- /dev/null +++ b/edc-dataplane/edc-dataplane-construct-x/con-x-dataplane-postgresql-hashicorp-vault/build.gradle.kts @@ -0,0 +1,57 @@ +/******************************************************************************** + * Copyright (c) 2022 Mercedes-Benz Tech Innovation GmbH + * Copyright (c) 2026 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) + * Copyright (c) 2021,2022 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ + +plugins { + `java-library` + id("application") + alias(libs.plugins.shadow) +} + +configurations.all { + exclude(group = "org.eclipse.edc", module = "data-plane-util") +} + +dependencies { + val edcVersion = "0.14.1" + val txVersion = "0.11.2" + implementation("org.eclipse.edc:dataplane-base-bom:$edcVersion") + implementation("org.eclipse.edc:dataplane-feature-sql-bom:${edcVersion}") + implementation("org.eclipse.edc:vault-hashicorp:${edcVersion}") + + implementation("org.eclipse.tractusx.edc:dataplane-public-api-v2:$txVersion") + implementation("org.eclipse.tractusx.edc:dataplane-util:${txVersion}") +} + + +tasks.withType { + mergeServiceFiles() + duplicatesStrategy = DuplicatesStrategy.INCLUDE + archiveFileName.set("con-x-dataplane-postgresql-hashicorp-vault.jar") + transform(com.github.jengelman.gradle.plugins.shadow.transformers.Log4j2PluginsCacheFileTransformer()) +} + +tasks.named("build") { + dependsOn(tasks.named("shadowJar")) +} + +application { + mainClass.set("org.eclipse.edc.boot.system.runtime.BaseRuntime") +} \ No newline at end of file diff --git a/settings.gradle.kts b/settings.gradle.kts index 92eba56924..3e3e63f26e 100644 --- a/settings.gradle.kts +++ b/settings.gradle.kts @@ -138,11 +138,13 @@ include(":edc-controlplane") include(":edc-controlplane:edc-controlplane-base") include(":edc-controlplane:edc-runtime-memory") include(":edc-controlplane:edc-controlplane-postgresql-hashicorp-vault") +include(":edc-controlplane:edc-controlplane-construct-x:con-x-controlplane-postgresql-hashicorp-vault") // modules for dataplane artifacts include(":edc-dataplane") include(":edc-dataplane:edc-dataplane-base") include(":edc-dataplane:edc-dataplane-hashicorp-vault") +include(":edc-dataplane:edc-dataplane-construct-x:con-x-dataplane-postgresql-hashicorp-vault") include(":samples:testing-with-mocked-connector")