From 3db608a01300c1f7b3bbdb42a2a106da4a17a9bb Mon Sep 17 00:00:00 2001 From: --show-origin Date: Tue, 29 Aug 2023 06:29:26 -0700 Subject: [PATCH 01/14] ci: local deployment squashed --- .../DataInjectionCommandLineRunner.java | 9 +- .../edc/logic/service/EdcAdapterService.java | 35 ++- .../resources/application-customer.properties | 1 + .../resources/application-supplier.properties | 1 + .../src/main/resources/application.properties | 1 + local/.env | 4 + local/.gitignore | 4 + local/INSTALL.md | 53 ++++ local/daps/config/clients.yml | 41 +++ local/daps/config/omejdn.yml | 19 ++ local/daps/config/plugins.yml | 9 + local/daps/config/scope_description.yml | 9 + local/daps/config/scope_mapping.yml | 4 + local/daps/config/webfinger.yml | 1 + local/daps/docker-compose.yaml | 39 +++ local/docker-compose.yaml | 233 ++++++++++++++++++ local/generate-keys.sh | 47 ++++ local/postgres/init-db.sql | 13 + local/restart.sh | 8 + .../config/customer/control-plane.properties | 93 +++++++ .../config/customer/data-plane.properties | 26 ++ .../config/default/logging.properties | 6 + .../config/default/opentelemetry.properties | 1 + .../config/supplier/control-plane.properties | 92 +++++++ .../config/supplier/data-plane.properties | 26 ++ local/tractus-x-edc/docker-compose.yaml | 42 ++++ local/vault/Dockerfile | 33 +++ local/vault/put-keys.sh | 29 +++ 28 files changed, 863 insertions(+), 16 deletions(-) create mode 100644 local/.env create mode 100644 local/.gitignore create mode 100644 local/INSTALL.md create mode 100755 local/daps/config/clients.yml create mode 100755 local/daps/config/omejdn.yml create mode 100755 local/daps/config/plugins.yml create mode 100755 local/daps/config/scope_description.yml create mode 100755 local/daps/config/scope_mapping.yml create mode 100755 local/daps/config/webfinger.yml create mode 100644 local/daps/docker-compose.yaml create mode 100644 local/docker-compose.yaml create mode 100644 local/generate-keys.sh create mode 100644 local/postgres/init-db.sql create mode 100644 local/restart.sh create mode 100644 local/tractus-x-edc/config/customer/control-plane.properties create mode 100644 local/tractus-x-edc/config/customer/data-plane.properties create mode 100644 local/tractus-x-edc/config/default/logging.properties create mode 100644 local/tractus-x-edc/config/default/opentelemetry.properties create mode 100644 local/tractus-x-edc/config/supplier/control-plane.properties create mode 100644 local/tractus-x-edc/config/supplier/data-plane.properties create mode 100644 local/tractus-x-edc/docker-compose.yaml create mode 100644 local/vault/Dockerfile create mode 100644 local/vault/put-keys.sh diff --git a/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java b/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java index 66ec01e7..e6effbbf 100644 --- a/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java +++ b/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java @@ -229,7 +229,8 @@ private void setupSupplierRole() { private Partner createAndGetCustomerPartner() { Partner customerPartnerEntity = new Partner( "Scenario Customer", - "http://sokrates-controlplane:8084/api/v1/ids", + //"http://sokrates-controlplane:8084/api/v1/ids", + "http://customer-control-plane:8184/api/v1/ids", "BPNL4444444444XX", "BPNS4444444444XX" ); @@ -248,7 +249,8 @@ private Partner createAndGetCustomerPartner() { private Partner createAndGetSupplierPartner() { Partner supplierPartnerEntity = new Partner( "Scenario Supplier", - "http://plato-controlplane:8084/api/v1/ids", + //"http://plato-controlplane:8084/api/v1/ids", + "http://supplier-control-plane:9184/api/v1/ids", "BPNL1234567890ZZ", "BPNS1234567890ZZ" ); @@ -315,7 +317,8 @@ private void createRequest() throws JsonProcessingException { messageHeader.setRespondAssetId("product-stock-response-api"); messageHeader.setContractAgreementId("some cid"); messageHeader.setSender("BPNL1234567890ZZ"); - messageHeader.setSenderEdc("http://plato-controlplane:8084/api/v1/ids"); + //messageHeader.setSenderEdc("http://plato-controlplane:8084/api/v1/ids"); + messageHeader.setSenderEdc("http://supplier-control-plane:9184/api/v1/ids"); messageHeader.setReceiver("BPNL4444444444XX"); messageHeader.setUseCase(DT_UseCaseEnum.PURIS); messageHeader.setCreationDate(new Date()); diff --git a/backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/service/EdcAdapterService.java b/backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/service/EdcAdapterService.java index 5267cd00..64d5ee65 100644 --- a/backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/service/EdcAdapterService.java +++ b/backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/logic/service/EdcAdapterService.java @@ -65,6 +65,12 @@ public class EdcAdapterService { @Value("${edc.controlplane.data.port}") private Integer dataPort; + /** + * Path to data management api + */ + @Value("${edc.controlplane.data.path}") + private String dataPath; + @Value("${edc.backend.url}") private String backendUrl; @@ -113,13 +119,13 @@ public boolean publishOrderAtEDC(String orderId) throws IOException { var policyBody = edcRequestBodyBuilder.buildPolicyRequestBody(orderId); var contractBody = edcRequestBodyBuilder.buildContractRequestBody(orderId); - var response = sendEdcRequest(assetBody, "/data/assets"); + var response = sendEdcRequest(assetBody, "/assets"); var success = response.isSuccessful(); response.body().close(); - response = sendEdcRequest(policyBody, "/data/policydefinitions"); + response = sendEdcRequest(policyBody, "/policydefinitions"); success &= response.isSuccessful(); response.body().close(); - response = sendEdcRequest(contractBody, "/data/contractdefinitions"); + response = sendEdcRequest(contractBody, "/contractdefinitions"); success &= response.isSuccessful(); response.body().close(); return success; @@ -146,15 +152,15 @@ public boolean publishAssetAtEDC(CreateAssetDto createAssetDto) throws IOExcepti JsonNode contractBody = edcRequestBodyBuilder.buildContractRequestBody(assetId); log.info(String.format("Contract Body: \n%s", contractBody.toPrettyString())); log.info(String.format("Asset Body: \n%s", assetBody.toPrettyString())); - var response = sendEdcRequest(assetBody, "/data/assets"); + var response = sendEdcRequest(assetBody, "/assets"); success &= response.isSuccessful(); log.info(String.format("Creation of asset was successfull: %b", success)); response.body().close(); - response = sendEdcRequest(policyBody, "/data/policydefinitions"); + response = sendEdcRequest(policyBody, "/policydefinitions"); log.info(String.format("Creation of policy was successfull: %b", response.isSuccessful())); success &= response.isSuccessful(); response.body().close(); - response = sendEdcRequest(contractBody, "/data/contractdefinitions"); + response = sendEdcRequest(contractBody, "/contractdefinitions"); success &= response.isSuccessful(); log.info(String.format("Created Contract Definition (%b) for Asset %s", response.isSuccessful(), objectMapper.writeValueAsString(createAssetDto))); @@ -188,6 +194,8 @@ public String getCatalog(String idsUrl, Optional> filterProp urlBuilder.scheme("http") .host(edcHost) .port(dataPort) + .addPathSegment("api") + .addPathSegment("v1") .addPathSegment("data") .addPathSegment("catalog") .addEncodedQueryParameter("providerUrl", idsUrl + "/data"); @@ -268,7 +276,7 @@ public String startNegotiation(String connectorAddress, var negotiationRequestBody = edcRequestBodyBuilder.buildNegotiationRequestBody(connectorAddress, contractDefinitionId, assetId); - var response = sendEdcRequest(negotiationRequestBody, "/data/contractnegotiations"); + var response = sendEdcRequest(negotiationRequestBody, "/contractnegotiations"); String stringData = response.body().string(); response.body().close(); return stringData; @@ -283,7 +291,7 @@ public String startNegotiation(String connectorAddress, * @throws IOException */ public String getNegotiationState(String negotiationId) throws IOException { - var response = sendEdcRequest("/data/contractnegotiations/" + negotiationId); + var response = sendEdcRequest("/contractnegotiations/" + negotiationId); String stringData = response.body().string(); response.body().close(); return stringData; @@ -305,7 +313,7 @@ public String startTransfer(String transferId, String orderId) throws IOException { var transferNode = edcRequestBodyBuilder.buildTransferRequestBody(transferId, connectorAddress, contractId, orderId); log.debug("TransferRequestBody:\n" + transferNode.toPrettyString()); - var response = sendEdcRequest(transferNode, "/data/transferprocess"); + var response = sendEdcRequest(transferNode, "/transferprocess"); String stringData = response.body().string(); response.body().close(); return stringData; @@ -320,7 +328,7 @@ public String startTransfer(String transferId, * @throws IOException */ public String getTransferState(String transferId) throws IOException { - var response = sendEdcRequest("/data/transferprocess/" + transferId); + var response = sendEdcRequest("/transferprocess/" + transferId); String stringData = response.body().string(); response.body().close(); return stringData; @@ -402,9 +410,9 @@ public Response sendEdcRequest(JsonNode requestBody, String urlSuffix) throws IO .header("X-Api-Key", edcApiKey) .header("Content-Type", "application/json") .post(RequestBody.create(MediaType.parse("application/json"), requestBody.toString())) - .url("http://" + edcHost + ":" + dataPort + urlSuffix) + .url("http://" + edcHost + ":" + dataPort + dataPath + urlSuffix) .build(); - + log.debug(String.format("Request send to url: %s", request.urlString())); log.debug(String.format("Request body of EDC Request: %s", requestBody)); return CLIENT.newCall(request).execute(); } @@ -422,7 +430,7 @@ public Response sendEdcRequest(String urlSuffix) throws IOException { Request request = new Request.Builder() .header("X-Api-Key", edcApiKey) .header("Content-Type", "application/json") - .url("http://" + edcHost + ":" + dataPort + urlSuffix) + .url("http://" + edcHost + ":" + dataPort + dataPath + urlSuffix) .build(); log.debug(String.format("Send Request to url: %s", request.urlString())); @@ -442,6 +450,7 @@ public Response sendEdcRequest(String urlSuffix) throws IOException { * @return the response from your dataplane */ public Response sendDataPullRequest(String url, String authKey, String authCode, String requestBodyString){ + log.debug(String.format("Sending proxy call to endpoint '%s' with auth key '%s' and auth code '%s' with request body '%s'", url, authKey, authCode, requestBodyString)); try { RequestBody requestBody = RequestBody.create(MediaType.parse("application/json"), requestBodyString); Request request = new Request.Builder() diff --git a/backend/src/main/resources/application-customer.properties b/backend/src/main/resources/application-customer.properties index cfd5825b..c0b2f2c0 100755 --- a/backend/src/main/resources/application-customer.properties +++ b/backend/src/main/resources/application-customer.properties @@ -16,6 +16,7 @@ spring.jpa.hibernate.ddl-auto=create server.servlet.context-path=${API_ROOTDIR:/catena} # EDC Config edc.controlplane.host=${EDC_CONTROLPLANE_HOST:192.168.49.2} +edc.controlplane.data.path=/api/v1/data edc.controlplane.data.port=${EDC_CONTROLPLANE_DATA_PORT:31944} edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password} diff --git a/backend/src/main/resources/application-supplier.properties b/backend/src/main/resources/application-supplier.properties index f7ce8784..b3e433a2 100644 --- a/backend/src/main/resources/application-supplier.properties +++ b/backend/src/main/resources/application-supplier.properties @@ -17,6 +17,7 @@ server.servlet.context-path=${API_ROOTDIR:/catena} # EDC Config edc.controlplane.host=${EDC_CONTROLPLANE_HOST:192.168.49.2} edc.controlplane.data.port=${EDC_CONTROLPLANE_DATA_PORT:32272} +edc.controlplane.data.path=/api/v1/data edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password} edc.applydataplaneworkaround=true diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index ea4ed486..434507c4 100755 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -19,6 +19,7 @@ server.servlet.context-path=${API_ROOTDIR:/catena} # EDC Config edc.controlplane.host=${EDC_CONTROLPLANE_HOST:172.17.0.2} edc.controlplane.data.port=${EDC_CONTROLPLANE_DATA_PORT:31960} +edc.controlplane.data.path=/api/v1/data edc.controlplane.key=${EDC_CONTROLPLANE_KEY:password} edc.backend.url=${EDC_BACKEND_URL:http://172.17.0.2:31048} minikube.ip=${MINIKUBE_IP:host.minikube.internal} diff --git a/local/.env b/local/.env new file mode 100644 index 00000000..55d5a53f --- /dev/null +++ b/local/.env @@ -0,0 +1,4 @@ +VAULT_DEV_ROOT_TOKEN_ID= +EDC_API_PW= +PG_USER= +PG_PW= diff --git a/local/.gitignore b/local/.gitignore new file mode 100644 index 00000000..d9f256bc --- /dev/null +++ b/local/.gitignore @@ -0,0 +1,4 @@ +*.key +*.cert +*.keys +local/.env diff --git a/local/INSTALL.md b/local/INSTALL.md new file mode 100644 index 00000000..3f746e48 --- /dev/null +++ b/local/INSTALL.md @@ -0,0 +1,53 @@ +# Initial Setup +1. generate keys +```shell +cd local +sh generate-keys.sh +>> outputs transportCertsSha256 +``` +2. update daps/config/clients.yaml with the respective transportCertsSha256 +3. define remaining secrets in .env +- set root token for vault instance VAULT_DEV_ROOT_TOKEN_ID (e.g. "4Ko6r3UcHM4dXnOGmPKTHds3") +- set password for edc control plane EDC_API_PW (e.g. "password") +- set user PG_USER and password PG_PW for postgres (e.g. "edc-pg-user" and "edc-pg-passw0rd") +- set vault secrets dir as mapped via volume (e.g. "/vault/secrets"/) + +# Start +```shell +cd local +docker-compose up + +# or use +sh restart.sh +``` + +## Notes on debugging + +### DAPS +The omejdn-daps does not provide any further logging configuration. +It may make sense to log the whole tokens or responses to decode the JWT or similar. + +Requires ruby, which can be installed on Ubuntu as follows: +```shell +sudo apt-get install ruby +``` + +Then download the respective [omejdn release](https://github.com/Fraunhofer-AISEC/omejdn-server/releases/tag/v1.7.1) and unzip it. +In the omejdn-server/omejdn.rb +- search for token POST endpoint ("endpoint '/token', ['POST'],") +- go to end of endpoint definition (most left-hand end) +- add your echo / log upfront the status codes return (e.g. "puts.response.compact.to_json") +- build the omejdn server +```shell +docker build -t omejdn-server:local +``` + +Finally update the ./daps/docker-compose.yaml to use this image instead. + +### Vault & Certs +When having problems with the certs or the vault, one need to delete the vault container. +Following script helps faster restarting +```shell +cd local +sh restart.sh +``` diff --git a/local/daps/config/clients.yml b/local/daps/config/clients.yml new file mode 100755 index 00000000..4ff70080 --- /dev/null +++ b/local/daps/config/clients.yml @@ -0,0 +1,41 @@ +--- +# Customer +- client_id: customer + name: customer + import_certfile: keys/clients/customer.cert + token_endpoint_auth_method: private_key_jwt + grant_types: client_credentials + scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL + attributes: + - key: idsc + value: IDS_CONNECTOR_ATTRIBUTES_ALL + - key: securityProfile + value: idsc:BASE_SECURITY_PROFILE + - key: referringConnector + value: http://customer-control-plane/ + - key: "@type" + value: ids:datPayload + - key: "@context" + value: https://w3id.org/idsa/contexts/context.jsonld + - key: transportCertsSha256 + value: ea3593699acad45973321dbe0011122fa965062ce68c0edcd7a8198d493be91d +# Supplier +- client_id: supplier + name: supplier + import_certfile: keys/clients/supplier.cert + token_endpoint_auth_method: private_key_jwt + grant_types: client_credentials + scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL + attributes: + - key: idsc + value: IDS_CONNECTOR_ATTRIBUTES_ALL + - key: securityProfile + value: idsc:BASE_SECURITY_PROFILE + - key: referringConnector + value: http://supplier-control-plane/ #TODO + - key: "@type" + value: ids:datPayload + - key: "@context" + value: https://w3id.org/idsa/contexts/context.jsonld + - key: transportCertsSha256 + value: 89ab21422a70a198bd891d03e165297ce930a766b0c7eee0e24adb5e9bc92115 diff --git a/local/daps/config/omejdn.yml b/local/daps/config/omejdn.yml new file mode 100755 index 00000000..09b7775c --- /dev/null +++ b/local/daps/config/omejdn.yml @@ -0,0 +1,19 @@ +--- +host: http://ids-daps:4567/ +path_prefix: '' +bind_to: 0.0.0.0 +allow_origin: "*" +issuer: http://ids-daps:4567/ +openid: false +accept_audience: idsc:IDS_CONNECTORS_ALL +default_audience: +- idsc:IDS_CONNECTORS_ALL +app_env: debug +environment: development +access_token: + expiration: 3600 + algorithm: RS256 +id_token: + expiration: 3600 + algorithm: RS256 +front_url: http://ids-daps:4567/ diff --git a/local/daps/config/plugins.yml b/local/daps/config/plugins.yml new file mode 100755 index 00000000..25672071 --- /dev/null +++ b/local/daps/config/plugins.yml @@ -0,0 +1,9 @@ +--- +plugins: + admin_api: + user_selfservice: + allow_deletion: false + allow_password_change: true + editable_attributes: [] + token_user_attributes: + skip_id_token: true diff --git a/local/daps/config/scope_description.yml b/local/daps/config/scope_description.yml new file mode 100755 index 00000000..012107ba --- /dev/null +++ b/local/daps/config/scope_description.yml @@ -0,0 +1,9 @@ +--- +omejdn:read: Read access to the Omejdn server API +omejdn:write: Write access to the Omejdn server API +omejdn:admin: Access to the Omejdn server admin API +profile: 'Standard profile claims (e.g.: Name, picture, website, gender, birthdate, + location)' +email: Email-Address +address: Address +phone: Phone-number diff --git a/local/daps/config/scope_mapping.yml b/local/daps/config/scope_mapping.yml new file mode 100755 index 00000000..3a92285b --- /dev/null +++ b/local/daps/config/scope_mapping.yml @@ -0,0 +1,4 @@ +--- +idsc:IDS_CONNECTOR_ATTRIBUTES_ALL: +- securityProfile +- referringConnector diff --git a/local/daps/config/webfinger.yml b/local/daps/config/webfinger.yml new file mode 100755 index 00000000..2fbf0ffd --- /dev/null +++ b/local/daps/config/webfinger.yml @@ -0,0 +1 @@ +--- {} diff --git a/local/daps/docker-compose.yaml b/local/daps/docker-compose.yaml new file mode 100644 index 00000000..d080c9ad --- /dev/null +++ b/local/daps/docker-compose.yaml @@ -0,0 +1,39 @@ +# +# Copyright (c) 2023 Volkswagen AG +# Copyright (c) 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +version: '1' +services: + omejdn-daps: + image: ghcr.io/fraunhofer-aisec/omejdn-server:1.7.1 + container_name: omejdn-daps + ports: + - 4567:4567 +# networks: +# - ids-network + environment: + OMEJDN_JWT_AUD_OVERRIDE: idsc:IDS_CONNECTORS_ALL + OMEJDN_PLUGINS: config/plugins.yml + volumes: + - ./config:/opt/config + - ./keys:/opt/keys/omejdn + +#networks: +# ids-network: +# driver: bridge diff --git a/local/docker-compose.yaml b/local/docker-compose.yaml new file mode 100644 index 00000000..9eae75ee --- /dev/null +++ b/local/docker-compose.yaml @@ -0,0 +1,233 @@ +# +# Copyright (c) 2023 Volkswagen AG +# Copyright (c) 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +version: '1' +services: + puris-frontend-customer: + image: puris-frontend:dev + container_name: customer-frontend + ports: + - 3000:8080 + environment: + - APP_NAME=PURIS Customer + - BACKEND_BASE_URL=http://localhost:8081/catena/ + puris-backend-customer: + image: puris-backend:dev + container_name: customer-backend + depends_on: + edc-customer-control-plane: + condition: service_started #service_healthy + #restart: true + ports: + - 8081:8081 # expose port of server.port + environment: + - server.port=8081 + - puris.demonstrator.role=customer + - edc.controlplane.host=customer-control-plane + - edc.controlplane.data.port=8181 + - edc.controlplane.data.path=/api/v1/data + - edc.controlplane.key=${EDC_API_PW} + - edc.dataplane.public.port=8285 # edc-customer-data-plane + - edc.applydataplaneworkaround=false + - edc.idsUrl=http://customer-control-plane:8184/api/v1/ids + - own.bpnl=BPNL4444444444XX + - own.bpns=BPNS4444444444XX + - edr.endpoint=http://customer-backend:8081/catena/edrendpoint + - request.serverendpoint=http://customer-backend:8081/catena/product-stock/request + - response.serverendpoint=http://customer-backend:8081/catena/product-stock/response + + edc-customer-control-plane: + extends: + file: ./tractus-x-edc/docker-compose.yaml + service: control-plane + container_name: customer-control-plane + depends_on: + omejdn-daps: + condition: service_started # has no health-check + vault: + condition: service_started # has no health-check, needs to run script to put secrets + postgres: + condition: service_started # has no health-check, needs to run db script to create edc tables + environment: + edc.vault.hashicorp.token: ${VAULT_DEV_ROOT_TOKEN_ID} + edc.api.auth.key: ${EDC_API_PW} + edc.datasource.asset.user: ${PG_USER} + edc.datasource.asset.password: ${PG_PW} + edc.datasource.contractdefinition.user: ${PG_USER} + edc.datasource.contractdefinition.password: ${PG_PW} + edc.datasource.contractnegotiation.user: ${PG_USER} + edc.datasource.contractnegotiation.password: ${PG_PW} + edc.datasource.policy.user: ${PG_USER} + edc.datasource.policy.password: ${PG_PW} + edc.datasource.transferprocess.user: ${PG_USER} + edc.datasource.transferprocess.password: ${PG_PW} + ports: + - 8180:8180 + - 8181:8181 + - 8182:8182 + - 8183:8183 + - 8184:8184 + volumes: + - ./tractus-x-edc/config/customer/control-plane.properties:/app/configuration.properties + + edc-customer-data-plane: + extends: + file: ./tractus-x-edc/docker-compose.yaml + service: data-plane + container_name: customer-data-plane + depends_on: + omejdn-daps: + condition: service_started # has no health-check + vault: + condition: service_started # has no health-check, needs to run script to put secrets + postgres: + condition: service_started # has no health-check, needs to run db script to create edc tables + ports: + - 8280:8280 + - 8285:8285 + environment: + edc.vault.hashicorp.token: ${VAULT_DEV_ROOT_TOKEN_ID} + volumes: + - ./tractus-x-edc/config/customer/data-plane.properties:/app/configuration.properties + + + omejdn-daps: + extends: + file: ./daps/docker-compose.yaml + service: omejdn-daps + container_name: omejdn-daps + volumes: + - ./vault/secrets/customer.cert:/opt/keys/clients/customer.cert:ro + - ./vault/secrets/supplier.cert:/opt/keys/clients/supplier.cert:ro + + vault: + build: ./vault + container_name: vault + ports: + - 8200:8200 + environment: + # token id may not contain prefix + VAULT_DEV_ROOT_TOKEN_ID: ${VAULT_DEV_ROOT_TOKEN_ID} + VAULT_ADDR: http://vault:8200 + VAULT_PUT_SECRETS_DIR: ${VAULT_SECRETS_DIR} + # ATTENTION: Non productive environment + SKIP_SETCAP: true + SKIP_CHOWN: true + volumes: + - ./vault/secrets:${VAULT_SECRETS_DIR} + + postgres: + image: postgres:alpine + container_name: postgres + environment: + POSTGRES_DB: edc + POSTGRES_USER: ${PG_USER} + POSTGRES_PASSWORD: ${PG_PW} + volumes: + # use docker-compose down --volumes to kill db volume + # only then, changes to the script are executed! + - ./postgres/init-db.sql:/docker-entrypoint-initdb.d/init-db.sql + + + puris-frontend-supplier: + image: puris-frontend:dev + container_name: supplier-frontend + ports: + - 3001:8080 + environment: + - APP_NAME=PURIS Customer + - BACKEND_BASE_URL=http://localhost:8082/catena/ + puris-backend-supplier: + image: puris-backend:dev + container_name: supplier-backend + depends_on: + edc-supplier-control-plane: + condition: service_started #service_healthy + ports: + - 8082:8082 + environment: + - server.port=8082 + - puris.demonstrator.role=supplier + - edc.controlplane.host=supplier-control-plane + - edc.controlplane.data.port=9181 + - edc.controlplane.data.path=/api/v1/data + - edc.controlplane.key=${EDC_API_PW} + - edc.dataplane.public.port=9285 + - edc.applydataplaneworkaround=false + - edc.idsUrl=http://supplier-control-plane:9184/api/v1/ids + - own.bpnl=BPNL1234567890ZZ + - own.bpns=BPNS1234567890ZZ + - edr.endpoint=http://supplier-backend:8082/catena/edrendpoint + - request.serverendpoint=http://supplier-backend:8082/catena/product-stock/request + - response.serverendpoint=http://supplier-backend:8082/catena/product-stock/response + + edc-supplier-control-plane: + extends: + file: ./tractus-x-edc/docker-compose.yaml + service: control-plane + container_name: supplier-control-plane + depends_on: + omejdn-daps: + condition: service_started # has no health-check + vault: + condition: service_started # has no health-check, needs to run script to put secrets + postgres: + condition: service_started # has no health-check, needs to run db script to create edc tables + ports: + - 9180:9180 + - 9181:9181 + - 9182:9182 + - 9183:9183 + - 9184:9184 + environment: + edc.vault.hashicorp.token: ${VAULT_DEV_ROOT_TOKEN_ID} + edc.api.auth.key: ${EDC_API_PW} + edc.datasource.asset.user: ${PG_USER} + edc.datasource.asset.password: ${PG_PW} + edc.datasource.contractdefinition.user: ${PG_USER} + edc.datasource.contractdefinition.password: ${PG_PW} + edc.datasource.contractnegotiation.user: ${PG_USER} + edc.datasource.contractnegotiation.password: ${PG_PW} + edc.datasource.policy.user: ${PG_USER} + edc.datasource.policy.password: ${PG_PW} + edc.datasource.transferprocess.user: ${PG_USER} + edc.datasource.transferprocess.password: ${PG_PW} + volumes: + - ./tractus-x-edc/config/supplier/control-plane.properties:/app/configuration.properties + + edc-supplier-data-plane: + extends: + file: ./tractus-x-edc/docker-compose.yaml + service: data-plane + container_name: supplier-data-plane + depends_on: + omejdn-daps: + condition: service_started # has no health-check + vault: + condition: service_started # has no health-check, needs to run script to put secrets + postgres: + condition: service_started # has no health-check, needs to run db script to create edc tables + ports: + - 9280:9280 + - 9285:9285 + environment: + edc.vault.hashicorp.token: ${VAULT_DEV_ROOT_TOKEN_ID} + volumes: + - ./tractus-x-edc/config/supplier/data-plane.properties:/app/configuration.properties diff --git a/local/generate-keys.sh b/local/generate-keys.sh new file mode 100644 index 00000000..356b2f78 --- /dev/null +++ b/local/generate-keys.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# generate .key .cert (asymmetric encryption) and .keys (data encryption edc) for customer and supplier +# generate .key .cert (asymmetric encryption) and .keys (data encryption edc) for daps + +# create folders, if not existing +mkdir -p ./vault/secrets +mkdir -p ./daps/keys + +echo "Creating customer key, cert, keys and SHA..." +CUSTOMER_CERT="./vault/secrets/customer.cert" +CUSTOMER_KEY="./vault/secrets/customer.key" +CUSTOMER_ENCRYPTION_KEYS="./vault/secrets/customer-encryption.keys" +openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $CUSTOMER_KEY -out $CUSTOMER_CERT +# EDC token encryption keys for edc-extensions/data-encryption +key1=`openssl rand -base64 16` +key2=`openssl rand -base64 24` +key3=`openssl rand -base64 32` +echo "${key1},${key2},${key3}" > $CUSTOMER_ENCRYPTION_KEYS + +CUSTOMER_CERT_SHA="$(openssl x509 -in "$CUSTOMER_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')" + +echo "Creating supplier key, cert, keys and SHA..." +SUPPLIER_CERT="./vault/secrets/supplier.cert" +SUPPLIER_KEY="./vault/secrets/supplier.key" +SUPPLIER_ENCRYPTION_KEYS="./vault/secrets/supplier-encryption.keys" +openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $SUPPLIER_KEY -out $SUPPLIER_CERT +# EDC token encryption keys for edc-extensions/data-encryption +key1=`openssl rand -base64 16` +key2=`openssl rand -base64 24` +key3=`openssl rand -base64 32` +echo "${key1},${key2},${key3}" > $SUPPLIER_ENCRYPTION_KEYS + + +SUPPLIER_CERT_SHA="$(openssl x509 -in "$SUPPLIER_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')" + +echo "Make sure to update the ./daps/config/clients.yml:" +echo "Customer.transportCertsSha256: $CUSTOMER_CERT_SHA" +echo "Supplier.transportCertsSha256: $SUPPLIER_CERT_SHA" + +# DAPS +echo "Creating daps key and cert..." +DAPS_CERT="./daps/keys/omejdn.cert" +DAPS_KEY="./daps/keys/omejdn.key" +openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $DAPS_KEY -out $DAPS_CERT + +# let everyone access the files so that the non-root user in vault container can put them +chmod -R 755 ./vault/secrets \ No newline at end of file diff --git a/local/postgres/init-db.sql b/local/postgres/init-db.sql new file mode 100644 index 00000000..743dfec5 --- /dev/null +++ b/local/postgres/init-db.sql @@ -0,0 +1,13 @@ +CREATE DATABASE "edc_customer_asset"; +CREATE DATABASE "edc_customer_contractdefinition"; +CREATE DATABASE "edc_customer_contractnegotiation"; +CREATE DATABASE "edc_customer_policy"; +CREATE DATABASE "edc_customer_transferprocess"; +--CREATE DATABASE "edc_customer_edrs"; + +CREATE DATABASE "edc_supplier_asset"; +CREATE DATABASE "edc_supplier_contractdefinition"; +CREATE DATABASE "edc_supplier_contractnegotiation"; +CREATE DATABASE "edc_supplier_policy"; +CREATE DATABASE "edc_supplier_transferprocess"; +--CREATE DATABASE "edc_supplier_edrs"; diff --git a/local/restart.sh b/local/restart.sh new file mode 100644 index 00000000..aef358d7 --- /dev/null +++ b/local/restart.sh @@ -0,0 +1,8 @@ +# restarts the docker-compose and kill images, that may need a full refresh + +docker-compose down + +# kill vault container that has been built with given secrets +docker image rm local-vault + +docker-compose up diff --git a/local/tractus-x-edc/config/customer/control-plane.properties b/local/tractus-x-edc/config/customer/control-plane.properties new file mode 100644 index 00000000..37b05dad --- /dev/null +++ b/local/tractus-x-edc/config/customer/control-plane.properties @@ -0,0 +1,93 @@ +# API +web.http.default.port=8180 +web.http.default.path=/api + +# MANAGEMENT (replaced data in 0.3.0) +web.http.management.port=8181 +web.http.management.path=/api/v1/data + +# CONTROL (replaced validation in 0.3.0) +web.http.control.port=8183 +web.http.control.path=/api/controlplane/control + +# PROTOCOL (replaced IDS in 0.3.0) +web.http.protocol.port=8184 +# note: EDC in this version appends a "data" per IDS protocol +# https://eclipse-edc.github.io/docs/#/submodule/Connector/docs/developer/decision-records/2022-11-09-api-refactoring/renaming +web.http.protocol.path=/api/v1/ids + +edc.ids.title=Customer EDC +edc.ids.description=Customer EDC Control Plane +edc.ids.id=urn:connector:customer-control-plane +edc.ids.security.profile=base +edc.ids.maintainer=http://customer-control-plane +edc.ids.curator=http://customer-control-plane +edc.ids.catalog.id=urn:catalog:default + +# /api/v1/ids is the default HTTP IDS path +ids.webhook.address=http://customer-control-plane:8184 + +edc.hostname=customer-control-plane + +# set via .env +#edc.api.auth.key=password + +# OAuth / DAPS related configuration +edc.ids.endpoint=http://customer-control-plane:8184/api/v1/ids +## this may relate to version > 0.1.3 +edc.oauth.endpoint.audience=http://customer-control-plane:8184/api/v1/ids/data +## starting from 0.4.0 with new protocol +#edc.oauth.endpoint.audience=http://consumer-control-plane:8184/api/v1/dsp +edc.oauth.token.url=http://omejdn-daps:4567/token +edc.oauth.client.id=customer +edc.oauth.provider.jwks.url=http://omejdn-daps:4567/jwks.json +edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL +edc.oauth.public.key.alias=customer-cert +edc.oauth.private.key.alias=customer-key +edc.ids.validation.referringconnector=false + +# HashiCorp vault related configuration +edc.vault.hashicorp.url=http://vault:8200 +# set via docker-compose .env +#edc.vault.hashicorp.token= +edc.vault.hashicorp.health.check.enabled=false + +# Data-Plane configuration +edc.transfer.proxy.endpoint=http://customer-data-plane:8285/api/public/ +edc.transfer.proxy.token.signer.privatekey.alias=customer-key +edc.transfer.proxy.token.verifier.publickey.alias=customer-cert + +# Data-Plane selector configuration +edc.dataplane.selector.edchttp.url=http://customer-data-plane:8299/api/dataplane/control +edc.dataplane.selector.edchttp.sourcetypes=HttpData +edc.dataplane.selector.edchttp.destinationtypes=HttpProxy +edc.dataplane.selector.edchttp.properties={"publicApiUrl" : "http://customer-data-plane:8285/api/public/"} + +# backend receiver for static Endpoint Data References +edc.receiver.http.endpoint=http://backend-app:8080 + +# Postgresql related configuration +edc.datasource.asset.name=asset +edc.datasource.asset.url=jdbc:postgresql://postgres:5432/edc_customer_asset +# edc.datasource.asset.user and edc.datasource.asset.password are set via .env +edc.datasource.contractdefinition.name=contractdefinition +edc.datasource.contractdefinition.url=jdbc:postgresql://postgres:5432/edc_customer_contractdefinition + +# edc.datasource.contractdefinition.user and edc.datasource.contractdefinition.password are set via .env +edc.datasource.contractnegotiation.name=contractnegotiation +edc.datasource.contractnegotiation.url=jdbc:postgresql://postgres:5432/edc_customer_contractnegotiation +# edc.datasource.contractnegotiation.user and edc.datasource.contractnegotiation.password are set via .env +edc.datasource.policy.name=policy +edc.datasource.policy.url=jdbc:postgresql://postgres:5432/edc_customer_policy +# edc.datasource.policy.user and edc.datasource.policy.password are set via .env +edc.datasource.transferprocess.name=transferprocess +edc.datasource.transferprocess.url=jdbc:postgresql://postgres:5432/edc_customer_transferprocess +# edc.datasource.transferprocess.user and edc.datasource.transferprocess.password are set via .env +# new in 0.4.x +#edc.datasource.edr.name=edr +#edc.datasource.edr.url=jdbc:postgresql://postgres:5432/edc_customer_edrs +# edc.datasource.edr.user and edc.datasource.edr.password are set via .env +#org.eclipse.tractusx.edc.postgresql.migration.edr.enabled=true + +# Data Encryption edc-extensions/data-encryption +edc.data.encryption.keys.alias=customer-encryption-keys diff --git a/local/tractus-x-edc/config/customer/data-plane.properties b/local/tractus-x-edc/config/customer/data-plane.properties new file mode 100644 index 00000000..a0aed114 --- /dev/null +++ b/local/tractus-x-edc/config/customer/data-plane.properties @@ -0,0 +1,26 @@ +# API +web.http.port=8280 +web.http.path=/api +# Public +web.http.public.port=8285 +web.http.public.path=/api/public +# Control +web.http.control.port=8299 +web.http.control.path=/api/dataplane/control + +# new in 0.3.3 - why do we need the management in a data plane? +web.http.management.port=8293 +web.http.management.path=/api/v1/data + +# Validation endpoint of controlplane +edc.dataplane.token.validation.endpoint=http://customer-control-plane:8183/api/controlplane/control/token + +# EDC hostname +edc.hostname=customer-data-plane + +# HashiCorp vault related configuration +edc.vault.hashicorp.url=http://vault:8200 +# set via docker-compose .env +#edc.vault.hashicorp.token= +#disable annoying logging - do we need this enabled? +edc.vault.hashicorp.health.check.enabled=false diff --git a/local/tractus-x-edc/config/default/logging.properties b/local/tractus-x-edc/config/default/logging.properties new file mode 100644 index 00000000..213edc48 --- /dev/null +++ b/local/tractus-x-edc/config/default/logging.properties @@ -0,0 +1,6 @@ +level=INFO +org.eclipse.edc.level=ALL +handlers=java.util.logging.ConsoleHandler +java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter +java.util.logging.ConsoleHandler.level=ALL +java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n diff --git a/local/tractus-x-edc/config/default/opentelemetry.properties b/local/tractus-x-edc/config/default/opentelemetry.properties new file mode 100644 index 00000000..aaaab2db --- /dev/null +++ b/local/tractus-x-edc/config/default/opentelemetry.properties @@ -0,0 +1 @@ +otel.javaagent.enabled=false \ No newline at end of file diff --git a/local/tractus-x-edc/config/supplier/control-plane.properties b/local/tractus-x-edc/config/supplier/control-plane.properties new file mode 100644 index 00000000..f0c60726 --- /dev/null +++ b/local/tractus-x-edc/config/supplier/control-plane.properties @@ -0,0 +1,92 @@ +# API +web.http.default.port=9180 +web.http.default.path=/api + +# MANAGEMENT (replaced data in 0.3.0) +web.http.management.port=9181 +web.http.management.path=/api/v1/data + +# CONTROL (replaced validation in 0.3.0) +web.http.control.port=9183 +web.http.control.path=/api/controlplane/control + +# PROTOCOL (replaced IDS in 0.3.0) +web.http.protocol.port=9184 +# note: EDC in this version appends a "data" per IDS protocol +# https://eclipse-edc.github.io/docs/#/submodule/Connector/docs/developer/decision-records/2022-11-09-api-refactoring/renaming +web.http.protocol.path=/api/v1/ids + +edc.ids.title=Supplier EDC +edc.ids.description=Supplier EDC Control Plane +edc.ids.id=urn:connector:supplier-control-plane +edc.ids.security.profile=base +edc.ids.maintainer=http://supplier-control-plane +edc.ids.curator=http://supplier-control-plane +edc.ids.catalog.id=urn:catalog:default + +# /api/v1/ids is the default HTTP IDS path +ids.webhook.address=http://supplier-control-plane:9184 + +edc.hostname=supplier-control-plane + +# set via .env +#edc.api.auth.key=password + +# OAuth / DAPS related configuration +edc.ids.endpoint=http://supplier-control-plane:9184/api/v1/ids +## this may relate to version > 0.1.3 +edc.oauth.endpoint.audience=http://supplier-control-plane:9184/api/v1/ids/data +## starting from 0.4.0 with new protocol +#edc.oauth.endpoint.audience=http://consumer-control-plane:9184/api/v1/dsp +edc.oauth.token.url=http://omejdn-daps:4567/token +edc.oauth.client.id=supplier +edc.oauth.provider.jwks.url=http://omejdn-daps:4567/jwks.json +edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL +edc.oauth.public.key.alias=supplier-cert +edc.oauth.private.key.alias=supplier-key +edc.ids.validation.referringconnector=false + +# HashiCorp vault related configuration +edc.vault.hashicorp.url=http://vault:8200 +# set via docker-compose .env +#edc.vault.hashicorp.token= +edc.vault.hashicorp.health.check.enabled=false + +# Data-Plane configuration +edc.transfer.proxy.endpoint=http://supplier-data-plane:9285/api/public/ +edc.transfer.proxy.token.signer.privatekey.alias=supplier-key +edc.transfer.proxy.token.verifier.publickey.alias=supplier-cert + +# Data-Plane selector configuration +edc.dataplane.selector.edchttp.url=http://supplier-data-plane:9299/api/dataplane/control +edc.dataplane.selector.edchttp.sourcetypes=HttpData +edc.dataplane.selector.edchttp.destinationtypes=HttpProxy +edc.dataplane.selector.edchttp.properties={"publicApiUrl" : "http://supplier-data-plane:9285/api/public/"} + +# puris backend receiver +edc.receiver.http.endpoint=http://backend-app:8080 + +# Postgresql related configuration +edc.datasource.asset.name=asset +edc.datasource.asset.url=jdbc:postgresql://postgres:5432/edc_supplier_asset +# edc.datasource.asset.user and edc.datasource.asset.password are set via .env +edc.datasource.contractdefinition.name=contractdefinition +edc.datasource.contractdefinition.url=jdbc:postgresql://postgres:5432/edc_supplier_contractdefinition +# edc.datasource.contractdefinition.user and edc.datasource.contractdefinition.password are set via .env +edc.datasource.contractnegotiation.name=contractnegotiation +edc.datasource.contractnegotiation.url=jdbc:postgresql://postgres:5432/edc_supplier_contractnegotiation +# edc.datasource.contractnegotiation.user and edc.datasource.contractnegotiation.password are set via .env +edc.datasource.policy.name=policy +edc.datasource.policy.url=jdbc:postgresql://postgres:5432/edc_supplier_policy +# edc.datasource.policy.user and edc.datasource.policy.password are set via .env +edc.datasource.transferprocess.name=transferprocess +edc.datasource.transferprocess.url=jdbc:postgresql://postgres:5432/edc_supplier_transferprocess +# edc.datasource.transferprocess.user and edc.datasource.transferprocess.password are set via .env +# new in 0.4.x +#edc.datasource.edr.name=edr +#edc.datasource.edr.url=jdbc:postgresql://postgres:5432/edc_supplier_edrs +# edc.datasource.edr.user and edc.datasource.edr.password are set via .env +#org.eclipse.tractusx.edc.postgresql.migration.edr.enabled=true + +# Data Encryption +edc.data.encryption.keys.alias=supplier-encryption-keys diff --git a/local/tractus-x-edc/config/supplier/data-plane.properties b/local/tractus-x-edc/config/supplier/data-plane.properties new file mode 100644 index 00000000..9b10f9cc --- /dev/null +++ b/local/tractus-x-edc/config/supplier/data-plane.properties @@ -0,0 +1,26 @@ +# API +web.http.port=9280 +web.http.path=/api +# Public +web.http.public.port=9285 +web.http.public.path=/api/public +# Control +web.http.control.port=9299 +web.http.control.path=/api/dataplane/control + +# new in 0.3.3 - why do we need the management in a data plane? +web.http.management.port=9293 +web.http.management.path=/api/v1/data + +# Validation endpoint of controlplane +edc.dataplane.token.validation.endpoint=http://supplier-control-plane:9183/api/controlplane/control/token + +# EDC hostname +edc.hostname=supplier-data-plane + +# HashiCorp vault related configuration +edc.vault.hashicorp.url=http://vault:8200 +# set via docker-compose .env +#edc.vault.hashicorp.token= +#disable annoying logging - do we need this enabled? +edc.vault.hashicorp.health.check.enabled=false diff --git a/local/tractus-x-edc/docker-compose.yaml b/local/tractus-x-edc/docker-compose.yaml new file mode 100644 index 00000000..2b629cc2 --- /dev/null +++ b/local/tractus-x-edc/docker-compose.yaml @@ -0,0 +1,42 @@ +# +# Copyright (c) 2023 Volkswagen AG +# Copyright (c) 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +version: "1" +services: + control-plane: + image: ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql-hashicorp-vault:0.3.0 + #ports: + # - "8180:8080" # default + # - "8184:8084" # ids + # - "8181:8081" # data management api - should be private later on + # - "8182:8082" # validation + #entrypoint: find startup information in product-edc/edc-controlplane/edc-controlplane-postgresql-hashicorp-vault/src/main/docker/Dockerfile + volumes: + - ./config/default/opentelemetry.properties:/app/opentelemetry.properties + - ./config/default/logging.properties:/app/logging.properties + + data-plane: + image: ghcr.io/catenax-ng/product-edc/edc-dataplane-hashicorp-vault:0.3.0 + ports: + # - "8080:8080" # default + # - "8185:8185" # public + volumes: + - ./config/default/opentelemetry.properties:/app/opentelemetry.properties + - ./config/default/logging.properties:/app/logging.properties diff --git a/local/vault/Dockerfile b/local/vault/Dockerfile new file mode 100644 index 00000000..ae5933fd --- /dev/null +++ b/local/vault/Dockerfile @@ -0,0 +1,33 @@ +# +# Copyright (c) 2023 Volkswagen AG +# Copyright (c) 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. (represented by Fraunhofer ISST) +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +FROM vault:1.12.2 + +RUN apk --no-cache add bash + +EXPOSE 8200 +COPY ./put-keys.sh /put-keys.sh + +RUN chmod 755 put-keys.sh #&& chmod -R 755 ./vault/secrets #&& /usr/sbin/setcap cap_ipc_lock=+ep /bin/vault + +# already is a non-root user +USER vault + +ENTRYPOINT exec "./put-keys.sh" diff --git a/local/vault/put-keys.sh b/local/vault/put-keys.sh new file mode 100644 index 00000000..acd3416e --- /dev/null +++ b/local/vault/put-keys.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +# enable job control (bg, fg) +set -m + +# start vault +docker-entrypoint.sh server -dev & + +echo "Environment Variable VAULT_ADDR=$VAULT_ADDR" + +echo "Trying to login..." +until vault login $VAULT_DEV_ROOT_TOKEN_ID +do + echo "Waiting for vault startup..." + sleep 1 +done + +echo "Adding customer certificates" +cat $VAULT_PUT_SECRETS_DIR/customer.key | vault kv put secret/customer-key content=- +cat $VAULT_PUT_SECRETS_DIR/customer.cert | vault kv put secret/customer-cert content=- +cat $VAULT_PUT_SECRETS_DIR/customer-encryption.keys | vault kv put secret/customer-encryption-keys content=- + +echo "Adding supplier certificates" +cat $VAULT_PUT_SECRETS_DIR/supplier.key | vault kv put secret/supplier-key content=- +cat $VAULT_PUT_SECRETS_DIR/supplier.cert | vault kv put secret/supplier-cert content=- +cat $VAULT_PUT_SECRETS_DIR/supplier-encryption.keys | vault kv put secret/supplier-encryption-keys content=- + +# and get the actual server process back to the foreground +fg %1 From 109dd0b1882043afadd4c59def7839819c2a5b80 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Tue, 29 Aug 2023 06:41:49 -0700 Subject: [PATCH 02/14] chore: added missing license header --- local/postgres/init-db.sql | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/local/postgres/init-db.sql b/local/postgres/init-db.sql index 743dfec5..ebf9ce5a 100644 --- a/local/postgres/init-db.sql +++ b/local/postgres/init-db.sql @@ -1,3 +1,25 @@ +/* + * Copyright (c) 2023 Volkswagen AG + * Copyright (c) 2023 Fraunhofer-Gesellschaft zur Foerderung der angewandten Forschung e.V. + * (represented by Fraunhofer ISST) + * Copyright (c) 2023 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + */ + CREATE DATABASE "edc_customer_asset"; CREATE DATABASE "edc_customer_contractdefinition"; CREATE DATABASE "edc_customer_contractnegotiation"; From fcabaa459c662998ed22a6b0eeb264c5d4eedc04 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Sun, 10 Sep 2023 22:55:22 -0700 Subject: [PATCH 03/14] fix: added missing env var --- local/.env | 1 + 1 file changed, 1 insertion(+) diff --git a/local/.env b/local/.env index 55d5a53f..dabd766a 100644 --- a/local/.env +++ b/local/.env @@ -2,3 +2,4 @@ VAULT_DEV_ROOT_TOKEN_ID= EDC_API_PW= PG_USER= PG_PW= +VAULT_SECRETS_DIR= From 5bdd921e00a8c5622ed58bbebf610d56c0518ec3 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 05:42:25 -0700 Subject: [PATCH 04/14] fix: wrong address given in data injection --- .../puris/backend/DataInjectionCommandLineRunner.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java b/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java index 94358f42..2001a75d 100644 --- a/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java +++ b/backend/src/main/java/org/eclipse/tractusx/puris/backend/DataInjectionCommandLineRunner.java @@ -99,7 +99,7 @@ public DataInjectionCommandLineRunner(ObjectMapper objectMapper) { @Override public void run(String... args) throws Exception { - createOwnPartnerEntity(); + //createOwnPartnerEntity(); log.info("Creating setup for " + demoRole.toUpperCase()); if (demoRole.equals("supplier")) { setupSupplierRole(); @@ -306,7 +306,7 @@ private Partner createAndGetCustomerPartner() { private Partner createAndGetSupplierPartner() { Partner supplierPartnerEntity = new Partner( "Scenario Supplier", - "http://supplier-control-plane:0184/api/v1/ids", + "http://supplier-control-plane:9184/api/v1/ids", "BPNL1234567890ZZ", "BPNS1234567890XY", "Konzernzentrale Dudelsdorf", From a1531d429f8bfe646cd67acd5c2dfb1e327ecd9c Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 05:48:12 -0700 Subject: [PATCH 05/14] chore: remove file --- local/generate-keys.sh | 47 ------------------------------------------ 1 file changed, 47 deletions(-) delete mode 100644 local/generate-keys.sh diff --git a/local/generate-keys.sh b/local/generate-keys.sh deleted file mode 100644 index 356b2f78..00000000 --- a/local/generate-keys.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -# generate .key .cert (asymmetric encryption) and .keys (data encryption edc) for customer and supplier -# generate .key .cert (asymmetric encryption) and .keys (data encryption edc) for daps - -# create folders, if not existing -mkdir -p ./vault/secrets -mkdir -p ./daps/keys - -echo "Creating customer key, cert, keys and SHA..." -CUSTOMER_CERT="./vault/secrets/customer.cert" -CUSTOMER_KEY="./vault/secrets/customer.key" -CUSTOMER_ENCRYPTION_KEYS="./vault/secrets/customer-encryption.keys" -openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $CUSTOMER_KEY -out $CUSTOMER_CERT -# EDC token encryption keys for edc-extensions/data-encryption -key1=`openssl rand -base64 16` -key2=`openssl rand -base64 24` -key3=`openssl rand -base64 32` -echo "${key1},${key2},${key3}" > $CUSTOMER_ENCRYPTION_KEYS - -CUSTOMER_CERT_SHA="$(openssl x509 -in "$CUSTOMER_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')" - -echo "Creating supplier key, cert, keys and SHA..." -SUPPLIER_CERT="./vault/secrets/supplier.cert" -SUPPLIER_KEY="./vault/secrets/supplier.key" -SUPPLIER_ENCRYPTION_KEYS="./vault/secrets/supplier-encryption.keys" -openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $SUPPLIER_KEY -out $SUPPLIER_CERT -# EDC token encryption keys for edc-extensions/data-encryption -key1=`openssl rand -base64 16` -key2=`openssl rand -base64 24` -key3=`openssl rand -base64 32` -echo "${key1},${key2},${key3}" > $SUPPLIER_ENCRYPTION_KEYS - - -SUPPLIER_CERT_SHA="$(openssl x509 -in "$SUPPLIER_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')" - -echo "Make sure to update the ./daps/config/clients.yml:" -echo "Customer.transportCertsSha256: $CUSTOMER_CERT_SHA" -echo "Supplier.transportCertsSha256: $SUPPLIER_CERT_SHA" - -# DAPS -echo "Creating daps key and cert..." -DAPS_CERT="./daps/keys/omejdn.cert" -DAPS_KEY="./daps/keys/omejdn.key" -openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $DAPS_KEY -out $DAPS_CERT - -# let everyone access the files so that the non-root user in vault container can put them -chmod -R 755 ./vault/secrets \ No newline at end of file From 53bbd2a1c7a7e7d86cc6a5d2a6b4fd2e3d8a4f7b Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 05:53:46 -0700 Subject: [PATCH 06/14] fix: added missing properties for frontend --- local/docker-compose.yaml | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/local/docker-compose.yaml b/local/docker-compose.yaml index 9eae75ee..708c3beb 100644 --- a/local/docker-compose.yaml +++ b/local/docker-compose.yaml @@ -28,13 +28,20 @@ services: environment: - APP_NAME=PURIS Customer - BACKEND_BASE_URL=http://localhost:8081/catena/ + - ENDPOINT_MATERIAL=stockView/materials + - ENDPOINT_PRODUCTS=stockView/products + - ENDPOINT_MATERIAL_STOCKS=stockView/material-stocks + - ENDPOINT_PRODUCT_STOCKS=stockView/product-stocks + - ENDPOINT_CUSTOMER=stockView/customer?ownMaterialNumber= + - ENDPOINT_PARTNER_PRODUCT_STOCKS=stockView/partner-product-stocks?ownMaterialNumber= + - ENDPOINT_UPDATE_PARTNER_PRODUCT_STOCK=stockView/update-partner-product-stock?ownMaterialNumber= + puris-backend-customer: image: puris-backend:dev container_name: customer-backend depends_on: edc-customer-control-plane: condition: service_started #service_healthy - #restart: true ports: - 8081:8081 # expose port of server.port environment: @@ -106,7 +113,6 @@ services: edc.vault.hashicorp.token: ${VAULT_DEV_ROOT_TOKEN_ID} volumes: - ./tractus-x-edc/config/customer/data-plane.properties:/app/configuration.properties - omejdn-daps: extends: @@ -116,7 +122,7 @@ services: volumes: - ./vault/secrets/customer.cert:/opt/keys/clients/customer.cert:ro - ./vault/secrets/supplier.cert:/opt/keys/clients/supplier.cert:ro - + vault: build: ./vault container_name: vault @@ -145,7 +151,6 @@ services: # only then, changes to the script are executed! - ./postgres/init-db.sql:/docker-entrypoint-initdb.d/init-db.sql - puris-frontend-supplier: image: puris-frontend:dev container_name: supplier-frontend @@ -154,6 +159,14 @@ services: environment: - APP_NAME=PURIS Customer - BACKEND_BASE_URL=http://localhost:8082/catena/ + - ENDPOINT_MATERIAL=stockView/materials + - ENDPOINT_PRODUCTS=stockView/products + - ENDPOINT_MATERIAL_STOCKS=stockView/material-stocks + - ENDPOINT_PRODUCT_STOCKS=stockView/product-stocks + - ENDPOINT_CUSTOMER=stockView/customer?ownMaterialNumber= + - ENDPOINT_PARTNER_PRODUCT_STOCKS=stockView/partner-product-stocks?ownMaterialNumber= + - ENDPOINT_UPDATE_PARTNER_PRODUCT_STOCK=stockView/update-partner-product-stock?ownMaterialNumber= + puris-backend-supplier: image: puris-backend:dev container_name: supplier-backend From 896a69ceab626a52d1ef2e293d369b01e961dbad Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 06:00:08 -0700 Subject: [PATCH 07/14] fix: corrected plural s typo for environment workaround --- frontend/.env.dockerbuild | 2 +- frontend/src/config.json | 2 +- local/docker-compose.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/frontend/.env.dockerbuild b/frontend/.env.dockerbuild index 01ac8990..41222c60 100644 --- a/frontend/.env.dockerbuild +++ b/frontend/.env.dockerbuild @@ -1,6 +1,6 @@ VITE_APP_NAME=\$APP_NAME VITE_BACKEND_BASE_URL=\$BACKEND_BASE_URL -VITE_ENDPOINT_MATERIALS=\$ENDPOINT_MATERIAL +VITE_ENDPOINT_MATERIALS=\$ENDPOINT_MATERIALS VITE_ENDPOINT_PRODUCTS=\$ENDPOINT_PRODUCTS VITE_ENDPOINT_MATERIAL_STOCKS=\$ENDPOINT_MATERIAL_STOCKS VITE_ENDPOINT_PRODUCT_STOCKS=\$ENDPOINT_PRODUCT_STOCKS diff --git a/frontend/src/config.json b/frontend/src/config.json index 789b0687..57ff88ae 100644 --- a/frontend/src/config.json +++ b/frontend/src/config.json @@ -1,7 +1,7 @@ { "APP_NAME": "$APP_NAME", "BACKEND_BASE_URL": "$BACKEND_BASE_URL", - "ENDPOINT_MATERIALS": "$ENDPOINT_MATERIAL", + "ENDPOINT_MATERIALS": "$ENDPOINT_MATERIALS", "ENDPOINT_PRODUCTS": "$ENDPOINT_PRODUCTS", "ENDPOINT_MATERIAL_STOCKS": "$ENDPOINT_MATERIAL_STOCKS", "ENDPOINT_PRODUCT_STOCKS": "$ENDPOINT_PRODUCT_STOCKS", diff --git a/local/docker-compose.yaml b/local/docker-compose.yaml index 708c3beb..f3a2c6b8 100644 --- a/local/docker-compose.yaml +++ b/local/docker-compose.yaml @@ -28,7 +28,7 @@ services: environment: - APP_NAME=PURIS Customer - BACKEND_BASE_URL=http://localhost:8081/catena/ - - ENDPOINT_MATERIAL=stockView/materials + - ENDPOINT_MATERIALS=stockView/materials - ENDPOINT_PRODUCTS=stockView/products - ENDPOINT_MATERIAL_STOCKS=stockView/material-stocks - ENDPOINT_PRODUCT_STOCKS=stockView/product-stocks @@ -159,7 +159,7 @@ services: environment: - APP_NAME=PURIS Customer - BACKEND_BASE_URL=http://localhost:8082/catena/ - - ENDPOINT_MATERIAL=stockView/materials + - ENDPOINT_MATERIALS=stockView/materials - ENDPOINT_PRODUCTS=stockView/products - ENDPOINT_MATERIAL_STOCKS=stockView/material-stocks - ENDPOINT_PRODUCT_STOCKS=stockView/product-stocks From 09f48c6688236e7d4c274bd9ef313f7f07d93e15 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 06:01:01 -0700 Subject: [PATCH 08/14] feat: added key generation --- local/generate-keys.sh | 47 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 local/generate-keys.sh diff --git a/local/generate-keys.sh b/local/generate-keys.sh new file mode 100644 index 00000000..a6178388 --- /dev/null +++ b/local/generate-keys.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# generate .key .cert (asymmetric encryption) and .keys (data encryption edc) for customer and supplier +# generate .key .cert (asymmetric encryption) and .keys (data encryption edc) for daps + +# create folders, if not existing +mkdir -p ./vault/secrets +mkdir -p ./daps/keys + +echo "Creating customer key, cert, keys and SHA..." +CUSTOMER_CERT="./vault/secrets/customer.cert" +CUSTOMER_KEY="./vault/secrets/customer.key" +CUSTOMER_ENCRYPTION_KEYS="./vault/secrets/customer-encryption.keys" +openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $CUSTOMER_KEY -out $CUSTOMER_CERT +# EDC token encryption keys for edc-extensions/data-encryption +key1=`openssl rand -base64 16` +key2=`openssl rand -base64 24` +key3=`openssl rand -base64 32` +echo "${key1},${key2},${key3}" > $CUSTOMER_ENCRYPTION_KEYS + +CUSTOMER_CERT_SHA="$(openssl x509 -in "$CUSTOMER_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')" + +echo "Creating supplier key, cert, keys and SHA..." +SUPPLIER_CERT="./vault/secrets/supplier.cert" +SUPPLIER_KEY="./vault/secrets/supplier.key" +SUPPLIER_ENCRYPTION_KEYS="./vault/secrets/supplier-encryption.keys" +openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $SUPPLIER_KEY -out $SUPPLIER_CERT +# EDC token encryption keys for edc-extensions/data-encryption +key1=`openssl rand -base64 16` +key2=`openssl rand -base64 24` +key3=`openssl rand -base64 32` +echo "${key1},${key2},${key3}" > $SUPPLIER_ENCRYPTION_KEYS + + +SUPPLIER_CERT_SHA="$(openssl x509 -in "$SUPPLIER_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')" + +echo "Make sure to update the ./daps/config/clients.yml:" +echo "Customer.transportCertsSha256: $CUSTOMER_CERT_SHA" +echo "Supplier.transportCertsSha256: $SUPPLIER_CERT_SHA" + +# DAPS +echo "Creating daps key and cert..." +DAPS_CERT="./daps/keys/omejdn.cert" +DAPS_KEY="./daps/keys/omejdn.key" +openssl req -newkey rsa:2048 -new -batch -nodes -x509 -days 3650 -text -keyout $DAPS_KEY -out $DAPS_CERT + +# let everyone access the files so that the non-root user in vault container can put them +chmod -R 755 ./vault/secrets From 49220c85f459147ca3c8a61dcad84d43c849bf60 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 06:04:31 -0700 Subject: [PATCH 09/14] feat: exclude vault Docker from release check --- .github/workflows/quality-checks.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index 6549c425..ec55a01d 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -30,3 +30,6 @@ jobs: name: Check quality guidelines uses: eclipse-tractusx/sig-infra/.github/workflows/reusable-quality-checks.yaml@main secrets: inherit + skipReleaseChecks: + alignedBaseImage: + - "local/vault/Dockerfile" From 7fba7dc3b045584ae9c3f083c3b084ce71efbde6 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 07:21:59 -0700 Subject: [PATCH 10/14] fix: exclude vault dockerfile from base image check --- .github/workflows/quality-checks.yml | 3 --- .tractusx | 3 +++ 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml index ec55a01d..6549c425 100644 --- a/.github/workflows/quality-checks.yml +++ b/.github/workflows/quality-checks.yml @@ -30,6 +30,3 @@ jobs: name: Check quality guidelines uses: eclipse-tractusx/sig-infra/.github/workflows/reusable-quality-checks.yaml@main secrets: inherit - skipReleaseChecks: - alignedBaseImage: - - "local/vault/Dockerfile" diff --git a/.tractusx b/.tractusx index b14cf437..6a3bf141 100644 --- a/.tractusx +++ b/.tractusx @@ -4,3 +4,6 @@ repositories: - name: "puris" usage: "PURIS Frontend and Backend Implementation" url: "https://github.com/eclipse-tractusx/puris" +skipReleaseChecks: + alignedBaseImage: + - "local/vault/Dockerfile" From a96353fb5a7a2f897da785098d334081a5f9fe4e Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 07:36:44 -0700 Subject: [PATCH 11/14] feat: set postgres to latest 15.4 alpine version --- local/docker-compose.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/local/docker-compose.yaml b/local/docker-compose.yaml index f3a2c6b8..8048da6f 100644 --- a/local/docker-compose.yaml +++ b/local/docker-compose.yaml @@ -140,7 +140,7 @@ services: - ./vault/secrets:${VAULT_SECRETS_DIR} postgres: - image: postgres:alpine + image: postgres:15.4-alpine container_name: postgres environment: POSTGRES_DB: edc From 7a442df14bb798b70b5343e0e2d343ac7bf7bba5 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 07:40:47 -0700 Subject: [PATCH 12/14] chore: updated dependencies for backend --- DEPENDENCIES_BACKEND | 2 +- backend/DEPENDENCIES | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/DEPENDENCIES_BACKEND b/DEPENDENCIES_BACKEND index 9b2fbc6b..9c8dc632 100644 --- a/DEPENDENCIES_BACKEND +++ b/DEPENDENCIES_BACKEND @@ -71,7 +71,7 @@ maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.1.0, Apache- maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.4, Apache-2.0, approved, #9341 -maven/mavencentral/org.springframework.boot/spring-boot-configuration-processor/3.1.4, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.springframework.boot/spring-boot-configuration-processor/3.1.4, Apache-2.0, approved, #11406 maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.4, Apache-2.0, approved, #9338 maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.1.4, Apache-2.0, approved, #9733 maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.1.4, Apache-2.0, approved, #9737 diff --git a/backend/DEPENDENCIES b/backend/DEPENDENCIES index 9b2fbc6b..9c8dc632 100644 --- a/backend/DEPENDENCIES +++ b/backend/DEPENDENCIES @@ -71,7 +71,7 @@ maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.1.0, Apache- maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.4, Apache-2.0, approved, #9341 -maven/mavencentral/org.springframework.boot/spring-boot-configuration-processor/3.1.4, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.springframework.boot/spring-boot-configuration-processor/3.1.4, Apache-2.0, approved, #11406 maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.4, Apache-2.0, approved, #9338 maven/mavencentral/org.springframework.boot/spring-boot-starter-data-jpa/3.1.4, Apache-2.0, approved, #9733 maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.1.4, Apache-2.0, approved, #9737 From 597dad0630e4f0f6bf5e0142fdf516ad96b5696d Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 3 Nov 2023 08:27:22 -0700 Subject: [PATCH 13/14] feat: updated to docker compose --- local/docker-compose.yaml | 2 +- local/restart.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/local/docker-compose.yaml b/local/docker-compose.yaml index 8048da6f..aa798c9d 100644 --- a/local/docker-compose.yaml +++ b/local/docker-compose.yaml @@ -18,7 +18,7 @@ # # SPDX-License-Identifier: Apache-2.0 # -version: '1' +version: '2' services: puris-frontend-customer: image: puris-frontend:dev diff --git a/local/restart.sh b/local/restart.sh index aef358d7..f8c5c3b3 100644 --- a/local/restart.sh +++ b/local/restart.sh @@ -1,8 +1,8 @@ # restarts the docker-compose and kill images, that may need a full refresh -docker-compose down +docker compose down # kill vault container that has been built with given secrets docker image rm local-vault -docker-compose up +docker compose up From 7fa8e1b0375339b7d98c6aa513406f95e2613f44 Mon Sep 17 00:00:00 2001 From: Malte Hellmeier Date: Fri, 3 Nov 2023 17:49:49 +0100 Subject: [PATCH 14/14] chore: fix local deployment setup --- local/INSTALL.md | 25 ++++++++++++------------- local/daps/docker-compose.yaml | 2 +- local/docker-compose.yaml | 6 +++--- local/tractus-x-edc/docker-compose.yaml | 4 ++-- 4 files changed, 18 insertions(+), 19 deletions(-) diff --git a/local/INSTALL.md b/local/INSTALL.md index 3f746e48..444e1561 100644 --- a/local/INSTALL.md +++ b/local/INSTALL.md @@ -1,25 +1,24 @@ # Initial Setup -1. generate keys +1. Generate keys ```shell cd local sh generate-keys.sh ->> outputs transportCertsSha256 ``` -2. update daps/config/clients.yaml with the respective transportCertsSha256 -3. define remaining secrets in .env -- set root token for vault instance VAULT_DEV_ROOT_TOKEN_ID (e.g. "4Ko6r3UcHM4dXnOGmPKTHds3") -- set password for edc control plane EDC_API_PW (e.g. "password") -- set user PG_USER and password PG_PW for postgres (e.g. "edc-pg-user" and "edc-pg-passw0rd") -- set vault secrets dir as mapped via volume (e.g. "/vault/secrets"/) +2. Define remaining secrets in `/local/.env` + - set root token for vault instance `VAULT_DEV_ROOT_TOKEN_ID` (e.g. "4Ko6r3UcHM4dXnOGmPKTHds3") + - set password for edc control plane `EDC_API_PW` (e.g. "password") + - set user `PG_USER` and password `PG_PW` for postgres (e.g. "edc-pg-user" and "edc-pg-passw0rd") + - set vault secrets dir as mapped via volume (e.g. `/vault/secrets/`) # Start ```shell -cd local docker-compose up - -# or use +``` +or use +``` sh restart.sh ``` +Wait for the startup and visit http://localhost:3000/ ## Notes on debugging @@ -33,7 +32,7 @@ sudo apt-get install ruby ``` Then download the respective [omejdn release](https://github.com/Fraunhofer-AISEC/omejdn-server/releases/tag/v1.7.1) and unzip it. -In the omejdn-server/omejdn.rb +In the `omejdn-server/omejdn.rb` - search for token POST endpoint ("endpoint '/token', ['POST'],") - go to end of endpoint definition (most left-hand end) - add your echo / log upfront the status codes return (e.g. "puts.response.compact.to_json") @@ -42,7 +41,7 @@ In the omejdn-server/omejdn.rb docker build -t omejdn-server:local ``` -Finally update the ./daps/docker-compose.yaml to use this image instead. +Finally update the `./daps/docker-compose.yaml` to use this image instead. ### Vault & Certs When having problems with the certs or the vault, one need to delete the vault container. diff --git a/local/daps/docker-compose.yaml b/local/daps/docker-compose.yaml index d080c9ad..ab43e3b2 100644 --- a/local/daps/docker-compose.yaml +++ b/local/daps/docker-compose.yaml @@ -18,7 +18,7 @@ # # SPDX-License-Identifier: Apache-2.0 # -version: '1' +version: "3" services: omejdn-daps: image: ghcr.io/fraunhofer-aisec/omejdn-server:1.7.1 diff --git a/local/docker-compose.yaml b/local/docker-compose.yaml index aa798c9d..5e8801e8 100644 --- a/local/docker-compose.yaml +++ b/local/docker-compose.yaml @@ -18,7 +18,7 @@ # # SPDX-License-Identifier: Apache-2.0 # -version: '2' +version: "3" services: puris-frontend-customer: image: puris-frontend:dev @@ -134,8 +134,8 @@ services: VAULT_ADDR: http://vault:8200 VAULT_PUT_SECRETS_DIR: ${VAULT_SECRETS_DIR} # ATTENTION: Non productive environment - SKIP_SETCAP: true - SKIP_CHOWN: true + SKIP_SETCAP: "true" + SKIP_CHOWN: "true" volumes: - ./vault/secrets:${VAULT_SECRETS_DIR} diff --git a/local/tractus-x-edc/docker-compose.yaml b/local/tractus-x-edc/docker-compose.yaml index 2b629cc2..88739817 100644 --- a/local/tractus-x-edc/docker-compose.yaml +++ b/local/tractus-x-edc/docker-compose.yaml @@ -18,7 +18,7 @@ # # SPDX-License-Identifier: Apache-2.0 # -version: "1" +version: "3" services: control-plane: image: ghcr.io/catenax-ng/product-edc/edc-controlplane-postgresql-hashicorp-vault:0.3.0 @@ -34,7 +34,7 @@ services: data-plane: image: ghcr.io/catenax-ng/product-edc/edc-dataplane-hashicorp-vault:0.3.0 - ports: + #ports: # - "8080:8080" # default # - "8185:8185" # public volumes: