From 622c9be6ba0a2f2d2f27e3c60697f5045cc66313 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 20 Sep 2023 14:47:17 +0200 Subject: [PATCH 01/15] - splitted MXD tutorial in multiple docs --- MXD_Introduction.md | 43 +++++++++++ MXD_dataexchange_tutorial1 | 151 +++++++++++++++++++++++++++++++++++++ 2 files changed, 194 insertions(+) create mode 100644 MXD_Introduction.md create mode 100644 MXD_dataexchange_tutorial1 diff --git a/MXD_Introduction.md b/MXD_Introduction.md new file mode 100644 index 00000000..68bccf34 --- /dev/null +++ b/MXD_Introduction.md @@ -0,0 +1,43 @@ +# 1 Introduction + +With the Minimum Tractus-X Dataspace, IT departments can set up their own little data space to perform a data exchange between two parties (Bob and Alice in our example). The MXD can be used as a sandbox for testing. + +For whom is that relevant? +This tutorial is designed for companies that want to perform data exchange in a "real" Catena-X data space infrastructure. + +Who should execute the tutorial? +IT-Employees with the following skills and previous experience: + +- Replace with skill 1 +- Replace with skill 2 +- Replace with skill 3 + +## 1.1 Components & Architecture + +By performing this tutorial a data space will be set up including the following components: + +- 2 EDC Connectors (Called Bob and Alice) +- 1 Managed Identity Wallet +- 1 Keycloak instance +- 1 Postgres data base + +## 1.2 Prerequisites + +In order to run the Minimum Tractus-X Dataspace "MXD" on your local machine, please make sure the following +preconditions are met. + +- Have a local Kubernetes runtime ready. We've tested this setup with [KinD](https://kind.sigs.k8s.io/), but other + runtimes such + as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. All following + instructions will assume KinD. +- Install [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli). +- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise +- basic knowledge about Helm and Kubernetes +- [Optional] a cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) +- [Optional] a graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). + Not mandatory of course, but all screenshots in this doc are created off of Lens. +- [Optional] a graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in + this guide are created off of PgAdmin. +- [Optional] a graphical tool to send REST requests, such as [Postman](https://www.postman.com/). This sample will + include Postman collections that can be imported. + \ No newline at end of file diff --git a/MXD_dataexchange_tutorial1 b/MXD_dataexchange_tutorial1 new file mode 100644 index 00000000..e425f388 --- /dev/null +++ b/MXD_dataexchange_tutorial1 @@ -0,0 +1,151 @@ +# Provide and consume data + +As described in the introduction, a data exchange between Bob (Data Provider) and Alice (Data Consumer) is to be tested. + +To maximize the benefit from this tutorial it is recommended to follow the tutorial in the given order. + +## Provide data + +In this step we will focus on inserting data into our participant Alice using +the [Management API](https://app.swaggerhub.com/apis/eclipse-edc-bot/management-api/0.1.4-SNAPSHOT). We will use plain +CLI tools (`curl`) for this, but feel free to use graphical tools such as Postman or Insomnia. + +Alice, as a data consumer, wants to consume data from Bob. Bob, as a data provider, needs to create an asset for Alice. The data asset should have the following properties: + +| ID | 1 | +|-------------|----------------------------------------------------------------------------------------------| +| Description | Tractus-X EDC Demo Asset | +| Type | HttpData | +| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/1) | + +Action (Bob): Create this asset using the following curl command: + +```shell +curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "asset": { + "properties": { + "asset:prop:id": "1", + "asset:prop:description": "Tractus-X EDC Demo Asset" + } + }, + "dataAddress": { + "properties": { + "type": "HttpData", + "baseUrl": "https://jsonplaceholder.typicode.com/todos/1" + } + } + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' +``` + +Bob tells Alice, that he created an asset, and she should now be able to request it. In the next step, Alice requests a contract offer catalog. In this catalog, all contract offers for Alice are listed. + +Action (Alice): Execute a request using the following curl commands: + +```shell +curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ + --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq +``` + +Let´s see if Alice can see the Asset. Can you find it? + +As you can see in the response, the data offer "Tractus-X EDC Demo Asset" does not appear. Unfortunately, Alice sees some contract offers but she cannot find the contract offer from Bob. + +Alice calls Bob and says she can´t see the asset. Bob remembers that he did not create an access policy. An access policy defines who is allowed to see a data offering. To create a policy that allows Alice to access the data offering, Bob needs Alice's Business Partner Number (BPN). Alice´s BPN is BPNL000000000001. + +Action (Bob): Create the access policy using the following curl command: + +```shell +{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@type": "PolicyDefinitionRequestDto", + "@id": "{{POLICY_ID}}", + "policy": { + "@type": "Policy", + "odrl:permission": [ + { + "odrl:action": "USE", + "odrl:constraint": { + "@type": "LogicalConstraint", + "odrl:and": + { + "@type": "Constraint", + "odrl:leftOperand": "BusinessPartnerNumber", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "{{BPN123}}" + }, + } + } + ] + } +} +``` + +Bob tells Alice that he has created the right policy. Let´s see if Alice can now find the data asset. Execute the request again using the following curl command: + +```shell +curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ + --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq +``` + +Let´s see if Alice can see the Asset. Can you find it? + +Once again Alice cannot find the data offer. This is by design and to be expected since Bob has only created an asset and a policy definition. An asset and a policy cannot be displayed to Alice as a consumer without a contract definition. +**This is the first lesson for this tutorial: A contract must be defined between two parties that want to exchange data. This contract must always contain an asset and a policy.** + +Add image showing that a conctract defiition consists of a data asset and a policy definition + +Action (Bob): Create a contract definition including the asset and the policy you have created. For this, use the following curl command: + +```shell +curl -X POST "${BOB_DATAMGMT_URL}/data/contractdefinitions" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "id": "1", + "criteria": [ + { + "operandLeft": "asset:prop:id", + "operator": "=", + "operandRight": "1" + } + ], + "accessPolicyId": "1", + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' +``` + +Let´s see if Alice can finally see the Asset. +action (Alice): Execute the request again using the following curl command: + +```shell +curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ + --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq +``` + +Finally Alice can see the Contract Offer from Bob. +Congratulations on yor first successful data exchange in your own data sapce! + +Before you start the next tutorial please delete all data: + +```shell +minikube kubectl -- delete pvc -n edc-all-in-one –all + +minikube kubectl -- delete pv -n edc-all-in-one --all +``` From 0dc584e609c60886c6720b75c9489a68abbdf21a Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 20 Sep 2023 14:47:46 +0200 Subject: [PATCH 02/15] - Added first MXD tutorial --- MXD_Setup.md | 189 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 189 insertions(+) create mode 100644 MXD_Setup.md diff --git a/MXD_Setup.md b/MXD_Setup.md new file mode 100644 index 00000000..3015da9c --- /dev/null +++ b/MXD_Setup.md @@ -0,0 +1,189 @@ +# Basic dataspace setup + +The "MXD" dataspace initially consists of several components: `Alice` and `Bob` (two Tractus-X EDC connectors), +a `vault` instance each, a Postgres database, a Managed Identity Wallet app, a Keycloak instance. `Alice` and `Bob` will +be our dataspace participants. Each of them stores their secrets in their "private" vault instance, and there is a +shared Postgres server, where each of them has a database. MIW and Keycloak are "central" components, they only exist +once and are accessible by all participants. + +For the most bare-bones installation of the dataspace, execute the following commands in a shell: + +```shell +kind create cluster -n mxd --config kind.config.yaml +# the next step is specific to KinD and will be different for other Kubernetes runtimes! +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml +# wait until the ingress controller is ready +kubectl wait --namespace ingress-nginx \ + --for=condition=ready pod \ + --selector=app.kubernetes.io/component=controller \ + --timeout=90s +cd +terraform init +terraform apply +# type "yes" and press enter when prompted to do so +``` + +Notice that the `kubectl apply` command deploys a Kubernetes Ingress Controller to the cluster and is required to reach +our applications from outside the cluster. Specifically, it deploys an NGINX ingress controller. Notice also, that the +command is *specific to KinD* and will likely not work on other Kubernetes runtimes (minikube, ...) or with other +ingress controllers! + +Wait. Then wait some more. It will take a couple of minutes until all services are booted up. If your machine is a +potato, it'll take even longer. Just get a coffee. Eventually, it should look similar to this: + +![img.png](assets/img.png) + +## Inspect terraform output + +After the `terraform` command has successfully completed, it will output a few configuration and setup values +that we will need in later steps. Please note that most values will be different on your local system. + +```shell +Outputs: + +alice-urls = { + "health" = "http://localhost/alice/health" + "management" = "http://localhost/alice/management/v2" +} +bob-node-ip = "10.96.248.22" +bob-urls = { + "health" = "http://localhost/bob/health" + "management" = "http://localhost/bob/management/v2" +} +connector1-aeskey = "R3BDWGF4SWFYZigmVj0oIQ==" +connector1-client-secret = "W3s1OikqRkxCbltfNDBmRg==" +connector2-aeskey = "JHJISjZAS0tSKlNYajJTZA==" +connector2-client-secret = "enFFUlkwQyZiJSRLQSohYg==" +keycloak-database-credentials = { + "database" = "miw" + "password" = "Tn*iwPEuCgO@d==R" + "user" = "miw_user" +} +keycloak-ip = "10.96.103.80" +miw-database-pwd = { + "database" = "keycloak" + "password" = "W:z)*mnHdy(DTV?+" + "user" = "keycloak_user" +} +postgres-url = "jdbc:postgresql://10.96.195.240:5432/" +``` + +## Inspect the databases + +Please be aware, that all services and applications that were deployed in the previous step, are **not** accessible from +outside the Kubernetes cluster. That means, for example, the Postgres database cannot be reached out-of-the-box. + +Naturally there are several ways to enable access to those services (Load balancers, Ingresses, etc.) but for the sake +of simplicity we will use a plain Kubernetes port-forwarding: + +```shell +kubectl port-forward postgres-5b788f6bdd-bvt9b 5432:5423 +``` + +> Note that the actual pod name will be slightly different in your local cluster. + +Then, using PgAdmin, connect to the Postgres server at `jdbc:postgresql://localhost:5432/` using `user=postgres` +and `password=postgres`: + +![img_1.png](assets/scr_pgadmin1.png) + +Every service in the cluster has their own database, but for the sake of simplicity, they are hosted in one Postgres +server. We will show in later sections, how the databases can be segregated out. Feel free to +inspect all the databases and tables, but there is not much data in there yet. There is just a few automatically seeded +assets, policies and contract definitions. + +## Verify your local installation + +In order to check that the connectors were deployed successfully, please execute the following commands in a shell: + +```shell +curl -X GET http://localhost/bob/health/api/check/liveness +curl -X GET http://localhost/alice/health/api/check/liveness +``` + +which should return something similar to this, the important part being the `isSystemHealthy: true` bit: + +```json +{ + "componentResults": [ + { + "failure": null, + "component": "Observability API", + "isHealthy": true + }, + { + "failure": null, + "component": null, + "isHealthy": true + } + ], + "isSystemHealthy": true +} +``` + +Once we've established the basic readiness of our connectors, we can move on to inspect a few data items: + +```shell +curl -X POST http://localhost/bob/management/v3/assets/request -H "x-api-key: password" -H "content-type: application/json" | jq +``` + +this queries the `/assets` endpoint returning the entire list of assets that `bob` currently maintains. You should see +something like + +```json +[ + { + "@id": "1", + "@type": "edc:Asset", + "edc:properties": { + "edc:description": "Product EDC Demo Asset 1", + "edc:id": "1" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:type": "HttpData", + "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } + }, + { + "@id": "2", + "@type": "edc:Asset", + "edc:properties": { + "edc:description": "Product EDC Demo Asset 2", + "edc:id": "2" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:type": "HttpData", + "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } + } +] +``` + +Note: the same thing can be done to inspect policies and contract definitions. The respective `curl` commands are: + +```shell +# policies: +curl -X POST http://localhost/bob/management/v2/policydefinitions/request -H "x-api-key: password" -H "content-type: application/json" | jq +# contract defs: +curl -X POST http://localhost/bob/management/v2/contractdefinitions/request -H "x-api-key: password" -H "content-type: application/json" | jq +``` + +Alternatively, please check out the [Postman collections here](./postman) From 5483a3edebeb416b575ce739553309a09ca4c5fe Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 20 Sep 2023 17:12:05 +0200 Subject: [PATCH 03/15] - Added the second MXD tutorial on access policies --- MXD_Access_policies_tutorial2.md | 110 +++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 MXD_Access_policies_tutorial2.md diff --git a/MXD_Access_policies_tutorial2.md b/MXD_Access_policies_tutorial2.md new file mode 100644 index 00000000..fe2990c4 --- /dev/null +++ b/MXD_Access_policies_tutorial2.md @@ -0,0 +1,110 @@ +# Restricting users from accessing an asset + +Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset. The data asset should have the following properties: + +| ID | 2 | +|-------------|----------------------------------------------------------------------------------------------| +| Description | Tractus-X EDC Demo Asset 2 | +| Type | HttpData | +| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/2) | + +Action (Bob): Create an asset using the following curl command: + +```shell +curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "asset": { + "properties": { + "asset:prop:id": "2", + "asset:prop:description": "Tractus-X EDC Demo Asset 2" + } + }, + "dataAddress": { + "properties": { + "type": "HttpData", + "baseUrl": "https://jsonplaceholder.typicode.com/todos/2" + } + } + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' +``` + +Now that the asset is created, a policy must be created to define who can access the asset . This time Bob does not want Alice to see and access the asset. So he defines a policy restricting Alice from accessing his asset. + +Action (Bob): Create the access policy using the following curl command: + +```shell +{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@type": "PolicyDefinitionRequestDto", + "@id": "{{POLICY_ID}}", + "policy": { + "@type": "Policy", + "odrl:permission": [ + { + "odrl:action": "USE", + "odrl:constraint": { + "@type": "LogicalConstraint", + "odrl:and": [ + { + "@type": "Constraint", + "odrl:leftOperand": "BusinessPartnerNumber", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "{{BPN6789}}" + } + ] + } + } + ] + } +} +``` + +Lastly, the asset and the access policy must be combined in a contract definition. +Action (Bob): Create a contract definition including the asset and the policy you´ve created. For this, use the following curl command: + +```shell +curl -X POST "${BOB_DATAMGMT_URL}/data/contractdefinitions" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "id": "1", + "criteria": [ + { + "operandLeft": "asset:prop:id", + "operator": "=", + "operandRight": "2" + } + ], + "accessPolicyId": "1", + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' +``` + +Let´s see if Alice can see the Asset. + +Action (Alice): Execute a request using the following curl command + +```shell +curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ + --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + -s | jq +``` + +Bob’s asset should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. + +Action: Before you start the next tutorial please delete all data: + +```shell +minikube kubectl -- delete pvc -n edc-all-in-one –all + +minikube kubectl -- delete pv -n edc-all-in-one --all +``` From 178712a0a44125306d338c9219eec73f994479be Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 20 Sep 2023 17:21:04 +0200 Subject: [PATCH 04/15] - added first draft of third tutorial --- MXD_usage_policies_tutorial3.md | 58 +++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 MXD_usage_policies_tutorial3.md diff --git a/MXD_usage_policies_tutorial3.md b/MXD_usage_policies_tutorial3.md new file mode 100644 index 00000000..e7d2cc32 --- /dev/null +++ b/MXD_usage_policies_tutorial3.md @@ -0,0 +1,58 @@ +# Restricting users from using an asset + +Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset. The data asset should have the following properties: + +| ID | 3 | +|-------------|----------------------------------------------------------------------------------------------| +| Description | Tractus-X EDC Demo Asset 3 | +| Type | HttpData | +| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/3) | + +Action (Bob): Create this asset using the following curl command: + +```shell +curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ + --header 'X-Api-Key: password' \ + --header 'Content-Type: application/json' \ + --data '{ + "asset": { + "properties": { + "asset:prop:id": "3", + "asset:prop:description": "Tractus-X EDC Demo Asset 3" + } + }, + "dataAddress": { + "properties": { + "type": "HttpData", + "baseUrl": "https://jsonplaceholder.typicode.com/todos/2" + } + } + }' \ + -s -o /dev/null -w 'Response Code: %{http_code}\n' +``` + +Now that the asset is created, Bob needs to create a policy specifying who can access and use the asset. Consequently, Bob has to create a combined policy enforcing usage and access control. + +Action (Bob): Create a policy restricting the access to the asset and the usage of the asset using a dismantler credential. + +Add curl command + +Action (Bob): Create the contract definition. + +Add curl command + +Alice wants to access the asset. Alice fetches catalog. + +Action (Alice): Fetch data catalog using cURL command: + +Add curl command + +Alice can access Bob’s asset. Following, Alice wants to consume the data offer and initiates the contract negotiation. + +Add curl command + +Unfortunately, the request fails. Alice does not have the necessary dismantler credential. + +As you can see in this section of the tutorial you can protect your offered data even beyond the access restriction. With a usage policy you are able to specify what the offered data can be used for, e.g. the traceability use case. + +ToDo: Positive outcome hier einfügen, Weg über das Erlangen des richtigen credentials. From 304b859078837ea8e328d673a1dee2f06bb363ef Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 20 Sep 2023 17:21:50 +0200 Subject: [PATCH 05/15] - defined the document format --- MXD_dataexchange_tutorial1 => MXD_dataexchange_tutorial1.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename MXD_dataexchange_tutorial1 => MXD_dataexchange_tutorial1.md (100%) diff --git a/MXD_dataexchange_tutorial1 b/MXD_dataexchange_tutorial1.md similarity index 100% rename from MXD_dataexchange_tutorial1 rename to MXD_dataexchange_tutorial1.md From 0938034cf07f3bb0aca91f36a1a64c8843f45636 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 27 Sep 2023 08:32:00 +0200 Subject: [PATCH 06/15] - added EDR API tutorial narrative --- MXD_EDR_API_tutorial4.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 MXD_EDR_API_tutorial4.md diff --git a/MXD_EDR_API_tutorial4.md b/MXD_EDR_API_tutorial4.md new file mode 100644 index 00000000..a07853ed --- /dev/null +++ b/MXD_EDR_API_tutorial4.md @@ -0,0 +1,27 @@ +# Exchange data using APIs + +In this tutorial Bob wants to consume data (asset name) from Alice. Bob as the data consumer requests a contract offer using the **management API**. + +| ID | 4 | +|-------------|----------------------------------------------------------------------------------------------| +| Description | Tractus-X EDC Second Asset with Access Policy | +| Type | HttpData | +| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/4) | + +Action (Bob): Request Alice's data asset (asset name) with the following postman prompt: + +```shell +@Code +``` + +Story: The data transfer is unsuccessful. @Hemant: Where can Bob see what happend? + +Action (Bob): Check logs/protocol/ transfer history + +```shell +@Code +``` + +Maybe add a first step where Alice creates a contract offer using (asset name) using postman. Start Bob's steps afterwards. Result: transfer failed. Analysis with postan possible? If so, state result. + +Show second option using EDR API to access the asset, combining the two steps of contract negotiation and transfer initiation. Process fails again, but EDR API shows what the problem is. Problem identified: data sink endpoint missing/wrong. Solution add the correct data sink endpoint, initiate transfer again. Recieve and display sent data. From b2f057b2a9205e0b5c2bcbb36a2a5b38a6c3791f Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 27 Sep 2023 11:14:47 +0200 Subject: [PATCH 07/15] - moved new MXD files to the correct folder --- .../MXD_Access_policies_tutorial2.md | 0 MXD_EDR_API_tutorial4.md => mxd/MXD_EDR_API_tutorial4.md | 0 MXD_Introduction.md => mxd/MXD_Introduction.md | 0 MXD_Setup.md => mxd/MXD_Setup.md | 0 .../MXD_dataexchange_tutorial1.md | 0 .../MXD_usage_policies_tutorial3.md | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename MXD_Access_policies_tutorial2.md => mxd/MXD_Access_policies_tutorial2.md (100%) rename MXD_EDR_API_tutorial4.md => mxd/MXD_EDR_API_tutorial4.md (100%) rename MXD_Introduction.md => mxd/MXD_Introduction.md (100%) rename MXD_Setup.md => mxd/MXD_Setup.md (100%) rename MXD_dataexchange_tutorial1.md => mxd/MXD_dataexchange_tutorial1.md (100%) rename MXD_usage_policies_tutorial3.md => mxd/MXD_usage_policies_tutorial3.md (100%) diff --git a/MXD_Access_policies_tutorial2.md b/mxd/MXD_Access_policies_tutorial2.md similarity index 100% rename from MXD_Access_policies_tutorial2.md rename to mxd/MXD_Access_policies_tutorial2.md diff --git a/MXD_EDR_API_tutorial4.md b/mxd/MXD_EDR_API_tutorial4.md similarity index 100% rename from MXD_EDR_API_tutorial4.md rename to mxd/MXD_EDR_API_tutorial4.md diff --git a/MXD_Introduction.md b/mxd/MXD_Introduction.md similarity index 100% rename from MXD_Introduction.md rename to mxd/MXD_Introduction.md diff --git a/MXD_Setup.md b/mxd/MXD_Setup.md similarity index 100% rename from MXD_Setup.md rename to mxd/MXD_Setup.md diff --git a/MXD_dataexchange_tutorial1.md b/mxd/MXD_dataexchange_tutorial1.md similarity index 100% rename from MXD_dataexchange_tutorial1.md rename to mxd/MXD_dataexchange_tutorial1.md diff --git a/MXD_usage_policies_tutorial3.md b/mxd/MXD_usage_policies_tutorial3.md similarity index 100% rename from MXD_usage_policies_tutorial3.md rename to mxd/MXD_usage_policies_tutorial3.md From d2f3638a2d5bf9ecae6e4126f30d140f8e71b912 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 4 Oct 2023 19:07:50 +0200 Subject: [PATCH 08/15] - Adopted new curl commands - restructured file naming --- ..._Introduction.md => 1_MXD_Introduction.md} | 0 mxd/{MXD_Setup.md => 2_MXD_Setup.md} | 89 ++++----- mxd/3.1_MXD_tutorial1_dataexchange.md | 171 ++++++++++++++++++ mxd/3.2_MXD_tutorial2_Access_policies.md | 119 ++++++++++++ ...md => 3.3_MXD_tutorial3_usage_policies.md} | 0 ...=> 3.4_MXD_tutorial4_EDR_API_tutorial4.md} | 0 mxd/MXD_Access_policies_tutorial2.md | 110 ----------- mxd/MXD_dataexchange_tutorial1.md | 151 ---------------- 8 files changed, 337 insertions(+), 303 deletions(-) rename mxd/{MXD_Introduction.md => 1_MXD_Introduction.md} (100%) rename mxd/{MXD_Setup.md => 2_MXD_Setup.md} (75%) create mode 100644 mxd/3.1_MXD_tutorial1_dataexchange.md create mode 100644 mxd/3.2_MXD_tutorial2_Access_policies.md rename mxd/{MXD_usage_policies_tutorial3.md => 3.3_MXD_tutorial3_usage_policies.md} (100%) rename mxd/{MXD_EDR_API_tutorial4.md => 3.4_MXD_tutorial4_EDR_API_tutorial4.md} (100%) delete mode 100644 mxd/MXD_Access_policies_tutorial2.md delete mode 100644 mxd/MXD_dataexchange_tutorial1.md diff --git a/mxd/MXD_Introduction.md b/mxd/1_MXD_Introduction.md similarity index 100% rename from mxd/MXD_Introduction.md rename to mxd/1_MXD_Introduction.md diff --git a/mxd/MXD_Setup.md b/mxd/2_MXD_Setup.md similarity index 75% rename from mxd/MXD_Setup.md rename to mxd/2_MXD_Setup.md index 3015da9c..731a3b82 100644 --- a/mxd/MXD_Setup.md +++ b/mxd/2_MXD_Setup.md @@ -9,6 +9,7 @@ once and are accessible by all participants. For the most bare-bones installation of the dataspace, execute the following commands in a shell: ```shell +cd kind create cluster -n mxd --config kind.config.yaml # the next step is specific to KinD and will be different for other Kubernetes runtimes! kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml @@ -17,7 +18,6 @@ kubectl wait --namespace ingress-nginx \ --for=condition=ready pod \ --selector=app.kubernetes.io/component=controller \ --timeout=90s -cd terraform init terraform apply # type "yes" and press enter when prompted to do so @@ -127,53 +127,58 @@ Once we've established the basic readiness of our connectors, we can move on to curl -X POST http://localhost/bob/management/v3/assets/request -H "x-api-key: password" -H "content-type: application/json" | jq ``` -this queries the `/assets` endpoint returning the entire list of assets that `bob` currently maintains. You should see +If you do not have access to the jq command line tool you can download it from this [link](https://jqlang.github.io/jq/download/). +This queries the `/assets` endpoint returning the entire list of assets that `bob` currently maintains. You should see something like ```json [ - { - "@id": "1", - "@type": "edc:Asset", - "edc:properties": { - "edc:description": "Product EDC Demo Asset 1", - "edc:id": "1" - }, - "edc:dataAddress": { - "@type": "edc:DataAddress", - "edc:type": "HttpData", - "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" - }, - "@context": { - "dct": "https://purl.org/dc/terms/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" - } - }, - { - "@id": "2", - "@type": "edc:Asset", - "edc:properties": { - "edc:description": "Product EDC Demo Asset 2", - "edc:id": "2" - }, - "edc:dataAddress": { - "@type": "edc:DataAddress", - "edc:type": "HttpData", - "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" + { + "@id": "1", + "@type": "edc:Asset", + "edc:properties": { + "edc:description": "Product EDC Demo Asset 1", + "edc:id": "1" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:proxyPath": "true", + "edc:type": "HttpData", + "edc:proxyQueryParams": "true", + "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } }, - "@context": { - "dct": "https://purl.org/dc/terms/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" + { + "@id": "2", + "@type": "edc:Asset", + "edc:properties": { + "edc:description": "Product EDC Demo Asset 2", + "edc:id": "2" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:proxyPath": "true", + "edc:type": "HttpData", + "edc:proxyQueryParams": "true", + "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } } - } ] ``` diff --git a/mxd/3.1_MXD_tutorial1_dataexchange.md b/mxd/3.1_MXD_tutorial1_dataexchange.md new file mode 100644 index 00000000..8a2a37c1 --- /dev/null +++ b/mxd/3.1_MXD_tutorial1_dataexchange.md @@ -0,0 +1,171 @@ +# Provide and consume data + +As described in the introduction, a data exchange between Bob (Data Provider) and Alice (Data Consumer) is to be tested. + +To maximize the benefit from this tutorial it is recommended to follow the tutorial in the given order. + +## Provide data + +In this step we will focus on inserting data into our participant Alice using +the [Management API](https://app.swaggerhub.com/apis/eclipse-edc-bot/management-api). We will use plain +CLI tools (`curl`) for this, but feel free to use graphical tools such as Postman or Insomnia. + +Alice, as a data consumer, wants to consume data from Bob. Bob, as a data provider, needs to create an asset for Alice. The data asset should have the following properties: + +| ID | 3 | +|-------------|----------------------------------------------------------------------------------------------| +| Description | Product EDC Demo Asset 3 | +| Type | HttpData | +| URL | [https://jsonplaceholder.typicode.com/todos/3](https://jsonplaceholder.typicode.com/todos/3) | + +Action (Bob): Create this asset using the following curl command: + +```shell +curl --location 'http://localhost/bob/management/v2/assets' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "asset": { + "@type": "Asset", + "@id": "3", + "properties": { + "description": "Product EDC Demo Asset 3" + } + }, + "dataAddress": { + "@type": "DataAddress", + "type": "HttpData", + "baseUrl": "https://jsonplaceholder.typicode.com/todos/3" + } +}' +``` + +Bob tells Alice, that he created an asset, and she should now be able to request it. In the next step, Alice requests a contract offer catalog. In this catalog, all contract offers for Alice are listed. + +Action (Alice): Execute a request using the following curl commands: + +```shell +curl --location 'http://localhost/alice/management/v2/catalog/request' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "protocol": "dataspace-protocol-http", + "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "querySpec": { + "offset": 0, + "limit": 100, + "filter": "", + "range": { + "from": 0, + "to": 100 + }, + "criterion": "" + } +}' +``` + +Let´s see if Alice can see the Asset (ID:3). Can you find it? + +As you can see in the response, the data offer "Product EDC Demo Asset 3" (asset ID:3) does not appear. Unfortunately, Alice sees some contract offers but she cannot find the contract offer from Bob. + +Alice calls Bob and says she can´t see the asset. Bob remembers that he did not create an access policy. An access policy defines who is allowed to see a data offering. + +Action (Bob): Create the access policy using the following curl command: + +```shell +curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@type": "PolicyDefinitionRequestDto", + "@id": "3", + "policy": { + "@type": "Policy" + } +}' +``` + +Bob tells Alice that he has created the right policy. Let´s see if Alice can now find the data asset. Execute the request again using the following curl command: + +```shell +curl --location 'http://localhost/alice/management/v2/catalog/request' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "protocol": "dataspace-protocol-http", + "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "querySpec": { + "offset": 0, + "limit": 100, + "filter": "", + "range": { + "from": 0, + "to": 100 + }, + "criterion": "" + } +}' +``` + +Let´s see if Alice can see the Asset. Can you find it? + +Once again Alice cannot find the data offer. This is by design and to be expected since Bob has only created an asset and a policy definition. An asset and a policy cannot be displayed to Alice as a consumer without a contract definition. +**This is the first lesson for this tutorial: A contract must be defined between two parties that want to exchange data. This contract must always contain an asset and a policy.** + +Add image showing that a conctract defiition consists of a data asset and a policy definition + +Action (Bob): Create a contract definition including the asset and the policy you have created. For this, use the following curl command: + +```shell +This is the correct curl + +curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "@id": "3", + "@type": "ContractDefinition", + "accessPolicyId": "3", + "contractPolicyId": "3", + "assetsSelector": { + "@type": "CriterionDto", + "operandLeft": "https://w3id.org/edc/v0.0.1/ns/id", + "operator": "=", + "operandRight": "3" + } +}' +``` + +Let´s see if Alice can finally see the Asset. +action (Alice): Execute the request again using the following curl command: + +```shell +curl --location 'http://localhost/alice/management/v2/catalog/request' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "protocol": "dataspace-protocol-http", + "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "querySpec": { + "offset": 0, + "limit": 100, + "filter": "", + "range": { + "from": 0, + "to": 100 + }, + "criterion": "" + } +}' +``` + +Finally Alice can see the Contract Offer from Bob. +Congratulations on yor first successful data exchange in your own data sapce! diff --git a/mxd/3.2_MXD_tutorial2_Access_policies.md b/mxd/3.2_MXD_tutorial2_Access_policies.md new file mode 100644 index 00000000..ca67a590 --- /dev/null +++ b/mxd/3.2_MXD_tutorial2_Access_policies.md @@ -0,0 +1,119 @@ +# Restricting users from accessing an asset + +Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset. The data asset should have the following properties: + +| ID | 4 | +|-------------|----------------------------------------------------------------------------------------------| +| Description | Product EDC Demo Asset 4 | +| Type | HttpData | +| URL | [https://jsonplaceholder.typicode.com/todos/4](https://jsonplaceholder.typicode.com/todos/4) | + +Action (Bob): Create an asset using the following curl command: + +```shell +curl --location 'http://localhost/bob/management/v2/assets' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "asset": { + "@type": "Asset", + "@id": "4", + "properties": { + "description": "Product EDC Demo Asset 4" + } + }, + "dataAddress": { + "@type": "DataAddress", + "type": "HttpData", + "baseUrl": "https://jsonplaceholder.typicode.com/todos/4" + } +}' +``` + +Now that the asset is created, a policy must be created to define who can access the asset . This time Bob does not want Alice to see and access the asset. So he defines a policy restricting Alice from accessing his asset. + +Action (Bob): Create the access policy using the following curl command: + +```shell +curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@type": "PolicyDefinitionRequestDto", + "@id": "4", + "policy": { + "@type": "Policy", + "odrl:permission": [ + { + "odrl:action": "USE", + "odrl:constraint": { + "@type": "LogicalConstraint", + "odrl:or": [ + { + "@type": "Constraint", + "odrl:leftOperand": "BusinessPartnerNumber", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "BPNL000000000001" + } + ] + } + } + ] + } +}' +``` + +Lastly, the asset and the access policy must be combined in a contract definition. +Action (Bob): Create a contract definition including the asset and the policy you´ve created. For this, use the following curl command: + +```shell +curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "@id": "4", + "@type": "ContractDefinition", + "accessPolicyId": "4", + "contractPolicyId": "4", + "assetsSelector" : { + "@type" : "CriterionDto", + "operandLeft": "https://w3id.org/edc/v0.0.1/ns/id", + "operator": "=", + "operandRight": "4" + } +}' +``` + +Let´s see if Alice can see the Asset. + +Action (Alice): Execute a request using the following curl command + +```shell +curl --location 'http://localhost/alice/management/v2/catalog/request' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "@context": {}, + "protocol": "dataspace-protocol-http", + "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "querySpec": { + "offset": 0, + "limit": 100, + "filter": "", + "range": { + "from": 0, + "to": 100 + }, + "criterion": "" + } +}' +``` + +Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. diff --git a/mxd/MXD_usage_policies_tutorial3.md b/mxd/3.3_MXD_tutorial3_usage_policies.md similarity index 100% rename from mxd/MXD_usage_policies_tutorial3.md rename to mxd/3.3_MXD_tutorial3_usage_policies.md diff --git a/mxd/MXD_EDR_API_tutorial4.md b/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md similarity index 100% rename from mxd/MXD_EDR_API_tutorial4.md rename to mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md diff --git a/mxd/MXD_Access_policies_tutorial2.md b/mxd/MXD_Access_policies_tutorial2.md deleted file mode 100644 index fe2990c4..00000000 --- a/mxd/MXD_Access_policies_tutorial2.md +++ /dev/null @@ -1,110 +0,0 @@ -# Restricting users from accessing an asset - -Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset. The data asset should have the following properties: - -| ID | 2 | -|-------------|----------------------------------------------------------------------------------------------| -| Description | Tractus-X EDC Demo Asset 2 | -| Type | HttpData | -| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/2) | - -Action (Bob): Create an asset using the following curl command: - -```shell -curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "asset": { - "properties": { - "asset:prop:id": "2", - "asset:prop:description": "Tractus-X EDC Demo Asset 2" - } - }, - "dataAddress": { - "properties": { - "type": "HttpData", - "baseUrl": "https://jsonplaceholder.typicode.com/todos/2" - } - } - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -Now that the asset is created, a policy must be created to define who can access the asset . This time Bob does not want Alice to see and access the asset. So he defines a policy restricting Alice from accessing his asset. - -Action (Bob): Create the access policy using the following curl command: - -```shell -{ - "@context": { - "odrl": "http://www.w3.org/ns/odrl/2/" - }, - "@type": "PolicyDefinitionRequestDto", - "@id": "{{POLICY_ID}}", - "policy": { - "@type": "Policy", - "odrl:permission": [ - { - "odrl:action": "USE", - "odrl:constraint": { - "@type": "LogicalConstraint", - "odrl:and": [ - { - "@type": "Constraint", - "odrl:leftOperand": "BusinessPartnerNumber", - "odrl:operator": { - "@id": "odrl:eq" - }, - "odrl:rightOperand": "{{BPN6789}}" - } - ] - } - } - ] - } -} -``` - -Lastly, the asset and the access policy must be combined in a contract definition. -Action (Bob): Create a contract definition including the asset and the policy you´ve created. For this, use the following curl command: - -```shell -curl -X POST "${BOB_DATAMGMT_URL}/data/contractdefinitions" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "id": "1", - "criteria": [ - { - "operandLeft": "asset:prop:id", - "operator": "=", - "operandRight": "2" - } - ], - "accessPolicyId": "1", - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -Let´s see if Alice can see the Asset. - -Action (Alice): Execute a request using the following curl command - -```shell -curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ - --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -Bob’s asset should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. - -Action: Before you start the next tutorial please delete all data: - -```shell -minikube kubectl -- delete pvc -n edc-all-in-one –all - -minikube kubectl -- delete pv -n edc-all-in-one --all -``` diff --git a/mxd/MXD_dataexchange_tutorial1.md b/mxd/MXD_dataexchange_tutorial1.md deleted file mode 100644 index e425f388..00000000 --- a/mxd/MXD_dataexchange_tutorial1.md +++ /dev/null @@ -1,151 +0,0 @@ -# Provide and consume data - -As described in the introduction, a data exchange between Bob (Data Provider) and Alice (Data Consumer) is to be tested. - -To maximize the benefit from this tutorial it is recommended to follow the tutorial in the given order. - -## Provide data - -In this step we will focus on inserting data into our participant Alice using -the [Management API](https://app.swaggerhub.com/apis/eclipse-edc-bot/management-api/0.1.4-SNAPSHOT). We will use plain -CLI tools (`curl`) for this, but feel free to use graphical tools such as Postman or Insomnia. - -Alice, as a data consumer, wants to consume data from Bob. Bob, as a data provider, needs to create an asset for Alice. The data asset should have the following properties: - -| ID | 1 | -|-------------|----------------------------------------------------------------------------------------------| -| Description | Tractus-X EDC Demo Asset | -| Type | HttpData | -| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/1) | - -Action (Bob): Create this asset using the following curl command: - -```shell -curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "asset": { - "properties": { - "asset:prop:id": "1", - "asset:prop:description": "Tractus-X EDC Demo Asset" - } - }, - "dataAddress": { - "properties": { - "type": "HttpData", - "baseUrl": "https://jsonplaceholder.typicode.com/todos/1" - } - } - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -Bob tells Alice, that he created an asset, and she should now be able to request it. In the next step, Alice requests a contract offer catalog. In this catalog, all contract offers for Alice are listed. - -Action (Alice): Execute a request using the following curl commands: - -```shell -curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ - --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -Let´s see if Alice can see the Asset. Can you find it? - -As you can see in the response, the data offer "Tractus-X EDC Demo Asset" does not appear. Unfortunately, Alice sees some contract offers but she cannot find the contract offer from Bob. - -Alice calls Bob and says she can´t see the asset. Bob remembers that he did not create an access policy. An access policy defines who is allowed to see a data offering. To create a policy that allows Alice to access the data offering, Bob needs Alice's Business Partner Number (BPN). Alice´s BPN is BPNL000000000001. - -Action (Bob): Create the access policy using the following curl command: - -```shell -{ - "@context": { - "odrl": "http://www.w3.org/ns/odrl/2/" - }, - "@type": "PolicyDefinitionRequestDto", - "@id": "{{POLICY_ID}}", - "policy": { - "@type": "Policy", - "odrl:permission": [ - { - "odrl:action": "USE", - "odrl:constraint": { - "@type": "LogicalConstraint", - "odrl:and": - { - "@type": "Constraint", - "odrl:leftOperand": "BusinessPartnerNumber", - "odrl:operator": { - "@id": "odrl:eq" - }, - "odrl:rightOperand": "{{BPN123}}" - }, - } - } - ] - } -} -``` - -Bob tells Alice that he has created the right policy. Let´s see if Alice can now find the data asset. Execute the request again using the following curl command: - -```shell -curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ - --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -Let´s see if Alice can see the Asset. Can you find it? - -Once again Alice cannot find the data offer. This is by design and to be expected since Bob has only created an asset and a policy definition. An asset and a policy cannot be displayed to Alice as a consumer without a contract definition. -**This is the first lesson for this tutorial: A contract must be defined between two parties that want to exchange data. This contract must always contain an asset and a policy.** - -Add image showing that a conctract defiition consists of a data asset and a policy definition - -Action (Bob): Create a contract definition including the asset and the policy you have created. For this, use the following curl command: - -```shell -curl -X POST "${BOB_DATAMGMT_URL}/data/contractdefinitions" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "id": "1", - "criteria": [ - { - "operandLeft": "asset:prop:id", - "operator": "=", - "operandRight": "1" - } - ], - "accessPolicyId": "1", - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -Let´s see if Alice can finally see the Asset. -action (Alice): Execute the request again using the following curl command: - -```shell -curl -G -X GET "${ALICE_DATAMGMT_URL}/data/catalog" \ - --data-urlencode "providerUrl=${BOB_IDS_URL}/api/v1/ids/data" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - -s | jq -``` - -Finally Alice can see the Contract Offer from Bob. -Congratulations on yor first successful data exchange in your own data sapce! - -Before you start the next tutorial please delete all data: - -```shell -minikube kubectl -- delete pvc -n edc-all-in-one –all - -minikube kubectl -- delete pv -n edc-all-in-one --all -``` From 5c18c2d4d3872fdbf82506b3e5de2863239e9019 Mon Sep 17 00:00:00 2001 From: jkbquabeck <139474964+jkbquabeck@users.noreply.github.com> Date: Thu, 5 Oct 2023 15:12:16 +0200 Subject: [PATCH 09/15] - refined wording and contents --- mxd/1_MXD_Introduction.md | 10 ++++------ mxd/2_MXD_Setup.md | 7 +++---- mxd/3.2_MXD_tutorial2_Access_policies.md | 6 +++--- 3 files changed, 10 insertions(+), 13 deletions(-) diff --git a/mxd/1_MXD_Introduction.md b/mxd/1_MXD_Introduction.md index 68bccf34..a89de927 100644 --- a/mxd/1_MXD_Introduction.md +++ b/mxd/1_MXD_Introduction.md @@ -8,9 +8,9 @@ This tutorial is designed for companies that want to perform data exchange in a Who should execute the tutorial? IT-Employees with the following skills and previous experience: -- Replace with skill 1 -- Replace with skill 2 -- Replace with skill 3 +- Beginner level docker and kubernetes +- Beginner level terraform +- Basic linux system commands ## 1.1 Components & Architecture @@ -27,9 +27,7 @@ In order to run the Minimum Tractus-X Dataspace "MXD" on your local machine, ple preconditions are met. - Have a local Kubernetes runtime ready. We've tested this setup with [KinD](https://kind.sigs.k8s.io/), but other - runtimes such - as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. All following - instructions will assume KinD. + runtimes such as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. All following instructions will assume KinD. - Install [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli). - a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise - basic knowledge about Helm and Kubernetes diff --git a/mxd/2_MXD_Setup.md b/mxd/2_MXD_Setup.md index 731a3b82..b2d8b29e 100644 --- a/mxd/2_MXD_Setup.md +++ b/mxd/2_MXD_Setup.md @@ -124,10 +124,9 @@ which should return something similar to this, the important part being the `isS Once we've established the basic readiness of our connectors, we can move on to inspect a few data items: ```shell -curl -X POST http://localhost/bob/management/v3/assets/request -H "x-api-key: password" -H "content-type: application/json" | jq +curl -X POST http://localhost/bob/management/v3/assets/request -H "x-api-key: password" -H "content-type: application/json" ``` -If you do not have access to the jq command line tool you can download it from this [link](https://jqlang.github.io/jq/download/). This queries the `/assets` endpoint returning the entire list of assets that `bob` currently maintains. You should see something like @@ -186,9 +185,9 @@ Note: the same thing can be done to inspect policies and contract definitions. T ```shell # policies: -curl -X POST http://localhost/bob/management/v2/policydefinitions/request -H "x-api-key: password" -H "content-type: application/json" | jq +curl -X POST http://localhost/bob/management/v2/policydefinitions/request -H "x-api-key: password" -H "content-type: application/json" # contract defs: -curl -X POST http://localhost/bob/management/v2/contractdefinitions/request -H "x-api-key: password" -H "content-type: application/json" | jq +curl -X POST http://localhost/bob/management/v2/contractdefinitions/request -H "x-api-key: password" -H "content-type: application/json" ``` Alternatively, please check out the [Postman collections here](./postman) diff --git a/mxd/3.2_MXD_tutorial2_Access_policies.md b/mxd/3.2_MXD_tutorial2_Access_policies.md index ca67a590..67f4fc71 100644 --- a/mxd/3.2_MXD_tutorial2_Access_policies.md +++ b/mxd/3.2_MXD_tutorial2_Access_policies.md @@ -31,7 +31,7 @@ curl --location 'http://localhost/bob/management/v2/assets' \ }' ``` -Now that the asset is created, a policy must be created to define who can access the asset . This time Bob does not want Alice to see and access the asset. So he defines a policy restricting Alice from accessing his asset. +Now that the asset is created, a policy must be created to define who can access the asset. This time Bob does not want Alice to see and access the asset. So he defines a policy not allowing Alice to access his asset. Action (Bob): Create the access policy using the following curl command: @@ -59,7 +59,7 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ "odrl:operator": { "@id": "odrl:eq" }, - "odrl:rightOperand": "BPNL000000000001" + "odrl:rightOperand": "BPNL000000000003" } ] } @@ -116,4 +116,4 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ }' ``` -Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. +Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. If Bob to enable Alice to see his asset, he can simply adjust the policy definition and add Alice BPN (BPNL000000000001) to the list of BPNs. From f98250bfac0add9b63c0d2203555499da18839cc Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Thu, 5 Oct 2023 15:22:50 +0200 Subject: [PATCH 10/15] - added a Notice section --- mxd/1_MXD_Introduction.md | 11 ++++++++++- mxd/2_MXD_Setup.md | 10 ++++++++++ mxd/3.1_MXD_tutorial1_dataexchange.md | 10 ++++++++++ mxd/3.2_MXD_tutorial2_Access_policies.md | 10 ++++++++++ mxd/3.3_MXD_tutorial3_usage_policies.md | 10 ++++++++++ mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md | 10 ++++++++++ 6 files changed, 60 insertions(+), 1 deletion(-) diff --git a/mxd/1_MXD_Introduction.md b/mxd/1_MXD_Introduction.md index a89de927..fe143a05 100644 --- a/mxd/1_MXD_Introduction.md +++ b/mxd/1_MXD_Introduction.md @@ -38,4 +38,13 @@ preconditions are met. this guide are created off of PgAdmin. - [Optional] a graphical tool to send REST requests, such as [Postman](https://www.postman.com/). This sample will include Postman collections that can be imported. - \ No newline at end of file + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023 sovity GmbH +- SPDX-FileCopyrightText: 2023 SAP SE +- SPDX-FileCopyrightText: 2023 msg systems AG +- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/2_MXD_Setup.md b/mxd/2_MXD_Setup.md index b2d8b29e..d74810f6 100644 --- a/mxd/2_MXD_Setup.md +++ b/mxd/2_MXD_Setup.md @@ -191,3 +191,13 @@ curl -X POST http://localhost/bob/management/v2/contractdefinitions/request -H " ``` Alternatively, please check out the [Postman collections here](./postman) + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023 sovity GmbH +- SPDX-FileCopyrightText: 2023 SAP SE +- SPDX-FileCopyrightText: 2023 msg systems AG +- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.1_MXD_tutorial1_dataexchange.md b/mxd/3.1_MXD_tutorial1_dataexchange.md index 8a2a37c1..eadab35d 100644 --- a/mxd/3.1_MXD_tutorial1_dataexchange.md +++ b/mxd/3.1_MXD_tutorial1_dataexchange.md @@ -169,3 +169,13 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ Finally Alice can see the Contract Offer from Bob. Congratulations on yor first successful data exchange in your own data sapce! + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023 sovity GmbH +- SPDX-FileCopyrightText: 2023 SAP SE +- SPDX-FileCopyrightText: 2023 msg systems AG +- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.2_MXD_tutorial2_Access_policies.md b/mxd/3.2_MXD_tutorial2_Access_policies.md index 67f4fc71..bf2e02b1 100644 --- a/mxd/3.2_MXD_tutorial2_Access_policies.md +++ b/mxd/3.2_MXD_tutorial2_Access_policies.md @@ -117,3 +117,13 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ ``` Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. If Bob to enable Alice to see his asset, he can simply adjust the policy definition and add Alice BPN (BPNL000000000001) to the list of BPNs. + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023 sovity GmbH +- SPDX-FileCopyrightText: 2023 SAP SE +- SPDX-FileCopyrightText: 2023 msg systems AG +- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.3_MXD_tutorial3_usage_policies.md b/mxd/3.3_MXD_tutorial3_usage_policies.md index e7d2cc32..553c47d6 100644 --- a/mxd/3.3_MXD_tutorial3_usage_policies.md +++ b/mxd/3.3_MXD_tutorial3_usage_policies.md @@ -56,3 +56,13 @@ Unfortunately, the request fails. Alice does not have the necessary dismantler c As you can see in this section of the tutorial you can protect your offered data even beyond the access restriction. With a usage policy you are able to specify what the offered data can be used for, e.g. the traceability use case. ToDo: Positive outcome hier einfügen, Weg über das Erlangen des richtigen credentials. + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023 sovity GmbH +- SPDX-FileCopyrightText: 2023 SAP SE +- SPDX-FileCopyrightText: 2023 msg systems AG +- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md b/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md index a07853ed..5ebda24c 100644 --- a/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md +++ b/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md @@ -25,3 +25,13 @@ Action (Bob): Check logs/protocol/ transfer history Maybe add a first step where Alice creates a contract offer using (asset name) using postman. Start Bob's steps afterwards. Result: transfer failed. Analysis with postan possible? If so, state result. Show second option using EDR API to access the asset, combining the two steps of contract negotiation and transfer initiation. Process fails again, but EDR API shows what the problem is. Problem identified: data sink endpoint missing/wrong. Solution add the correct data sink endpoint, initiate transfer again. Recieve and display sent data. + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2023 sovity GmbH +- SPDX-FileCopyrightText: 2023 SAP SE +- SPDX-FileCopyrightText: 2023 msg systems AG +- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) From b91bfe374800229c63dc9964a86d82f24d7af297 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Thu, 5 Oct 2023 15:47:32 +0200 Subject: [PATCH 11/15] - added image for contract definition --- mxd/3.1_MXD_tutorial1_dataexchange.md | 2 +- mxd/components_contract_definition.png | Bin 0 -> 14949 bytes 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 mxd/components_contract_definition.png diff --git a/mxd/3.1_MXD_tutorial1_dataexchange.md b/mxd/3.1_MXD_tutorial1_dataexchange.md index eadab35d..6fb2e7da 100644 --- a/mxd/3.1_MXD_tutorial1_dataexchange.md +++ b/mxd/3.1_MXD_tutorial1_dataexchange.md @@ -118,7 +118,7 @@ Let´s see if Alice can see the Asset. Can you find it? Once again Alice cannot find the data offer. This is by design and to be expected since Bob has only created an asset and a policy definition. An asset and a policy cannot be displayed to Alice as a consumer without a contract definition. **This is the first lesson for this tutorial: A contract must be defined between two parties that want to exchange data. This contract must always contain an asset and a policy.** -Add image showing that a conctract defiition consists of a data asset and a policy definition +![Contract Definition](components_contract_definition.png) Action (Bob): Create a contract definition including the asset and the policy you have created. For this, use the following curl command: diff --git a/mxd/components_contract_definition.png b/mxd/components_contract_definition.png new file mode 100644 index 0000000000000000000000000000000000000000..c3c067aeb4f48444c2c71d95742052bada42889b GIT binary patch literal 14949 zcmeHu2{_bm_cuyJB5NT_MaeoCBJ0>H+hE4NWEqTQXpEgGTO}k}BFiLge$Rc*x$krCbI#}7_iz=ir^P_WNk>6J z!EpABx*-JxB@#S$(e44iAvZ&9zz3z5p%#pyxPyC)f`T21(=f%k`#GZBP!s}EYFkeN zk`m4yUN`|Mbpc694L6iM4(ovdkAUv(;ed8Tqa3!zBqb!JL?IHQ5>Nz0NJ<5x zoS3YHocR{NtrH5ftw`4+0PW^xD)rt29Qr^pF!yA2uP}dXE(Gf3Vdjx>|H&`A`Vzv zUoo@?V3&l5$%sJ#NzEDS;SQKIArNUX2{EXw6jV%7S_+K(W~8PhR7^??0%%6Ij<#6z zFVm6jN8xOpwrp2Fi*%6C!5T`*V0{f?Zf16B-eh+H9v>9e3k@8$>As!G$pbilPt+FG z0p)|X2P=^jkkSy4Pz7V;A1O5lw5=1?)*ZZHY{5!5HNb%nMZto|8qnL0he)9y5;Ai3 zqNgNL_M$Qlc9NnJQjQQ&2viCsE8~cg06%}OeP<4LKP{}Sr?aky1Ii7kbnx4nM()(6 z1R(ft5uh?)M)IUi*gsAC8^H)2u)RLWww#kU+5zRYCA+;`oQH=S4(<7SqP+(O148O| zjJ8-TITAMQ-IjIqaN99GL7v$c11!g_dPw&%lmU^ce~M7!;dnr&7uXIl`mTbegXzi!`_gLmAF_3!`_{j$5i z4(~9z`>CPa$h)xP;q7@q)cy0a+m7?J#r`Sh{%_QYx|#S&IXRm8K}=lLWqox_bmb5` zap+^~=DqE90ZAD*U?|KJSmA~9-`)+G3*Kb&VeYnACp1U}RS8cJXWOr$I1f)ilHMfY zP<}X3TQ{^5nadum9EAmpn^Xssy$9A7x0y?-V0%zlH#FE9a*f#051yRJ^X#m`Zik@e zfx%&IL6}KOsG}Uw81$x^?X?2;{)ur%63~DNzt`rB{d3AcW2GC)5iCvh)TWt0(Y8x= zRI1zJKrxh1_3}c2Rc<-)j~4N7obnf^czU>@?fw6FUUJg^ww02gp5f3S&s4WINquwo zVB1@!zGWrM18_OIZRQ356F0CWj$jA2s{{npxy^S?TX(b@xxSo1x%r^TTET!b&K>Zp zL%^f2Ga837^0WoDQA*txlqo>l%6{@9P}`;I4+4FY^tZF^x17^L0T{qxf%OvG8l`0= zwx-#xeNr;p@4mlOk{z1!FGWOdo6mN;cscz^HQ9;(NE!p4?JDrMmrn-gKPwi0n4xl8 zhWxUBCfNi*xpH^1#@-Y5YcoZ5F>xP$whsZ#+64~{I>n9PWJMjUdS%qd;tmSza=EQDMfxKi;)8X)B&vjZ*rS& zJAzvVlC1*F;N`D{0|;UdZ|r6$0j@uE7T6^6KH)%>0!g^3?GO3>)$qci+(7;E`Tauw zC|3UV-v0_6QfjJLtSvcqcl3CApfNbmM*Y5-_*LewJ(FV!PL}>H6J(@+p9z1;jK3et ze>uw^=!foP40$)fn*T-pQlRD2+;YS};<`|R=iipu=HASa=2Q$bVJ-X7&eJ~I3*{QBn`lD`Ah05`orH?fswe}vTJBJxYc{r>SH~E1m_d(iZO6VRz1taIA+X`D6y}T>fHA9pz<@MSK3)nb&hibVmRX zeu1r>1L_~2+5ZkiZoAIb!2!Do(Ep2)piSQlG``V=#Jjiz&xy_p!;R zN76zOQ7X(S7dp>5b!IVfKpf&DOgZtA^1BWwt3~J)q66PtJl`B~Yp>8lbHQ2(sVqvo zhG&<%%n=y7BP;VB)<{9<>Z_l9{!=q+^1O@ni;asR{0B=$=0ZBw8eaK#1ZI>!`ktVD zX~>f8KF>+`-DbLzQhwAYWZ<$^`c*VumKbqoeZqE+LiuB=wj!JwJ% z3SSt6!e7b?(2|18S%^y&j=JG4u3mt2ToIqD@A^)iP$feH2H*UCFxZ%IaeZmT@mcKQ zhJnMUecHJd{3L3t^)nP8b8~Z!j*d?YtsCTP6@;>gebbFA9d3h-{e6wWbtR1x-6d%z zHo=uu47?YA;^lCoH*^5@W+HNkol=K~)BC(G$ybPmNq@$ZjwiJFdbmrLC*=oP5=AFfxx*zF zBl_0L^$O^og74|R0}zv9%ljKw6AOw4ldS_@+))l0xFhHFbalQ<-}q+J`a%i&S6PpN zZ)Pvf9QV}Xyubc^W7Y#X7GF%zFLkqpd=8^&`SL7oGHlmm3(eYx2N$w+y?%T%Tj?Ku znf9_XTkB;<`st#aTJMQ>)`t=j5{7@ye36M!khoW5Qeq9|5V!u87`9sHGg-!o)<#-9 zIdhazLWpMaRPb^|UIed{)@Z``fR9d&KFq!Br5Z+t0ptk?B*bw6OA7<%{K^Nzo$Z7!t6 zqZd~8qaarjpE@0-M;Pu3aLyXPY$EPH7&NC#-{{_3^#N5pVIp#w*sN2>R)G{Y<~m

8^^}3v|ps@2G zVXD8byME>=*Q@Kt_yn5^E)x}4pG15#Pw|GQXJk|{9+{*&ahdqQ6zEc}m2m-n%+H`E z>IM;YMM!Xhv1+%sfb&=|o)}EjSl1Qm?I)ZpL)hbc-Wm!Z=GNZ#6kdhD%)7`=Xf1o- zvS<@V-8OV2)8zyrT147xy>7wfhTX1b&+>@<%w_y+<3=$NC#Bs!8~rLNL%61|-;_u6 z&7PSKShSgbU6)imVMMB1EE6scCfXgc2>eM&Ohj44Uvg+(i%{1F>8m=}LuOSQ_l%=0nV#)d%LJ zLJts&UQ&WeHcwuk84JGW-#nNI_ntPr=~%M}O@wkR9xbwI8W>QXUQr#GZrT{QbLzq) z9UYyYjwQNrr*mVudg5d*28*`w_>WqQddOPu@ofJPLlVKi-rJ`ueEO zC{J&pQJVqzmNMnD)alc%GH&m0SRQ~uYwitDGZP1HQakY>!gA(1MgdD`nrsP(fbt_V zzBK|!%+Ut_ImhWbdJZvD*UA%C2PES4lzgWLprN%vtr!~773;x(Yg}46ZWT1u1+Bgn z#tkESxIHka`J<=QOvIR+YkCKFBi)DkYrLKfh>LeCe%Y9zq+OWhH93-;)79WN`}L|^ z(9cr;#eUzHsZiJUOS@>=`}*!!-Oaup5fPEWCOpQY6lD5SaduaR9ojYd(b~#l&1zhR z(gmRW!t&BrK}7J|Yua24$nHnGEL&;|XYU6Y`=GG-K$rf|PzFUgcTZR9v2&6O=pl9t#rZdrrPSqRKf46N!-vVRtn@VG~R0WY{RYN#WWY7S1j<~0xRawel^x?pEH^{!d<@2Uv1MTJRKWJNP{mJ2#dKh zAu9E~(de;58!quV=3k?{*K%g7E)5)f>>K#w+kJ|+>n4}xdp(-^t8H_eqNG2Ic@FY@ z)I|0@IUAn_*TvhFOVW}Y<#WyqF(7>xZ643ge0laR>S|8ygi+DC2;v8n+$BpHSJt1)@O64aF{usydjjUZ+R%(<<3Q=n!QNg%Fl0PE}!&yv7iM~eh}57 zw+wQ-z1t?lT{hu-i(P&!YB@>NLc|mG%qovX*w6!8BSzWG)M$L~fJvChhE?}vANtY$ z5VPgSpA&teCqnBsF0cq4lf`r1H8-Q}D+1~6Ushd0%FyJQSDDHl9e3pHFRspL(POwp zQc_dL53}9~VqSlx=$6H}do+1P1GcwHQceyX%d0%VG5$(XnlFlzD1tm}$22z6nN-Nd zBsd63efYrPv3DDvpB{d>*|kE{v2A+@*b*alI&6>a87j^Ij#V>n(kb8>c3FFR2Q%_SwCJyY@c&3%uSrA67 zQ+O6e#XcN3-Ox>cKBny0y6XXit;SK$s@SX?t9<~?WBlh{%C6Wwj9vRiJV5Rm)yN1; zvxK08Tzy`W{EYVcXLBM|TQ1!D@kUM+qOFI+KK~j|sb0uZo6R08T#Co@s60U!bkLOC zx$PfViyCA#wn*29vJ*?g?>`LJExZfA_&}I`GL*49rUoEx*pADvR zw37oo&VJ>3)L8^jSJsDI@Llo5hsR#NiT~Lj;_JHse8r_Fi|HGkT%Qa6zB$uQ((-AbI~{3NyfZo3bOVoQN_(qYDxj% z(u>p}HaOXRr;C5&Wp|2qJ=2R@B*dx21j(rv16 z7fB&k`XdNefpbY9;{^riXOW>`HW39yJZEvbhaM1u|2Z?^%NsPw*EOhR8gn*l)VL!Bs?(f3dutzU=>kwDu(2W%1bqVid&~ zn7Ya2s&kP{Cd=EB8e{u}oAASFc(HGUsFW^JQH!EG+;2UCLQW?t9!EU$wQG)(ce=i0V&C4xW&fQ= zba%QF=?&1_FS$i}bb|?I;xL#8S=u}Qi-ReBd&-(e;y^9x?y#;0QJ-6}Kr)cp^ z$N3kcyGo=$Khm)eh0~&qIJGz5=FY|R7rF!=#}nD7VJDuPJ+taPA z9>Z}%U|%ArBVRq4i1Ad+#2KoxaJ*qCJcfHe3~HzXgIcR3Ng#lW;~%RMH0jO|p3;L= zoC6Iv_7ny3%5z3GXQNBE7=1fNWVCL2_X=N4PEM9%l;h|zINw6o)^!g)6ohdSF)M(i zyb3?*1S$bPG334AWQKIMK~K!KO9x0jL;J&JhdNO*QPJAB-9-<+o} zh@`0*+lf`yQC5WV>UTA-(bsq-YM-e-wBDUlwt|9!E{UqOgX=%49Un(BRHD5vYsK;0 zt{w!o0pkd?{m;em$0st&QBT3V#y@%e*R4?OWceHjY=c8*R? z?lSE!EUGcLyR8F7KlCk6)lIkmnCyKy*;~DmtKU^q5aMJLG!wD(^Gn>z^|ck(l?eZW zl}kQB3nY`Ok~g`6L;F_lOmib3o|z%*HD(O~mGM{C9?^@xz0BqhdJYUb2S)?`WCC?q z@VEC6ukRlpUWy4!7RDLh9hQHvWhoaFYx_dMbIe%n*Si*_yqT&+}o{IR5q ztUTM=x%_k9Hl@pllgKm>EI*$24O}6JhEDg@*k@+VK4b}WaUnVdzkA4xy35nd#ePr4 zsqEf?X1QoWiCOv6cS73SmmsZ8K}*k}DC|gb#jE@|T;gT(c7LPz?N0rVg-wVd1;hOpy&&ZXXe2b=>u2QzAM$V{?AJ5vS z(>Xg>dF)z{9+E}FqV;EpY*U4r^2_)Rcl!0%D9ZJqpWkhHQ+hL0gvNO}w2|T)kl3Ck zf@n*e((?15?+eD*W;M8XqE=7;u0 zi%bw{Vpr0bCZEX1T8M||nSb&oETZGF$L<>)?d|hsbOGnz6trZ*p@RBRk;d$Vp*mXKSL06tTR(&uaDsnKVvrDI>$)wFUDX zAnsaiVOJ$Be7VK&fG35BiXQkN-m9UpeuOvf!2!!QL>NbNR4@Kp)Z-YUCJSM~zT2A% zQe4s`gec(o{!?~!&-!d~lWDwl&`irC-7fh|m-rAPgs&{|TGGaSxVP0&RFcbwUBu3P zhtA*C6W_2JSy^2TnjT}|%{475)<>>tQj9hRuPhfDGmwth6r3KbP(CMe{(4^Bldc3K z<@_-thSW7RMkGgVqZ0D|x}~tLhi6j55#(+XaXC1c2qp+_L1K1~s%S$;W#5Px^#>Ar z%AQ~YCVMJ}O`4XGgHIE`9lKUQ5wbok+XP|cQ5fyL&3Zn0^2daU6RytTP@J!=Rc6se zsVwJ3-nLWjq~-dsUY&UOfLac60Mo&+wWfKdS`sHeRiX}X}z+>e{T3xO!}p? zkFP@3=bkUtxWd`bAgHx(@@Dzx0th<{!=YQ&10JpiooPW#0M0fHG$3=n)7oEalpVtq8P=vRaQl8<>q3{!-OMSOr zhwxKL=&#UuE)A|9ETtY}&C-XaCy5Bb0e-+wIdYu?ScT_KnsH&p%UgfxUl?E}TJe55 zFv^RUrwV%_C}SK7cNbw}*$?o>8{S&hCj+3X7oP6@1ArbD_V+D}$+{-Y`QzIMd-BbU zXSHFc6?}RB?eIx^1N$tMGhp+jB_3GfZTgUKTtD@09Z|Ef zT&?HQdBR=g2NA5ihn|DeXXE#Cef*QB)1b%bDyWf`p)_0fHw=*m8_tCBv=FTZo9wsi z$KV=K5Y@%0epjWn`7S-34g=071|F^!@D|ZKvo(Q>m`v3y50?IV|MG@Chu&F#SX_=Y zOt&7q7+ou7`QW@KwbzHm01*R0k(bFf7eCZ*tgmPeK8eOHKeehcGvQ&&aH(9Ys#u$0igcx8#6(Vu!iUgA@+=BeO$o5rY$`S`|-Ft7VkO z!7a4;VB&b5Ub-ZgET&@e(K&-^15osgEI9_qHGKC;7v6sAPfemQsO9NloqH-=aOzTU zyY1vTs1TIj17o4@T+m1gW{f_t)RIaXlUAs-q;j}`XFEGqygonh^l=p9%SVr3uQ){9 zRWe_*cN;c%jp*3~joFG=H;(eScq(8ay!XDnR%UD2 zhjEx8GctHXI>@#}p#jm&Ro7i&Gi~9*3vLRAI|p4qj>QNvAT6JX84L5!QOzzbEx`y> zQ}PXO@uEMXImEGJnIC#Ar?I?v&9YGjmMz| z>zaht77LvRiVrc2WnaG9fjLV;w zG0%LC2#)(nAW$EUOnwX`Ue$Ei7yW_($-vtEN=RaNc$LQ>1~b^`K99NhL9A)rT6}Gx zmnz`4&5s65oaxg7<046?R~eJ8G;fxs);V&bCPLHN(IL2)tkkM=Nt)ElY|j};2Axgq z{WogYYR1p@PuYsb!4JQSKa}lrfY=h2zRSn1f!+O9Oed>O4-y8=zat`|4l-69I(*0& zWUTGs+YlEHyu4m*j^-N?lS zMzpI%iNRQMPB#ECU!FRF!)ET`RPL(CCcE%q?b3uR#jK8^fi+FV8M$0YKMkFMh$7*H z4JAM7`Yd8xR@D;5V)WSI`a6aE>X&4)=(45;8hS;<#CixW%R?dc&Y81Pqf6%qx!grR z%P!-u5m6F(d3lp)h9Eef-o;xD3NbIPa}*vwe*7i4x?8b!_IZqd;mU(mU>w?5oqHw2 z`D$ry#QlWys{e5NZR@XmgG_ES%w^%G)L6C3eObjQ(*>;Ja29uHr?5jxL+_jwmA08DOx3dZPDObjg6+NV-ggY zCFZ9(;u|RJa`<`sE9F1(d@%%>t492cBW14x;0%<-kj$3Pq>-7KY59t*(>4NGb@YDy zGPn34v=qoy42A9CaYipI3!?mTq7r+Xe}+d!pei!s-Wvr!CzbKjR&3JG6R*<>qt>~=r*zet(O^;Lb@ zLfS^4so<>Hc@7oi21Z(;EvxlVcPy1PT$Fyoq{8hDOV-K#_r9_b*e`KSMU*i)_ZUWm z^Yg#&iO;CK26DG@Dv9oJ{XLP2jKWsjcc;UK@awU)F-YIXI(9Sk%@3u7*+Q@r9FVdNKB-Q|9M}!cDEs$@W-byT#0oXy0Fs9qo-X-bQP3H$^svb znrW-c!bM@wCOkkS30Nny6jJS{YlF1Lg@!UwAj12cufr z*7!RkYo(t*9^fF`a%FPPfRBzibftk<<^VVTZq3U5ZFB0hJ4Q!Hm$_$LFtLkMx3 zMmKQ9?)Vu033sdhE8|c8+D}O~x$&1h zdkR!o5dzP5i)gAKFAtqdK;@V0GH$#7_E{XSg)1p0Xz07ib!U=9mW7h#ubV8C~fI5pM8MKHg+Hr-R%wz|I9H0{ob&Lqad1(uYT zz9uwI7+7kvDUrZoYB8wnGnRHCpP4wRkAzjOLC({^5&B4tlnt#|$#4PC5c|l8E%Ds+ zI{i1$a|2u`^Zh<5yZ5V=`I#@}EBb`oG#$La0V2K?GAMEKH7)V+8_&jQd6A>>Rfoe} z%oWYd>p)XDIsU3AbD%j|nfcoN`uh4irKi|6s8fX{4B_qrqPg4x)Xw>_Z=CNJc>`W= zx|u73W{3$p%6wJtK5Hk7gs&~&!^_n6A^Gs8Sn1sTI+(vIw8Nf;6Uv`<7 zo}rWwsa!aKaL=#R#-{7hTO{hmHoHiCmVWp4?X3tIy|bV6?{&fZ8v?7%EG?xe%9V_J zk0JP{j0Ve{^u>FUlrX(Hdpk94Xh|{%r}QvG5SCV%IkAc6m8;!jM0qpzD>)~xA=&1m zsocaxL`eq<;8d7AR<=WQy5k$Vm(s zo67ByOwLhz?Rr=euEw@hS@{jd_WG7zNlzu;f^o!2_3NgS=C7wNPwB-eD1vV`M%&G2 zPcVT1na|vBXyusCzGNE>+mn>zrM73;lqiM>hOvGAl%=dI`c2{Ssh&zEVz%N%x8NqK zhj4GT4K(dJ3KvV-QF9`4%+h)9z5ZF;p|TJ6j#{3T4(ZM#;>Wp&o&f>1(~-u@h_1C; zv?QE)*}WfZ-!Ho$N0ryagp)e2WG^pt+w=~}P?_3S^VV&=|K6EAKZY~4Ys(`lfG@dr zC4D0QA%t(!N;>6}1?Dxzke^{|E8zRb{e$RN>=%B-Do*HfM+YVGQd8mpF*M8P4hA#U%LTGHsj+2%!T9kICG>Po+qZ>3A59 rI4?nWjKNSbMX(HU^0m&T4QjC!ZL_| Date: Thu, 5 Oct 2023 15:59:43 +0200 Subject: [PATCH 12/15] - moved image to another folder --- mxd/3.1_MXD_tutorial1_dataexchange.md | 2 +- mxd/{ => assets}/components_contract_definition.png | Bin 2 files changed, 1 insertion(+), 1 deletion(-) rename mxd/{ => assets}/components_contract_definition.png (100%) diff --git a/mxd/3.1_MXD_tutorial1_dataexchange.md b/mxd/3.1_MXD_tutorial1_dataexchange.md index 6fb2e7da..9eac881f 100644 --- a/mxd/3.1_MXD_tutorial1_dataexchange.md +++ b/mxd/3.1_MXD_tutorial1_dataexchange.md @@ -118,7 +118,7 @@ Let´s see if Alice can see the Asset. Can you find it? Once again Alice cannot find the data offer. This is by design and to be expected since Bob has only created an asset and a policy definition. An asset and a policy cannot be displayed to Alice as a consumer without a contract definition. **This is the first lesson for this tutorial: A contract must be defined between two parties that want to exchange data. This contract must always contain an asset and a policy.** -![Contract Definition](components_contract_definition.png) +![Contract Definition](assets/components_contract_definition.png) Action (Bob): Create a contract definition including the asset and the policy you have created. For this, use the following curl command: diff --git a/mxd/components_contract_definition.png b/mxd/assets/components_contract_definition.png similarity index 100% rename from mxd/components_contract_definition.png rename to mxd/assets/components_contract_definition.png From 6c8fa908974674a5211afb7fba0ffed7ff707c71 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Mon, 9 Oct 2023 10:35:12 +0200 Subject: [PATCH 13/15] - isolated tutorial 1 data exchange --- mxd/1_MXD_Introduction.md | 50 ----- mxd/2_MXD_Setup.md | 203 --------------------- mxd/3.2_MXD_tutorial2_Access_policies.md | 129 ------------- mxd/3.3_MXD_tutorial3_usage_policies.md | 68 ------- mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md | 37 ---- 5 files changed, 487 deletions(-) delete mode 100644 mxd/1_MXD_Introduction.md delete mode 100644 mxd/2_MXD_Setup.md delete mode 100644 mxd/3.2_MXD_tutorial2_Access_policies.md delete mode 100644 mxd/3.3_MXD_tutorial3_usage_policies.md delete mode 100644 mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md diff --git a/mxd/1_MXD_Introduction.md b/mxd/1_MXD_Introduction.md deleted file mode 100644 index fe143a05..00000000 --- a/mxd/1_MXD_Introduction.md +++ /dev/null @@ -1,50 +0,0 @@ -# 1 Introduction - -With the Minimum Tractus-X Dataspace, IT departments can set up their own little data space to perform a data exchange between two parties (Bob and Alice in our example). The MXD can be used as a sandbox for testing. - -For whom is that relevant? -This tutorial is designed for companies that want to perform data exchange in a "real" Catena-X data space infrastructure. - -Who should execute the tutorial? -IT-Employees with the following skills and previous experience: - -- Beginner level docker and kubernetes -- Beginner level terraform -- Basic linux system commands - -## 1.1 Components & Architecture - -By performing this tutorial a data space will be set up including the following components: - -- 2 EDC Connectors (Called Bob and Alice) -- 1 Managed Identity Wallet -- 1 Keycloak instance -- 1 Postgres data base - -## 1.2 Prerequisites - -In order to run the Minimum Tractus-X Dataspace "MXD" on your local machine, please make sure the following -preconditions are met. - -- Have a local Kubernetes runtime ready. We've tested this setup with [KinD](https://kind.sigs.k8s.io/), but other - runtimes such as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. All following instructions will assume KinD. -- Install [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli). -- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise -- basic knowledge about Helm and Kubernetes -- [Optional] a cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) -- [Optional] a graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). - Not mandatory of course, but all screenshots in this doc are created off of Lens. -- [Optional] a graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in - this guide are created off of PgAdmin. -- [Optional] a graphical tool to send REST requests, such as [Postman](https://www.postman.com/). This sample will - include Postman collections that can be imported. - -## Notice - -This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - -- SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG -- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/2_MXD_Setup.md b/mxd/2_MXD_Setup.md deleted file mode 100644 index d74810f6..00000000 --- a/mxd/2_MXD_Setup.md +++ /dev/null @@ -1,203 +0,0 @@ -# Basic dataspace setup - -The "MXD" dataspace initially consists of several components: `Alice` and `Bob` (two Tractus-X EDC connectors), -a `vault` instance each, a Postgres database, a Managed Identity Wallet app, a Keycloak instance. `Alice` and `Bob` will -be our dataspace participants. Each of them stores their secrets in their "private" vault instance, and there is a -shared Postgres server, where each of them has a database. MIW and Keycloak are "central" components, they only exist -once and are accessible by all participants. - -For the most bare-bones installation of the dataspace, execute the following commands in a shell: - -```shell -cd -kind create cluster -n mxd --config kind.config.yaml -# the next step is specific to KinD and will be different for other Kubernetes runtimes! -kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml -# wait until the ingress controller is ready -kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=90s -terraform init -terraform apply -# type "yes" and press enter when prompted to do so -``` - -Notice that the `kubectl apply` command deploys a Kubernetes Ingress Controller to the cluster and is required to reach -our applications from outside the cluster. Specifically, it deploys an NGINX ingress controller. Notice also, that the -command is *specific to KinD* and will likely not work on other Kubernetes runtimes (minikube, ...) or with other -ingress controllers! - -Wait. Then wait some more. It will take a couple of minutes until all services are booted up. If your machine is a -potato, it'll take even longer. Just get a coffee. Eventually, it should look similar to this: - -![img.png](assets/img.png) - -## Inspect terraform output - -After the `terraform` command has successfully completed, it will output a few configuration and setup values -that we will need in later steps. Please note that most values will be different on your local system. - -```shell -Outputs: - -alice-urls = { - "health" = "http://localhost/alice/health" - "management" = "http://localhost/alice/management/v2" -} -bob-node-ip = "10.96.248.22" -bob-urls = { - "health" = "http://localhost/bob/health" - "management" = "http://localhost/bob/management/v2" -} -connector1-aeskey = "R3BDWGF4SWFYZigmVj0oIQ==" -connector1-client-secret = "W3s1OikqRkxCbltfNDBmRg==" -connector2-aeskey = "JHJISjZAS0tSKlNYajJTZA==" -connector2-client-secret = "enFFUlkwQyZiJSRLQSohYg==" -keycloak-database-credentials = { - "database" = "miw" - "password" = "Tn*iwPEuCgO@d==R" - "user" = "miw_user" -} -keycloak-ip = "10.96.103.80" -miw-database-pwd = { - "database" = "keycloak" - "password" = "W:z)*mnHdy(DTV?+" - "user" = "keycloak_user" -} -postgres-url = "jdbc:postgresql://10.96.195.240:5432/" -``` - -## Inspect the databases - -Please be aware, that all services and applications that were deployed in the previous step, are **not** accessible from -outside the Kubernetes cluster. That means, for example, the Postgres database cannot be reached out-of-the-box. - -Naturally there are several ways to enable access to those services (Load balancers, Ingresses, etc.) but for the sake -of simplicity we will use a plain Kubernetes port-forwarding: - -```shell -kubectl port-forward postgres-5b788f6bdd-bvt9b 5432:5423 -``` - -> Note that the actual pod name will be slightly different in your local cluster. - -Then, using PgAdmin, connect to the Postgres server at `jdbc:postgresql://localhost:5432/` using `user=postgres` -and `password=postgres`: - -![img_1.png](assets/scr_pgadmin1.png) - -Every service in the cluster has their own database, but for the sake of simplicity, they are hosted in one Postgres -server. We will show in later sections, how the databases can be segregated out. Feel free to -inspect all the databases and tables, but there is not much data in there yet. There is just a few automatically seeded -assets, policies and contract definitions. - -## Verify your local installation - -In order to check that the connectors were deployed successfully, please execute the following commands in a shell: - -```shell -curl -X GET http://localhost/bob/health/api/check/liveness -curl -X GET http://localhost/alice/health/api/check/liveness -``` - -which should return something similar to this, the important part being the `isSystemHealthy: true` bit: - -```json -{ - "componentResults": [ - { - "failure": null, - "component": "Observability API", - "isHealthy": true - }, - { - "failure": null, - "component": null, - "isHealthy": true - } - ], - "isSystemHealthy": true -} -``` - -Once we've established the basic readiness of our connectors, we can move on to inspect a few data items: - -```shell -curl -X POST http://localhost/bob/management/v3/assets/request -H "x-api-key: password" -H "content-type: application/json" -``` - -This queries the `/assets` endpoint returning the entire list of assets that `bob` currently maintains. You should see -something like - -```json -[ - { - "@id": "1", - "@type": "edc:Asset", - "edc:properties": { - "edc:description": "Product EDC Demo Asset 1", - "edc:id": "1" - }, - "edc:dataAddress": { - "@type": "edc:DataAddress", - "edc:proxyPath": "true", - "edc:type": "HttpData", - "edc:proxyQueryParams": "true", - "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" - }, - "@context": { - "dct": "https://purl.org/dc/terms/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" - } - }, - { - "@id": "2", - "@type": "edc:Asset", - "edc:properties": { - "edc:description": "Product EDC Demo Asset 2", - "edc:id": "2" - }, - "edc:dataAddress": { - "@type": "edc:DataAddress", - "edc:proxyPath": "true", - "edc:type": "HttpData", - "edc:proxyQueryParams": "true", - "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" - }, - "@context": { - "dct": "https://purl.org/dc/terms/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" - } - } -] -``` - -Note: the same thing can be done to inspect policies and contract definitions. The respective `curl` commands are: - -```shell -# policies: -curl -X POST http://localhost/bob/management/v2/policydefinitions/request -H "x-api-key: password" -H "content-type: application/json" -# contract defs: -curl -X POST http://localhost/bob/management/v2/contractdefinitions/request -H "x-api-key: password" -H "content-type: application/json" -``` - -Alternatively, please check out the [Postman collections here](./postman) - -## Notice - -This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - -- SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG -- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.2_MXD_tutorial2_Access_policies.md b/mxd/3.2_MXD_tutorial2_Access_policies.md deleted file mode 100644 index bf2e02b1..00000000 --- a/mxd/3.2_MXD_tutorial2_Access_policies.md +++ /dev/null @@ -1,129 +0,0 @@ -# Restricting users from accessing an asset - -Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset. The data asset should have the following properties: - -| ID | 4 | -|-------------|----------------------------------------------------------------------------------------------| -| Description | Product EDC Demo Asset 4 | -| Type | HttpData | -| URL | [https://jsonplaceholder.typicode.com/todos/4](https://jsonplaceholder.typicode.com/todos/4) | - -Action (Bob): Create an asset using the following curl command: - -```shell -curl --location 'http://localhost/bob/management/v2/assets' \ ---header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ ---data-raw '{ - "@context": {}, - "asset": { - "@type": "Asset", - "@id": "4", - "properties": { - "description": "Product EDC Demo Asset 4" - } - }, - "dataAddress": { - "@type": "DataAddress", - "type": "HttpData", - "baseUrl": "https://jsonplaceholder.typicode.com/todos/4" - } -}' -``` - -Now that the asset is created, a policy must be created to define who can access the asset. This time Bob does not want Alice to see and access the asset. So he defines a policy not allowing Alice to access his asset. - -Action (Bob): Create the access policy using the following curl command: - -```shell -curl --location 'http://localhost/bob/management/v2/policydefinitions' \ ---header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ ---data-raw '{ - "@context": { - "odrl": "http://www.w3.org/ns/odrl/2/" - }, - "@type": "PolicyDefinitionRequestDto", - "@id": "4", - "policy": { - "@type": "Policy", - "odrl:permission": [ - { - "odrl:action": "USE", - "odrl:constraint": { - "@type": "LogicalConstraint", - "odrl:or": [ - { - "@type": "Constraint", - "odrl:leftOperand": "BusinessPartnerNumber", - "odrl:operator": { - "@id": "odrl:eq" - }, - "odrl:rightOperand": "BPNL000000000003" - } - ] - } - } - ] - } -}' -``` - -Lastly, the asset and the access policy must be combined in a contract definition. -Action (Bob): Create a contract definition including the asset and the policy you´ve created. For this, use the following curl command: - -```shell -curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ ---header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ ---data-raw '{ - "@context": {}, - "@id": "4", - "@type": "ContractDefinition", - "accessPolicyId": "4", - "contractPolicyId": "4", - "assetsSelector" : { - "@type" : "CriterionDto", - "operandLeft": "https://w3id.org/edc/v0.0.1/ns/id", - "operator": "=", - "operandRight": "4" - } -}' -``` - -Let´s see if Alice can see the Asset. - -Action (Alice): Execute a request using the following curl command - -```shell -curl --location 'http://localhost/alice/management/v2/catalog/request' \ ---header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ ---data-raw '{ - "@context": {}, - "protocol": "dataspace-protocol-http", - "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", - "querySpec": { - "offset": 0, - "limit": 100, - "filter": "", - "range": { - "from": 0, - "to": 100 - }, - "criterion": "" - } -}' -``` - -Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. If Bob to enable Alice to see his asset, he can simply adjust the policy definition and add Alice BPN (BPNL000000000001) to the list of BPNs. - -## Notice - -This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - -- SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG -- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.3_MXD_tutorial3_usage_policies.md b/mxd/3.3_MXD_tutorial3_usage_policies.md deleted file mode 100644 index 553c47d6..00000000 --- a/mxd/3.3_MXD_tutorial3_usage_policies.md +++ /dev/null @@ -1,68 +0,0 @@ -# Restricting users from using an asset - -Bob will once again be the data provider and Alice is interested in Bob’s data assets. Bob, as a data provider, creates an asset. The data asset should have the following properties: - -| ID | 3 | -|-------------|----------------------------------------------------------------------------------------------| -| Description | Tractus-X EDC Demo Asset 3 | -| Type | HttpData | -| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/3) | - -Action (Bob): Create this asset using the following curl command: - -```shell -curl -X POST "${BOB_DATAMGMT_URL}/data/assets" \ - --header 'X-Api-Key: password' \ - --header 'Content-Type: application/json' \ - --data '{ - "asset": { - "properties": { - "asset:prop:id": "3", - "asset:prop:description": "Tractus-X EDC Demo Asset 3" - } - }, - "dataAddress": { - "properties": { - "type": "HttpData", - "baseUrl": "https://jsonplaceholder.typicode.com/todos/2" - } - } - }' \ - -s -o /dev/null -w 'Response Code: %{http_code}\n' -``` - -Now that the asset is created, Bob needs to create a policy specifying who can access and use the asset. Consequently, Bob has to create a combined policy enforcing usage and access control. - -Action (Bob): Create a policy restricting the access to the asset and the usage of the asset using a dismantler credential. - -Add curl command - -Action (Bob): Create the contract definition. - -Add curl command - -Alice wants to access the asset. Alice fetches catalog. - -Action (Alice): Fetch data catalog using cURL command: - -Add curl command - -Alice can access Bob’s asset. Following, Alice wants to consume the data offer and initiates the contract negotiation. - -Add curl command - -Unfortunately, the request fails. Alice does not have the necessary dismantler credential. - -As you can see in this section of the tutorial you can protect your offered data even beyond the access restriction. With a usage policy you are able to specify what the offered data can be used for, e.g. the traceability use case. - -ToDo: Positive outcome hier einfügen, Weg über das Erlangen des richtigen credentials. - -## Notice - -This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - -- SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG -- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) diff --git a/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md b/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md deleted file mode 100644 index 5ebda24c..00000000 --- a/mxd/3.4_MXD_tutorial4_EDR_API_tutorial4.md +++ /dev/null @@ -1,37 +0,0 @@ -# Exchange data using APIs - -In this tutorial Bob wants to consume data (asset name) from Alice. Bob as the data consumer requests a contract offer using the **management API**. - -| ID | 4 | -|-------------|----------------------------------------------------------------------------------------------| -| Description | Tractus-X EDC Second Asset with Access Policy | -| Type | HttpData | -| URL | [https://jsonplaceholder.typicode.com/todos/1](https://jsonplaceholder.typicode.com/todos/4) | - -Action (Bob): Request Alice's data asset (asset name) with the following postman prompt: - -```shell -@Code -``` - -Story: The data transfer is unsuccessful. @Hemant: Where can Bob see what happend? - -Action (Bob): Check logs/protocol/ transfer history - -```shell -@Code -``` - -Maybe add a first step where Alice creates a contract offer using (asset name) using postman. Start Bob's steps afterwards. Result: transfer failed. Analysis with postan possible? If so, state result. - -Show second option using EDR API to access the asset, combining the two steps of contract negotiation and transfer initiation. Process fails again, but EDR API shows what the problem is. Problem identified: data sink endpoint missing/wrong. Solution add the correct data sink endpoint, initiate transfer again. Recieve and display sent data. - -## Notice - -This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - -- SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG -- Source URL: [https://github.com/eclipse-tractusx/tutorial-resources](https://github.com/eclipse-tractusx/tutorial-resources) From 0f5c821b597f692f1ef33cb3449bd7d65f0c8c87 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Tue, 24 Oct 2023 18:23:50 +0200 Subject: [PATCH 14/15] - addressed PR change requests --- mxd/3.1_MXD_tutorial1_dataexchange.md | 48 ++++++++---------- mxd/assets/components_contract_definition.png | Bin 14949 -> 0 bytes 2 files changed, 22 insertions(+), 26 deletions(-) delete mode 100644 mxd/assets/components_contract_definition.png diff --git a/mxd/3.1_MXD_tutorial1_dataexchange.md b/mxd/3.1_MXD_tutorial1_dataexchange.md index 9eac881f..966cc0cd 100644 --- a/mxd/3.1_MXD_tutorial1_dataexchange.md +++ b/mxd/3.1_MXD_tutorial1_dataexchange.md @@ -1,24 +1,15 @@ # Provide and consume data -As described in the introduction, a data exchange between Bob (Data Provider) and Alice (Data Consumer) is to be tested. - -To maximize the benefit from this tutorial it is recommended to follow the tutorial in the given order. +As described in the introduction, Bob (Data Provider) wants to exchange data with Alice (Data Consumer). ## Provide data -In this step we will focus on inserting data into our participant Alice using +In this step we will focus on inserting data into our provider connector (Alice) using the [Management API](https://app.swaggerhub.com/apis/eclipse-edc-bot/management-api). We will use plain CLI tools (`curl`) for this, but feel free to use graphical tools such as Postman or Insomnia. -Alice, as a data consumer, wants to consume data from Bob. Bob, as a data provider, needs to create an asset for Alice. The data asset should have the following properties: - -| ID | 3 | -|-------------|----------------------------------------------------------------------------------------------| -| Description | Product EDC Demo Asset 3 | -| Type | HttpData | -| URL | [https://jsonplaceholder.typicode.com/todos/3](https://jsonplaceholder.typicode.com/todos/3) | - -Action (Bob): Create this asset using the following curl command: +Alice, as a data consumer, wants to consume data from Bob. Bob, as a data provider, needs to create an asset for Alice. +Action (Bob): Create this asset using the following `curl` command: ```shell curl --location 'http://localhost/bob/management/v2/assets' \ @@ -41,9 +32,9 @@ curl --location 'http://localhost/bob/management/v2/assets' \ }' ``` -Bob tells Alice, that he created an asset, and she should now be able to request it. In the next step, Alice requests a contract offer catalog. In this catalog, all contract offers for Alice are listed. +Bob tells Alice, that he created an asset, and she should now be able to request it. In the next step, Alice requests a contract offer catalog. In the catalog, all contract offers for Alice are listed. -Action (Alice): Execute a request using the following curl commands: +Action (Alice): Execute a request using the following `curl` commands: ```shell curl --location 'http://localhost/alice/management/v2/catalog/request' \ @@ -66,13 +57,13 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ }' ``` -Let´s see if Alice can see the Asset (ID:3). Can you find it? +Let´s see if Alice can see the Asset (ID:3). As you can see in the response, the data offer "Product EDC Demo Asset 3" (asset ID:3) does not appear. Unfortunately, Alice sees some contract offers but she cannot find the contract offer from Bob. Alice calls Bob and says she can´t see the asset. Bob remembers that he did not create an access policy. An access policy defines who is allowed to see a data offering. -Action (Bob): Create the access policy using the following curl command: +Action (Bob): Create the access policy using the following `curl` command: ```shell curl --location 'http://localhost/bob/management/v2/policydefinitions' \ @@ -90,7 +81,9 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ }' ``` -Bob tells Alice that he has created the right policy. Let´s see if Alice can now find the data asset. Execute the request again using the following curl command: +Now that Bob created an access policy, Alice can once again try to access Bob's asset. + +Action (Alice): Execute the request again using the following `curl` command: ```shell curl --location 'http://localhost/alice/management/v2/catalog/request' \ @@ -113,18 +106,21 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ }' ``` -Let´s see if Alice can see the Asset. Can you find it? +Let´s see if Alice can see the Asset. Once again Alice cannot find the data offer. This is by design and to be expected since Bob has only created an asset and a policy definition. An asset and a policy cannot be displayed to Alice as a consumer without a contract definition. -**This is the first lesson for this tutorial: A contract must be defined between two parties that want to exchange data. This contract must always contain an asset and a policy.** +**This is the first lesson for this tutorial: A contract definition must be created on the data provider side. It must always contain an asset, an access policy and a contract policy.** -![Contract Definition](assets/components_contract_definition.png) +Contract definitions state how assets and policies are linked together. Contract definitions express under what conditions an asset is published to a data space. Those conditions are comprised of a contract policy and an access policy. Those policies are referenced by ID, that means they must already exist in the policy store before creating the contract definition. -Action (Bob): Create a contract definition including the asset and the policy you have created. For this, use the following curl command: +- Access policy: determines whether a particular consumer is offered an asset or not. For example, we may want to restrict certain assets such that only selected consumers from a list of slescted partners can access the asset. This can be done using a unique identifier such as the Business Partner Nukber (BPN). Other dta space participants than those whose BPN is listed in the access policy wouldn't even have the assets in their catalog. +- Contract policy: determines the conditions for initiating a contract negotiation for a particular asset. Note that does not automatically guarantee the successful creation of a contract, it merely expresses the eligibility to start the negotiation. -```shell -This is the correct curl +Find additional information on transferring data in the [Developer's Handbook](https://github.com/eclipse-edc/docs/blob/main/developer/handbook.md). + +Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following `curl` command: +```shell curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: password' \ @@ -144,7 +140,7 @@ curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ ``` Let´s see if Alice can finally see the Asset. -action (Alice): Execute the request again using the following curl command: +Action (Alice): Execute the request again using the following `curl` command: ```shell curl --location 'http://localhost/alice/management/v2/catalog/request' \ @@ -168,7 +164,7 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ ``` Finally Alice can see the Contract Offer from Bob. -Congratulations on yor first successful data exchange in your own data sapce! +Congratulations on yor first successful data exchange in your own data space! ## Notice diff --git a/mxd/assets/components_contract_definition.png b/mxd/assets/components_contract_definition.png deleted file mode 100644 index c3c067aeb4f48444c2c71d95742052bada42889b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14949 zcmeHu2{_bm_cuyJB5NT_MaeoCBJ0>H+hE4NWEqTQXpEgGTO}k}BFiLge$Rc*x$krCbI#}7_iz=ir^P_WNk>6J z!EpABx*-JxB@#S$(e44iAvZ&9zz3z5p%#pyxPyC)f`T21(=f%k`#GZBP!s}EYFkeN zk`m4yUN`|Mbpc694L6iM4(ovdkAUv(;ed8Tqa3!zBqb!JL?IHQ5>Nz0NJ<5x zoS3YHocR{NtrH5ftw`4+0PW^xD)rt29Qr^pF!yA2uP}dXE(Gf3Vdjx>|H&`A`Vzv zUoo@?V3&l5$%sJ#NzEDS;SQKIArNUX2{EXw6jV%7S_+K(W~8PhR7^??0%%6Ij<#6z zFVm6jN8xOpwrp2Fi*%6C!5T`*V0{f?Zf16B-eh+H9v>9e3k@8$>As!G$pbilPt+FG z0p)|X2P=^jkkSy4Pz7V;A1O5lw5=1?)*ZZHY{5!5HNb%nMZto|8qnL0he)9y5;Ai3 zqNgNL_M$Qlc9NnJQjQQ&2viCsE8~cg06%}OeP<4LKP{}Sr?aky1Ii7kbnx4nM()(6 z1R(ft5uh?)M)IUi*gsAC8^H)2u)RLWww#kU+5zRYCA+;`oQH=S4(<7SqP+(O148O| zjJ8-TITAMQ-IjIqaN99GL7v$c11!g_dPw&%lmU^ce~M7!;dnr&7uXIl`mTbegXzi!`_gLmAF_3!`_{j$5i z4(~9z`>CPa$h)xP;q7@q)cy0a+m7?J#r`Sh{%_QYx|#S&IXRm8K}=lLWqox_bmb5` zap+^~=DqE90ZAD*U?|KJSmA~9-`)+G3*Kb&VeYnACp1U}RS8cJXWOr$I1f)ilHMfY zP<}X3TQ{^5nadum9EAmpn^Xssy$9A7x0y?-V0%zlH#FE9a*f#051yRJ^X#m`Zik@e zfx%&IL6}KOsG}Uw81$x^?X?2;{)ur%63~DNzt`rB{d3AcW2GC)5iCvh)TWt0(Y8x= zRI1zJKrxh1_3}c2Rc<-)j~4N7obnf^czU>@?fw6FUUJg^ww02gp5f3S&s4WINquwo zVB1@!zGWrM18_OIZRQ356F0CWj$jA2s{{npxy^S?TX(b@xxSo1x%r^TTET!b&K>Zp zL%^f2Ga837^0WoDQA*txlqo>l%6{@9P}`;I4+4FY^tZF^x17^L0T{qxf%OvG8l`0= zwx-#xeNr;p@4mlOk{z1!FGWOdo6mN;cscz^HQ9;(NE!p4?JDrMmrn-gKPwi0n4xl8 zhWxUBCfNi*xpH^1#@-Y5YcoZ5F>xP$whsZ#+64~{I>n9PWJMjUdS%qd;tmSza=EQDMfxKi;)8X)B&vjZ*rS& zJAzvVlC1*F;N`D{0|;UdZ|r6$0j@uE7T6^6KH)%>0!g^3?GO3>)$qci+(7;E`Tauw zC|3UV-v0_6QfjJLtSvcqcl3CApfNbmM*Y5-_*LewJ(FV!PL}>H6J(@+p9z1;jK3et ze>uw^=!foP40$)fn*T-pQlRD2+;YS};<`|R=iipu=HASa=2Q$bVJ-X7&eJ~I3*{QBn`lD`Ah05`orH?fswe}vTJBJxYc{r>SH~E1m_d(iZO6VRz1taIA+X`D6y}T>fHA9pz<@MSK3)nb&hibVmRX zeu1r>1L_~2+5ZkiZoAIb!2!Do(Ep2)piSQlG``V=#Jjiz&xy_p!;R zN76zOQ7X(S7dp>5b!IVfKpf&DOgZtA^1BWwt3~J)q66PtJl`B~Yp>8lbHQ2(sVqvo zhG&<%%n=y7BP;VB)<{9<>Z_l9{!=q+^1O@ni;asR{0B=$=0ZBw8eaK#1ZI>!`ktVD zX~>f8KF>+`-DbLzQhwAYWZ<$^`c*VumKbqoeZqE+LiuB=wj!JwJ% z3SSt6!e7b?(2|18S%^y&j=JG4u3mt2ToIqD@A^)iP$feH2H*UCFxZ%IaeZmT@mcKQ zhJnMUecHJd{3L3t^)nP8b8~Z!j*d?YtsCTP6@;>gebbFA9d3h-{e6wWbtR1x-6d%z zHo=uu47?YA;^lCoH*^5@W+HNkol=K~)BC(G$ybPmNq@$ZjwiJFdbmrLC*=oP5=AFfxx*zF zBl_0L^$O^og74|R0}zv9%ljKw6AOw4ldS_@+))l0xFhHFbalQ<-}q+J`a%i&S6PpN zZ)Pvf9QV}Xyubc^W7Y#X7GF%zFLkqpd=8^&`SL7oGHlmm3(eYx2N$w+y?%T%Tj?Ku znf9_XTkB;<`st#aTJMQ>)`t=j5{7@ye36M!khoW5Qeq9|5V!u87`9sHGg-!o)<#-9 zIdhazLWpMaRPb^|UIed{)@Z``fR9d&KFq!Br5Z+t0ptk?B*bw6OA7<%{K^Nzo$Z7!t6 zqZd~8qaarjpE@0-M;Pu3aLyXPY$EPH7&NC#-{{_3^#N5pVIp#w*sN2>R)G{Y<~m

8^^}3v|ps@2G zVXD8byME>=*Q@Kt_yn5^E)x}4pG15#Pw|GQXJk|{9+{*&ahdqQ6zEc}m2m-n%+H`E z>IM;YMM!Xhv1+%sfb&=|o)}EjSl1Qm?I)ZpL)hbc-Wm!Z=GNZ#6kdhD%)7`=Xf1o- zvS<@V-8OV2)8zyrT147xy>7wfhTX1b&+>@<%w_y+<3=$NC#Bs!8~rLNL%61|-;_u6 z&7PSKShSgbU6)imVMMB1EE6scCfXgc2>eM&Ohj44Uvg+(i%{1F>8m=}LuOSQ_l%=0nV#)d%LJ zLJts&UQ&WeHcwuk84JGW-#nNI_ntPr=~%M}O@wkR9xbwI8W>QXUQr#GZrT{QbLzq) z9UYyYjwQNrr*mVudg5d*28*`w_>WqQddOPu@ofJPLlVKi-rJ`ueEO zC{J&pQJVqzmNMnD)alc%GH&m0SRQ~uYwitDGZP1HQakY>!gA(1MgdD`nrsP(fbt_V zzBK|!%+Ut_ImhWbdJZvD*UA%C2PES4lzgWLprN%vtr!~773;x(Yg}46ZWT1u1+Bgn z#tkESxIHka`J<=QOvIR+YkCKFBi)DkYrLKfh>LeCe%Y9zq+OWhH93-;)79WN`}L|^ z(9cr;#eUzHsZiJUOS@>=`}*!!-Oaup5fPEWCOpQY6lD5SaduaR9ojYd(b~#l&1zhR z(gmRW!t&BrK}7J|Yua24$nHnGEL&;|XYU6Y`=GG-K$rf|PzFUgcTZR9v2&6O=pl9t#rZdrrPSqRKf46N!-vVRtn@VG~R0WY{RYN#WWY7S1j<~0xRawel^x?pEH^{!d<@2Uv1MTJRKWJNP{mJ2#dKh zAu9E~(de;58!quV=3k?{*K%g7E)5)f>>K#w+kJ|+>n4}xdp(-^t8H_eqNG2Ic@FY@ z)I|0@IUAn_*TvhFOVW}Y<#WyqF(7>xZ643ge0laR>S|8ygi+DC2;v8n+$BpHSJt1)@O64aF{usydjjUZ+R%(<<3Q=n!QNg%Fl0PE}!&yv7iM~eh}57 zw+wQ-z1t?lT{hu-i(P&!YB@>NLc|mG%qovX*w6!8BSzWG)M$L~fJvChhE?}vANtY$ z5VPgSpA&teCqnBsF0cq4lf`r1H8-Q}D+1~6Ushd0%FyJQSDDHl9e3pHFRspL(POwp zQc_dL53}9~VqSlx=$6H}do+1P1GcwHQceyX%d0%VG5$(XnlFlzD1tm}$22z6nN-Nd zBsd63efYrPv3DDvpB{d>*|kE{v2A+@*b*alI&6>a87j^Ij#V>n(kb8>c3FFR2Q%_SwCJyY@c&3%uSrA67 zQ+O6e#XcN3-Ox>cKBny0y6XXit;SK$s@SX?t9<~?WBlh{%C6Wwj9vRiJV5Rm)yN1; zvxK08Tzy`W{EYVcXLBM|TQ1!D@kUM+qOFI+KK~j|sb0uZo6R08T#Co@s60U!bkLOC zx$PfViyCA#wn*29vJ*?g?>`LJExZfA_&}I`GL*49rUoEx*pADvR zw37oo&VJ>3)L8^jSJsDI@Llo5hsR#NiT~Lj;_JHse8r_Fi|HGkT%Qa6zB$uQ((-AbI~{3NyfZo3bOVoQN_(qYDxj% z(u>p}HaOXRr;C5&Wp|2qJ=2R@B*dx21j(rv16 z7fB&k`XdNefpbY9;{^riXOW>`HW39yJZEvbhaM1u|2Z?^%NsPw*EOhR8gn*l)VL!Bs?(f3dutzU=>kwDu(2W%1bqVid&~ zn7Ya2s&kP{Cd=EB8e{u}oAASFc(HGUsFW^JQH!EG+;2UCLQW?t9!EU$wQG)(ce=i0V&C4xW&fQ= zba%QF=?&1_FS$i}bb|?I;xL#8S=u}Qi-ReBd&-(e;y^9x?y#;0QJ-6}Kr)cp^ z$N3kcyGo=$Khm)eh0~&qIJGz5=FY|R7rF!=#}nD7VJDuPJ+taPA z9>Z}%U|%ArBVRq4i1Ad+#2KoxaJ*qCJcfHe3~HzXgIcR3Ng#lW;~%RMH0jO|p3;L= zoC6Iv_7ny3%5z3GXQNBE7=1fNWVCL2_X=N4PEM9%l;h|zINw6o)^!g)6ohdSF)M(i zyb3?*1S$bPG334AWQKIMK~K!KO9x0jL;J&JhdNO*QPJAB-9-<+o} zh@`0*+lf`yQC5WV>UTA-(bsq-YM-e-wBDUlwt|9!E{UqOgX=%49Un(BRHD5vYsK;0 zt{w!o0pkd?{m;em$0st&QBT3V#y@%e*R4?OWceHjY=c8*R? z?lSE!EUGcLyR8F7KlCk6)lIkmnCyKy*;~DmtKU^q5aMJLG!wD(^Gn>z^|ck(l?eZW zl}kQB3nY`Ok~g`6L;F_lOmib3o|z%*HD(O~mGM{C9?^@xz0BqhdJYUb2S)?`WCC?q z@VEC6ukRlpUWy4!7RDLh9hQHvWhoaFYx_dMbIe%n*Si*_yqT&+}o{IR5q ztUTM=x%_k9Hl@pllgKm>EI*$24O}6JhEDg@*k@+VK4b}WaUnVdzkA4xy35nd#ePr4 zsqEf?X1QoWiCOv6cS73SmmsZ8K}*k}DC|gb#jE@|T;gT(c7LPz?N0rVg-wVd1;hOpy&&ZXXe2b=>u2QzAM$V{?AJ5vS z(>Xg>dF)z{9+E}FqV;EpY*U4r^2_)Rcl!0%D9ZJqpWkhHQ+hL0gvNO}w2|T)kl3Ck zf@n*e((?15?+eD*W;M8XqE=7;u0 zi%bw{Vpr0bCZEX1T8M||nSb&oETZGF$L<>)?d|hsbOGnz6trZ*p@RBRk;d$Vp*mXKSL06tTR(&uaDsnKVvrDI>$)wFUDX zAnsaiVOJ$Be7VK&fG35BiXQkN-m9UpeuOvf!2!!QL>NbNR4@Kp)Z-YUCJSM~zT2A% zQe4s`gec(o{!?~!&-!d~lWDwl&`irC-7fh|m-rAPgs&{|TGGaSxVP0&RFcbwUBu3P zhtA*C6W_2JSy^2TnjT}|%{475)<>>tQj9hRuPhfDGmwth6r3KbP(CMe{(4^Bldc3K z<@_-thSW7RMkGgVqZ0D|x}~tLhi6j55#(+XaXC1c2qp+_L1K1~s%S$;W#5Px^#>Ar z%AQ~YCVMJ}O`4XGgHIE`9lKUQ5wbok+XP|cQ5fyL&3Zn0^2daU6RytTP@J!=Rc6se zsVwJ3-nLWjq~-dsUY&UOfLac60Mo&+wWfKdS`sHeRiX}X}z+>e{T3xO!}p? zkFP@3=bkUtxWd`bAgHx(@@Dzx0th<{!=YQ&10JpiooPW#0M0fHG$3=n)7oEalpVtq8P=vRaQl8<>q3{!-OMSOr zhwxKL=&#UuE)A|9ETtY}&C-XaCy5Bb0e-+wIdYu?ScT_KnsH&p%UgfxUl?E}TJe55 zFv^RUrwV%_C}SK7cNbw}*$?o>8{S&hCj+3X7oP6@1ArbD_V+D}$+{-Y`QzIMd-BbU zXSHFc6?}RB?eIx^1N$tMGhp+jB_3GfZTgUKTtD@09Z|Ef zT&?HQdBR=g2NA5ihn|DeXXE#Cef*QB)1b%bDyWf`p)_0fHw=*m8_tCBv=FTZo9wsi z$KV=K5Y@%0epjWn`7S-34g=071|F^!@D|ZKvo(Q>m`v3y50?IV|MG@Chu&F#SX_=Y zOt&7q7+ou7`QW@KwbzHm01*R0k(bFf7eCZ*tgmPeK8eOHKeehcGvQ&&aH(9Ys#u$0igcx8#6(Vu!iUgA@+=BeO$o5rY$`S`|-Ft7VkO z!7a4;VB&b5Ub-ZgET&@e(K&-^15osgEI9_qHGKC;7v6sAPfemQsO9NloqH-=aOzTU zyY1vTs1TIj17o4@T+m1gW{f_t)RIaXlUAs-q;j}`XFEGqygonh^l=p9%SVr3uQ){9 zRWe_*cN;c%jp*3~joFG=H;(eScq(8ay!XDnR%UD2 zhjEx8GctHXI>@#}p#jm&Ro7i&Gi~9*3vLRAI|p4qj>QNvAT6JX84L5!QOzzbEx`y> zQ}PXO@uEMXImEGJnIC#Ar?I?v&9YGjmMz| z>zaht77LvRiVrc2WnaG9fjLV;w zG0%LC2#)(nAW$EUOnwX`Ue$Ei7yW_($-vtEN=RaNc$LQ>1~b^`K99NhL9A)rT6}Gx zmnz`4&5s65oaxg7<046?R~eJ8G;fxs);V&bCPLHN(IL2)tkkM=Nt)ElY|j};2Axgq z{WogYYR1p@PuYsb!4JQSKa}lrfY=h2zRSn1f!+O9Oed>O4-y8=zat`|4l-69I(*0& zWUTGs+YlEHyu4m*j^-N?lS zMzpI%iNRQMPB#ECU!FRF!)ET`RPL(CCcE%q?b3uR#jK8^fi+FV8M$0YKMkFMh$7*H z4JAM7`Yd8xR@D;5V)WSI`a6aE>X&4)=(45;8hS;<#CixW%R?dc&Y81Pqf6%qx!grR z%P!-u5m6F(d3lp)h9Eef-o;xD3NbIPa}*vwe*7i4x?8b!_IZqd;mU(mU>w?5oqHw2 z`D$ry#QlWys{e5NZR@XmgG_ES%w^%G)L6C3eObjQ(*>;Ja29uHr?5jxL+_jwmA08DOx3dZPDObjg6+NV-ggY zCFZ9(;u|RJa`<`sE9F1(d@%%>t492cBW14x;0%<-kj$3Pq>-7KY59t*(>4NGb@YDy zGPn34v=qoy42A9CaYipI3!?mTq7r+Xe}+d!pei!s-Wvr!CzbKjR&3JG6R*<>qt>~=r*zet(O^;Lb@ zLfS^4so<>Hc@7oi21Z(;EvxlVcPy1PT$Fyoq{8hDOV-K#_r9_b*e`KSMU*i)_ZUWm z^Yg#&iO;CK26DG@Dv9oJ{XLP2jKWsjcc;UK@awU)F-YIXI(9Sk%@3u7*+Q@r9FVdNKB-Q|9M}!cDEs$@W-byT#0oXy0Fs9qo-X-bQP3H$^svb znrW-c!bM@wCOkkS30Nny6jJS{YlF1Lg@!UwAj12cufr z*7!RkYo(t*9^fF`a%FPPfRBzibftk<<^VVTZq3U5ZFB0hJ4Q!Hm$_$LFtLkMx3 zMmKQ9?)Vu033sdhE8|c8+D}O~x$&1h zdkR!o5dzP5i)gAKFAtqdK;@V0GH$#7_E{XSg)1p0Xz07ib!U=9mW7h#ubV8C~fI5pM8MKHg+Hr-R%wz|I9H0{ob&Lqad1(uYT zz9uwI7+7kvDUrZoYB8wnGnRHCpP4wRkAzjOLC({^5&B4tlnt#|$#4PC5c|l8E%Ds+ zI{i1$a|2u`^Zh<5yZ5V=`I#@}EBb`oG#$La0V2K?GAMEKH7)V+8_&jQd6A>>Rfoe} z%oWYd>p)XDIsU3AbD%j|nfcoN`uh4irKi|6s8fX{4B_qrqPg4x)Xw>_Z=CNJc>`W= zx|u73W{3$p%6wJtK5Hk7gs&~&!^_n6A^Gs8Sn1sTI+(vIw8Nf;6Uv`<7 zo}rWwsa!aKaL=#R#-{7hTO{hmHoHiCmVWp4?X3tIy|bV6?{&fZ8v?7%EG?xe%9V_J zk0JP{j0Ve{^u>FUlrX(Hdpk94Xh|{%r}QvG5SCV%IkAc6m8;!jM0qpzD>)~xA=&1m zsocaxL`eq<;8d7AR<=WQy5k$Vm(s zo67ByOwLhz?Rr=euEw@hS@{jd_WG7zNlzu;f^o!2_3NgS=C7wNPwB-eD1vV`M%&G2 zPcVT1na|vBXyusCzGNE>+mn>zrM73;lqiM>hOvGAl%=dI`c2{Ssh&zEVz%N%x8NqK zhj4GT4K(dJ3KvV-QF9`4%+h)9z5ZF;p|TJ6j#{3T4(ZM#;>Wp&o&f>1(~-u@h_1C; zv?QE)*}WfZ-!Ho$N0ryagp)e2WG^pt+w=~}P?_3S^VV&=|K6EAKZY~4Ys(`lfG@dr zC4D0QA%t(!N;>6}1?Dxzke^{|E8zRb{e$RN>=%B-Do*HfM+YVGQd8mpF*M8P4hA#U%LTGHsj+2%!T9kICG>Po+qZ>3A59 rI4?nWjKNSbMX(HU^0m&T4QjC!ZL_| Date: Tue, 31 Oct 2023 20:51:08 +0100 Subject: [PATCH 15/15] - addressed requested changes --- mxd/3.1_MXD_tutorial1_dataexchange.md | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/mxd/3.1_MXD_tutorial1_dataexchange.md b/mxd/3.1_MXD_tutorial1_dataexchange.md index 966cc0cd..f116ae61 100644 --- a/mxd/3.1_MXD_tutorial1_dataexchange.md +++ b/mxd/3.1_MXD_tutorial1_dataexchange.md @@ -74,7 +74,7 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ "odrl": "http://www.w3.org/ns/odrl/2/" }, "@type": "PolicyDefinitionRequestDto", - "@id": "3", + "@id": "31", "policy": { "@type": "Policy" } @@ -118,6 +118,26 @@ Contract definitions state how assets and policies are linked together. Contract Find additional information on transferring data in the [Developer's Handbook](https://github.com/eclipse-edc/docs/blob/main/developer/handbook.md). +Since an access policy has already been created, a contract policy must be created and linked in a contract definition. + +Action (BoB): Create the contract policy using the following `curl` command: + +```shell +curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: password' \ +--data-raw '{ + "[@context":](https://github.com/context":) { + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "[@type":](https://github.com/type":) "PolicyDefinitionRequestDto", + "[@id":](https://github.com/id":) "32", + "policy": { + "[@type":](https://github.com/type":) "Policy" + } +}' +``` + Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following `curl` command: ```shell @@ -128,8 +148,8 @@ curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ "@context": {}, "@id": "3", "@type": "ContractDefinition", - "accessPolicyId": "3", - "contractPolicyId": "3", + "accessPolicyId": "31", + "contractPolicyId": "32", "assetsSelector": { "@type": "CriterionDto", "operandLeft": "https://w3id.org/edc/v0.0.1/ns/id",