Develop -> main (#18)

* adjust README and configs

* initial commit, asset creation working

* add db scripts

* added postgres service to piepline

* echo env variables

* added variables for daps

* set postgres envs

* removed echo check

* add example of identity check policy (#14)

* validation Endpoint is only one variable now

* adapted entries in config file

* added vault config

* remove fh-extension

* fixed edc_vault path default

* provided default

* added deb stateful set

* add some dependencies

* provided db access stuff

* update configuration to match local setup and edc version 0.4.1

* update comment

* change postres credentials

* updated config

* added portal db to pg admin

* Update Dockerfile for EDC Deployment

---------

Co-authored-by: asennes <alexandra.sennes@capgemini.com>
Co-authored-by: Andreas Neufeld <andreas.neufeld@capgemini.com>
Co-authored-by: Peter Melinat <peter.melinat@altow.de>
Co-authored-by: tsenkwong <67427208+tsenkwong@users.noreply.github.com>
Co-authored-by: anneufeldcap <144432245+anneufeldcap@users.noreply.github.com>

Author: 5 people

.github/workflows/continious_integration.yml

@@ -7,17 +7,28 @@ env:
   REGISTRY: ghcr.io
   REGISTRY_NAMESPACE: possible-x
   K8S_NAMESPACE: ${{ github.ref == 'refs/heads/main' && 'mvd-001-demo' || 'edc-dev' }}
+  POSTGRES_USER: postgres
+  POSTGRES_PASSWORD: postgres
+  POSTGRES_DB: postgres
 jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
-
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+        ports:
+          - 5432:5432
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:

README.md

@@ -6,14 +6,7 @@ This document explains how to run an EDC with the `POSSIBLE-X` and the `IONOS S3
 
 - java 17
 - gradle
-
-## Examples
-For experimenting with the running EDC, some Postman/Insomnia collections were added to this repo at `postman/`:
-
-- `POSSIBLE-X-IONOS-S3.postman_collection.json` is a Postman collection with examples for performing a transfer from and to an IONOS S3 Bucket
-- `POSSIBLE-X.Insomnia_IONOS-S3.json` is an Insomnia collection with examples for performing a transfer from and to an IONOS S3 Bucket
-- `POSSIBLE-X.postman_collection.json` is a Postman collection with examples for performing a transfer from and to an HTTP API
-- `Test.postman_environment.json` is a Postman environment file which sets up the collections to interact with the POSSIBLE EDCs running in the IONOS cloud
+- Postman/Insomnia (_optional_)
 
 ## Steps
 ### Checkout the repo
@@ -23,47 +16,68 @@ For experimenting with the running EDC, some Postman/Insomnia collections were a
 git clone  https://github.com/POSSIBLE-X/possible-x-edc-extension.git
 ```
 
+### Create git token
+- open the github settings for your personal access tokens: https://github.com/settings/tokens
+- generate a new token. select only the scope `read:packages` for it.
+
 ### Compiling
 
-- export your `GitHub` authentication data
+- export your `GitHub` authentication data. use the token created in the previous step.
 ```
 export USERNAME_GITHUB=<YOUR USERNAME> or <YOUR TOKEN NAME>
 export TOKEN_GITHUB=<YOUR TOKEN>
 ```
-- go to your the main folder and execute the following:
+- go to the main folder and execute the following:
 ```
 ./gradlew build
 ```
 
-### Edit config file
+### Edit config files
 
-- Open the `connector/resources/config.properties` file and edit the following fields:  
+- Open the `connector/resources/config.properties` file and edit the following fields. Take the values from the keepass DB in the `possible-x-infra` repo and insert them.  
 
 | Field name                      | Description                                                |
 |---------------------------------|------------------------------------------------------------|
-| `possible.catalog.jwt.token`    | Authorization token to access the Possible-X Catalog       |
-| `possible.catalog.endpoint`     | Endpoint of the Possible-X Catalog for the SD registration |
 | `possible.connector.edcVersion` | Version of the Connector                                   |
 | `edc.ionos.access.key`          | IONOS Access Key Id to access S3                           |
 | `edc.ionos.secret.key`          | IONOS Secret Access Key to access S3                       |
 | `edc.ionos.endpoint`            | IONOS S3 Endpoint                                          |
 | `edc.ionos.token`               | IONOS token to allow S3 provisioning                       |
 
-To know more the `IONOS S3 Extension` please check this [site](https://github.com/ionos-cloud/edc-ionos-s3).
+- Add these fields to the `provider-configuration.properties` and `consumer-configuration.properties` as well, before starting one dedicated consumer and one dedicated provider instance.
 
+To know more about the `IONOS S3 Extension` please check this [site](https://github.com/ionos-cloud/edc-ionos-s3).
 
 ### Running
 
-- Execute the following command:
+Either execute the following command, for starting one instance:
 ```
 java -Dedc.fs.config=connector/resources/config.properties  -jar connector/build/libs/connector.jar
 ```  
+Or execute the following commands, for starting one dedicated consumer and one dedicated provider instance:
+```
+java -Dedc.fs.config=connector/resources/provider-configuration.properties  -jar connector/build/libs/connector.jar
+```  
+```
+java -Dedc.fs.config=connector/resources/consumer-configuration.properties  -jar connector/build/libs/connector.jar
+```  
 
 ### Interacting
 
 - Please follow the documentation of the `documentation` repository (LINK TBD).
 
-### Continuous Integration
+## Examples
+For experimenting with the running EDC, some Postman/Insomnia collections were added to this repo at `postman/`:
+
+- `POSSIBLE-X-IONOS-S3.postman_collection.json` is a Postman collection with examples for performing a transfer from and to an IONOS S3 Bucket
+- `POSSIBLE-X.Insomnia_IONOS-S3.json` is an Insomnia collection with examples for performing a transfer from and to an IONOS S3 Bucket
+- `POSSIBLE-X.postman_collection.json` is a Postman collection with examples for performing a transfer from and to an HTTP API
+- `Test.postman_environment.json` is a Postman environment file which sets up the collections to interact with the POSSIBLE EDCs running in the IONOS cloud
+
+Import the collection into Postman/Insomnia. In the collection's settings, fill the Environment Variables with the path and port of your running EDC.
+Check the corresponding `[...]-configuration.properties` for the correct values.
+
+## Continuous Integration
 A Github Action Pipeline (Build and Deploy EDC) was implemented to build and deploy the Artifcats to the DEV environment
 
 The Pipeline Builds a docker container and deploys it to the IONOS Cloud PossibleX Kubernetes Cluster

connector/build.gradle.kts

@@ -43,49 +43,49 @@ val edcVersion: String by project
 
 
 dependencies {
-	implementation("${edcGroup}:boot:${edcVersion}")
-	implementation("${edcGroup}:connector-core:${edcVersion}")
 
+	implementation("${edcGroup}:boot:${edcVersion}")
+	implementation("${edcGroup}:control-plane-core:${edcVersion}")
+	implementation("${edcGroup}:control-plane-api:${edcVersion}")
+	implementation("${edcGroup}:control-plane-api-client:${edcVersion}")
 	implementation("${edcGroup}:api-observability:${edcVersion}")
 	implementation("${edcGroup}:configuration-filesystem:${edcVersion}")
 
-	implementation("${edcGroup}:iam-mock:${edcVersion}")
-	implementation("${edcGroup}:http:${edcVersion}")
-
-	implementation("${edcGroup}:control-plane-api-client:${edcVersion}")
-	implementation("${edcGroup}:control-plane-api:${edcVersion}")
-	implementation("${edcGroup}:control-plane-core:${edcVersion}")
-	//implementation("${edcGroup}:control-plane-transfer:${edcVersion}")
-	implementation("${edcGroup}:dsp:${edcVersion}")
 	implementation("${edcGroup}:auth-tokenbased:${edcVersion}")
-    implementation("${edcGroup}:management-api:${edcVersion}")
-	implementation("${edcGroup}:data-plane-http:${edcVersion}")
-	//implementation(project(":extension"))
+	implementation("${edcGroup}:management-api:${edcVersion}")
+
+	//implementation("${edcGroup}:iam-mock:${edcVersion}")
 
+	implementation("${edcGroup}:oauth2-service:${edcVersion}")
+	implementation("${edcGroup}:oauth2-daps:${edcVersion}")
+	implementation("${edcGroup}:vault-filesystem:${edcVersion}")
 
+	implementation("${edcGroup}:dsp:${edcVersion}")
+	//file-transfer
 	implementation("${edcGroup}:data-plane-core:${edcVersion}")
-	implementation("${edcGroup}:data-plane-api:${edcVersion}")
-	implementation("${edcGroup}:data-plane-http:${edcVersion}")
 	implementation("${edcGroup}:data-plane-client:${edcVersion}")
-	implementation("${edcGroup}:data-plane-selector-core:${edcVersion}")
 	implementation("${edcGroup}:data-plane-selector-client:${edcVersion}")
-	implementation("${edcGroup}:data-plane-selector-api:${edcVersion}")
-
-	implementation("${edcGroup}:data-plane-client:${edcVersion}")
-
+	implementation("${edcGroup}:data-plane-selector-core:${edcVersion}")
 	implementation("${edcGroup}:transfer-data-plane:${edcVersion}")
-	implementation("${edcGroup}:transfer-pull-http-dynamic-receiver:${edcVersion}")
-	implementation("${edcGroup}:validator-data-address-http-data:${edcVersion}")
-	//implementation("${edcGroup}:json-ld:${edcVersion}")
+	implementation("${edcGroup}:data-plane-http:${edcVersion}")
+	implementation("${edcGroup}:http:${edcVersion}")
 
-	//implementation("${edcGroup}:vault-hashicorp:${edcVersion}")
-	//implementation("${edcGroup}:asset-index-sql:${edcVersion}")
+	implementation(project(":policy-extension"))
 
 	//IONOS
 	implementation ("com.ionoscloud.edc:provision-ionos-s3:v2.2.0")
 	implementation ("com.ionoscloud.edc:data-plane-ionos-s3:v2.2.0")
 
-	//implementation("de.fraunhofer.iais.eis.ids.infomodel:java:${fraunhoferVersion}")
+  implementation("${edcGroup}:asset-index-sql:${edcVersion}")
+  implementation("${edcGroup}:contract-definition-store-sql:${edcVersion}")
+  implementation("${edcGroup}:contract-negotiation-store-sql:${edcVersion}")
+  implementation("${edcGroup}:policy-definition-store-sql:${edcVersion}")
+  implementation("${edcGroup}:policy-monitor-store-sql:${edcVersion}")
+  implementation("${edcGroup}:sql-lease:${edcVersion}")
+  implementation("${edcGroup}:sql-pool-apache-commons:${edcVersion}")
+  implementation("${edcGroup}:transaction-local:$edcVersion")
+  implementation("${edcGroup}:transaction-datasource-spi:$edcVersion")
+  implementation ("org.postgresql:postgresql:42.7.2")
 }
 
 repositories {

connector/resources/config.properties

@@ -13,13 +13,18 @@ web.http.public.path=/public
 web.http.data.port=8186
 web.http.data.path=/data
 edc.api.auth.key=password
-possible.catalog.jwt.token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib3BlcmF0b3IiXX19.lMkYKTViVNVPFH49ntdkruLe5EaWRUYt1YL-1Y7b0gc
-possible.catalog.endpoint=https://possible.fokus.fraunhofer.de/api/hub/repo/catalogues/test-provider/datasets/origin
 possible.connector.edcVersion=0.4.1
 
 edc.ionos.endpoint =https://s3-eu-central-2.ionoscloud.com
 ids.webhook.address=http://localhost:8282
 edc.vault.hashicorp.url=http://localhost:8200
 edc.vault.hashicorp.token=test-token
 edc.vault.hashicorp.timeout.seconds=30
-edc.dataplane.token.validation.endpoint=http://localhost:8184/control/token
+edc.dataplane.token.validation.endpoint=http://localhost:8184/control/token
+
+edc.datasource.default.url=jdbc:postgresql://consumer-edc-possible-x-edc-postgres.edc-dev
+edc.datasource.default.name=admin
+edc.datasource.default.password=ftGbHW.Qd4rYaiHVzEsj
+
+# this will be available in version >=v0.9.0 and allows to skip manual sql initialization
+#edc.sql.schema.autocreate=true

connector/resources/consumer-configuration.properties

@@ -1,5 +1,3 @@
-edc.participant.id=consumer
-edc.dsp.callback.address=http://localhost:29194/protocol
 web.http.port=29191
 web.http.path=/api
 web.http.management.port=29193
@@ -11,16 +9,32 @@ web.http.public.path=/public
 web.http.control.port=29192
 web.http.control.path=/control
 
-web.http.data.port=9196
-web.http.data.path=/data
+edc.dsp.callback.address=http://localhost:29194/protocol
+edc.participant.id=20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3:keyid:20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3
 edc.api.auth.key=password
-possible.catalog.jwt.token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib3BlcmF0b3IiXX19.lMkYKTViVNVPFH49ntdkruLe5EaWRUYt1YL-1Y7b0gc
-possible.catalog.endpoint=https://possible.fokus.fraunhofer.de/api/hub/repo/catalogues/test-provider/datasets/origin
-possible.connector.edcVersion=0.6.0
+edc.vault=/app/vault.properties
+edc.dataplane.token.validation.endpoint=http://localhost:4567/token
 
 
 edc.ionos.endpoint =https://s3-eu-central-2.ionoscloud.com
-ids.webhook.address=http://localhost:8282
-edc.vault.hashicorp.url=http://localhost:8200
-edc.vault.hashicorp.token=test-token
-edc.vault.hashicorp.timeout.seconds=30
+
+#edc.mock.client.id="1234"
+
+#edc.mock.region=us
+
+edc.oauth.token.url=http://localhost:4567/token
+edc.oauth.certificate.alias=1
+edc.oauth.private.key.alias=1
+edc.oauth.client.id=20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3:keyid:20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3
+edc.oauth.provider.jwks.url=http://localhost:4567/jwks.json
+edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL
+edc.iam.token.scope=idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
+edc.keystore=/home/possible/workspace/localdeployment/initial_data/edc/consumer.pfx
+edc.keystore.password=zw9Eie7ztAqpl0Rbd/GEatmvzEREXEzL
+
+edc.datasource.default.url=jdbc:postgresql://localhost:5432/edcconsumer
+edc.datasource.default.user=postgres
+edc.datasource.default.password=postgres
+
+# this will be available in version >=v0.9.0 and allows to skip manual sql initialization
+#edc.sql.schema.autocreate=true

connector/resources/provider-configuration.properties

@@ -1,5 +1,3 @@
-edc.participant.id=provider
-edc.dsp.callback.address=http://localhost:19194/protocol
 web.http.port=19191
 web.http.path=/api
 web.http.management.port=19193
@@ -10,17 +8,32 @@ web.http.public.port=19291
 web.http.public.path=/public
 web.http.control.port=19192
 web.http.control.path=/control
-edc.dataplane.api.public.baseurl=http://localhost:19291/public
 
-web.http.data.port=8186
-web.http.data.path=/data
+edc.dsp.callback.address=http://localhost:19194/protocol
+edc.participant.id=59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70:keyid:59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70
 edc.api.auth.key=password
-possible.catalog.jwt.token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib3BlcmF0b3IiXX19.lMkYKTViVNVPFH49ntdkruLe5EaWRUYt1YL-1Y7b0gc
-possible.catalog.endpoint=https://possible.fokus.fraunhofer.de/api/hub/repo/catalogues/test-provider/datasets/origin
-possible.connector.edcVersion=0.6.0
+edc.vault=/app/vault.properties
+edc.dataplane.token.validation.endpoint=http://localhost:4567/token
 
 edc.ionos.endpoint =https://s3-eu-central-2.ionoscloud.com
-ids.webhook.address=http://localhost:8282
-edc.vault.hashicorp.url=http://localhost:8200
-edc.vault.hashicorp.token=test-token
-edc.vault.hashicorp.timeout.seconds=30
+
+#edc.mock.client.id="5678"
+
+#edc.mock.region=eu
+
+edc.oauth.token.url=http://localhost:4567/token
+edc.oauth.certificate.alias=1
+edc.oauth.private.key.alias=1
+edc.oauth.client.id=59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70:keyid:59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70
+edc.oauth.provider.jwks.url=http://localhost:4567/jwks.json
+edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL
+edc.iam.token.scope=idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
+edc.keystore=/home/possible/workspace/localdeployment/initial_data/edc/provider.pfx
+edc.keystore.password=F4HKbkgAORZWwzWasY10RhsxHt99LaoE
+
+edc.datasource.default.url=jdbc:postgresql://localhost:5432/edcprovider
+edc.datasource.default.user=postgres
+edc.datasource.default.password=postgres
+
+# this will be available in version >=v0.9.0 and allows to skip manual sql initialization
+#edc.sql.schema.autocreate=true

deployment/helm/possible-x-edc/templates/configmap.yaml

@@ -29,4 +29,18 @@ data:
     edc.dsp.callback.address={{ .Values.edc.dsp.callback.address }}
     edc.receiver.http.endpoint={{ .Values.edc.receiver.http.endpoint }}/receiver/{{ .Values.edc.ids.id }}/callback
     edc.public.key.alias={{ .Values.edc.public.key.alias }}
-    edc.dataplane.token.validation.endpoint={{ .Values.edc.dataplane.token.validation.endpoint }}{{ .Values.web.http.control.path }}/token
+    edc.dataplane.token.validation.endpoint={{ .Values.edc.dataplane.token.validation.endpoint }}
+    edc.oauth.token.url={{ .Values.edc.oauth.token.url }}
+    edc.oauth.certificate.alias={{ .Values.edc.oauth.certificate.alias }}
+    edc.oauth.private.key.alias={{ .Values.edc.oauth.private.key.alias }}
+    edc.oauth.client.id={{ .Values.edc.oauth.client.id }}
+    edc.oauth.provider.jwks.url={{ .Values.edc.oauth.provider.jwks.url }}
+    edc.oauth.provider.audience={{ .Values.edc.oauth.provider.audience }}
+    edc.iam.token.scope={{ .Values.edc.iam.token.scope }}
+    edc.keystore={{ .Values.edc.keystore.path }}
+    edc.keystore.password={{ .Values.edc.keystore.password }}
+    edc.vault={{ .Values.edc.vault.path }}
+    edc.datasource.default.url=jdbc:postgresql://{{ .Values.edc.datasource.url }}
+    edc.datasource.default.name={{ .Values.edc.datasource.name }}
+    edc.datasource.default.user={{ .Values.edc.datasource.name }}
+    edc.datasource.default.password={{ .Values.edc.datasource.password }}

deployment/helm/possible-x-edc/templates/db_service.yaml

@@ -0,0 +1,13 @@
+
+{{- if .Values.persistence.db.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "possible-x-edc.fullname" . }}-postgres
+spec:
+  ports:
+  - port: 5432
+    name: postgres
+  selector:
+    app: {{ include "possible-x-edc.fullname" . }}-postgres
+{{- end }}