Skip to content

Commit

Permalink
fix compilation errors
Browse files Browse the repository at this point in the history
  • Loading branch information
ndr-brt committed Oct 28, 2024
1 parent 9cb54f6 commit 0d5ef96
Show file tree
Hide file tree
Showing 26 changed files with 90 additions and 49 deletions.
4 changes: 4 additions & 0 deletions advanced/advanced-01-open-telemetry/docker-compose.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,8 @@ services:
WEB_HTTP_MANAGEMENT_PATH: /management
WEB_HTTP_PROTOCOL_PORT: 29194
WEB_HTTP_PROTOCOL_PATH: /protocol
WEB_HTTP_VERSION_PORT: 29195
WEB_HTTP_VERSION_PATH: /version
EDC_CONTROL_ENDPOINT: http://consumer:29192/control
EDC_DSP_CALLBACK_ADDRESS: http://consumer:29194/protocol
EDC_PARTICIPANT_ID: consumer
Expand Down Expand Up @@ -65,6 +67,8 @@ services:
WEB_HTTP_MANAGEMENT_PATH: /management
WEB_HTTP_PROTOCOL_PORT: 19194
WEB_HTTP_PROTOCOL_PATH: /protocol
WEB_HTTP_VERSION_PORT: 19195
WEB_HTTP_VERSION_PATH: /version
EDC_CONTROL_ENDPOINT: http://provider:19192/control
EDC_DSP_CALLBACK_ADDRESS: http://provider:19194/protocol
EDC_PARTICIPANT_ID: provider
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ dependencies {

implementation(libs.edc.iam.mock)
implementation(libs.edc.management.api)
implementation(libs.edc.edr.store.core)
implementation(libs.edc.transfer.data.plane.signaling)
implementation(libs.edc.transfer.pull.http.receiver)

Expand Down
2 changes: 2 additions & 0 deletions gradle/libs.versions.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility"
edc-api-observability = { module = "org.eclipse.edc:api-observability", version.ref = "edc" }
edc-auth-tokenbased = { module = "org.eclipse.edc:auth-tokenbased", version.ref = "edc" }
edc-boot = { module = "org.eclipse.edc:boot", version.ref = "edc" }
edc-bom-controlplane-base = { module = "org.eclipse.edc:controlplane-base-bom", version.ref = "edc" }
edc-bom-dataplane-base = { module = "org.eclipse.edc:dataplane-base-bom", version.ref = "edc" }
edc-build-plugin = { module = "org.eclipse.edc.edc-build:org.eclipse.edc.edc-build.gradle.plugin", version.ref = "edc" }
edc-configuration-filesystem = { module = "org.eclipse.edc:configuration-filesystem", version.ref = "edc" }
edc-connector-core = { module = "org.eclipse.edc:connector-core", version.ref = "edc" }
Expand Down
35 changes: 18 additions & 17 deletions policy/policy-01-policy-enforcement/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,25 +37,25 @@ When creating a rule binding, we can bind an action type or constraint to either
Here, we bind the action type `use` to all scopes, so that rules with this action type are always evaluated. For the
location constraint we choose the negotiation scope, meaning it will only be evaluated during the contract negotiation.
Information on available scopes can be found
[here](https://github.com/eclipse-edc/Connector/blob/main/docs/developer/policy-engine.md).
[here](https://eclipse-edc.github.io/documentation/for-adopters/control-plane/policy-engine/).

### Implementing the function for evaluation

With the rule bindings in place, the provider will now try to evaluate our policy including the constraint during a
contract negotiation, but it does not yet know *how* to evaluate this constraint. For this, we need to implement a
function, for which the EDC offer two interfaces: `AtomicConstraintFunction` and `RuleFunction`. The former is meant
for evaluating a single constraint of a rule, while is latter is meant for evaluating a complete rule node (including
constraints as well as duties that may be associated with a permission). For our example, we choose to implement an
`AtomicConstraintFunction`, as we want to evaluate our location constraint:
function, for which the EDC offer two interfaces: `AtomicConstraintRuleFunction` and `PolicyRuleFunction`. The former is
meant for evaluating a single constraint of a rule, while is latter is meant for evaluating a complete rule node
(including constraints as well as duties that may be associated with a permission). For our example, we choose to
implement an `AtomicConstraintRuleFunction`, as we want to evaluate our location constraint:

```java
public class LocationConstraintFunction implements AtomicConstraintFunction<Permission> {
public class LocationConstraintFunction implements AtomicConstraintRuleFunction<Permission, ContractNegotiationPolicyContext> {

//...

@Override
public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext context) {
var region = context.getContextData(ParticipantAgent.class).getClaims().get("region");
public boolean evaluate(Operator operator, Object rightValue, Permission rule, ContractNegotiationPolicyContext context) {
var region = context.participantAgent().getClaims().get("region");

monitor.info(format("Evaluating constraint: location %s %s", operator, rightValue.toString()));

Expand All @@ -70,12 +70,13 @@ public class LocationConstraintFunction implements AtomicConstraintFunction<Perm
```

When implementing either of the function interfaces, we have to override the `evaluate` method. For the
`AtomicConstraintFunction` we get the constraint's operator and right value as well as the containing rule node and
a `PolicyContext` as parameters. Using these, we have to determine whether the constraint is fulfilled. Since we want
to check the requesting participant's location, we need to access information about the participant. This is supplied
through the `PolicyContext`. We get the participant's claim with key *region* to obtain information about the
participant's location. We can then compare the location to the expected value depending on the operator used. The
function should return true, if the constraint is fulfilled, and false otherwise.
`AtomicConstraintRuleFunction` we get the constraint's operator and right value as well as the containing rule node and
an extension of `PolicyContext` as parameters, determined by the policy scope on which the function the function will be
registered (keep in mind that policy scopes and contexts are strictly bound to each other). Using these, we have to
determine whether the constraint is fulfilled. Since we want to check the requesting participant's location, we need to
access information about the participant. This is supplied through the context. We get the participant's claim with key
*region* to obtain information about the participant's location. We can then compare the location to the expected value
depending on the operator used. The function should return true, if the constraint is fulfilled, and false otherwise.

**Note**: we can use the *region* claim here because our connectors use the `iam-mock` extension, which always adds
a claim with this exact name to all tokens. Depending on the identity provider used, different claims may be present,
Expand All @@ -87,14 +88,14 @@ After creating our function for evaluation, the last thing we need to do is regi
`PolicyEngine`, so that it is available for evaluation:

```java
policyEngine.registerFunction(NEGOTIATION_SCOPE, Permission.class, LOCATION_CONSTRAINT_KEY, new LocationConstraintFunction(monitor));
policyEngine.registerFunction(ContractNegotiationPolicyContext.class, Permission.class, LOCATION_CONSTRAINT_KEY, new LocationConstraintFunction(monitor));
```

When registering the function, we again have to specify a scope. This allows for evaluating the same rule or
When registering the function, we again have to specify a context class. This allows for evaluating the same rule or
constraint differently in different runtime contexts. Since we bound our constraint to the negotiation scope, we also
register our function for that scope. Next, we need to specify the type of rule our function should be used for. This
is important, as the same constraint may have different implications as part of a permission, prohibition or duty.
When registering an `AtomicConstraintFunction`, we also have to specify a key that the function is associated with.
When registering an `AtomicConstraintRuleFunction`, we also have to specify a key that the function is associated with.
This has to resolve to exactly the constraint's left operand, so that the correct function for evaluation of a
constraint can be chosen depending on its left operand. So we set the key to the same value we used as our constraint's
left operand. And lastly, we hand over an instance of our function.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ plugins {
dependencies {
implementation(libs.edc.connector.core)
implementation(libs.edc.control.plane.core)
implementation(libs.edc.edr.store.core)
implementation(libs.edc.configuration.filesystem)
implementation(libs.edc.management.api)
implementation(libs.edc.dsp)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,9 @@ web.http.path=/api
web.http.management.port=29193
web.http.management.path=/management
web.http.protocol.port=29194
web.http.protocol.path=/protocol
web.http.protocol.path=/protocol\
web.http.version.port=29195
web.http.version.path=/version

edc.api.auth.key=password
edc.dsp.callback.address=http://localhost:29194/protocol
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ plugins {
dependencies {
implementation(libs.edc.connector.core)
implementation(libs.edc.control.plane.core)
implementation(libs.edc.edr.store.core)
implementation(libs.edc.configuration.filesystem)
implementation(libs.edc.management.api)
implementation(libs.edc.dsp)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ web.http.management.port=19193
web.http.management.path=/management
web.http.protocol.port=19194
web.http.protocol.path=/protocol
web.http.version.port=19195
web.http.version.path=/version

edc.api.auth.key=password
edc.dsp.callback.address=http://localhost:19194/protocol
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,19 +14,18 @@

package org.eclipse.edc.sample.extension.policy;

import org.eclipse.edc.policy.engine.spi.AtomicConstraintFunction;
import org.eclipse.edc.policy.engine.spi.PolicyContext;
import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext;
import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction;
import org.eclipse.edc.policy.model.Operator;
import org.eclipse.edc.policy.model.Permission;
import org.eclipse.edc.spi.agent.ParticipantAgent;
import org.eclipse.edc.spi.monitor.Monitor;

import java.util.Collection;
import java.util.Objects;

import static java.lang.String.format;

public class LocationConstraintFunction implements AtomicConstraintFunction<Permission> {
public class LocationConstraintFunction implements AtomicConstraintRuleFunction<Permission, ContractNegotiationPolicyContext> {

private final Monitor monitor;

Expand All @@ -35,8 +34,8 @@ public LocationConstraintFunction(Monitor monitor) {
}

@Override
public boolean evaluate(Operator operator, Object rightValue, Permission rule, PolicyContext context) {
var region = context.getContextData(ParticipantAgent.class).getClaims().get("region");
public boolean evaluate(Operator operator, Object rightValue, Permission rule, ContractNegotiationPolicyContext context) {
var region = context.participantAgent().getClaims().get("region");

monitor.info(format("Evaluating constraint: location %s %s", operator, rightValue.toString()));

Expand All @@ -47,4 +46,4 @@ public boolean evaluate(Operator operator, Object rightValue, Permission rule, P
default -> false;
};
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -14,14 +14,15 @@

package org.eclipse.edc.sample.extension.policy;

import org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext;
import org.eclipse.edc.policy.engine.spi.PolicyEngine;
import org.eclipse.edc.policy.engine.spi.RuleBindingRegistry;
import org.eclipse.edc.policy.model.Permission;
import org.eclipse.edc.runtime.metamodel.annotation.Inject;
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;

import static org.eclipse.edc.connector.controlplane.contract.spi.validation.ContractValidationService.NEGOTIATION_SCOPE;
import static org.eclipse.edc.connector.controlplane.contract.spi.policy.ContractNegotiationPolicyContext.NEGOTIATION_SCOPE;
import static org.eclipse.edc.jsonld.spi.PropertyAndTypeNames.ODRL_USE_ACTION_ATTRIBUTE;
import static org.eclipse.edc.policy.engine.spi.PolicyEngine.ALL_SCOPES;
import static org.eclipse.edc.spi.constants.CoreConstants.EDC_NAMESPACE;
Expand All @@ -45,6 +46,6 @@ public void initialize(ServiceExtensionContext context) {

ruleBindingRegistry.bind(ODRL_USE_ACTION_ATTRIBUTE, ALL_SCOPES);
ruleBindingRegistry.bind(LOCATION_CONSTRAINT_KEY, NEGOTIATION_SCOPE);
policyEngine.registerFunction(ALL_SCOPES, Permission.class, LOCATION_CONSTRAINT_KEY, new LocationConstraintFunction(monitor));
policyEngine.registerFunction(ContractNegotiationPolicyContext.class, Permission.class, LOCATION_CONSTRAINT_KEY, new LocationConstraintFunction(monitor));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import java.nio.charset.StandardCharsets;
import java.util.Map;

import static java.util.Map.entry;
import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Fail.fail;
import static org.eclipse.edc.samples.common.FileTransferCloudCommon.runNegotiation;
Expand Down Expand Up @@ -116,28 +117,30 @@ EDC_FS_CONFIG, getFileFromRelativePath(CLOUD_CONSUMER_CONFIG_PROPERTIES_FILE_PAT
protected static RuntimeExtension provider = new RuntimePerClassExtension(new EmbeddedRuntime(
PROVIDER,
Map.ofEntries(
Map.entry("edc.participant.id", "provider"),
Map.entry("edc.dsp.callback.address", "http://localhost:19194/protocol"),
Map.entry("web.http.port", "19191"),
Map.entry("web.http.path", "/api"),
Map.entry("web.http.management.port", "19193"),
Map.entry("web.http.management.path", "/management"),
Map.entry("web.http.protocol.port", "19194"),
Map.entry("web.http.protocol.path", "/protocol"),
Map.entry("edc.api.auth.key", "password"),
Map.entry("edc.transfer.proxy.token.signer.privatekey.alias", "private-key"),
Map.entry("edc.transfer.proxy.token.verifier.publickey.alias", "public-key"),
Map.entry("web.http.public.port", "19291"),
Map.entry("web.http.public.path", "/public"),
Map.entry("web.http.control.port", "19192"),
Map.entry("web.http.control.path", "/control"),
Map.entry("edc.vault.hashicorp.url", "http://127.0.0.1:" + getVaultPort()),
Map.entry("edc.vault.hashicorp.token", "<root-token>"),
Map.entry("edc.vault.hashicorp.api.secret.path", "/v1/secret"),
Map.entry("edc.vault.hashicorp.health.check.enabled", "false"),
Map.entry("edc.blobstore.endpoint.template", "http://127.0.0.1:" + getAzuritePort() + "/%s"),
Map.entry("edc.aws.access.key", "accessKeyId"),
Map.entry("edc.aws.secret.access.key", "secretAccessKey")
entry("edc.participant.id", "provider"),
entry("edc.dsp.callback.address", "http://localhost:19194/protocol"),
entry("web.http.port", "19191"),
entry("web.http.path", "/api"),
entry("web.http.management.port", "19193"),
entry("web.http.management.path", "/management"),
entry("web.http.protocol.port", "19194"),
entry("web.http.protocol.path", "/protocol"),
entry("web.http.version.port", "19195"),
entry("web.http.version.path", "/version"),
entry("edc.api.auth.key", "password"),
entry("edc.transfer.proxy.token.signer.privatekey.alias", "private-key"),
entry("edc.transfer.proxy.token.verifier.publickey.alias", "public-key"),
entry("web.http.public.port", "19291"),
entry("web.http.public.path", "/public"),
entry("web.http.control.port", "19192"),
entry("web.http.control.path", "/control"),
entry("edc.vault.hashicorp.url", "http://127.0.0.1:" + getVaultPort()),
entry("edc.vault.hashicorp.token", "<root-token>"),
entry("edc.vault.hashicorp.api.secret.path", "/v1/secret"),
entry("edc.vault.hashicorp.health.check.enabled", "false"),
entry("edc.blobstore.endpoint.template", "http://127.0.0.1:" + getAzuritePort() + "/%s"),
entry("edc.aws.access.key", "accessKeyId"),
entry("edc.aws.secret.access.key", "secretAccessKey")
),
PROVIDER_MODULE_PATH
));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,10 @@ public String createAsset(String requestBody) {
.contentType(JSON)
.body(requestBody)
.when()
.header("x-api-key", "bau")
.post("/v3/assets")
.then()
.log().ifValidationFails()
.statusCode(200)
.contentType(JSON)
.extract().jsonPath().getString(ID);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ dependencies {
implementation(libs.edc.configuration.filesystem)
implementation(libs.edc.iam.mock)
implementation(libs.edc.management.api)
implementation(libs.edc.edr.store.core)
implementation(libs.edc.dsp)
implementation(libs.edc.http)
implementation(libs.edc.data.plane.selector.api)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ web.http.protocol.port=28182
web.http.protocol.path=/protocol
web.http.control.port=28183
web.http.control.path=/control
web.http.version.port=28184
web.http.version.path=/version
edc.dsp.callback.address=http://localhost:28182/protocol
edc.participant.id=consumer
edc.ids.id=urn:connector:consumer
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ web.http.protocol.port=18182
web.http.protocol.path=/protocol
web.http.control.port=18183
web.http.control.path=/control
web.http.version.port=18184
web.http.version.path=/version
edc.dsp.callback.address=http://localhost:18182/protocol
edc.participant.id=provider
edc.ids.id=urn:connector:provider
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ dependencies {
implementation(libs.edc.configuration.filesystem)
implementation(libs.edc.iam.mock)
implementation(libs.edc.management.api)
implementation(libs.edc.edr.store.core)
implementation(libs.edc.dsp)
implementation(libs.edc.http)
implementation(libs.edc.data.plane.selector.api)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ web.http.protocol.port=28182
web.http.protocol.path=/protocol
web.http.control.port=28183
web.http.control.path=/control
web.http.version.port=28184
web.http.version.path=/version
edc.dsp.callback.address=http://localhost:28182/protocol
edc.participant.id=consumer
edc.ids.id=urn:connector:consumer
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ web.http.protocol.port=18182
web.http.protocol.path=/protocol
web.http.control.port=18183
web.http.control.path=/control
web.http.version.port=18184
web.http.version.path=/version
edc.dsp.callback.address=http://localhost:18182/protocol
edc.participant.id=provider
edc.ids.id=urn:connector:provider
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ dependencies {
implementation(libs.edc.management.api)
implementation(libs.edc.dsp)
implementation(libs.edc.http)
implementation(libs.edc.edr.store.core)
implementation(libs.edc.data.plane.selector.api)
implementation(libs.edc.transfer.data.plane.signaling)
implementation(libs.edc.transfer.pull.http.dynamic.receiver)
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ web.http.protocol.port=28182
web.http.protocol.path=/protocol
web.http.control.port=28183
web.http.control.path=/control
web.http.version.port=28184
web.http.version.path=/version
edc.dsp.callback.address=http://localhost:28182/protocol
edc.participant.id=consumer
edc.receiver.http.dynamic.endpoint=http://localhost:4000/receiver
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ web.http.protocol.port=18182
web.http.protocol.path=/protocol
web.http.control.port=18183
web.http.control.path=/control
web.http.version.port=18184
web.http.version.path=/version
edc.dsp.callback.address=http://localhost:18182/protocol
edc.participant.id=provider
edc.ids.id=urn:connector:provider
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,5 @@ web.http.public.port=29291
web.http.public.path=/public
web.http.control.port=29192
web.http.control.path=/control
web.http.version.port=29195
web.http.version.path=/version
Loading

0 comments on commit 0d5ef96

Please sign in to comment.