search

eclipse-tractusx / digital-product-pass

Eclipse Tractus-X Digital Product Pass - An application for visualizing Digital Product Passports, Battery Passports and Transmission Passports, it is the reference implementation of the EcoPass KIT
https://github.com/eclipse-tractusx/digital-product-pass
Apache License 2.0
22 stars 14 forks source link

Policy Check #325

Closed tanweersalah closed 2 months ago

tanweersalah commented 4 months ago

Current Behavior

I followed the postman collection present in the repo, to create the policies and assets , from postman i am able to complete all the steps and retrieve my DT data.

But when i am trying to integrate the back-end and test it, it is giving this error :

[[DtrSearchManager.searchEndpoint] There was no valid policy available for the digital twin registry found!] It was not possible find any valid digital twin registry!,

I can check there is policyCheck enabled option in config file, i tried to disable that but still it is checking for policy and giving this error. I am not sure what that policyCheck is for , may be you can guide me .

`policyCheck: enabled: false strictMode: false policies:

This is my catalog response from postman :

{ "@id": "19f536e8-ba98-4d0c-ac04-e40437e091d7", "@type": "dcat:Catalog", "dspace:participantId": "BPNL1234567890ZZ", "dcat:dataset": { "@id": "registry-asset", "@type": "dcat:Dataset", "odrl:hasPolicy": { "@id": "cmVnaXN0cnktY29udHJhY3QtZGVmaW5pdGlvbg==:cmVnaXN0cnktYXNzZXQ=:ODI0NWZjZmEtY2UwNS00NjM3LWIzNjUtNDQxNWZlMDIwOWEw", "@type": "odrl:Offer", "odrl:permission": { "odrl:action": { "odrl:type": "http://www.w3.org/ns/odrl/2/use" }, "odrl:constraint": { "odrl:and": [ { "odrl:leftOperand": "Membership", "odrl:operator": { "@id": "odrl:eq" }, "odrl:rightOperand": "active" }, { "odrl:leftOperand": "BusinessPartnerNumber", "odrl:operator": { "@id": "odrl:eq" }, "odrl:rightOperand": "BPNL4444444444XX" }, { "odrl:leftOperand": "cx-policy:UsagePurpose", "odrl:operator": { "@id": "odrl:eq" }, "odrl:rightOperand": "cx.core.digitalTwinRegistry:1" } ] } }, "odrl:prohibition": [], "odrl:obligation": [] }, "dcat:distribution": [ { "@type": "dcat:Distribution", "dct:format": { "@id": "HttpData-PULL" }, "dcat:accessService": { "@id": "08c6bda6-5e7b-43c0-9b5e-0619736f13d9", "@type": "dcat:DataService", "dcat:endpointDescription": "dspace:connector", "dcat:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp", "dct:terms": "dspace:connector", "dct:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp" } }, { "@type": "dcat:Distribution", "dct:format": { "@id": "HttpData-PUSH" }, "dcat:accessService": { "@id": "08c6bda6-5e7b-43c0-9b5e-0619736f13d9", "@type": "dcat:DataService", "dcat:endpointDescription": "dspace:connector", "dcat:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp", "dct:terms": "dspace:connector", "dct:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp" } } ], "version": "3.0", "type": { "@id": "DigitalTwinRegistry" }, "asset:prop:type": "data.core.digitalTwinRegistry", "id": "registry-asset" }, "dcat:service": { "@id": "08c6bda6-5e7b-43c0-9b5e-0619736f13d9", "@type": "dcat:DataService", "dcat:endpointDescription": "dspace:connector", "dcat:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp", "dct:terms": "dspace:connector", "dct:endpointUrl": "http://supplier-control-plane:9184/api/v1/dsp" }, "participantId": "BPNL1234567890ZZ", "@context": { "@vocab": "https://w3id.org/edc/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "tx-auth": "https://w3id.org/tractusx/auth/", "cx-policy": "https://w3id.org/catenax/policy/", "dcat": "http://www.w3.org/ns/dcat#", "dct": "http://purl.org/dc/terms/", "odrl": "http://www.w3.org/ns/odrl/2/", "dspace": "https://w3id.org/dspace/v0.8/" } }

Please let me know how i can skip the policy check or what policy i need to added to proceed.

Thanks

matbmoser commented 3 months ago

We can take a look at this for you, I think it is a bug, we will add it in the next release

matbmoser commented 2 months ago

Hi @tanweersalah,

We have took a look and tested from our side ;)

The problem

We have found out that you have chosen the incorrect configuration option in your values.yaml file. There are 2 options available for policy configuration. One of them is the following:

backend:
  digitalTwinRegistry:
    # -- policy configuration for the digital twin assets in the edc catalog
    policyCheck:
      # -- condition to enable and disable the policy check
      enabled: true
      # -- the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value
      strictMode: false
      # -- list of allowed policies that can be selected from the edc catalog in negotiations
      policies:
        - permission:
            - action: "USE"
              logicalConstraint: "odrl:and"
              constraints:
                - leftOperand: "cx-policy:Membership"
                  operator: "odrl:eq"
                  rightOperand: "active"
                - leftOperand: "cx-policy:UsagePurpose"
                  operator: "odrl:eq"
                  rightOperand: "cx.core.digitalTwinRegistry:1"
          prohibition: []
          obligation: []

Which configures the policy for the "digital twin registry", which is the "Asset" you are trying to retrieve with you EDC.

And this is the one you have disabled:

backend:
    passport:
      # -- configuration for policies to filter in the digital product pass asset negotiation
      policyCheck:
        # -- condition to enable and disable the policy check
        enabled: true
        # -- the strict mode is quicker (uses hashes) and requires less computation complexity, the default mode is comparing against every single object value
        strictMode: false
        # -- list of allowed policies that can be selected from the edc catalog in negotiations
        policies:
          - permission:
              - action: "USE"
                logicalConstraint: "odrl:and"
                constraints:
                  - leftOperand: "cx-policy:Membership"
                    operator: "odrl:eq"
                    rightOperand: "active"
                  - leftOperand: "cx-policy:FrameworkAgreement"
                    operator: "odrl:eq"
                    rightOperand: "CircularEconomy:1.0"
                  - leftOperand: "cx-policy:UsagePurpose"
                    operator: "odrl:eq"
                    rightOperand: "cx.circular.dpp:1"
            prohibition: []
            obligation: []

And this one I just mentioned is for the "passport" asset.

The Solution

For your to configure your policies correctly please make sure you configure and disable the property in the following path:

backend.digitalTwinRegistry.policyCheck.enabled to false

You have configured in backend.passport.policyCheck.enabled because of this it does not work to filter it.

If you disable both, it will not filter anything at all, it should skip it.

It is demonstrated here in this line of code: https://github.com/eclipse-tractusx/digital-product-pass/blob/c800893346aed8a848000101dd4a2b6acffcec89/dpp-backend/digitalproductpass/src/main/java/utils/PolicyUtil.java#L125-L127

This line of code is used for both of the configuration, so if the digital twin registry is being retrieved the configuration for the digital twin registry will be used, but if we are retrieving a passport it will use the configuration from the passport