Unexpected response for POST policy-content - Purpose

jjeroch commented 6 months ago

Detected in version: 24.03.

Endpoint: POST /api/policy-hub/policy-content Request body

{
    "PolicyType": "Usage",
    "ConstraintOperand": "And",
    "Constraints": [
           {
            "Key": "purpose",
            "Operator": "Equals",
            "Value": "By accepting this policy you have to pay 1K BC"
        }

    ]
}

Current Behavior

{
    "PolicyType": "Usage",
    "ConstraintOperand": "And",
    "Constraints": [
           {
            "Key": "purpose",
            "Operator": "Equals",
            "Value": "By accepting this policy you have to pay 1K BC"
        }

    ]
}

Expected Behavior Error message with http status code 400 that value is not allowed. Only backend stored purposes are allowed; any other should run on an error

The implementation should include the following requirements:

When the tester provides an input value that is not supported for the specified purposes, the endpoint should generate an error.
The error message displayed to the user should ideally include a comprehensive list of all allowed values for the input. Please ensure that the implementation adheres to these guidelines.

NOTE - the new type ContractReference allows free text entries. Please make sure that you only fix the issue where it makes sense (purpose policy and likely also for frameworks)

AnuragNagpure commented 5 months ago

@jjeroch Need some clarification regarding to check the value which there is no configuration for it. Can you help us on this.

cc @Phil91

Phil91 commented 5 months ago

@AnuragNagpure here the open points as discussed in the call.

PolicyAttributes

remove - ID Trace 3.1 from policy_attributes

map attribute_values:

purpose.trace.v1.traceBattery purpose.trace.v1.aspects purpose.trace.v1.qualityanalysis

to polcy_id = 01a0fba3-9b6e-435a-b045-e0e890c300c2

Policies

remove the following policies including the linked data

01a0fba3-9b6e-435a-b045-e0e890c300b7 01a0fba3-9b6e-435a-b045-e0e890c300b8 01a0fba3-9b6e-435a-b045-e0e890c300b9

add a check to the post endpoint to validate the value of the request to be existing in the attributes_value table for the given policy

/cc @jjeroch

jjeroch commented 3 months ago

@AnuragNagpure I can not approve the development, still I can request the following:

{
    "PolicyType": "Usage",
    "ConstraintOperand": "And",
    "Constraints": [
           {
            "Key": "UsagePurpose",
            "Operator": "Equals",
            "Value": "By accepting this policy you have to pay 1K BC"
        }

    ]
}

and I receive a success message - this should not be allowed. The user can only request UsagePurposes which are configured in the DB - please recheck.

Only the following "values" should get a 200 success message:

"attribute": [
      {
        "key": "Static",
        "value": "cx.core.tractionbattery:1"
      },
      {
        "key": "Static",
        "value": "cx.core.industrycore:1"
      },
      {
        "key": "Static",
        "value": "cx.puris.base:1"
      },
      {
        "key": "Static",
        "value": "cx.dcm.base:1"
      },
      {
        "key": "Static",
        "value": "cx.quality.base:1"
      },
      {
        "key": "Static",
        "value": "cx.pcf.base:1"
      },
      {
        "key": "Static",
        "value": "cx.core.qualityNotifications:1"
      },
      {
        "key": "Static",
        "value": "cx.core.digitalTwinRegistry:1"
      },
      {
        "key": "Static",
        "value": "cx.behaviortwin.base:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.countryrisk:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.nps.download:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.nps.upload:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.swd.download:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.swd.upload:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.fpd.download:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.fpd.upload:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.bdv.download:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.bdv.upload:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.dataquality.download:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.vas.dataquality.upload:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.pool:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.gate.download:1"
      },
      {
        "key": "Static",
        "value": "cx.bpdm.gate.upload:1"
      },
      {
        "key": "Static",
        "value": "cx.circular.materialaccounting:1"
      },
      {
        "key": "Static",
        "value": "cx.circular.marketplace:1"
      },
      {
        "key": "Static",
        "value": "cx.circular.smc:1"
      },
      {
        "key": "Static",
        "value": "cx.circular.dpp:1"
      }
    ],

In detail: if the value for "UsagePurpose" does not match a value from the DB, an error is expected

jjeroch commented 3 months ago

test execution was done in INT: https://policy-hub.int.demo.catena-x.net/api/policy-hub/swagger/index.html Fix needed as part of the 2.1.0 release

evegufy commented 3 months ago

Just to clarify, the latest released version for the policy hub was the 1.0.0 version, depending on how extensive this fix will be, it might be released as part of the 1.1.0 version but probably it will be a 1.0.1 version.

eclipse-tractusx / policy-hub

Unexpected response for POST policy-content - Purpose #68