From 4afba239d7c7747f5b118f83cfaf3f473d32f8de Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Mon, 13 May 2024 21:12:30 +0200 Subject: [PATCH 01/41] adapt provide data section adapt the new curl commands match them to the new umbrella infrastructure --- docs/tutorials/e2e/boost/provideData.md | 345 ++++++++++++++++++++++-- 1 file changed, 320 insertions(+), 25 deletions(-) diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index 7a8a7bf1a30..61a1da0e6f8 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -5,25 +5,32 @@ sidebar_position: 2 ## Create first data asset -In this step we will focus on inserting data into our provider connector (Alice) using +In this step we will focus on inserting data into our provider connector using the [Management API](https://app.swaggerhub.com/apis/eclipse-edc-bot/management-api). We will use plain CLI tools (`curl`) for this, but feel free to use graphical tools such as Postman or Insomnia. +:::note + +Alice acts here as a data consumer and Bob as a data provider. + +- Bob -> +- Alice -> <> + +::: + Alice, as a data consumer, wants to consume data from Bob. Bob, as a data provider, needs to create an asset for Alice. Action (Bob): Create this asset using the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/assets' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": {}, - "asset": { - "@type": "Asset", - "@id": "3", - "properties": { - "description": "Product EDC Demo Asset 3" - } + "@type": "Asset", + "@id": "3", + "properties": { + "description": "Product EDC Demo Asset 3" }, "dataAddress": { "@type": "DataAddress", @@ -33,6 +40,91 @@ curl --location 'http://localhost/bob/management/v2/assets' \ }' | jq ``` +Just to be sure, that the asset was created succesfully, Bob can check the asset using the following `curl` command: + +```shell +curl -X POST http://dataprovider-controlplane.tx.test/management/v2/assets/request -H "x-api-key: TEST2" -H "content-type: application/json" | jq +``` + +The result shows the already existing assets and the newly created asset. + +```json +[ + { + "@id": "registry-asset", + "@type": "edc:Asset", + "edc:properties": { + "edc:type": "data.core.digitalTwinRegistry", + "edc:description": "Digital Twin Registry Endpoint of IRS DEV", + "edc:id": "registry-asset" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:proxyPath": "true", + "edc:type": "HttpData", + "edc:proxyMethod": "true", + "edc:proxyQueryParams": "true", + "edc:proxyBody": "true", + "edc:baseUrl": "http://umbrella-dataprovider-dtr:8080/api/v3.0" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } + }, + { + "@id": "urn:uuid:dc641d45-95e7-4284-a472-43f30255d0cb", + "@type": "edc:Asset", + "edc:properties": { + "edc:description": "IRS EDC Test Asset", + "edc:id": "urn:uuid:dc641d45-95e7-4284-a472-43f30255d0cb" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:proxyPath": "true", + "edc:type": "HttpData", + "edc:proxyMethod": "false", + "edc:proxyQueryParams": "false", + "edc:proxyBody": "false", + "edc:baseUrl": "http://umbrella-dataprovider-submodelserver:8080" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } + }, + { + "@id": "3", + "@type": "edc:Asset", + "edc:properties": { + "edc:description": "Product EDC Demo Asset 3", + "edc:id": "3" + }, + "edc:dataAddress": { + "@type": "edc:DataAddress", + "edc:type": "HttpData", + "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos/3" + }, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } + } +] +``` + ## Request catalog Bob tells Alice, that he created an asset, and she should now be able to request it. In the next step, Alice requests a contract offer catalog. In the catalog, all contract offers for Alice are listed. @@ -40,13 +132,13 @@ Bob tells Alice, that he created an asset, and she should now be able to request Action (Alice): Execute a request using the following `curl` commands: ```shell -curl --location 'http://localhost/alice/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": {}, "protocol": "dataspace-protocol-http", - "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "counterPartyAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "querySpec": { "offset": 0, "limit": 100 @@ -54,20 +146,137 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ }' | jq ``` +The requested catalog looks like this: + +```json +{ + "@id": "be17c3e7-3156-46db-8934-f1ea92d1f2a3", + "@type": "dcat:Catalog", + "dcat:dataset": [ + { + "@id": "registry-asset", + "@type": "dcat:Dataset", + "odrl:hasPolicy": { + "@id": "MTcxODBlMTAtNmFjNS00NTYzLWE2MTUtNGM1MjQ5ZTUxMTU5:cmVnaXN0cnktYXNzZXQ=:NzE0ODk2YjMtY2VlYy00NmY5LWE5ZTgtY2NiMWI1NGUzOTgy", + "@type": "odrl:Set", + "odrl:permission": { + "odrl:target": "registry-asset", + "odrl:action": { + "odrl:type": "USE" + }, + "odrl:constraint": { + "odrl:or": { + "odrl:leftOperand": "PURPOSE", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "ID 3.0 Trace" + } + } + }, + "odrl:prohibition": [], + "odrl:obligation": [], + "odrl:target": "registry-asset" + }, + "dcat:distribution": [ + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "HttpProxy" + }, + "dcat:accessService": "49a693e0-835d-457a-99b4-e781f2bd643d" + }, + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "AmazonS3" + }, + "dcat:accessService": "49a693e0-835d-457a-99b4-e781f2bd643d" + } + ], + "edc:type": "data.core.digitalTwinRegistry", + "edc:description": "Digital Twin Registry Endpoint of IRS DEV", + "edc:id": "registry-asset" + }, + { + "@id": "urn:uuid:dc641d45-95e7-4284-a472-43f30255d0cb", + "@type": "dcat:Dataset", + "odrl:hasPolicy": { + "@id": "MTIzYjJlM2QtNTUxOC00ZWViLWFmMGItNTU5ZTYxZGY3Zjhk:dXJuOnV1aWQ6ZGM2NDFkNDUtOTVlNy00Mjg0LWE0NzItNDNmMzAyNTVkMGNi:YzBhOGFhOTQtNzg4OS00Y2MxLTkzNmMtMWYwMTNkODc3Nzk4", + "@type": "odrl:Set", + "odrl:permission": { + "odrl:target": "urn:uuid:dc641d45-95e7-4284-a472-43f30255d0cb", + "odrl:action": { + "odrl:type": "USE" + }, + "odrl:constraint": { + "odrl:or": { + "odrl:leftOperand": "PURPOSE", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "ID 3.0 Trace" + } + } + }, + "odrl:prohibition": [], + "odrl:obligation": [], + "odrl:target": "urn:uuid:dc641d45-95e7-4284-a472-43f30255d0cb" + }, + "dcat:distribution": [ + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "HttpProxy" + }, + "dcat:accessService": "49a693e0-835d-457a-99b4-e781f2bd643d" + }, + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "AmazonS3" + }, + "dcat:accessService": "49a693e0-835d-457a-99b4-e781f2bd643d" + } + ], + "edc:description": "IRS EDC Test Asset", + "edc:id": "urn:uuid:dc641d45-95e7-4284-a472-43f30255d0cb" + } + ], + "dcat:service": { + "@id": "49a693e0-835d-457a-99b4-e781f2bd643d", + "@type": "dcat:DataService", + "dct:terms": "connector", + "dct:endpointUrl": "http://dataprovider-controlplane.tx.test/api/v1/dsp" + }, + "edc:participantId": "BPNL00000003AYRE", + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} +``` + ## Create first access policy Let´s see if Alice can see the Asset (ID: 3). +:::info As you can see in the response, the data offer "Product EDC Demo Asset 3" (asset ID: 3) does not appear. Unfortunately, Alice sees some contract offers but she cannot find the contract offer from Bob. +::: Alice calls Bob and says she can´t see the asset. Bob remembers that he did not create an access policy. An access policy defines who is allowed to see a data offering. Action (Bob): Create the access policy using the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" @@ -80,6 +289,24 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ }' | jq ``` +The polica was successfully created, if the response is something like this + +```json +{ + "@type": "edc:IdResponse", + "@id": "3-1", + "edc:createdAt": 1715627034106, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} +``` + ## Request catalog - second try Now that Bob created an access policy, Alice can once again try to access Bob's asset. @@ -87,13 +314,13 @@ Now that Bob created an access policy, Alice can once again try to access Bob's Action (Alice): Execute the request again using the following `curl` command: ```shell -curl --location 'http://localhost/alice/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": {}, "protocol": "dataspace-protocol-http", - "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "counterPartyAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "querySpec": { "offset": 0, "limit": 100 @@ -125,9 +352,9 @@ Since an access policy has already been created, a contract policy must be creat Action (BoB): Create the contract policy using the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" @@ -140,12 +367,30 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ }' | jq ``` +And again the policy was successfully created + +```json +{ + "@type": "edc:IdResponse", + "@id": "3-2", + "edc:createdAt": 1715627218849, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} +``` + Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/contractdefinitions' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": {}, "@id": "3", @@ -161,6 +406,24 @@ curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ }' | jq ``` +As a check, the result should look like this: + +```json +{ + "@type": "edc:IdResponse", + "@id": "3", + "edc:createdAt": 1715627302307, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} +``` + ## Request catalog - third try Let´s see if Alice can finally see the Asset. @@ -181,11 +444,43 @@ curl --location 'http://localhost/alice/management/v2/catalog/request' \ }' | jq ``` -:::info - -Finally Alice can see the Contract Offer from Bob. -Congratulations on yor first successful offering of data in your own data space! +In the response an additional entry should appear: + +```json +{ + "@id": "3", + "@type": "dcat:Dataset", + "odrl:hasPolicy": { + "@id": "Mw==:Mw==:ZDA5YzE2ZWYtMzkyZC00ODExLWE5NjEtN2U4ZjRhMTU3ZGRh", + "@type": "odrl:Set", + "odrl:permission": [], + "odrl:prohibition": [], + "odrl:obligation": [], + "odrl:target": "3" + }, + "dcat:distribution": [ + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "HttpProxy" + }, + "dcat:accessService": "49a693e0-835d-457a-99b4-e781f2bd643d" + }, + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "AmazonS3" + }, + "dcat:accessService": "49a693e0-835d-457a-99b4-e781f2bd643d" + } + ], + "edc:description": "Product EDC Demo Asset 3", + "edc:id": "3" + } +``` +:::info +Finally Alice can see the Contract Offer from Bob. Congratulations on yor first successful offering of data in your own data space! ::: ## Notice From 09db4437954428a5e1a1b32b48c40637513c539b Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Tue, 14 May 2024 08:45:51 +0200 Subject: [PATCH 02/41] exchange on curl command --- docs/tutorials/e2e/boost/provideData.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index 61a1da0e6f8..b335f22bd1a 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -430,13 +430,13 @@ Let´s see if Alice can finally see the Asset. Action (Alice): Execute the request again using the following `curl` command: ```shell -curl --location 'http://localhost/alice/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": {}, "protocol": "dataspace-protocol-http", - "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "counterPartyAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "querySpec": { "offset": 0, "limit": 100 From fd7dd08422f6d443abfccae36f7b664e6305fe09 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Tue, 14 May 2024 09:08:39 +0200 Subject: [PATCH 03/41] adapt the consumeData to fit the new structure --- docs/tutorials/e2e/boost/consumeData.md | 134 +++++++++++++++++------- 1 file changed, 99 insertions(+), 35 deletions(-) diff --git a/docs/tutorials/e2e/boost/consumeData.md b/docs/tutorials/e2e/boost/consumeData.md index 0c6922eb8ad..51be71800e5 100644 --- a/docs/tutorials/e2e/boost/consumeData.md +++ b/docs/tutorials/e2e/boost/consumeData.md @@ -14,13 +14,13 @@ To see Bob's data offerings, Alice must request access to his catalog. The catal So Alice requests Bob's catalog using the following `curl` commands: ```shell -curl --location 'http://localhost/alice/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": {}, "protocol": "dataspace-protocol-http", - "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "counterPartyAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "querySpec": { "offset": 0, "limit": 100 @@ -34,22 +34,26 @@ Alice finds the Asset with the ID 3 and the description "Product EDC Demo Asset ## Negotiate a contract +:::info +Dont forget to change the `offerId`with the one you received in the previous step in your catalog request. +::: + But before she can transfer the data, she must negotiate the contract with Bob. To do this, she uses the following `curl` command: ```shell -curl --location 'http://localhost/alice/management/v2/contractnegotiations' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contractnegotiations' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, "@type": "NegotiationInitiateRequestDto", - "connectorAddress": "http://bob-controlplane:8084/api/v1/dsp", + "connectorAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "protocol": "dataspace-protocol-http", - "providerId": "BPNL000000000002", + "providerId": "BPNL00000003AYRE", "offer": { - "offerId": "Mw==:Mw==:ODRkYjJhZjQtZjMxOC00ZjgyLThjMjktODQwZThjYjBjNjVl", + "offerId": "Mw==:Mw==:NTYzYWRkYTItNmEzMy00YTNhLWFmOTQtYjVjOWM0ZDMyODA1", "assetId": "3", "policy": { "@type": "odrl:Set", @@ -62,15 +66,39 @@ curl --location 'http://localhost/alice/management/v2/contractnegotiations' \ }' | jq ``` -In the response, Alice gets a UUID. This is the ID of the created contract negotiation. Alice can now use this ID to see the current status of the negotiation and - if the negotiation was successful - the ID of the created contract agreement. +The response should look like this: + +```json +{ + "@type": "edc:IdResponse", + "@id": "65356596-dd7c-4ad4-8fc6-8512be6f0ec2", + "edc:createdAt": 1715669329095, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} +``` + +In the response, Alice gets a UUID (attribute is `@id`). This is the ID of the created contract negotiation. Alice can now use this ID to see the current status of the negotiation and - if the negotiation was successful - the ID of the created contract agreement. :::tip -Make sure to replace `` in the URL with the UUID you just received. +Make sure to replace `` in the URL with the UUID you just received. in the current case the UUID is `65356596-dd7c-4ad4-8fc6-8512be6f0ec2`. So the curl command should look like this: + +```shell +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contractnegotiations/65356596-dd7c-4ad4-8fc6-8512be6f0ec2' \ +--header 'X-Api-Key: TEST1' | jq +``` + ::: ```shell -curl --location 'http://localhost/alice/management/v2/contractnegotiations/' \ ---header 'X-Api-Key: password' | jq +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contractnegotiations/' \ +--header 'X-Api-Key: TEST1' | jq ``` - If the negotiation was **successful**, Alice will see an ouput as shown below. @@ -79,15 +107,15 @@ curl --location 'http://localhost/alice/management/v2/contractnegotiations/' ```json { "@type": "edc:ContractNegotiation", - "@id": "4e74a632-94bc-4bfb-acf5-230f7d18b080", + "@id": "65356596-dd7c-4ad4-8fc6-8512be6f0ec2", "edc:type": "CONSUMER", "edc:protocol": "dataspace-protocol-http", "edc:state": "FINALIZED", - "edc:counterPartyId": "BPNL000000000002", - "edc:counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "edc:counterPartyId": "BPNL00000003AYRE", + "edc:counterPartyAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "edc:callbackAddresses": [], - "edc:createdAt": 1702989093837, - "edc:contractAgreementId": "Mw==:Mw==:NmY5MDA4OGEtOWY1ZC00YmYyLWFiZjMtMjRiNzY0YzEyOTk4", + "edc:createdAt": 1715669329095, + "edc:contractAgreementId": "Mw==:Mw==:N2RhZGI3OGMtYzUxNC00OTkzLWI3MzktNDE3YmJhMDNkMDU4", "@context": { "dct": "https://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", @@ -107,7 +135,7 @@ Alice wants to send the data to her backend application ("" :::warning -For testing purposes, you should replace `backend:8080` with your own test API or use [webhook.site](https://webhook.site/) as your backend system. +For testing purposes, you should replace `` with your own test API or use [webhook.site](https://webhook.site/) as your backend system. If you do not change this, you will not be able to view the received token, which is required for requesting the data! If you are using webhook.site, please make sure that you use "Your unique URL" and that you do not transfer any sensitive information to webhook. @@ -115,22 +143,22 @@ Replace `` with the contract agreement ID you received in t ::: ```shell -curl --location 'http://localhost/alice/management/v2/transferprocesses' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/transferprocesses' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, "assetId": "3", - "connectorAddress": "http://bob-controlplane:8084/api/v1/dsp", - "connectorId": "BPNL000000000002", + "connectorAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", + "connectorId": "BPNL00000003AYRE", "contractId": "", "dataDestination": { "type": "HttpProxy" }, "privateProperties": { - "receiverHttpEndpoint": "http://backend:8080" + "receiverHttpEndpoint": "" }, "protocol": "dataspace-protocol-http", "transferType": { @@ -140,17 +168,41 @@ curl --location 'http://localhost/alice/management/v2/transferprocesses' \ }' | jq ``` +The response in this case looks like this: + +```json +{ + "@type": "edc:IdResponse", + "@id": "9d6a0507-25f5-4a81-8885-a47bc3809451", + "edc:createdAt": 1715669899367, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} +``` + Just to make sure everything worked, Alice uses another `curl` command to check if the transfer was successful. In the response, Alice gets a UUID. This is the ID of the created transfer. Alice can now use this ID to see the current status of the transfer. :::tip -Make sure to replace `` in the URL with the UUID you just received. +Make sure to replace `` in the URL with the UUID you just received. In our case, the UUID is `9d6a0507-25f5-4a81-8885-a47bc3809451`. So the curl command should look like this: + +```shell +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/transferprocesses/9d6a0507-25f5-4a81-8885-a47bc3809451' \ +--header 'X-Api-Key: TEST1' | jq +``` + ::: ```shell -curl --location 'http://localhost/alice/management/v2/transferprocesses/' \ ---header 'X-Api-Key: password' | jq +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/transferprocesses/' \ +--header 'X-Api-Key: TEST1' | jq ``` - If the transfer was **successful**, Alice will see an ouput as shown below. @@ -158,20 +210,20 @@ curl --location 'http://localhost/alice/management/v2/transferprocesses/' \ ```json { - "@id": "6d6bca4e-4da5-4ed3-9fe5-2b98623d9a59", + "@id": "9d6a0507-25f5-4a81-8885-a47bc3809451", "@type": "edc:TransferProcess", - "edc:correlationId": "6d6bca4e-4da5-4ed3-9fe5-2b98623d9a59", + "edc:correlationId": "9d6a0507-25f5-4a81-8885-a47bc3809451", "edc:state": "STARTED", - "edc:stateTimestamp": 1702990026966, + "edc:stateTimestamp": 1715669901450, "edc:type": "CONSUMER", "edc:assetId": "3", - "edc:contractId": "Mw==:Mw==:NmY5MDA4OGEtOWY1ZC00YmYyLWFiZjMtMjRiNzY0YzEyOTk4", + "edc:contractId": "Mw==:Mw==:N2RhZGI3OGMtYzUxNC00OTkzLWI3MzktNDE3YmJhMDNkMDU4", "edc:callbackAddresses": [], "edc:dataDestination": { "@type": "edc:DataAddress", "edc:type": "HttpProxy" }, - "edc:connectorId": "BPNL000000000002", + "edc:connectorId": "BPNL00000003AYRE", "@context": { "dct": "https://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", @@ -201,10 +253,10 @@ In her backend (as already mentioned [webhook.site](https://webhook.site/)) you ```json { - "id": "841e3cd7-add0-47fd-adef-ea8074ec50af", - "endpoint": "http://bob-tractusx-connector-dataplane:8081/api/public", + "id": "9d6a0507-25f5-4a81-8885-a47bc3809451", + "endpoint": "http://dataprovider-dataplane.tx.test/api/public", "authKey": "Authorization", - "authCode": "eyJhbGciOiJFUzI1NiJ9.eyJleHAiOjE3MTE5MTIzMDgsImRhZCI6IktaamRBV3ZSV0xpS3V5akNwSjRIdEgwT2lqOEdQRno2SVdXcWxMMEFFZUloS25wOU5mZll2R1Q0M0N4dURZVHhUK3lRaXhrcWU1dVN1Sk5JR09GTi9kRlQ4R29WNGFHZ3FpdzhXMXBLT2ZLMUdtM1NkeFRIeWR0QTlnTnZoZFJ6T05RclpxbUlwNGxwZVBRaS9CSGVNTEYycEVsRVUvcExzU3dTbDh3eUplY3lSM2thTnJiUUw0a3RnajNMeDBjWUp3ZHZlS2h3OUdMYjF1UnBDa3I0RE5sOG4zQlprZ1ZEK1RYUGtIaGhXVWNpck1Tc3FBZHdyN3kvRFE0Nlp5S09GbldtTmVkdEVaempLWmRRRUlWMkcyV2d2cXFya25WdkNvTzhPZWpXZU1MaXUvdnl2cWdTZmp2dkk4cHhIOTRzYS90LzdGazB2YlRuMmpNMjQ3TFZQUlcvMk9wRElZWTA0dVRYY2p2T0h2L1UvcU5heURnR09uaitBbjcyZnNiOUZhWVZLMzQ4TzRYKzFDMkRvUjBwem9nQmJyRGMzSzRNQzBSdjcvVT0iLCJjaWQiOiJNdz09Ok13PT06WTJJelpHTXdaR1l0WVRNeVlpMDBZamM1TFdFNFkyTXROVE5rWWpVeU5tWXpNR0ZpIn0._2G-2eVzIQrTh-JW0Dx_P9nG2bAElPFllYtpN_s7MXk6R-F5jdMyCblMD6uJDw-H7J0SMiW5IAYExcZkMn-65w", + "authCode": "eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MTU2NzA1MDEsImRhZCI6IjFFQ29ReDRBTy9acmJ6dXEwUlpSY0tYd1hQeW81UmdPZndyRWtIWnpZSStQVGhIUmFuelczeGpXcU5vTzFJa3ZOWUV6SGpEWU5iVEJ5VDgzbzdtVlVsUWZhYUpKSm5CMVJGbFQ1SXM0NHpZQ0RJYWZKNHhmQzZTOFNKaWxjV0x1WURoc24xRjdha2xSZllnemRIMjR3WnJycS9JU0pPZjFzVHNQSHNtcE9PaWZ2S2ZyaElFemtJSEs3OFZUTFBMd0krWmNEK3VZc1FCQkt5NlEvZFBCSkZodWsyMXFiOVU1V3dZWWpPYkZSQjdzUmpZYkNsSlpyaTZzVWFXQU1WOXVsQ2JGS2NPM2xxMERPaWRuQjNqSXJ4blh4Y3JjVHl3MEkzV3JjN2k2ZG1nejlXMTFvYTR5VUpJWU92R1lkdWNXdk1pemk3b01mck5SdXE0SVJ1djR6ai9Cemcxb2NZalB5Y0RvK2I2M0RheWpyWmVNS1c4OGNRUnlvUDdpbExsMVNVVmFlRUxZQ3lieitCYUxpd2x1d0lpcWxFckJrTDNlOXptNGpJYz0iLCJjaWQiOiJNdz09Ok13PT06TjJSaFpHSTNPR010WXpVeE5DMDBPVGt6TFdJM016a3ROREUzWW1KaE1ETmtNRFU0In0.AOt6rXbcK44RD7XNCMN16zjvurzdkMNCki3HkvZ_VJ43eDkCDDbquDSvW0SmEnp9cqhjMbUqnO-iGJheI4TbkIc9dxFouJGtHvKFAjOG7LFSErwvH0yNXus1TPN41BCp_jP1tpH63s3PuRqgdzzn1axkJ57aGo9ibqnKRm7ZhM8pgkReWQpHwlFz3QuOMFWHNmPm_HMePPsUxZM7OpARwgShGMqATHEJmoIff2S1yLLeN0k97JT4BzL7xwM9VB-Yssq1rWxBp3GITcBta5R1EVjzaEZseYn_wxFFmVlXQtu_lkvbgihEsvCgtXI_c-EGZl_gTVe9DMfq4cM2XXfE8A", "properties": {} } ``` @@ -222,7 +274,19 @@ In this example, we can not use the endpoint URL as is, because we are working w In this example, this results in the following request: ```shell -curl -X GET -H 'Authorization: eyJhbGciOiJFUzI1NiJ9.eyJleHAiOjE3MTE5MTIzMDgsImRhZCI6IktaamRBV3ZSV0xpS3V5akNwSjRIdEgwT2lqOEdQRno2SVdXcWxMMEFFZUloS25wOU5mZll2R1Q0M0N4dURZVHhUK3lRaXhrcWU1dVN1Sk5JR09GTi9kRlQ4R29WNGFHZ3FpdzhXMXBLT2ZLMUdtM1NkeFRIeWR0QTlnTnZoZFJ6T05RclpxbUlwNGxwZVBRaS9CSGVNTEYycEVsRVUvcExzU3dTbDh3eUplY3lSM2thTnJiUUw0a3RnajNMeDBjWUp3ZHZlS2h3OUdMYjF1UnBDa3I0RE5sOG4zQlprZ1ZEK1RYUGtIaGhXVWNpck1Tc3FBZHdyN3kvRFE0Nlp5S09GbldtTmVkdEVaempLWmRRRUlWMkcyV2d2cXFya25WdkNvTzhPZWpXZU1MaXUvdnl2cWdTZmp2dkk4cHhIOTRzYS90LzdGazB2YlRuMmpNMjQ3TFZQUlcvMk9wRElZWTA0dVRYY2p2T0h2L1UvcU5heURnR09uaitBbjcyZnNiOUZhWVZLMzQ4TzRYKzFDMkRvUjBwem9nQmJyRGMzSzRNQzBSdjcvVT0iLCJjaWQiOiJNdz09Ok13PT06WTJJelpHTXdaR1l0WVRNeVlpMDBZamM1TFdFNFkyTXROVE5rWWpVeU5tWXpNR0ZpIn0._2G-2eVzIQrTh-JW0Dx_P9nG2bAElPFllYtpN_s7MXk6R-F5jdMyCblMD6uJDw-H7J0SMiW5IAYExcZkMn-65w' http://localhost/bob/api/public +curl -X GET -H 'Authorization: eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MTU2NzA1MDEsImRhZCI6IjFFQ29ReDRBTy9acmJ6dXEwUlpSY0tYd1hQeW81UmdPZndyRWtIWnpZSStQVGhIUmFuelczeGpXcU5vTzFJa3ZOWUV6SGpEWU5iVEJ5VDgzbzdtVlVsUWZhYUpKSm5CMVJGbFQ1SXM0NHpZQ0RJYWZKNHhmQzZTOFNKaWxjV0x1WURoc24xRjdha2xSZllnemRIMjR3WnJycS9JU0pPZjFzVHNQSHNtcE9PaWZ2S2ZyaElFemtJSEs3OFZUTFBMd0krWmNEK3VZc1FCQkt5NlEvZFBCSkZodWsyMXFiOVU1V3dZWWpPYkZSQjdzUmpZYkNsSlpyaTZzVWFXQU1WOXVsQ2JGS2NPM2xxMERPaWRuQjNqSXJ4blh4Y3JjVHl3MEkzV3JjN2k2ZG1nejlXMTFvYTR5VUpJWU92R1lkdWNXdk1pemk3b01mck5SdXE0SVJ1djR6ai9Cemcxb2NZalB5Y0RvK2I2M0RheWpyWmVNS1c4OGNRUnlvUDdpbExsMVNVVmFlRUxZQ3lieitCYUxpd2x1d0lpcWxFckJrTDNlOXptNGpJYz0iLCJjaWQiOiJNdz09Ok13PT06TjJSaFpHSTNPR010WXpVeE5DMDBPVGt6TFdJM016a3ROREUzWW1KaE1ETmtNRFU0In0.AOt6rXbcK44RD7XNCMN16zjvurzdkMNCki3HkvZ_VJ43eDkCDDbquDSvW0SmEnp9cqhjMbUqnO-iGJheI4TbkIc9dxFouJGtHvKFAjOG7LFSErwvH0yNXus1TPN41BCp_jP1tpH63s3PuRqgdzzn1axkJ57aGo9ibqnKRm7ZhM8pgkReWQpHwlFz3QuOMFWHNmPm_HMePPsUxZM7OpARwgShGMqATHEJmoIff2S1yLLeN0k97JT4BzL7xwM9VB-Yssq1rWxBp3GITcBta5R1EVjzaEZseYn_wxFFmVlXQtu_lkvbgihEsvCgtXI_c-EGZl_gTVe9DMfq4cM2XXfE8A' http://dataprovider-dataplane.tx.test/api/public | jq +``` + +:::info +Currently the response for this curl commoand is + +```json +{ + "userId": 1, + "id": 3, + "title": "fugiat veniam minus", + "completed": false +} ``` ## Notice From e06e51c1cc6f1e005d628a28213102a31a6358ba Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Tue, 14 May 2024 09:48:15 +0200 Subject: [PATCH 04/41] Update prerequisites.md Updated list of required installations --- docs/tutorials/e2e/prerequisites/prerequisites.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index 315307c259a..a820e5fb492 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -20,9 +20,10 @@ As mentioned in the introduction, no preliminary knowledge about Catena-X is req - Cloud Environment (AWS/Azure) or a local machine with at least 2 CPUs, 16GB RAM, 20GB free storage - Docker - Kubernetes -- Kind (for local systems) -- Helm (will be installed by Terraform) -- Terraform +- Kubectl +- Minikube +- Helm + ## Chosing your environment From 97fa97c7aa211290f2caeeede398c6cb2a057770 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Tue, 14 May 2024 10:22:40 +0200 Subject: [PATCH 05/41] adapt the restrict data workflow to fit the new structure --- docs/tutorials/e2e/boost/restrictData.md | 255 ++++++++++++++++++++--- 1 file changed, 223 insertions(+), 32 deletions(-) diff --git a/docs/tutorials/e2e/boost/restrictData.md b/docs/tutorials/e2e/boost/restrictData.md index dfec1f3a411..9cdd8ba8d68 100644 --- a/docs/tutorials/e2e/boost/restrictData.md +++ b/docs/tutorials/e2e/boost/restrictData.md @@ -11,42 +11,34 @@ The first step for Bob will again be to create an asset. Action (Bob): Create an asset using the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/assets' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": {}, - "asset": { - "@type": "Asset", - "@id": "4", - "properties": { - "description": "Product EDC Demo Asset 4" - } + "@type": "Asset", + "@id": "4", + "properties": { + "description": "Product EDC Demo Asset 4" }, "dataAddress": { "@type": "DataAddress", "type": "HttpData", "baseUrl": "https://jsonplaceholder.typicode.com/todos/4" } -}' +}' | jq ``` ## Create a permissive access policy -Now that the asset has been created, Bob creates an access policy that defines who can see and therefore access the asset in his catalog. To specify this access, Bob uses the Business Partner Number (BPN). The BPN is a unique identifier for participants of a data space. Bob knows that his exchange partner for this asset has the BPN (BPNL000000000003). Therefore, he can define his access policy as follows: - -:::info - -The MXD contains only two members (Alice & Bob). Therefore, it will not be possible to consume an asset with the policy defined here, because the participant with the BPN BPNL000000000003 does not exist in this data space. This is an example to demonstrate the restriction of an asset with a policy. - -::: +Now that the asset has been created, Bob creates an access policy that defines who can see and therefore access the asset in his catalog. To specify this access, Bob uses the Business Partner Number (BPN). The BPN is a unique identifier for participants of a data space. Bob knows that his exchange partner for this asset has the BPN `BPNL00000003AVTH` and Alice BPN is `BPNL00000003AZQP` Action (Bob): Create the access policy using the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" @@ -67,17 +59,35 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ "odrl:operator": { "@id": "odrl:eq" }, - "odrl:rightOperand": "BPNL000000000003" + "odrl:rightOperand": "BPNL00000003AVTH" } ] } } ] } -}' +}' | jq +``` + +The policydefinitioon is created with the ID `41` + +```json +{ + "@type": "edc:IdResponse", + "@id": "41", + "edc:createdAt": 1715674423858, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} ``` -Bob defined a policy which restricts access to connector(s) with the BusinessPartnerNumber BPNL000000000003. As Alice does not own this BPN, she should not be able to access the asset. +Bob defined a policy which restricts access to connector(s) with the BusinessPartnerNumber `BPNL00000003AVTH`. As Alice does not own this BPN, she should not be able to access the asset. ## Create a permissive contract policy @@ -86,9 +96,9 @@ Since an access policy has already been created, a contract policy must be creat Action (Bob): Create the contract policy using the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" @@ -116,7 +126,25 @@ curl --location 'http://localhost/bob/management/v2/policydefinitions' \ } ] } -}' +}' | jq +``` + +The response should be something like this + +```json +{ + "@type": "edc:IdResponse", + "@id": "42", + "edc:createdAt": 1715674546763, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} ``` ## Create a contract definition @@ -125,9 +153,9 @@ Lastly, the asset and the access policy must be linked in a contract definition. Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following `curl` command: ```shell -curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/contractdefinitions' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": {}, "@id": "4", @@ -140,7 +168,25 @@ curl --location 'http://localhost/bob/management/v2/contractdefinitions' \ "operator": "=", "operandRight": "4" } -}' +}' | jq +``` + +A response should look like this + +```json +{ + "@type": "edc:IdResponse", + "@id": "4", + "edc:createdAt": 1715674670136, + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} ``` ## Request catalog @@ -150,23 +196,168 @@ Let´s see if Alice can see the Asset. Action (Alice): Execute a request using the following `curl` command: ```shell -curl --location 'http://localhost/alice/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ ---header 'X-Api-Key: password' \ +--header 'X-Api-Key: TEST1' \ --data-raw '{ "@context": {}, "protocol": "dataspace-protocol-http", - "counterPartyAddress": "http://bob-controlplane:8084/api/v1/dsp", + "counterPartyAddress": "http://dataprovider-controlplane.tx.test/api/v1/dsp", "querySpec": { "offset": 0, "limit": 100 } -}' +}' | jq +``` + +The response doesnt include the cataolog entry for the asset/offer with id4 + +```json +{ + "@id": "3b276870-5cc5-4546-b793-e2c8d39e1010", + "@type": "dcat:Catalog", + "dcat:dataset": [ + { + "@id": "registry-asset", + "@type": "dcat:Dataset", + "odrl:hasPolicy": { + "@id": "ZGM3MjMyYTAtMDRjOC00MTVjLWI2NmQtOGJmNTQ1MWMyYmIy:cmVnaXN0cnktYXNzZXQ=:MjdiYWExMGItMTAzMC00MmY5LWI0YjMtMzJmY2UyODI5NThl", + "@type": "odrl:Set", + "odrl:permission": { + "odrl:target": "registry-asset", + "odrl:action": { + "odrl:type": "USE" + }, + "odrl:constraint": { + "odrl:or": { + "odrl:leftOperand": "PURPOSE", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "ID 3.0 Trace" + } + } + }, + "odrl:prohibition": [], + "odrl:obligation": [], + "odrl:target": "registry-asset" + }, + "dcat:distribution": [ + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "HttpProxy" + }, + "dcat:accessService": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f" + }, + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "AmazonS3" + }, + "dcat:accessService": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f" + } + ], + "edc:type": "data.core.digitalTwinRegistry", + "edc:description": "Digital Twin Registry Endpoint of IRS DEV", + "edc:id": "registry-asset" + }, + { + "@id": "urn:uuid:69653fc9-11b5-4321-98ca-e60d2dc35379", + "@type": "dcat:Dataset", + "odrl:hasPolicy": { + "@id": "MDkyNmVhMGUtZWVmMC00OTlmLTliZjktNmE1MGU3MGUzOGQy:dXJuOnV1aWQ6Njk2NTNmYzktMTFiNS00MzIxLTk4Y2EtZTYwZDJkYzM1Mzc5:YWUwOTFiOTYtNGM0Ni00YzE0LWEyZGYtY2Y5NDNlMzY1NDY4", + "@type": "odrl:Set", + "odrl:permission": { + "odrl:target": "urn:uuid:69653fc9-11b5-4321-98ca-e60d2dc35379", + "odrl:action": { + "odrl:type": "USE" + }, + "odrl:constraint": { + "odrl:or": { + "odrl:leftOperand": "PURPOSE", + "odrl:operator": { + "@id": "odrl:eq" + }, + "odrl:rightOperand": "ID 3.0 Trace" + } + } + }, + "odrl:prohibition": [], + "odrl:obligation": [], + "odrl:target": "urn:uuid:69653fc9-11b5-4321-98ca-e60d2dc35379" + }, + "dcat:distribution": [ + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "HttpProxy" + }, + "dcat:accessService": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f" + }, + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "AmazonS3" + }, + "dcat:accessService": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f" + } + ], + "edc:description": "IRS EDC Test Asset", + "edc:id": "urn:uuid:69653fc9-11b5-4321-98ca-e60d2dc35379" + }, + { + "@id": "3", + "@type": "dcat:Dataset", + "odrl:hasPolicy": { + "@id": "Mw==:Mw==:YjE0ODU2M2MtMWM5MC00NDg4LThmZmItZmJjZjc0NjQzZTE5", + "@type": "odrl:Set", + "odrl:permission": [], + "odrl:prohibition": [], + "odrl:obligation": [], + "odrl:target": "3" + }, + "dcat:distribution": [ + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "HttpProxy" + }, + "dcat:accessService": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f" + }, + { + "@type": "dcat:Distribution", + "dct:format": { + "@id": "AmazonS3" + }, + "dcat:accessService": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f" + } + ], + "edc:description": "Product EDC Demo Asset 3", + "edc:id": "3" + } + ], + "dcat:service": { + "@id": "7b76c9c5-d7f9-42c1-8784-a2820a60bb0f", + "@type": "dcat:DataService", + "dct:terms": "connector", + "dct:endpointUrl": "http://dataprovider-controlplane.tx.test/api/v1/dsp" + }, + "edc:participantId": "BPNL00000003AYRE", + "@context": { + "dct": "https://purl.org/dc/terms/", + "tx": "https://w3id.org/tractusx/v0.0.1/ns/", + "edc": "https://w3id.org/edc/v0.0.1/ns/", + "dcat": "https://www.w3.org/ns/dcat/", + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" + } +} ``` :::info -Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and therefore obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. If Bob decides to enable Alice to see his asset, he can simply adjust the access policy definition and add Alice BPN (BPNL000000000001) to the list of BPNs. +Bob’s asset (ID: 4) should not be displayed. The access policy successfully restricts Alice from seeing and therefore obtaining Bob’s asset. Now Bob is able to manage who sees which of his sensitive data assets. If Bob decides to enable Alice to see his asset, he can simply adjust the access policy definition and add Alice BPN `BPNL00000003AZQP` to the list of BPNs. ::: From 5228718e5aa1a0268dbce5e77dad59b68ee29973 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Tue, 14 May 2024 18:55:02 +0200 Subject: [PATCH 06/41] Update prerequisites.md configuration and installation information updated for the new approach using helm charts for the deployment --- .../e2e/prerequisites/prerequisites.md | 145 ++++++++++++------ 1 file changed, 96 insertions(+), 49 deletions(-) diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index a820e5fb492..c5af15e25a8 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -5,11 +5,11 @@ sidebar_position: 1 ## Preface -The components and tools that are described here are to be understood as a proposal from Tractus-X and not as standards that must be used. Using the proposed software stack of this tutorial will make it easier to complete it. Nevertheless, if your company policy requires e.g. the use of open stack, or you can't use docker containers or kubernetes, the Catena-X components will also work, you might just need a little extra effort. +The components and tools that are described here are to be understood as a proposal and not as standards that must be used. Using the proposed software stack of this tutorial will make it easier to complete it. Nevertheless, if your company policy requires e.g. the use of open stack, or you can't use docker containers or kubernetes, the Catena-X components will also work, you might just need a little extra effort. :::info -You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or locally. If you choose to run the tutorial locally, make sure that your machine fulfils the minimal performance requirements. +You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or locally. If you choose to run the tutorial locally, make sure that your machine fulfils the minimal performance requirements. ::: @@ -17,12 +17,14 @@ You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or loc As mentioned in the introduction, no preliminary knowledge about Catena-X is required. However, to complete the tutorial you will have to work with the following technical software stack. A basic understanding of those technologies is advised. -- Cloud Environment (AWS/Azure) or a local machine with at least 2 CPUs, 16GB RAM, 20GB free storage +- Cloud Environment (AWS/Azure) or a local machine with at least 4 CPUs, 10GB RAM, 20GB free storage - Docker - Kubernetes - Kubectl - Minikube - Helm +- X-Environment (xterm) +- a browser (we will use google-chrome) to be used for the minikube dashboard and the portal ## Chosing your environment @@ -31,13 +33,13 @@ The tutorial is designed to be used in cloud environments, such as AWS, Google o ## Setting up your own environment on local systems -In case you want to install Catena-X components or [Kits] directly on your local system you need the following: +In case you want to install Tractus-X components or [Kits] directly on your local system you need the following: - Access to the internet (see next section) -- One local server instance, either a physical server or a virtual machine with at least 2 CPUs, 16 GB [RAM] and 20 GB storage -- Your local system should run a Linux Version (Debian or Ubuntu are recommended) +- One local server instance, either a physical server or a virtual machine with at least 4 CPUs, 10 GB [RAM] and 20 GB storage +- Your local system should run a Linux Version (Debian or Ubuntu 22.04 or higher are recommended) - You need super user privileges (either root access or the right to use sudo) -- The above tools should be installed (Docker, Kubernetes, Kind, Helm, Terraform) +- The above tools should be installed (Docker, Kubernetes, Kubectl, Minikube, Helm and Browser) ### Access to the Internet @@ -57,13 +59,12 @@ You may need the support of your local IT department. Once you are confident to ```bash .download.docker.com​ -.k8s.io​ +.k8s.io​ # Kubectl .io/v2​ .charts.bitnami.com​ .download.docker.com/linux/ubuntu/gpg​ -.storage.googleapis.com​ +.storage.googleapis.com​ # Minikube .hub.docker.com # Docker Hub​ -.kind.sigs.k8s.io # Kind .kubernetes.io # Kubernetes​ .helm.sh # Helm Charts​ .hashicorp.com​ @@ -144,7 +145,10 @@ The port http (80) should not be used, but it will. You can apply the above hint For the [MXD], which is running locally, you only need secure shell access, which means port 22 should be open. -### Install the basic tools (on Ubuntu 20.x and higher) +#### Further ports +Opening further ports is not required for the tutorial, as the setup is designed to work within a cluster. Once you want to modify the setup, allowing EDCs and services to communicate between different locations, you need to open additional ports and use ingress for port mapping. (This will be described in a later version) + +### Install the basic tools (on Ubuntu 22.x and higher) Within this section we briefly describe how to install the required tools on an Ubuntu system. We have tested this on 22.04.3 LTS (GNU/Linux 5.15.0-86-generic x86_64). Please check the online availabe documentation for further details. @@ -171,100 +175,143 @@ sudo apt install kubernetes #### Install kubectl ```bash -sudo snap install --classic kubectl +sudo snap install kubectl --classic ``` -#### Install Kind +Occasionally snap will fail with an error message "Access forbidden", alternativly you may try to install Kubectl using the native pakage as follows. Please check https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ for further information. -:::note +```bash +sudo apt-get update +# apt-transport-https may be a dummy package; if so, you can skip that package +sudo apt-get install -y apt-transport-https ca-certificates curl +``` -It might be the case, that not all of these steps are needed on your machine. +Download the public signing key for the Kubernetes package repositories. The same signing key is used for all repositories so you can disregard the version in the URL -::: +:::note + +In Ubuntu 22.04, folder /etc/apt/keyrings does not exist by default, and it should be created before the curl command. If the folder `/etc/apt/keyrings` does not exist, it should be created before the curl command. -##### Install go ```bash -sudo apt update && sudo apt upgrade +sudo mkdir -p -m 755 /etc/apt/keyrings ``` +::: + +Now use the curl command to download the release keys. + ```bash -sudo apt install golang-go +curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | \ +sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` - -##### Install kind +To allow unprivileged APT programs to read this keyring also change the file permissions. ```bash -sudo go install sigs.k8s.io/kind@v0.20.0 +sudo chmod 644 /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` -##### Check go version +Add the appropriate Kubernetes apt repository. If you want to use Kubernetes version different than v1.30, replace v1.30 with the desired minor version in the command below: ```bash -go version +# This overwrites any existing configuration in /etc/apt/sources.list.d/kubernetes.list +echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list +sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list # helps tools such as command-not-found to work correctly ``` -:::note +Update apt package index, then install kubectl: ```bash -Response should be: "go version go1.18.1 linux/amd64" +sudo apt-get update +sudo apt-get install -y kubectl ``` +::: Note +To upgrade kubectl to another minor release, you'll need to bump the version in /etc/apt/sources.list.d/kubernetes.list before running apt-get update and apt-get upgrade. ::: -#### Terraform +Check that kubectl is properly configured by getting the cluster state: -Prepare the installation of Terraform including helm: +```bash +kubectl cluster-info +``` +#### Install Minkube +To install minikube just download the executable from the reposotory. (Please check also https://kubernetes.io/de/docs/tasks/tools/install-minikube/) ```bash -sudo apt-get update && sudo apt-get install -y gnupg software-properties-common +curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \ +&&chmod +x minikube ``` +#### Install helm +helm will be installed with snap. -Generate key for terraform: +::: note + +This revision of snap "helm" is published using classic confinement and thus may perform +arbitrary system changes outside of the security sandbox that snaps are usually confined to. + +::: ```bash -sudo wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | tee /usr/share/keyrings/hashicorp-archive-keyring.gpg +sudo snap install helm --classic ``` - -Verify the generated key is working: +#### X-Environment and Webbrowser + +:::note + +If not already installed, install xterm and a webbroser like firefox or google-chrome, you also may need to install an x-environment (xterm). + +::: + +Install xterm with apt. ```bash -sudo gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint +sudo apt install xterm ``` -Store location into source for hashicorp: +Check if you can access your system by using ```bash -echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] \ -https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list +ssh -X ``` -Now install Terraform, which automatically also will install helm. +To enusre that the X11forwaring is working for ssh -X, add to your .bashrc ```bash -sudo apt update && sudo apt upgrade +# ensure google-chrome and other garphic apps find the X-Authorisation file +export XAUTHORITY=$HOME/.Xauthority ``` - +and in /etc/ssh/sshd_config set the following variables to yes. ```bash -sudo apt-get install terraform +X11Forwarding yes +X11UseLocalhost yes ``` -#### Webbrowser +Then you should be able to run xterm and the webrowser locally to open the links given later in the tutorial. -:::note +If you want to install google-chrome, do as follows, you may use any other Browser. Download the latest Google Chrome Debian package via the following command: -If not already installed, install a webbroser like firefox or google-chrome, you also may need to install an x-environment (xterm). +```bash +wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb +``` +Install the package +```bash +sudo dpkg -i google-chrome-stable_current_amd64.deb +``` + In the event you encounter any dependency issues, resolve them using -::: +```bash +sudo apt-get install -f +``` -Check if you can access your system by using +#### Install insomnia +If you want a powerful API client that simplifies the process of building, debugging, and testing APIs, you may want to install Insomnia. (An other alternativ ist Postmann). However for the tutorial we currently do not need the an APIU client, as we will use curl. ut if you want you can just install Insomnia as follows: ```bash -ssh -X +sudo apt-get update +sudo apt-get install insomnia ``` -Then you should be able to run the webrowser locally to open the links given later in the tutorial. - :::info Your enviroment for the tutorial starting with chapter "deploy" should be ready. From 0bcecbefaa3c05f1f9c004e67c24d08f3c780bc2 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Wed, 15 May 2024 08:59:22 +0200 Subject: [PATCH 07/41] - added DTR tutorial - updated architecture section --- docs/tutorials/e2e/boost/DTR_Tutorial.md | 405 +++++++++ docs/tutorials/e2e/boost/assets/Step1.png | Bin 0 -> 17890 bytes docs/tutorials/e2e/boost/assets/Step2.png | Bin 0 -> 11203 bytes docs/tutorials/e2e/boost/assets/Step3.png | Bin 0 -> 14049 bytes docs/tutorials/e2e/boost/assets/Step4.png | Bin 0 -> 18553 bytes docs/tutorials/e2e/boost/assets/Step5.png | Bin 0 -> 11371 bytes static/img/architecture.drawio.svg | 952 +--------------------- 7 files changed, 409 insertions(+), 948 deletions(-) create mode 100644 docs/tutorials/e2e/boost/DTR_Tutorial.md create mode 100644 docs/tutorials/e2e/boost/assets/Step1.png create mode 100644 docs/tutorials/e2e/boost/assets/Step2.png create mode 100644 docs/tutorials/e2e/boost/assets/Step3.png create mode 100644 docs/tutorials/e2e/boost/assets/Step4.png create mode 100644 docs/tutorials/e2e/boost/assets/Step5.png diff --git a/docs/tutorials/e2e/boost/DTR_Tutorial.md b/docs/tutorials/e2e/boost/DTR_Tutorial.md new file mode 100644 index 00000000000..23029fd5b33 --- /dev/null +++ b/docs/tutorials/e2e/boost/DTR_Tutorial.md @@ -0,0 +1,405 @@ +# DTR Tutorial + +## Tutorial Goal + +Alongside the connector, the Digital Twin Registry (DTR) is another central component in a data ecosystem when it comes to exchanging digital twins. Anyone who provides digital twins in Catena-X must register them in a DTR so that they can be found by other parties. + +This tutorial focuses on the working with the DTR. You will learn what the DTR is, how to deploy it and go through a complete use case scenario by depositing a DTR in the EDC, registering a digital twin in the DTR, and showing how external parties can find and consume the digital twin. + +## Introduction + +Catena-X uses the Asset Administration Shell (AAS) to represent digital twins. Such a digital twin is basically a shell with an ID in UUID-format that makes it uniquely identifiable. Also it contains IDs ("specificAssetIds") that connect the shell with the original asset it represents (e.g. the "manufacturerPartId"). The shell also contains SubmodelDescriptors which reference to submodels that contain the actual data of specific aspects of the asset. + +The Digital Twin Registry (DTR) contains a list of all registered digital twins of the owner and therefore acts as an address book for Digital Twins. With the DTR of a data provider, a data consumer can therefore find digital twin and also get directed to the desired submodels of the twin. + +Further details can be found in the [Digital Twin KIT][dt-kit] or the [sldt-digital-twin-registry][sldt-dtr] Github repository. + +In this tutorial, Bob will assume the role of an automotive supplier that manufactures gearboxes and acts as the data provider. Alice represents an OEM that uses these gearboxes. Alice's goal is to calculate the product carbon footprint (PCF) of a car, and she also needs the carbon footprints of the individual parts to calculate the total footprint. Therefore, Alice is the data consumer in this tutorial. + +The steps of the tutorial are as follows + +- Bob registers a DTR at his EDC +- Bob registers a Digital Twin at his DTR +- Alice finds and consumes the Digital Twin + +This tutorial will guide you through the steps outlined above. For a deeper understanding, more detailed documentation will be linked. + +### High Level Architecture + +## Exchange Digital Twins + +### Register a DTR in your EDC + +#### Create the DTR asset + +To ensure that Bob's DTR becomes visible for Alice and to start the data exchange between them, Bob has to create a data asset. + +Action (Bob): Create a data asset using the following command: + +(note: that the "asset:prop:type" is standardized with "data.core.digitalTwinRegistry" for the Digital Twin Registry.) + +```curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' \ +--header 'Content-Type: application/json' \ +--header 'X-Api-Key: TEST2' \ +--data-raw '{ + "@context":{ + "edc":"https://w3id.org/edc/v0.0.1/ns/", + "cx-common":"https://w3id.org/catenax/ontology/common#", + "cx-taxo":"https://w3id.org/catenax/taxonomy#", + "dct":"https://purl.org/dc/terms/" + }, + "@id":"{{ASSET_ID}}", + "properties":{ + "dct:type":{ + "@id":"cx-taxo:DigitalTwinRegistry" + } + }, + "dataAddress":{ + "@type":"DataAddress", + "type":"HttpData", + "baseUrl":"{{BACKEND_SERVICE}}", + "proxyPath":"true", + "proxyBody":"true", + "proxyMethod":"true", + "proxyQueryParams":"true", + "oauth2:clientId":"satest02", + "oauth2:clientSecretKey":"{{REGISTRY_CLIENT_SECRET_KEY}}", + "oauth2:tokenUrl":"http://centralidp.tx.test/auth/realms/CX-Central/protocol/openid-connect/token", + "oauth2:scope":"{{REGISTRY_TOKEN_SCOPE}}" + } +}' +``` + +#### Create a policy + +After Bob has created an data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. + +Action (Bob): Defines the access policy using the following command: + +```curl +{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/" + }, + "@type": "PolicyDefinitionRequestDto", + "@id": "{{POLICY_ID}}", + "policy": { + "@type": "Policy", + "odrl:permission" : [{ + "odrl:action" : "USE", + "odrl:constraint" : { + "@type": "LogicalConstraint", + "odrl:or" : [{ + "@type" : "Constraint", + "odrl:leftOperand" : "BusinessPartnerNumber", + "odrl:operator" : { + "@id": "odrl:eq" + }, + "odrl:rightOperand" : "{{CONSUMER_BPN}}" + }] + } + }] + } +} +``` + +#### Contract Definition + +To offer the DTR in his EDC Catalog, Bob has to create a contract definition. This contains linking the data asset with the policy. + +Action (Bob): Create the contract policy using the following command: + +```curl +{ + "@context": {}, + "@id": "{{CONTRACT_DEFINITION_ID}}", + "@type": "ContractDefinition", + "accessPolicyId": "{{ACCESS_POLICY_ID}}", + "contractPolicyId": "{{CONTRACT_POLICY_ID}}", + "assetsSelector" : { + "@type" : "CriterionDto", + "operandLeft": "{{EDC_NAMESPACE}}id", + "operator": "=", + "operandRight": "{{ASSET_ID}}" + } +} +``` + +The DTR Asset from Bob is now available for Alice to request via contract negotiation. Currently it is still empty. Therefore Bob will register his first digital twin in the next step of this tutorial. + +Continue the tutorial in [Register a Digital](#register-a-digital-twin) Twin. + +### Register a Digital Twin + +The basic steps for providing digital twins with the DTR contain: + +- Create a compliant submodel +- Store the submodel on a submodel server +- Register/create a digital twin at the DTR +- Reference the Submodel in the digital twin + +#### Create a submodel + +Submodels needs to be compliant to the domain specified standards. Bob has already prepaired the submodel he wants to share with Alice. Thefore the first step is already taken care of. + +#### Host/store a submodel + +Bob also needs to store his submodels somewhere. Usually a submodel server is used for this task. For this tutorial a service called "backend-data-service" (short BDS) is provided. This service fulfills the role of the submodel server. It can store any text based data (e.g. JSON, XML, plain text) under a specific ID. This data can be received again, by using the same ID. Bob will use this service to host his data. + +Action (Bob): Store submodel on the BDS using the following command: + +```curl +id="bobs-data" +bdsBaseUrl="http://localhost/bobs-bds" +clusterInternalBdsBaseUrl="http://bobs-bds-bds" + +curl -i -X POST "${bdsBaseUrl}/data/${id}" -H "Content-Type: application/json" --data-raw '{ + "diameter": 380, + "length": 810, + "width": 590, + "weight": 85, + "height": 610 +}' +``` + +#### Create Contract Definition at EDC with the submodel + +Bob has now stored his submodel on the BDS. However, because he wants to preserve data sovereignty over his data, he cannot directly provide access to the BDS. Instead, the data exchange shall take place via the EDC. + +Therefore Bob needs to create an according contract definition. This follows the same three steps as explained in "Create DTR Asset" of creating an data asset, creating a policy and finally creating the contract definition. + +Info: + +edcManagementBaseUrl="http://localhost/bob/management" +edcApiKey="password" + +#Asset +#assetId="$(uuidgen)" +assetId="0bc6a8af-8682-4dba-86b1-0433f9762e42" +clusterInternalBdsBaseUrl="http://bobs-bds-bds:8080" +bdsDataId="bobs-data" +assetUrl="${clusterInternalBdsBaseUrl}/data/${bdsDataId}" + +#Policy +#policyId="$(uuidgen)" +policyId="1bc6a8af-8682-4dba-86b1-0433f9762e42" + +#Contract Definition +#contractDefinitionId="$(uuidgen)" +contractDefinitionId="2bc6a8af-8682-4dba-86b1-0433f9762e42" + +Action (Bob): Create a data asset with the following commands: + +```curl +curl -i -X POST "${edcManagementBaseUrl}/v3/assets" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ + \"@context\": {}, + \"@id\": \"${assetId}\", + \"properties\": { + \"description\": \"Product EDC Demo Asset\" + }, + \"dataAddress\": { + \"@type\": \"DataAddress\", + \"baseUrl\": \"${assetUrl}\", + \"type\": \"HttpData\" + } +}" | jq +``` +Action (Bob): Create a Policy with the following commands: + +```curl +curl -i -X POST "${edcManagementBaseUrl}/v2/policydefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ + \"@context\": { + \"odrl\": \"http://www.w3.org/ns/odrl/2/\" + }, + \"@type\": \"PolicyDefinitionRequestDto\", + \"@id\": \"${policyId}\", + \"policy\": { + \"@type\": \"Policy\", + \"odrl:permission\": [{ + \"odrl:action\": \"USE\", + \"odrl:constraint\": { + \"@type\": \"LogicalConstraint\", + \"odrl:or\": [] + } + }] + } +}" | jq +``` +Action (Bob): Create a contract definition with the following commands: + +```curl +curl -i -X POST "${edcManagementBaseUrl}/v2/contractdefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ + \"@context\": {}, + \"@id\": \"${contractDefinitionId}\", + \"@type\": \"ContractDefinition\", + \"accessPolicyId\": \"${policyId}\", + \"contractPolicyId\": \"${policyId}\", + \"assetsSelector\" : { + \"@type\" : \"CriterionDto\", + \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\", + \"operator\": \"=\", + \"operandRight\": \"${assetId}\" + } +}" | jq +``` + +The submodel is now stored at the BDS and made available through a contract definition at the EDC. + +#### Register/create a Digital Twin at the DTR + +Now that Bob has stored his submodel at the BDS and offered it at the EDC for sovereign data exchange, he wants to make it findable via the DTR. This contains two steps: + +- Register/create a Digital Twin at the DTR +- Reference the submodel in the Digital Twin + +The registration of a digital twin in Catena-X is equivalent to the creation of a new digital twin. Thus, Bob should always ensure that there is no digital twin created for the respective “specificAssetIds” yet to avoid duplicates. + +Action (Bob): Create a new digital twin at the DTR with the following command: + +```curl +POST /shell-descriptors +{ + "id": "urn:uuid:e5c96ab5-896a-1234-8761-efd74777ca97", + "idShort": "myAas", + "specificAssetIds": [ + { + "name": "manufacturerPartId", + "value": "123-345-567103", + "externalSubjectId": { + "type": "ExternalReference", + "keys": [ + { + "type": "GlobalReference", + "value": "{{BPN of the party privileged}}" + } + ] + } + } + ] +} + ``` + +Bob has now successfully created/registered a Digital Twin at his DTR. Right now the Digital Twin is pretty empty, except the AAS-ID and the specificAssetIds. +Thus, the next step for Bob is to reference his submodel in the Digital Twin to make it findable for consumers. + +#### Reference a Submodel in the Digital Twin + +In order to reference the submodel in the digital twin, submodel descriptors can be added to the digital twin. + +When adding a submodel to an existing digital twin, it is important to use the correct AAS-Id. This has to be added for the parameter "id", e.g. "id": "e5c96ab5-896a-482c-8761-efd74777ca97". + +To reference the endoint of the submodel we use the DSP protocol. Thus you have to provide the subprotocolBody with the Id of the contract definition/asset (?) as well as the dspEndpoint of the EDC. + +```curl +POST /shell-descriptors/{{aasId}} + +{ + "id": "e5c96ab5-896a-482c-8761-efd74777ca97", + "semanticId": { + "type": "ExternalReference", + "keys": [ + { + "type": "GlobalReference", + "value": "urn:bamm:io.catenax.material_for_recycling:1.1.0#MaterialForRecycling" + } + ] + }, + "endpoints": [ + { + "interface": "SUBMODEL-3.0", + "protocolInformation": { + "href": "https://edc.data.plane/mypath/submodel", + "endpointProtocol": "HTTP", + "endpointProtocolVersion": [ + "1.1" + ], + "subprotocol": "DSP", + "subprotocolBody": "id=123;dspEndpoint=http://edc.control.plane/api/v1/dsp", + "subprotocolBodyEncoding": "plain", + "securityAttributes": [ + { + "type": "NONE", + "key": "NONE", + "value": "NONE" + } + ] + } + } + ] +} +``` + +Bob has now successfully added a submodel descriptor to the digital twin and made the Submodel accessible for comsumption. In the next step of the tutorial Alice will find and consume the digital twin and its submodel. + +#### Registering new Submodels at existing Digital Twins + +If you want to add a submodel to an already existing digital twin, you just need to reference the ID (UUID )of the digital twin in the submodel to link the two. + +Lets also go through this process. … + +### Find and consume a Digital Twin + +Alice, the data consumer, now wants to fetch Bob's digital twin. Since she knows Bob, she knows his BPN. With this BPN, she can now determine Bob's EDC endpoint using the EDC Discovery Service. The Discovery Services are not part of this tutorial. So the tutorial starts with Alice already knowing Bob's EDC endpoint. + +In general, Alice's only responsibility is to deploy a connector, negotiate for access and terms of usage and finally fetch the data from the right offers. +A detailed interaction flow is detailed in the [Digital Twin KIT - Fetching a supplier's twin](https://eclipse-tractusx.github.io/docs-kits/kits/Digital%20Twin%20Kit/Software%20Development%20View/dt-kit-interaction-patterns#1-fetching-a-suppliers-twin). + +But step by step. First of all, Alice wants to see Bob's DTR. + +Action (Alice): Use the following API POST to find Bob's DTR Asset. + +`POST /catalog/request with filter looking for DTR` + +You will receive the `dcat:Dataset for Bob's DTR`. A negotiation for the DTR can now take place. You retrieve a token for this, which you get back in return if the negotiation is successful. + +![Step1](assets/Step1.png) + +In the second step, Alice can use this access token to access Bob's DTR directly and perform a lookup there. As feedback, she receives the AAS IDs that she is authorised to see. + +Action (Alice): Use the following API GET to receive the provided AAS Ids: + +`GET /lookup/shells?assetIds=xyz` + +Alice receives a list of AAS Ids that she is allowed to see. This should include the digital twin created in the previous tutorial steps. + +![Step2](assets/Step2.png) + +Now Alice can get the AAS descriptors because she now has the AAS IDs. + +Action (Alice): Use the following API GET to the shell descriptors for the AAS ID. + +`GET /shell-descriptors/{{aas-id}} with aas-id encoded base64url` + +In response, Alice receives the AAS descriptor she needs. This contains the submodel descriptors. These contain the location of the submodels. + +![Step3](assets/Step3.png) + +Now the process is repeating itself. Alice performs a catalog request again and can now use the dataset IDs as a filter. + +Action (Alice): Use the following API POST to receive Bob's catalog with the Dataset-ID as a filter: + +`POST /catalog/request with filter looking for Dataset-ID` + +A negotiation for the Submodel Server can now take place. Alice retrieves a token for this, which she gets back in return if the negotiation is successful. + +![Step4](assets/Step4.png) + +The relevant endpoint on the submodel server can now be accessed directly, which returns the actual data in response. + +Action (Alice): Use the following API GET to receive the data: + +![Step5](assets/Step5.png) + +**Congratulations, you've got a first digital twin from a customer!!!** + +## Notice + +This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). + +- SPDX-License-Identifier: CC-BY-4.0 +- SPDX-FileCopyrightText: 2024 sovity GmbH +- SPDX-FileCopyrightText: 2024 msg systems AG +- Source URL: https://github.com/eclipse-tractusx/eclipse-tractusx.github.io + +[dt-kit]: https://eclipse-tractusx.github.io/docs-kits/kits/Digital%20Twin%20Kit/Software%20Development%20View/dt-kit-software-development-view/ +[sldt-dtr]: https://github.com/eclipse-tractusx/sldt-digital-twin-registry/tree/main/docs \ No newline at end of file diff --git a/docs/tutorials/e2e/boost/assets/Step1.png b/docs/tutorials/e2e/boost/assets/Step1.png new file mode 100644 index 0000000000000000000000000000000000000000..a1b25dfa306b4d3c43be5bf7dff01be8e3968767 GIT binary patch literal 17890 zcmb`vWmuGJ)HaNwU?D03A}BUUjev9tB1lU}gGx(D!!U#*q9ULIj!3tFbhmU2-Q7cX zH{Tl6UC;Zx$M@sq#~$~@J=b;JE6(#=Yt1`ZX;GpR7f;~f;SoI)yDx`_hu?>Xcj)f1 z!|+U@U1cgf&{>HnTWOoUus7D#v%(YAHPy9vYNe}l<(d5z11qZ+mfQ%$3*)DzR@NrQ zOxk89HuW{sa0#@bg0j`0=kX4~b?gGIKi@MOzH`QHevdRl^8{gc)N>`p8*xmLdFM{j zJrA|@Ii+$^KQN>6-tIb2>@iTHg z;kbX;%4PkT5_hQt-X>xfn_GWCHBf%=j?i$0>?$oYZ>Z?8`zrf?)H%m zzPmVbNm1-abkg$mgWV!LEBY=%hNS?%sa64#^V1+iUCbF61BX&SxHuj*X%< z)l~@y$S{o7$dJ3UH240RW=n!pn$-IEO%jQ$X5*Hn#IUzvgO}>=STl>I?K)fT6>Zi9 zTk6$Qee4<9b>c&4Hu$q3!Pagbh0ekS^f*`~_{zT*B z9$bjDoHm#IZc6k^J@gL@gtW9I61xgz;_%8)sn%yo(!P|9#Ct7}i`uzPE58Cr6uA^F~ zsibK)h);yKh@3AW)$&3R!jt>=?pfu&6)J{zVqFk1g95a;jT}=#aTQW6V9)Om9&MVu zcB0%LWuKs$!9b^r(5|>qS-EauYBD@L=eXK-e8VC;!`)}8s*+Cb0vTPuvqBzi+}A72 z6JO+3E`%%bXldqXC={!4q~%PVV6utf`hY z_b6s`EZAW(s^j{#aMPj!Q=eP>i;H|piM2oG2nQL}Y>@VBdvke~8y2*ELyy7c?=vt$A{9_3|M&*&-Bdh9ofU+*KmaDmrqf_1yH+GLA!-8WC^5sXAf?h-w6#8ql_)=PpQfnMSP&kRN_-GEKIqW24<8rtY>WDFvA zy}!S^BFm&_sF;v?cW2qm>(cgKfZ6GS-8I759$O19Bkl0Jg;e6>7z~2?65m$$u6T8? z+sT1~>BKze{p}+UpNpmiJPrG>Cp>MAOw`Itm+ z0sbG)H8EDEO{>0a$_X}IG6K7*Uy!4pXlhE)N~YvQR2vKU#HV`m?cI$Xx7WOXx$#mS^BFfLtCp?Xs`1z6-8;>aJrJwdC`NlJsEv#p^-sfi{N*F5{97sk% z!AK+X=n-Rk;%C ze^6*8`fB7^D9i@Ndgv^=63Tq-<(N&@PPX>B{#mm{{8IDjjCviLiJPIq)w&j_WZ41J zm5W)4trW9g5!Bo(6pzH{Vq;rEP!`!Qi9c=_HJ6Q>IjemNa-0g;@9mF~5zyWG#zuMb z^XUAi>qpO}uJ@7%=t-uozBzpO)!u57*|MmDUw6GCguv9 zJ^P4dabbw{bKARj&a!#2it+5#)jnydUKqLf$Bx&=1@&0&m8jN#*D)z|7Z?b=S9wmU7)G+F_p}VR+ z3(v~A#;{QqR(|DpGY%w?s?wJaHb2qhSPg@I-l@)%`6wpyvFT|V`4yB);6*0Y^j74} z=E2%p#_mTfoSdy=Twhi)wiefVrfbMnFAijyxI-ZCxa{rc@wR3UwN#CsQmQE@j?zrh zjV`i5!gSArCh#W?6 zF~xh^fOJ%Br;fwD)(VaM`Q=)g^-O0}?vZzE0!@@0PHj2Md=|YKUASX-*OH(X$gWGq zs2Z)2_Vu#I-lHNRtGpU+D{6`Peq!J0U94ZTNNQ+IjM6~iJFtziWjNMvR5mM_rWW^E z3{+!F!23ylw`-$WDI%dZF zTvtu9XK!T~b=a7jf7*;Pf5u3s(Rk7iN>xp z^4b0%Z5ERBtQ|Gy^qvQ?^bf@2Q`WTfHZ1PgbH*m4S~0$<>L=RX6xd_RlV8Lqo~#+; z-`@#%{d)WJ=gaIZ8r}PCHA05J9lAH&?x?5N z+0>I;{XgyE0`;j@4w3@oLD(I{%ok*3i3ES=*iqTWYif%o{wU4-R(f{-V&RTOQnj

q#zY zd-EC2nypBl3hz;DuZ=Y`oy%FB=8!m*ztTKS`oh`%sO={af1dTEx&Tps3Y$}?oCAB$ zqKouY(|1y2CrP$)cxH=gj5Fg$Ca8hEvrl8zXL(eMoLpySTBdwwX5?9P_xH5f9R*{g zHT?G3lznYxxuyMCFtuqsX?l#Ug=WozVIi3&Jl~a0`0XGVNH*y?EvDw1i;HZL zJ0sp%+(p9Tffi?6fLY5$=JlnQNb5_84H zax7f1MVAX?@K{Z#YrHDkc|e2|ls;ZkaxL(a2!v~X*UpFcl;UBBZx^=FX~r>%@Y2D%o3jVD2YJ`aniI6u<#KbvgcpX|*E zSRK=A(2V2{3Jqi$uHQ%a8=Bqv7Zb2I zJmlUqD##X#UH?dhvxs~I`Wk*mYiwH3507WsJy9`5H}x+y(*WT46sFf0TCDfxQb9rh z)u&V6Y~qEwv#n1j)NmiV)JKvx;+nB#6VVZBty^u7R+um1@woXU8Oi?MIGL8 z1O!HAne1~+tDeT-)6Sb1-f2Ijt}Esf*9tU=#q6cF5k)qQKjjUWZA_c z4(X3qkZlO7vr*!n#JbfJanqRF8y15vgo>SI&j2cK4SZ3K9>E;alK%aKEP!GZ*9*?D z{{<-@g?FOy3j<&6hhE{L!`iqI|sGQ^{#X?*~ zfh@Y*QF1kr59NVIsL08^Vm`_hE*Z#aI9ygeDnf){)!Vtr!GZqs$xDeDfz5TsJ()xj zgo51oR}UE+I;P?ILRzanKoU<(|H=(KM!c{^?2$8gAL|9hLXTd#JBT@c1+SUn*m1#= zf(9tALr3r;SX3K>H_8y*{FfCxl-z@rd5B;o6Mzg0~P{jQi;mh==Nx%GCW*J)p$5;^2osqQNFl+&Ld~AK_0q6Z)mfhX;0RhXg+6qrfl5^+iD$r;o32xJ{ zV;7RGB?6+0RVy48S?fn!?@k@*M8pFZ)2js`K7v@90UgbizFr4i>HT zW$TAZS~~0cOqV=^leDy#!stl8{c=q;>`c)9$s`7G7*BAMm&tGz!(rUn7%fFot8X@lHK^b{x{cGuXJj{gxy!DY}_ecu^ZKq@|^kGz&&YdUGr>)#zo15ErszM5K$oG4h%3siO~H35t(K6wMcIzjAe* z&mK9gq@*MuP$aNBDPwPMU!!C(YSf#Z;%2Rxs`Jp;*m!qqwVTMX|RB^ zQ~cwE-oC!l($Y3jAtI`rFH_SPilHW)>wwkku41#^%c*ZNVLX@eY0l!|!ILhCO1K#Z z-iK2K4up_FOnk{n>P4`njU~Af{1f21g}o|{V7TB;Bba!S{6<2Y>GH%Q^k0kq<=<)A zh4~U_Chd5xW-#{9qe3kp5P&blWg%=Kr{Z>s`+t{_dl{1B2=Fo@8li8(VtA^!Xd!`5 zOnVSK@D9G?AQ<4*2YQjivX3^M~A2_a$1QrKp{E z7O9;!?(Ndi)5qJ+_ph2>^D`^jeY`u>93_!dxb^)0{nr5j0Yydoq4!)1x2EW4yVI4; zRtAe*pFVwx9i6Iq)*+syt+;$7;yk*5@~(lboLqQTaO(CTon1k%p3kLj=Hl{lk#@`R zAX~3XJZszYMOjr09_q5wV3ff6cjxlvO`mcLd%7JQ3CiADXx@!KZiLHmYlV7m!CmyS z{r%0a0Rhvqvq4|JJbvM$lBQQJ>i-?p6R(sM6O0sRaI^civ$KQ6plv4_i}OEy15;*g z;FUk>Xg_IFYlzBO)HRG*!Dhwzc)WkVHq*uWyp7aiuAV+@F zVhHRXmM6a3BuX80=jkh(dS74PtHN(+tvNWdz=r&~=T;_L^jD|adyiC6pnF!R zTinsqK=_JBcq0i|gyQK#{yTOnbj_nm>E-BH7)&vN24!{PpeS{hj58>kmGB zR0PqEQ8`(#p(KuawSBouKcu{(LOkh#sA$pt-Zpzr{Iwo#tBH?t&g*@)e&UZGKen^W z&Sjh~k4lAP45TkRFVA+S^U+w=m)hafM4RyhrSBbN9*JpP#01Tqfr(7n5Y?CqCnqP# z91PM7350r#Q;XYYGsQ%PRisGrXvCBf)z3C@UB)9j1bOw4mg(fV`VfJEY;)}>ruI?T zU^f>wLYXY8KhJiakQ%iR4`wtO6GF9$?MT!x0#xZOut&T4(C3!*e7{D!x~%LS2tB%Q zzJC2$7r=q}R=(v;#bwc%{FJ@J(3ag?j1RfOY3-Ap&B>J{8|_Ukpt-hRD}`K}iLFoS zWA^VXa(4E=w@Jsy$awYYRRm&wxZGnnR}-};qMI9-TXjo1gg?Q!BoWb}CX=RD_c%dS zQC%Iiu`mRYm~uTV@OTxMi-JzX>U0OW8IAQ~5P-ND=M{t*rn0Q8Y-b0>+!z}htC4HP z{J0LuM@HXjv?EDtes*?u$emhs{%c+I+MX-3tXo!#Bp#FjDRRP8Bi-LCh@k!(rw z?f6z*0&AyPuj;aqO7Hk-@AvO(s;eJOjn@YO>y?}8mgq=5o>!=D#&_t@Aqol#8kyj` zE$-9p2@Vrs?vX4e-FFvb!T3Jq2HtX9X%YpwMB2%Bt1Vv1L^B$Mk?D-`@M+`30l|v_ zExN__%VV2cTXVfREn}CvjlTsqBBj_nbNk2)Wq33+G&~)1-UoWC^sbaF;w2x$L8|(B z%q;(USL8zyC)W`mDbn-v z_m`FmcQJDbC+A4#r5P$Qk#2sMRx*3^adK*>8~mkcZ!12RF$Jm0qnKx75)hC)jah9^ z({BhaE4vR7@a@~TU}~M&#QVGR&V&R6;!)Pq?f(A$K|Ho!awR`aRuuLo3ZCAyD9BW{ z3aVSB6w|iMWuT4T%;?Ze%V970&kZdz>6x`xc?yzi>;OUO@`GPUvapvzEna(%fcUbp zqjSy$+W^-6jS+9KCyq%Bh>%6r(~qN=*ju-d_R7kg5K>Q`Jn6iNMSGAV;^I@Y^OVdo z<+KnTb6?B%L?1lp&QH8OU0YxOc*?>l-1@arlBVL+(W6JFtO{0X-zt%WBn0m$57hl= zE^t`)qgSHK608~kgjZ2st}>HTKCHWrJ+RQ1E4n$FPE)P13kwSrta@M9u~`eqoXwSo z($Y>dDV36I`4%l67BuG|6%1lbvN&jHV&GnYcgPJ?UW3{VS2(H%V8(jC!+d9ow!r=l z1jGK2{hjgt0*3&VgbNb@&eZd4q&7M2mvmCTre2=i#SSZ!8GP~ety+nUykV`_-`^j1 zoc*hm!>(F^1}8tiW&s&fOIweZ!|GI2tyzjT*>*^9FjM^J1dpEn983Kor(Fe-TSlCY zB>wj_;vm3+&xweLG;^_}ach|I?QX9Ray!MDBTkYtDcmycOujdRj*mBb@+4GQW>(n8^CFv^ zz*JrIx20M{QXtFgm6P)^e0-$I<5-;M7Nq9{U;DT3PVE&!KIHMKaR*>C`ssMM%gQt zs!qgtZ!AG1j*5C*r=D}TLuqhWY*W$&6*>t2e|ytcrPAI|`gg#^?TA<8O;e~{M}v2CP4u)b>= z_hvT@3}~5;-n(}XD3~#n4*(xDgb2uRX3b1WxGpEDa4AAP*qd1_azlP-v#rwl! zJrPMLyD;Jdx`<=0g@Jg74=5&3FajKD`}>UtlYJ;6=st+1Gb;ab!FsbI|&U9&H6;sNUPNF@UWbmT&w-o`n>a4Ek&$H2pJ6{seg>q?iK)+ zPg^^i%OQ?yDzT8*jr;RAV?vyAttOkRK3#VwqSPxOcv|xMcxqTnj0` z)aJhDld!O`sf>jmKYk=9-?0vc6idGf4$8OEC@cq($+xVmb=X|w-k>Y76QoZvBTzX~ zi;9X?FCLi{vF$qZ*Q!mA{5s8c*5$;ip+tz)Z1t%J3kcNJszw+Hr5pE~6$4tbfC zm6gYKj=|dhT1!-_QAgs&h8;06F}D9}k7-^VlBoS3YdjQM;jJ~6h&Cdh>@V1^@uP>d zgRtJrvzhG%(1fK|(V1+H0>oIfvxF)4Aa6U$*nTBVS6`og)s>L=*G)bRoM4}_7`S*$ zzt&}HYM{q<0g1@&bVDa6Cx8obA*}jdKmh>t`X!-IsIq9ZuP+sk4a4o*4;#?9J22HY zy&|RKfn)GEno_v4{~#G|$at_r;-pk$c>nWfLjmivJxYMK=Zp3=r^XvX&|7=E+kQ#x z#+_#+|yQ2@4C8GpWBt6uAZRIk2;`rZo>dBtGCSc{;YnM90~O`X^BRcuC`U&}6pG+9)dmimY4OwC5R(C&$KLwY0T+{X zd?+Pl(*8pQ4thRkJa}TlzymY>`pDnH$D8+QWBeS)Po4VU;Xz`XsQKp#IHkzXr~cIj z>&>LtjzDCVX&>rtx^Y)CWTRWR^j0RCMvscB{Us?W904pxbnKX{ls&i_u-~y-f6Kic zd!bh=M{qtw^Go@mxq}7l`ts#VZ{DRUDAOK0-c0g~6U&B0_ck;%baW^c2ug?i(py4> zx>B@74Gg}Qy-+XkF(d|I8`6GY%5hGR(;kf572L|qm3mq?k zq`KhLp8rKBb9VjLMIb)?MR|YoQCyt+`RQIVS?LvAIKvPf$Wn{g*GCTGRsPbD8$VuT z+J(8B5??m9xAU^It16+u3347YCue7AsrE!;7-ahzUOLD*Hn}z?OXi^Ff{gLP))ogq z9zP}%Xa3tCy$CZM?f3U~8v?l^P?8c75@KRi7)+ks;_%0-!Z_Toecf~xlVRlJ4cf=% z=H~Fcyu5s#)#NL=zk`&^$V(F~r=1P+Rc!?Y1yFwE1Z?Mkh2Yl!YeB+7xA z09~b91&t?fJ!s^&=z){NPH!x&tgKw-L+a@3d(8d@L%x#$pjaLSCHw`2Kwn`YhI2lU z(Dcqy79dxrFlYp&9TrYfM@Q$rh)7OeUKS|QfKqB!($mu)cwUTU)z{U98sMX`cV1qa znZ^`dAP)}@xVg~Z5T?9Lc-aom$V=pRb}|Id`kB+B zQh=HpA15avab=_VtpelW`Mt5&%m-|(Z22o#DewawQqQ+bDW7))5c6B>{Y&0SI zfxWTvG`~M0Ei`#qc4KoqMD)Xjp~*=KGP2Ak#fRGvnng|;JI?^tdV4oOD)oCO>P7WX zT>P^?h?AU8e!2ks-5D=J99P?xHp0-yUt-aDD@>ox6|nG2p2*F~5&5N0)Rg_#`-lBj zZRGldXO(_|hA)pfOu7~5rmU?tZK^-t+}qoO-P@QHWO@QG&9=b4zxy)%b!yC?JFrA| zZ&GuD74kQ@Q6LmjTVv(T&CTPq0`D5itPEPF+JoqCjXCN>jh7dTad|Qc^!3pNQ6mARhAb=SLf*-@JMA zoag?QXwW#|>nPKR4206Bw3B%pYj~CTS8hxkIlyQ<_IPaxYFXLY%CQn68Q$HKbN~w8 zdwZ`hEXbb1nq>7oKB46_Tz1?%{B(k>StclFH*VcR+S`lVzmM8ktgN}u!NHL*od97@ zn8&c`>e8d2@eVC#MiI(YRL+hcDWu*d_6vh{cn5_HaNE#ivspX&! ztW9^wn9-Qzjsh=^T}M||!o3ve&qri+Jpd8q!d-*La1oCxNm}jS#U=phm%+;tGz+#s zQty8E%qGNsj6z1Hp|P>i?Id}e(_(jq5soJUCfv~QPn7IUeku&RJ>ZE?9z1x%ZK? zI5`^$M#;1fh{gy>68n8U{j0rbULE_lMeJ`nS0xEi;U}7hYkPg3JnaGrNt$-$>Cppj zfUg%^?lI&krd{uQv} zSn{ffhzM}t&mZYW5-|R@pm-HLu(q{ehdD!FdQ+GX=e^C&&d%Ombp^r$JNtzwgzzUI0>N>e zAR`El86{Qu(%|8VD8#A>aKKB)=cy^*r-{!)Mk9 zoRfBI4$oSF>Q(5t?F7QFVomp}jXY(NkoE3mgvN(>$e z+Cd4f;&kKX`FvAs)R4LP5A1mi}pl$f29qhkA`j^LuzMuWgU@3XRF{sIgP#>KCWve(6n&>P!$ z)$w;Q={9CTWc8%vD70G)&lT}+j(kYsKm7eng(|HdxIN~!EE1XfvJu&L6n3|m6@AVt_rHjDTNfBEv|&3N~SVnVmC<7f&}(9{Lp+m!5yS&54sIS#8o)nY0RL=I6~U z2@3ie)nbZGsRW$VlL#52A(+;+wY7DksZVH2r9ZNqHcHEpY`Y41L^=Sd$)xwpii-MXjlD@aLVPFQ|JB6 zC4DXpsA|m$5aKwF8|TT%{NTilPj3~$|{%RbmNjSA>VM4#cU5O;=j+zngg_uuD|5yy`O3ZIJ`bkur z=5-3$vo0-%SvFRo0IsAFJG?&&@^`d9NI^fnG!a?ZA!AQt z-d>%KkpzW25b10W%%pWwHy6ojjzaC=6muM1i0f-j)XE3d+(<%P94c)f#zsnKeZ|?~ zx6mv~JyeddknsfgWnGcC$Wst=JjfVRl@m1aS0CS`!EX+UF}o&pX9Tm#Et=FICC&he zfCc2$LTj;O9#gtmAIX(+ps98 zZ<@CBId>9@7&uy%j+x6$S2pfQBm?;zs_|xpo6*Hvi`dgqf1$>UH81fA%Ys?}C}Yb2 z9s@1GEVUToS}*j+aQ;S1%Ly`wkWk40~I;BEd+nSiR+Le|1D{-VnP3Ogo4jE4l{n^&SVfX&zy^-`Abuz z^8(%o2_CAMtB1L+-b3QJSUmHAjwo!c1H_}9yz2ML02#=dgDkTaWZR!oD2S`n|2tIz zb%ehKtnRCS=?DM+MF?3D31ts=+m|DU{#4TG9(p1L4{4pQC;BVsS$x0zhVq~e58wZ* z0zZf`yZwurfDgeghg=TfGpT2XN|JqjG0;^wV@5hUxoGFL zF8!306e#n6-GEkASbRUB=kcRxC;@)}Cc)m3ZYU3$-AS!NsFDH;1`BZI`{a*iRBI0x zIcaOV4$h~is~g6H+dp&zoCTBx6*FiV1RyMN9hSy!{FTKK@)M*b0pyCoy?ezAL#0Hw zqNAd2-ncP}#cJf+nOA+h3OxwnECv5%BSg1Ul`UsQxro4(D`Nx7%FCl7BMtP`ikzU` zbR8#)=hLuQ0<(8=D&$;kZEc0D6#9ED`Lx^kC!m3CZGBy73Rh3;@H3JA@SjrQKUjyc zW%x@3XzF~pVlrCF-OVjF4N9~iN7+JQ(PsU=-WQVNQBJEjV}{diLz%VkI@D z0=+e_Yx-UFX@1j@p@b<=ii+&h>UBX$j~eL5%{Qsiv;ZK$Z{p zi-07<4!REGTD<`-$$$#D zZEkM9$o4#P?hWV0U+Qa1c>NXqV}Igc@F3WI)m#ppr*){3FhT8A1#bBc=`HwFfLvzSB?RLW1iW{3Qe7wsatU!^8hjkh=dR{`@~tkbcG2 znlTKtwd}2B>6#UCv9Vd7h?0A6v2?_EoF_o&A~B zGS61sTIxz0pX)TA7_FA@6=&$`iqWeTqi0|!``WJa_=hsH_JaqS{lq#)L~1HLfg%@t z`_piVYt^(DuhHR7r1O=Jar!e5<}GtD5N18~-+?fni3~b9yPcdjtoBQHQ(eLt&z<|b zUG)EL7pwjfHsg6)>UZCQ4-`IB)B~8DjCUS+>upLjgP5WA%hEO1spG|-Du1`ze>5BZ z{n@LsP&M%;?YEkeqxf+c zruuvf8jB+y6g<1r|2Q0Bi)=EXQLcB&9VY)VSaNSz`AAa%4o4Cc{w?3 zMq@oOGW%>s?A)FRgvNAD(u5~5ds`L{69umIcs3aUeUxn`;j8vvRi3ZaWYr!bq-4}zU#JqQ2ERS7EU7hVI3S!kaH#X*pS;R&eX>5`f zEEY%OI?l7Lqv{PRQJXX&JMkKMUhgS8vlr<{rY%`aGff?10$;s$6VcIOXp$zUysH1x z;`!1NX2f{!t|`p1Oir4`Qe!_vLYyOTy3peRmgW-sU zrKQW93t=$$;hTh;)%YPVZ7>Jjj{ZY^wo2WXE=96Hm%ffpdLXZeNQQFWT1dFLnAlg8 z@Aa}w6T+FyN9}hUk#7Q(av*6FAPEcToCR4US6Zc5nKI9x4@^Wk%! zuDawGm|b_d!d>u3jt_a?EQo>dlqYPuDI)O*HD?zZx4EE$zHi zJw(7SIGps5B&2B9M8sw-)_Kp;A%uU|chacc*jMaxk*L>sv8sMcnVql9)$Nogjvd?T zC|Zl9_Uml!iH8XX4?OzEDBmDQ)je^I)45Z7PywqhD|K%WdrWg{@7`?m>M_?$sRy@vvw1BN?(I7y0SH<(iD5`ikWy*2GRRRf9d`t6qp zce#xvi#kzjl>*7zn5gRy^&dWGh2xZ!?l@Ys@ofF$RcE=RQxvx75UrmAdnxx+(=BwP zLqhhKutsqbA1`cMm}E__y3l^-^9DOhu_%zzSaz6CSX(D)nb~<%uhlq zp~xSW0g{P5U)cL(TJOOP*JwZP$V<PlYB!!F;06^9G*no+4`~IXZNu!B zziU?(qI1jqq4qD?w0y|odA325+_ayVD=TZ3foS#Mplrana&yO2Wsg}By;`dgsweZ( z7Y2JR2j0g_*XXvFt7)|2v~H6N_#&ayqciQL_v%QN9C|lpgSN>m%QLkqTB?U(&gOH) zFs8Vv^r0IzLNoenk##51soIon#uFD)c;_M%KVDzt7@%Tl(U>}<_P(|~MH>yXaNYa& z&3ZQ!$LrUt%scdO$8bYB%hbHvS0&xR-=^*vl3`19_XG?(OgB0*6gUXTCa$BE#L25) z!Ni8+_O0k>X_5vwRs)Ow%NSG^Wx=oM(?N_#=BMjgasq4f0uxEjyLrLH9}7}8M_;E8 zWd^h+YV<&J=omV8)tKc(fB+t}S&MDM*xUPDfl6o;hoJJ@lpT)ng6u>XYU4Df-W8Y|F2~%)u|Eb9(&2Bt4F(Ix9 zr;HIFtM`jc?u`<6kRZ?M% zDa^?kZ%-OvU|wjJNK*Q_izV$9A=91fEn+vjtgF|_ynsEh_rAD~?507Rid~XFn`htk zE#8YS+?>cT#o7B0#6Z@(0SwWmrpd(1!+)xMcelN}Rt|xdsJPehz>9ON-lTlx8s!qC!7Sp&rJ|Vvj;K4=W8V{cY;z#sKdRrTJ9oGAt z#mF4DCOa%rzf0~9x>{RE-`cep6b!cWh?3Zku^cyT4+!9M__Ss9$|4ulpHwmNW5E6BTAu@#) z@`~MsT>TW0RAKR)Ui9!gg|zniKa@0eUCY8eR$y2b>!(y95mT)d;L-4v zSqb%__6!x(^F=u>oJHAd0cZLKv4B&B94Z%+d)tH?8+UzHU%!6Mw>{%A)$Zwz8=#~9 zbn0;7%vF=DzXs?4&Isc2ZX?*&iZj)&M%W2@fN)h+YNRj|`TlO>AX;@1D|=ahS|j0P zsZjZTKj*zy6N*KRBEEENxSuMBPlTUDz`QIy{`+?lKb-J$==J|T?*+fRuwijx z&-K-W)mgXy<22bI%$)uHSq8-pw9MB#{+jV8u)R6Xz``iZRDJwmQ0tvw(-*@Qy)$>- zdck$dRZ835Ab{!GNY|@yCpKetHctWxTa0G&2lWYt=f0_j(&{z@2SUjr%6$5p-4(ZLj-|9NR^f3wIC2&N$`LD*)w2^ z)YAY5Ae^qZ^<2#z9KGx;AGtylE$uCxAG%svFqwHVS-ZMAx`^}fIodt6cXfl?@tQlp z-MiWtArPE9uzPy0e~v?NzAW0lLxkNCoq$|I2*_@@ zu%}G*L~RXaK!S?=uASuKH#@cMZq1EC$DHBxUr*Lm)3=i%N~It$XAS34t}ysQavT!w z`lMd)hH}eg?H1bE7g23Ae%U&mVZl2s{;nm)N6g25=ah}^=LF&*GHkz5zkI#fmy`i< zdYPR`bU@t-u_9|&t>bv*DE`1)_j;L!&Ol8x`OK3mx3)j>ug(4-)?f;jc12&jYR)!= zPohlKTGpVoy9Nyt+jk<-z37v2?B?I|@#~ioe5}?u8;sH$ZQJ={1 z#%IaN;dlDsfeffCj&TOGJYE;K4#rRu_U#g3yhMU{K`sj|INv)1ifA%IV z2p_~#DnfVZr$O>?gf5AUU(^jhkuJnoP+tS8m&1g$Daq7V$QbE1O{FuPocbkhX^;# zyLz4aOt10*K)ZL89z6GI@ z+AIVxj$19{qqAxTdx$TM2BM{6CfQfIUy^BTTR&GfaNmA9-*5YpUgB&1{j`j!jql$h z-@m^#pDbimM=dbX-_(>rBVq%!r%Oy7yCzfLGZ67v!hMnK9Bg+k%cRmg&*`n!c^-qW zR8$WAc@Kn`nR65)#!4UY)OoJSV4BtEH9p_a=GTX@81?oR2N9ATO+{}oxUf%avCJoC zCN(v)9`1GX(Xy1&sT(}IJc=lZ*(~niWn;4+EUFK!s;3j-G$4}T=jZ3< zuJKs$vmLN6;78=!<-3^t3@3y3S4i+)L3Vv*SSo_qj!9a!y-DyG8*0ecd7UIt=(A&t z+0M!=J8EQP7%zvfd~`8c8uf8ro6zwXAFVSpl(1YL|`fQgGrfSP* zXKYw!%Ke@PQOnn$Xf)(&{Q97||6<>qv?fEnlnHowOVT9hlFfJ>ib7LzDMeR~v;3!b z8%^H*>P2)uW4l&_)OLmh*5B8KHhSwG3spFbvm2cJOxJwWp%9J0fng~gHjJEWgu*c#!KNECqb&mt7C-HJCp^sVQe3>au})<(8x|cY#8O1lifGH0u4xK8_$i>TtL{sHKbbI()6}x;%1w3Ysl} zKe-+hebM;#y$-Y@grESCQPVW?B0~RXVv5LaVhm9@Xu!^ovQP->j0|U#l z+670`Jp%!Zt?7WF1qDw{Q zMQ+j8UK^v@48NT(>#|tsSqM1q#v45u^laZfcc9X(Yty<_ZTS1=Ten#fs73A9wKYkF ziq2>ShSNSj-guiE7RFb9a;#YEBa_x)Qte(!8GR`Act7XflGIK{1YLqj;>lzr z-`Cx1Q*|h$;?}!LlV^NXI5EMsu8Wwi%w5(rGke`3={7GkH+ba=S#E-gGAt%WVsryBl7#Pw&--eiR42QEHNahBSK zX+&qfN_PAFbWcLG#s&Q;XgY8tf{RGPgMsdbV~Do~EV&>g;ALB?{q*CAVv-5Se90m5!O) zk$Hv|TH99O<>n3Az7`7_Wogh4Ri&rM%^M`d9u<3X(0>A16~$w)t>+uT8}7EGHz|<0 z>1=)M&brVYwrq3rrCXNih||ieKoXSCPO5M;ubXgOWJHY3_fbjX|T(p4w z2#WyTY`2M!*y2z4=+yu9gsCt89c)paVoCsvVmj5w{^@>+N&Ryw9&c6Ph4Vu-5498T zZb1PCXM>vXHAdviu;CW(nL8fslOk8zkR5k-W*eR@K)HN&S1(&wG5GtgZq99-XW$kX zx`One(XU4iD-$FnmnKN`~PFWC#FZ^?3fy4xUC7 zqO>Q5lUPda#6#)S0lv7x7Eaq`4oQXH7}B*&96v}7MguR zxL@s+GSUvqeQRME1#EXcT7DeAU$q30Dc32y^YG3G16ojR=W z5%G=Ok|CV-a(4Gt!u`vDO~NQ+w!m)B-y znyd`#)_AUQmXTlP*1K@w0*Apphw#2J@|>)M_)9}l#eyY$yK7=R28bLJHkE4m)Yq@O zbqmKLCV!Mhv(DVYur5CED zJv=qjby<~D3?v!LtC|SqKqWNpZJPqT1dY(zn61y2bQ#W27MfO8V3l|HYMQTK*5v8FJYu;u?>}^Cf8)jt zi`lLqOqQ34=R?<g&JTC9>z4X$>K8JqxQM$|6>6kZmAnJcpQ9-e z){&495&Ts6jW(kgwNkOTHwn}_y_s3Uoz8Ku`;oU6M=f1qeXHTo+|9Ye(dwPo`38sf zImOGAFWVg|3-0qUiHqO&35s*7>SMed5*oVKD)Z<;;fQTm)4O&b?<d(-vG-=+#X zo3qpsI0(h|WbN!~npdtd0TAp=D!;^qMr0s!OgT8O4?3S5k+mt8<+1bf{ur_{xmRH? ziFMUsh{c`Nt~lfYSvtWCaDj zGv&01VyfDZ3q8AXg)w=t_ps6PAI18V>3FC{2R4ca(CUnZ$o-@BUyI#Y{(ng#E}k zyIQ>38`YY%mZ#a;S$-!+JM}}j|9eC2f*8Ntkj0_WSA@j> zn#i4t0aO7!@lc|(*mJVPPYKj$@$sxl-{9#(Zkl7RGs)Vfu|Rkr?*!lsfl16qgh&FF zGpD=QZX^JPi~XZ^+O_;?Rx}#bqmFU)aao_7-kCADHR3%@t&snU&s9@j%V81D* zz(nTpK0t#bTBsd0IXO8U-C_0kk;Y@yy~m_+w1w~Azqd;DV!L|vo%hy!NpoLc-`8k% z|E+#qU>Vjdg!%w-)c@pY9o-hgC3CP?+L{u<<4dw?#~*>*)YQ}=;6@IjpwmqKjDUr`dKFs{7!*WELLC_w z=dr&D3*v$U_r-`sNUn$6$d5DjRz_s0Cn1g;BN(KbPGa7?`SP?TS;RKhh;e&+*rA;r zsQr#4(6N%4HX@A(A*)}G4xsA8E#b5VWj2}TwM1IHOQd0 zwS~JpZPUg3TMG*b<2`=kX$_tkCRo~p_`?BpvtG*IyX={gthSIscg+Qh^wydAk zXh)b>ZG$u$V3b!l~5SYTXRWj7?ar>CG0ynbIvDWpcyceiN&$2khNFUcJp z9YR)J$kLqu2AcX^F){D^3*gHd@;Ek~aRN742z)6M)(~O>p3{UZmH0h3e^fmn$Qbb24cn2vU^7 z4&KuiWudyp|=#UWo+)Z1IE7DJuMdpCpu{b_Vc{ta2JYlQ5$5 z`HwYoP^W*s_6yHWPlca3^Bcf$P{BwNDp_U7DbCfvJUrjH*4x6uV!ZA#$elj(8hoe~ z26={EBUwpFX_WwlSbo8-ZXhQow}8&K?azrxOsw+RvDd5;=+$=^=Z7Dk+mTN{wIZ&^ z=WrK*fq;O(HHDYgd3ldPW$_tSt}a)vxGxU&b_k5^j)LSSqZjX^RZFU3PZfrPXiNL< zu7c3V@|o~n+0KAb0Jt(m9N?as>6;x8OmbztjjQlYXV0J;&%_Cm@!BNm0=O?{s})5ufeF-QC^D$VjWVkGG#Q`W1~ulS%I~iHL}R z6%8>luj#g!`M`>7^@2JRpgV07ud~odWrkofMqUFoC8c;F zt5;tim%pGMXH|{;zz1qZ(r&P*D@CGEzf2{?Yi**rsHh0EjxEd2^uF(6*(U(zk{2*V z&ZPmm)1_8M|2!b){Es&nms(3oN`Q2B--8-exqj{Hf~FR7gPuNEA)E&Iu4_i2j7sIc z^E6Zt%Ond@Q7r`zN@qYtfdZxBHw~yVRZwWz+n8;Jgwu*@)V9S(N25Sr_wC!ag@Hmc zx*My_mreSF;85LM$L+fB^nGqaJ3qsXogev)=k)Oi4j{jB*j9 zppQDJS$S0K!*@QuK5xUe@^Lox@X$9QwqB6O1?n)yU9Opzv7V5X>TUBaLm5NDtylCN zM9xa@$1aZb6Rf4>0XaIkYz#LSo*-LclRg6^YQw-c!{u<>wPFywXm(9bRBHsI?urm9 ziI2D|QG`oU(iiZRH*NoNPSwRFbvumIi_p-v_V#Mmx!27!0M>HU{128Yo;-Qd=BlNo zrL6oy@CaD;!Nf^F37V9vV}y}dsWBJ2Eowg!^75rHHfruWZ4Dq~$d4kW-2`8#CMPBo zA{co5E%g(;28=v72Ii%YHc=rVXTQGN-vgcoICZ>Je`5KM6+&TS>QV3By+i9_)W*s! zSC?%IYqu-vk2)vJMQqVEZVR!3JQVBSJnOix`*lqW8{ncIxv*lS#9V*gQBY6-6=r5O z;j>a}RddtHLBB#jQ{__a)SzMhO^~2vd>}HBsi_QE)r>N_5*}d8*x)67`Zn79~9hYF4YQEpdE~;ey-fYb4)zSaW-_ zQ1Ka99|e{ILW4?59(E)M&8z5_+wHBl^8r%G*}3MoHyu}!%iw88g<6@72-DsLP$hq{vQpu*Xnp8)Q=sneEzI86Woq`98m-ldcec&t-e~WK8h`;x?6VX}7mh zmjTkc7+f`OKW;r(T0vmgmrT>w(ruWecz8X7t}t`JM3{WLL0Rc!+`|-NbLF5tev6q*Z zva)hXK9KHtCiTYM$RWf0&KQT0%DW^Vro_a>_3zu)5F`n0ZF91-XUPQ-pbyx*sKs4B zOtDBy`z?=re6;-_f<4vK>~kRgd^=e8B4v=&OYoab@czSNI<9%|3hfY<>v`2tXGi%`wXCTE%={b%T$K zFHB%Z0Cqdx%E+*?-ahIlTitlQYS4sKR{YY{b>Cq}o>-jT6w{{k%>OWc<$K$0TV)?R zyTvECgh~>uI9T)oA5zjKuxtYG(azZO*6H=X`hc2-isq)K5C>Hi6#zmnww{S1(@;2w zU!>Y#;A>!KXZI660X~zHWtYc#0yPNZp$AXTKxD-(P*I`Z-wu=V*>>b^MdBbjrGLqX zI~S+F)IB~(6o$RWfD);knwkQN4$#I$o}aF#{J!FB7Znu+xPnaPa21GmCE`=Hr-xEY`Jl4Z^>35wuIB@#TV4cK~vL<@sY! zcjB@=2+$ffY=_#=P~yUAJu}j z66gb5L?=GJ>tsv#moG|_d%)u$+v9kR1lv|ll1iUGefoz%T9E>vSNp}UT$Acigy-p$ zG&RYHh;m$$00q%>%lr$Cv#NygiBb1UA9Wg3*mIx+pTM|GfI5Tx!cqQn=g$2?J`4a{ z-=lrErQ3o@8<+f!wgv#K^z_^r-s{iH0Qi|8?KFXR+Gg^@E#+V8%E^7+8Ta=Gbp-$? zw@$^u4`_(~hdy1Kd=8>i0aZq5`MRhR4J-Uq~&ot-^g;UEfyPwWMsr>CK#qhn;0@mMze zeXEx@yf=S_@zo6iYJYsNeO2Z(E!rp+l9(OFYCihzt)HhC2g<6Yx%tN+XAuZ}B;GHp zNieMu07dr?H@aIvP3Z!ysG_0KQmk_?ALq152dQF=lO2Z!wbasfjG`0==+x zB(+FCa%&F7E+Vo8$m2uT|7JMX9f#1vxvaM{-EZH<#v%;es#od`R^gX)Y$3l}{!2Jp z4F;Z`o*-Il*qLMiY{U2su|uu*Rzn3g{Slpnm9BH&0`ZBtkFR0p+W%EFTW-@)nM!Rg<@>EFTW z-@)nM!Rg<@>EFTWfBkaszXqoPmCn;GyK9qI{>)tO6qKtEPklwHs7SMWOfv{Q>fq(( z7QS=-Kj)obfC}bhnIY3tLDvhvborTg#EX{Od5!D+`$v!12Ic#+UtRpK-&p?YB33Dm Z$#RmTvii$EBw(*mzO5l&aMLvKe*pYv=CuF- literal 0 HcmV?d00001 diff --git a/docs/tutorials/e2e/boost/assets/Step3.png b/docs/tutorials/e2e/boost/assets/Step3.png new file mode 100644 index 0000000000000000000000000000000000000000..c694217ad63681b44b7da3239ec15826d24333ed GIT binary patch literal 14049 zcmb7rby!sG*Y3>FC1TJ>2?$7oAdPf464CNOyxYlHW7< zzV9#2cdqN4`D12ZGkee8&$HKauY29=-a#r#(sJZ#L&ogva@c4jY)oz0$8nRrmWaCUZZ;%8%XuraoCcCoc#HMO^O z?d_z5K%jw^8rsf(e-D9z|8Y-oQT?h!#&NUZj9Kbg?c;}cFfk?NB%>7xs8wkn&28%| z-_D=j?YxIU-O|MMQ72Dht>Y;9c>1JgQflOt`ho^?ZlP^{(A;8O8PAhPM|afyKf1yA zn=!`3q)!ZK6yEQuYQ{8wG+E3KYr^!kR&0-Nz8Y)Y+l{6;+ z$yAhctE{~ny||O|lT3^?2SXqIS2448o<3*X2!br2`s#|c(41rOyb-Q2`^f#M!j0D6 zz;m6jW3w`cP-&oenJc2a-}CkUU~nHH`VE# z=N)ZQH!9^G&Zi}<7rtqi5SWJeR>};{e?&2QqDLmkBU6y0yx$bC;VWD^iFaXHgngbJ zZL0d+=Kdr^tBdk?Xp*HaLj$4xeV(IvGJ`CwJhyh^pN-qfdU6m5_nfSRn1=h$Egvj* z#nID7D#?(6>E)3#?g z=`GD`8IzE?m-!;9zjU5pJ6_|3yn_` zCI~A-7x23@x3gpQf6R_1j(|HqT2l+5NWKwnW~TTi*yxC$hzZ8Zg4a-AF*fvBouvB} zBQXrUjb8tKcehP-a0-Oz>n80p>RI-C-)^$AWAcT(b0ENl-FUN0{09C?3?YX2YIM_K zHHqV|pE3D}oA1JIEO6jLQT*ZG-eD4brJ6M&4mZXmCPpPkCC4=vhZX5oSe5$cO?;2E zbaWKjOipIiuMNK^G@Y_g!kAEcOB|74h!}r%Cy_yh*p35Xs(F8EXuW0G1aS`QEoJ3& z+7=uim+MZ*tux|vpv9>^I4H>>h2MO-%{)rqo!y-yL&SSaY%G;rZT}r(aiDT(3zCX&K{KtmCNNTR?iKqs!}#F*{gMtbfule%}-rZ z$gfi|Gqm7s{X|jsicAL~DJ7+t$XO;CoU2GmQ&Y2F>!uu`)#$QOS=@NqHd5%-ms;28 zw$srX{8aeLTi{GvojOO6dRC!5rtzY*w-{AvrC0xSv#if$eJFNyB;E~G;VxQ=2CnMc zz0(c9@X#%r-meqqVl+7lj5gEt`TBKZyffYt{PE&>PxzboOQMK>&?H3`98B*tT_tXN zUK~PmZaT!ds9IU2rwOT7*-l8;TpbLuahX4S7iMS53+w&zGqJb47Dw~QMT)J?H3Z#G z0b1p;zx~M81l3VRw6u@n4EYHWUX=U=IIP3UYc9aEgU^lYqWU8UPt7EI?{5+dy9g% zW|fqbniEq}9(Q!Gfg6(;!?j7tPrD-_n2uk!4GfKwR`G0`#rL(sK{=>gNuUKYSD91<}>%wXLXBci&d$4 zpXF}JQdbM~0X!83ty?IZ86K!9Mi@6@-f1MsAaq(JozH@9uRQLe-wGtIadK7B)#T!9 zKFp)AFzvSr_pIRQ-G0*6*t=>r8rF{pWt>I7L9T$?FDBKtST#-B9D#PnFOl|GE0jSHC7x* zRwLtF{DzK4T4_6Ba6VSCG2=WEsrF)~aiLEn{pRhNn*EzRSeZC{(VTSC`AgsOx`l&Y zWF)_JLk$Vinswde8!Mina(vn08ed#|_0-Tdi}dcDJEy0oODn}?u~f!5e4i&O1VwS> z7zDZV33E10I+?W!4)<{)PNmN~ZL-KJ>z~tcP|@kKL8Upr4>3C|yAh!MIz80Gz3C7# z>B0X%Y8W@np~0$sT)X^drh#o}Zku)SPw-j%N_}9{Q-?Q|O7J%&O&pkOQG3!PM&Va#~DGRAi*$ z{D=B;dJDF!SOE)+)=x=a35uR>@sR~lvt8Zb;&Xndn)@ljT^>r zSerJpL(CKaEKAmjIycIDZnEh(Kc0q?*8G%!G|-t^=5M0WGmANz@0t=SnJ=_HJVHE$=I@iXI-G~ZRz-x%P8yXp!~DqY z?1xkanr6_)fdr`o!(IAyH=KkC)ZfH&i;{#!WF04PT*)aYmOjtN-LdnxN{Zva&eG!x?8IDD_MO3HF}oBzCt2MQm0#06A$i7g%F#*5ppnh zjqEn>eKu6@!KcjDa??SO;!dVj+j|Gst&?aq+weEB5*BXMX6YiHvB&^lz^tZ~mfIM$ zS9#_wE2#d=JF=Ht$Wuv^u-ux6xxk>aKruO?pukdaA~aVqnfc-|VVm&MNa4hLW`$5ZZ0?c7CpRYX^B_B zW&Lz5_qMw`2x}#Tsvm=}fO(z#5hUAo;;8c0{qsalLD8QjmV+w%ADTLsZnmM&mqprr z;V*H={r+xw2IY7mT>A6kfbb6qSZ_CLRH8Fo$P|v{Qt!AJN1k~Brp0KO2;=b43vF3v zS0c5e-yyWhZNx?E*fzR ztVM5~XUvA%O`SNim&ASA&F7u3F4ePWKWEDtHkj{+!8z7whZ=om79HblaQ63>tZnFI zPSD7|p**Li?)lW;Z@9E2kv&3aUlwT)yW&q61ZBzijYdv#Xc|qg$oq{}!>RTGf32e3 zws%zSVl-efs(t%=T|OS3)P<9e1pwZK+@0I}xfUB!DzvV5D|IR`$|tqI>zX`BBgsP~ z(Q}5T^F8Z1i#84Eg5Ud3G1;~sSrgLN6EG4-DsDSDI#Q$kEHRDO%x_fnao=2CZZvHd zTVwu8>BC)XIk+72A=l#exV=kMqwijnlj73Zgl=d=-fgmp8iR(@7}Y0Fly_q-=lOUl z!t3fVdS1OS`XDpxCTKpS>e_X*g%NUDSFrqCuIugj*bqwS&oyaXoRyk@r3?7+ntj$jLWl`vX~$}+lbYQ&DUqgd=u%X3>fT+;0X{nXSFyr^5?Azp%2UBiu zgKNsXz-;{nvvvMdsM%#isW>ZUOLZpdg$ofblBs06Zlc@eU*Wh6eR5uZSNQRM4p-g> z%?peB$&XNRVQsAbS?{wJD1Auf5nq4kCp5iUNFSg0Vl4QE+Q>+gnqnOlcEh}Q4jcOR zFAi)h5fBVWFndTlVDx|+!)~Da!^KBK{zZ{*7Tt9Cn*&QpRAZt;F}}IuiX#wIvw$4~ zR;}&o`l!tm5N~t#HMQr@pEv7o5)iPy9U}8bQH>9u|P*k`zgc=Gbx``)>poT*n@Tl%1a3C2_P&fT+x87Q~VoVsy-#=3S z--;{9Uqu!K4ljG~C1}7AQUnb^b%%;_qo$-nia7*sAb8*r5H`rWH*j$Xbe2?91~Q8V z>A&fKNp*d?UoZnvZV2=(1op2T%Xp1$XD|HqGyKJW7j)oUDA$$U^(Xt|O8Xh%>98-R z?Kd2N(tw)6@#^~0ZN;hj)qBF&jhj&&-sfN=|Hl+|eMJ>LSk+@=W2%qBK&lW$eEbai zdtxwdIoyZajq`oNzUlBH@1KiC#**S)NIwLX9EO>S27zKg-~Rc>3D_f5elSL4O_jt1 z$+(^2gKTZz{4*&0vg_m;XOB_;LiTzUNA!J(o0fGk*ATI%SG z|C;;881K6EQw#xA5agi-{07ovus(CX^#@)dZ>=dr)sGdVf={kseiQT&e|KN!_> zevqskIxTlw4(Dl3)w--rkZ_s*dQloo#5NEbLxntf<@HFqu{5DXH*bm>*3{G-ZcXsA zu_>QEP_KdUx~yyP@Bg$e*3{7OKHqJ37PS4zz1F(ByPJh3FDJJO7w%2skpbSbW-#a=S zU0kxe0KF_nCGQXzZy6dN*YR{TGt2%Jd1KWymEUCy4by!EpJ41J|H_4d(#%l2fVA!3dWom&$k zp|?keURQ9}7wacjUt8jci!FOU9Bk}7y{e+Jva;ghoeyIEot>Ql#V-VZ{rVMA_zj31 z?EL(-z89xyX=y=0L1eskG1%4PWfszsk~P)U+}0xs-c4dbha02FD>44|CPqnHdkln< zY`56o>j8{c9zlZBxl))j(T(wUP~LR7iM*T0H&LKE{1tOXOR(OQrnj)`y;36oEI_<} zEfWE#fvGDw+!~V)lMgu{@ju9upoMT*{b3vv>YoQ7;LnOey$LCzkU@;&QO*9)fZoKr zhK7m@)Alfm+X~?)Cns3uP)&@KjO#_)n}DE~Yll{&-@Nq)RluboU)ReAxq-Z(fBzIk z=-e5TSmXN}B1vJrO7PJH3JfGN!HNF4GOGKKUoa$OATQ?{(b%X+;eSKepB=}^{uA(! zOZGp{HJ%oqugSIP*-Lh)NXgEST$xrp9M?W;Znj~Iu|T0}OQD+LOWQ|kq7)$2|Pqm6;LC1NC!5qacWklj*>ufS`^Xsigi`v5}yNd4gCHs9VDDTvO z158pkem?plwfMb#39MZQQW){&9bCZk;00Jf023I$?CwFJNrK-6E(!JGEE%IU)Hzl<=enVzgk zrFMxd`Bo1%<`x7J)s6cu9V6T;K9&)H_&|tpd>9V zt^TuTCMG6flp?Gte&;8<7U@2OckV2%uk$<1A_UyF9k8os{H{_x{djqKlScXyxuokA zn8k+Gggg%(u&}UDQ6ajztU)R@3Bw^`J=ouOdigRcHlPR#3(L{X&F^^1?K8yhVrEHp zt`r0R9xmCVkXtqbSy&W5q=%ntcG0?I!bL7m#H$U^*F0WXlQMc8Z!6xg9Q!gS&(`3) z(1z!Tswq^g3DIn;sAqYNEiS2+^T8!;0Essa^q`ZdyqaSd2w8&9i;6GTPYSDAbKM8T1VCT_0j(8ooF?&dwf)+SDz)wZM;@F>*S1 zeM7@%!$-AnuajTKVDTc4^k9Yc zXlW^D(uZSE%bfh0OM%&e=>xG)=e#!18cYN}Xbf^FbahPcCm^8ZsNfzqI5WRTv}RDQh}96mff8PdB`F8jg=9>~UtSQlGNG2^Vyy3B>|G4t+980a8^&+6NT5F96P( zE{@13qC=>lUyTfz-)DU(pd6zv)O8=G8hTID`(#wxcbL{Tz z>Z)^?d%bBunjWxF=e9F&pwD*$AD@kpksz$tpn;T__&eilmOLL=R77lpaw-)XJxM(3 zMe{0ZckkZK6MvVG>71KX5I{{$J@8tVEt)=G_ugl+K)sZdl;;y~Vpd|Gfk2<=>r-Ci zUh^1+y}%-3u@BZRF+sZ=qFYGgUJep)xq38I20vdA4pSE`+Xu;E9riFIDEreL5>ti z_H~3_s2F2lV9+f#CV?5HVL`Q_nuBn}a~L~wvumzT#)K-~Vh3JaqjoX;af#sG7%JELu zI7uJAeG;?6m}%A(H&ySkA1-oP?XnT)+%I!jZv`c0R?eG_E82WNk>=ieo8N8wnTm?2 zCLvQJ2w$MEf8UG!9Vd;@8NnB%W;y#r8W3`quc7&01G-5@CSR*~#{nd6&Y*&ngsBFv zr+h^P1&c9z$do%S!oLygQVCid8^aoYC?FfIbx$&*NuPvjy~Q@1uYlH=p0+qulUf9>xl3wo4pvL@PlNI72LKr>2Be--BU2Y6m- zFl)3*gL{Kai22sw8TSReU4nJQE0l4ufsf*ELqc$GU4S$fgZU@xT~V&|rBiahxY@yH zVX=ZhAONRI_dN{~Vlj71vK}drm6N+AQUv&rX1*5C+=IfxrYmj9>aKjwPdM=Az>AfY z)%Iuk_!nc8TzICV*{|8Jc6N4Pc{;814kv;@mSG7c;d+yW5-J|^P6^8Eb+kD18Pb9;+c0pGb9A--WhNV`JkMOHomX zhiJFbMtz=mxs(=*J?)2`u9YJ`2Vj&_b4ks#U#woQXzjwS@g_ykl9PoIunUYyArny4)8p6o7gaB#%PNJzARREMPK za5xwBGKE%kc`sI?GvGK=G zK2YRgig1X90Kuu*1;rqT;34jrtEz*gsVs z^RNS$>pr35XWH5cHvjeG#;}8d@{b%vvM9&-*W}>uQK@E~zaiUtUtp*h7-y%al{Vuq z$G#X7JAx5o@=^T5`9}ORGH66ZM8s;*(9tVj^k;y(&t=hD@47|$=Wmd7Y(vvNYvT3m z*XX#!08m`3(ICj`?D~6QVd2Kc#`!2RZ`d`Xg}@I@05F3~)qaWcr;&(woqSUif@GtR>k=4Li+_mb|50sI&u-%VClCG8 zto*081?TEs|6nzYTbH&kGL?OliSrO!vGAO`SAx!so&EkNwMT%5WD55=eElv|~s88mu( zfE-xxUM2dp@aGlE<6PNjdZ6poxbJ2-2FFK4d;xK$?$!nO4{3taV)M~9w&6l8mS9ST zMbxvPVbJ_FRlp7K#DlLGlz`92#K-HE!51F>VlJ*PHEG3udkgHb&>qfa*eGby@@{NQ zdx3BVq_CZds^ZUeW(cu1LkKL4NaXyNxU;h}sOo5FXh4CCQ}Qjt()0QAtl(gI1%>Y2 zh4$8azsmZAL7nu{#f5^;feP<#3d$nrs0ll-s(?B?M=`kwS8K(iOXA{r{H zyN5?lnvh<%BS^fyzP{WIasS2r25PF^$Ne$zL7JAr8W>8sv6^XBs*B>E7hm4lF`}l+ zs@B5_)>3y^rywA}wUJEn)e%=}|19_WRk{*?|GI%-eY`20z0zu$Js&^H_rW12i}GHj10n%Xyy6P%;op4!^PH7Zx-bRm}50+S#g_(Q1(2 z;2fTGAv7?AGO&EPbKh`#y20A{Nky;x1VLuaZn@lWTsD{D=f+$z=}=NLZ8)HGk!{%$ z0oK!=8-<&jHjcyUcLIq=ufd25EuyK(&%j_h5Qpgb1<#>#GshtSkvsS98K|kzkQ+95 z^02chHB7g?leb zGVS>oeKK@$Dv_N3BTxqRIwz{^&wl@2yQ4SIrQx)~CYTE!WO4vHLpH2eJHRS6zLHkT zX~7c2io8YA@Fm+bef`e?Z_vh^`h*xBs--=4Y8xGW>P$;fU0rST>@6GxznK-&;$A-KFaIt!nB{%Vk6e(Us2^Z-L% z#g7`;%GMSOIVD)ctgK;K@CemVQXY++fm#I~x87#v^f&u=u2%q1Sx8e=(p+0!*a;S@ zRhX?Qs3)BOkpr+>`7B~WBaoV0fX+ebcivxRZ>ZK_Qku0QgF{-Phfe(6m; za9S}~b*Fe;4Du#2JhWy(dE1Ir+l#6xFNuO{Y9_C9i$gj|A=t@!Jnd009kd~fxGrVj zFub!<4z$Jcf}PFV%U}%o6^-ZXSyK6Gx(^+&`PyJX26I`hIR%89dZ1=HJ>Fp>G#W28 z1JY4e$@xg3-h3;kh_!xBQk~XZY#saKqpMm;m07-$sB;@61ur(fE|Y3S|oGjjg|H zN8m|+h~WCqPfjyUeoZH)sQhT;p>&|?y;=2rRRNSRAgKUk76w#seVWruwuO9QVWD-3 z1u#*QQH2j{)zw&UmX`p{$*+Z*#+Qk|y#ctr+x8?QGjrzY`xUTqxdifFS7U^!sj$=( zjGXS}a~YL0Ww*jW(3wcjIH;XUR1oHweaKqv1d5Za;rjiLWxf}lq|HG~pau*k>N+oQ zNwnJ54UEtJ%tfk+^AOFllgQA!e>Gt5W})N*i+l}R9scAm<+xXX?>uk^B|a_=dvl&< z{^~-8WN_A@oSdAR&s}t+tg-;FT>z!Zbfb@+=Sxt)0+BI;(bC!Z05s3XP}V_q+27l1 z{`L(h1wYFz%Z$IFD?u52)L(*Z$$wjeWf(B%_7IYVl@;l4xO5rn2#^s3`1leyvl|Uk zSXUMoxvhp|>O!P|lGU>I`8`a+t{XdG@=6_HdA)AOH3|a@aGTlQ4(C4&FCu^ZauHmA zi#@=4VnRZxq8p$pBG0y0mAUw5jym2+NxjOZ3S0r{{q(?c;Z~=3IpN2Y>$taR9>5sX z5FE&ym#;oWCpHG<8>r_1tlsL2iHVtg>kS3TUxUx{U=?V7dX+XcKth+E8>9B~z8Whr z<$jkDh+^~H%#4nnKBI;No+jkw`+F&VfNN3qoS6j#SN^S-1qB#$~h?d*!u(+xq~UG0YZ$@o#j z9LTkgp5l^=Ayg@V1O`NNBk_93jR6QCRn+hnx~hnXo0OE4#&bQ;VKRQ4>t+X1*c(Tm z_Eka#ymx!qWIx()X4++(^o+OIyabBU52ToSUDpw_KCAv>^c6PlXL9`&*y&G~12Dmp|7yl; zqPmBU|68l&Z=U%deHJ*;FBr0`^N)gw?8!7hlOO!M*a`GowolBzf< zxW&fLC@A;wInJX#LoEw;&?ImGP~*Q-@KvjL8j)t~k2J<*?H7ORFTZ?CdBk5@CnsO5 znEZ$W^y#Fl^DwK+%Yz(Jc*a_To6IdNxDx&t{4AnbL06VuFfK6>?=LG|!OyWK3%nd7 zV2Qgbo*p!UxRpr%Z%skxp1*sBz&H2**>42CEzn|#rqGy@3R4IU-Y}k-1X`NU!RqcZ zdAQ=&m{?$00DijVjPHVC%?`oPd-*hLIa&;lh)|Y^fa5DN(P^clSIeYLa0>0(mX@7s zA#|uwh;_SEkqJjmuBf`EW@pkvM$qYKbC`g(E#S?Y(LBvMN7Lf!>XX;6pXgDBSJ}_( zY;S`CKvO-WJ;zk8*en0D*pVjS06sn!3k$a`dUU-n&;7Eioc6-tpXCrTpQ+sd4aOtq zJBc^!?8(u1ca*L zj7enC6|^0=+0m0a+TiuNd=GS0d=7_sEA6JdwkHo8yp&lD>i2%HOpLcDVRP7GLoN7o z4z}W5eCZs3x-tOd-6HkeB8jTTdRn8r2eVlw@AzXz4X?axY%H8^OfTc#;xLml-e1<= z`q|p}dwF7{hFtCL!0+Lp*cLcpf5`LfW8bTbKIhSmVtn>Mcv(TPn)=znW@4@FgmC8t z5TX(}OvRj?$?6Ck-VFCT=M3wALOPqqD@?f^OtGtblHIB-Z_~a5l_=%-2LDi~@WlaF zmS*xJyq+$-2SUnuuXE(Gj72WpZFI){Vo2!dvKN1^s~ZZq7ATxpjTU{2p=Sj6vN3=rA5XZtNwG@B#l`UO z;cE?7clX89!x@5hZnxZUZlld{Cj|=%#=wr~eHpmG* z(O-K-E8SaLTPwTL<2?B(awC#9dmtuPDOEA;BU#XKA{SA|&r}i_UeQ!-S)|K^z~MCo zp9+ndB@NVqfT({9bmvwcCYKYLECQQ}rRIN{gZS!jNRS38eE}&H-W)g?p94FG1O^F7 z^o*x9rZ}O>Igj1u;qR4v;F$A0o>C49Y6#fh7`dx@zkg;hmznXop*ywR;&*N{smse( zz~Mw7f?blWnTLk67X%093P#pO3BR?3Hlq^3k00lp_l7=q4dtn;84yg}xjW3n!m@v| zi(PBolhkuR&O;X#$RlenXZt+@pN#v(Sf#DkuIXrzAJVw^(dR5o(zl8292h{Cv){`x!xY_kcx}UiZ~R$$}B^8ntxLP3Si^UK;vTL|SR6sH|>m#HTm) zYP}9%na#2r-GgvENd5JrKsTW@n6X&9WTcNxbe(dS8TfR@_M$*o#=K|%9ZV|qVnpJM z>B67Gx4*la&81rk zU%mMfxna-+Db0?x`UIyXx zUdRFVDSW!__KfnXlUq47j4r)u(qDwY~FrhSKZx&S^ksIci^Bj3OLaKFG5&I(#35eWeD6)S$TGtee2H!& z2s->ezmktpP>^(Rs4I&ZX*3)!F*S4k3Wx4UNLK6}<4=B>!$>obVRq}i@m`h3pY~bt zPsc}ug-4&B>X|wNV~t0~(|n|{h8v1R(}L7@dde}SaCgmEw8cA8&T>!L+_w0;e@iHk z7z{wnxSvE#o3@=Zb8sZ8$td@!H3YtKDr|)mh6DRqSDDkwM>w2nA*>ykiH6^5dhu7% zadLLTb4@XcX}4bqIIouTT>y3*^6RJL~KB3nbZ z|5f^iIO0|hml?m;(R$U4U1kI^he-&@5h8J1k~8_Slj{ERoM6LEam22(N=P0FbMtt` zg0ftN5UCc@Sry}RxvDvW3~<`nFmgs%rQ20-+?C{aI#_+Isq>>qzu=1}V;SgI zl$Pe~+VG}5vMoAT(I!5N(W|m!E@H>Bjvc75zSn%T`B=(@AWUC>DyytYG1+xp;2zid zr*0tz3nidvh4S4?PGr=iBo%xVA3w7>^m!vUU1@d>gf%}@`XcpYGhvH$93=+S5EF9O zzCws)dyb;`8vK$eUYr;|0qH4RZ<*(yqD}I{p9~kdmmMX4CVCr-kE>3`d?1$H^&f|5 z2~CQ=z-5-kM5Zxa|G2))_)55e88RjEf%XLI=g-9*N;z5eH0Rw3FI$)%JUH0fGpIda zwvq&WORgTKfPLntc2v7czK>lCLbBRQ&GNy+37@*{fGu?XhMcj%AuygFt_}Kaj5L^; z@g8k48`QgJ69?iDE&?r8HEdp3Zf#qYrCFw0Wmjh8hkjz>W8ho}#wY)5(4r{Y5erZg z4-aqj+D@jER$YB>z$adlGQ6h)xM~k6l7j{>&Xgm=vf}7{4wHHWU~O69DrZMN(e3)B zEZtr4#U-&+b3_if_z{5t+?i6+ez8@zV|DfFd!#%y)9`igqnEz})aLn6xMC9b6mGam z&sxUn>LXx2mraXOcHI_~5bEn7~EPuJOiNrgtfHLdcr)r%?pX`yIM7e*QW8_dG z5)w&+h}84FuHwLS5_O7_ z(2y_?JGe12UcI8xoY_rKl^$oAsG?*)-6>6qW@Mq<+fgR+BZ}1ZJ>JHOsoUh$9S2+_ z#j>MI5M#gO(>^l)#e@ZZj0D z%e~vk+1mL)ylZ%fIjSSj5T#Zr?IWKttj|6+O41PWvxKa=@RDsvHFMxIZRMM&gx*iD zwGPuGZGPTl$0V-9jbe%l^Eq_UFkG%|Pc*w=ww=8s0FYl3zRH z(4lXUmN@Xh$={EnfM-pB+fJYBub+WcM7;V5;*U=c`0WVhXuu;UxPLv0;t%%+Poj`d zf=*a!Vq(y>H;+Vte<-NCw3PnaUk}XidhC@)MKL?1wA!|Xj0Xk=;w~fZfG1f7#xC$r^ahx!MfQq8JH5j9&aPyam0k*9*W;bj-C{#lKEODY^S{_d{wk1YE{P0Uoisl^4je@8 ODl4fZQS`*<_5T1!{YOCn literal 0 HcmV?d00001 diff --git a/docs/tutorials/e2e/boost/assets/Step4.png b/docs/tutorials/e2e/boost/assets/Step4.png new file mode 100644 index 0000000000000000000000000000000000000000..ccc08e8f87f5e544c2d709b59b7e6c8937328617 GIT binary patch literal 18553 zcmeHvbyQSe|L!0P)`)>fiXbTxf(+f=Axei5(jX}fj)KzCNOy>!FoeJmN_WSQA`Ju5 zF~r>ie&c&CJqoOV{2o(rw+zOcb>W2F?DdTwdZAJ zwY7X|?ciu-$zo_@<Wrl#TW$9V`2xX;UY$1o)ul0-O-B69l%``{_~550r_T(vcC7*xvM;mz%Pvuu%Mjx+ zK1|kaw)laz#7)by0?E5GB#uoh(Y<00yoMH2giC>1Rt%T~uxT-C2$Y|nD`CI>f2 zeu?lIpSLbptr~|GRL{)MSRpc*V<|+QE=rm`QQ^b{CPs1C(rI|=XV@*@AxQMYe|As% z0;|uq&Y1u_vk!th=U%2i(G=qhyVX0mcdd-F!EgqH@k|IH~_&Mf>6DWT-K7q8#b z-p3QYDm{d|URxv2rXqeUwRqgGuJ5ew=qMVt(t#1&X|}H@UmQU0#JepXl$Y}cd1B)W z0@+>2l9b1W2n3Q0J^6rGoqm|&o_u~zgR*f3?)Ez!PXUsM(y`oNPpCKcQ zAdmg*@}*lWp)sO|>x0$#@tjPhh|OxvNJ2(R&obk!#eVL~l8y87*Xni0`h8(B>@%En z9V9JlKX2LD*)=Joc*Z_7yBP33m044h;{|bGaCa=Ve?|F6s8wiUFw8cJ-EG^_?oqZr zJIC|S*BMdNEI!{290EHCRYv=DyYWD$5IAqh-@XD@U0m^p36p_tGfWE;V*kQc9f5;_ zK&*tR@KX&OGT*+cNQHLcK}>Nk@?1Ta#vwsCdeh1q1`#GxZt`IuPGC%(%rDM@l5(0G zspPoCvQY`}xFoxc&@nEo2pzq+hk}eMk@ZQ++lGmn=3>a3W-7C-lE&H=bn2fk(h2q%N$}-C!4U7)vs!!3M3NMLz>kQCU)$OmDa=qFv)lbOJeTCf zLr1qV8y8n%b|W;N-=IJDjCwW1X1wxyXTjE>ev$;4_mVjr6>#AS#YhtokqxI6>LE9` zLydRs#w^m~V7D6K7Z=F(I`hM{uvTxA!<#n}fuvh?>iUuWn%8w$6;n&@x6-h)?=NKO zKYY8ll?@#opNBDzNK;-KdE+M)OtKM3yyI&DcTGyYE7hS8&n-bd(%Q zYMlnnV!XUFotj21meGQNNU0d#xiY9M&-;kIJwt-sC?4L@xTd+d}3S7YZWGBo@tQBz;<>r|nk}5tweg$y8MG6T?@odE@4vwvAO4yR($S&Ju-R^X+o@ zZht4ked}>-baZs=!garQA*&2`!xH5t@yBn>j<@kj;*X+m>pNX3b}xqcR^=1fsK)liQ&N5$?>64v z%9zr2MQR~TV~GuBT6O{gl$!N(S|!xcO7imYmi#Y&A@Uac`tbYA7W;DKTwP66x*zbE zZ!Lz1`^9Qrm>Ni3OfP<5m}u6WYP_=|&>wxcKW6A0*dyAR=y9~yd1(GqyM(YMOqk3& zz#Og>bYby}>&Id`$`l#t_chPxzFqxbzOd2VDLBGuH*M3e)D)P-#Lc~FaaG|^Ui|d9~$q7zKlB<`@i#OwW0wOvo`lBX1oE4;{W1KwuO4-VFTY1x=G~e^l z7(7QIiK#CZgVuSzFgEUr*tbS(2=fYrSQ^Jy-c6!pv4B>2_s=ERxFpt9c!I!1B_lT7 zG21VsLOky}t`#LG8w{sL>v+iRK_qjyEC%E|R_0}|&OKS|p$v$gI&^Ae@Ut8(>z|5y z&aQ#LDNBWA7sVu(YPEYsj=FliV_WRu2nL{n+SMz5WrVBm=~C0?kRt;p9R4H~qL)8K zgR(hiIrK}SGts%Fcw!c@)b4#hUeF^9AvfF3wSi!kn=*bNw5UxymTye4uh^X|veUn~ zfw#pjVV7J`FcC_XLqftqvwEMY!hn5wK4HvAoSj&!SQnMj9jim(dZ{a=-uNozjj~_)WAo>}pXE*-qs?JMGMo(D7b@tBdz$!)*9NcHg-C-m({lV4@7`FAh}55W>80 ztcMFDw{>$`iHe09gLM%L1BQ))ObITV-6}SfYqR;fv~=pPwy#}XiUxz=Nc+AArQx=8 z)e6Fr4qd!YH~(qigF8*0uIp^CplENesE z$Z0p%BWiwr)%~0*iw9^|4%_J_9+D4XKR~oHN#%G%4S$ZI4746EY><X)wE;CL#vx=eRBthOr`-E$?VV|uYm+xrSL3w+nW zz=LD_BUkx{JX3r`?U*w`p$7e8H0!4g$d`}p{K9ngHGIW8I)caUrOjkJ11lMh%5VvW z+?APVeF}bV39T4*+SXYryTbvDfy`<~E%7Hzk+IxU4UMxXh>i+bpRxSsuUZz{j_-pg zcpY*Z1|`lbaQ$-YfAhw#kKkHRR;%@uX@uglqjWqDHZUI|ZHSd(LXUq%pncn&F{khPtLHKUXMrXASekWPq8lh$cK$FobkNDWnhRM)2aT<8a7(+DdcEVn! zB}>iXR-Ltbm)1n(j#fxM9TO@KHdHhxy)nz|AE1<@4SuvlA>BeyZMZ9CX{C0Z^{Ea^ z19zF09637ekVpHXXq#G6{<8zc7S3C}vNKl#wu9qH;8tVhN)4%f9`5eNl$YIie-KHr z*5DZ;1l<6Frik@+;Z541l7kIjwfAeG5e0e6-*la~+!iv_+r)`QAE9T2?TjB+%Nz6S z66v$ek0Y}_a=+UPCvEd?3Y(uN&S}zL>U4lsdHZyuwFVA0@bulksJrGvT~{7R5J_P6 zkS~V1`6`;R6Ps+Nry-4FBBK4A1~PFdh(K#8Zbxqkn>XY7@lrYc2)vq}8JaKRwuF4p z)=z!%>E8MC=XDCFZ3_Jbk9L!&H6qbWPx5Z)GHevu=;urm$weQj1K`S2+G!xO$yNHu z5Ox?{U5WnTM~T_&WtEfbw3*O5*dAe0W7R>JYTDYqjaTt7k-($}C)UzDdcPub`>vF+ zi3vRoP3}ZM=!zr>fIlp|6$=6s3K$yK<)IhK zH2!rC=*}7vDKJ2vJe{A_z15G6WeLE)v9bQ7!aqD_5D$;z4(+|%g!{aE79M3Ws;jjM z*oc@d_948W)0JdVvIe}sgXf+nl5l-n~d zK@IJR{2kK3(~y|&N(pa!Ro_s3v?VYj)o!JiI_|opJCl`wDh_z;*(}cZ%raKc#>VCv zm&ZQMC!M{jcAH0g`}-c-!z}0!NdXK{K4~Lz@S`Iu=A(r`>Cz=3cz@mgt*T9;l*?Iw zU9^ATjJ^RSbx7Jz(|Yz3r0eYs3+8pL{IgRz!Ft}%2GbW!v+aC)6VI`!m&NeaxH;!> zOwN9i@ieJD;5*aHM8^Xy+#q3C?{Y*de0b^mM#8k(-G*Oxv4Gas*Y|iqX(Nx!S&RO~ zyvdvK%hE1u_08;N>w~jDicH!gb!461zI|J`TPt-sVzq_FdjJhy6ftU5IQ>NKT)A}q ze1sGA-Lxe4b)K!|1}r?x-VO8lJ~*0z4(>?F%)6DGCeR%~fHzROgv3kx*zAAQ+bt7-Q<8D$bh~iPD$oKoNGtK9Oxi3gM|NKU%5`XW6o)*B8fkgO| z9gF73IZKd%GhKLuc6Tmf>3$g#3aAHfSaK+?3LEbu@!J0t#;udz7V`i;O1Kyu7%2aQ zy8b}ooL?=F1CPXC2wDBQS2TNhCM^Vp-00w&&QzX28GLB>iWW1A$w;4WOP2}%7e(;- zS^Y#5v-bDVew*P+7fjtdR$ZiPB=**=(X2w4^`Xk%xE^JmPi{4D*LKxZ0Sk5ISKLW~z-)d(C zogXyH9yeU>$izqixvC0@t|9VHsihiyME2{F5JXrSN9T+-#1{{NbLA}LHDL|y=W_<8 z!eo=e|Ls>A-*B1!{^f}x`_DQ}m~7}3{u79I=$W#!C6LQdQ+U!3zx==bj!S+Xa-Pv! z&fro_mp81&=fC~x^Xq@PRqLh0lH`UrafSp->Wm~D^CD!-QGu}uOy2V_wn0srSS zko?=KG)dOel9lT%Ol4=WPcwz@`%spjfv6KO`oreODt5$gWdV`6k_9bmIr$#jv@*K> zVp!0>_~TmMge^W0TK@a8S2IJ zyFwu=CucEMUYwPcRZy_{sdPNID&s)Q^b_5_{cPL2w{LCd#j!FM`}ckRu(F+TH)G8D zOsi6oAoA&VU(dt+{#cksp^=P%fx*+KRM@^_#qm}F6cA3Tk$`{z<`V6Lf(OPw-(13~ zQy_IF(P)YrH#jT??hmJqdDXr;r(5pubtX!CdJM>3;`CjMfxNYyo#UwhR`Q!v*k`Nv zfL2c;G%VnsKeG+5EG_W?>>M2(74y47GRhSr;8tSkGN0lH+5zi8EVrR zKw`A_E_k3`W3S=D4jjv70yT4s-yyShNnbDCj~_n@XKH+KT^FjFF?g^LN9k$s{w&qpE!>}tvsoD~%Brk%U+BpwR5CZuU5`piN~#=1x|NpOKY0>m zNg@dH_;)`73SNZea3SAHnONKe0WsU;WGx(w6E6Ohh-mw{j!(2!HOCTomN>*H&O`~P zR+Y8R4MKZYIU{qgciyn-Inr6OeCsIJ5I40DXHG?FF3+fA8UJj%+5CLN)~C) zzZ+RlwJ+2(UA{COW`XM)k3_yB=Kn_4UnI{JD{qVqz6LZQoeC6lohp=DzRH_)yy%uLvl@tAgxHO0J z87J?uva}E0B^DoMh*%m_=K_+lTs7SHQI?{>uNvGC{`I%(>%V?{KRP-Z9v+?@qE(>bzCs*~nVR}rW8?F_Y?Ux|MvT|an6qJHaAam`TH3Aq8p+X; zA6d6hd(+`c*Kgb~e)99@&uCVCYx~N3cKKiuGi=eyMKMICrlvZfQ8{ykf;#tHTwH)0 z`L(^h(w*kFY-7carXn)@Vy$d*pXkwZ``ef04ecvjC-ZeHXrkMjo4?Gbw5N~|qh>>) z9oEj`_og}**>h6pwcXx~BgiH)If!1OuGlM_=^?~UoG!d$zHxvW#nxk5z&&u7Zn}m} zTvzR(%Mb+Ngiq=ID*yz|_J|EdKi-7bu}1(A^U+p;m&{@Dpx)9*X#qk9G-EURlotj-Oq#3#5- z{@~f`HFAH_YZTNsdCWk1I6hqUlGC-Dpigq|xpOHZIwvQ`*w{Es!NkaDbFsg5$b0~; z@i3c|%acg5JX9C9H~9bG!kO`|xy zr)+2wMEMK9uXH$O7f(6Iv5=mO$L*@%_4Uj+>#%h3imYiCg%1x^fC$x(63>;3W&y(x zD^-ZAkZJ7e9Gtno2tQk>8^)Z$ z!k3M);G-i8q2S9bp}ciVT~#%;uQO4A?Dp;azGBKBt&Gd&xJV~aF)@34d!=~przTeh zfkDRVes`l5tSBBjU!w|8ii1-~PX zigqc{R#-cX4wh!}5D*Zsc}qXCc@b__kO=EqVjHA6<#4votqgWF zr(sqo{{8v1Mfkh*p2;eomST&+?bV6nCH-U9rcf%n;#$B@>68-l`Xsb87_L5@>quyB zZWa_2lx-Bx7_#hLu|_pyP_y=<7Y8MbD$1)%3=7v9DZSJ>X%{lLEyzIJl(<~1KnWKl zeEasTuTM=#s5&MlhCt|`>*bZ>jilq(Z{EmcfM`8;?wo+zc0{@5dvpV;Cf|p=2hY{; zOAK!unk=Sa)`>^?`cAZ-YqNaSM}YtZu_fs6Fu%wI$u-!T3cKD z(XMC)=`;7fR^6+~s~*emDYcn+{PBs5U!-+`ZUu~yu{m{)$Zt@G>?C4wdk3ehYMaC9 zM~W?gb9H|MHHkOQ#a8X!)7wkww*2L!H=;HuXypvOTPImI1<1Y-gb#WxDk1`5J+=?X zl)6`zwBBuA2Wgj5x1E*MDhz-TscOth1(D~l>f*R7VOrtIwO(B}6E*fB^?PhTEKRumSh z77A~P=>)8q$38HWw6(Rhw$AUHYm2>c{W`n-tb9PCHo2a?l|gs%xJH{%4_@Y%uevr9NLk5qQm7oH{nd-pd^(h^SXNvnhBr7j>&?C;B z0z0F26f&Q-SH?b86+12s0E|=a>CIG#la!Pc1fYD2MTf0-d9nXv@q}QQ&H*rvqWYew zCIR|;k8H3&pOrB=E9<$2MofA&3g1P$*gT`EZ$#mfwCYyhBc)$39lqX@I`_BC^m-IT)V6e3u?6Zo7J7jqpqGe6FvYEngzUt*fm zp(i;Y*;G2VM_u2eKM?lW%oI*FB2dx(J<{t|SDq%vm&w-`Zq$)4R-6D^3Ktr0d_DZr zv5i5|cMvgMUBx048-79uB6~Qp^dg%fG{IcChR_3jc0P{WlvGh)Ed<^3h5t_9Qtpd~1T*#>6fSkJ?B7q9FJD)}jKxsSXqP$R;^!sh0SZmY=W z9%MehCEtl&N`Bf52Vpc~UBL|I*c9vx)w#ckEYf)X^JR*q)??yS*`?RcGuAxDJ7Je) zY=Cxh(y_C%b8~Z3Q9T7%pu_C_@Z9N__pq`qxDY6!(9o+AH(&etIfD*?2@b$Uz_rEC7|6__ad1bi7N?TrDK236qL~dzk`BX=GCoPOs zID2|}3N*gJ^73TpWh^hxjtlKM<$?$t7Mv5xUE_k)+R4_U{v6XYrnvd+*t0;E-hpJ# zh4x6pEAw)5NrgP!!D|~SvC2ptR|<8$#i~bs{rc38AJ-@-JSJ;!j4@%fauKqCIRU|w zZU-DK1mdB-KGwjvLIztt*xMLjZfXSpWeoWZ#HB)QY$lqh_7cL1e5^?8$bix*d`K6x35}2EcUd=zi#-e^;Q#>)_(g^wh||!} z&{&S=_iWCcJ^NNIJ2#gXusSWR4~Z~oB_&Eg;{mXf{NYG|F;mvm-1`lJeFcXa(<{JI zGV4ii=9+N7y9FkajK}IYvPFAouplHTXlrxx@})~R){?V8p2f2Ms;Vjw7@%q{PBtps z5zq5TSy_4YxCl%xtgco*ehZr){c0~M*#IPPEEHf+87_9xz9!6uX=-YUh=}0e-~e&# z1qfZ9&E3iC_mzMxgRA}uYs-jU?0X#;7zmO-7}yCg{npmjh)S>7UWlRxA`$CV>4alp z#d`@b44|doi7Nkf3*g+4u5ikPlB>L9?jut~0_y~al-FsQn4BDp5S!=0%Yk$1?%0Q& zcswFvPXS9vNlD3Nd;9L)LSIgAJdZtite@Oxew-7bbXx-lv}p9|)2k#TBt%5pO?N{q z$16#q4P4Fu84No6ko)OXa&mG)!t`+l1I5z;=$ag=@^DjAi>MC*LxP>F!r!ObVmVeT zH?DAj6*kyG0tZk+@c%oAf_)k`it@?dl3nu$?Xgm}_*HWeQl=~|LNlC2c< zGBY!yA|u~5G&MEN_kX+B zGZRzMxPptPa0ckAdcKaz;>^s9Qxb6gY$I!dl?S{G$mHg=?c>=c9v&V5Xsj$OQGH&Z zVZaxATmt-;R!PTFJ*2C#k&zmB?@>`Lf><{VYo(N34{HHBb{3!x-rhbS;db`+Kc}WD zk;n?ir4s8gUSl^WC#R23KJ_I8oU#i{-3hx$0XYd9DwCwk0QbMW2Ecd$WT@v@OA(yz zngofpskK#3R`%lg^T3f8CI(-iYGi(3lL9id(0O(ImflM$cJ@LrpTV5_^5x5UINr+d zw;fN4ecRSArB!SQ5jGQ5z;gzZvbMJNJluEr_uqhoVfuD39VE(MzkVerCqtlMs(_Y; zIcMa*rdWigcRcoG68t?Yq5B^Y9++)F0@RrZB!kIgV`5(J{(74E_Tjk`dj~snp(`KM zfVubneRql&zQpZO=LwG{+#bSHw^R{IkOvXA@*~`Wi2`ORDtcxe5`F3zf!-#oSl_)& z&VAJdbP_wXyRkRu74K^ynx>Aa!LQf^jy=G@U=LH=IiLSCQ;X|4NSO~FJP0D~fAb@L z`aX(+orA;gGKp$5@^M`8$WgKgJX0wtH~>t1z#$gjjw9XX=H>?9+jGalzzZ`SD+es! z3muQbT7f{*PIzLN^{}h%OmPR30+xU=fiUf!0*+_`_lqfj#*bJpAVlJN0I|>Y&4I43 zuLGv8)rjOQfO?jDE*aGO-@H!?t_BbbhbiB?dGqF*H*b`L4jlj@gOPq@1}|?OOn5}b z4}2bwtn)c6;ME5+tal{?4H!>oPR+aQaa^W>W_?%J{igSKBlrKKxgu0bN_g4n29|Tz z)rqsR7632+S(J$ktAeahh_`RgQ&J|Wq)EP``!bwa;)lYvw;_a*^6J$tz-4l>cWz9N z{b{{uAPkDgi0FGvz60k5FfL&0x~(_U1DV6;hke$#bew1G@V zcc(Q1ODJ+|vz#6sNWu3clYy643#Fp;+#ZHFd>0tVZ#VtcXK&LL6r6#Jc7=lXrJI{v zDVS4%70*kPzJXC^mb&%?TXTS%_@TDcxjSO&17CN6UqoB{c=10Gj}d-Zn^KU9`ai0x zKY1d%nCFRz|GWR;f8J%~>)fX6v!ZZn-Tj?auXSD-85!VZsqBDH9*=#*)(=?4(@+69 zOcrqa)b(5>#srO;uFCY%GIzAKfmE{Bl_C~$TOhZxaw)$eu!0MiVHujn6|TG$MO3QO zEs;!k9BG5v$nK02jFc(mU}tyTS~MONs5m@W*r%Xhpn3WR%eYS~7hHW<=LZRl@2y1O zaa_4@;Y(bjh4UpSw7tDu;KkHyC%>|?vaqo08J^qA!@qvn`XNNr)cSmI@grPSRNn8u zD_*u=9(oYxH?r(2vYl5_?RD&Fg#q+JWic$T6^pl986U`(9F^{&(2EPp9g;wd1r__~ z*=$KZFB)+jD;iPCpa6xdT-M8>uuz?^Ky>EFN$BNb4t9Trzz9l*q3~tR z0uPQJ(E>N3k>b*GfzR)f7^7*y7fyZ(Wvx zAARE}QA;V!{|N~7lM@YpZI z+VJjS{s6t5Pp*z0 zutU!jAs!x=_337(VxM+vV5TwMy_*KiNd!V|Ke^o({|b4wJKU?r8wWK<(q@W_TzNO8 z8W%~?cerIDHYOrIh};>sFc6GGauO%BTQ50wS_{3Q67$VgdWrkj+syYd@&{F;ukL$= z5>D9%UT~B44~`2x#vnfd2kFs-ZndX}rDfiU?$!YAz;<)rlTTVXtXod4ot@DzWMw5V zQn{>9>6VpF=nu;`Zrz$gqsKmJmjZb|Z25@wS~THtPFAA18%0j`#OnuLc(4i;5TR*O z1PfyB?(TYeiS?_55|Wbp`}@Hp9FiD5X%mEx-cEV~ed0?|RG`1VR+(+e_Kufjhwqaj z;FRuz`Q?hLF|mRE5uu$R{Ev1>0B9ydb>1P}c4T{!LPI}$V4T`k?Tn0#p||;mcrbJn zae^MaFf5ECe2N}{$q^mx49sEtvuA;xymJ|x2MRGBrff|pE+qwWt-!;F2#`e2gJcBs znr|u;P3v5agYfTrySedK$=1WQ{r7edaq2L#z{SWOpnF6w1cNM(l{I zO!ATdrxccr1O8)G)MK9R3j8r3f^uaD&H)l@Huv{@%9vws@@p&7J&vFCq#s>)rf{+- zid;W+H8nyaBEiGWUci=sB@Jpj*c2)JU6zxkxTUpqsVfCuTIvkY8rVP)XfRc=Dp6eg zbx25Own`d}&65)K$Bza6)JGt>sdI1)3wj>xdV719SdGX^?A@t;j~5`n0)o=a%&bQd zs1H9VnbXmMOB`m&QEbEuO$Dn+SuXjLe^)dcpC)FC#jN(R*GhtWG!GthgN3ewf}VTp zGkEYq>qh~47}r@~5w11_Q!rtqq@-9iKG&GU5!pX0R40-m(OCTU<`S4-pkA2jDmmPf zsX#V7m8}`X{80_q+_b4I^z@B2R-2iZKwp!en&BexpU`N_DkuO_9DcwE5CjxpTDF&$ zmw{UJcix&jWL{#Eu6c%|lN=tpKUR9R2l1=s+d7K?rrFiM`;<0Gx-i_N-%K(%P0-Mc<& zwfcCxx3~AC7o?;g;^N$<>Mn4=+4r`H1FVN0CSBIyBXC6t^U>3}8NZ0w&u{-;{}?#u z`FhBEj(cPzBst_u*q6cw7ElAKO~L0BLlV%w@QREWEZjI{!ILOd&8(bE9AaY0bhPYC zArgp{#X+8XOicZU#ub%nrLA&5xBp792(MlRuHjMr0y0-Iw)ut-p(9gOGEgt!XJhNa zw(T%Wvt>Mz~bZ)j*hx!)e_#^4c6tg7!sQ$(@oy8ig~2Bh^LQ}qFh zP63Bosah=|X=04-8PQ|QvuQV)TR=A-)hdRY$; zQvko))Rr{6(!Yb1pKHNyT&FccxPRXFo|Ws8U-LPSwf z5!`~dy3%f@<+ssone@;sY`?M=yk6|c?K}ROo(9z}dZv-X!^3`>$0JoVEdXji{pq5V zk3I7OuNx{-KnAi+ylB`U;EWbtSxrVlTTXH^GVftbOiU7F**nymc*fnCM9A%}Hu`nR zJo`mnI~ER9jZp!)BXJ6dl&@dEuIG!H6mu7RF|H?*AOPuxq%;KfCp?2?G7nx74bNh0 zlQM$0{+=8eM`+tUPR(lSyLa`y4js4L_6iUG$d&rXO&uN9{kf5jEES%It}?UJzrYF( zp7-1DpP-Li$GXT~>2U=X`>Y>BKX6(M0L$sZ4Z3(>PJ0Yu`|z*1*@&MZ09HI-T<}~F z-6_MYQ`Qv-V;g3YqL9?6eEH&MLlBqssOgT5*8L8P!9t*vfkOl8*tsGYQ#kKm{Ms~m zd8AZ{@XQ8~unoXh$pm3dcl_)+5NVSg{2Of?;7XvNfyFdY)G65d8c1cXROr;y6o4@| zpd3wbL4x_^)zsV!m^ldbc5Ee@Nj;y93Ieh2EO%T2y7bJMGp^gqU!T=qw7z?qmXbwU z;egk^$EUuY{>|zvRv5AU_MX1-1C@M!ml7nuzLE1~XIpQ8I(?opgG^vGvWiZ+k3^lYG ziKk15AkYAg=N*+G?GIqRqu)9AWML6#_(_JsGMUk{r#JXxGJ5)+nrVOh4z&CokkPRV z08Wh+EDt@Mx1@QvoaS}7Gk?p?^IgfeHAKk%Ts4McCEOE&H6E}}#ICBt9;R@usnbLT z{6MgXh8$)&w6`%AiT?MBeQm?Pm)e0&ZQ1@W$&9R+q}snQBRAI^IR19!CmB;u%M=c1 z6{sT4OivSUiaT}uTO$6coL&Yq!0`c`P8JE8Kaf-~GD`e! zbz-qUs>3N`!?TjOSRdOFIPV!OS;4@_c8=q+0Xn1$VAk@sxD(NXwBOmPo)nS||5Nh8 zUDI5J9Ew3?PEQ+w1yD0_{9I!W;U~!f6yS;YMn)NOO13M6LH2!8a*K!vm~H!ed-Zj7 zV1be!9vKwjvmFT5Z7o_;lj*rG&~gZTF%5ry6JpN#7yo-h0i?Do7*tSi0~b-U=v8LV zwue<{Pf&mU`Tzzi$;*>3IHdGC_>!D_=gys)6-g}XLd(H1c=Sq%mV^0Yd74Gb+h?u* zqMKcK+waeM0B`Z}DWlSC^IT0ujsyEL>iP z>_P!rTCg)>40Mbd_Y5vB6lM;VuSI9}MT2UaY7&>UqGBSyOChXU2q^D)pS-;LKNEp7 zR7QvMJMe1+0o+7yqI!Ed?%%)9#iiaJ2bS7kqV+v_XlTUQcR}Tl^hB7DgO~M}Fku`4 zM6<$S0dR%Ln3yuNUOIS?R$);QwxsAJrdIbzNuYn5S5>82KYiuSJz7D*Be2_zbN&Jf zEFk-x9v|KZMR}h{z#IYm>QuRt5J0>?`28hJX#hDo7+dv>{w+lauz}PyiKxX^2i(`{ zL2Vt7$oYBG*H}&p5r+5Tfh(3ljljSlIs28M$G&YN_KOn=hYmXP23YTRf2))z7|0D* zzyg}x>es%$`C7&1K>Vw!Cpu+eMFz(fNM;-aeZ`J1E?hrP?<1x502GUs@A`lhsyBeX z4+shh3J7?F5COUe;57lIU|>H^O?T)wno~Fd>xssFz|_%FR%WvtV!MV1N&`=yKK&1> z0|55a&!6xAt~#<|%F5PvN4<^@0m%RTl9dAJvfyXCsk(O(0YqzF?{Ox5|B~@19sM^I z@+TttEdB3NA^&N)>*#qaWfhgR=;~?Y{^Dj};C)#nVeG-?W)4{DQpZE zZ)BR=;@9+#i}yi!`j0JyL1X=@WR+_Tqv#QWc4m5!L`>HV;ahnvH*J`*#d*gf{; z$??(*!A`-c{1vdLEIq5bA&*Dq$9wl|=YO^z{{gRTY9sd`Wnj0!qykJT00UduzL_)(-|^8e>MUogg>;&$-g(@c3#m@ z?1&%Ki+f;&ayXGTd3g&!**|#4$c+nj7}WME3AKJpmroM3uYL6f*f@V&9yC^bE$2kE i{@1k_CvxrcByiAtRwEo-bVE)`Q=`=Y literal 0 HcmV?d00001 diff --git a/docs/tutorials/e2e/boost/assets/Step5.png b/docs/tutorials/e2e/boost/assets/Step5.png new file mode 100644 index 0000000000000000000000000000000000000000..e5da2a4543a44482ab1c53f70ddb1e62b5b4eae3 GIT binary patch literal 11371 zcmcI~XIN8Rvo?x|N>kyHE{X^uy#77s{ zG?m_^1PJw8!Kc0Nb*^)Mefg0q?69-fnwfRaeb3B06=fN+OLUhA2nfjJWTn&y2nfZ% z=Y|Vs!8=l08C)Q^>nyG9Y-az$!`8ymnLx(E&ce~e*~0vWsmG1y&dx8K?(^`xur;xB zc7fS)o7ux$dpej12+pWNpJ_Y)b)Dc0_#O9Tmnb8fFT7OEQ(NrZ{MtTw%Kdzo7?qdL z+h`ueowvHgG*`Z?rzgAF5)23#Hr7f{xr|PK5JvRnQ(`{ zSZc!VjPS2pkbysrhd&D@>MPOO>$A4pwb_f)ET@9elc;e)O^*Llp>)8?)95pmcAABtR z3L&v9AflN?o}9TEHpK5V95iOzV?%Bu!^Z7DatWGRCwNvd|Glp2JM&TR%0t36;vd== z%UiX#6<+ijnD{VjJsP;_zd9%4ZA_v}+)7bT|4u1(eJE{GVN|%ly`n3K;PyS>ku*7} zhtJ$Gt0~0JRI~dh7cWEAqE!YsUR`FU`4Y!{Iq3}hdDJD-GvbDy9W|(^l>7aL5#n|`|tBIy9_>12zX)mcRwg0c>j#Vf8`gSR6#F%JXPmG;^@>mH&dq+D;G*9 zv=b)m_%!(ruO@lUg-hrAucT02d8J+qQPeY>MEV>kCrh3Xss^g6yfFFswSA=6KtScc z|Ico1Y^I0)=XkXZ4u?D6kwNva@y7kk7-r@d9YcZ8&h`v{)NR(MskZ41@>i%xUoB+6 zy^!qKjN}`>{QIvPys&d-WDgrJzf}&ta2DO7{W$oqg(N`yKLw^6Uyx#xKKBZGi^k@{ zrN9TyYEqZ4LtwKVab*cFBmyaV+q+igrZCPc-)754o_IJGIs~a1UZo11f2u5@C7sHC zH2@jQZ1#4|2~lLLKJxlHmP`H|Dt_i=TM zBHt-Eq=6A)YwqYMpCcc)JWSTxwNm4ayKf{(Y(G&W$yvBFV)Sx3{8NjMya>`xL{Ga; zquOycFE63kptd(*)W52JUZooa~6*eb4FyB3lZ8!HCGh^=}%Ty=cIGK`JWn!Lk~ zV_Ig!F7&fWz6{@2W3Z{T6DJ)I_dTSlp8TNAr+uuPz^mb9yfx3$*;bY7iKR0!aVafh zlJG=IdDygu^H{)5-3v4dSV=gwKaQ^v+@v&XofESCCfnsAFTb=jl=iO6F^rpMmgSSz zu4*kTmP;}Do|3nlib^Cu8;`x^`XoioII>!U-NgXK@ZR$<+5l-YqB;Y?dwVk`=BndE zcIvm51GkCLd8%g6D28eVI2MAckmanXvp0IUigCdX*rmK`3JQ7r=uvrmC%-{~X4{XZ zT%=yA7|x(QwD3+1@KdUE!((Sci|z!-ZE}V?&&s!QsoIxXBhmysY%wOS#_OyyEGR@= zO*W%-O8aES$Qi~Zeb!cD66~sGiNkX8Vt;sI#VbPM5Ltdc%dW4vsdT2sMA_#+9G`p- zuplC$mN>9|y1Ryo#erywHH~hNmX6P{UPlQ#?fqg{W^DfYb#>fB+b2IZep0nNrB+H% zyJ98A-#=ti3o%<)aQ&&HV{n(4$0q&aH=lj6Y|Fb`MNs9QZ)UAM9l9KvwwEJp5dyLn zA=B@R$Y?iB!{~(ckk5%%{XR02n>TjC9N?w)5Ed8Q0(c33Hfdf3wEGf{`C)>ND<>+r7me9c+N|RA*O&H%@kk%AQx^ zaFG)oydQ&lTtaw%u(~UhVt8q+$S`17WHgJB7k2x$7QLXXh|j)g;(N7_(9mcRPt6D1 zjF!EI&rw&PTQx3v<%AaA-kC}i+>4qZlu|bt(SX59ey&!t4Ym7z6OfL(aL8)K9)khhGUii@nf&5x-{G|UaA(Mx z^`lUiT;uVLm2iJjwAXGbZw$AKV0>h=ZiVeMhjiwVpV@SaL6P1RM?h&ee*gEw_4RCO zyH-X+kb3V0GNpY7D=$wJmy-L4CB+S)i+Yi9a>3@!0NAdJ?}yR~JS1&Q6c|w?7xnZK z7Gb6pEE>GMsQ^QX8h0lTWP2~Q zof-8uR!>s>@w6kJhlz@crLz->HRZnymn0r3)KNGnR_tWJy7#1_?8-`m$bIC<=lW%c zl@s|7zBfLKNqKmXoq<&VQ2=dLfLaVs+Pk%DPxIw$J1%r7QNbQ{rA4sQXica_PQWJX zw75+Uc6`1n)*zYAwCR;wzuA+I$}@9#@r%)Mh@&;X-X_WwMVfryMLG$Q>^WPa$YGP; z$~pS6jUp4SHCz<}%{Qnm);FrgD(fX?%l=&GzpC@Soh?mH!G?~KveL5qWf$rHVgg}x zl;@u&sBvyDUAViH#WJkrK$YLKbfw1McbyBa%O#Ca{IL@7TXnzJ_(;_vXIOf-o6 zkNo(Fmc>#p$4v|~UxRu8DJc!FtVgiL-mm1=>s}rEGr4YokDY5flB&7yav!^{Vz|@@ zn*zhOKMTOFD@REyrX3pwoM*QTWF$meT1xRhPb!edRJqIvTa*#LUz1%4r_jZAYn8Yx zC$IEdDvbfO`Jhz-vbt)Dy2^`(a||Mm7{njXhdvZJW(_bW3EPXK?s*)=9MU(r!GGO#d&kc4|Jom1pV-_=(w496 zX_M*oPMTRz7)YDd0|E~6UfFn3qE?*6RXraafU54DzuR}0;Q zEjnzm8M3pEA9TtZ#5UW^;KJ)%?A0~)MvVvSJQ^epYvZ>80+q^O`(;-NGdz>t=|nYA za@?{BV}y@n%hl|gWFi%2*g5NvwxgJt87i6H#`7?wL~2);9Y%&dg~>)NKh}_(QJg6R zaj=_4wSFf>>7WQ|Ho;C)=}S6TGBs^EV6pLRGgF$wJ4dz)4hbNYWnmqTS7v)zq(#k+ zO~pLHM}aWxD*uZxCduYrwb;~2F^~nd)!N%Zl$qyw{A%8KOv&<~~G2>{1@X zOV|9uufLnvXw>zo9kS`W56F)W`h8Lo>${H$xPF-vP2clfb2`>N$;};ZcFQC7dEPOq z7yI@2wacwF_)5@OG`aJOu1f5EGuKWNK(KRFX6}^Y3gzsE+HBfcH-YR)4I2_ z)jUN6PeQBr(QgKDfV4!T^bYMld;;;($y8OW&36w1F+A{#cc>X;qJI1C-NC%1mA3u3 zO~}`bF)vTrNO$az@NMYk$lOv4t5SSSGUsKcwC5WK7v9=w>1-ij?a>-gsL~Oqbb*$A z&B-zGOr~x{4B%cXWjqC5!lxnSE5(1ueO>`$x6FWvbs=`%mIc&`5T8sR;*ZSaL4%A; zXj@$42z~fhpPOXcA6}|VqaQY^@cQboyj}B-Wd7oXCzOIGys3XP)*pnk!BDfpn|El= z_RC#)XpFhgLg(*)^Do%ufr@DtvDG2`Pal&p%zfB#1HQewr+ zNFn>TWb_qXX_8Yf3Lmoj`#*FB1X(IQwtx&>;k?)ik|T?o1-)M78a>}ntkKJ(p$8(d z%y(#{WB_$Or(BKUg?;HtENcn%uoelXrTN)?s z3klD?(aQt`BmO|*uJgk#wMH=Yc6O3nycpHYeCrlg5w3kdgrooacjMJB@jOPFh8?f# z3e|FgC(J}WHnTZ(N({xpj@@g)-FKQIWXkVUwptGt=38NY{`_g)^Ny0OaKvRn8U8*q zlX+DckZ=OOQk?rBPuk%0NFoTZ9V`#Cxw&~)s`$aLA5Gu^hE*>zIEQneGR+o!{K)Hp zn~gX6KoUVOtUPCKWkpR*9Wtt0YA#oxS%gFs*^CskJx%50s!_$OY%84;D&s%>G6d!A4f(41Jgpr7@q~32G)Lqaxk%@87?J zxOo_GJ}x%)j(vM#I-mvDcE{$r;qj@dhA2<$eU~NY^+}(jeXK5e2e<=~lcNFd1Fl_i zqbk&?buFs8KkC0y=`h_g-5Sy0iM@*mI}Lq80!8@P$t{1ZRsNdSJqq-B0$>4rG@qVT zKWG!ED1hiq2fCH*W$n4s@8cUEN4+A{H3RShmi=52PSG?H0ZjEz%wM|DN2d?PfXEa0 z(i+8Te0oq4AmB2l7YJZKXqMO6M`ouWa$-JK0m~AX1{H@16bY0(X+Zo8IM2ne{?Frm z3Ma}Om#h%k8`11kjECi^qIo+*c(Bw!2k6|4RHMOwqw~zk* z{!A|qH&#Z=IJAmw(TK1_r_{;X@Sav=b;ZS;gAce^cJ=cV*H;c3^-7LgnO=SyM|9(s zOsJ@-C4YS;1Zef%Vri&gx9>5K2DXXyl=_brz+7}hwYcDubiSglM? zzag-7vXyp{otq1489Az1Pndl7GP+?Ocr1QSxJ@Z3Dw2|rc=82iSBa@T$L5<}-7tqNbYC0=Bt79)u4yKx#nr63oD3^+EjP~?pJO;0r z=xB4%r8VD^qut6$PYwwQ2^JRf@1I`@+fNEAzs(x^G`a(hnh+Zs8w8>mu1;65<}g|3 z0URd36H007v#wt9;~M;r8n<BQ5HB*Hzt#8W#&?RaMogdY{`TLN>!x z1#Z|SjphAMI$EA*9gcq|Q4fPN(o#}w7kf1jO17=Re{h(Zns#-?8+3N*RocBPUm7V% zGe8dmJA}Msrp%Iw(4600=${_US9h#o6m_))0p*2Va@pU8&RQJotj0BeC2iNGKF&64 z4X>`Q?l=U-W`}Fc71VZib}oavUw63K*>cgrSrjsMyfbF+w$S$wOiPfxPQEfEF*%g~*Q0@pu+ z)K~@-ymClG=WQq+>pydF_|$x!nBuya$(M83*}aWvBkv9A#ODLq?ZAP)`-{22`#*rT z^a3B1k{~F}7yp<-qflE_*##4mxC42&QD!roYn4bzMTInPzbddb`&t~R{;m05dRuib z7B=N%6-0T2ID4f@>>`L|Rm0$ERU^%OHR(iUMa5@YlCCQWH8qOQ=L>2Toon3W~~lG{WsenOE-WeA>%Y2_H{u>ko;zAacefbZ$g)LQG7IGcaM9-?&Lydq&EFPbmdE@Rjc^X5dnKTH1VX zukGA4-)PE7Ou0=8A8c-ZcWpvXxu()?;_CF(D_1hQ0P=Mw@R`j>8LFub6ln3RMmaAJ zD|x&w0Err7Ro11QEIjG{*ayiWAfS#)0dC5&)4Zk<-`m?8AKxKty}LfeBV#%)C{t-x zwhB(%YF|dvB085V6^brXfl#XDDl-ms(F*F<>RdsAok5kzeleseGHasB zVS1=Q%OVkAu&jol&9I_J0Z7PTpE0O{<=_oaw!(ruaNEo0V5eNd5>+!`Lxd;Jbx}_9 zJ!Eu(vW0ptUcAuP*LQW@Nfq}RbV_~Pi)4S6r_wm5MZ`5%qFep}ibiOBcqaGs=~Ssj zh^KI#Mdy2fXRyIMfNde1^_+>3k(cS{?gl$%lf zj_6h`D(^*AC#R>UzkT}_w>3YOQsPFF0GV0>p?@5fP=Q1u$H(<&h2H^bGk0xo-{E@# z%)Y6BFa$Se`mLuI#3_2lBxzo8b39aCqy1C+$_l#>N8jt2gET__-qe zEu!DNWAf+N&*|x=6PBAdZ}Rb}dQFo7nxlM$9Po`b7G~z3paPCTc?l!P&~sG(h^RG7 zkWIjO)>_ql^ypF6ld#Rr&0_s(f1rTCjlZ~CuQ4(*Qc`Y#%nX~Ti9?>stk1O!dbYN< zQc|yXhUxyk;^@dzN7SOoT0~uxN+SkWHsaeM=1s;QBx0}0V@S05^zVrfW9NT zZ&OHPgkV+o8~TC%!z(*Qz0vQ{B}`_Rvob(b{-$g7&mKsg9B%!c=Pi4Z^F2#5Gc)Ub z4mu8#glr@LG0`e9)L?)IH=2GnK66U>2oc@QM1t0Xc|9qjMs@BRU*3>_todw08r;7EwA{-{at6~mXQ=mtbquBX+shynRUSwh-?bWN9-ZZ)ykBHz1C40VK zkN#HAI9@q9IU*vWj_r-Du|Y)L%^FthG5)yEBQg4Zi|SB076l_#|9*k zrh%5b`yOCmKsx&DZ!ZEHeAoi%Ju68ppc!vnURcfyPy+y1>Kvv6T@ialjRC}NZwGN69v(mzme$hX??-f-gfob2Zg%nrLkG;kL)s|7 z)r5-DulpHo0ROplk$Eo5!#{rfxOnm6J&5Em@LcroRFU@Z06Tq4CR_}7%fZ3n=MW$? zbVAmz&9=0P&itkC4bS9P4qv6DymjkV9KG#52;Sbm{cQLZpQM0px^m@8@l94%OF&B0 z^!SUO(V%^KiymB0(9A6>D{CjzePWv19In6>vhU3L{i0daZkWA!TnkH zwcPR52|VwwJB!U|1I*6_5Eoin+75$Ca>o1L#||}Y0PR2J$H#u2(_H-gr9da|;ZM?M zqz6w&SY=@$r#HS_VT|$i1I(j0MReq+Br~}1XZ?Zzz4P)%M%(8zf7T@a);@pLA%3fj z-QkQo*r0&^g^XEfKDK>3Yz#+w0<-x z*;{J_GSe5>$MWkIVa{27n@fSwzwG-vRY>-UQhIp2kU7w?I*;X0TBqK$lUH||v}>HP zd8%1qagYBl9eu}_jv&qpQ|&3jUmK3gTfVtv{dXJJ1OCrKNn`(gF9)K# zplMGSp&IW#p_W$(}3Su_7`Sli`x4W{XrSQox!mO3M1O@4cF$)uo-Hc8*7JKQqS$%g?F^VQT zhl=*GbD99m0?tgaKGC)2ont8`AaM^gav-qk>glzrtbv7o%5iI=OC&sRK>c#cS2jgm z|8VuA$*q_e^}8A$^egS$EiFf8J4bN)BJRt>MZlOYJ>Kz#_ouglV76E!M zBi-!0it%X)-R(^|Fs!YS165nAOHVk$vN<3S-|wFrjeJ~M%+|6MgQX@)onv0V&ZahW zAG-0$;yLEf&>7zG9^Lw=wyNs&&BumR4hD9Z4l(ImWdmA1X01!L@^N>sT!{jd+pyd^ zYbv2)puEQ?Ls;V5v#GTz^V51QXjTge!3MGy!|11GhwrxcrcLB1ystQ-rR6%_ACUp- z#%q7u4fKoLPmXc`l66R~rM&&N#tQ>`=+78k(+ftFS#mueUg23CbGus2IF#b=usM@0 z^nf3+y?!DEN?c+d$2;Em)-)Fohglj06%mrhNViF%4f}p(ivH~P=I5?@H95rvePG(9mbR##KgDmhj(e{bXL!Or#$v@tNSEL$+!0R34T z;O`$R;^86Swd>nAi|8(r&tG1e{Wv%szmjQC8_ryb_jY_*a%?1teDwpt7;g3iz~&S} zX4+=I6;>{mOPhY0^*Oj?JpwwJuFIqh68a2RuYN%3zhBfXe?-nCku$M5)4ncmX)fIl zzQnXyV>2QL$H+_X}3qr#L01|>er~17Z9*HT}B|9sA3Me?$&T> zc&(!nn}X)G*YB{h+RgVgEh*&GZHHTfhDK&%sYMzUm40jkKi9kg);&5#-F&V+W=gho z4LyHTNF9{Vog7<${M8)R{bU;8ZZ44W@U9+1r7f&2lG1t%N-c{l_1FY;CkI=SX+P zmxKfd8;d3sG0 zmijd6*$ODC$eUnDckJ-}FWr0vOvZ5H3Zo}uUq+9GrT0h8DLX73vZwv}svnety&9AL zuwxND)sBqSH8+p#>MuL%xXA0Z^JqCt7Curm_JQ%v^fV>R^MzdHeyLhcN2v_znx#21 zL3sV~D!Wc~dp1Ka7*`mqj14if*zXZtk41@MXtV3%pd!~p;s?&GRH$l>BB7Pd^9uvo zBjG~V)#Z7D=9sif4Go>OC`}8&q(Hcp8ermZr55x?>{nNb8R&)A ztS9yjX=7pd{SP?IV06bUK<_zwqBQvm*Jf7zn+4Z6mxby6!opNLA4HL&8Vg5YU?7-> z0A<*VrWbmWt1TVB^^euIUujQ==5RxUbgfF=7F-?#-H&hFGfuCcSQ2`k5+jZ|gJ$gj zq=y%40cINNcPC{)mz%t8ju1W&dg-NFy*Cc94;@295p~R~Z-*jPmfgA-Hw)dlyjG{3 z6&HA%xbuR7BX5Mn{TCgvqr?=~l2%ADY-B}7;7loU7|L^$?fBLzw9rMc=YZb6UFLI2 z(_?SN#;T=o{}sEfIh5nYvC8#ZmIFCQ7amN0(BSy06)eRV5)iN+Szsulj5P=W&F$}C z{$)ULc97$xg|3c*xMh2wwD0AKy3!T{MFr56n%(axa>I16NMDtSc;9yRsRT|@R~Ma- zP$gt@Y-ahtnILg#$mX{Rh5?F7YpF8b{#0?6xk!oQh6mprmDR8gM$vjf95mkL4b)~Z zohf+wy2vIIz~}c|Gjri()xpVMu-yAtLpo&tzI%neBo#gVI_Tra$d7hqIHh^RV6ve@of8~Kv7K+~!)%f$0S0`}v&%)* zVWZM!#4d`C24b5{oC@7~5zJ`{00SsJK7kdWNd#_1KSb+m473ypG_b=NKRU~px_S3~ zu&?(l(gR~a5E~3Y8x53a7?{^sO7{0B;h%4dLPLrk0Ld3eA9t<4&ZE;|dXjIe?U(3! z*TAu7aAR2uNFsxxavdz(lUjgMKCZZZGo{$}pq5IrynNyN{d z9Fitrb*#Zy$d4aaNUnKvGA?fQHbjP8v^XBfvH4o2U>$y)>x$Q>7e5+wEA6aMwe0Ga z1r*YEFh2!@ViujltZcdWJjo%?v#=ZHmab?C`Nc!+X*v8b!vaoQaH8QP z+g)bS7GtkOzpUI?g*8j}J-RL&!yS?vP0gkIgG1VM5=m?RfSK=8z4LvX4XQ>qe|Hdq zkAgaAOynz@!##H2_nF(n~@1)n@`*;=}D*tvey77ZXLGXs{NbxjC z0N)O6?+FUp0$j$}Z`E%P*vQF|nFqKm4VLX4DSjGy=_^^CiPb8>?q>+*!p6wmCUp#4 zW8;R@k1ERAl2eXkwY6c@+fgyEs0x0EOJS+Y@|pM(TLfF&KxYQds%t2XJGN&E9JiH; zpKj`5V8})P__GU0=$}4qV2JBN(K*Le4-^&0B~L_}Jf{uySjZAyYCBes{t_zf)epX32_O7v+gQ+LgRPJye zkZKe)8gSK{??V)drf11y3QN%7lPMW~a&BkxMEt&~R55A&CQ2<>U`K3Vr zjZWr=&hr6OS0+yhB`#>=AI8dbM@y0ZUz3af(YOs2%6^+}e3=n+e*a@~@jpizw*so% zH(I`ZGNb)#v{9wFLTT*lyLGB-hRkjj*VS|DYeBb?a8?D7>(gJma&Oie^wa9xb%M3I zCEk_>kB?W%gn4?Q5xt@RP3ccXgyDtX?Tb^P{aaG_5&SqIB&oBH`p&iAfR`9@(#lfB IkBt5QAH54&{{R30 literal 0 HcmV?d00001 diff --git a/static/img/architecture.drawio.svg b/static/img/architecture.drawio.svg index 955fc28f889..f76119e2783 100644 --- a/static/img/architecture.drawio.svg +++ b/static/img/architecture.drawio.svg @@ -1,948 +1,4 @@ - - - - - - - - - -
-
-
- - - Catena-X Association - - -
- [Person] -
-
-
- - - Association for certification and standardization of Catena-X -
- - -
-
-
-
- - - Catena-X Association... - - - - - - - - - -
-
-
- - - Tractus-X - - -
- [Person] -
-
-
- - - Open-Source Community that maintains FOSS Components compliant to Catena-X Standards - - -
-
-
-
- - - Tractus-X... - - - - - - - -
-
-
- - -
- Catena-X Environment -
- - -
- [system] -
-
-
-
- - - Catena-X Environment... - - - - - - - -
-
-
- - -
- Catena-X Partner Consumer -
- - -
- [ENTERPRISE] -
-
-
-
- - - Catena-X Partner Consumer... - - - - - - - -
-
-
- - -
- Catena-X Partner Provider -
- - -
- [ENTERPRISE] -
-
-
-
- - - Catena-X Partner Provider... - - - - - - - -
-
-
- - - EDC - - -
- [system] -
-
-
- - - -
-
-
-
- - - EDC... - - - - - - - - - -
-
-
- - - Business Application - - -
- [system] -
-
-
- - - -
-
-
-
- - - Business Application... - - - - - - - -
-
-
- - - EDC - - -
- [system] -
-
-
- - - -
-
-
-
- - - EDC... - - - - - - - - - -
-
-
- communicates -
-
-
- - - communicates - - - - - - - - - -
-
-
- Uses -
-
-
- - - Uses - - - - - - - -
-
-
- - - Asset Administration Shell Registry / Digital Twin Registry - - -
- [system] -
-
-
- - - -
-
-
-
- - - Asset Administration Shell Registry / Di... - - - - - - - - - -
-
-
- Uses -
-
-
- - - Uses - - - - - - - -
-
-
- - - Asset Administration Shell Server or Repository - - -
- [system] -
-
-
- - - -
-
-
-
- - - Asset Administration Shell Server or Rep... - - - - - - - -
-
-
- - - Any Source System for Data - - -
- [system] -
-
-
- - - -
-
-
-
- - - Any Source System for Data... - - - - - - - -
-
-
- - - Business Application aaS - - -
- [system] -
-
-
- - - -
-
-
-
- - - Business Application aaS... - - - - - - - - - -
-
-
- Uses -
-
-
- - - Uses - - - - - - - - - -
-
-
- Uses -
-
-
- - - Uses - - - - - - - -
-
-
- - - EDCaaS - - -
- [system] -
-
-
- - - -
-
-
-
- - - EDCaaS... - - - - - - - -
-
-
- - -
- Catena-X SaaS Consumer (optional) -
- - -
- [ENTERPRISE] -
-
-
-
- - - Catena-X SaaS Consumer (optional)... - - - - - - - -
-
-
- - -
- Catena-X SaaS Provider (optional) -
- - -
- [ENTERPRISE] -
-
-
-
- - - Catena-X SaaS Provider (optional)... - - - - - - - -
-
-
- - - Asset Administration Shell Registry / Digital Twin Registry aaS - - -
- [system] -
-
-
- - - -
-
-
-
- - - Asset Administration Shell Registry / Di... - - - - - - - -
-
-
- - - Asset Administration Shell Server or Repository aaS - - -
- [system] -
-
-
- - - -
-
-
-
- - - Asset Administration Shell Server or Rep... - - - - - - - -
-
-
- - -
- Catena-X Operating Company -
- - -
- [ENTERPRISE] -
-
-
-
- - - Catena-X Operating Company... - - - - - - - -
-
-
- - - Portal - - -
- [system] -
-
-
- - - -
-
-
-
- - - Portal... - - - - - - - -
-
-
- - - BPDM - - -
- [system] -
-
-
- - - -
-
-
-
- - - BPDM... - - - - - - - -
-
-
- - - MIW - - -
- [system] -
-
-
- - - -
-
-
-
- - - MIW... - - - - - - - - -
-
-
- configure BPN -
-
-
- - - configure BPN - - - - - - - - - -
-
-
- get BPN -
-
-
- - - get BPN - - - - - - - - -
-
-
- - - Database - - -
- [Container: e.g. PostgreSQL] -
-
-
- - - Stores assets, policies ... - - -
-
-
-
- - - Database... - - - - - - - - - - -
-
-
- - - Keycloak - - -
- [system] -
-
-
- - - -
-
-
-
- - - Keycloak... - - - - - - - - -
-
-
- - - Database - - -
- [Container: e.g. PostgreSQL] -
-
-
- - - Stores assets, policies ... - - -
-
-
-
- - - Database... - - - - - - - - - - -
-
-
- Already included in MXD / Tutorial -
-
-
- - - Already included in... - - - - - - - -
-
-
- planned to be included  in MXD / Tutorial -
-
-
- - - planned to be includ... - - - - - - - - -
-
-
- configure BPN -
-
-
- - - configure BPN - - - - - - - -
-
-
- - - AAS Discovery Finder/ -
- AAS Discovery Services - - -
- [system] -
-
-
- - - -
-
-
-
- - - AAS Discovery Finder/... - - - - - - - - - Text is not SVG - cannot display - - - - + + + +
Catena-X Association
[Person]

Association for certification and standardization of Catena-X
Catena-X Association...
Tractus-X
[Person]

Open-Source Community that maintains FOSS Components compliant to Catena-X Standards
Tractus-X...
Catena-X Environment
[system]
Catena-X Environment...
Catena-X Partner Consumer
[ENTERPRISE]
Catena-X Partner Consumer...
Catena-X Partner Provider
[ENTERPRISE]
Catena-X Partner Provider...
EDC
[system]

EDC...
Business Application
[system]

Business Application...
EDC
[system]

EDC...
communicates
communicates
Uses
Uses
Asset Administration Shell Registry / Digital Twin Registry
[system]

Asset Administration She...
Uses
Uses
Asset Administration Shell Server or Repository
[system]

Asset Administration She...
Any Source System for Data
[system]

Any Source System for Da...
Business Application aaS
[system]

Business Application aaS...
Uses
Uses
Uses
Uses
EDCaaS
[system]

EDCaaS...
Catena-X SaaS Consumer (optional)
[ENTERPRISE]
Catena-X SaaS Consumer (optional)...
Catena-X SaaS Provider (optional)
[ENTERPRISE]
Catena-X SaaS Provider (optional)...
Asset Administration Shell Registry / Digital Twin Registry aaS
[system]

Asset Administration She...
Asset Administration Shell Server or Repository aaS
[system]

Asset Administration She...
Catena-X Operating Company
[ENTERPRISE]
Catena-X Operating Company...
Portal
[system]

Portal...
BPDM
[system]

BPDM...
MIW
[system]

MIW...
configure BPN
configure BPN
get BPN
get BPN
Database
[Container: e.g. PostgreSQL]

Stores assets, policies ...
Database...
KeyCloak
[system]

KeyCloak...
Database
[Container: e.g. PostgreSQL]

Stores assets, policies ...
Database...
Already included in deployed components / Tutorial
Already included in...
planned to be included  in deployed components / Tutorial
planned to be includ...
configure BPN
configure BPN
AAS Discovery Finder/
AAS Discovery Services
[system]

AAS Discovery Finder/...Text is not SVG - cannot display \ No newline at end of file From c8d1d4e3bdcb53e65aeb4c348acb7202edb2d836 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 May 2024 11:08:21 +0200 Subject: [PATCH 08/41] fix markdown linter issues --- docs/tutorials/e2e/boost/provideData.md | 2 +- .../e2e/prerequisites/prerequisites.md | 31 +++++++++++++------ 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index b335f22bd1a..f5a4d2e6cb2 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -14,7 +14,7 @@ CLI tools (`curl`) for this, but feel free to use graphical tools such as Postma Alice acts here as a data consumer and Bob as a data provider. - Bob -> -- Alice -> <> +- Alice -> ::: diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index c5af15e25a8..8852acfcb7f 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -9,7 +9,7 @@ The components and tools that are described here are to be understood as a propo :::info -You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or locally. If you choose to run the tutorial locally, make sure that your machine fulfils the minimal performance requirements. +You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or locally. If you choose to run the tutorial locally, make sure that your machine fulfils the minimal performance requirements. ::: @@ -26,7 +26,6 @@ As mentioned in the introduction, no preliminary knowledge about Catena-X is req - X-Environment (xterm) - a browser (we will use google-chrome) to be used for the minikube dashboard and the portal - ## Chosing your environment The tutorial is designed to be used in cloud environments, such as AWS, Google or Azure. If you intend to build your own local environment independently of Cloud based offers, you may use this tutorial as well. In this case you need to ensure, you have the right technical software stack installed, see below. @@ -146,6 +145,7 @@ The port http (80) should not be used, but it will. You can apply the above hint For the [MXD], which is running locally, you only need secure shell access, which means port 22 should be open. #### Further ports + Opening further ports is not required for the tutorial, as the setup is designed to work within a cluster. Once you want to modify the setup, allowing EDCs and services to communicate between different locations, you need to open additional ports and use ingress for port mapping. (This will be described in a later version) ### Install the basic tools (on Ubuntu 22.x and higher) @@ -172,13 +172,13 @@ sudo apt update && sudo apt upgrade sudo apt install kubernetes ``` -#### Install kubectl +#### Install kubectl ```bash sudo snap install kubectl --classic ``` -Occasionally snap will fail with an error message "Access forbidden", alternativly you may try to install Kubectl using the native pakage as follows. Please check https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/ for further information. +Occasionally snap will fail with an error message "Access forbidden", alternativly you may try to install Kubectl using the native pakage as follows. Please check for further information. ```bash sudo apt-get update @@ -192,7 +192,6 @@ Download the public signing key for the Kubernetes package repositories. The sam In Ubuntu 22.04, folder /etc/apt/keyrings does not exist by default, and it should be created before the curl command. If the folder `/etc/apt/keyrings` does not exist, it should be created before the curl command. - ```bash sudo mkdir -p -m 755 /etc/apt/keyrings ``` @@ -205,6 +204,7 @@ Now use the curl command to download the release keys. curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | \ sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg ``` + To allow unprivileged APT programs to read this keyring also change the file permissions. ```bash @@ -235,15 +235,19 @@ Check that kubectl is properly configured by getting the cluster state: ```bash kubectl cluster-info ``` + #### Install Minkube -To install minikube just download the executable from the reposotory. (Please check also https://kubernetes.io/de/docs/tasks/tools/install-minikube/) + +To install minikube just download the executable from the reposotory. (Please check also ) ```bash curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \ &&chmod +x minikube ``` + #### Install helm -helm will be installed with snap. + +helm will be installed with snap. ::: note @@ -265,6 +269,7 @@ If not already installed, install xterm and a webbroser like firefox or google-c ::: Install xterm with apt. + ```bash sudo apt install xterm ``` @@ -281,7 +286,9 @@ To enusre that the X11forwaring is working for ssh -X, add to your .bashrc # ensure google-chrome and other garphic apps find the X-Authorisation file export XAUTHORITY=$HOME/.Xauthority ``` + and in /etc/ssh/sshd_config set the following variables to yes. + ```bash X11Forwarding yes X11UseLocalhost yes @@ -292,19 +299,23 @@ Then you should be able to run xterm and the webrowser locally to open the links If you want to install google-chrome, do as follows, you may use any other Browser. Download the latest Google Chrome Debian package via the following command: ```bash -wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb +wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb ``` -Install the package + +Install the package + ```bash sudo dpkg -i google-chrome-stable_current_amd64.deb ``` + In the event you encounter any dependency issues, resolve them using ```bash -sudo apt-get install -f +sudo apt-get install -f ``` #### Install insomnia + If you want a powerful API client that simplifies the process of building, debugging, and testing APIs, you may want to install Insomnia. (An other alternativ ist Postmann). However for the tutorial we currently do not need the an APIU client, as we will use curl. ut if you want you can just install Insomnia as follows: ```bash From 8b122a30fc3295c837186f0ccb6e82148dab6349 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Wed, 15 May 2024 12:11:16 +0200 Subject: [PATCH 09/41] Update prerequisites.md- some minor changes, mainly spelling --- docs/tutorials/e2e/prerequisites/prerequisites.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index 8852acfcb7f..7cacd2b606a 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -5,7 +5,7 @@ sidebar_position: 1 ## Preface -The components and tools that are described here are to be understood as a proposal and not as standards that must be used. Using the proposed software stack of this tutorial will make it easier to complete it. Nevertheless, if your company policy requires e.g. the use of open stack, or you can't use docker containers or kubernetes, the Catena-X components will also work, you might just need a little extra effort. +The components and tools that are described here are to be understood as a proposal and not as standard that must be used. Using the proposed software stack of this tutorial will make it easier to complete it. Nevertheless, if your company policy requires e.g. the use of open stack, or you can't use docker containers or kubernetes, the Catena-X components will also work, you might just need a little extra effort. :::info @@ -17,7 +17,7 @@ You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or loc As mentioned in the introduction, no preliminary knowledge about Catena-X is required. However, to complete the tutorial you will have to work with the following technical software stack. A basic understanding of those technologies is advised. -- Cloud Environment (AWS/Azure) or a local machine with at least 4 CPUs, 10GB RAM, 20GB free storage +- Cloud Environment (AWS/Azure) or a local machine - Docker - Kubernetes - Kubectl @@ -38,7 +38,7 @@ In case you want to install Tractus-X components or [Kits] directly on your loca - One local server instance, either a physical server or a virtual machine with at least 4 CPUs, 10 GB [RAM] and 20 GB storage - Your local system should run a Linux Version (Debian or Ubuntu 22.04 or higher are recommended) - You need super user privileges (either root access or the right to use sudo) -- The above tools should be installed (Docker, Kubernetes, Kubectl, Minikube, Helm and Browser) +- The above tools should be installed (Docker, Kubernetes, Kubectl, Minikube, Helm and Browser, X-Environment) ### Access to the Internet @@ -138,7 +138,7 @@ export NO_PROXY="localhost,127.0.0.1,::1" #### http (80) -The port http (80) should not be used, but it will. You can apply the above hints for https (port 443) just by replacing https by http. +The port http (80) will not be used in production, but for the tutorial it will, avoiding a more complex setup with SSL. You can apply the above hints for https (port 443) just by replacing https by http. #### ssh (22) @@ -242,7 +242,7 @@ To install minikube just download the executable from the reposotory. (Please ch ```bash curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \ -&&chmod +x minikube +&& chmod +x minikube ``` #### Install helm @@ -316,7 +316,7 @@ sudo apt-get install -f #### Install insomnia -If you want a powerful API client that simplifies the process of building, debugging, and testing APIs, you may want to install Insomnia. (An other alternativ ist Postmann). However for the tutorial we currently do not need the an APIU client, as we will use curl. ut if you want you can just install Insomnia as follows: +If you want a powerful API client that simplifies the process of building, debugging, and testing APIs, you may want to install Insomnia. (An other alternativ ist Postmann). However for the tutorial we currently do not need an API client, as we will use curl. But if you want you can just install Insomnia as follows: ```bash sudo apt-get update From 455c6eb6ee7fc9076a8dfe3382f5faa3d22eb10c Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Wed, 15 May 2024 14:26:47 +0200 Subject: [PATCH 10/41] Update deployComponents.md - for Second Tractus-X Comm. Days Chapter "deploy" was not reworked, therefore I added some special notes. --- .../tutorials/e2e/connect/deployComponents.md | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index a7884eb8c48..bc00d2f9653 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -11,6 +11,49 @@ once and are accessible by all participants. :::warning +This chapter is not yet updated and refers to an older implemenation of the tutorial. Please used the README for the Tractus-X umbrella charts following the link: +https://github.com/eclipse-tractusx/tractus-x-umbrella/blob/main/charts/umbrella/README.md + +::: + +:::note + +### Special Hint for the Second Tractus-X Community Days: + +If you are using the user accounts on the VMs provided by ARENA2036, please be aware of that you are working in a multi-user environment. + +**Your minikube cluster will not be the only one running in your VM, therefore:​** + +- Use specific names for your cluster profile and namespaces for helm​ + + - Proposed name for the cluster profile: “minikube-$USER”​ + + - Proposed name for the umbrella namespace: “umbrella-$USER)" ​ + +- Ensure you are using the option **-p**, everytime you calling minikube ​ + +```bash +minikube –p minikube-$USER … ​ +``` + +Ensure you are using the option **–n**, everytime you calling helm​ + +```bash +helm ... –n umbrella-$USER ​ +``` + +Before you enable ingress enter:​ + +```bash +minikube profile minikube-$USER​ +``` + +This will ensure that ingress is working in the correct environment of your cluster profile. + +::: + +:::warning + Since this documentation is based on a MXD version where tractusx-edc version `0.5.3` is used, there is a need to adapt the `values.yaml` inside the cloned repository **tutorial-resources**. The file is located in `tutorial-resources/mxd/modules/connector/values.yaml` Instead of the `latest` tag for the **controlplane** and **dataplane** image, please use `0.5.3`. From cbdf6d5fcf876962ee2d7dbbc93d59f43e01fa27 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 May 2024 15:02:49 +0200 Subject: [PATCH 11/41] fix markdown linting issues --- docs/tutorials/e2e/connect/deployComponents.md | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index bc00d2f9653..3dc70a76549 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -10,15 +10,13 @@ shared Postgres server, where each of them has a database. MIW and Keycloak are once and are accessible by all participants. :::warning - This chapter is not yet updated and refers to an older implemenation of the tutorial. Please used the README for the Tractus-X umbrella charts following the link: -https://github.com/eclipse-tractusx/tractus-x-umbrella/blob/main/charts/umbrella/README.md - + ::: :::note -### Special Hint for the Second Tractus-X Community Days: +### Special Hint for the Second Tractus-X Community Days If you are using the user accounts on the VMs provided by ARENA2036, please be aware of that you are working in a multi-user environment. @@ -27,19 +25,18 @@ If you are using the user accounts on the VMs provided by ARENA2036, please be a - Use specific names for your cluster profile and namespaces for helm​ - Proposed name for the cluster profile: “minikube-$USER”​ - - Proposed name for the umbrella namespace: “umbrella-$USER)" ​ - Ensure you are using the option **-p**, everytime you calling minikube ​ ```bash -minikube –p minikube-$USER … ​ +minikube –p minikube-$USER ​ ``` Ensure you are using the option **–n**, everytime you calling helm​ ```bash -helm ... –n umbrella-$USER ​ +helm –n umbrella-$USER ​ ``` Before you enable ingress enter:​ From 3a3945304050550c633027c4cb92552ac59d7031 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 May 2024 15:13:15 +0200 Subject: [PATCH 12/41] solve linter issues --- docs/tutorials/e2e/boost/DTR_Tutorial.md | 26 ++++++++++++++---------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/docs/tutorials/e2e/boost/DTR_Tutorial.md b/docs/tutorials/e2e/boost/DTR_Tutorial.md index 23029fd5b33..ca56af36e81 100644 --- a/docs/tutorials/e2e/boost/DTR_Tutorial.md +++ b/docs/tutorials/e2e/boost/DTR_Tutorial.md @@ -166,27 +166,29 @@ curl -i -X POST "${bdsBaseUrl}/data/${id}" -H "Content-Type: application/json" - Bob has now stored his submodel on the BDS. However, because he wants to preserve data sovereignty over his data, he cannot directly provide access to the BDS. Instead, the data exchange shall take place via the EDC. -Therefore Bob needs to create an according contract definition. This follows the same three steps as explained in "Create DTR Asset" of creating an data asset, creating a policy and finally creating the contract definition. +Therefore Bob needs to create an according contract definition. This follows the same three steps as explained in "Create DTR Asset" of creating an data asset, creating a policy and finally creating the contract definition. Info: -edcManagementBaseUrl="http://localhost/bob/management" +edcManagementBaseUrl="" edcApiKey="password" -#Asset -#assetId="$(uuidgen)" +```bash +# Asset +# assetId="$(uuidgen)" assetId="0bc6a8af-8682-4dba-86b1-0433f9762e42" clusterInternalBdsBaseUrl="http://bobs-bds-bds:8080" bdsDataId="bobs-data" assetUrl="${clusterInternalBdsBaseUrl}/data/${bdsDataId}" -#Policy -#policyId="$(uuidgen)" +# Policy +# policyId="$(uuidgen)" policyId="1bc6a8af-8682-4dba-86b1-0433f9762e42" -#Contract Definition -#contractDefinitionId="$(uuidgen)" +# Contract Definition +# contractDefinitionId="$(uuidgen)" contractDefinitionId="2bc6a8af-8682-4dba-86b1-0433f9762e42" +``` Action (Bob): Create a data asset with the following commands: @@ -204,6 +206,7 @@ curl -i -X POST "${edcManagementBaseUrl}/v3/assets" -H "X-Api-Key: ${edcApiKey}" } }" | jq ``` + Action (Bob): Create a Policy with the following commands: ```curl @@ -225,6 +228,7 @@ curl -i -X POST "${edcManagementBaseUrl}/v2/policydefinitions" -H "X-Api-Key: ${ } }" | jq ``` + Action (Bob): Create a contract definition with the following commands: ```curl @@ -374,7 +378,7 @@ In response, Alice receives the AAS descriptor she needs. This contains the subm ![Step3](assets/Step3.png) -Now the process is repeating itself. Alice performs a catalog request again and can now use the dataset IDs as a filter. +Now the process is repeating itself. Alice performs a catalog request again and can now use the dataset IDs as a filter. Action (Alice): Use the following API POST to receive Bob's catalog with the Dataset-ID as a filter: @@ -399,7 +403,7 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses - SPDX-License-Identifier: CC-BY-4.0 - SPDX-FileCopyrightText: 2024 sovity GmbH - SPDX-FileCopyrightText: 2024 msg systems AG -- Source URL: https://github.com/eclipse-tractusx/eclipse-tractusx.github.io +- Source URL: [dt-kit]: https://eclipse-tractusx.github.io/docs-kits/kits/Digital%20Twin%20Kit/Software%20Development%20View/dt-kit-software-development-view/ -[sldt-dtr]: https://github.com/eclipse-tractusx/sldt-digital-twin-registry/tree/main/docs \ No newline at end of file +[sldt-dtr]: https://github.com/eclipse-tractusx/sldt-digital-twin-registry/tree/main/docs From 1effd4cb2647e6612006ab08e0ed406e6fcb2b7b Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 15 May 2024 15:17:52 +0200 Subject: [PATCH 13/41] fix linter issues --- docs/tutorials/e2e/connect/deployComponents.md | 2 +- docs/tutorials/e2e/prerequisites/prerequisites.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 3dc70a76549..e8433b231a3 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -20,7 +20,7 @@ This chapter is not yet updated and refers to an older implemenation of the tuto If you are using the user accounts on the VMs provided by ARENA2036, please be aware of that you are working in a multi-user environment. -**Your minikube cluster will not be the only one running in your VM, therefore:​** +Your minikube cluster will not be the only one running in your VM, therefore - Use specific names for your cluster profile and namespaces for helm​ diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index 7cacd2b606a..8b8fa114e26 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -17,7 +17,7 @@ You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or loc As mentioned in the introduction, no preliminary knowledge about Catena-X is required. However, to complete the tutorial you will have to work with the following technical software stack. A basic understanding of those technologies is advised. -- Cloud Environment (AWS/Azure) or a local machine +- Cloud Environment (AWS/Azure) or a local machine - Docker - Kubernetes - Kubectl From 7762c50a4dfa4eec95563152c6a9d1d26719b622 Mon Sep 17 00:00:00 2001 From: MoritzDieckmann <112852810+MoritzDieckmann@users.noreply.github.com> Date: Thu, 13 Jun 2024 13:29:42 +0200 Subject: [PATCH 14/41] Update architecture.md Fixed typos and rewrote certain parts of the section for clearer explaination. Implemented a new logic for using info-section: Info-sections provide information which account to the architecture of the tutorial setup. The general text provides information on the overall architecture of Catena-X --- docs/tutorials/e2e/inform/architecture.md | 42 ++++++++++++----------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/docs/tutorials/e2e/inform/architecture.md b/docs/tutorials/e2e/inform/architecture.md index 79cf5549e83..0a6debf8e21 100644 --- a/docs/tutorials/e2e/inform/architecture.md +++ b/docs/tutorials/e2e/inform/architecture.md @@ -3,7 +3,7 @@ title: Understand the overarching architecture sidebar_position: 2 --- -This section contains more information than is currently implemented in the MXD. However, it is intended to provide a general overview of the Catena-X architecture. However, not all components are listed here. +This section provides a general overview of the Catena-X architecture. However, not all Catena-X components are used in the Tractus-X Data Space (TXD). Only the components of the TXD are listed and explained here. ## The journey starts @@ -11,48 +11,50 @@ The first thing you need is a BPN (Business Partner Number) because this is used :::info -Even if the BPN is already configured and used in the MXD setup, its just a dummy. In the real world you will receive your BPN via the onboarding / regirstraion process [onboarding process](https://catena-x.net/en/catena-x-introduce-implement/onboarding). +In this tutorial the BPNs are preconfigured in the TXD setup. In the real world you will receive your BPN via the onboarding / registration process [onboarding process](https://catena-x.net/en/catena-x-introduce-implement/onboarding). ::: -The BPN is also used to restrict the access and usage of your provided data assets. This is done via policies. Some example policies are also part of this tutorial. +The BPN is also used in access and usage policies to restrict the access and usage of your provided data assets. Some example policies are also part of this tutorial. -A data asset is the metadata for the data that is intended to be provided or consumed. This data asset is the element in the ecosystem for which policies are defined to build a contract offer which can be agreed and consumed by a consumer. +A data asset contains the data address and metadata for the data that is intended to be provided or consumed. This data asset is the element in the ecosystem for which policies are defined to build a contract definition which can be agreed and consumed by a consumer. One of the key components of the Catena-X architecture is the [Eclipse Data Space Connector](https://github.com/eclipse-tractusx/tractusx-edc) (EDC) as one implementation of the [Dataspace Protocol](https://docs.internationaldataspaces.org/dataspace-protocol/). This component is used to exchange data between participants. This includes: -- Publish data offers and to discover data offers from other participants. -- Negotiate data offers and come to an agreement on how to data is allowed to be used (Usage Policies) -- Transfer data based on a previously negotiated agreement. +- Provide data to other participants in the data space. +- Discover data offerings from other participants. +- Negotiate contract definitions and transfer data according to the definied policies. With the EDC you are always in control of your data. -:::note +Control of your data means on the one hand, that you can decide who can access your data and who can not. On the other hand you can decide under which constraints the data may be used by the data consumer after providing access. This is achieved via policies and sovereign data provisioning (in Catena-X you have the opportunity to freely decide where and by whom the data is stored and offered). This is called **data sovereignty**. -Control of your data means on the one hand, that you can decide who can access your data and who can not. On the other hand you can decide under which constraints the data may be used by the data consumer after providing access. This is achieved via policies and sovereign deployment of data provisioning (in Catena-X you have the opportunity to freely decide where and by whom the data is stored and offered). This is called **data sovereignty**. - -::: - -In our setup we already configured two EDCs. **Alice** and **Bob** and also the related databases (to persist the assets, policies aso.) are ready to use. +Registering an EDC is part of the onboarding process of Catena-X and is done in the portal. :::info -Registering an EDC is part of the onboarding process and is done in the portal. In our setup the EDCs are already registered and technical users are already created in the Keycloak instance. +In the tutorial setup, two EDCS are already configured. **Alice** and **Bob** as well as the associated databases (to persist the assets, policies, etc.) are ready to use. The EDCs are already registered in the TXD setup and the technical users are created in the Keycloak instance. -::: +This represents the minimal Setup for data exchange in a data space. -The minimal Setup for data exchange is in place. Now you are able to provide and exchange data. +::: ## What language does Catena-X speak? / Asset Administration Shell with Aspect Models define the language in Catena-X Since Catena-X is more than just a data exchange the next level of key to success is to exchange data in a structured and defined way. This helps to speak the same language to leverage business value of data. -This is realized with [Asset Administration Shell](https://eclipse-tractusx.github.io) (Digital Twins) and Aspect models. The AAS is the vehicle to transport the semantic, which is modeled in Aspect Models. +This is realized with the [Asset Administration Shell](https://eclipse-tractusx.github.io) (AAS). The AAS represents a vehicle to transport data of an real asset in a standardized and interoperable manner. This digital representation of the asset is called digital twin and is implemented in an AAS. To describe the different aspects of the asset with the AAS in a common language, so called aspect models are defined in the data space. These aspect models define the semantics for the respective aspect of the digital twin. A submodel is then an implementation of an aspect of the digital twin. For a more detailled explaination see [Digital Twin KIT](https://tractus-x-community-days.github.io/eclipse-tractusx.github.io/docs-kits/category/digital-twin-kit). -With that you are able to speak Catena-X. +By utilizing the right aspect models, you are able to "speak Catena-X". + +:::info + +The tutorial setup provides dummy submodels for the data exchange in the tutorial steps explained in Chapter boost. These dummy submodels do not apply Catena-X aspect models but work just fine for the demonstration and learing purpose of the tutorial. + +::: -When it comes to data exchange, it as an utmost concern to be able to find the desired data on the one hand and to understand the structure and meaning of the data on the other hand. -Finding and understanding data is a typical challenge, if you want to provide or consume data to or from an audience you are not in direct contact in advance. +When it comes to exchanging data in a data space, finding the data you want and understanding the structure and meaning of the data are of paramount importance. +Finding and understanding data is a typical challenge when you want to provide or consume data to or from an audience with whom you have no prior direct contact. To tackle these concerns the Industry-Standard for Digital Twins, the [Asset Administration Shell](https://industrialdigitaltwin.org) is referenced. From 795ada0b4f255b6199edc012bea6725ad9332816 Mon Sep 17 00:00:00 2001 From: MoritzDieckmann <112852810+MoritzDieckmann@users.noreply.github.com> Date: Thu, 13 Jun 2024 13:40:40 +0200 Subject: [PATCH 15/41] Update onboardingMaterial.md fixed typos --- docs/tutorials/e2e/inform/onboardingMaterial.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/tutorials/e2e/inform/onboardingMaterial.md b/docs/tutorials/e2e/inform/onboardingMaterial.md index c2897c45d18..ebf444bacb1 100644 --- a/docs/tutorials/e2e/inform/onboardingMaterial.md +++ b/docs/tutorials/e2e/inform/onboardingMaterial.md @@ -14,7 +14,7 @@ To complete this tutorial you will **not** need to read through all the informat ## 1. Catena-X -Catena-X is an open, secure, and standardized data ecosystem for the automotive industry. It is a collaborative initiative of automotive manufacturers, suppliers, and other stakeholders from across the value chain. Catena-X aims to enable the secure and efficient exchange of data across the entire value chain, from the development of new vehicles to the end-of-life recycling of components. +Catena-X is an open, secure, and interoperable data ecosystem for the automotive industry. It is a collaborative initiative of automotive manufacturers, suppliers, and other stakeholders from across the value chain. Catena-X aims to enable the secure and efficient exchange of data across the entire value chain, from the development of new vehicles to the end-of-life recycling of components. :::note @@ -24,7 +24,7 @@ More information on the Catena-X initiative can be found at the visions and goal ## 2. Use-Cases -Catena-X is organized around ten initial use-cases. If your company decided to become part of Catena-X, it has chosen at least one use-case it want's to benefit from. Participation in a use-case usually includes the provisioning of data according to a shared semantic and standardized technology stack that shall enable interoperability and data sovereignty. +Catena-X is organized around ten initial use cases. If your company decided to become part of Catena-X, it has chosen at least one use case it wants to benefit from. Participation in an use case usually includes the provisioning of data according to a shared semantic and standardized technology stack that shall enable interoperability and data sovereignty. :::note @@ -34,7 +34,7 @@ The list of the ten initial use-cases as well as a description of each of them c ## 3. The Data Space -To enable the use-cases, Catena-X builds a decentral data space. In a data space, data is directly exchanged between data provider and data consumer, without an intermediary. A data space requires data providers and consumers to use certain components either as managed services or as self-hosted. Furthermore, "core components" are needed within the network to ensure Identity & Trust, provide Data Discovery mechanisms or a Marketplace to find and purchase business applications that can be used to consume the data and generate value. +To enable the use cases, Catena-X builds a decentral data space. In a data space, data is directly exchanged between data provider and data consumer, without an intermediary. A data space requires data providers and consumers to use certain components either as managed services or as self-hosted. Furthermore, "core components" are needed within the network to ensure Identity & Trust, provide Data Discovery mechanisms or a Marketplace to find and purchase business applications that can be used to consume the data and generate value. :::note @@ -45,7 +45,7 @@ The Catena-X Operating Whitepaper describes how the Catena-X data space is opera ## 4. The Onboarding Journey -Your task to setup the technical components is part of a larger onboarding journey that also includes a registration in the network, a use-case selection, setting up a data governance structure and engagement of the various business departments. The onboarding journey varies depending on your companies decision on how to participate in which use-cases. As you've already read, in case your company only intends to buy a fully managed SAAS business application, you won't need to operate the Catena-X components yourself. +Your task to setup the technical components is part of a larger onboarding journey that also includes a registration in the network, a use case selection, setting up a data governance structure and engagement of the various business departments. The onboarding journey varies depending on your companies decision on how to participate in which use cases. As you've already read, in case your company only intends to buy a fully managed SAAS business application, you won't need to operate the Catena-X components yourself. The Catena-X association provides extensive onboarding material such as an onboarding guide or an onboarding status tracker. Both can be found on the association homepage. :::note From ea72735a02b58b1edb2745e05f4f4e8bea7bd167 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 16:23:56 +0200 Subject: [PATCH 16/41] Update prerequisites.md - rewoked Reworked ot the chapter also introducing aspects for a user setup, which also to run the tutorial without root privileges --- .../e2e/prerequisites/prerequisites.md | 129 +++++++++++++----- 1 file changed, 97 insertions(+), 32 deletions(-) diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index 8b8fa114e26..5db0920f33e 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -9,7 +9,7 @@ The components and tools that are described here are to be understood as a propo :::info -You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or locally. If you choose to run the tutorial locally, make sure that your machine fulfils the minimal performance requirements. +You can either complete the tutorial in a cloud space (e.g. AWS or Azure) or locally. If you choose to run the tutorial locally, make sure that your machine fullfils the minimal performance requirements. ::: @@ -30,7 +30,7 @@ As mentioned in the introduction, no preliminary knowledge about Catena-X is req The tutorial is designed to be used in cloud environments, such as AWS, Google or Azure. If you intend to build your own local environment independently of Cloud based offers, you may use this tutorial as well. In this case you need to ensure, you have the right technical software stack installed, see below. -## Setting up your own environment on local systems +## Preparing your own environment on local systems In case you want to install Tractus-X components or [Kits] directly on your local system you need the following: @@ -39,6 +39,7 @@ In case you want to install Tractus-X components or [Kits] directly on your loca - Your local system should run a Linux Version (Debian or Ubuntu 22.04 or higher are recommended) - You need super user privileges (either root access or the right to use sudo) - The above tools should be installed (Docker, Kubernetes, Kubectl, Minikube, Helm and Browser, X-Environment) +- To enbale users to run the tutorial after you ave installed the required enviroment setup the environmemt as described in the last section. ### Access to the Internet @@ -154,19 +155,43 @@ Within this section we briefly describe how to install the required tools on an #### Install docker +Ensure that you are up to date with your release (for Ubuntu we use atp, which needs to run with root priveledges): + ```bash sudo apt update && sudo apt upgrade ``` +Now install docker ... + ```bash sudo apt install docker.io ``` +:::note + +The user group docker shoild be created, check if it exists. + +```bash +grep docker /etc/group +``` +Response should be: + +```bash +docker:x:120: +``` + +You need the user group later, to assign your user. + +::: + #### Install kubernetes +As before, ensure you have the latest versions for your release. + ```bash sudo apt update && sudo apt upgrade ``` +and the install kubernetes ```bash sudo apt install kubernetes @@ -174,15 +199,22 @@ sudo apt install kubernetes #### Install kubectl +kubectl will be installed with snap, we need to use snap security policy "classic" instead of the default policy "strict" to allow snap full access to the system. + ```bash sudo snap install kubectl --classic ``` -Occasionally snap will fail with an error message "Access forbidden", alternativly you may try to install Kubectl using the native pakage as follows. Please check for further information. +::: note + +Occasionally snap will fail with an error message "Access forbidden", alternatively you may try to install Kubectl using the native package as follows. Please check for further information. + +::: + +Now we install a fake transitory package. This APT transport supports access to repositories through the HTTP Secure protocol (HTTPS), often known as HTTP over TLS. It is important to note that transport is never called directly by a user but is instead used by APT tools based on user settings. That's exactly what we are going in the following steps: ```bash sudo apt-get update -# apt-transport-https may be a dummy package; if so, you can skip that package sudo apt-get install -y apt-transport-https ca-certificates curl ``` @@ -219,35 +251,33 @@ echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs. sudo chmod 644 /etc/apt/sources.list.d/kubernetes.list # helps tools such as command-not-found to work correctly ``` -Update apt package index, then install kubectl: - -```bash -sudo apt-get update -sudo apt-get install -y kubectl -``` - -::: Note -To upgrade kubectl to another minor release, you'll need to bump the version in /etc/apt/sources.list.d/kubernetes.list before running apt-get update and apt-get upgrade. -::: - Check that kubectl is properly configured by getting the cluster state: ```bash kubectl cluster-info ``` -#### Install Minkube +#### Install Minikube -To install minikube just download the executable from the reposotory. (Please check also ) +To install minikube just download the executable from the repository. (Please check also ) ```bash curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64 \ && chmod +x minikube ``` +The chmod command is used to ensure minikube is executable. If you want other users to have access, you should copy the executable to /usr/bin/ or nother comparable location which is used by all users. Ensure that all members of the group "docker" have access. + +```bash +sudo cp ./minikube /usr/bin +chgrp docker /usr/bin/minikube +chmod 750 /usr/bin/minikube +``` + + #### Install helm -helm will be installed with snap. +We will need Umbrella Helm Charts for the deployment of the tutorial Catena-X environment, teh required tool helm will be installed with snap. ::: note @@ -264,39 +294,46 @@ sudo snap install helm --classic :::note -If not already installed, install xterm and a webbroser like firefox or google-chrome, you also may need to install an x-environment (xterm). +If not already installed, install a X11 environment (xterm) and a web browser like firefox or google-chrome. ::: -Install xterm with apt. +To install and configure the X11 environment use apt. ```bash sudo apt install xterm ``` +Ensure that the X11 forwarding is working for ssh -X, add to your .bashrc + +```bash +# ensure google-chrome and other graphic apps find the X-Authorisation file +export XAUTHORITY=$HOME/.Xauthority +``` -Check if you can access your system by using +and in /etc/ssh/sshd_config set the following variables to yes. ```bash -ssh -X +X11Forwarding yes +X11UseLocalhost yes ``` -To enusre that the X11forwaring is working for ssh -X, add to your .bashrc +Check if you can access your system by using for a remote location (or you may also use your system, but do not use localhost as system name) ```bash -# ensure google-chrome and other garphic apps find the X-Authorisation file -export XAUTHORITY=$HOME/.Xauthority +ssh -X @ ``` -and in /etc/ssh/sshd_config set the following variables to yes. +after having loggin enter ```bash -X11Forwarding yes -X11UseLocalhost yes +xterm & ``` -Then you should be able to run xterm and the webrowser locally to open the links given later in the tutorial. +and a new window should appear on your screen. If not ensure that you system is enabled to serve as X server. You may also need to investigate how the environment variable DISPLAY is set. + +Then you should be able to run xterm and the web browser locally to open the links given later in the tutorial. -If you want to install google-chrome, do as follows, you may use any other Browser. Download the latest Google Chrome Debian package via the following command: +If you want to install google-chrome, do as follows, you may use any other browser. We prefer google-chrome as it works easier in the combination of using ssh with X forwarding. Download the latest Google Chrome Debian package via the following command: ```bash wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb @@ -316,15 +353,43 @@ sudo apt-get install -f #### Install insomnia -If you want a powerful API client that simplifies the process of building, debugging, and testing APIs, you may want to install Insomnia. (An other alternativ ist Postmann). However for the tutorial we currently do not need an API client, as we will use curl. But if you want you can just install Insomnia as follows: +If you want a powerful API client that simplifies the process of building, debugging, and testing APIs, you may want to install Insomnia. (Another alternative is Postmann). However for the tutorial we currently do not need an API client, as we will use curl. But if you want you can just install Insomnia as follows: ```bash sudo apt-get update sudo apt-get install insomnia ``` +### Setup a user environment for running the tutorial with a minimum set of privileges + +You do not need full system access to proceed with the following steps of tutorial (even not for the deployment). Further you may allow several users to deploy their environment at the same time on the same system. But there are a few critical aspects, you need to consider. But first we begin with setting up the appropriate permissions for a user. + +:::note + +We use as example the username [tx01]. + +::: + +The user tx01 needs the following permissions to be able to successfully complete the tutorial. +- if has to be a member of the group docker. +- He needs write access to /etc/hosts +So we run the following commands, assuming the user already exists: + +```bash +sudo addusr tx01 docker # adds the user to the group docker +sudo chgrp docker /etc/hosts # change the group permissin from root to docker +sudo chmod 664 /etc/hosts # This allow now our user tx01 to edit /etc/hosts +``` +You should brief your user regarding their responsiblity when theri are editing /etc/hosts. + +:::Warning + +Users like tx01 with the above permissions can start minikube clusters, which will bring up kubernetes and Umbrella helm charts. By sharing the permission via the group docker, they are also able to disturb clusters and services of another user within the same group docker. Therefore, it is important that they choose individual names for their minikube profiles and Umbrella namespaces. Further they should avoid any option like "--all". See also additional hints in the next chapter "deploy". + +::: + :::info -Your enviroment for the tutorial starting with chapter "deploy" should be ready. +Your environment for the tutorial starting with chapter "deploy" should be ready. ::: From 88f6bf3aeeb6c8241d88f6733c625bd45a0fee39 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 17:00:39 +0200 Subject: [PATCH 17/41] Update prerequisites.md minor corrections - spelling --- docs/tutorials/e2e/prerequisites/prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index 5db0920f33e..c0f8d01e73b 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -323,7 +323,7 @@ Check if you can access your system by using for a remote location (or you may a ssh -X @ ``` -after having loggin enter +after having logged in enter ```bash xterm & From e0cbcee43a9ff208f8067e9b0b2cba2d784ebfd4 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 17:31:37 +0200 Subject: [PATCH 18/41] Update connect.md Rework for the usage of Umbrella Helm Charts instead of terraform and usenig minikube instead of kind --- docs/tutorials/e2e/connect/connect.md | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/docs/tutorials/e2e/connect/connect.md b/docs/tutorials/e2e/connect/connect.md index d1919eb9dca..24a14aebb28 100644 --- a/docs/tutorials/e2e/connect/connect.md +++ b/docs/tutorials/e2e/connect/connect.md @@ -3,24 +3,36 @@ title: "Chapter 2: Connect" sidebar_position: 4 --- -The `Connect Chapter` describes step by step how you have to setup your (cloud) infrastructure including servers, a kubernetes cluster, networking and security. On this stack you will deploy the components that you need for data provisioning and data consumption. Along with that you will deploy all the components that simulate the core service provider in our data space. +The `Connect Chapter` describes step by step how you have to setup your local enviroment of your own data space including a kubernetes cluster, services, networking and security. On this stack you will deploy the components that you need for data provisioning and data consumption. Along with that you will deploy all the components that simulate the core service provider in our data space. You will use the technology of Umbrella Helm Charts to configure and deploy your environment. -This tutorial is designed for developers who want to get their hands dirty, for companies that want to perform data exchange in actual Catena-X data space infrastructure and generally for curious minds who want to explore dataspaces. +This tutorial is +- designed for developers who want to get their hands dirty, for companies that want to perform data exchange in actual Catena-X data space infrastructure and generally for curious minds who want to explore dataspaces. +- a preconfigured closed environment in one Kubernetes cluster, where the different services located in docker containers communicate within their joint Kubenets cluster, generated by minikube. + +This tutorial is [not] +- a production environment +- designed to work across different locations Required knowledge and skills: - Beginner level docker and kubernetes -- Beginner level terraform +- Begninner level Minikube +- Beginner level Helm Charts +- Basic understanding of network and web based communication - Basic linux system commands ## Components & Architecture By performing this tutorial a data space will be set up including the following components: -- 2 Tractus-X EDC Connectors (Called Bob and Alice). The EDC is the key component to exchanging data within data spaces. +- starting with 2 Tractus-X EDC Connectors (Called Bob and Alice). The EDC is the key component to exchanging data within data spaces. - 1 Managed Identity Wallet. The Managed Identity Wallet (MIW) service is a central component storing technical identities. Connectors can request the identity, including properties, in order to take decisions if a contract-offer will be made, a contract agreement will be negotiated, or a data-exchange will be processed. -- 1 Keycloak instance. Keycloak is used for Identiy and Access Management of technical users. +- 1 Keycloak instance. Keycloak is used for Identity and Access Management of technical users. - 1 Postgres data base. A data base building the foundation for the MXD setup. +- It will be extende by a thrid Tractus-X EDC Connector (called Judy) to allow applying different policies + +It further in a second step will be extended the configuration by bringing up a portal We now will start with teh next section deploy to bring up the Kubernetes clsuer with minkube and the frist Umbrella Helm Charts. + ## Notice From c864aa730565651bd0c0ebd4b02b0b205342967b Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 17:38:21 +0200 Subject: [PATCH 19/41] Update prerequisites.md Changeing MXD to TXD --- docs/tutorials/e2e/prerequisites/prerequisites.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index c0f8d01e73b..08970dae1bb 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -55,7 +55,7 @@ You may need the support of your local IT department. Once you are confident to ### URL Whitelist -#### Specific URLs​, required for [MXD] +#### Specific URLs​, required for [TXD] ```bash .download.docker.com​ @@ -143,7 +143,7 @@ The port http (80) will not be used in production, but for the tutorial it will, #### ssh (22) -For the [MXD], which is running locally, you only need secure shell access, which means port 22 should be open. +For the [TXD], which is running locally, you only need secure shell access, which means port 22 should be open. #### Further ports From 9e2084356f8bf8fdfc0850fcc2c51bc56a057bd7 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 17:46:35 +0200 Subject: [PATCH 20/41] Update prepareInfrastructure.md Rework for using Umbrella Helm Charts and minikube --- .../e2e/connect/prepareInfrastructure.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/tutorials/e2e/connect/prepareInfrastructure.md b/docs/tutorials/e2e/connect/prepareInfrastructure.md index e09702a9ee4..36660cf545b 100644 --- a/docs/tutorials/e2e/connect/prepareInfrastructure.md +++ b/docs/tutorials/e2e/connect/prepareInfrastructure.md @@ -5,21 +5,23 @@ sidebar_position: 1 ## Prerequisites -In order to run the MXD on your local machine, please make sure the following +In order to run the TXD on your local machine, please make sure the following preconditions are met. -- Have a local Kubernetes runtime ready. We've tested this setup with [KinD](https://kind.sigs.k8s.io/), but other - runtimes such as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. All following instructions will assume KinD. -- Install [Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli). -- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise +- Have a local Kubernetes runtime ready. +- Have kubectl installed +- Minkube is installed +- you have a web browser +- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise. The tutorial conatins examples for `bash`. - basic knowledge about Helm and Kubernetes - [Optional] a cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) - [Optional] a graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). Not mandatory of course, but all screenshots in this doc are created off of Lens. - [Optional] a graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in this guide are created off of PgAdmin. -- [Optional] a graphical tool to send REST requests, such as [Postman](https://www.postman.com/). This sample will - include Postman collections that can be imported. +- [Optional] a graphical tool to send REST requests, such as [insomnia] ( https://insomnia.rest/) or [Postman](https://www.postman.com/). This sample will include Postman collections that can be imported. + +See Chapter [prerequisites] (https://eclipse-tractusx.github.io/docs/tutorials/e2e/prerequisites/) on how to prepare your system. ## Notice From 73e00c45916c1ef5d3f39b295fe3e114b83f56d3 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 18:03:24 +0200 Subject: [PATCH 21/41] Update deployComponents.md Saved version while working on the new text for rewoking the tutorial for using Umbrella helm Charts --- .../tutorials/e2e/connect/deployComponents.md | 54 +++++++------------ 1 file changed, 19 insertions(+), 35 deletions(-) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index e8433b231a3..579e99cc170 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -3,29 +3,33 @@ title: Deploy components sidebar_position: 2 --- -The "MXD" dataspace initially consists of several components: `Alice` and `Bob` (two Tractus-X EDC connectors), +The [TXD] dataspace initially consists of several components: `Alice` and `Bob` (two Tractus-X EDC connectors), a Vault instance each, a Postgres database, a Managed Identity Wallet app, a Keycloak instance. `Alice` and `Bob` will be our dataspace participants. Each of them stores their secrets in their respective vault instances, and there is a shared Postgres server, where each of them has a database. MIW and Keycloak are central components, they only exist once and are accessible by all participants. -:::warning -This chapter is not yet updated and refers to an older implemenation of the tutorial. Please used the README for the Tractus-X umbrella charts following the link: + +:::note +This chapter refers to also to the README for the Tractus-X umbrella charts following the link: ::: -:::note +:::Warning +If you are [not] the only user on your system working with the turorial, means you are working in a multi-user environment, please ensure, that you understand your impact on other minikube profiles of other users and Umbralla namespaces. Please check, if other user are working on the same system by checking the existance of other minikube profiles with the command: -### Special Hint for the Second Tractus-X Community Days +```bash +minkube profile list +``` -If you are using the user accounts on the VMs provided by ARENA2036, please be aware of that you are working in a multi-user environment. +Please ensure you are using a different profile name f and[never] using options like **--all**. To avoid disturbing other we use the environment varaible [$USER] any time whne we specify a name for a minkube profile of an Umbrella namespace. -Your minikube cluster will not be the only one running in your VM, therefore +So if your minikube cluster will not be the only one running in your system, please -- Use specific names for your cluster profile and namespaces for helm​ +- use specific names for your cluster profile and namespaces for helm​ - - Proposed name for the cluster profile: “minikube-$USER”​ - - Proposed name for the umbrella namespace: “umbrella-$USER)" ​ + - Proposed name for the cluster profile: **minikube-$USER** + - Proposed name for the umbrella namespace: **umbrella-$USER** ​ - Ensure you are using the option **-p**, everytime you calling minikube ​ @@ -49,31 +53,11 @@ This will ensure that ingress is working in the correct environment of your clus ::: -:::warning - -Since this documentation is based on a MXD version where tractusx-edc version `0.5.3` is used, there is a need to adapt the `values.yaml` inside the cloned repository **tutorial-resources**. The file is located in `tutorial-resources/mxd/modules/connector/values.yaml` - -Instead of the `latest` tag for the **controlplane** and **dataplane** image, please use `0.5.3`. - -```yaml -# As an example for the controlplane -controlplane: - debug: - enabled: true - port: 1044 - service: - type: NodePort - endpoints: - management: - authKey: password - image: - pullPolicy: Never - #tag: "latest" - tag: "0.5.3" -``` ::: + + For the most bare-bones installation of the dataspace, execute the following commands in a shell: ```shell @@ -82,13 +66,13 @@ git clone https://github.com/eclipse-tractusx/tutorial-resources.git ``` ```shell -# will install the mxd directory under /tutorial-resources/mxd +# will install the TXD directory under /tutorial-resources/TXD # the directory should contain the config file for kind: kind.config.yaml -cd +cd ``` ```shell -kind create cluster -n mxd --config kind.config.yaml +kind create cluster -n TXD --config kind.config.yaml ``` ```shell From 999eaa09256627b505dfdc1d2402a05336ccc2d0 Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 20:44:46 +0200 Subject: [PATCH 22/41] Update deployComponents.md --- .../tutorials/e2e/connect/deployComponents.md | 447 ++++++++++-------- 1 file changed, 260 insertions(+), 187 deletions(-) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 579e99cc170..43889781074 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -9,7 +9,6 @@ be our dataspace participants. Each of them stores their secrets in their respec shared Postgres server, where each of them has a database. MIW and Keycloak are central components, they only exist once and are accessible by all participants. - :::note This chapter refers to also to the README for the Tractus-X umbrella charts following the link: @@ -53,249 +52,323 @@ This will ensure that ingress is working in the correct environment of your clus ::: +## Using Umbrella Helm Charts for the Deployment +This Tutorial will be deployed by using an umbrella chart, which provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network consisting of Tractus-X OSS components. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running, see above warning). If several clusters are riunninh we need to adjsut a few configartion files. + +The currently available components availbe by the Umbrella Helm Chart are following: +- portal +- centralidp +- sharedidp +- bpndiscovery +- discoveryfinder +- sdfactory +- managed-identity-wallet +- semantic-hub +- dataconsumerOne (tractusx-edc, vault) +- tx-data-provider (tractusx-edc, digital-twin-registry, vault, simple-data-backend) +- dataconsumerTwo (tractusx-edc, vault) + +### Starting with the Deployment of [TXD] , our own local dataspace + +We now start to deploy the TXD, our own dataspace. We will start by downloading the sources from Github into our local environment. Then we will step by step +- get the source +- start minikube bringing up the cluster (profile) +- enabling Ingress for local access using the addon for Minikube +- adjusting the configurationb files for the Umbrella Helm Chart (this is not required, if you are the only user on a system) +- bringing uo the certifacation manager +- Using helm to install our first dataprovider and consumer EDCs +- checking their liveness + +### Get the source from the Tractus-X Github +For the most bare-bones installation of the dataspace, execute the following commands in a shell: -::: +```bash +# get the tutorial including the config file for the cluster by cloning the repository locally +git clone [https://github.com/eclipse-tractusx/tutorial-resources.git](https://github.com/eclipse-tractusx/tractus-x-umbrella.git") +``` +We now will find under your current working directory the directory [tractus-x-umbrella], change into this drectory: +```bash +cd tractus-x-umbrella +``` -For the most bare-bones installation of the dataspace, execute the following commands in a shell: +### Start the minkube cluster (profile) +To start the cluster we just call **minikube start**, if we have morethen one instance, we use -p option to set the profile name minikube-$USER, we use the othe roptions to request the appropiate resources. -```shell -# get the tutorial including the config file for the cluster by cloning the repository locally -git clone https://github.com/eclipse-tractusx/tutorial-resources.git +```bash +minikube start [-p minikube-$USER] --cpus=4 --memory 6gb # Start the cluster, if -p option is used with the profile name minikube-$USER ``` -```shell -# will install the TXD directory under /tutorial-resources/TXD -# the directory should contain the config file for kind: kind.config.yaml -cd +We now switch the context to minikube profile, this is required to ensure Ingress get the correct data of the cluster, but it is not needed, if you run only one minikube cluster on your system. + +```bash +minikube profile minikube-$USER # Switch the context to minikube profile ``` -```shell -kind create cluster -n TXD --config kind.config.yaml +You can check you minikube cluster any time by starting the Minkube dashboard: + +```bash +minikube [-p minikube-$USER] dashboard # if -p option is used, with the profile name minikube-$USER ``` -```shell -# -# Now we activate ingress for the later port forwarding ? -# the next step is specific to KinD and will be different for other Kubernetes runtimes! -kubectl apply -f \ -https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml +### Seting up the local internal netwok +in order to enable the local access via ingress, use the according addon for Minikube: + +```bash +minikube [-p minikube-$USER] addons enable ingress # if -p option is used, with the profile name minikube-$USER ``` -```shell -# wait until the ingress controller is ready -kubectl wait --namespace ingress-nginx \ - --for=condition=ready pod \ - --selector=app.kubernetes.io/component=controller \ - --timeout=90s +You will be fine by just enabling ingress, if you now add a few hostnames into /etc/hosts. You shoul densure that you have access, the /etc/hosts file group entry should be assigend to the group **docker**. check with + +```bash +ls -al /etc/hosts # Output should be like: "-rw-r--r-- 1 root docker 414 Jun 16 14:34 /etc/hosts" ``` -```shell -terraform init +Alternatively confugire the DNS Service to be enabled for Ingress. + +:::note + + Ths requires that you have an DNS on your system running and that you have **root accees** via **sudo** + +::: + +```bash +minikube [-p minikube-$USER] addons enable ingress-dns # if -p option is used, with the profile name minikube-$USER ``` -```shell -terraform apply -# type "yes" and press enter when prompted to do so +Find out the IP Address of your minikube clsuter by entering: + +```bash +minikube [-p minikube-$USER] ip # if -p option is used, with the profile name minikube-$USER ``` -Notice that the `kubectl apply` command deploys a Kubernetes Ingress Controller to the cluster and is required to reach -our applications from outside the cluster. Specifically, it deploys an NGINX ingress controller. Notice also, that the -command is *specific to KinD* and will likely not work on other Kubernetes runtimes (minikube, ...) or with other -ingress controllers! +This return your IP Address which you now use as follows: -Wait. Then wait some more. It will take a couple of minutes until all services are booted up. If your machine is a -potato, it'll take even longer. Just get a coffee. Eventually, it should look similar to this: +Update the file /etc/resolvconf/resolv.conf.d/base to have the following contents. -![img.png](assets/img.png) +```bash +search test +nameserver 192.168.99.169 +timeout 5 +``` +::note -## Inspect terraform output +Replace 192.168.99.169 with the output of minikube ip. If you are not the only one running the tutorial on your system replace **tx**with your username stored in **$USER**. -After the `terraform` command has successfully completed, it will output a few configuration and setup values -that we will need in later steps. Please note that some values will be different on your local system. +::: + + Then run the following commands: -```shell -Outputs: - -alice-urls = { - "health" = "http://localhost/alice/health" - "management" = "http://localhost/alice/management/v2" -} -bob-node-ip = "10.96.248.22" -bob-urls = { - "health" = "http://localhost/bob/health" - "management" = "http://localhost/bob/management/v2" -} -connector1-aeskey = "R3BDWGF4SWFYZigmVj0oIQ==" -connector1-client-secret = "W3s1OikqRkxCbltfNDBmRg==" -connector2-aeskey = "JHJISjZAS0tSKlNYajJTZA==" -connector2-client-secret = "enFFUlkwQyZiJSRLQSohYg==" -keycloak-database-credentials = { - "database" = "miw" - "password" = "Tn*iwPEuCgO@d==R" - "user" = "miw_user" -} -keycloak-ip = "10.96.103.80" -miw-database-pwd = { - "database" = "keycloak" - "password" = "W:z)*mnHdy(DTV?+" - "user" = "keycloak_user" -} -postgres-url = "jdbc:postgresql://10.96.195.240:5432/" +```bash +sudo resolvconf -u +systemctl disable --now resolvconf.service ``` -## Inspect the databases +Check if the dns reasolving is working by requesting the IP addresses for the differnt service -Please be aware, that all services and applications that were deployed in the previous step, are **not** accessible from -outside the Kubernetes cluster. That means, for example, the Postgres database cannot be reached out-of-the-box. +```bash +nslookup centralidp.tx.test +nslookup dataconsumer-1-dataplane.tx.test +nslookup dataprovider-dataplane.tx.test +``` -Naturally there are several ways to enable access to those services (Load balancers, Ingresses, etc.) but for the sake -of simplicity we will use a plain Kubernetes port-forwarding: +They should all return the saem IP adresse (the one of Minikube [-p minikube.$USER ip ]. If you face issues in resolving the address, add the following hosts entries into your /etc/hosts file, and replace the IP address with your value and **tx** by your choosen name: -```shell -# find out about the names of your pods -kubectl get pods +```bash +192.168.49.2 centralidp.tx.test +192.168.49.2 sharedidp.tx.test +192.168.49.2 portal.tx.test +192.168.49.2 portal-backend.tx.test +192.168.49.2 managed-identity-wallets.tx.test +192.168.49.2 semantics.tx.test +192.168.49.2 sdfactory.tx.test +192.168.49.2 dataconsumer-1-dataplane.tx.test +192.168.49.2 dataconsumer-1-controlplane.tx.test +192.168.49.2 dataprovider-dataplane.tx.test +192.168.49.2 dataconsumer-2-dataplane.tx.test +192.168.49.2 dataconsumer-2-controlplane.tx.test ``` -```shell -# you should see a list like: -NAME READY STATUS RESTARTS AGE -alice-tractusx-connector-controlplane-6f7555bcb7-mhxh6 1/1 Running 0 4m -alice-tractusx-connector-dataplane-6db78d69c5-sw87d 1/1 Running 0 4m -alice-vault-0 1/1 Running 0 4m -bob-tractusx-connector-controlplane-76ccd79946-84zjw 1/1 Running 0 4m -bob-tractusx-connector-dataplane-85554c7dcd-6pzzs 1/1 Running 0 4m -bob-vault-0 1/1 Running 0 4m -keycloak-6bdf4d7689-8mwfd 1/1 Running 0 4m58s -miw-574bf87bc-c4n6c 1/1 Running 0 4m58s -postgres-66677b8665-lxxp2 1/1 Running 0 5m14s +### Install the first setup + +:::Note +Understanding the role of helm install and upgrade + +helm install is used to install a chart in Kubernetes using Helm. + + --set COMPONENT_1.enabled=true,COMPONENT_2.enabled=true Enables the components by setting their respective enabled values to true. + + **umbrella** is the release name for the chart. + + tractusx-dev/umbrella specifies the chart to install, with tractusx-dev being the repository name and umbrella being the chart name. + + --namespace umbrella specifies the namespace in which to install the chart. + + --create-namespace create a namespace with the name umbrella + +**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]** + +::: + +We start with ensuring that we are using the released charts. + +```bash +helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev ``` -```shell +For the tutorial we first select a subset of components for the dataexchange between a dataconsumer (Alice) and a dataprovider (Bob). The needed components are the following: +- centralidp +- managed-identity-wallet +- dataconsumerOne (tractusx-edc, vault) + -tx-data-provider (tractusx-edc, digital-twin-registry, vault, simple-data-backend) + +### Using a preconfigured configraution file [values-adopter-data-exchange.yaml] + +We chosing a predefined subset of the E2E adopter journey which provies the above selecteion. + +:::Note + +skip the next paragraph, if you are running the only one minikube cluster on your system + +::: + +#### Adjusting the Config files for multi user usage +In case we have to modify the values within the configuartion files as we run in a multi use enviromnet, we need adjust the domians names within the configuration files.A simple way is to update the file by using **sed** as line editor. + +```bash +# adjust values.yaml # -# We will use the last entry for ingress for our port-forwarding, the name of the postgres pod will be slightly differnt in your local cluster. -# now we activtae the kuberntes port-forwarding: -kubectl port-forward postgres-66677b8665-lxxp2 5432:5432 +DOMAIN_NAME="$USER.test" +CONFIG_FILE="alues-adopter-data-exchange.yaml" +cp values.yaml values.yaml.orig +cat values.yaml.orig | sed s/tx.test/$DOMAIN_NAME/ > values.yaml +echo "file values.yaml updated with actual dommainame $DOMAIN_NAME" +cp $CONFIG_FILE $CONFIG_FILE.orig +cat $CONFIG_FILE.orig | sed s/tx.test/$DOMAIN_NAME/ > $CONFIG_FILE +echo "file $CONFIG_FILE updated with actual dommainame $DOMAIN_NAME" +# Adjust further files: concept/seeds-overall-data.md, init-container/iam/centralidp/CX-Central-realm.json, init +-container/iam/sharedidp/CX-operator-realm.json. init-container/iam/sharedidp/CX-operator-users-0.json +# +cd ../.. +echo "Modifing file concept/seeds-overall-data.md, ..." +cp concept/seeds-overall-data.md concept/seeds-overall-data.md.orig +cat concept/seeds-overall-data.md.orig | sed s/tx.test/$DOMAIN_NAME/ > concept/seeds-overall-data.md +echo "Modifing file init-container/iam/centralidp/CX-Central-realm.json ..." +cp init-container/iam/centralidp/CX-Central-realm.json init-container/iam/centralidp/CX-Central-realm.json.orig +cat init-container/iam/centralidp/CX-Central-realm.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/centralidp/CX-Central-realm.json +echo "Modifing file init-container/iam/sharedidp/CX-operator-realm.json ..." +cp init-container/iam/sharedidp/CX-Operator-realm.json init-container/iam/sharedidp/CX-Operator-realm.json.orig +cat init-container/iam/sharedidp/CX-Operator-realm.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-realm.json +echo "Modifing file init-container/iam/sharedidp/CX-operator-realm.json ..." +cp init-container/iam/sharedidp/CX-Operator-users-0.json init-container/iam/sharedidp/CX-Operator-users-0.json.orig +cat init-container/iam/sharedidp/CX-Operator-users-0.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-users-0.json ``` -> Note that the actual pod name will be slightly different in your local cluster. -Then, using PgAdmin, connect to the Postgres server at `jdbc:postgresql://localhost:5432/` using `user=postgres` -and `password=postgres`: -![img_1.png](assets/scr_pgadmin1.png) +#### Run the helm install command to install the cert-manager chart in the same namespace where the umbrella chart will be located." -Every service in the cluster has their own database, but for the sake of simplicity, they are hosted in one Postgres -server. We will show in later sections, how the databases can be segregated out. Feel free to -inspect all the databases and tables, but there is not much data in there yet. There is just a few automatically seeded -assets, policies and contract definitions. +```bash +helm install cert-manager jetstack/cert-manager --namespace umbrella[-$USER] --create-namespace --version v1.14.4 --se +t installCRDs=true +``` -## Verify your local installation +Configure the self-signed certificate and issuer to be used by the ingress resources + +```bash +cat < kubectl-apply-in +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: selfsigned-issuer +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: my-selfsigned-ca + namespace: $NAMESPACE +spec: + isCA: true + commonName: $DOMAIN_NAME + secretName: root-secret + privateKey: + algorithm: RSA + size: 2048 + issuerRef: + name: selfsigned-issuer + kind: ClusterIssuer + group: cert-manager.io + subject: + organizations: + - CX + countries: + - DE + provinces: + - Some-State +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: my-ca-issuer +spec: + ca: + secretName: root-secret +EOF -In order to check that the connectors were deployed successfully, please execute the following commands in a shell: +kubectl apply -f kubectl-apply-in -```shell -curl -X GET http://localhost/bob/health/api/check/liveness | jq ``` -```shell -curl -X GET http://localhost/alice/health/api/check/liveness | jq -``` +#### Now we install the perdefiend setup for our tutorial -which should return something similar to this, the important part being the `isSystemHealthy: true` bit: - -```json -{ - "componentResults": [ - { - "failure": null, - "component": "Observability API", - "isHealthy": true - }, - { - "failure": null, - "component": null, - "isHealthy": true - } - ], - "isSystemHealthy": true -} +Getting dependencies from Repo ... + +```bash +helm dependency update ``` -Once we've established the basic readiness of our connectors, we can move on to inspect a few data items: +Installing the Tutorial chart as part of th E2E journey. -```shell -curl -X POST http://localhost/bob/management/v3/assets/request -H "x-api-key: password" -H "content-type: application/json" | jq +```bash +helm install -f values-adopter-data-exchange.yaml umbrella . --namespace umbrella[-$USER] --create-namespace ``` -This queries the `/assets` endpoint returning the entire list of assets that `bob` currently maintains. You should see -something like - -```json -[ - { - "@id": "1", - "@type": "edc:Asset", - "edc:properties": { - "edc:description": "Product EDC Demo Asset 1", - "edc:id": "1" - }, - "edc:dataAddress": { - "@type": "edc:DataAddress", - "edc:proxyPath": "true", - "edc:type": "HttpData", - "edc:proxyQueryParams": "true", - "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" - }, - "@context": { - "dct": "https://purl.org/dc/terms/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" - } - }, - { - "@id": "2", - "@type": "edc:Asset", - "edc:properties": { - "edc:description": "Product EDC Demo Asset 2", - "edc:id": "2" - }, - "edc:dataAddress": { - "@type": "edc:DataAddress", - "edc:proxyPath": "true", - "edc:type": "HttpData", - "edc:proxyQueryParams": "true", - "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos" - }, - "@context": { - "dct": "https://purl.org/dc/terms/", - "tx": "https://w3id.org/tractusx/v0.0.1/ns/", - "edc": "https://w3id.org/edc/v0.0.1/ns/", - "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" - } - } -] + + +## Inspect + +After the `helm` command has successfully completed, it will output a few configuration and setup values +that we will need in later steps. Please note that some values will be different on your local system. + +Checking liveness of dataprovider ... + +```bash +curl -X GET http://dataprovider-controlplane.$DOMAIN_NAME/api/check/liveness | jq ``` -Note: the same thing can be done to inspect policies and contract definitions. The respective `curl` commands are: +Checking liveness of dataconsumer ... -```shell -# policies: -curl -X POST http://localhost/bob/management/v2/policydefinitions/request -H "x-api-key: password" -H "content-type: application/json" | jq +```bash +curl -X GET http://dataconsumer-1-controlplane.$DOMAIN_NAME/api/check/liveness | jq ``` -```shell -# contract defs: -curl -X POST http://localhost/bob/management/v2/contractdefinitions/request -H "x-api-key: password" -H "content-type: application/json" | jq +## Inspect the databases + +Please be aware, that all services and applications that were deployed in the previous step, are **not** accessible from +outside the Kubernetes cluster. That means, for example, the Postgres database cannot be reached out-of-the-box. + +As mnentioned above you can use the minikube dashboard to inspect your cluster: + +```bash +minikube [-p minikube-$USER] dashboard # if -p option is used, with the profile name minikube-$USER ``` -Alternatively, please check out the [Postman collections here](./postman) +:::Note +This chapter refers to a subset of the E2E Journey describes in the README for the Tractus-X umbrella charts. Please follow the link: . There you will find a lot more information on how you can extend the setup bay adding furterh components, such as a poirtal to increase your experince. You also find hints how to use the Umbrella Helm Chart on Window or MAC. We will continue to add more content to the tutorial. +::: ## Notice From d3903f93dc91c6f41abd59e3afefb776412f3deb Mon Sep 17 00:00:00 2001 From: Johannes Diemer Date: Sun, 16 Jun 2024 21:05:23 +0200 Subject: [PATCH 23/41] Update deployComponents.md Contains all parts as tested within the Comm Days. Now for Helm charts and minikube --- docs/tutorials/e2e/connect/deployComponents.md | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 43889781074..06626a20d13 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -227,6 +227,11 @@ For the tutorial we first select a subset of components for the dataexchange bet We chosing a predefined subset of the E2E adopter journey which provies the above selecteion. +#### Moved to the Umbrella dircetory with the config files +```bash +cd /tractus-x-umbrella/charts/umbrella +``` + :::Note skip the next paragraph, if you are running the only one minikube cluster on your system @@ -322,7 +327,7 @@ kubectl apply -f kubectl-apply-in ``` -#### Now we install the perdefiend setup for our tutorial +#### Now we install the perdefined setup for our tutorial Getting dependencies from Repo ... @@ -336,7 +341,16 @@ Installing the Tutorial chart as part of th E2E journey. helm install -f values-adopter-data-exchange.yaml umbrella . --namespace umbrella[-$USER] --create-namespace ``` +Enable second dataconsumer EDC "dataconsumerTwo" by setting it true in values-adopter-data-exchange.yaml and then executing an upgrade: + +```bash +dataconsumerTwo: + enabled: true +``` +```bash +helm upgrade -f values-adopter-data-exchange.yaml umbrella . --namespace umbrella +``` ## Inspect @@ -367,7 +381,7 @@ minikube [-p minikube-$USER] dashboard # if -p option is used, ``` :::Note -This chapter refers to a subset of the E2E Journey describes in the README for the Tractus-X umbrella charts. Please follow the link: . There you will find a lot more information on how you can extend the setup bay adding furterh components, such as a poirtal to increase your experince. You also find hints how to use the Umbrella Helm Chart on Window or MAC. We will continue to add more content to the tutorial. +This chapter refers to a subset of the E2E Journey described in the README for the Tractus-X umbrella charts. Please follow the link: . There you will find a lot more information on how you can extend the setup by adding further components, such as a portal, to increase your experience. You also find hints on how to use the Umbrella Helm Chart on Windows or MAC. We will continue to add more content to the tutorial. ::: ## Notice From 26493c9697996f31d311eb48730bfe9fff1753a6 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Mon, 17 Jun 2024 13:28:35 +0200 Subject: [PATCH 24/41] fix markdown linter issues --- docs/tutorials/e2e/connect/connect.md | 15 +++++----- .../tutorials/e2e/connect/deployComponents.md | 30 ++++++++++++------- .../e2e/connect/prepareInfrastructure.md | 6 ++-- .../e2e/prerequisites/prerequisites.md | 22 ++++++++------ 4 files changed, 43 insertions(+), 30 deletions(-) diff --git a/docs/tutorials/e2e/connect/connect.md b/docs/tutorials/e2e/connect/connect.md index 24a14aebb28..cc564036256 100644 --- a/docs/tutorials/e2e/connect/connect.md +++ b/docs/tutorials/e2e/connect/connect.md @@ -3,15 +3,17 @@ title: "Chapter 2: Connect" sidebar_position: 4 --- -The `Connect Chapter` describes step by step how you have to setup your local enviroment of your own data space including a kubernetes cluster, services, networking and security. On this stack you will deploy the components that you need for data provisioning and data consumption. Along with that you will deploy all the components that simulate the core service provider in our data space. You will use the technology of Umbrella Helm Charts to configure and deploy your environment. +The `Connect Chapter` describes step by step how you have to setup your local enviroment of your own data space including a kubernetes cluster, services, networking and security. On this stack you will deploy the components that you need for data provisioning and data consumption. Along with that you will deploy all the components that simulate the core service provider in our data space. You will use the technology of Umbrella Helm Charts to configure and deploy your environment. + +This tutorial is -This tutorial is - designed for developers who want to get their hands dirty, for companies that want to perform data exchange in actual Catena-X data space infrastructure and generally for curious minds who want to explore dataspaces. -- a preconfigured closed environment in one Kubernetes cluster, where the different services located in docker containers communicate within their joint Kubenets cluster, generated by minikube. +- a preconfigured closed environment in one Kubernetes cluster, where the different services located in docker containers communicate within their joint Kubenets cluster, generated by minikube. + +This tutorial is [not] -This tutorial is [not] -- a production environment -- designed to work across different locations +- a production environment +- designed to work across different locations Required knowledge and skills: @@ -33,7 +35,6 @@ By performing this tutorial a data space will be set up including the following It further in a second step will be extended the configuration by bringing up a portal We now will start with teh next section deploy to bring up the Kubernetes clsuer with minkube and the frist Umbrella Helm Charts. - ## Notice This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 06626a20d13..5625817eeba 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -10,7 +10,7 @@ shared Postgres server, where each of them has a database. MIW and Keycloak are once and are accessible by all participants. :::note -This chapter refers to also to the README for the Tractus-X umbrella charts following the link: +This chapter refers to also to the README for the Tractus-X umbrella charts following the link: ::: @@ -53,9 +53,11 @@ This will ensure that ingress is working in the correct environment of your clus ::: ## Using Umbrella Helm Charts for the Deployment + This Tutorial will be deployed by using an umbrella chart, which provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network consisting of Tractus-X OSS components. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running, see above warning). If several clusters are riunninh we need to adjsut a few configartion files. The currently available components availbe by the Umbrella Helm Chart are following: + - portal - centralidp - sharedidp @@ -71,6 +73,7 @@ The currently available components availbe by the Umbrella Helm Chart are follow ### Starting with the Deployment of [TXD] , our own local dataspace We now start to deploy the TXD, our own dataspace. We will start by downloading the sources from Github into our local environment. Then we will step by step + - get the source - start minikube bringing up the cluster (profile) - enabling Ingress for local access using the addon for Minikube @@ -80,6 +83,7 @@ We now start to deploy the TXD, our own dataspace. We will start by downloading - checking their liveness ### Get the source from the Tractus-X Github + For the most bare-bones installation of the dataspace, execute the following commands in a shell: ```bash @@ -94,6 +98,7 @@ cd tractus-x-umbrella ``` ### Start the minkube cluster (profile) + To start the cluster we just call **minikube start**, if we have morethen one instance, we use -p option to set the profile name minikube-$USER, we use the othe roptions to request the appropiate resources. ```bash @@ -113,13 +118,14 @@ minikube [-p minikube-$USER] dashboard # if -p option is used, ``` ### Seting up the local internal netwok + in order to enable the local access via ingress, use the according addon for Minikube: ```bash minikube [-p minikube-$USER] addons enable ingress # if -p option is used, with the profile name minikube-$USER ``` -You will be fine by just enabling ingress, if you now add a few hostnames into /etc/hosts. You shoul densure that you have access, the /etc/hosts file group entry should be assigend to the group **docker**. check with +You will be fine by just enabling ingress, if you now add a few hostnames into /etc/hosts. You shoul densure that you have access, the /etc/hosts file group entry should be assigend to the group **docker**. check with ```bash ls -al /etc/hosts # Output should be like: "-rw-r--r-- 1 root docker 414 Jun 16 14:34 /etc/hosts" @@ -152,9 +158,10 @@ search test nameserver 192.168.99.169 timeout 5 ``` + ::note -Replace 192.168.99.169 with the output of minikube ip. If you are not the only one running the tutorial on your system replace **tx**with your username stored in **$USER**. +Replace 192.168.99.169 with the output of minikube ip. If you are not the only one running the tutorial on your system replace **tx**with your username stored in **$USER**. ::: @@ -196,7 +203,7 @@ They should all return the saem IP adresse (the one of Minikube [-p minikube.$US Understanding the role of helm install and upgrade helm install is used to install a chart in Kubernetes using Helm. - + --set COMPONENT_1.enabled=true,COMPONENT_2.enabled=true Enables the components by setting their respective enabled values to true. **umbrella** is the release name for the chart. @@ -207,7 +214,7 @@ helm install is used to install a chart in Kubernetes using Helm. --create-namespace create a namespace with the name umbrella -**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]** +**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]** ::: @@ -218,6 +225,7 @@ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev ``` For the tutorial we first select a subset of components for the dataexchange between a dataconsumer (Alice) and a dataprovider (Bob). The needed components are the following: + - centralidp - managed-identity-wallet - dataconsumerOne (tractusx-edc, vault) @@ -228,6 +236,7 @@ For the tutorial we first select a subset of components for the dataexchange bet We chosing a predefined subset of the E2E adopter journey which provies the above selecteion. #### Moved to the Umbrella dircetory with the config files + ```bash cd /tractus-x-umbrella/charts/umbrella ``` @@ -238,7 +247,8 @@ skip the next paragraph, if you are running the only one minikube cluster on you ::: -#### Adjusting the Config files for multi user usage +#### Adjusting the Config files for multi user usage + In case we have to modify the values within the configuartion files as we run in a multi use enviromnet, we need adjust the domians names within the configuration files.A simple way is to update the file by using **sed** as line editor. ```bash @@ -270,9 +280,7 @@ cp init-container/iam/sharedidp/CX-Operator-users-0.json init-container/iam/shar cat init-container/iam/sharedidp/CX-Operator-users-0.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-users-0.json ``` - - -#### Run the helm install command to install the cert-manager chart in the same namespace where the umbrella chart will be located." +#### Run the helm install command to install the cert-manager chart in the same namespace where the umbrella chart will be located." ```bash helm install cert-manager jetstack/cert-manager --namespace umbrella[-$USER] --create-namespace --version v1.14.4 --se @@ -352,7 +360,7 @@ dataconsumerTwo: helm upgrade -f values-adopter-data-exchange.yaml umbrella . --namespace umbrella ``` -## Inspect +## Inspect After the `helm` command has successfully completed, it will output a few configuration and setup values that we will need in later steps. Please note that some values will be different on your local system. @@ -381,7 +389,7 @@ minikube [-p minikube-$USER] dashboard # if -p option is used, ``` :::Note -This chapter refers to a subset of the E2E Journey described in the README for the Tractus-X umbrella charts. Please follow the link: . There you will find a lot more information on how you can extend the setup by adding further components, such as a portal, to increase your experience. You also find hints on how to use the Umbrella Helm Chart on Windows or MAC. We will continue to add more content to the tutorial. +This chapter refers to a subset of the E2E Journey described in the README for the Tractus-X umbrella charts. Please follow the link: . There you will find a lot more information on how you can extend the setup by adding further components, such as a portal, to increase your experience. You also find hints on how to use the Umbrella Helm Chart on Windows or MAC. We will continue to add more content to the tutorial. ::: ## Notice diff --git a/docs/tutorials/e2e/connect/prepareInfrastructure.md b/docs/tutorials/e2e/connect/prepareInfrastructure.md index 36660cf545b..e73a272ec39 100644 --- a/docs/tutorials/e2e/connect/prepareInfrastructure.md +++ b/docs/tutorials/e2e/connect/prepareInfrastructure.md @@ -8,7 +8,7 @@ sidebar_position: 1 In order to run the TXD on your local machine, please make sure the following preconditions are met. -- Have a local Kubernetes runtime ready. +- Have a local Kubernetes runtime ready - Have kubectl installed - Minkube is installed - you have a web browser @@ -19,9 +19,9 @@ preconditions are met. Not mandatory of course, but all screenshots in this doc are created off of Lens. - [Optional] a graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in this guide are created off of PgAdmin. -- [Optional] a graphical tool to send REST requests, such as [insomnia] ( https://insomnia.rest/) or [Postman](https://www.postman.com/). This sample will include Postman collections that can be imported. +- [Optional] a graphical tool to send REST requests, such as [insomnia] ( ) or [Postman](https://www.postman.com/). This sample will include Postman collections that can be imported. -See Chapter [prerequisites] (https://eclipse-tractusx.github.io/docs/tutorials/e2e/prerequisites/) on how to prepare your system. +See Chapter [prerequisites] () on how to prepare your system. ## Notice diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index 08970dae1bb..e00af0624f4 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -39,7 +39,7 @@ In case you want to install Tractus-X components or [Kits] directly on your loca - Your local system should run a Linux Version (Debian or Ubuntu 22.04 or higher are recommended) - You need super user privileges (either root access or the right to use sudo) - The above tools should be installed (Docker, Kubernetes, Kubectl, Minikube, Helm and Browser, X-Environment) -- To enbale users to run the tutorial after you ave installed the required enviroment setup the environmemt as described in the last section. +- To enbale users to run the tutorial after you ave installed the required enviroment setup the environmemt as described in the last section. ### Access to the Internet @@ -174,7 +174,8 @@ The user group docker shoild be created, check if it exists. ```bash grep docker /etc/group ``` -Response should be: + +Response should be: ```bash docker:x:120: @@ -191,7 +192,8 @@ As before, ensure you have the latest versions for your release. ```bash sudo apt update && sudo apt upgrade ``` -and the install kubernetes + +and the install kubernetes ```bash sudo apt install kubernetes @@ -199,7 +201,7 @@ sudo apt install kubernetes #### Install kubectl -kubectl will be installed with snap, we need to use snap security policy "classic" instead of the default policy "strict" to allow snap full access to the system. +kubectl will be installed with snap, we need to use snap security policy "classic" instead of the default policy "strict" to allow snap full access to the system. ```bash sudo snap install kubectl --classic @@ -266,7 +268,7 @@ curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/miniku && chmod +x minikube ``` -The chmod command is used to ensure minikube is executable. If you want other users to have access, you should copy the executable to /usr/bin/ or nother comparable location which is used by all users. Ensure that all members of the group "docker" have access. +The chmod command is used to ensure minikube is executable. If you want other users to have access, you should copy the executable to /usr/bin/ or nother comparable location which is used by all users. Ensure that all members of the group "docker" have access. ```bash sudo cp ./minikube /usr/bin @@ -274,7 +276,6 @@ chgrp docker /usr/bin/minikube chmod 750 /usr/bin/minikube ``` - #### Install helm We will need Umbrella Helm Charts for the deployment of the tutorial Catena-X environment, teh required tool helm will be installed with snap. @@ -303,6 +304,7 @@ To install and configure the X11 environment use apt. ```bash sudo apt install xterm ``` + Ensure that the X11 forwarding is working for ssh -X, add to your .bashrc ```bash @@ -364,13 +366,14 @@ sudo apt-get install insomnia You do not need full system access to proceed with the following steps of tutorial (even not for the deployment). Further you may allow several users to deploy their environment at the same time on the same system. But there are a few critical aspects, you need to consider. But first we begin with setting up the appropriate permissions for a user. -:::note +:::note We use as example the username [tx01]. ::: The user tx01 needs the following permissions to be able to successfully complete the tutorial. + - if has to be a member of the group docker. - He needs write access to /etc/hosts So we run the following commands, assuming the user already exists: @@ -378,9 +381,10 @@ So we run the following commands, assuming the user already exists: ```bash sudo addusr tx01 docker # adds the user to the group docker sudo chgrp docker /etc/hosts # change the group permissin from root to docker -sudo chmod 664 /etc/hosts # This allow now our user tx01 to edit /etc/hosts +sudo chmod 664 /etc/hosts # This allow now our user tx01 to edit /etc/hosts ``` -You should brief your user regarding their responsiblity when theri are editing /etc/hosts. + +You should brief your user regarding their responsiblity when theri are editing /etc/hosts. :::Warning From bff47269e59579c983919e63f8e45be07c84669e Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Mon, 17 Jun 2024 13:37:55 +0200 Subject: [PATCH 25/41] fix mardown linter issues --- docs/tutorials/e2e/connect/deployComponents.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 5625817eeba..d8f9269aa47 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -214,7 +214,7 @@ helm install is used to install a chart in Kubernetes using Helm. --create-namespace create a namespace with the name umbrella -**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]** +**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]!** ::: From 61001d32c5d0ee76dd679450584cadaf31ac9bbe Mon Sep 17 00:00:00 2001 From: MoritzDieckmann <112852810+MoritzDieckmann@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:08:48 +0200 Subject: [PATCH 26/41] Restructured architecture overview --- docs/tutorials/e2e/inform/architecture.md | 84 ++++++++++++----------- 1 file changed, 44 insertions(+), 40 deletions(-) diff --git a/docs/tutorials/e2e/inform/architecture.md b/docs/tutorials/e2e/inform/architecture.md index 0a6debf8e21..f38ac19a7e9 100644 --- a/docs/tutorials/e2e/inform/architecture.md +++ b/docs/tutorials/e2e/inform/architecture.md @@ -3,78 +3,82 @@ title: Understand the overarching architecture sidebar_position: 2 --- -This section provides a general overview of the Catena-X architecture. However, not all Catena-X components are used in the Tractus-X Data Space (TXD). Only the components of the TXD are listed and explained here. +This section provides an overview of the Tractus-X Data Space (TXD) architecture. In short, the TXD is a simplified version of the Catena-X data space for local deployment. Not all components of Catena-X are used in the TXD. -## The journey starts +The tutorial is under continuous development. The [TXD architecture](#the-tractus-x-data-space-architecture) shows all current and planned components of the TDX. -The first thing you need is a BPN (Business Partner Number) because this is used within the network to identify yourself against other participants. This tells the network in a trusted manner who you are. +## Components of the Tractus-X Data Space -:::info - -In this tutorial the BPNs are preconfigured in the TXD setup. In the real world you will receive your BPN via the onboarding / registration process [onboarding process](https://catena-x.net/en/catena-x-introduce-implement/onboarding). - -::: - -The BPN is also used in access and usage policies to restrict the access and usage of your provided data assets. Some example policies are also part of this tutorial. - -A data asset contains the data address and metadata for the data that is intended to be provided or consumed. This data asset is the element in the ecosystem for which policies are defined to build a contract definition which can be agreed and consumed by a consumer. - -One of the key components of the Catena-X architecture is the [Eclipse Data Space Connector](https://github.com/eclipse-tractusx/tractusx-edc) (EDC) as one implementation of the [Dataspace Protocol](https://docs.internationaldataspaces.org/dataspace-protocol/). This component is used to exchange data between participants. This includes: +### EDC +The key component of the Catena-X architecture is the [Eclipse Data Space Connector](https://github.com/eclipse-tractusx/tractusx-edc) (EDC). **This component is used to exchange data between participants**. This includes: - Provide data to other participants in the data space. -- Discover data offerings from other participants. -- Negotiate contract definitions and transfer data according to the definied policies. - -With the EDC you are always in control of your data. - -Control of your data means on the one hand, that you can decide who can access your data and who can not. On the other hand you can decide under which constraints the data may be used by the data consumer after providing access. This is achieved via policies and sovereign data provisioning (in Catena-X you have the opportunity to freely decide where and by whom the data is stored and offered). This is called **data sovereignty**. + - connect data sources to the EDC + - define policies for the data consumption + - create contract definitions for souvereign data exchange -Registering an EDC is part of the onboarding process of Catena-X and is done in the portal. +- Consume data offerings from other participants. + - Request data catalogs + - negotiate contract offers + - transfer the data :::info -In the tutorial setup, two EDCS are already configured. **Alice** and **Bob** as well as the associated databases (to persist the assets, policies, etc.) are ready to use. The EDCs are already registered in the TXD setup and the technical users are created in the Keycloak instance. +The tutorial setup includes two EDCs: **Alice** and **Bob**. The EDCs are already registered in the TXD setup and the technical users are created in the Keycloak instance. This represents the minimal Setup for data exchange in a data space. ::: +### Managed Identity Wallet (MIW) +The Managed Identity Wallet (MIW) provides a service where you can **store your Verifiable Credentials (VC) for any Catena-X services** in a safe place. This is only an intermediate step before self hosted wallets are supported and organizations have the choice to either use a managed service or store their VCs in their own wallets. -## What language does Catena-X speak? / Asset Administration Shell with Aspect Models define the language in Catena-X +### Identity Access Management (IAM) - Keycloak +Keycloak is used to **manage access to central components**, e.g. the MIW and some of the discovery services with typical OAuth Client Credentials flow. -Since Catena-X is more than just a data exchange the next level of key to success is to exchange data in a structured and defined way. This helps to speak the same language to leverage business value of data. +### Portal +The Portal as an overall product is a complex composition of several interacting solution building blocks. It is generally designed to work with the IAM. For the tutorial relevant parts of the Portal are: +- BPDM-Pool +- Semantic Hub -This is realized with the [Asset Administration Shell](https://eclipse-tractusx.github.io) (AAS). The AAS represents a vehicle to transport data of an real asset in a standardized and interoperable manner. This digital representation of the asset is called digital twin and is implemented in an AAS. To describe the different aspects of the asset with the AAS in a common language, so called aspect models are defined in the data space. These aspect models define the semantics for the respective aspect of the digital twin. A submodel is then an implementation of an aspect of the digital twin. For a more detailled explaination see [Digital Twin KIT](https://tractus-x-community-days.github.io/eclipse-tractusx.github.io/docs-kits/category/digital-twin-kit). +### BPDM +BPDM is an acronym for **business partner data management**. It serves two main purposes: +- Provide services for querying and sharing business partner information +- Establish an infrastructure for realising the Golden Record process which turns business partner information from sharing members to Golden Records, that is cleaned and enriched business partner data uniquely identified by a business partner number (BPN). -By utilizing the right aspect models, you are able to "speak Catena-X". +The BPNs are also used in access and usage policies. :::info -The tutorial setup provides dummy submodels for the data exchange in the tutorial steps explained in Chapter boost. These dummy submodels do not apply Catena-X aspect models but work just fine for the demonstration and learing purpose of the tutorial. +In the current TXD setup the two participants (Alice and Bob) have preconfigued BPNs. Therefore the initial registration process is not part of the tutorial. In the real world you will receive your BPN via the onboarding / registration process [onboarding process](https://catena-x.net/en/catena-x-introduce-implement/onboarding). ::: -When it comes to exchanging data in a data space, finding the data you want and understanding the structure and meaning of the data are of paramount importance. -Finding and understanding data is a typical challenge when you want to provide or consume data to or from an audience with whom you have no prior direct contact. +### Semantic Hub +The Semantic Hub **manages and stores all semantic model definitions** within the data space. It is a key component for achieving a common understanding of data within the ecosystem. -To tackle these concerns the Industry-Standard for Digital Twins, the [Asset Administration Shell](https://industrialdigitaltwin.org) is referenced. +### Discovery Services +In a fundamentally decentralized system, it is important to find other participants and their "address" for data exchange. This can be achieved with the Discovery Services. +- The Discovery Finder is responsible for finding a matching BPN Discovery for a given type - e.g., "bpid", "oen". +- The BPN Discovery is responsible for finding the corresponding BPNs for a given type. +- The EDC Discovery is responsible for finding the corresponding EDC endpoint against a given BPN. -**Discovery finder** is used to identify which services are available to search for dedicated characteristics of a digital twin (e.g. Serialnumber discovery, Product type discovery,...) +## Digital Twins in Catena-X -**Discovery service** maintains a catalog of all entries that can be looked up and may be operated by any operating company. All twins that want to be able to be found within that search have to register/be registered in the corresponding service with its logical ID (and a reference to the Digital Twin registry). +In Catena-X digital twins are realized with the [Asset Administration Shell](https://industrialdigitaltwin.org/) (AAS). The AAS represents a vehicle to transport data of a real asset in a standardized and interoperable manner. This digital representation of the asset is called digital twin and is implemented in an AAS. To describe the different aspects of the asset with the AAS in a common language, so called aspect models are defined in the data space. These aspect models define the semantics for the respective aspect of the digital twin. A submodel is then an implementation of an aspect of the digital twin. For a more detailled explaination see [Digital Twin KIT](https://tractus-x-community-days.github.io/eclipse-tractusx.github.io/docs-kits/category/digital-twin-kit). -**Digital Twin registry** is used to lookup the logical ID of the desired Twin and stores the endpoint address to access the Server that stores the Digital Twin Data - the AAS-Server. +### Digital Twin Registry +The Digital Twin Registry (DTR) is a decentralized component that can be registered as a contract definition in an EDC. It serves a function similar to the index in a book. With the DTR, a data consumer can get an overview of WHAT to find, HOW and WHERE to access it. The registry contains submodel descriptors that point to the endpoint of submodels of a digital twin. -**AAS-Server** is used to provide the API for the desired data - which are implemented as `Submodels` or also called "Digital twin aspects", that can either implement a dedicated persistence and gather copies of information in the desired quality or by access the corresponding business systems directly. These Submodels are semantically described (structure and meaning) by semantic models which are centrally managed in the +### AAS-Server +The AAS-Server or Submodel Server is used to store submodels or also called digital twin aspects. -**Semantic Hub** which stores all semantic models that may be described in a Semantic Aspect Meta Model (SAMM) compliant format to be able to inform about requirements for an API providing that kind of data or validate information that is transferred via AAS-API. - -## What else is needed +:::info -The **Managed Identity Wallet (MIW)** provides a service where you can store your Verifiable Credentials (VC) for any Catena-X services in a safe place. This is only an intermediate step before self hosted wallets are supported and organizations have the choice to either use a managed service or store their VCs in their own wallets. +The tutorial setup provides dummy submodels for the data exchange in the tutorial steps explained in Chapter boost. These dummy submodels do not apply Catena-X aspect models but work just fine for the demonstration and learning purpose of the tutorial. -**Keycloak** is used to manage access to central components, e.g. the MIW and some of the discovery services with typical OAuth Client Credentials flow. +::: -## The different components +## The Tractus-X Data Space Architecture ![cx_architecture](@site/static/img/architecture.drawio.svg) From 376362aa890c9e9f44b6c69aadaf2f0cb3da2a33 Mon Sep 17 00:00:00 2001 From: MoritzDieckmann <112852810+MoritzDieckmann@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:40:06 +0200 Subject: [PATCH 27/41] fixed typo --- docs/tutorials/e2e/inform/architecture.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/tutorials/e2e/inform/architecture.md b/docs/tutorials/e2e/inform/architecture.md index f38ac19a7e9..7bf0c4208df 100644 --- a/docs/tutorials/e2e/inform/architecture.md +++ b/docs/tutorials/e2e/inform/architecture.md @@ -3,14 +3,14 @@ title: Understand the overarching architecture sidebar_position: 2 --- -This section provides an overview of the Tractus-X Data Space (TXD) architecture. In short, the TXD is a simplified version of the Catena-X data space for local deployment. Not all components of Catena-X are used in the TXD. +This section provides an overview of the Tractus-X Data Space (TXD) architecture. In short, the TXD is a simplified version of the Catena-X data space for local deployment. Not all components of Catena-X are currently used in the TXD. The tutorial is under continuous development. The [TXD architecture](#the-tractus-x-data-space-architecture) shows all current and planned components of the TDX. ## Components of the Tractus-X Data Space ### EDC -The key component of the Catena-X architecture is the [Eclipse Data Space Connector](https://github.com/eclipse-tractusx/tractusx-edc) (EDC). **This component is used to exchange data between participants**. This includes: +A key component of the Catena-X architecture is the [Eclipse Data Space Connector](https://github.com/eclipse-tractusx/tractusx-edc) (EDC). **This component is used to exchange data between participants**. This includes: - Provide data to other participants in the data space. - connect data sources to the EDC @@ -70,7 +70,7 @@ In Catena-X digital twins are realized with the [Asset Administration Shell](htt The Digital Twin Registry (DTR) is a decentralized component that can be registered as a contract definition in an EDC. It serves a function similar to the index in a book. With the DTR, a data consumer can get an overview of WHAT to find, HOW and WHERE to access it. The registry contains submodel descriptors that point to the endpoint of submodels of a digital twin. ### AAS-Server -The AAS-Server or Submodel Server is used to store submodels or also called digital twin aspects. +The AAS-Server or Submodel Server is used to store submodels. :::info From f25a059ab5ebc653fffd80030931b7d2bee97671 Mon Sep 17 00:00:00 2001 From: Tunahan Cicek Date: Tue, 18 Jun 2024 15:22:00 +0200 Subject: [PATCH 28/41] Extend documentation with access control (DTR) --- docs/tutorials/e2e/boost/DTR_Tutorial.md | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/tutorials/e2e/boost/DTR_Tutorial.md b/docs/tutorials/e2e/boost/DTR_Tutorial.md index ca56af36e81..b4981aa2ab5 100644 --- a/docs/tutorials/e2e/boost/DTR_Tutorial.md +++ b/docs/tutorials/e2e/boost/DTR_Tutorial.md @@ -249,6 +249,26 @@ curl -i -X POST "${edcManagementBaseUrl}/v2/contractdefinitions" -H "X-Api-Key: The submodel is now stored at the BDS and made available through a contract definition at the EDC. +### Access control to Digital Twins Based on the BPN (Business Partner Number)/ TenantId +The digital twin registry offers two functionalities for managing access control to digital twins (Shells) based on the Business Partner Number (BPN). +On application start, the provider can configure which kind of access control will be activated. + +1. Classic implementation (default is true). This implementation is used for this tutorial: + 1. The visibility of `specificAssetIds` in the Digital Twin Registry based on the Business Partner Number (BPN) (Which is send via header Edc-Bpn) can be controlled with the attribute `externalSubjectId`. Hence, the `externalSubjectId` is identified with the BPN. + 2. The communication between consumer and provider is via EDC. Before the provider EDC sends the request to the DTR, the property Edc-Bpn with the BPN of the consumer will be set by the provider EDC. +2. Granular access control implementation: + 1. The granular access control implementation is provided as an alternative option to enforce visibility rules of the *Digital Twin* details. These can be: + 1. The visibility of the *Digital Twin* as a whole + 2. The visibility of certain `specificAssetId` names and values of the *Digital Twin* + 3. The visibility of certain `submodelDescriptors` of the *Digital Twin* + 4. Restricting access to *Digital Twin* details which are `"PUBLIC_READABLE"` + (only showing the `id`, the public readable `specificAssetId` names and values, the `createdDate` and the filtered `submodelDescriptors` ) + 5. To enable granular access control (instead of the classic implementation), the `registry.useGranularAccessControl` configuration HELM chart property must be set to `"true"`. + +For more details see: [DTR Access control to Digital Twins Based on the BPN (Business Partner Number)/ TenantId](https://github.com/eclipse-tractusx/sldt-digital-twin-registry/blob/main/docs/README.md#:~:text=dev%40eclipse.org-,Access,-control%20to%20Digital) + + + #### Register/create a Digital Twin at the DTR Now that Bob has stored his submodel at the BDS and offered it at the EDC for sovereign data exchange, he wants to make it findable via the DTR. This contains two steps: @@ -292,13 +312,13 @@ In order to reference the submodel in the digital twin, submodel descriptors can When adding a submodel to an existing digital twin, it is important to use the correct AAS-Id. This has to be added for the parameter "id", e.g. "id": "e5c96ab5-896a-482c-8761-efd74777ca97". -To reference the endoint of the submodel we use the DSP protocol. Thus you have to provide the subprotocolBody with the Id of the contract definition/asset (?) as well as the dspEndpoint of the EDC. +To reference the endoint of the submodel we use the DSP protocol. Thus you have to provide the subprotocolBody with the Id of the asset as well as the dspEndpoint of the EDC. ```curl POST /shell-descriptors/{{aasId}} { - "id": "e5c96ab5-896a-482c-8761-efd74777ca97", + "id": "e5c96ab5-896a-482c-8761-efd74777ca97", "semanticId": { "type": "ExternalReference", "keys": [ From eab66a4ff836d362e0f152a3f08712075ce5e18f Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Thu, 20 Jun 2024 17:53:15 +0200 Subject: [PATCH 29/41] cleanup fix type issues delete unused files rename files --- docs/tutorials/e2e.md | 6 +- docs/tutorials/e2e/CHANGELOG.md | 11 ++++ .../assets/components_contract_definition.png | Bin 14949 -> 0 bytes docs/tutorials/e2e/boost/consumeData.md | 2 +- .../boost/{DTR_Tutorial.md => dtrTutorial.md} | 10 ++-- docs/tutorials/e2e/connect/connect.md | 10 ++-- .../tutorials/e2e/connect/deployComponents.md | 56 +++++++++--------- .../e2e/connect/prepareInfrastructure.md | 4 +- docs/tutorials/e2e/inform/architecture.md | 37 ++++++++---- .../e2e/inform/onboardingMaterial.md | 2 +- .../e2e/prerequisites/prerequisites.md | 18 +++--- .../tutorials/e2e/dtr-access-token.png | Bin .../tutorials/e2e/dtr-get-aas-ids.png | Bin .../tutorials/e2e/dtr-get-data.png | Bin .../tutorials/e2e/dtr-get-descriptor.png | Bin .../tutorials/e2e/dtr-get-token.png | Bin .../assets => static/tutorials/e2e}/img.png | Bin .../tutorials/e2e}/scr_pgadmin1.png | Bin 18 files changed, 90 insertions(+), 66 deletions(-) delete mode 100644 docs/tutorials/e2e/boost/assets/components_contract_definition.png rename docs/tutorials/e2e/boost/{DTR_Tutorial.md => dtrTutorial.md} (98%) rename docs/tutorials/e2e/boost/assets/Step1.png => static/tutorials/e2e/dtr-access-token.png (100%) rename docs/tutorials/e2e/boost/assets/Step2.png => static/tutorials/e2e/dtr-get-aas-ids.png (100%) rename docs/tutorials/e2e/boost/assets/Step5.png => static/tutorials/e2e/dtr-get-data.png (100%) rename docs/tutorials/e2e/boost/assets/Step3.png => static/tutorials/e2e/dtr-get-descriptor.png (100%) rename docs/tutorials/e2e/boost/assets/Step4.png => static/tutorials/e2e/dtr-get-token.png (100%) rename {docs/tutorials/e2e/connect/assets => static/tutorials/e2e}/img.png (100%) rename {docs/tutorials/e2e/connect/assets => static/tutorials/e2e}/scr_pgadmin1.png (100%) diff --git a/docs/tutorials/e2e.md b/docs/tutorials/e2e.md index 2376dfc5ba4..e4b7788178f 100644 --- a/docs/tutorials/e2e.md +++ b/docs/tutorials/e2e.md @@ -10,13 +10,13 @@ Completing this tutorial is recommended for IT departments prior to participatin :::info -With the Minimum Tractus-X Dataspace (MXD), IT departments can set up their own data space locally to perform a data exchange between two parties (Alice and Bob in our example). The MXD can be used as a sandbox for testing and exploring the EDC. +With the Minimum Tractus-X dataspace (MXD), IT departments can set up their own data space locally to perform a data exchange between two parties (Alice and Bob in our example). The MXD can be used as a sandbox for testing and exploring the EDC. ::: ## Target Audience -This tutorial is built for employees of the **IT department who operates the IT stack of an adopter (data provider/consumer)**. It shows how to operate the various Catena-X components in combination with each other. It also explains the basic connection with the core services (e.g. Keycloak and MIW), as provided by an operating company (e.g. first Catena-X Operating Company Confinity-X). +This tutorial is built for employees of the **IT department who operates the IT stack of an adopter (data provider/consumer)**. It shows how to operate the various Catena-X components in combination with each other. It also explains the basic connection with the core services (e.g. keycloak and MIW), as provided by an operating company (e.g. first Catena-X Operating Company Cofinity-X). :::note @@ -60,7 +60,7 @@ Technical knowledge (Docker, Kubernetes, Helm, Terraform) to deploy components o ## Tutorial Description -This tutorial is split into three chapters (more will follow) that build on each other. It won't provide deep dives into each of the technical components that will be deployed. If you are interested in getting a deeper understanding of each of the components, or the realted standards, please have a look into the [kits](https://eclipse-tractusx.github.io/developer) section. +This tutorial is split into three chapters (more will follow) that build on each other. It won't provide deep dives into each of the technical components that will be deployed. If you are interested in getting a deeper understanding of each of the components, or the related standards, please have a look into the [kits](https://eclipse-tractusx.github.io/developer) section. :::tip diff --git a/docs/tutorials/e2e/CHANGELOG.md b/docs/tutorials/e2e/CHANGELOG.md index ff188a815cb..926309322df 100644 --- a/docs/tutorials/e2e/CHANGELOG.md +++ b/docs/tutorials/e2e/CHANGELOG.md @@ -4,6 +4,17 @@ All notable changes to this tutorial will be documented in this file. +## [1.0.0] - 2024-06-24 + +### Added + +- Digital twin registry (dtr) as component and related description "how to use it" as a provider +- Example for restrictions via different policies + +### Changed + +- Deployable local dataspace via umbrella helm charts + ## [0.1.0] - 2023-11-28 ### Added diff --git a/docs/tutorials/e2e/boost/assets/components_contract_definition.png b/docs/tutorials/e2e/boost/assets/components_contract_definition.png deleted file mode 100644 index c3c067aeb4f48444c2c71d95742052bada42889b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 14949 zcmeHu2{_bm_cuyJB5NT_MaeoCBJ0>H+hE4NWEqTQXpEgGTO}k}BFiLge$Rc*x$krCbI#}7_iz=ir^P_WNk>6J z!EpABx*-JxB@#S$(e44iAvZ&9zz3z5p%#pyxPyC)f`T21(=f%k`#GZBP!s}EYFkeN zk`m4yUN`|Mbpc694L6iM4(ovdkAUv(;ed8Tqa3!zBqb!JL?IHQ5>Nz0NJ<5x zoS3YHocR{NtrH5ftw`4+0PW^xD)rt29Qr^pF!yA2uP}dXE(Gf3Vdjx>|H&`A`Vzv zUoo@?V3&l5$%sJ#NzEDS;SQKIArNUX2{EXw6jV%7S_+K(W~8PhR7^??0%%6Ij<#6z zFVm6jN8xOpwrp2Fi*%6C!5T`*V0{f?Zf16B-eh+H9v>9e3k@8$>As!G$pbilPt+FG z0p)|X2P=^jkkSy4Pz7V;A1O5lw5=1?)*ZZHY{5!5HNb%nMZto|8qnL0he)9y5;Ai3 zqNgNL_M$Qlc9NnJQjQQ&2viCsE8~cg06%}OeP<4LKP{}Sr?aky1Ii7kbnx4nM()(6 z1R(ft5uh?)M)IUi*gsAC8^H)2u)RLWww#kU+5zRYCA+;`oQH=S4(<7SqP+(O148O| zjJ8-TITAMQ-IjIqaN99GL7v$c11!g_dPw&%lmU^ce~M7!;dnr&7uXIl`mTbegXzi!`_gLmAF_3!`_{j$5i z4(~9z`>CPa$h)xP;q7@q)cy0a+m7?J#r`Sh{%_QYx|#S&IXRm8K}=lLWqox_bmb5` zap+^~=DqE90ZAD*U?|KJSmA~9-`)+G3*Kb&VeYnACp1U}RS8cJXWOr$I1f)ilHMfY zP<}X3TQ{^5nadum9EAmpn^Xssy$9A7x0y?-V0%zlH#FE9a*f#051yRJ^X#m`Zik@e zfx%&IL6}KOsG}Uw81$x^?X?2;{)ur%63~DNzt`rB{d3AcW2GC)5iCvh)TWt0(Y8x= zRI1zJKrxh1_3}c2Rc<-)j~4N7obnf^czU>@?fw6FUUJg^ww02gp5f3S&s4WINquwo zVB1@!zGWrM18_OIZRQ356F0CWj$jA2s{{npxy^S?TX(b@xxSo1x%r^TTET!b&K>Zp zL%^f2Ga837^0WoDQA*txlqo>l%6{@9P}`;I4+4FY^tZF^x17^L0T{qxf%OvG8l`0= zwx-#xeNr;p@4mlOk{z1!FGWOdo6mN;cscz^HQ9;(NE!p4?JDrMmrn-gKPwi0n4xl8 zhWxUBCfNi*xpH^1#@-Y5YcoZ5F>xP$whsZ#+64~{I>n9PWJMjUdS%qd;tmSza=EQDMfxKi;)8X)B&vjZ*rS& zJAzvVlC1*F;N`D{0|;UdZ|r6$0j@uE7T6^6KH)%>0!g^3?GO3>)$qci+(7;E`Tauw zC|3UV-v0_6QfjJLtSvcqcl3CApfNbmM*Y5-_*LewJ(FV!PL}>H6J(@+p9z1;jK3et ze>uw^=!foP40$)fn*T-pQlRD2+;YS};<`|R=iipu=HASa=2Q$bVJ-X7&eJ~I3*{QBn`lD`Ah05`orH?fswe}vTJBJxYc{r>SH~E1m_d(iZO6VRz1taIA+X`D6y}T>fHA9pz<@MSK3)nb&hibVmRX zeu1r>1L_~2+5ZkiZoAIb!2!Do(Ep2)piSQlG``V=#Jjiz&xy_p!;R zN76zOQ7X(S7dp>5b!IVfKpf&DOgZtA^1BWwt3~J)q66PtJl`B~Yp>8lbHQ2(sVqvo zhG&<%%n=y7BP;VB)<{9<>Z_l9{!=q+^1O@ni;asR{0B=$=0ZBw8eaK#1ZI>!`ktVD zX~>f8KF>+`-DbLzQhwAYWZ<$^`c*VumKbqoeZqE+LiuB=wj!JwJ% z3SSt6!e7b?(2|18S%^y&j=JG4u3mt2ToIqD@A^)iP$feH2H*UCFxZ%IaeZmT@mcKQ zhJnMUecHJd{3L3t^)nP8b8~Z!j*d?YtsCTP6@;>gebbFA9d3h-{e6wWbtR1x-6d%z zHo=uu47?YA;^lCoH*^5@W+HNkol=K~)BC(G$ybPmNq@$ZjwiJFdbmrLC*=oP5=AFfxx*zF zBl_0L^$O^og74|R0}zv9%ljKw6AOw4ldS_@+))l0xFhHFbalQ<-}q+J`a%i&S6PpN zZ)Pvf9QV}Xyubc^W7Y#X7GF%zFLkqpd=8^&`SL7oGHlmm3(eYx2N$w+y?%T%Tj?Ku znf9_XTkB;<`st#aTJMQ>)`t=j5{7@ye36M!khoW5Qeq9|5V!u87`9sHGg-!o)<#-9 zIdhazLWpMaRPb^|UIed{)@Z``fR9d&KFq!Br5Z+t0ptk?B*bw6OA7<%{K^Nzo$Z7!t6 zqZd~8qaarjpE@0-M;Pu3aLyXPY$EPH7&NC#-{{_3^#N5pVIp#w*sN2>R)G{Y<~m

8^^}3v|ps@2G zVXD8byME>=*Q@Kt_yn5^E)x}4pG15#Pw|GQXJk|{9+{*&ahdqQ6zEc}m2m-n%+H`E z>IM;YMM!Xhv1+%sfb&=|o)}EjSl1Qm?I)ZpL)hbc-Wm!Z=GNZ#6kdhD%)7`=Xf1o- zvS<@V-8OV2)8zyrT147xy>7wfhTX1b&+>@<%w_y+<3=$NC#Bs!8~rLNL%61|-;_u6 z&7PSKShSgbU6)imVMMB1EE6scCfXgc2>eM&Ohj44Uvg+(i%{1F>8m=}LuOSQ_l%=0nV#)d%LJ zLJts&UQ&WeHcwuk84JGW-#nNI_ntPr=~%M}O@wkR9xbwI8W>QXUQr#GZrT{QbLzq) z9UYyYjwQNrr*mVudg5d*28*`w_>WqQddOPu@ofJPLlVKi-rJ`ueEO zC{J&pQJVqzmNMnD)alc%GH&m0SRQ~uYwitDGZP1HQakY>!gA(1MgdD`nrsP(fbt_V zzBK|!%+Ut_ImhWbdJZvD*UA%C2PES4lzgWLprN%vtr!~773;x(Yg}46ZWT1u1+Bgn z#tkESxIHka`J<=QOvIR+YkCKFBi)DkYrLKfh>LeCe%Y9zq+OWhH93-;)79WN`}L|^ z(9cr;#eUzHsZiJUOS@>=`}*!!-Oaup5fPEWCOpQY6lD5SaduaR9ojYd(b~#l&1zhR z(gmRW!t&BrK}7J|Yua24$nHnGEL&;|XYU6Y`=GG-K$rf|PzFUgcTZR9v2&6O=pl9t#rZdrrPSqRKf46N!-vVRtn@VG~R0WY{RYN#WWY7S1j<~0xRawel^x?pEH^{!d<@2Uv1MTJRKWJNP{mJ2#dKh zAu9E~(de;58!quV=3k?{*K%g7E)5)f>>K#w+kJ|+>n4}xdp(-^t8H_eqNG2Ic@FY@ z)I|0@IUAn_*TvhFOVW}Y<#WyqF(7>xZ643ge0laR>S|8ygi+DC2;v8n+$BpHSJt1)@O64aF{usydjjUZ+R%(<<3Q=n!QNg%Fl0PE}!&yv7iM~eh}57 zw+wQ-z1t?lT{hu-i(P&!YB@>NLc|mG%qovX*w6!8BSzWG)M$L~fJvChhE?}vANtY$ z5VPgSpA&teCqnBsF0cq4lf`r1H8-Q}D+1~6Ushd0%FyJQSDDHl9e3pHFRspL(POwp zQc_dL53}9~VqSlx=$6H}do+1P1GcwHQceyX%d0%VG5$(XnlFlzD1tm}$22z6nN-Nd zBsd63efYrPv3DDvpB{d>*|kE{v2A+@*b*alI&6>a87j^Ij#V>n(kb8>c3FFR2Q%_SwCJyY@c&3%uSrA67 zQ+O6e#XcN3-Ox>cKBny0y6XXit;SK$s@SX?t9<~?WBlh{%C6Wwj9vRiJV5Rm)yN1; zvxK08Tzy`W{EYVcXLBM|TQ1!D@kUM+qOFI+KK~j|sb0uZo6R08T#Co@s60U!bkLOC zx$PfViyCA#wn*29vJ*?g?>`LJExZfA_&}I`GL*49rUoEx*pADvR zw37oo&VJ>3)L8^jSJsDI@Llo5hsR#NiT~Lj;_JHse8r_Fi|HGkT%Qa6zB$uQ((-AbI~{3NyfZo3bOVoQN_(qYDxj% z(u>p}HaOXRr;C5&Wp|2qJ=2R@B*dx21j(rv16 z7fB&k`XdNefpbY9;{^riXOW>`HW39yJZEvbhaM1u|2Z?^%NsPw*EOhR8gn*l)VL!Bs?(f3dutzU=>kwDu(2W%1bqVid&~ zn7Ya2s&kP{Cd=EB8e{u}oAASFc(HGUsFW^JQH!EG+;2UCLQW?t9!EU$wQG)(ce=i0V&C4xW&fQ= zba%QF=?&1_FS$i}bb|?I;xL#8S=u}Qi-ReBd&-(e;y^9x?y#;0QJ-6}Kr)cp^ z$N3kcyGo=$Khm)eh0~&qIJGz5=FY|R7rF!=#}nD7VJDuPJ+taPA z9>Z}%U|%ArBVRq4i1Ad+#2KoxaJ*qCJcfHe3~HzXgIcR3Ng#lW;~%RMH0jO|p3;L= zoC6Iv_7ny3%5z3GXQNBE7=1fNWVCL2_X=N4PEM9%l;h|zINw6o)^!g)6ohdSF)M(i zyb3?*1S$bPG334AWQKIMK~K!KO9x0jL;J&JhdNO*QPJAB-9-<+o} zh@`0*+lf`yQC5WV>UTA-(bsq-YM-e-wBDUlwt|9!E{UqOgX=%49Un(BRHD5vYsK;0 zt{w!o0pkd?{m;em$0st&QBT3V#y@%e*R4?OWceHjY=c8*R? z?lSE!EUGcLyR8F7KlCk6)lIkmnCyKy*;~DmtKU^q5aMJLG!wD(^Gn>z^|ck(l?eZW zl}kQB3nY`Ok~g`6L;F_lOmib3o|z%*HD(O~mGM{C9?^@xz0BqhdJYUb2S)?`WCC?q z@VEC6ukRlpUWy4!7RDLh9hQHvWhoaFYx_dMbIe%n*Si*_yqT&+}o{IR5q ztUTM=x%_k9Hl@pllgKm>EI*$24O}6JhEDg@*k@+VK4b}WaUnVdzkA4xy35nd#ePr4 zsqEf?X1QoWiCOv6cS73SmmsZ8K}*k}DC|gb#jE@|T;gT(c7LPz?N0rVg-wVd1;hOpy&&ZXXe2b=>u2QzAM$V{?AJ5vS z(>Xg>dF)z{9+E}FqV;EpY*U4r^2_)Rcl!0%D9ZJqpWkhHQ+hL0gvNO}w2|T)kl3Ck zf@n*e((?15?+eD*W;M8XqE=7;u0 zi%bw{Vpr0bCZEX1T8M||nSb&oETZGF$L<>)?d|hsbOGnz6trZ*p@RBRk;d$Vp*mXKSL06tTR(&uaDsnKVvrDI>$)wFUDX zAnsaiVOJ$Be7VK&fG35BiXQkN-m9UpeuOvf!2!!QL>NbNR4@Kp)Z-YUCJSM~zT2A% zQe4s`gec(o{!?~!&-!d~lWDwl&`irC-7fh|m-rAPgs&{|TGGaSxVP0&RFcbwUBu3P zhtA*C6W_2JSy^2TnjT}|%{475)<>>tQj9hRuPhfDGmwth6r3KbP(CMe{(4^Bldc3K z<@_-thSW7RMkGgVqZ0D|x}~tLhi6j55#(+XaXC1c2qp+_L1K1~s%S$;W#5Px^#>Ar z%AQ~YCVMJ}O`4XGgHIE`9lKUQ5wbok+XP|cQ5fyL&3Zn0^2daU6RytTP@J!=Rc6se zsVwJ3-nLWjq~-dsUY&UOfLac60Mo&+wWfKdS`sHeRiX}X}z+>e{T3xO!}p? zkFP@3=bkUtxWd`bAgHx(@@Dzx0th<{!=YQ&10JpiooPW#0M0fHG$3=n)7oEalpVtq8P=vRaQl8<>q3{!-OMSOr zhwxKL=&#UuE)A|9ETtY}&C-XaCy5Bb0e-+wIdYu?ScT_KnsH&p%UgfxUl?E}TJe55 zFv^RUrwV%_C}SK7cNbw}*$?o>8{S&hCj+3X7oP6@1ArbD_V+D}$+{-Y`QzIMd-BbU zXSHFc6?}RB?eIx^1N$tMGhp+jB_3GfZTgUKTtD@09Z|Ef zT&?HQdBR=g2NA5ihn|DeXXE#Cef*QB)1b%bDyWf`p)_0fHw=*m8_tCBv=FTZo9wsi z$KV=K5Y@%0epjWn`7S-34g=071|F^!@D|ZKvo(Q>m`v3y50?IV|MG@Chu&F#SX_=Y zOt&7q7+ou7`QW@KwbzHm01*R0k(bFf7eCZ*tgmPeK8eOHKeehcGvQ&&aH(9Ys#u$0igcx8#6(Vu!iUgA@+=BeO$o5rY$`S`|-Ft7VkO z!7a4;VB&b5Ub-ZgET&@e(K&-^15osgEI9_qHGKC;7v6sAPfemQsO9NloqH-=aOzTU zyY1vTs1TIj17o4@T+m1gW{f_t)RIaXlUAs-q;j}`XFEGqygonh^l=p9%SVr3uQ){9 zRWe_*cN;c%jp*3~joFG=H;(eScq(8ay!XDnR%UD2 zhjEx8GctHXI>@#}p#jm&Ro7i&Gi~9*3vLRAI|p4qj>QNvAT6JX84L5!QOzzbEx`y> zQ}PXO@uEMXImEGJnIC#Ar?I?v&9YGjmMz| z>zaht77LvRiVrc2WnaG9fjLV;w zG0%LC2#)(nAW$EUOnwX`Ue$Ei7yW_($-vtEN=RaNc$LQ>1~b^`K99NhL9A)rT6}Gx zmnz`4&5s65oaxg7<046?R~eJ8G;fxs);V&bCPLHN(IL2)tkkM=Nt)ElY|j};2Axgq z{WogYYR1p@PuYsb!4JQSKa}lrfY=h2zRSn1f!+O9Oed>O4-y8=zat`|4l-69I(*0& zWUTGs+YlEHyu4m*j^-N?lS zMzpI%iNRQMPB#ECU!FRF!)ET`RPL(CCcE%q?b3uR#jK8^fi+FV8M$0YKMkFMh$7*H z4JAM7`Yd8xR@D;5V)WSI`a6aE>X&4)=(45;8hS;<#CixW%R?dc&Y81Pqf6%qx!grR z%P!-u5m6F(d3lp)h9Eef-o;xD3NbIPa}*vwe*7i4x?8b!_IZqd;mU(mU>w?5oqHw2 z`D$ry#QlWys{e5NZR@XmgG_ES%w^%G)L6C3eObjQ(*>;Ja29uHr?5jxL+_jwmA08DOx3dZPDObjg6+NV-ggY zCFZ9(;u|RJa`<`sE9F1(d@%%>t492cBW14x;0%<-kj$3Pq>-7KY59t*(>4NGb@YDy zGPn34v=qoy42A9CaYipI3!?mTq7r+Xe}+d!pei!s-Wvr!CzbKjR&3JG6R*<>qt>~=r*zet(O^;Lb@ zLfS^4so<>Hc@7oi21Z(;EvxlVcPy1PT$Fyoq{8hDOV-K#_r9_b*e`KSMU*i)_ZUWm z^Yg#&iO;CK26DG@Dv9oJ{XLP2jKWsjcc;UK@awU)F-YIXI(9Sk%@3u7*+Q@r9FVdNKB-Q|9M}!cDEs$@W-byT#0oXy0Fs9qo-X-bQP3H$^svb znrW-c!bM@wCOkkS30Nny6jJS{YlF1Lg@!UwAj12cufr z*7!RkYo(t*9^fF`a%FPPfRBzibftk<<^VVTZq3U5ZFB0hJ4Q!Hm$_$LFtLkMx3 zMmKQ9?)Vu033sdhE8|c8+D}O~x$&1h zdkR!o5dzP5i)gAKFAtqdK;@V0GH$#7_E{XSg)1p0Xz07ib!U=9mW7h#ubV8C~fI5pM8MKHg+Hr-R%wz|I9H0{ob&Lqad1(uYT zz9uwI7+7kvDUrZoYB8wnGnRHCpP4wRkAzjOLC({^5&B4tlnt#|$#4PC5c|l8E%Ds+ zI{i1$a|2u`^Zh<5yZ5V=`I#@}EBb`oG#$La0V2K?GAMEKH7)V+8_&jQd6A>>Rfoe} z%oWYd>p)XDIsU3AbD%j|nfcoN`uh4irKi|6s8fX{4B_qrqPg4x)Xw>_Z=CNJc>`W= zx|u73W{3$p%6wJtK5Hk7gs&~&!^_n6A^Gs8Sn1sTI+(vIw8Nf;6Uv`<7 zo}rWwsa!aKaL=#R#-{7hTO{hmHoHiCmVWp4?X3tIy|bV6?{&fZ8v?7%EG?xe%9V_J zk0JP{j0Ve{^u>FUlrX(Hdpk94Xh|{%r}QvG5SCV%IkAc6m8;!jM0qpzD>)~xA=&1m zsocaxL`eq<;8d7AR<=WQy5k$Vm(s zo67ByOwLhz?Rr=euEw@hS@{jd_WG7zNlzu;f^o!2_3NgS=C7wNPwB-eD1vV`M%&G2 zPcVT1na|vBXyusCzGNE>+mn>zrM73;lqiM>hOvGAl%=dI`c2{Ssh&zEVz%N%x8NqK zhj4GT4K(dJ3KvV-QF9`4%+h)9z5ZF;p|TJ6j#{3T4(ZM#;>Wp&o&f>1(~-u@h_1C; zv?QE)*}WfZ-!Ho$N0ryagp)e2WG^pt+w=~}P?_3S^VV&=|K6EAKZY~4Ys(`lfG@dr zC4D0QA%t(!N;>6}1?Dxzke^{|E8zRb{e$RN>=%B-Do*HfM+YVGQd8mpF*M8P4hA#U%LTGHsj+2%!T9kICG>Po+qZ>3A59 rI4?nWjKNSbMX(HU^0m&T4QjC!ZL_| ​ ``` -Ensure you are using the option **–n**, everytime you calling helm​ +Ensure you are using the option **–n**, every time you calling helm​ ```bash helm –n umbrella-$USER ​ @@ -54,9 +54,9 @@ This will ensure that ingress is working in the correct environment of your clus ## Using Umbrella Helm Charts for the Deployment -This Tutorial will be deployed by using an umbrella chart, which provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network consisting of Tractus-X OSS components. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running, see above warning). If several clusters are riunninh we need to adjsut a few configartion files. +This Tutorial will be deployed by using an umbrella chart, which provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network consisting of Tractus-X OSS components. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running, see above warning). If several clusters are running we need to adjust a few configuration files. -The currently available components availbe by the Umbrella Helm Chart are following: +The currently available components available by the Umbrella Helm Chart are following: - portal - centralidp @@ -77,8 +77,8 @@ We now start to deploy the TXD, our own dataspace. We will start by downloading - get the source - start minikube bringing up the cluster (profile) - enabling Ingress for local access using the addon for Minikube -- adjusting the configurationb files for the Umbrella Helm Chart (this is not required, if you are the only user on a system) -- bringing uo the certifacation manager +- adjusting the configuration files for the Umbrella Helm Chart (this is not required, if you are the only user on a system) +- bringing uo the certification manager - Using helm to install our first dataprovider and consumer EDCs - checking their liveness @@ -91,15 +91,15 @@ For the most bare-bones installation of the dataspace, execute the following com git clone [https://github.com/eclipse-tractusx/tutorial-resources.git](https://github.com/eclipse-tractusx/tractus-x-umbrella.git") ``` -We now will find under your current working directory the directory [tractus-x-umbrella], change into this drectory: +We now will find under your current working directory the directory [tractus-x-umbrella], change into this directory: ```bash cd tractus-x-umbrella ``` -### Start the minkube cluster (profile) +### Start the minikube cluster (profile) -To start the cluster we just call **minikube start**, if we have morethen one instance, we use -p option to set the profile name minikube-$USER, we use the othe roptions to request the appropiate resources. +To start the cluster we just call **minikube start**, if we have more then one instance, we use -p option to set the profile name minikube-$USER, we use the other options to request the appropriate resources. ```bash minikube start [-p minikube-$USER] --cpus=4 --memory 6gb # Start the cluster, if -p option is used with the profile name minikube-$USER @@ -111,7 +111,7 @@ We now switch the context to minikube profile, this is required to ensure Ingres minikube profile minikube-$USER # Switch the context to minikube profile ``` -You can check you minikube cluster any time by starting the Minkube dashboard: +You can check you minikube cluster any time by starting the minikube dashboard: ```bash minikube [-p minikube-$USER] dashboard # if -p option is used, with the profile name minikube-$USER @@ -125,17 +125,17 @@ in order to enable the local access via ingress, use the according addon for Min minikube [-p minikube-$USER] addons enable ingress # if -p option is used, with the profile name minikube-$USER ``` -You will be fine by just enabling ingress, if you now add a few hostnames into /etc/hosts. You shoul densure that you have access, the /etc/hosts file group entry should be assigend to the group **docker**. check with +You will be fine by just enabling ingress, if you now add a few hostnames into /etc/hosts. You should ensure that you have access, the /etc/hosts file group entry should be assigned to the group **docker**. check with ```bash ls -al /etc/hosts # Output should be like: "-rw-r--r-- 1 root docker 414 Jun 16 14:34 /etc/hosts" ``` -Alternatively confugire the DNS Service to be enabled for Ingress. +Alternatively configure the DNS Service to be enabled for Ingress. :::note - Ths requires that you have an DNS on your system running and that you have **root accees** via **sudo** + Ths requires that you have an DNS on your system running and that you have **root access** via **sudo** ::: @@ -143,7 +143,7 @@ Alternatively confugire the DNS Service to be enabled for Ingress. minikube [-p minikube-$USER] addons enable ingress-dns # if -p option is used, with the profile name minikube-$USER ``` -Find out the IP Address of your minikube clsuter by entering: +Find out the IP Address of your minikube cluster by entering: ```bash minikube [-p minikube-$USER] ip # if -p option is used, with the profile name minikube-$USER @@ -172,7 +172,7 @@ sudo resolvconf -u systemctl disable --now resolvconf.service ``` -Check if the dns reasolving is working by requesting the IP addresses for the differnt service +Check if the dns resolving is working by requesting the IP addresses for the different service ```bash nslookup centralidp.tx.test @@ -180,7 +180,7 @@ nslookup dataconsumer-1-dataplane.tx.test nslookup dataprovider-dataplane.tx.test ``` -They should all return the saem IP adresse (the one of Minikube [-p minikube.$USER ip ]. If you face issues in resolving the address, add the following hosts entries into your /etc/hosts file, and replace the IP address with your value and **tx** by your choosen name: +They should all return the same IP address (the one of Minikube [-p minikube.$USER ip ]. If you face issues in resolving the address, add the following hosts entries into your /etc/hosts file, and replace the IP address with your value and **tx** by your chosen name: ```bash 192.168.49.2 centralidp.tx.test @@ -214,7 +214,7 @@ helm install is used to install a chart in Kubernetes using Helm. --create-namespace create a namespace with the name umbrella -**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]!** +**If we have more than one instance of the minikube clusters running, we also should modify the namespace [umbrella] to [umbrella-$USER]!** ::: @@ -224,7 +224,7 @@ We start with ensuring that we are using the released charts. helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev ``` -For the tutorial we first select a subset of components for the dataexchange between a dataconsumer (Alice) and a dataprovider (Bob). The needed components are the following: +For the tutorial we first select a subset of components for the data exchange between a dataconsumer (Alice) and a dataprovider (Bob). The needed components are the following: - centralidp - managed-identity-wallet @@ -233,9 +233,9 @@ For the tutorial we first select a subset of components for the dataexchange bet ### Using a preconfigured configraution file [values-adopter-data-exchange.yaml] -We chosing a predefined subset of the E2E adopter journey which provies the above selecteion. +We chose a predefined subset of the E2E adopter journey which provides the above selection. -#### Moved to the Umbrella dircetory with the config files +#### Moved to the Umbrella directory with the config files ```bash cd /tractus-x-umbrella/charts/umbrella @@ -249,7 +249,7 @@ skip the next paragraph, if you are running the only one minikube cluster on you #### Adjusting the Config files for multi user usage -In case we have to modify the values within the configuartion files as we run in a multi use enviromnet, we need adjust the domians names within the configuration files.A simple way is to update the file by using **sed** as line editor. +In case we have to modify the values within the configuration files as we run in a multi use environment, we need adjust the domains names within the configuration files.A simple way is to update the file by using **sed** as line editor. ```bash # adjust values.yaml @@ -335,7 +335,7 @@ kubectl apply -f kubectl-apply-in ``` -#### Now we install the perdefined setup for our tutorial +#### Now we install the predefined setup for our tutorial Getting dependencies from Repo ... @@ -382,7 +382,7 @@ curl -X GET http://dataconsumer-1-controlplane.$DOMAIN_NAME/api/check/liveness | Please be aware, that all services and applications that were deployed in the previous step, are **not** accessible from outside the Kubernetes cluster. That means, for example, the Postgres database cannot be reached out-of-the-box. -As mnentioned above you can use the minikube dashboard to inspect your cluster: +As mentioned above you can use the minikube dashboard to inspect your cluster: ```bash minikube [-p minikube-$USER] dashboard # if -p option is used, with the profile name minikube-$USER diff --git a/docs/tutorials/e2e/connect/prepareInfrastructure.md b/docs/tutorials/e2e/connect/prepareInfrastructure.md index e73a272ec39..5d4eddd3fd5 100644 --- a/docs/tutorials/e2e/connect/prepareInfrastructure.md +++ b/docs/tutorials/e2e/connect/prepareInfrastructure.md @@ -10,9 +10,9 @@ preconditions are met. - Have a local Kubernetes runtime ready - Have kubectl installed -- Minkube is installed +- Minikube is installed - you have a web browser -- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise. The tutorial conatins examples for `bash`. +- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise. The tutorial contains examples for `bash`. - basic knowledge about Helm and Kubernetes - [Optional] a cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) - [Optional] a graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). diff --git a/docs/tutorials/e2e/inform/architecture.md b/docs/tutorials/e2e/inform/architecture.md index 7bf0c4208df..3426e6d6a96 100644 --- a/docs/tutorials/e2e/inform/architecture.md +++ b/docs/tutorials/e2e/inform/architecture.md @@ -10,66 +10,79 @@ The tutorial is under continuous development. The [TXD architecture](#the-tractu ## Components of the Tractus-X Data Space ### EDC + A key component of the Catena-X architecture is the [Eclipse Data Space Connector](https://github.com/eclipse-tractusx/tractusx-edc) (EDC). **This component is used to exchange data between participants**. This includes: - Provide data to other participants in the data space. - - connect data sources to the EDC - - define policies for the data consumption - - create contract definitions for souvereign data exchange + - connect data sources to the EDC + - define policies for the data consumption + - create contract definitions for souvereign data exchange - Consume data offerings from other participants. - - Request data catalogs - - negotiate contract offers - - transfer the data + - Request data catalogs + - negotiate contract offers + - transfer the data :::info -The tutorial setup includes two EDCs: **Alice** and **Bob**. The EDCs are already registered in the TXD setup and the technical users are created in the Keycloak instance. +The tutorial setup includes two EDCs: **Alice** and **Bob**. The EDCs are already registered in the TXD setup and the technical users are created in the keycloak instance. This represents the minimal Setup for data exchange in a data space. ::: + ### Managed Identity Wallet (MIW) + The Managed Identity Wallet (MIW) provides a service where you can **store your Verifiable Credentials (VC) for any Catena-X services** in a safe place. This is only an intermediate step before self hosted wallets are supported and organizations have the choice to either use a managed service or store their VCs in their own wallets. -### Identity Access Management (IAM) - Keycloak -Keycloak is used to **manage access to central components**, e.g. the MIW and some of the discovery services with typical OAuth Client Credentials flow. +### Identity Access Management (IAM) - keycloak + +keycloak is used to **manage access to central components**, e.g. the MIW and some of the discovery services with typical OAuth Client Credentials flow. ### Portal + The Portal as an overall product is a complex composition of several interacting solution building blocks. It is generally designed to work with the IAM. For the tutorial relevant parts of the Portal are: + - BPDM-Pool - Semantic Hub ### BPDM + BPDM is an acronym for **business partner data management**. It serves two main purposes: + - Provide services for querying and sharing business partner information -- Establish an infrastructure for realising the Golden Record process which turns business partner information from sharing members to Golden Records, that is cleaned and enriched business partner data uniquely identified by a business partner number (BPN). +- Establish an infrastructure for realizing the Golden Record process which turns business partner information from sharing members to Golden Records, that is cleaned and enriched business partner data uniquely identified by a business partner number (BPN). The BPNs are also used in access and usage policies. :::info -In the current TXD setup the two participants (Alice and Bob) have preconfigued BPNs. Therefore the initial registration process is not part of the tutorial. In the real world you will receive your BPN via the onboarding / registration process [onboarding process](https://catena-x.net/en/catena-x-introduce-implement/onboarding). +In the current TXD setup the two participants (Alice and Bob) have pre configured BPNs. Therefore the initial registration process is not part of the tutorial. In the real world you will receive your BPN via the onboarding / registration process [onboarding process](https://catena-x.net/en/catena-x-introduce-implement/onboarding). ::: ### Semantic Hub + The Semantic Hub **manages and stores all semantic model definitions** within the data space. It is a key component for achieving a common understanding of data within the ecosystem. ### Discovery Services + In a fundamentally decentralized system, it is important to find other participants and their "address" for data exchange. This can be achieved with the Discovery Services. + - The Discovery Finder is responsible for finding a matching BPN Discovery for a given type - e.g., "bpid", "oen". - The BPN Discovery is responsible for finding the corresponding BPNs for a given type. - The EDC Discovery is responsible for finding the corresponding EDC endpoint against a given BPN. ## Digital Twins in Catena-X -In Catena-X digital twins are realized with the [Asset Administration Shell](https://industrialdigitaltwin.org/) (AAS). The AAS represents a vehicle to transport data of a real asset in a standardized and interoperable manner. This digital representation of the asset is called digital twin and is implemented in an AAS. To describe the different aspects of the asset with the AAS in a common language, so called aspect models are defined in the data space. These aspect models define the semantics for the respective aspect of the digital twin. A submodel is then an implementation of an aspect of the digital twin. For a more detailled explaination see [Digital Twin KIT](https://tractus-x-community-days.github.io/eclipse-tractusx.github.io/docs-kits/category/digital-twin-kit). +In Catena-X digital twins are realized with the [Asset Administration Shell](https://industrialdigitaltwin.org/) (AAS). The AAS represents a vehicle to transport data of a real asset in a standardized and interoperable manner. This digital representation of the asset is called digital twin and is implemented in an AAS. To describe the different aspects of the asset with the AAS in a common language, so called aspect models are defined in the data space. These aspect models define the semantics for the respective aspect of the digital twin. A submodel is then an implementation of an aspect of the digital twin. For a more detailed explanation see [Digital Twin KIT](https://tractus-x-community-days.github.io/eclipse-tractusx.github.io/docs-kits/category/digital-twin-kit). ### Digital Twin Registry + The Digital Twin Registry (DTR) is a decentralized component that can be registered as a contract definition in an EDC. It serves a function similar to the index in a book. With the DTR, a data consumer can get an overview of WHAT to find, HOW and WHERE to access it. The registry contains submodel descriptors that point to the endpoint of submodels of a digital twin. ### AAS-Server + The AAS-Server or Submodel Server is used to store submodels. :::info diff --git a/docs/tutorials/e2e/inform/onboardingMaterial.md b/docs/tutorials/e2e/inform/onboardingMaterial.md index ebf444bacb1..1972bc81d46 100644 --- a/docs/tutorials/e2e/inform/onboardingMaterial.md +++ b/docs/tutorials/e2e/inform/onboardingMaterial.md @@ -38,7 +38,7 @@ To enable the use cases, Catena-X builds a decentral data space. In a data space :::note -For an in depth description of data spaces and the conceptual model behind Catena-X, read the Industrial Data Spaces Association (IDSA) Reference Architecture Model 4.0: +For an in depth description of data spaces and the conceptual model behind Catena-X, read the Industrial Data Spaces Association (IDSA) Reference Architecture Model 4.0: The Catena-X Operating Whitepaper describes how the Catena-X data space is operated: ::: diff --git a/docs/tutorials/e2e/prerequisites/prerequisites.md b/docs/tutorials/e2e/prerequisites/prerequisites.md index e00af0624f4..26e2adb5c04 100644 --- a/docs/tutorials/e2e/prerequisites/prerequisites.md +++ b/docs/tutorials/e2e/prerequisites/prerequisites.md @@ -39,7 +39,7 @@ In case you want to install Tractus-X components or [Kits] directly on your loca - Your local system should run a Linux Version (Debian or Ubuntu 22.04 or higher are recommended) - You need super user privileges (either root access or the right to use sudo) - The above tools should be installed (Docker, Kubernetes, Kubectl, Minikube, Helm and Browser, X-Environment) -- To enbale users to run the tutorial after you ave installed the required enviroment setup the environmemt as described in the last section. +- To enable users to run the tutorial after you ave installed the required environment setup the environment as described in the last section. ### Access to the Internet @@ -109,7 +109,7 @@ The above list is currently a candidate for changes, especially as long as the u #### https (443) -You will need https (port 443) as open port for getting access to the above repositories. If you do not have direct access from your system, you most likely work in an environment which is using proxy forwarding for https. An easy way to configure your system to use the proxy server is by setting the envionment variabale "https_proxy". For example with the command below (bash), if the port 8080 is used for the forwarding: +You will need https (port 443) as open port for getting access to the above repositories. If you do not have direct access from your system, you most likely work in an environment which is using proxy forwarding for https. An easy way to configure your system to use the proxy server is by setting the environment variable "https_proxy". For example with the command below (bash), if the port 8080 is used for the forwarding: ```bash export https_proxy=http://[proxy-web-or-IP-address]:8080 @@ -123,7 +123,7 @@ export https_proxy=http://[username]:[password]@ [proxy-web-or-IP-address]:[port :::tip -The above URLs then will be passed only if your proxy server is configured to forward the above whitelist of URLs. To ensure your setting is permant, you may want to add the above command in your .bashrc or /etc/environment. Further you can configure apt to use the proxy by entering the following into the configuration file /etc/apt/apt.conf: +The above URLs then will be passed only if your proxy server is configured to forward the above whitelist of URLs. To ensure your setting is persisted, you may want to add the above command in your .bashrc or /etc/environment. Further you can configure apt to use the proxy by entering the following into the configuration file /etc/apt/apt.conf: ```bash Acquire::https::Proxy "http://[username]:[password]@ [proxy-web-or-IP-address]:[port-number]"; @@ -151,11 +151,11 @@ Opening further ports is not required for the tutorial, as the setup is designed ### Install the basic tools (on Ubuntu 22.x and higher) -Within this section we briefly describe how to install the required tools on an Ubuntu system. We have tested this on 22.04.3 LTS (GNU/Linux 5.15.0-86-generic x86_64). Please check the online availabe documentation for further details. +Within this section we briefly describe how to install the required tools on an Ubuntu system. We have tested this on 22.04.3 LTS (GNU/Linux 5.15.0-86-generic x86_64). Please check the online available documentation for further details. #### Install docker -Ensure that you are up to date with your release (for Ubuntu we use atp, which needs to run with root priveledges): +Ensure that you are up to date with your release (for Ubuntu we use atp, which needs to run with root privileges): ```bash sudo apt update && sudo apt upgrade @@ -169,7 +169,7 @@ sudo apt install docker.io :::note -The user group docker shoild be created, check if it exists. +The user group docker should be created, check if it exists. ```bash grep docker /etc/group @@ -268,7 +268,7 @@ curl -Lo minikube https://storage.googleapis.com/minikube/releases/latest/miniku && chmod +x minikube ``` -The chmod command is used to ensure minikube is executable. If you want other users to have access, you should copy the executable to /usr/bin/ or nother comparable location which is used by all users. Ensure that all members of the group "docker" have access. +The chmod command is used to ensure minikube is executable. If you want other users to have access, you should copy the executable to /usr/bin/ or another comparable location which is used by all users. Ensure that all members of the group "docker" have access. ```bash sudo cp ./minikube /usr/bin @@ -380,11 +380,11 @@ So we run the following commands, assuming the user already exists: ```bash sudo addusr tx01 docker # adds the user to the group docker -sudo chgrp docker /etc/hosts # change the group permissin from root to docker +sudo chgrp docker /etc/hosts # change the group permission from root to docker sudo chmod 664 /etc/hosts # This allow now our user tx01 to edit /etc/hosts ``` -You should brief your user regarding their responsiblity when theri are editing /etc/hosts. +You should brief your user regarding their responsibility when they are editing /etc/hosts. :::Warning diff --git a/docs/tutorials/e2e/boost/assets/Step1.png b/static/tutorials/e2e/dtr-access-token.png similarity index 100% rename from docs/tutorials/e2e/boost/assets/Step1.png rename to static/tutorials/e2e/dtr-access-token.png diff --git a/docs/tutorials/e2e/boost/assets/Step2.png b/static/tutorials/e2e/dtr-get-aas-ids.png similarity index 100% rename from docs/tutorials/e2e/boost/assets/Step2.png rename to static/tutorials/e2e/dtr-get-aas-ids.png diff --git a/docs/tutorials/e2e/boost/assets/Step5.png b/static/tutorials/e2e/dtr-get-data.png similarity index 100% rename from docs/tutorials/e2e/boost/assets/Step5.png rename to static/tutorials/e2e/dtr-get-data.png diff --git a/docs/tutorials/e2e/boost/assets/Step3.png b/static/tutorials/e2e/dtr-get-descriptor.png similarity index 100% rename from docs/tutorials/e2e/boost/assets/Step3.png rename to static/tutorials/e2e/dtr-get-descriptor.png diff --git a/docs/tutorials/e2e/boost/assets/Step4.png b/static/tutorials/e2e/dtr-get-token.png similarity index 100% rename from docs/tutorials/e2e/boost/assets/Step4.png rename to static/tutorials/e2e/dtr-get-token.png diff --git a/docs/tutorials/e2e/connect/assets/img.png b/static/tutorials/e2e/img.png similarity index 100% rename from docs/tutorials/e2e/connect/assets/img.png rename to static/tutorials/e2e/img.png diff --git a/docs/tutorials/e2e/connect/assets/scr_pgadmin1.png b/static/tutorials/e2e/scr_pgadmin1.png similarity index 100% rename from docs/tutorials/e2e/connect/assets/scr_pgadmin1.png rename to static/tutorials/e2e/scr_pgadmin1.png From c6966cd1484df44ecdc096508272035c025e0ce8 Mon Sep 17 00:00:00 2001 From: Benedikt Reister Date: Fri, 21 Jun 2024 11:37:29 +0200 Subject: [PATCH 30/41] docs: Update Connect & deployComponents Chapter --- docs/tutorials/e2e/connect/connect.md | 53 +- .../tutorials/e2e/connect/deployComponents.md | 758 +++++++++++++----- .../e2e/connect/prepareInfrastructure.md | 34 - 3 files changed, 589 insertions(+), 256 deletions(-) delete mode 100644 docs/tutorials/e2e/connect/prepareInfrastructure.md diff --git a/docs/tutorials/e2e/connect/connect.md b/docs/tutorials/e2e/connect/connect.md index cc564036256..04c7218dc03 100644 --- a/docs/tutorials/e2e/connect/connect.md +++ b/docs/tutorials/e2e/connect/connect.md @@ -3,37 +3,52 @@ title: "Chapter 2: Connect" sidebar_position: 4 --- -The `Connect Chapter` describes step by step how you have to setup your local enviroment of your own data space including a kubernetes cluster, services, networking and security. On this stack you will deploy the components that you need for data provisioning and data consumption. Along with that you will deploy all the components that simulate the core service provider in our data space. You will use the technology of Umbrella Helm Charts to configure and deploy your environment. +The `Connect Chapter` describes step by step **how to setup your local enviroment** of your own data space including a kubernetes cluster, services, networking and security. + +:::info + +Make sure that you have understood and carried out all the steps in the `Prerequisites chapter` before you start deploying the components. + +::: + +On this stack you will **deploy the components** that you need for data provisioning and data consumption (decentral components). Along with that you will deploy all the components that simulate the core service provider in our data space (central components). + +You will use the technology of **Umbrella Helm Charts** to configure and deploy your environment. The Umbrella Helm Chart will contain the components shown in the following table. + +|Quantity|Component|Function|Version|Type|GitHub-Link| +|---|---|---|---|---|---| +|1|Portal|The Portal is designed to work with the IAM.|1.8.1|Central Component|[Link](https://github.com/eclipse-tractusx/portal)| +|1|Central IdP|The Identity Provider (IdP) authenticates users and provides identity information to service providers, enabling secure access to applications and services.|2.1.0|Central Component|| +|1|Shared IdP|An Identity Provider (IdP) authenticates users and provides identity information to service providers, enabling secure access to applications and services.|2.1.0|Central Component|| +|1|Discovery Finder|The Discovery Finder is used to find endpoints of BPN Discoveries for a specific type, e.g. "oen".|0.2.2|Central Component|[Link](https://github.com/eclipse-tractusx/sldt-discovery-finder)| +|1|BPN Discovery|The BPN Discovery is used to lookup for a specific type/key-combination to a Business Partner Number (BPN). For example looking for a combination "oen / oen-133" will lead to "BPNLXYZ123".|0.2.2|Central Component|[Link](https://github.com/eclipse-tractusx/sldt-bpn-discovery)| +|1|SD Factory|Self-Description Factory (SD-Factory) component is responsible for the creation of Self Descriptions.|2.1.19|Central Component|[Link](https://github.com/eclipse-tractusx/sd-factory)| +|1|Managed Identity Wallet|The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using did:web.|0.4.0|Central Component|[Link](https://github.com/eclipse-tractusx/managed-identity-wallet)| +|1|Semantic Hub|The Semantic Hub in Catena-X is a central element for supporting semantic interoperability within the network.|0.2.2|Central Component|[Link](https://github.com/eclipse-tractusx/sldt-semantic-hub)| +|3|Eclipse Dataspace Connector|The Eclipse Dataspace Connector enables secure and controlled data sharing and usage within dataspaces, creating interoperability and trust between different organisations.|0.5.3|Decentral Component|[Link](https://github.com/eclipse-tractusx/tractusx-edc)| +|3|Vault|A vault is used for the secure storage, management and access control of sensitive data such as secrets, tokens, passwords and encryption keys.|0.20.0|Decentral Component|| +|1|Digital Twin Registry (DTR)|Digital twins can be registered in the Digital Twin Registry so that they can be found by other participants.|0.4.5|Decentral Component|[Link](https://github.com/eclipse-tractusx/sldt-digital-twin-registry)| +|1|Simple Data Backend|The Simple Databackend simulates a backend, i.e. a place where the digital twins are stored.|0.1.0|Decentral Component|| + +:::info This tutorial is - designed for developers who want to get their hands dirty, for companies that want to perform data exchange in actual Catena-X data space infrastructure and generally for curious minds who want to explore dataspaces. - a preconfigured closed environment in one Kubernetes cluster, where the different services located in docker containers communicate within their joint Kubenets cluster, generated by minikube. +::: + +:::warning + This tutorial is [not] - a production environment - designed to work across different locations -Required knowledge and skills: - -- Beginner level docker and kubernetes -- Begninner level Minikube -- Beginner level Helm Charts -- Basic understanding of network and web based communication -- Basic linux system commands - -## Components & Architecture - -By performing this tutorial a data space will be set up including the following components: - -- starting with 2 Tractus-X EDC Connectors (Called Bob and Alice). The EDC is the key component to exchanging data within data spaces. -- 1 Managed Identity Wallet. The Managed Identity Wallet (MIW) service is a central component storing technical identities. Connectors can request the identity, including properties, in order to take decisions if a contract-offer will be made, a contract agreement will be negotiated, or a data-exchange will be processed. -- 1 Keycloak instance. Keycloak is used for Identity and Access Management of technical users. -- 1 Postgres data base. A data base building the foundation for the MXD setup. -- It will be extende by a thrid Tractus-X EDC Connector (called Judy) to allow applying different policies +::: -It further in a second step will be extended the configuration by bringing up a portal We now will start with teh next section deploy to bring up the Kubernetes clsuer with minkube and the frist Umbrella Helm Charts. +We now will start with the next section `Deploying the Components` where you will deploy the components listed in the table. ## Notice diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index d8f9269aa47..1a51a95d15d 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -1,45 +1,68 @@ --- -title: Deploy components -sidebar_position: 2 +title: Deploying the components +sidebar_position: 1 --- -The [TXD] dataspace initially consists of several components: `Alice` and `Bob` (two Tractus-X EDC connectors), -a Vault instance each, a Postgres database, a Managed Identity Wallet app, a Keycloak instance. `Alice` and `Bob` will -be our dataspace participants. Each of them stores their secrets in their respective vault instances, and there is a -shared Postgres server, where each of them has a database. MIW and Keycloak are central components, they only exist -once and are accessible by all participants. +## Preconditions + +:::info + +Make sure that you have understood and carried out all the steps in the `Prerequisites chapter` before you start deploying the components. + +::: + +### Mandatory + +- Local Kubernetes runtime ready +- `Kubectl`, `helm` and `minikube` installed +- A POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise. The tutorial conatins examples for `bash`. + +### Optional + +- Cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) +- Graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). +- Graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in + this guide are created off of PgAdmin. +- Graphical tool to send REST requests, such as [insomnia] ( ) or [Postman](https://www.postman.com/). + +## The Deployment + +### Using Umbrella Helm Charts + +The components (listed in the table in the `Connect chapter`) will be deployed by using an umbrella chart. It consists of Tractus-X OSS components and provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running (see above warning). If several clusters are running, you need to adjsut a few configuration files. :::note -This chapter refers to also to the README for the Tractus-X umbrella charts following the link: + +This chapter aligns with the README for the Tractus-X umbrella charts following the link: + ::: -:::Warning +:::warning If you are [not] the only user on your system working with the turorial, means you are working in a multi-user environment, please ensure, that you understand your impact on other minikube profiles of other users and Umbralla namespaces. Please check, if other user are working on the same system by checking the existance of other minikube profiles with the command: ```bash -minkube profile list +minikube profile list ``` -Please ensure you are using a different profile name f and[never] using options like **--all**. To avoid disturbing other we use the environment varaible [$USER] any time whne we specify a name for a minkube profile of an Umbrella namespace. +Please ensure you are explicitly defining the profile with the `-f` parameter and [never] using options like **--all**. To avoid disturbing other we use the environment variable [$USER] any time we specify a name for a minikube profile of an Umbrella namespace. So if your minikube cluster will not be the only one running in your system, please - use specific names for your cluster profile and namespaces for helm​ - - Proposed name for the cluster profile: **minikube-$USER** - Proposed name for the umbrella namespace: **umbrella-$USER** ​ -- Ensure you are using the option **-p**, everytime you calling minikube ​ +- Ensure you are using the option `-p`, everytime you calling minikube ​ ```bash -minikube –p minikube-$USER ​ +minikube –p minikube-$USER ​ ``` Ensure you are using the option **–n**, everytime you calling helm​ ```bash -helm –n umbrella-$USER ​ +helm –n umbrella-$USER ``` Before you enable ingress enter:​ @@ -52,35 +75,17 @@ This will ensure that ingress is working in the correct environment of your clus ::: -## Using Umbrella Helm Charts for the Deployment +### Overview -This Tutorial will be deployed by using an umbrella chart, which provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network consisting of Tractus-X OSS components. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running, see above warning). If several clusters are riunninh we need to adjsut a few configartion files. +Now we start to deploy the TXD by carrying out the following steps: -The currently available components availbe by the Umbrella Helm Chart are following: - -- portal -- centralidp -- sharedidp -- bpndiscovery -- discoveryfinder -- sdfactory -- managed-identity-wallet -- semantic-hub -- dataconsumerOne (tractusx-edc, vault) -- tx-data-provider (tractusx-edc, digital-twin-registry, vault, simple-data-backend) -- dataconsumerTwo (tractusx-edc, vault) - -### Starting with the Deployment of [TXD] , our own local dataspace - -We now start to deploy the TXD, our own dataspace. We will start by downloading the sources from Github into our local environment. Then we will step by step - -- get the source -- start minikube bringing up the cluster (profile) -- enabling Ingress for local access using the addon for Minikube -- adjusting the configurationb files for the Umbrella Helm Chart (this is not required, if you are the only user on a system) -- bringing uo the certifacation manager -- Using helm to install our first dataprovider and consumer EDCs -- checking their liveness +- Get the source +- Start `minikube` bringing up the cluster (profile) +- Enable `Ingress` for local access using the addon for Minikube +- Adjust the configuration files for the Umbrella Helm Chart (this is not required, if you are the only user on a system) +- Use the certifacation manager +- Use helm to deploy the ecosystem +- Check their liveness ### Get the source from the Tractus-X Github @@ -88,209 +93,605 @@ For the most bare-bones installation of the dataspace, execute the following com ```bash # get the tutorial including the config file for the cluster by cloning the repository locally -git clone [https://github.com/eclipse-tractusx/tutorial-resources.git](https://github.com/eclipse-tractusx/tractus-x-umbrella.git") +git clone [https://github.com/eclipse-tractusx/tractus-x-umbrella.git](https://github.com/eclipse-tractusx/tractus-x-umbrella.git") ``` -We now will find under your current working directory the directory [tractus-x-umbrella], change into this drectory: +Now we will find the directory [tractus-x-umbrella] under your current working directory. Change into this directory: ```bash cd tractus-x-umbrella ``` -### Start the minkube cluster (profile) +### Start the minikube cluster (profile) -To start the cluster we just call **minikube start**, if we have morethen one instance, we use -p option to set the profile name minikube-$USER, we use the othe roptions to request the appropiate resources. +To start the cluster we just call **minikube start**. If we have more than one instance, we use -p option to set the profile name minikube-$USER. We use the other options to request the appropiate resources. ```bash -minikube start [-p minikube-$USER] --cpus=4 --memory 6gb # Start the cluster, if -p option is used with the profile name minikube-$USER +minikube start [-p minikube-$USER] --cpus=4 --memory 6gb +# Start the cluster, if -p option is used with the profile name minikube-$USER ``` -We now switch the context to minikube profile, this is required to ensure Ingress get the correct data of the cluster, but it is not needed, if you run only one minikube cluster on your system. +We now switch the context to minikube profile. This is required to ensure Ingress gets the correct data of the cluster. But it is not needed, if you run only one minikube cluster on your system. ```bash -minikube profile minikube-$USER # Switch the context to minikube profile +minikube profile minikube-$USER +# Switch the context to minikube profile ``` -You can check you minikube cluster any time by starting the Minkube dashboard: +You can check your minikube cluster any time by starting the Minikube dashboard: ```bash -minikube [-p minikube-$USER] dashboard # if -p option is used, with the profile name minikube-$USER +minikube [-p minikube-$USER] dashboard +# if -p option is used, with the profile name minikube-$USER ``` -### Seting up the local internal netwok +### Setting up the local internal netwok -in order to enable the local access via ingress, use the according addon for Minikube: +In order to enable the local access via ingress, use the according addon for Minikube: ```bash -minikube [-p minikube-$USER] addons enable ingress # if -p option is used, with the profile name minikube-$USER +minikube [-p minikube-$USER] addons enable ingress +# if -p option is used, with the profile name minikube-$USER ``` -You will be fine by just enabling ingress, if you now add a few hostnames into /etc/hosts. You shoul densure that you have access, the /etc/hosts file group entry should be assigend to the group **docker**. check with +Now add a few hostnames into your /etc/hosts. You should ensure that you have access and the /etc/hosts file group entry should be assigend to the group **docker**. Check this with following commands: ```bash -ls -al /etc/hosts # Output should be like: "-rw-r--r-- 1 root docker 414 Jun 16 14:34 /etc/hosts" +ls -al /etc/hosts +# Output should be like: "-rw-r--r-- 1 root docker 414 Jun 16 14:34 /etc/hosts" ``` -Alternatively confugire the DNS Service to be enabled for Ingress. +Alternatively configure the DNS Service to be enabled for Ingress. :::note - Ths requires that you have an DNS on your system running and that you have **root accees** via **sudo** + This requires that you have an DNS on your system running and that you have **root accees** via **sudo** ::: ```bash -minikube [-p minikube-$USER] addons enable ingress-dns # if -p option is used, with the profile name minikube-$USER +minikube [-p minikube-$USER] addons enable ingress-dns +# if -p option is used, with the profile name minikube-$USER ``` -Find out the IP Address of your minikube clsuter by entering: +Find out the IP Address of your minikube cluster by entering: ```bash -minikube [-p minikube-$USER] ip # if -p option is used, with the profile name minikube-$USER +minikube [-p minikube-$USER] ip +# if -p option is used, with the profile name minikube-$USER ``` -This return your IP Address which you now use as follows: +In the following steps, replace `192.168.49.2` with your `minikube ip` if it differs. -Update the file /etc/resolvconf/resolv.conf.d/base to have the following contents. +#### Linux & Mac -```bash -search test -nameserver 192.168.99.169 +Create a file in /etc/resolver/minikube-test with the following contents. + +```properties +domain arena.test +nameserver 192.168.49.2 +search_order 1 timeout 5 ``` -::note +If you still face DNS issues, add the hosts to your /etc/hosts file: + +```properties +192.168.49.2 centralidp.arena.test +192.168.49.2 sharedidp.arena.test +192.168.49.2 portal.arena.test +192.168.49.2 portal-backend.arena.test +192.168.49.2 managed-identity-wallets.arena.test +192.168.49.2 semantics.arena.test +192.168.49.2 sdfactory.arena.test +192.168.49.2 dataconsumer-1-dataplane.arena.test +192.168.49.2 dataconsumer-1-controlplane.arena.test +192.168.49.2 dataprovider-dataplane.arena.test +192.168.49.2 dataconsumer-2-dataplane.arena.test +192.168.49.2 dataconsumer-2-controlplane.arena.test +``` + +Additional network setup for Mac: + +- Install and start [Docker Mac Net Connect](https://github.com/chipmk/docker-mac-net-connect#installation). + +We also recommend to execute the usage example after install to check proper setup. + +#### Windows + +For Windows edit the hosts file under `C:\Windows\System32\drivers\etc\hosts`: + +```properties +192.168.49.2 centralidp.arena.test +192.168.49.2 sharedidp.arena.test +192.168.49.2 portal.arena.test +192.168.49.2 portal-backend.arena.test +192.168.49.2 managed-identity-wallets.arena.test +192.168.49.2 semantics.arena.test +192.168.49.2 sdfactory.arena.test +192.168.49.2 dataconsumer-1-dataplane.arena.test +192.168.49.2 dataconsumer-1-controlplane.arena.test +192.168.49.2 dataprovider-dataplane.arena.test +192.168.49.2 dataconsumer-2-dataplane.arena.test +192.168.49.2 dataconsumer-2-controlplane.arena.test +``` + +#### Adjusting the Config files for multi user usage + +In case we have to modify the values within the configuartion files as we run in a multi use enviromnet, we need to adjust the domians names within the configuration files. A simple way is to update the file by using **sed** as line editor. + +```bash +# adjust values.yaml +# +DOMAIN_NAME="$USER.test" +CONFIG_FILE="alues-adopter-data-exchange.yaml" +cp values.yaml values.yaml.orig +cat values.yaml.orig | sed s/tx.test/$DOMAIN_NAME/ > values.yaml +echo "file values.yaml updated with actual dommainame $DOMAIN_NAME" +cp $CONFIG_FILE $CONFIG_FILE.orig +cat $CONFIG_FILE.orig | sed s/tx.test/$DOMAIN_NAME/ > $CONFIG_FILE +echo "file $CONFIG_FILE updated with actual dommainame $DOMAIN_NAME" +# Adjust further files: concept/seeds-overall-data.md, init-container/iam/centralidp/CX-Central-realm.json, init +-container/iam/sharedidp/CX-operator-realm.json. init-container/iam/sharedidp/CX-operator-users-0.json +# +cd ../.. +echo "Modifing file concept/seeds-overall-data.md, ..." +cp concept/seeds-overall-data.md concept/seeds-overall-data.md.orig +cat concept/seeds-overall-data.md.orig | sed s/tx.test/$DOMAIN_NAME/ > concept/seeds-overall-data.md +echo "Modifing file init-container/iam/centralidp/CX-Central-realm.json ..." +cp init-container/iam/centralidp/CX-Central-realm.json init-container/iam/centralidp/CX-Central-realm.json.orig +cat init-container/iam/centralidp/CX-Central-realm.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/centralidp/CX-Central-realm.json +echo "Modifing file init-container/iam/sharedidp/CX-operator-realm.json ..." +cp init-container/iam/sharedidp/CX-Operator-realm.json init-container/iam/sharedidp/CX-Operator-realm.json.orig +cat init-container/iam/sharedidp/CX-Operator-realm.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-realm.json +echo "Modifing file init-container/iam/sharedidp/CX-operator-realm.json ..." +cp init-container/iam/sharedidp/CX-Operator-users-0.json init-container/iam/sharedidp/CX-Operator-users-0.json.orig +cat init-container/iam/sharedidp/CX-Operator-users-0.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-users-0.json +``` + +### Install Helm Charts + +:::warning + +- Due to resource restrictions, it's **not recommended** to install the helm chart with all components enabled. + +- It is to be expected that some pods - which run as post-install hooks, like for instance the **portal-migrations job - will run into errors until another component**, like for instance a database, is ready to take connections. +Those jobs will recreate pods until one run is successful. +- **Persistance is disabled by default** but can be configured in a custom values file. + +::: + +#### Use released chart + +```bash +helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev +``` + +##### :grey_question: Command explanation + +:::info + +`helm install` is used to install a chart in Kubernetes using Helm. -Replace 192.168.99.169 with the output of minikube ip. If you are not the only one running the tutorial on your system replace **tx**with your username stored in **$USER**. +- `--set COMPONENT_1.enabled=true,COMPONENT_2.enabled=true` Enables the components by setting their respective enabled values to true. +- `umbrella` is the release name for the chart. +- `tractusx-dev/umbrella` specifies the chart to install, with *tractusx-dev* being the repository name and *umbrella* being the chart name. +- `--namespace umbrella` specifies the namespace in which to install the chart. +- `--create-namespace` create a namespace with the name `umbrella`. ::: - Then run the following commands: +##### Option 1 + +Install with your chosen components enabled: ```bash -sudo resolvconf -u -systemctl disable --now resolvconf.service +helm install \ + --set COMPONENT_1.enabled=true,COMPONENT_2.enabled=true,COMPONENT_3.enabled=true \ + umbrella tractusx-dev/umbrella \ + --namespace umbrella \ + --create-namespace ``` -Check if the dns reasolving is working by requesting the IP addresses for the differnt service +##### Option 2 + +Choose to install one of the predefined subsets (currently in focus of the **E2E Adopter Journey**): + +###### Data Exchange Subset ```bash -nslookup centralidp.tx.test -nslookup dataconsumer-1-dataplane.tx.test -nslookup dataprovider-dataplane.tx.test +helm install \ + --set centralidp.enabled=true,managed-identity-wallet.enabled=true,dataconsumerOne.enabled=true,tx-data-provider.enabled=true \ + umbrella tractusx-dev/umbrella \ + --namespace umbrella \ + --create-namespace ``` -They should all return the saem IP adresse (the one of Minikube [-p minikube.$USER ip ]. If you face issues in resolving the address, add the following hosts entries into your /etc/hosts file, and replace the IP address with your value and **tx** by your choosen name: +###### Optional + +Enable `dataconsumerTwo` at upgrade: ```bash -192.168.49.2 centralidp.tx.test -192.168.49.2 sharedidp.tx.test -192.168.49.2 portal.tx.test -192.168.49.2 portal-backend.tx.test -192.168.49.2 managed-identity-wallets.tx.test -192.168.49.2 semantics.tx.test -192.168.49.2 sdfactory.tx.test -192.168.49.2 dataconsumer-1-dataplane.tx.test -192.168.49.2 dataconsumer-1-controlplane.tx.test -192.168.49.2 dataprovider-dataplane.tx.test -192.168.49.2 dataconsumer-2-dataplane.tx.test -192.168.49.2 dataconsumer-2-controlplane.tx.test +helm install \ + --set centralidp.enabled=true,managed-identity-wallet.enabled=true,dataconsumerOne.enabled=true,tx-data-provider.enabled=true,dataconsumerTwo.enabled=true \ + umbrella tractusx-dev/umbrella \ + --namespace umbrella ``` -### Install the first setup +###### Portal Subset + +```bash +helm install \ + --set portal.enabled=true,centralidp.enabled=true,sharedidp.enabled=true \ + umbrella tractusx-dev/umbrella \ + --namespace umbrella \ + --create-namespace +``` -:::Note -Understanding the role of helm install and upgrade +To set your own configuration and secret values, install the helm chart with your own values file: -helm install is used to install a chart in Kubernetes using Helm. +```bash +helm install -f your-values.yaml umbrella tractusx-dev/umbrella --namespace umbrella --create-namespace +``` - --set COMPONENT_1.enabled=true,COMPONENT_2.enabled=true Enables the components by setting their respective enabled values to true. +#### Use local repository - **umbrella** is the release name for the chart. +Make sure to clone the [tractus-x-umbrella](https://github.com/eclipse-tractusx/tractus-x-umbrella) repository beforehand. - tractusx-dev/umbrella specifies the chart to install, with tractusx-dev being the repository name and umbrella being the chart name. +Then navigate to the chart directory: - --namespace umbrella specifies the namespace in which to install the chart. +```bash +cd charts/umbrella/ +``` - --create-namespace create a namespace with the name umbrella +Download the chart dependencies: -**If we have more than one instance of the minikube clusters running, we also should modfiy the namespace [umbrella] to [umbrella-$USER]!** +```bash +helm dependency update +``` -::: +##### grey_question: Command explanation -We start with ensuring that we are using the released charts. +> `helm install` is used to install a Helm chart. +> > `-f your-values.yaml` | `-f values-*.yaml` specifies the values file to use for configuration. +> --- +> > `umbrella` is the release name for the Helm chart. +> --- +> > `.` specifies the path to the chart directory. +> --- +> > `--namespace umbrella` specifies the namespace in which to install the chart. +> --- +> > `--create-namespace` create a namespace with the name `umbrella`. + +##### Option 1 + +Install your chosen components by having them enabled in a `your-values.yaml` file: ```bash -helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev +helm install -f your-values.yaml umbrella . --namespace umbrella --create-namespace ``` -For the tutorial we first select a subset of components for the dataexchange between a dataconsumer (Alice) and a dataprovider (Bob). The needed components are the following: +> In general, all your specific configuration and secret values should be set by installing with an own values file. -- centralidp -- managed-identity-wallet -- dataconsumerOne (tractusx-edc, vault) - -tx-data-provider (tractusx-edc, digital-twin-registry, vault, simple-data-backend) +##### Option 2 + +Choose to install one of the predefined subsets (currently in focus of the **E2E Adopter Journey**): + +###### Data Exchange Subset + +```bash +helm install -f values-adopter-data-exchange.yaml umbrella . --namespace umbrella --create-namespace +``` -### Using a preconfigured configraution file [values-adopter-data-exchange.yaml] +**Optional:** -We chosing a predefined subset of the E2E adopter journey which provies the above selecteion. +Enable `dataconsumerTwo` by setting it true in `values-adopter-data-exchange.yaml` and then executing an upgrade: + +```bash +dataconsumerTwo: + enabled: true +``` + +```bash +helm upgrade -f values-adopter-data-exchange.yaml umbrella . --namespace umbrella +``` -#### Moved to the Umbrella dircetory with the config files +###### Portal Subset ```bash -cd /tractus-x-umbrella/charts/umbrella +helm install -f values-adopter-portal.yaml umbrella . --namespace umbrella --create-namespace ``` -:::Note +#### Get to know the Portal -skip the next paragraph, if you are running the only one minikube cluster on your system +Perform first login and send out an invitation to a company to join the network (SMTP account required to be configured in custom values.yaml file). + +Proceed with the login to the to verify that everything is setup as expected. + +Credentials to log into the initial example realm (CX-Operator): + +```sh +cx-operator@arena.test +``` + +```sh +tractusx-umbr3lla! +``` + +```mermaid +%%{ + init: { + 'flowchart': { 'diagramPadding': '10', 'wrappingWidth': '', 'nodeSpacing': '', 'rankSpacing':'', 'titleTopMargin':'10', 'curve':'basis'}, + 'theme': 'base', + 'themeVariables': { + 'primaryColor': '#b3cb2d', + 'primaryBorderColor': '#ffa600', + 'lineColor': '#ffa600', + 'tertiaryColor': '#fff' + } + } +}%% + graph TD + classDef stroke stroke-width:2px + classDef addext fill:#4cb5f5,stroke:#b7b8b6,stroke-width:2px + iam1(IAM: centralidp Keycloak):::stroke + iam2(IAM: sharedidp Keycloak):::stroke + portal(Portal):::stroke + subgraph Login Flow + iam1 --- portal & iam2 + end + linkStyle 0,1 stroke:lightblue +``` + +The relevant hosts are the following: + +- +- +- +- + +In case that you have TLS enabled (see [Self-signed TLS setup (Optional)](#self-signed-tls-setup-optional)), make sure to accept the risk of the self-signed certificates for all the hosts before performing the first login: + +- +- +- +- + +### Uninstall Helm Charts + +To teardown your setup, run: + +```shell +helm delete umbrella --namespace umbrella +``` + +:::warning + +If persistance for one or more components is enabled, the persistent volume claims (PVCs) and connected persistent volumes (PVs) need to be removed manually even if you deleted the release from the cluster. ::: -#### Adjusting the Config files for multi user usage +### Ingresses + +Currently enabled ingresses: + +- [centralidp.arena.test/auth](http://centralidp.arena.test/auth/) +- [sharedidp.arena.test/auth](http://sharedidp.arena.test/auth/) +- [portal-backend.arena.test](http://portal-backend.arena.test) + - [portal-backend.arena.test/api/administration/swagger/index.html](http://portal-backend.arena.test/api/administration/swagger/index.html) + - [portal-backend.arena.test/api/registration/swagger/index.html](http://portal-backend.arena.test/api/registration/swagger/index.html) + - [portal-backend.arena.test/api/apps/swagger/index.html](http://portal-backend.arena.test/api/apps/swagger/index.html) + - [portal-backend.arena.test/api/services/swagger/index.html](http://portal-backend.arena.test/api/services/swagger/index.html) + - [portal-backend.arena.test/api/notification/swagger/index.html](http://portal-backend.arena.test/api/notification/swagger/index.html) +- [portal.arena.test](http://portal.arena.test) +- [managed-identity-wallets.arena.test/ui/swagger-ui/index.html](http://managed-identity-wallets.arena.test/ui/swagger-ui/index.html) +- [semantics.arena.test/discoveryfinder/swagger-ui/index.html](http://semantics.arena.test/discoveryfinder/swagger-ui/index.html) +- [dataconsumer-1-controlplane.arena.test](http://dataconsumer-1-controlplane.arena.test) +- [dataconsumer-1-dataplane.arena.test](http://dataconsumer-1-dataplane.arena.test) +- [dataprovider-dataplane.arena.test](http://dataprovider-dataplane.arena.test) +- [dataconsumer-2-controlplane.arena.test](http://dataconsumer-2-controlplane.arena.test) +- [dataconsumer-2-dataplane.arena.test](http://dataconsumer-2-dataplane.arena.test) +- [pgadmin4.arena.test](http://pgadmin4.arena.test) + +### Database Access + +This chart also contains a pgadmin4 instance for easy access to the deployed Postgres databases which are only available from within the Kubernetes cluster. -In case we have to modify the values within the configuartion files as we run in a multi use enviromnet, we need adjust the domians names within the configuration files.A simple way is to update the file by using **sed** as line editor. +pgadmin4 is by default enabled with in the predefined subsets for data exchange and portal. + +Address: [pgadmin4.arena.test](http://pgadmin4.arena.test) + +Credentials to login into pgadmin4: + +```sh +pgadmin4@txtest.org +``` + +```sh +tractusxpgdamin4 +``` + +:::info + +The database server connections need to be added manually to pgadmin4. + +::: + +Default username for all connections: + +```sh +postgres +``` + +Default user for all connections: + +```sh +5432 +``` + +In the following some of the available connections: + +- portal + +Host: + +```sh +portal-backend-postgresql +``` + +Password: + +```sh +dbpasswordportal +``` + +- centralidp + +Host: + +```sh +umbrella-centralidp-postgresql +``` + +Password: + +```sh +dbpasswordcentralidp +``` + +- sharedidp + +Host: + +```sh +umbrella-sharedidp-postgresql +``` + +Password: + +```sh +dbpasswordsharedidp +``` + +- miw + +Host: + +```sh +umbrella-miw-postgres +``` + +Password: + +```sh +dbpasswordmiw +``` + +- dataprovider + +Host: + +```sh +umbrella-dataprovider-db +``` + +Password: + +```sh +dbpasswordtxdataprovider +``` + +- dataconsumer-1 + +Host: + +```sh +umbrella-dataconsumer-1-db +``` + +Password: + +```sh +dbpassworddataconsumerone +``` + +- dataconsumer-2 + +Host: + +```sh +umbrella-dataconsumer-2-db +``` + +Password: + +```sh +dbpassworddataconsumertwo +``` + +### Keycloak Admin Console + +Access to admin consoles: + +- [http://centralidp.arena.test/auth/](http://sharedidp.arena.test/auth/) +- [http://sharedidp.arena.test/auth/](http://sharedidp.arena.test/auth/) + +Default username for centralidp and sharedidp: + +```sh +admin +``` + +Password centralidp: + +```sh +adminconsolepwcentralidp +``` + +Password sharedidp: + +```sh +adminconsolepwsharedidp +``` + +### Seeding + +See [Overall Seeding](../../concept/seeds-overall-data.md). + +### Self-signed TLS setup (Optional) + +Some of the components are prepared to be configured with TLS enabled (see "uncomment the following line for tls" comments in [values.yaml](./values.yaml)). + +If you'd like to make use of that, make sure to to execute this step beforehand. + +Install cert-manager chart in the same namespace where the umbrella chart will be located. ```bash -# adjust values.yaml -# -DOMAIN_NAME="$USER.test" -CONFIG_FILE="alues-adopter-data-exchange.yaml" -cp values.yaml values.yaml.orig -cat values.yaml.orig | sed s/tx.test/$DOMAIN_NAME/ > values.yaml -echo "file values.yaml updated with actual dommainame $DOMAIN_NAME" -cp $CONFIG_FILE $CONFIG_FILE.orig -cat $CONFIG_FILE.orig | sed s/tx.test/$DOMAIN_NAME/ > $CONFIG_FILE -echo "file $CONFIG_FILE updated with actual dommainame $DOMAIN_NAME" -# Adjust further files: concept/seeds-overall-data.md, init-container/iam/centralidp/CX-Central-realm.json, init --container/iam/sharedidp/CX-operator-realm.json. init-container/iam/sharedidp/CX-operator-users-0.json -# -cd ../.. -echo "Modifing file concept/seeds-overall-data.md, ..." -cp concept/seeds-overall-data.md concept/seeds-overall-data.md.orig -cat concept/seeds-overall-data.md.orig | sed s/tx.test/$DOMAIN_NAME/ > concept/seeds-overall-data.md -echo "Modifing file init-container/iam/centralidp/CX-Central-realm.json ..." -cp init-container/iam/centralidp/CX-Central-realm.json init-container/iam/centralidp/CX-Central-realm.json.orig -cat init-container/iam/centralidp/CX-Central-realm.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/centralidp/CX-Central-realm.json -echo "Modifing file init-container/iam/sharedidp/CX-operator-realm.json ..." -cp init-container/iam/sharedidp/CX-Operator-realm.json init-container/iam/sharedidp/CX-Operator-realm.json.orig -cat init-container/iam/sharedidp/CX-Operator-realm.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-realm.json -echo "Modifing file init-container/iam/sharedidp/CX-operator-realm.json ..." -cp init-container/iam/sharedidp/CX-Operator-users-0.json init-container/iam/sharedidp/CX-Operator-users-0.json.orig -cat init-container/iam/sharedidp/CX-Operator-users-0.json.orig | sed s/tx.test/$DOMAIN_NAME/ > init-container/iam/sharedidp/CX-Operator-users-0.json +helm repo add jetstack https://charts.jetstack.io +helm repo update +``` + +```bash +helm install \ + cert-manager jetstack/cert-manager \ + --namespace umbrella \ + --create-namespace \ + --version v1.14.4 \ + --set installCRDs=true ``` -#### Run the helm install command to install the cert-manager chart in the same namespace where the umbrella chart will be located." +Configure the self-signed certificate and issuer to be used by the ingress resources. + +If you have the repository checked out you can run: ```bash -helm install cert-manager jetstack/cert-manager --namespace umbrella[-$USER] --create-namespace --version v1.14.4 --se -t installCRDs=true +kubectl apply -f ./charts/umbrella/cluster-issuer.yaml ``` -Configure the self-signed certificate and issuer to be used by the ingress resources +or otherwise you can run: ```bash -cat < kubectl-apply-in +kubectl apply -f - <. There you will find a lot more information on how you can extend the setup by adding further components, such as a portal, to increase your experience. You also find hints on how to use the Umbrella Helm Chart on Windows or MAC. We will continue to add more content to the tutorial. -::: +- Download [jena-fuseki-docker-4.7.0.zip](https://repo1.maven.org/maven2/org/apache/jena/jena-fuseki-docker/4.7.0/jena-fuseki-docker-4.7.0.zip) +- Unzip the jena-fuseki-docker-4.7.0.zip. +- Build the docker image by running the command - `docker build --build-arg JENA_VERSION=4.7.0 -t jena-fuseki-docker:4.7.0 --platform linux/amd64 .` ## Notice diff --git a/docs/tutorials/e2e/connect/prepareInfrastructure.md b/docs/tutorials/e2e/connect/prepareInfrastructure.md deleted file mode 100644 index e73a272ec39..00000000000 --- a/docs/tutorials/e2e/connect/prepareInfrastructure.md +++ /dev/null @@ -1,34 +0,0 @@ ---- -title: Prepare the infrastructure -sidebar_position: 1 ---- - -## Prerequisites - -In order to run the TXD on your local machine, please make sure the following -preconditions are met. - -- Have a local Kubernetes runtime ready -- Have kubectl installed -- Minkube is installed -- you have a web browser -- a POSIX-compliant shell, e.g. `bash` or `zsh` unless stated otherwise. The tutorial conatins examples for `bash`. -- basic knowledge about Helm and Kubernetes -- [Optional] a cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) -- [Optional] a graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). - Not mandatory of course, but all screenshots in this doc are created off of Lens. -- [Optional] a graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in - this guide are created off of PgAdmin. -- [Optional] a graphical tool to send REST requests, such as [insomnia] ( ) or [Postman](https://www.postman.com/). This sample will include Postman collections that can be imported. - -See Chapter [prerequisites] () on how to prepare your system. - -## Notice - -This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - -- SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG -- Source URL: [https://github.com/eclipse-tractusx/eclipse-tractusx.github.io](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io) From f78cb4a1da5b97c8675b1470072c02b9b99ab6a0 Mon Sep 17 00:00:00 2001 From: jkbquabeck Date: Mon, 24 Jun 2024 09:39:20 +0200 Subject: [PATCH 31/41] cleaned files --- docs/tutorials/e2e/connect/connect.md | 8 ++++---- docs/tutorials/e2e/connect/deployComponents.md | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/tutorials/e2e/connect/connect.md b/docs/tutorials/e2e/connect/connect.md index 04c7218dc03..1e96347dceb 100644 --- a/docs/tutorials/e2e/connect/connect.md +++ b/docs/tutorials/e2e/connect/connect.md @@ -3,7 +3,7 @@ title: "Chapter 2: Connect" sidebar_position: 4 --- -The `Connect Chapter` describes step by step **how to setup your local enviroment** of your own data space including a kubernetes cluster, services, networking and security. +The `Connect Chapter` describes step by step **how to setup your local environment** of your own data space including a kubernetes cluster, services, networking and security. :::info @@ -55,7 +55,7 @@ We now will start with the next section `Deploying the Components` where you wil This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG +- SPDX-FileCopyrightText: 2024 sovity GmbH +- SPDX-FileCopyrightText: 2024 SAP SE +- SPDX-FileCopyrightText: 2024 msg systems AG - Source URL: [https://github.com/eclipse-tractusx/eclipse-tractusx.github.io](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io) diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 1a51a95d15d..ffccc614511 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -19,7 +19,7 @@ Make sure that you have understood and carried out all the steps in the `Prerequ ### Optional -- Cli tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) +- CLI tool to easily print logs of a K8S deployment, such as [`stern`](https://github.com/stern/stern) - Graphical tool to inspect your Kubernetes environment, such as [Lens](https://k8slens.dev/). - Graphical tool to inspect Postgres databases, such as [PgAdmin](https://www.pgadmin.org/). Screenshots in this guide are created off of PgAdmin. @@ -29,7 +29,7 @@ Make sure that you have understood and carried out all the steps in the `Prerequ ### Using Umbrella Helm Charts -The components (listed in the table in the `Connect chapter`) will be deployed by using an umbrella chart. It consists of Tractus-X OSS components and provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network. The Chart aims for a completely automated setup of a fully functional network, that does not require manual setup steps, as long as only one instance (minikube cluster) is running (see above warning). If several clusters are running, you need to adjsut a few configuration files. +The components (listed in the table in the `Connect chapter`) are deployed using an umbrella chart. It consists of Tractus-X OSS components and provides a basis for running end-to-end tests or creating a sandbox environment of the Catena-X automotive dataspace network. The Chart aims for a completely automated setup of a fully functional network that requires no manual setup steps, as long as only one instance (minikube cluster) is running (see warning above). If several clusters are running, you will need to adjust so configuration files. :::note @@ -77,7 +77,7 @@ This will ensure that ingress is working in the correct environment of your clus ### Overview -Now we start to deploy the TXD by carrying out the following steps: +Perform the following steps to begin deploying the TXD: - Get the source - Start `minikube` bringing up the cluster (profile) @@ -134,7 +134,7 @@ minikube [-p minikube-$USER] addons enable ingress # if -p option is used, with the profile name minikube-$USER ``` -Now add a few hostnames into your /etc/hosts. You should ensure that you have access and the /etc/hosts file group entry should be assigend to the group **docker**. Check this with following commands: +Now add these hostnames to your /etc/hosts. You should ensure that you have access and the /etc/hosts file group entry should be assigend to the group **docker**. Check this with the following commands: ```bash ls -al /etc/hosts @@ -145,7 +145,7 @@ Alternatively configure the DNS Service to be enabled for Ingress. :::note - This requires that you have an DNS on your system running and that you have **root accees** via **sudo** + This requires that you have a DNS on your system running and that you have **root accees** via **sudo** ::: @@ -218,7 +218,7 @@ For Windows edit the hosts file under `C:\Windows\System32\drivers\etc\hosts`: #### Adjusting the Config files for multi user usage -In case we have to modify the values within the configuartion files as we run in a multi use enviromnet, we need to adjust the domians names within the configuration files. A simple way is to update the file by using **sed** as line editor. +In case we have to modify the values within the configuartion files as we run in a multi use environment, we need to adjust the domians names within the configuration files. A simple way is to update the file by using **sed** as line editor. ```bash # adjust values.yaml @@ -749,7 +749,7 @@ Build fuseki docker image by following the below steps: This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses/by/4.0/legalcode). - SPDX-License-Identifier: CC-BY-4.0 -- SPDX-FileCopyrightText: 2023 sovity GmbH -- SPDX-FileCopyrightText: 2023 SAP SE -- SPDX-FileCopyrightText: 2023 msg systems AG +- SPDX-FileCopyrightText: 2024 sovity GmbH +- SPDX-FileCopyrightText: 2024 SAP SE +- SPDX-FileCopyrightText: 2024 msg systems AG - Source URL: [https://github.com/eclipse-tractusx/eclipse-tractusx.github.io](https://github.com/eclipse-tractusx/eclipse-tractusx.github.io) From 7d8a0460f26fd4f8acdd89e7e34004fb3a4ba5f5 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Tue, 2 Jul 2024 08:36:54 +0200 Subject: [PATCH 32/41] fix typos and linting issues after review --- docs/tutorials/e2e/boost/dtrTutorial.md | 5 ++++- docs/tutorials/e2e/boost/provideData.md | 2 +- docs/tutorials/e2e/connect/deployComponents.md | 6 +++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index af673a9c3c8..6bf7e6babac 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -1,4 +1,7 @@ -# DTR Tutorial +--- +title: DTR Tutorial +sidebar_position: 5 +--- ## Tutorial Goal diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index f5a4d2e6cb2..58330a35eea 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -289,7 +289,7 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policyde }' | jq ``` -The polica was successfully created, if the response is something like this +The policy was successfully created, if the response is something like this ```json { diff --git a/docs/tutorials/e2e/connect/deployComponents.md b/docs/tutorials/e2e/connect/deployComponents.md index 8db4150c6b0..2cb4dd5c3ba 100644 --- a/docs/tutorials/e2e/connect/deployComponents.md +++ b/docs/tutorials/e2e/connect/deployComponents.md @@ -137,7 +137,7 @@ minikube [-p minikube-$USER] addons enable ingress Now add these hostnames to your /etc/hosts. You should ensure that you have access and the /etc/hosts file group entry should be assigend to the group **docker**. Check this with the following commands: ```bash -ls -al /etc/hosts +ls -al /etc/hosts # Output should be like: "-rw-r--r-- 1 root docker 414 Jun 16 14:34 /etc/hosts" ``` @@ -150,7 +150,7 @@ Alternatively configure the DNS Service to be enabled for Ingress. ::: ```bash -minikube [-p minikube-$USER] addons enable ingress-dns +minikube [-p minikube-$USER] addons enable ingress-dns # if -p option is used, with the profile name minikube-$USER ``` @@ -656,7 +656,7 @@ adminconsolepwsharedidp ### Seeding -See [Overall Seeding](../../concept/seeds-overall-data.md). +See [Overall Seeding](https://github.com/eclipse-tractusx/tractus-x-umbrella/blob/main/concept/seeds-overall-data.md). ### Self-signed TLS setup (Optional) From 843207bc124254f62527792436793684384b32e1 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Fri, 26 Jul 2024 14:48:03 +0200 Subject: [PATCH 33/41] accept suggestion -> update docs/tutorials/e2e/boost/dtrTutorial.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Arno Weiß <86715435+arnoweiss@users.noreply.github.com> --- docs/tutorials/e2e/boost/dtrTutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index 6bf7e6babac..f07ea491bbe 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -5,7 +5,7 @@ sidebar_position: 5 ## Tutorial Goal -Alongside the connector, the Digital Twin Registry (DTR) is another central component in a data ecosystem when it comes to exchanging digital twins. Anyone who provides digital twins in Catena-X must register them in a DTR so that they can be found by other parties. +Alongside the connector, the Digital Twin Registry (DTR) is an important decentral component deployed by each data provider exchanging digital twins in Catena-X. They must register them in a DTR so that consumers can find relevant data in the provider's data offers. This tutorial focuses on the working with the DTR. You will learn what the DTR is, how to deploy it and go through a complete use case scenario by depositing a DTR in the EDC, registering a digital twin in the DTR, and showing how external parties can find and consume the digital twin. From 0ea7fdd1779468d75010ab4e49fa556999583bc0 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Fri, 26 Jul 2024 14:49:09 +0200 Subject: [PATCH 34/41] accept suggestion -> update docs/tutorials/e2e/boost/restrictData.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Arno Weiß <86715435+arnoweiss@users.noreply.github.com> --- docs/tutorials/e2e/boost/restrictData.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/boost/restrictData.md b/docs/tutorials/e2e/boost/restrictData.md index 9cdd8ba8d68..79a8e562d42 100644 --- a/docs/tutorials/e2e/boost/restrictData.md +++ b/docs/tutorials/e2e/boost/restrictData.md @@ -69,7 +69,8 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policyde }' | jq ``` -The policydefinitioon is created with the ID `41` +The policydefinition is created with the ID `41` + ```json { From 0e37af029de2b0311059b301c3d744e74dae21ee Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 31 Jul 2024 17:52:54 +0200 Subject: [PATCH 35/41] reformulate ID description MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Arno Weiß <86715435+arnoweiss@users.noreply.github.com> --- docs/tutorials/e2e/boost/dtrTutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index f07ea491bbe..b53ee06f43f 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -11,7 +11,7 @@ This tutorial focuses on the working with the DTR. You will learn what the DTR i ## Introduction -Catena-X uses the Asset Administration Shell (AAS) to represent digital twins. Such a digital twin is basically a shell with an ID in UUID-format that makes it uniquely identifiable. Also it contains IDs ("specificAssetIds") that connect the shell with the original asset it represents (e.g. the "manufacturerPartId"). The shell also contains SubmodelDescriptors which reference to submodels that contain the actual data of specific aspects of the asset. +Catena-X uses the Asset Administration Shell (AAS) to represent digital twins. Such a digital twin is basically a shell with an ID (usually a UUID) that makes it uniquely identifiable. Also it contains IDs ("specificAssetIds") that connect the shell with the original asset it represents (e.g. the "manufacturerPartId"). The shell also contains SubmodelDescriptors which reference to submodels that contain the actual data of specific aspects of the asset. The Digital Twin Registry (DTR) contains a list of all registered digital twins of the owner and therefore acts as an address book for Digital Twins. With the DTR of a data provider, a data consumer can therefore find digital twin and also get directed to the desired submodels of the twin. From 3428b4dedebb284f159454f59afb4f6b9a50afa1 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 31 Jul 2024 18:04:42 +0200 Subject: [PATCH 36/41] adapt property value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Arno Weiß <86715435+arnoweiss@users.noreply.github.com> --- docs/tutorials/e2e/boost/dtrTutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index b53ee06f43f..94abf16fc0f 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -63,7 +63,7 @@ Action (Bob): Create a data asset using the following command: "baseUrl":"{{BACKEND_SERVICE}}", "proxyPath":"true", "proxyBody":"true", - "proxyMethod":"true", + "proxyMethod":"false", "proxyQueryParams":"true", "oauth2:clientId":"satest02", "oauth2:clientSecretKey":"{{REGISTRY_CLIENT_SECRET_KEY}}", From af50012bbf7b1c9c10bf447e924d4b5359edbc5d Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 31 Jul 2024 18:05:01 +0200 Subject: [PATCH 37/41] add information related to property change MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Arno Weiß <86715435+arnoweiss@users.noreply.github.com> --- docs/tutorials/e2e/boost/dtrTutorial.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index 94abf16fc0f..b559477a64d 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -72,7 +72,7 @@ Action (Bob): Create a data asset using the following command: } }' ``` - +As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure thatthat the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. #### Create a policy After Bob has created an data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. From 60ed30dda914af64ea885cdf58d7de0f9e09bb9b Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 31 Jul 2024 18:25:46 +0200 Subject: [PATCH 38/41] adapt documentation after review --- docs/tutorials/e2e/boost/consumeData.md | 8 ++++---- docs/tutorials/e2e/boost/dtrTutorial.md | 2 +- docs/tutorials/e2e/boost/provideData.md | 14 +++++++------- docs/tutorials/e2e/boost/restrictData.md | 9 ++++----- 4 files changed, 16 insertions(+), 17 deletions(-) diff --git a/docs/tutorials/e2e/boost/consumeData.md b/docs/tutorials/e2e/boost/consumeData.md index b6828ccd342..7215ee8ef45 100644 --- a/docs/tutorials/e2e/boost/consumeData.md +++ b/docs/tutorials/e2e/boost/consumeData.md @@ -74,7 +74,7 @@ The response should look like this: "@id": "65356596-dd7c-4ad4-8fc6-8512be6f0ec2", "edc:createdAt": 1715669329095, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -117,7 +117,7 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contra "edc:createdAt": 1715669329095, "edc:contractAgreementId": "Mw==:Mw==:N2RhZGI3OGMtYzUxNC00OTkzLWI3MzktNDE3YmJhMDNkMDU4", "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -176,7 +176,7 @@ The response in this case looks like this: "@id": "9d6a0507-25f5-4a81-8885-a47bc3809451", "edc:createdAt": 1715669899367, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -225,7 +225,7 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/transf }, "edc:connectorId": "BPNL00000003AYRE", "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index b559477a64d..bfe269a315c 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -49,7 +49,7 @@ Action (Bob): Create a data asset using the following command: "edc":"https://w3id.org/edc/v0.0.1/ns/", "cx-common":"https://w3id.org/catenax/ontology/common#", "cx-taxo":"https://w3id.org/catenax/taxonomy#", - "dct":"https://purl.org/dc/terms/" + "dct":"http://purl.org/dc/terms/" }, "@id":"{{ASSET_ID}}", "properties":{ diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index 58330a35eea..c5a4c33309d 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -68,7 +68,7 @@ The result shows the already existing assets and the newly created asset. "edc:baseUrl": "http://umbrella-dataprovider-dtr:8080/api/v3.0" }, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -93,7 +93,7 @@ The result shows the already existing assets and the newly created asset. "edc:baseUrl": "http://umbrella-dataprovider-submodelserver:8080" }, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -114,7 +114,7 @@ The result shows the already existing assets and the newly created asset. "edc:baseUrl": "https://jsonplaceholder.typicode.com/todos/3" }, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -251,7 +251,7 @@ The requested catalog looks like this: }, "edc:participantId": "BPNL00000003AYRE", "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -297,7 +297,7 @@ The policy was successfully created, if the response is something like this "@id": "3-1", "edc:createdAt": 1715627034106, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -375,7 +375,7 @@ And again the policy was successfully created "@id": "3-2", "edc:createdAt": 1715627218849, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -414,7 +414,7 @@ As a check, the result should look like this: "@id": "3", "edc:createdAt": 1715627302307, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", diff --git a/docs/tutorials/e2e/boost/restrictData.md b/docs/tutorials/e2e/boost/restrictData.md index 79a8e562d42..73349b7cee0 100644 --- a/docs/tutorials/e2e/boost/restrictData.md +++ b/docs/tutorials/e2e/boost/restrictData.md @@ -71,14 +71,13 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policyde The policydefinition is created with the ID `41` - ```json { "@type": "edc:IdResponse", "@id": "41", "edc:createdAt": 1715674423858, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -138,7 +137,7 @@ The response should be something like this "@id": "42", "edc:createdAt": 1715674546763, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -180,7 +179,7 @@ A response should look like this "@id": "4", "edc:createdAt": 1715674670136, "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", @@ -346,7 +345,7 @@ The response doesnt include the cataolog entry for the asset/offer with id4 }, "edc:participantId": "BPNL00000003AYRE", "@context": { - "dct": "https://purl.org/dc/terms/", + "dct": "http://purl.org/dc/terms/", "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", From 07a3bb4dd0bd064b790085ae68c1170026a9c9f1 Mon Sep 17 00:00:00 2001 From: Stephan Bauer Date: Wed, 31 Jul 2024 18:30:03 +0200 Subject: [PATCH 39/41] solve markdown linter issues --- docs/tutorials/e2e/boost/dtrTutorial.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index bfe269a315c..84fd0c782f2 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -72,7 +72,9 @@ Action (Bob): Create a data asset using the following command: } }' ``` -As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure thatthat the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. + +As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure thatthat the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. + #### Create a policy After Bob has created an data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. From bdf3f379a926b569fb3484004d2b33e76ca32a6c Mon Sep 17 00:00:00 2001 From: arnoweiss Date: Thu, 1 Aug 2024 08:50:23 +0200 Subject: [PATCH 40/41] chore(e2e): reflect some api changes --- docs/tutorials/e2e/boost/consumeData.md | 18 ++++----- docs/tutorials/e2e/boost/dtrTutorial.md | 49 ++++++++++++------------ docs/tutorials/e2e/boost/provideData.md | 12 +++--- docs/tutorials/e2e/boost/restrictData.md | 14 +++---- 4 files changed, 45 insertions(+), 48 deletions(-) diff --git a/docs/tutorials/e2e/boost/consumeData.md b/docs/tutorials/e2e/boost/consumeData.md index 7215ee8ef45..8dae2274419 100644 --- a/docs/tutorials/e2e/boost/consumeData.md +++ b/docs/tutorials/e2e/boost/consumeData.md @@ -35,7 +35,7 @@ Alice finds the Asset with the ID 3 and the description "Product EDC Demo Asset ## Negotiate a contract :::info -Dont forget to change the `offerId`with the one you received in the previous step in your catalog request. +Don't forget to change the `offerId` with the one you received in the previous step in your catalog request. ::: But before she can transfer the data, she must negotiate the contract with Bob. To do this, she uses the following `curl` command: @@ -78,8 +78,7 @@ The response should look like this: "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" + "odrl": "http://www.w3.org/ns/odrl/2/" } } ``` @@ -101,7 +100,7 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contra --header 'X-Api-Key: TEST1' | jq ``` -- If the negotiation was **successful**, Alice will see an ouput as shown below. +- If the negotiation was **successful**, Alice will see an output as shown below. - If the negotiation was **unsuccessful**, the negotiation state (`edc:state`) will be `TERMINATED` and no contract agreement ID will be present. ```json @@ -121,8 +120,7 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contra "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" + "odrl": "http://www.w3.org/ns/odrl/2/" } } ``` @@ -180,8 +178,7 @@ The response in this case looks like this: "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" + "odrl": "http://www.w3.org/ns/odrl/2/" } } ``` @@ -229,8 +226,7 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/transf "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/", - "dspace": "https://w3id.org/dspace/v0.8/" + "odrl": "http://www.w3.org/ns/odrl/2/" } } ``` @@ -278,7 +274,7 @@ curl -X GET -H 'Authorization: eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MTU2NzA1MDEsImRh ``` :::info -Currently the response for this curl commoand is +Currently the response for this curl command is ```json { diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index 84fd0c782f2..0b10e0fb251 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -39,7 +39,7 @@ To ensure that Bob's DTR becomes visible for Alice and to start the data exchang Action (Bob): Create a data asset using the following command: -(note: that the "asset:prop:type" is standardized with "data.core.digitalTwinRegistry" for the Digital Twin Registry.) +(note: that the "http://purl.org/dc/terms/type" property is standardized with "https://w3id.org/catenax/taxonomy#DigitalTwinRegistry" for the Digital Twin Registry.) ```curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' \ --header 'Content-Type: application/json' \ @@ -73,11 +73,11 @@ Action (Bob): Create a data asset using the following command: }' ``` -As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure thatthat the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. +As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure that the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. #### Create a policy -After Bob has created an data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. +After Bob has created a data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. Action (Bob): Defines the access policy using the following command: @@ -86,24 +86,25 @@ Action (Bob): Defines the access policy using the following command: "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, - "@type": "PolicyDefinitionRequestDto", + "@type": "PolicyDefinition", "@id": "{{POLICY_ID}}", "policy": { - "@type": "Policy", - "odrl:permission" : [{ - "odrl:action" : "USE", - "odrl:constraint" : { - "@type": "LogicalConstraint", - "odrl:or" : [{ - "@type" : "Constraint", - "odrl:leftOperand" : "BusinessPartnerNumber", - "odrl:operator" : { - "@id": "odrl:eq" - }, - "odrl:rightOperand" : "{{CONSUMER_BPN}}" - }] - } - }] + "@type": "Policy", + "odrl:permission" : [{ + "odrl:action" : "USE", + "odrl:constraint" : { + "@type": "LogicalConstraint", + "odrl:or" : [{ + "@type" : "Constraint", + "odrl:leftOperand" : "BusinessPartnerNumber", + "odrl:operator" : + { + "@id": "odrl:eq" + }, + "odrl:rightOperand" : "{{CONSUMER_BPN}}" + }] + } + }] } } ``` @@ -122,7 +123,7 @@ Action (Bob): Create the contract policy using the following command: "accessPolicyId": "{{ACCESS_POLICY_ID}}", "contractPolicyId": "{{CONTRACT_POLICY_ID}}", "assetsSelector" : { - "@type" : "CriterionDto", + "@type" : "Criterion", "operandLeft": "{{EDC_NAMESPACE}}id", "operator": "=", "operandRight": "{{ASSET_ID}}" @@ -215,11 +216,11 @@ curl -i -X POST "${edcManagementBaseUrl}/v3/assets" -H "X-Api-Key: ${edcApiKey}" Action (Bob): Create a Policy with the following commands: ```curl -curl -i -X POST "${edcManagementBaseUrl}/v2/policydefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ +curl -i -X POST "${edcManagementBaseUrl}/v3/policydefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ \"@context\": { \"odrl\": \"http://www.w3.org/ns/odrl/2/\" }, - \"@type\": \"PolicyDefinitionRequestDto\", + \"@type\": \"PolicyDefinition\", \"@id\": \"${policyId}\", \"policy\": { \"@type\": \"Policy\", @@ -237,14 +238,14 @@ curl -i -X POST "${edcManagementBaseUrl}/v2/policydefinitions" -H "X-Api-Key: ${ Action (Bob): Create a contract definition with the following commands: ```curl -curl -i -X POST "${edcManagementBaseUrl}/v2/contractdefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ +curl -i -X POST "${edcManagementBaseUrl}/v3/contractdefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ \"@context\": {}, \"@id\": \"${contractDefinitionId}\", \"@type\": \"ContractDefinition\", \"accessPolicyId\": \"${policyId}\", \"contractPolicyId\": \"${policyId}\", \"assetsSelector\" : { - \"@type\" : \"CriterionDto\", + \"@type\" : \"Criterion\", \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\", \"operator\": \"=\", \"operandRight\": \"${assetId}\" diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index c5a4c33309d..3d6ecd30bac 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -43,7 +43,7 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' Just to be sure, that the asset was created succesfully, Bob can check the asset using the following `curl` command: ```shell -curl -X POST http://dataprovider-controlplane.tx.test/management/v2/assets/request -H "x-api-key: TEST2" -H "content-type: application/json" | jq +curl -X POST http://dataprovider-controlplane.tx.test/management/v3/assets/request -H "x-api-key: TEST2" -H "content-type: application/json" | jq ``` The result shows the already existing assets and the newly created asset. @@ -132,7 +132,7 @@ Bob tells Alice, that he created an asset, and she should now be able to request Action (Alice): Execute a request using the following `curl` commands: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ @@ -274,7 +274,7 @@ Alice calls Bob and says she can´t see the asset. Bob remembers that he did not Action (Bob): Create the access policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ @@ -314,7 +314,7 @@ Now that Bob created an access policy, Alice can once again try to access Bob's Action (Alice): Execute the request again using the following `curl` command: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ @@ -352,7 +352,7 @@ Since an access policy has already been created, a contract policy must be creat Action (BoB): Create the contract policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ @@ -430,7 +430,7 @@ Let´s see if Alice can finally see the Asset. Action (Alice): Execute the request again using the following `curl` command: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ diff --git a/docs/tutorials/e2e/boost/restrictData.md b/docs/tutorials/e2e/boost/restrictData.md index 73349b7cee0..5b6b467c205 100644 --- a/docs/tutorials/e2e/boost/restrictData.md +++ b/docs/tutorials/e2e/boost/restrictData.md @@ -36,14 +36,14 @@ Now that the asset has been created, Bob creates an access policy that defines w Action (Bob): Create the access policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, - "@type": "PolicyDefinitionRequestDto", + "@type": "PolicyDefinition", "@id": "41", "policy": { "@type": "Policy", @@ -96,14 +96,14 @@ Since an access policy has already been created, a contract policy must be creat Action (Bob): Create the contract policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, - "@type": "PolicyDefinitionRequestDto", + "@type": "PolicyDefinition", "@id": "42", "policy": { "@type": "Policy", @@ -153,7 +153,7 @@ Lastly, the asset and the access policy must be linked in a contract definition. Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v2/contractdefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v3/contractdefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ @@ -163,7 +163,7 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v2/contract "accessPolicyId": "41", "contractPolicyId": "42", "assetsSelector" : { - "@type" : "CriterionDto", + "@type" : "Criterion", "operandLeft": "https://w3id.org/edc/v0.0.1/ns/id", "operator": "=", "operandRight": "4" @@ -196,7 +196,7 @@ Let´s see if Alice can see the Asset. Action (Alice): Execute a request using the following `curl` command: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ From bd810c730939151e3395ffd60e33c38a958f38d2 Mon Sep 17 00:00:00 2001 From: arnoweiss Date: Thu, 1 Aug 2024 09:46:23 +0200 Subject: [PATCH 41/41] Revert "chore(e2e): reflect some api changes" This reverts commit bdf3f379a926b569fb3484004d2b33e76ca32a6c. --- docs/tutorials/e2e/boost/consumeData.md | 18 +++++---- docs/tutorials/e2e/boost/dtrTutorial.md | 49 ++++++++++++------------ docs/tutorials/e2e/boost/provideData.md | 12 +++--- docs/tutorials/e2e/boost/restrictData.md | 14 +++---- 4 files changed, 48 insertions(+), 45 deletions(-) diff --git a/docs/tutorials/e2e/boost/consumeData.md b/docs/tutorials/e2e/boost/consumeData.md index 8dae2274419..7215ee8ef45 100644 --- a/docs/tutorials/e2e/boost/consumeData.md +++ b/docs/tutorials/e2e/boost/consumeData.md @@ -35,7 +35,7 @@ Alice finds the Asset with the ID 3 and the description "Product EDC Demo Asset ## Negotiate a contract :::info -Don't forget to change the `offerId` with the one you received in the previous step in your catalog request. +Dont forget to change the `offerId`with the one you received in the previous step in your catalog request. ::: But before she can transfer the data, she must negotiate the contract with Bob. To do this, she uses the following `curl` command: @@ -78,7 +78,8 @@ The response should look like this: "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/" + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" } } ``` @@ -100,7 +101,7 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contra --header 'X-Api-Key: TEST1' | jq ``` -- If the negotiation was **successful**, Alice will see an output as shown below. +- If the negotiation was **successful**, Alice will see an ouput as shown below. - If the negotiation was **unsuccessful**, the negotiation state (`edc:state`) will be `TERMINATED` and no contract agreement ID will be present. ```json @@ -120,7 +121,8 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/contra "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/" + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" } } ``` @@ -178,7 +180,8 @@ The response in this case looks like this: "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/" + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" } } ``` @@ -226,7 +229,8 @@ curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/transf "tx": "https://w3id.org/tractusx/v0.0.1/ns/", "edc": "https://w3id.org/edc/v0.0.1/ns/", "dcat": "https://www.w3.org/ns/dcat/", - "odrl": "http://www.w3.org/ns/odrl/2/" + "odrl": "http://www.w3.org/ns/odrl/2/", + "dspace": "https://w3id.org/dspace/v0.8/" } } ``` @@ -274,7 +278,7 @@ curl -X GET -H 'Authorization: eyJhbGciOiJSUzI1NiJ9.eyJleHAiOjE3MTU2NzA1MDEsImRh ``` :::info -Currently the response for this curl command is +Currently the response for this curl commoand is ```json { diff --git a/docs/tutorials/e2e/boost/dtrTutorial.md b/docs/tutorials/e2e/boost/dtrTutorial.md index 0b10e0fb251..84fd0c782f2 100644 --- a/docs/tutorials/e2e/boost/dtrTutorial.md +++ b/docs/tutorials/e2e/boost/dtrTutorial.md @@ -39,7 +39,7 @@ To ensure that Bob's DTR becomes visible for Alice and to start the data exchang Action (Bob): Create a data asset using the following command: -(note: that the "http://purl.org/dc/terms/type" property is standardized with "https://w3id.org/catenax/taxonomy#DigitalTwinRegistry" for the Digital Twin Registry.) +(note: that the "asset:prop:type" is standardized with "data.core.digitalTwinRegistry" for the Digital Twin Registry.) ```curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' \ --header 'Content-Type: application/json' \ @@ -73,11 +73,11 @@ Action (Bob): Create a data asset using the following command: }' ``` -As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure that the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. +As per the current standards, there is no need to proxy the HTTP method. If there is (for instance due to a proprietary query endpoint), the data provider must ensure thatthat the technical user that the registered credentials abstract does NOT have the power to manipulate the DTR's data (for instance via the `PUT /shell-descriptors/{{aasId}}` API. #### Create a policy -After Bob has created a data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. +After Bob has created an data asset, he must define a BPN-restrictive policy in order to give Alice access to the asset. This policy is not standardized and can be chosen according to its needs. Bob wants to define the policy that only Alice can see the DTR Asset. Action (Bob): Defines the access policy using the following command: @@ -86,25 +86,24 @@ Action (Bob): Defines the access policy using the following command: "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, - "@type": "PolicyDefinition", + "@type": "PolicyDefinitionRequestDto", "@id": "{{POLICY_ID}}", "policy": { - "@type": "Policy", - "odrl:permission" : [{ - "odrl:action" : "USE", - "odrl:constraint" : { - "@type": "LogicalConstraint", - "odrl:or" : [{ - "@type" : "Constraint", - "odrl:leftOperand" : "BusinessPartnerNumber", - "odrl:operator" : - { - "@id": "odrl:eq" - }, - "odrl:rightOperand" : "{{CONSUMER_BPN}}" - }] - } - }] + "@type": "Policy", + "odrl:permission" : [{ + "odrl:action" : "USE", + "odrl:constraint" : { + "@type": "LogicalConstraint", + "odrl:or" : [{ + "@type" : "Constraint", + "odrl:leftOperand" : "BusinessPartnerNumber", + "odrl:operator" : { + "@id": "odrl:eq" + }, + "odrl:rightOperand" : "{{CONSUMER_BPN}}" + }] + } + }] } } ``` @@ -123,7 +122,7 @@ Action (Bob): Create the contract policy using the following command: "accessPolicyId": "{{ACCESS_POLICY_ID}}", "contractPolicyId": "{{CONTRACT_POLICY_ID}}", "assetsSelector" : { - "@type" : "Criterion", + "@type" : "CriterionDto", "operandLeft": "{{EDC_NAMESPACE}}id", "operator": "=", "operandRight": "{{ASSET_ID}}" @@ -216,11 +215,11 @@ curl -i -X POST "${edcManagementBaseUrl}/v3/assets" -H "X-Api-Key: ${edcApiKey}" Action (Bob): Create a Policy with the following commands: ```curl -curl -i -X POST "${edcManagementBaseUrl}/v3/policydefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ +curl -i -X POST "${edcManagementBaseUrl}/v2/policydefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ \"@context\": { \"odrl\": \"http://www.w3.org/ns/odrl/2/\" }, - \"@type\": \"PolicyDefinition\", + \"@type\": \"PolicyDefinitionRequestDto\", \"@id\": \"${policyId}\", \"policy\": { \"@type\": \"Policy\", @@ -238,14 +237,14 @@ curl -i -X POST "${edcManagementBaseUrl}/v3/policydefinitions" -H "X-Api-Key: ${ Action (Bob): Create a contract definition with the following commands: ```curl -curl -i -X POST "${edcManagementBaseUrl}/v3/contractdefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ +curl -i -X POST "${edcManagementBaseUrl}/v2/contractdefinitions" -H "X-Api-Key: ${edcApiKey}" -H "Content-Type: application/json" --data-raw "{ \"@context\": {}, \"@id\": \"${contractDefinitionId}\", \"@type\": \"ContractDefinition\", \"accessPolicyId\": \"${policyId}\", \"contractPolicyId\": \"${policyId}\", \"assetsSelector\" : { - \"@type\" : \"Criterion\", + \"@type\" : \"CriterionDto\", \"operandLeft\": \"https://w3id.org/edc/v0.0.1/ns/id\", \"operator\": \"=\", \"operandRight\": \"${assetId}\" diff --git a/docs/tutorials/e2e/boost/provideData.md b/docs/tutorials/e2e/boost/provideData.md index 3d6ecd30bac..c5a4c33309d 100644 --- a/docs/tutorials/e2e/boost/provideData.md +++ b/docs/tutorials/e2e/boost/provideData.md @@ -43,7 +43,7 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v3/assets' Just to be sure, that the asset was created succesfully, Bob can check the asset using the following `curl` command: ```shell -curl -X POST http://dataprovider-controlplane.tx.test/management/v3/assets/request -H "x-api-key: TEST2" -H "content-type: application/json" | jq +curl -X POST http://dataprovider-controlplane.tx.test/management/v2/assets/request -H "x-api-key: TEST2" -H "content-type: application/json" | jq ``` The result shows the already existing assets and the newly created asset. @@ -132,7 +132,7 @@ Bob tells Alice, that he created an asset, and she should now be able to request Action (Alice): Execute a request using the following `curl` commands: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ @@ -274,7 +274,7 @@ Alice calls Bob and says she can´t see the asset. Bob remembers that he did not Action (Bob): Create the access policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ @@ -314,7 +314,7 @@ Now that Bob created an access policy, Alice can once again try to access Bob's Action (Alice): Execute the request again using the following `curl` command: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ @@ -352,7 +352,7 @@ Since an access policy has already been created, a contract policy must be creat Action (BoB): Create the contract policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ @@ -430,7 +430,7 @@ Let´s see if Alice can finally see the Asset. Action (Alice): Execute the request again using the following `curl` command: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{ diff --git a/docs/tutorials/e2e/boost/restrictData.md b/docs/tutorials/e2e/boost/restrictData.md index 5b6b467c205..73349b7cee0 100644 --- a/docs/tutorials/e2e/boost/restrictData.md +++ b/docs/tutorials/e2e/boost/restrictData.md @@ -36,14 +36,14 @@ Now that the asset has been created, Bob creates an access policy that defines w Action (Bob): Create the access policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, - "@type": "PolicyDefinition", + "@type": "PolicyDefinitionRequestDto", "@id": "41", "policy": { "@type": "Policy", @@ -96,14 +96,14 @@ Since an access policy has already been created, a contract policy must be creat Action (Bob): Create the contract policy using the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v3/policydefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/policydefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ "@context": { "odrl": "http://www.w3.org/ns/odrl/2/" }, - "@type": "PolicyDefinition", + "@type": "PolicyDefinitionRequestDto", "@id": "42", "policy": { "@type": "Policy", @@ -153,7 +153,7 @@ Lastly, the asset and the access policy must be linked in a contract definition. Action (Bob): Create a contract definition including the asset and the policies you have created. For this, use the following `curl` command: ```shell -curl --location 'http://dataprovider-controlplane.tx.test/management/v3/contractdefinitions' \ +curl --location 'http://dataprovider-controlplane.tx.test/management/v2/contractdefinitions' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST2' \ --data-raw '{ @@ -163,7 +163,7 @@ curl --location 'http://dataprovider-controlplane.tx.test/management/v3/contract "accessPolicyId": "41", "contractPolicyId": "42", "assetsSelector" : { - "@type" : "Criterion", + "@type" : "CriterionDto", "operandLeft": "https://w3id.org/edc/v0.0.1/ns/id", "operator": "=", "operandRight": "4" @@ -196,7 +196,7 @@ Let´s see if Alice can see the Asset. Action (Alice): Execute a request using the following `curl` command: ```shell -curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v3/catalog/request' \ +curl --location 'http://dataconsumer-1-controlplane.tx.test/management/v2/catalog/request' \ --header 'Content-Type: application/json' \ --header 'X-Api-Key: TEST1' \ --data-raw '{