Skip to content

Commit

Permalink
Merge pull request #782 from eclipse-tractusx/main
Browse files Browse the repository at this point in the history
build(2.0.0): merge main into dev
  • Loading branch information
evegufy authored May 28, 2024
2 parents 65124f9 + 73e24a6 commit ead6450
Show file tree
Hide file tree
Showing 3 changed files with 104 additions and 171 deletions.
269 changes: 99 additions & 170 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,183 +2,77 @@

New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Backend.

## 2.0.0-RC10

### Feature
* **Processes Worker**
* added process to decline own companies registration
* **Administration Service**
* enabled the retrieval of service accounts with userstatusid != DELETED
* include pending serviceaccounts and add userstatus to result

### Changes
* **Seeding**
* add bpdm roles

### Bugfix
* **Registration Service**
* adjusted permission for /declineregistration
* add valid company policy
* **Administration Service**
* allowed deletion of configured url for own company
* fixed old autosetup process for dim technical user creation
* fixed conflict errors for inactive and pending service accounts
* fixed error "Sequence contains more than one element" for GET /serviceAccounts/{serviceAccountID} endpoint

## 2.0.0-RC9

### Changes
* **Administration Service**
* enhanced companyDetailsWithAddress endpoint
* **Apps Service**
* added roleId for existing activeRoleDetails
* **Services Service**
* updated permissions for api endpoints

### Bugfix
* **Invitation**
* added decline url for invite process
* **Seeding**
* added self description document to initial company
* **DIM Process Worker**
* stopped creating technical users for dim
* **Role assignment**
* fixed query for core offer to prevent role assignment triggering cascading role assignments
* **Token lifetime**
* set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration
* **Offersubscription**
* fixed queries throwing a system exception instead of returning default value

## 2.0.0-RC8

### Changes
* upgraded Npgsql and EntityFrameworkCore packages
* reworked year in file header

### Bugfix
* **Administration Service**
* adjusted DIM service accounts
* removed enum for framework credentials: to create a framework credential string values are used now instead of enums to be more flexible

### Technical Support
* **Dependabot**
* introduced grouping of pull request for version updates

## 2.0.0-RC7

### Bugfix
* **Migrations Seeding**
* added missing service accounts and improve descriptions
* **Administration Service**
* adjusted request for framework credential creation
* adjusted error tolerance for GET companyData/decentraldentity/urls
* passed logging arguments to correct parameter
* adjusted clearinghouse data: get the DID of the company from the database if the DIM wallet is enabled instead of requesting it from the MIW
* adjusted framework credential creation to call the ssi issuer with the current user instead of the technical user
* **Apps Service**
* fixed short description returning error

## 2.0.0-RC6

### Feature
* **Administration Service**
* dim: enhanced endpoint with issuer did, bpnl and did of the holder and url for the bpn did resolver

### Bugfix
* **Administration Service**
* allowed null values in GET and POST identityprovider response
* fixed isOwner filter for GET api/administration/serviceaccount/owncompany/serviceaccounts

## 2.0.0-RC5

### Changes
* **Administration Service**
* adjusted POST: api/administration/companydata/useCaseParticipation to create framework credentials with the ssi credential issuer

### Bugfix
* **Process Worker**
* adjusted technical user creation process

## 2.0.0-RC4

### Changes
* **Administration Service**
* adjusted GET: api/administration/adjust response of companydata/decentralidentity/urls to response the correct urls

### Feature
* **Backend Logic**
* added auditing for certificate management
* **Apps Service**
* added GET: /api/apps/AppChange/{appId}/roles to receive the roles for a specific app

### Bugfix
* **Process Worker**
* set the correct state for IDENTITY_WALLET application step after all steps are done

## 2.0.0-RC3

### Changes
* **Administration Service**
* adjust endpoint api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to return the secrets of a dim technical user as well

### Feature
* **Backend Logic**
* adjusted offer autosetup process to create dim technical users
* **Administration Service**
* added GET: api/administration/companydata/decentralidentity/urls endpoint to receive wallet information

### Bugfix
* adjusted base url registration for http client setups
* adjusted the did schema validation
* added support for DUNS_ID for the BPDM gat endpoints
* adjusted saving of mailing process steps

## 2.0.0-RC2

### Change
* moved api paths from BPDM out of code into config / helm chart
* merged all migrations since 2.0.0-alpha into one 2.0.0-rc2

### Feature
* added DID to DID BPN resolver
* added new checklist steps

### Bugfix
* fixed company invite: changed invitation processStepType order and removed disposal of mimeMessage for mailing
* fixed mail not being set at new user invite

## 2.0.0-RC1
## 2.0.0

### Change
* **Backend Logic**
* Save the error details of the clearinghouse service inside the portal db of application checklist/process worker
* saved the error details of the clearinghouse service inside the portal db of application checklist/process worker
* **Apps Services**
* updated backend logic of `PUT /api/apps/AppReleaseProcess/{appId}/submit` to allow the submission without defined/configured technical user profile
* **Administration Service**
* remove obsolete endpoint `GET /api/user/app/{appId}/roles`
* remove obsolete endpoint `PUT /api/user/app/{appId}/roles`
* added connector url inside the response body of `GET /api/administration/Connectors`
* added connector url inside the response body of `GET /api/administration/Connectors/managed`
* added connector url inside the response body of `GET /api/administration/Connectors/{connectorID}`
* upgraded all services and jobs to .net 8
* upgraded nuget packages
* merged all migrations since v1.8.0-rc6 into one 2.0.0-alpha
* removed obsolete endpoints
* `GET /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* `PUT /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* included connector URL in responses for connector-related endpoints (GET /api/administration/Connectors, GET /api/administration/Connectors/managed, GET /api/administration/Connectors/{connectorID})
* modified POST: api/administration/companydata/useCaseParticipation logic to create framework credentials via the SSI credential issuer interface
* improved GET /serviceAccounts/{serviceAccountID} and GET /serviceAccounts to return service accounts regardless of state (excluding DELETE) and included userStatus in the payload
* updated PUT /api/administration/SubscriptionConfiguration/owncompany to allow URL deletion by submitting an empty URL
* enhanced GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload with "created", "lastChanged", "documents" details
* removed "documents" from GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload (Breaking Change) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* **Services Service**
* updated permission validation for api endpoints
* GET /api/services/subscribed/subscription-status ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* GET /api/services/{serviceId}/subscription/{subscriptionId}/provider ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* updated swagger (endpoint documentation, payload examples and allowed values)
* changed the CompanyInvitationData to class instead of record
* updated seeding:
* removed service account sa-cl5-custodian-1
* removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool
* added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer
* **Seeding**
* removed service account sa-cl5-custodian-1 ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* added missing service accounts and improved descriptions
* removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer, Business Partner Data Manager, BPDM Pool Sharing Consumer
* added self description document to release company record (operator)

### Feature
* **Certificate Management (Administration Service)**
* released new endpoint to delete company owned company certificates `DELETE /api/administration/companydata/companyCertificate/document/{documentId}`
* released new endpoint to view other companies certificates via the document ID `GET /api/administration/companydata/companyCertificates/documents/{documentId}`
* released specific document endpoint to fetch owned company certificates by documentID `GET /api/administration/companydata/companyCertificates/{documentId}`
* **Registration Process Worker**
* implemented new backend logic for the process step "IDENTITY_WALLET_CREATION" by separating the step logic (bpm credential creation separated and payload changed) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* added retrigger endpoint to restarted a failed dim wallet setup step
* added postback endpoint to receive the did document and authentication information ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* added auditing
* Certificate Uploads: Capture the event when a new certificate is uploaded to the system
* Certificate Deletions: Capture the event when an existing certificate is deleted from the system
* User Identification: Log the identity of the user who performed the action
* Timestamp Recording: Log the exact date and time when the action was performed
* **Process Worker**
* released new process step "SEND_MAIL" and integrated the step for all mail jobs
* **Self-Soverein-Identity Next (Support Central (MIW) and Decentral (DIM) Identity Management Systems)** ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
* implemented a configuration switch to facilitate seamless transitions between centralized (Support Central, MIW) and decentralized (Identity Management Systems, DIM) wallet flows
* **Registration Process Worker**
* refined the "IDENTITY_WALLET_CREATION" process step with new backend logic to uncouple BPM credential creation from the main flow and modify the associated payload
* enriched the registration workflow with additional application checklist and process steps, such as "BPNL_CREDENTIAL", "MEMBERSHIP_CREDENTIAL" and "VALIDATE_DID_DOCUMENT"
* established a retrigger endpoint to resume a failed DIM setup step, enhancing robustness in the registration process
* introduced a postback endpoint for receiving DID documents and authentication details, with accompanying schema validation to ensure data integrity
* added didDocument schema validation for postback endpoint
* added didDocument publication flow and validation of the successful publication
* added process worker step and backend logic to register didDocument received from integrated wallet inside the BDRS (BPN-DID Resolver) service
* **Multi Provider Technical User**
* enabled feature to allow technical user creation for multiple providers
* enhanced response data of technical user related endpoints to include user status, addressing the need for comprehensive user management:
* POST /api/apps/autoSetup
* GET /api/apps/{appId}/subscription/{subscriptionId}/provider
* GET /api/apps/{appId}/subscription/{subscriptionId}/subscriber
* GET /api/services/{serviceId}/subscription/{subscriptionId}/provider
* GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber
* **Service Account Secret Retrieval**
* modified GET api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to differentiate secret retrieval based on the service account provider (database vs integrated identity provider
* **Clearinghouse Data Interface Adjustment**
* altered the interface to retrieve a company's DID directly from the database when the DIM wallet feature is active, as opposed to sourcing it from MIW, simplifying the data retrieval process and reducing dependencies on external services
* **Registration Decline**
* released function to decline as customer the registration process and delete user accounts
* added registration decline process worker steps
* enabled decline feature via url inside the email template "invite"
* **Autosetup Process Worker**
* adjusted offer autosetup process to create dim technical users
* **Agreement Status**
* updated logic of POST and GET agreement endpoint (apps service) to only consider active agreements
* updated logic of POST and GET agreement endpoint (services service) to only consider active agreements
Expand All @@ -188,17 +82,26 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
* **Business Process Worker**
* added new backend worker for invitations to run the invitation steps asynchronously
* added mailing worker and moved all backend functions for sending emails into the worker
* Email Templates
* Enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP
* **Email Templates**
* enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP
* **Others**
* released GET: api/administration/companydata/decentralidentity/urls endpoint to provide connector registration relevant information
* added GET /api/apps/AppChange/{appId}/roles to retrieve app configured roles for owned apps
* added GET /api/apps/AppReleaseProcess/{appId}/roles to retrieve app uploaded roles

### Technical Support
* adjusted the get_current_version script for nuget packages to only return the tag name
* introduced codeql scan
* removed veracode workflow
* upgraded all services and jobs to .Net 8
* Token lifetime: set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration
* moved api paths from BPDM out of code into config / helm chart
* upgraded nuget packages
* removed unused deprecated packages
* adjusted the get_current_version script for nuget packages to only return the tag name
* introduced CodeQL scan
* removed Veracode workflow
* improved workflows and documentation
* upgraded gh actions and change to pinned actions full length commit sha
* add dependabot.yml file
* add dependabot.yml file and introduced grouping of pull request for version updates
* reworked year in file header

### Bugfix
* adjusted endpoint `GET api/administration/serviceaccount/owncompany/serviceaccounts` to filter for active service accounts by default
Expand All @@ -209,9 +112,35 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
* use identifier.Value instead of repeating its type
* use CompanyUniqueIdData instead of UniqueIdentifierData
* fixed sonar findings
* fixed codeql findings
* fixed CodeQL findings
* CONTRIBUTING.md: linked to contribution details
* updated eclipse dash tool for dependencies check
* Core role assignment - fixed query for core offer to prevent role assignment triggering cascading role assignments
* fixed endpoint GET /api/apps/active short description returning error
* in BpdmService.FetchInputLegalEntity map bpdm-identifier-types to string instead of BpdmIdentifierTypeId
* fixed isOwner filter for GET api/administration/serviceaccount/owncompany/serviceaccounts

### Known Knowns
The following are known issues identified in the current release:
* **Email Template Issues:**
* The `verified_credential_approved.html` email template does not populate the "wallet" value as expected.
* The `decline_registration.html` email template is triggered when a customer utilizes the self-decline feature.
* **Autosetup Feature Limitation:**
* The autosetup feature lacks support for service providers and app providers to automatically retrieve customer connector configuration details such as `authURL`, `WalletURL`, etc.
* **Deletion Support Deficiencies:**
* The deletion of technical users from external providers is currently not supported.
* Removal of BDRS (BPN-DID Resolver Service) entries is currently not supported.
* Deletion of wallet tenants has not been implemented.
* **Obsolete Code:**
* Redundant backend code from a previous version of the SSI implementation remains in the codebase and has not been purged.
* **Code quality Finding:**
* A potential null reference for 'identityProviderLinks' has been identified, indicating that it could be null on at least one execution path. [#694](https://github.com/eclipse-tractusx/portal-backend/issues/694)
* **Validation Limitations:**
* Pattern validation for URL inputs in `POST` and `PUT` endpoints is currently limited, potentially allowing invalid URLs to be accepted. [#587](https://github.com/eclipse-tractusx/portal-backend/issues/587)
* **Validation of File Upload Limitation:**
* It is recommended to make make use of an existing trustworthy 3rd party virus-scan service for a more broad scan for known malicious signatures. [#779](https://github.com/eclipse-tractusx/portal-backend/issues/779)
* **In Memory Storage Limitation**:
* Sensitive information (such as passwords) is read in an unencrypted manner in memory.

## 1.8.1

Expand Down
4 changes: 4 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,10 @@ Run the following command from the CLI in the directory of the service you want
dotnet run
```

## Known Issues and Limitations

See [Known Knowns](/CHANGELOG.md#known-knowns).

## Notice for Docker image

This application provides container images for demonstration purposes.
Expand Down
2 changes: 1 addition & 1 deletion src/Directory.Build.props
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,6 @@
<Project>
<PropertyGroup>
<VersionPrefix>2.0.0</VersionPrefix>
<VersionSuffix>RC10</VersionSuffix>
<VersionSuffix></VersionSuffix>
</PropertyGroup>
</Project>

0 comments on commit ead6450

Please sign in to comment.