Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Control Plane does not asset target value when opening Contract Negotiation #4239

Closed
bscholtes1A opened this issue Jun 6, 2024 · 1 comment · Fixed by #4264
Closed

Control Plane does not asset target value when opening Contract Negotiation #4239

bscholtes1A opened this issue Jun 6, 2024 · 1 comment · Fixed by #4264
Assignees
@bscholtes1A
Labels
bug_report Suspected bugs, awaiting triage

Comments

@bscholtes1A
Copy link
Contributor

bscholtes1A commented Jun 6, 2024
edited

Bug Report

Describe the Bug

When consumer initiates a contract negotiation, the control plane does not check if the content of the target field (which should contain the asset id) is equal to the asset id defined in the asset id portion of the policy @id.

In fact, the content of this target field is not even used, and

Expected Behavior

Control Plane should enforce that the content of the target field contains the same asset id as the one defined in the asset id portion of the policy @id, and return a validation error if it's not the case.

Steps to Reproduce

Initiate a contract negotiation through the control plane management API, and use a random put a random string in the target field of the request.
@bscholtes1A bscholtes1A added bug_report Suspected bugs, awaiting triage triage all new issues awaiting classification labels Jun 6, 2024
@ndr-brt
Copy link
Member

ndr-brt commented Jun 6, 2024

please note that the structure of the ContractOfferId (containing the assetId), is something EDC-related and used by the EDC provider to apply contract validations (see ContractValidationServiceImpl), but there could be a not-EDC-provider, in that case the ContractOfferId structure could be anything, so the consumer should not validate anything, is the provider that needs to do it (and it does already).

TL;DR: EDC provider in fact ignore the target attribute of the Offer because the @id already gives all the information needed

@bscholtes1A bscholtes1A self-assigned this Jun 10, 2024
This was referenced Jun 11, 2024
Closed
Merged
@paullatzelsperger paullatzelsperger removed the triage all new issues awaiting classification label Jun 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bscholtes1A bscholtes1A

Labels
bug_report Suspected bugs, awaiting triage
Projects
None yet
Milestone
No milestone
3 participants
@ndr-brt @paullatzelsperger @bscholtes1A