diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index f5cbe5a..ef4e986 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -9,14 +9,14 @@ jobs:
build:
runs-on: ubuntu-22.04
steps:
- - uses: actions/setup-java@v2
+ - uses: actions/setup-java@v4
with:
java-version: 17
distribution: adopt
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
- - uses: actions/cache@v2
+ - uses: actions/cache@v3
with:
path: |
~/.m2/repository
@@ -27,10 +27,6 @@ jobs:
APP_LATEST_REV=$(git rev-list --tags --max-count=1)
APP_LATEST_TAG=$(git describe --tags ${APP_LATEST_REV} 2> /dev/null || echo 0.0.0)
echo "APP_VERSION=${APP_LATEST_TAG}-${APP_SHA}" >> ${GITHUB_ENV}
- - name: copyContext
- run: |-
- rm ./src/main/resources/static/context.json
- echo '${{ secrets.CONTEXT_FILE }}' > ./src/main/resources/static/context.json
- name: mvn
run: |-
mvn versions:set \
@@ -57,6 +53,10 @@ jobs:
--file ./Dockerfile
--tag "${APP_PACKAGES_URL}:${APP_VERSION}";
docker push "${APP_PACKAGES_URL}:${APP_VERSION}";
+ docker build .
+ --file ./DB-Changelog-Dockerfile
+ --tag "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}";
+ docker push "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}";
env:
APP_PACKAGES_URL: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution
APP_PACKAGES_USERNAME: ${{ github.actor }}
diff --git a/.github/workflows/ci-openapi.yml b/.github/workflows/ci-openapi.yml
deleted file mode 100644
index ef64dd0..0000000
--- a/.github/workflows/ci-openapi.yml
+++ /dev/null
@@ -1,67 +0,0 @@
-name: ci-openapi
-on:
- workflow_dispatch:
- release:
- types:
- - created
-jobs:
- release:
- runs-on: ubuntu-22.04
- steps:
- - uses: actions/setup-java@v2
- with:
- java-version: 17
- distribution: adopt
- - uses: actions/checkout@v2
- with:
- fetch-depth: 0
- - uses: actions/cache@v2
- with:
- path: |
- ~/.m2/repository
- key: ${{ runner.os }}-${{ hashFiles('**/pom.xml') }}
- - name: version
- run: >-
- APP_SHA=$(git rev-parse --short ${GITHUB_SHA});
- APP_TAG=${GITHUB_REF/refs\/tags\/}
- APP_VERSION=${APP_TAG};
- echo "APP_SHA=${APP_SHA}" >> ${GITHUB_ENV};
- echo "APP_TAG=${APP_TAG}" >> ${GITHUB_ENV};
- echo "APP_VERSION=${APP_VERSION}" >> ${GITHUB_ENV};
- - name: mvn
- run: >-
- mvn versions:set
- --batch-mode
- --file ./pom.xml
- --settings ./settings.xml
- --define newVersion="${APP_VERSION}";
- mvn clean verify
- --batch-mode
- --file ./pom.xml
- --settings ./settings.xml
- --define app.packages.username="${APP_PACKAGES_USERNAME}"
- --define app.packages.password="${APP_PACKAGES_PASSWORD}";
- env:
- APP_PACKAGES_USERNAME: ${{ github.actor }}
- APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
- - name: Upload Artifact
- uses: actions/upload-artifact@v2
- with:
- name: openapi.json
- path: target/openapi.json
- - name: Checkout OpenApi Doc Branch
- uses: actions/checkout@v2
- with:
- ref: openapi-doc
- - name: Delete existing openapi.json
- run: rm -f openapi.json
- - name: Download openapi.json
- uses: actions/download-artifact@v2
- with:
- name: openapi.json
- - name: Commit and Push changes
- run: |
- git config user.name github-actions
- git config user.email github-actions@github.com
- git commit -a --allow-empty -m "Update OpenAPI JSON"
- git push
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 3086fd5..eb49f05 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -9,14 +9,14 @@ jobs:
env:
APP_VERSION: ${{ github.event.release.tag_name }}
steps:
- - uses: actions/setup-java@v2
+ - uses: actions/setup-java@v4
with:
java-version: 17
distribution: adopt
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v4
with:
fetch-depth: 0
- - uses: actions/cache@v2
+ - uses: actions/cache@v3
with:
path: |
~/.m2/repository
@@ -48,6 +48,10 @@ jobs:
--tag "${APP_PACKAGES_URL}:${APP_VERSION}"
docker push "${APP_PACKAGES_URL}:latest"
docker push "${APP_PACKAGES_URL}:${APP_VERSION}"
+ docker build .
+ --file ./DB-Changelog-Dockerfile
+ --tag "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}";
+ docker push "${APP_PACKAGES_URL}-initcontainer:${APP_VERSION}";
env:
APP_PACKAGES_URL: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution
APP_PACKAGES_USERNAME: ${{ github.actor }}
@@ -56,38 +60,6 @@ jobs:
run: |-
gh release upload ${APP_VERSION} \
--clobber \
- ./target/openapi.json#openapi-${APP_VERSION}.json \
./target/generated-resources/licenses.xml#licenses-${APP_VERSION}.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- deploy:
- runs-on: ubuntu-20.04
- environment: dev
- needs:
- - build
- env:
- APP_VERSION: ${{ github.event.release.tag_name }}
- steps:
- - name: cf setup
- run: |-
- curl -sL "https://packages.cloudfoundry.org/stable?release=${CF_RELEASE}&version=${CF_VERSION}" | \
- sudo tar -zx -C /usr/local/bin
- env:
- CF_VERSION: 7.2.0
- CF_RELEASE: linux64-binary
- - name: cf push
- run: |-
- cf api ${CF_API}
- cf auth
- cf target -o ${CF_ORG} -s ${CF_SPACE}
- cf push ${APP_NAME} --docker-image ${APP_IMAGE}:${APP_VERSION} --docker-username ${CF_DOCKER_USERNAME}
- env:
- APP_NAME: tng-key-distribution-test
- APP_IMAGE: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution
- CF_API: ${{ secrets.CF_API }}
- CF_ORG: ${{ secrets.CF_ORG }}
- CF_SPACE: ${{ secrets.CF_SPACE }}
- CF_USERNAME: ${{ secrets.CF_USERNAME }}
- CF_PASSWORD: ${{ secrets.CF_PASSWORD }}
- CF_DOCKER_USERNAME: ${{ secrets.CF_DOCKER_USERNAME }}
- CF_DOCKER_PASSWORD: ${{ secrets.CF_DOCKER_PASSWORD }}
diff --git a/.github/workflows/helm-release.yml b/.github/workflows/helm-release.yml
new file mode 100644
index 0000000..231fb52
--- /dev/null
+++ b/.github/workflows/helm-release.yml
@@ -0,0 +1,28 @@
+name: Release Charts
+
+on:
+ release:
+ types:
+ - created
+ workflow_dispatch: # This allows the workflow to be triggered manually
+
+jobs:
+ release:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: Configure Git
+ run: |
+ git config user.name "$GITHUB_ACTOR"
+ git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+ - name: Run chart-releaser
+ uses: helm/chart-releaser-action@v1.6.0
+ with:
+ charts_dir: "k8s/charts" # Specify the path to your charts directory
+ env:
+ CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 884883e..ae5f491 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,8 @@ target/
!**/src/main/**
!**/src/test/**
+application-local.yml
+
### STS ###
.apt_generated
.classpath
diff --git a/DB-Changelog-Dockerfile b/DB-Changelog-Dockerfile
new file mode 100644
index 0000000..5b7b375
--- /dev/null
+++ b/DB-Changelog-Dockerfile
@@ -0,0 +1,3 @@
+FROM liquibase/liquibase
+
+COPY /src/main/resources/db /liquibase/db
diff --git a/README.md b/README.md
index 320ca5a..fb5f5a6 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,14 @@
-
+
TNG Key Distribution Service
-
+
-
+
About •
Development •
Documentation •
@@ -131,7 +131,9 @@ docker-compose up --build
After all containers have started, you will be able to reach the service on your [local machine](http://localhost:8080/api/docs) under port 8080.
-## Documentation
+## Cloud deployment
+
+## Documentation
[OpenAPI Spec](https://worldhealthorganization.github.io/tng-key-distribution/)
@@ -147,11 +149,11 @@ The following channels are available for discussions, feedback, and support requ
| **Issues** | 
|
| **Other requests** | 
|
-## How to contribute
+## How to contribute
Contribution and feedback is encouraged and always welcome. For more information about how to contribute, the project structure, as well as additional contribution information, see our [Contribution Guidelines](./CONTRIBUTING.md). By participating in this project, you agree to abide by its [Code of Conduct](./CODE_OF_CONDUCT.md) at all times.
-## Contributors
+## Contributors
Our commitment to open source means that we are enabling -in fact encouraging- all interested parties to contribute and become part of its developer community.
diff --git a/certs/From Files to secrets to container with mounted volumes.md b/certs/From Files to secrets to container with mounted volumes.md
index e4d19d1..fd4bad6 100644
--- a/certs/From Files to secrets to container with mounted volumes.md
+++ b/certs/From Files to secrets to container with mounted volumes.md
@@ -1,58 +1,68 @@
-### How to populate the keystores and truststores, trustanchor files in k8s cluster
-A general approach how to secrets are mounted volumes can be found in the official [documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)
-1.) generate the keystore, truststore trust_anchor as described in [PlaceYourGatewayAccessKeysHere.md](PlaceYourGatewayAccessKeysHere.md)
-2.) combine the resulting files in a single secret with
-```(bash)
-kubectl create secret generic mtls_secret --dry-run=client -o yaml --from-file=tls_key_store.p12 --from-file=tng_tls_server_truststore.p12 --from-file=trustanchor_store.jks > mtls_secret.yaml
-kubectl create secret generic --dry-run=client -o yaml --from-file= --from-file=.p12 --from-file= > combined_tls_secret.yaml
-```
-this will result in a yaml file containing the base64 encoded file contents of that three files
-```(json)
-apiVersion: v1
-data:
- tls_key_store.p12: MIIF3wIBAzCCBZUGDQEJFDEkHiIAYwBsAGkAZQBuAHQAYwByAGUAZABlAG4AdABpAGEAbABzMEEwMTANBglghkgBZQMEAgEFAAQgt/aPlSTVrkAIplPg++vrX...../czGzdjH1XPrutiae8EAFoECKv4c1pYD2TDAgIIAA==
- trustanchor_store.jks: /u3+7QAAAAIAAAABAAAAAgAadG5nLXRscy1zZXJ2ZXItY2VydGlmaWNhdGUAAAGLVC9h5gAFWC41MDkAAAUaMIIFFjCCAv6gAwIBAgIRAJErCEr
- tng_tls_server_truststore.p12: /u3+7QAAAAIAAAABAAAAAgAXoB1.....lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4avAuvDsz
-kind: Secret
-metadata:
- creationTimestamp: null
- name: mtls_secret
-```
-This file then can be temporarily included in your helm charts or directly applied to your cluster with
-```(shell)
-kubectl apply -f mtls_secret.yaml # will apply the secret to current context
-```
-**Note that your secrets with keystores/truststores contain sensible data. Keep them in save place**
-
-In the deployment of your helm chart include the the secret as volumes in the template spec
-````(helm)
-spec:
- template:
- spec:
- volumes:
- - name: secrets-jks
- secret:
- secretName: mtls-secret
- items:
- - key: tls_key_store.p12
- path: tls_key_store.p12
- - key: trustanchor_store.jks
- path: trustanchor_store.jks
- - key: tng_tls_server_truststore.p12
- path: tng_tls_server_truststore.p12
-````
-The items array is optional as long as the keynames reflect the filenames and all keys in the secret
-shall be mapped to files
-
-The according volume mounts are defined in the container section
-````(helm)
-spec:
- templates:
- spec:
- containers:
- volumeMounts:
- - name: secrets-jks
- mountPath: /certs
- readOnly: true
-````
-
+### How to populate the keystores and truststores, trustanchor files in k8s cluster
+
+A general approach how to secrets are mounted volumes can be found in the official [documentation](https://kubernetes.io/docs/tasks/inject-data-application/distribute-credentials-secure/#create-a-pod-that-has-access-to-the-secret-data-through-a-volume)
+1.) generate the keystore, truststore trust_anchor as described in [PlaceYourGatewayAccessKeysHere.md](PlaceYourGatewayAccessKeysHere.md)
+2.) combine the resulting files in a single secret with
+
+```(bash)
+kubectl create secret generic mtls-secret --dry-run=client --namespace=kds -o yaml --from-file=tls_key_store.p12 --from-file=tng_tls_server_truststore.p12 --from-file=trustanchor_store.jks > mtls_secret.yaml
+kubectl create secret generic --dry-run=client --namespace= -o yaml --from-file= --from-file=.p12 --from-file= > combined_tls_secret.yaml
+```
+
+this will result in a yaml file containing the base64 encoded file contents of that three files
+
+```(json)
+apiVersion: v1
+data:
+ tls_key_store.p12: MIIF3wIBAzCCBZUGDQEJFDEkHiIAYwBsAGkAZQBuAHQAYwByAGUAZABlAG4AdABpAGEAbABzMEEwMTANBglghkgBZQMEAgEFAAQgt/aPlSTVrkAIplPg++vrX...../czGzdjH1XPrutiae8EAFoECKv4c1pYD2TDAgIIAA==
+ trustanchor_store.jks: /u3+7QAAAAIAAAABAAAAAgAadG5nLXRscy1zZXJ2ZXItY2VydGlmaWNhdGUAAAGLVC9h5gAFWC41MDkAAAUaMIIFFjCCAv6gAwIBAgIRAJErCEr
+ tng_tls_server_truststore.p12: /u3+7QAAAAIAAAABAAAAAgAXoB1.....lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4avAuvDsz
+kind: Secret
+metadata:
+ creationTimestamp: null
+ name: mtls-secret
+```
+
+This file then can be temporarily included in your helm charts or directly applied to your cluster with
+
+```(shell)
+kubectl apply -f mtls-secret.yaml # will apply the secret to current context
+```
+
+**Note that your secrets with keystores/truststores contain sensible data. Keep them in save place**
+
+In the deployment of your helm chart include the secret as volumes in the template spec
+
+```(helm)
+spec:
+ template:
+ spec:
+ volumes:
+ - name: secrets-jks
+ secret:
+ secretName: mtls-secret
+ items:
+ - key: tls_key_store.p12
+ path: tls_key_store.p12
+ - key: trustanchor_store.jks
+ path: trustanchor_store.jks
+ - key: tng_tls_server_truststore.p12
+ path: tng_tls_server_truststore.p12
+```
+
+The items array is optional as long as the keynames reflect the filenames and all keys in the secret
+shall be mapped to files
+
+The according volume mounts are defined in the container section
+
+```(helm)
+spec:
+ templates:
+ spec:
+ containers:
+ volumeMounts:
+ - name: secrets-jks
+ mountPath: /certs
+ readOnly: true
+```
+
diff --git a/certs/PlaceYourGatewayAccessKeysHere.md b/certs/PlaceYourGatewayAccessKeysHere.md
index f181094..649a702 100644
--- a/certs/PlaceYourGatewayAccessKeysHere.md
+++ b/certs/PlaceYourGatewayAccessKeysHere.md
@@ -29,3 +29,31 @@ Create a pkcs12 KeyStore from the TLS.pem and TLS.key:
```
openssl pkcs12 -export -out tls_key_store.p12 -inkey TLS.key -in TLS.pem -passout pass:dgcg-p4ssw0rd -name clientcredentials
```
+
+# How to setup signing material for DID Signing
+
+KDS is able to provide a DID-Document holding the downloaded keys. The DID-Document will be signed by a private key provided in a KeyStore.
+
+Generate Private Key (Choose another Curve depending your needs)
+
+```
+openssl ecparam -name prime256v1 -genkey -noout -out did-signer.pem
+```
+
+Convert PEM-File to KeyStore
+
+```
+openssl pkcs12 -export -out did-signer.p12 -inkey did-signer.pem -nocerts -passout pass:secure-password -name did-signer
+```
+
+This will result in a KeyStore (P12) containing the previously generated private key stored with alias "did-signer" and secured with password "secure-password"
+
+```yaml
+dgc:
+ did:
+ didUploadProvider: local-file
+ localKeyStore:
+ alias: did-signer
+ password: secure-password
+ path: ./did-signer.p12
+```
diff --git a/codestyle/checkstyle.xml b/codestyle/checkstyle.xml
index f50e861..9bca361 100644
--- a/codestyle/checkstyle.xml
+++ b/codestyle/checkstyle.xml
@@ -44,6 +44,7 @@
+
@@ -315,4 +316,4 @@
-
\ No newline at end of file
+
diff --git a/k8s/helm/tngkds/README.md b/k8s/helm/tngkds/README.md
new file mode 100644
index 0000000..b814bca
--- /dev/null
+++ b/k8s/helm/tngkds/README.md
@@ -0,0 +1,44 @@
+# tngkds
+
+  
+
+A Helm chart for Kubernetes
+
+## Requirements
+The versions from umbrella chart are currently not used, please refer to to corresponding image tags in value files
+
+| Repository | Name | Version |
+|------------|------|---------|
+| | tngkds-backend | 0.1.0 |
+| | tngkds-postgres | 0.1.0 |
+
+## Values
+
+| Key | Type | Default | Description |
+|-----------------------------------------------------------|--------|-------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| tngkds-backend.gateway.connector.enabled | bool | `true` | flag whether the kds is connected to the TNG |
+| tngkds-backend.gateway.connector.endpoint | string | `""` | The url where the TNG can be reached |
+| tngkds-backend.gateway.connector.max-cache-age | int | `300` | |
+| tngkds-backend.gateway.connector.proxy.enabled | bool | `false` | used for development, when KDS is run behind a proxy. If set to true, _tngkds-backend.gateway.connector.proxy.port_ and _tngkds-backend.gateway.connector.proxy.host_ also need to be applied |
+| tngkds-backend.gateway.connector.tls_key_store.alias | string | `"clientcredentials"` | |
+| tngkds-backend.gateway.connector.tls_key_store.password | string | `""` | |
+| tngkds-backend.gateway.connector.tls_key_store.path | string | `"/certs/tls_key_store.p12"` | |
+| tngkds-backend.gateway.connector.tls_trust_store.alias | string | `"tng-tls-server-certificate"` | |
+| tngkds-backend.gateway.connector.tls_trust_store.password | string | `""` | |
+| tngkds-backend.gateway.connector.tls_trust_store.path | string | `"/certs/tng_tls_server_truststore.p12"` | |
+| tngkds-backend.gateway.connector.trust_anchor.alias | string | `"trustanchor"` | |
+| tngkds-backend.gateway.connector.trust_anchor.password | string | `""` | |
+| tngkds-backend.gateway.connector.trust_anchor.path | string | `"/certs/trustanchor_store.jks"` | |
+| tngkds-backend.image.tag | string | `""` | |
+| tngkds-backend.liquibaseImage.tag | string | `""` | |
+| tngkds-backend.path | string | `"/()(*)"` | |
+| tngkds-backend.port | int | `8080` | |
+| tngkds-backend.db.driverclass | String | `org.h2.Driver` | The JDBC driver class |
+| tngkds-backend.db.plattform | String | `org.hibernate.dialect.H2Dialect` | The Hibernate dialect |
+| tngkds-backend.db.url | String | `jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;` | The JDBC URL for the database connection |
+| tngkds-backend.db.username | String | `sa` | The username for the database connection |
+| tngkds-backend.db.password | String | `''` | The password for the database connection |
+| tngkds-postgres.asPod.enabled | bool | `false` | |
+| tngkds-postgres.path | string | `"/()(*)"` | |
+| tngkds-postgres.port | int | `5432` | |
+
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/README.md b/k8s/helm/tngkds/charts/tngkds-backend/README.md
new file mode 100644
index 0000000..42a95f8
--- /dev/null
+++ b/k8s/helm/tngkds/charts/tngkds-backend/README.md
@@ -0,0 +1,86 @@
+
+# tngkds-backend
+
+  
+
+A Helm chart for TNG Key Distribution Service
+
+## Values
+
+| Key | Type | Default | Description |
+|--------------------------------------------|--------|---------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| affinity | object | `{}` | |
+| autoscaling.enabled | bool | `false` | |
+| autoscaling.maxReplicas | int | `100` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| did.cron | string | `"*/10 * * * * *"` | spring cronjob configuration, how often shall the did file be generated |
+| did.didUploadProvider | string | `"local-file"` | Upload provider for Did document, currently local-file |
+| did.localFile.directory | string | `"trustlist"` | If upload provider is local-file: directory of the generated file |
+| did.localFile.file-name | string | `"did.json"` | If upload provider is local-file: file-name of the generated file |
+| did.did_controller | string | `"did:web:def"` | The controller that is generating the did.json / controlling its contents |
+| did.did_id | string | `"did:web:abc"` | The ID of the did entry |
+| did.enableDidGeneration | bool | `true` | Shall the did documents be generated |
+| did.ld_proof_nonce | string | `"n0nc3"` | Nonce of the Did Document |
+| did.ld_proof_verification_method | string | `"did:web:dummy.net"` | Verification Method of the DID Signer. Usually a did-link to a did.json containing the public key material that was used to sign this DID |
+| did.trust_list_controller_prefix | string | `"did:web:abc"` | |
+| did.trust_list_id_prefix | string | `"did:web:abc"` | |
+| did.workdir | string | `"/tmp/kdsgituploader"` | local folder used for checkout and update git repository |
+| did.prefix | string | `"v2.0.0"` | prefix used as root folder name for generated files |
+| did.url | string | `"https://github.com/WorldHealthOrganization/tng-cdn-dev"` | the git repository to work in |
+| did.pat | string | `"git did pat by secret tng-bot-dev"` | the personal access token of the technical user that has permission to write to the repository |
+| did.didSigningProvider | string | `"dummy"`, `"local-keystore"` for configured private key | signing provider to be used to sign the did documents (proof section). dummy can be used for dev. "local-keystore"` should be used with configured private key in keystore. (see: How to setup signing material for DID Signing in [certs documentation](../../../../../certs/PlaceYourGatewayAccessKeysHere.md) |
+| did.trust-list-path | string | `"trustlist"` | path that contains DID documents of trustlist |
+| did.trust-list-ref-path | string | `"trustlist-ref"` | path that contains DID documents with references only |
+| fullnameOverride | string | `""` | |
+| gateway.connector.enabled | bool | `true` | |
+| gateway.connector.endpoint | string | `""` | |
+| gateway.connector.max-cache-age | int | `300` | |
+| gateway.connector.proxy.enabled | bool | `false` | used for development, when your machine needs a proxy to access _tng.who.int_ |
+| gateway.connector.tls_key_store.alias | string | `""` | KDS application accesses the cert via its alias |
+| gateway.connector.tls_key_store.password | string | `""` | |
+| gateway.connector.tls_key_store.path | string | `""` | |
+| gateway.connector.tls_trust_store.alias | string | `""` | KDS application accesses the cert via its alias |
+| gateway.connector.tls_trust_store.password | string | `""` | |
+| gateway.connector.tls_trust_store.path | string | `""` | |
+| gateway.connector.trust_anchor.alias | string | `""` | tng application access the cert via its alias |
+| gateway.connector.trust_anchor.password | string | `""` | |
+| gateway.connector.trust_anchor.path | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution"` | |
+| image.tag | string | `"0.0.1-d890889"` | version of the container image to be used for deployment |
+| imagePullSecrets | string | `"tng-distribution-pull-secret"` | |
+| ingress.annotations | object | `{}` | |
+| ingress.className | string | `""` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths[0].path | string | `"/"` | |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
+| ingress.tls | list | `[]` | |
+| liquibaseImage.repository | string | `"ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution-initcontainer"` | |
+| liquibaseImage.tag | string | `""` | version of the initcontainer image to be used, the tag is the same as for _image.tag_ |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podAnnotations | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| db.driverclass | String | `org.h2.Driver` | The JDBC driver class |
+| db.plattform | String | `org.hibernate.dialect.H2Dialect` | The Hibernate dialect |
+| db.url | String | `jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;` | The JDBC URL for the database connection |
+| db.username | String | `sa` | The username for the database connection |
+| db.password | String | `''` | The password for the database connection |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| server.port | int | `8080` | port of the kds applications api server |
+| service.ports[0].name | string | `"http"` | |
+| service.ports[0].nodePort | int | `30166` | |
+| service.ports[0].port | int | `8080` | |
+| service.ports[0].protocol | string | `"TCP"` | |
+| service.ports[0].targetPort | int | `8080` | |
+| service.type | string | `"NodePort"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| spring.profile | string | `"cloud"` | {_0..n_} Spring profiles to be activated, usually used for feature toggle, currently not in use (existing values will be ignored) |
+| tolerations | list | `[]` | |
+
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml b/k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml
deleted file mode 100644
index fb77939..0000000
--- a/k8s/helm/tngkds/charts/tngkds-backend/templates/configmap.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "tngkds-backend.fullname" . }}-cfg
-data:
- host: "{{ .Values.configMap.data.host }}"
- dbname: "{{ .Values.configMap.data.dbName }}"
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml b/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml
index 19b940c..828c5e6 100644
--- a/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-backend/templates/deployment.yaml
@@ -4,6 +4,7 @@ metadata:
name: {{ include "tngkds-backend.fullname" . }}
labels:
{{- include "tngkds-backend.labels" . | nindent 4 }}
+ namespace: {{ .Release.Namespace }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
@@ -40,45 +41,83 @@ spec:
- name: SPRING_PROFILES_ACTIVE
value: {{ .Values.spring.profile }}
- name: SPRING_DATASOURCE_URL
- value: "jdbc:postgresql://{{ .Values.psql.serviceName }}.{{ .Release.Namespace }}.{{ .Values.psql.cluster }}:{{ .Values.psql.port }}/{{ .Values.psql.dbName }}"
+ value: {{ .Values.db.url | quote }}
- name: SPRING_DATASOURCE_DRIVERCLASSNAME
- value: "org.postgresql.Driver"
+ value: {{ .Values.db.driverclass | quote }}
- name: SPRING_DATASOURCE_JNDI_NAME
value: "false"
- name: SPRING_JPA_DATABASEPLATFORM
- value: "org.hibernate.dialect.PostgreSQLDialect"
+ value: {{ .Values.db.plattform | quote }}
- name: SPRING_DATASOURCE_USERNAME
- valueFrom:
- secretKeyRef:
- name: {{ include "tngkds-backend.fullname" . }}-secret
- key: pgUser
+ value: {{ .Values.db.username | quote }}
- name: SPRING_DATASOURCE_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "tngkds-backend.fullname" . }}-secret
- key: pgPassword
+ value: {{ .Values.db.password | quote }}
- name: DGC_GATEWAY_CONNECTOR_TLS_TRUST_STORE_PATH
value: {{ .Values.gateway.connector.tls_trust_store.path }}
- name: DGC_GATEWAY_CONNECTOR_TLS_TRUST_STORE_PASSWORD
- value: {{ .Values.gateway.connector.tls_trust_store.password }}
+ value: {{ .Values.gateway.connector.tls_trust_store.password | quote }}
- name: DGC_GATEWAY_CONNECTOR_TLS_TRUST_STORE_ALIAS
value: {{ .Values.gateway.connector.tls_trust_store.alias }}
- name: DGC_GATEWAY_CONNECTOR_TLS_KEY_STORE_PATH
value: {{ .Values.gateway.connector.tls_key_store.path }}
- name: DGC_GATEWAY_CONNECTOR_TLS_KEY_STORE_PASSWORD
- value: {{ .Values.gateway.connector.tls_key_store.password }}
+ value: {{ .Values.gateway.connector.tls_key_store.password | quote }}
- name: DGC_GATEWAY_CONNECTOR_TLS_KEY_STORE_ALIAS
value: {{.Values.gateway.connector.tls_key_store.alias }}
- name: DGC_GATEWAY_CONNECTOR_TRUST_ANCHOR_PATH
value: {{ .Values.gateway.connector.trust_anchor.path }}
- name: DGC_GATEWAY_CONNECTOR_TRUST_ANCHOR_PASSWORD
- value: {{ .Values.gateway.connector.trust_anchor.password }}
+ value: {{ .Values.gateway.connector.trust_anchor.password | quote }}
- name: DGC_GATEWAY_CONNECTOR_TRUST_ANCHOR_ALIAS
value: {{ .Values.gateway.connector.trust_anchor.alias }}
- name: DGC_GATEWAY_CONNECTOR_ENABLED
- value: {{ .Values.gateway.connector.enabled |quote }}
+ value: {{ .Values.gateway.connector.enabled | quote }}
- name: DGC_GATEWAY_CONNECTOR_ENDPOINT
value: {{ .Values.gateway.connector.endpoint }}
+ {{- if .Values.did.enableDidGeneration }}
+ - name: DGC_DID_CRON
+ value: "{{ .Values.did.cron }}"
+ - name: DGC_DID_DIDUPLOADPROVIDER
+ value: "{{ .Values.did.didUploadProvider }}"
+ - name: DGC_DID_LOCALFILE_DIRECTORY
+ value: "{{ .Values.did.localFile.directory }}"
+ - name: DGC_DID_LOCALFILE_FILENAME
+ value: "{{ .Values.did.localFile.filename }}"
+ - name: DGC_DID_GIT_WORKDIR
+ value: "{{ .Values.did.git.workdir }}"
+ - name: DGC_DID_GIT_PREFIX
+ value: "{{ .Values.did.git.prefix }}"
+ - name: DGC_DID_GIT_URL
+ value: "{{ .Values.did.git.url }}"
+ - name: DGC_DID_GIT_PAT
+ value: "{{ .Values.did.git.pat }}"
+ - name: DGC_DID_DIDSIGNINGPROVIDER
+ value: "{{ .Values.did.didSigningProvider }}"
+ - name: DGC_DID_LDPROOFVERIFICATIONMETHOD
+ value: "{{ index .Values.did "ld-proof-verification-method" }}"
+ - name: DGC_DID_DIDID
+ value: "{{ index .Values.did "did-id" }}"
+ - name: DGC_DID_TRUSTLISTPATH
+ value: "{{ index .Values.did "trust-list-path" }}"
+ - name: DGC_DID_TRUSTLISTREFPATH
+ value: "{{ index .Values.did "trust-list-ref-path" }}"
+ - name: DGC_DID_DIDCONTROLLER
+ value: "{{ index .Values.did "did-controller" }}"
+ - name: DGC_DID_TRUSTLISTIDPREFIX
+ value: "{{ index .Values.did "trust-list-id-prefix" }}"
+ - name: DGC_DID_TRUSTLISTCONTROLLEPREFIX
+ value: "{{ index .Values.did "trust-list-controller-prefix" }}"
+ {{- range $key, $value := .Values.did.virtualCountries }}
+ - name: DGC_DID_VIRTUALCOUNTRIES_{{ $key | toString | upper }}
+ value: "{{ $value }}"
+ {{- end }}
+ - name: DGC_DID_GROUPDENYLIST
+ value: "{{ join "," (index .Values.did "group-deny-list") }}"
+ {{- range $key, $value := index .Values.did "group-name-mapping" }}
+ - name: DGC_DID_GROUPNAMEMAPPING_{{ $key | toString | upper }}
+ value: "{{ $value }}"
+ {{- end }}
+ {{- end }}
volumeMounts:
- name: secrets-jks
mountPath: /certs
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml b/k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml
deleted file mode 100644
index eead9f3..0000000
--- a/k8s/helm/tngkds/charts/tngkds-backend/templates/secrets.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "tngkds-backend.fullname" . }}-secret
-stringData:
- pgUser: "postgres"
- pgPassword: "postgres"
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml
index 8c4729f..a2d6ed5 100644
--- a/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-backend/values-local.yaml
@@ -88,12 +88,13 @@ tolerations: []
affinity: {}
-# Postgres
-psql:
- serviceName: postgres
- port: 5432
- dbName: postgres
- cluster: svc.cluster.local
+# H2
+db:
+ driverclass: org.h2.Driver
+ plattform: org.hibernate.dialect.H2Dialect
+ url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;
+ username: sa
+ password: ''
# ConfigMap
configMap:
diff --git a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml
index 5490a6b..c26858c 100644
--- a/k8s/helm/tngkds/charts/tngkds-backend/values.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-backend/values.yaml
@@ -10,7 +10,7 @@ image:
repository: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
- tag: "0.0.1-d890889" #"0.0.1-2840d04"
+ tag: "0.0.1-d890889" #"0.0.1-2840d04"
#kubectl -n create secret docker-registry --docker-server=ghcr.io --docker-username= --docker-password= --docker-email= -o yaml
#kubectl -n kds create secret docker-registry tng-distribution-pull-secret --docker-server=ghcr.io --docker-username=anonymous --docker-password= --docker-email=anonymous@example.com -o yaml
@@ -18,6 +18,11 @@ imagePullSecrets: tng-distribution-pull-secret
nameOverride: ""
fullnameOverride: ""
+# Liquibase
+liquibaseImage:
+ repository: ghcr.io/worldhealthorganization/tng-key-distribution/tng-key-distribution-initcontainer
+ tag:
+
serviceAccount:
# Specifies whether a service account should be created
create: true
@@ -29,10 +34,12 @@ serviceAccount:
podAnnotations: {}
-podSecurityContext: {}
+podSecurityContext:
+ {}
# fsGroup: 2000
-securityContext: {}
+securityContext:
+ {}
# capabilities:
# drop:
# - ALL
@@ -52,7 +59,8 @@ service:
ingress:
enabled: false
className: ""
- annotations: {}
+ annotations:
+ {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
@@ -65,7 +73,8 @@ ingress:
# hosts:
# - chart-example.local
-resources: {}
+resources:
+ {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -90,18 +99,19 @@ tolerations: []
affinity: {}
-# Postgres
-psql:
- serviceName: postgres
- port: 5432
- dbName: postgres
- cluster: svc.cluster.local
+# H2
+db:
+ driverclass: org.h2.Driver
+ plattform: org.hibernate.dialect.H2Dialect
+ url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;
+ username: sa
+ password: ''
# ConfigMap
-configMap:
- data:
- host: localhost
- dbName: postgres
+# configMap:
+# data:
+# host: localhost
+# dbName: postgres
# Spring
spring:
@@ -111,7 +121,7 @@ spring:
server:
port: 8080
-
+# Smart TN Gateway
gateway:
connector:
enabled: true
@@ -131,3 +141,36 @@ gateway:
alias:
password:
path:
+did:
+ cron: "*/10 * * * * *"
+ enableDidGeneration: true
+ didUploadProvider: local-file
+ localFile:
+ directory: /tmp/kdsgitworkdir/tng-cdn-dev/v2.0.0
+ file-name: did.json
+ git:
+ workdir: /tmp/kdsgituploader # oon clonind will checkout e.g. tng-cdn-dev
+ prefix: v2.0.0 #for copy action into git workdir from local file exporter path
+ url: https://github.com/WorldHealthOrganization/tng-cdn-dev
+ pat: #TODO: set by secret
+ didSigningProvider: dummy
+ ld-proof-verification-method: did:web:dummy.net
+ did-id: did:web:worldhealthorganization.github.io:tng-cdn-dev:v2.0.0
+ trust-list-path: trustlist
+ trust-list-ref-path: trustlist-ref
+ did-controller: did:web:def
+ trust-list-id-prefix: did:web:abc
+ trust-list-controller-prefix: did:web:abc
+ contextMapping:
+ "[https://www.w3.org/ns/did/v1]": did_v1.json
+ "[https://w3id.org/security/suites/jws-2020/v1]": jws-2020_v1.json
+ virtualCountries:
+ XA: XXA
+ XB: XXB
+ XO: XXO
+ XL: XCL
+ EU: XEU
+ group-deny-list:
+ - UPLOAD
+ group-name-mapping:
+ CSCA: SCA
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/README.md b/k8s/helm/tngkds/charts/tngkds-postgres/README.md
new file mode 100644
index 0000000..13a1375
--- /dev/null
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/README.md
@@ -0,0 +1,45 @@
+# tngkds-postgres
+
+  
+
+A Helm chart for PostgreSQL database for TNG Key Distribution Service
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | |
+| autoscaling.enabled | bool | `false` | Pod autoscaling |
+| autoscaling.maxReplicas | int | `100` | |
+| autoscaling.minReplicas | int | `1` | |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | |
+| configMap.data.dbName | string | `"postgres"` | used as service name when db is deployed as pod |
+| configMap.data.host | string | `"localhost"` | used as host name when db is deployed as pod |
+| dbpassword | string | `""` | password of the dbuser |
+| dbuser | string | `""` | username of the dbuser |
+| fullnameOverride | string | `""` | |
+| image.pullPolicy | string | `"IfNotPresent"` | |
+| image.repository | string | `"nginx"` | |
+| image.tag | string | `""` | |
+| imagePullSecrets | list | `[]` | |
+| ingress.annotations | object | `{}` | |
+| ingress.className | string | `""` | |
+| ingress.enabled | bool | `false` | |
+| ingress.hosts[0].host | string | `"chart-example.local"` | |
+| ingress.hosts[0].paths[0].path | string | `"/"` | |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
+| ingress.tls | list | `[]` | |
+| nameOverride | string | `""` | |
+| nodeSelector | object | `{}` | |
+| podAnnotations | object | `{}` | |
+| podSecurityContext | object | `{}` | |
+| replicaCount | int | `1` | |
+| resources | object | `{}` | |
+| securityContext | object | `{}` | |
+| service.ports[0].port | int | `5432` | db service port |
+| service.type | string | `"NodePort"` | |
+| serviceAccount.annotations | object | `{}` | |
+| serviceAccount.create | bool | `true` | |
+| serviceAccount.name | string | `""` | |
+| tolerations | list | `[]` | |
+
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml
index 34d2e43..bf656fc 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/configmap.yml
@@ -1,7 +1,10 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "tngkds-postgres.fullname" . }}-cfg
-data:
- host: "{{ .Values.configMap.data.host }}"
- dbname: "{{ .Values.configMap.data.dbName }}"
+{{- if .Values.asPod.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "tngkds-postgres.fullname" . }}-cfg
+ namespace: {{ .Release.Namespace }}
+data:
+ host: "{{ .Values.configMap.data.host }}"
+ dbname: "{{ .Values.configMap.data.dbName }}"
+{{- end }}
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml
index 5745ff2..e13ecd8 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/deployment.yaml
@@ -1,49 +1,52 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "tngkds-postgres.fullname" . }}
- labels:
- {{- include "tngkds-postgres.labels" . | nindent 4 }}
- tier: database
-spec:
- selector:
- matchLabels:
- {{- include "tngkds-postgres.selectorLabels" . | nindent 6 }}
- strategy:
- type: Recreate
- template:
- metadata:
- labels:
- {{- include "tngkds-postgres.labels" . | nindent 8 }}
- tier: database
- spec:
- containers:
- - name: postgres
- image: postgres
- imagePullPolicy: "IfNotPresent"
- env:
- - name: POSTGRES_USER
- valueFrom:
- secretKeyRef:
- name: {{ include "tngkds-postgres.fullname" . }}-secret
- key: pgUser
- - name: POSTGRES_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "tngkds-postgres.fullname" . }}-secret
- key: pgPassword
- - name: POSTGRES_DB
- valueFrom:
- configMapKeyRef:
- name: {{ include "tngkds-postgres.fullname" . }}-cfg
- key: dbname
- ports:
- - containerPort: 5432
- name: postgres
- volumeMounts:
- - mountPath: /var/lib/postgresql/kds/data
- name: postgres-persistance-storage
- volumes:
- - name: postgres-persistance-storage
- persistentVolumeClaim:
- claimName: {{ include "tngkds-postgres.fullname" . }}-pv-claim
+{{- if .Values.asPod.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "tngkds-postgres.fullname" . }}
+ labels:
+ {{- include "tngkds-postgres.labels" . | nindent 4 }}
+ tier: database
+ namespace: {{ .Release.Namespace }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "tngkds-postgres.selectorLabels" . | nindent 6 }}
+ strategy:
+ type: Recreate
+ template:
+ metadata:
+ labels:
+ {{- include "tngkds-postgres.labels" . | nindent 8 }}
+ tier: database
+ spec:
+ containers:
+ - name: postgres
+ image: postgres
+ imagePullPolicy: "IfNotPresent"
+ env:
+ - name: POSTGRES_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "tngkds-postgres.fullname" . }}-secret
+ key: pgUser
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "tngkds-postgres.fullname" . }}-secret
+ key: pgPassword
+ - name: POSTGRES_DB
+ valueFrom:
+ configMapKeyRef:
+ name: {{ include "tngkds-postgres.fullname" . }}-cfg
+ key: dbname
+ ports:
+ - containerPort: 5432
+ name: postgres
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/kds/data
+ name: postgres-persistance-storage
+ volumes:
+ - name: postgres-persistance-storage
+ persistentVolumeClaim:
+ claimName: {{ include "tngkds-postgres.fullname" . }}-pv-claim
+{{- end }}
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml
index 6a6bd21..c3c4d34 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/pv-claim.yaml
@@ -1,13 +1,16 @@
-apiVersion: v1
-kind: PersistentVolumeClaim
-metadata:
- name: {{ include "tngkds-postgres.fullname" . }}-pv-claim
- labels:
- {{- include "tngkds-postgres.labels" . | nindent 4 }}
- tier: database
-spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: 1Gi
+{{- if .Values.asPod.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ include "tngkds-postgres.fullname" . }}-pv-claim
+ labels:
+ {{- include "tngkds-postgres.labels" . | nindent 4 }}
+ tier: database
+ namespace: {{ .Release.Namespace }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 1Gi
+{{- end }}
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml
index 1720e47..32bfca0 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/secrets.yml
@@ -1,7 +1,10 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "tngkds-postgres.fullname" . }}-secret
-stringData:
- pgUser: "postgres"
- pgPassword: "postgres"
+{{- if .Values.asPod.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "tngkds-postgres.fullname" . }}-secret
+ namespace: {{ .Release.Namespace }}
+stringData:
+ pgUser: {{ .Values.dbuser | quote }}
+ pgPassword: {{ .Values.dbpassword | quote }}
+{{- end }}
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml
index e6fcc29..5f28c27 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/templates/service.yaml
@@ -1,16 +1,19 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: postgres
- labels:
- {{- include "tngkds-postgres.labels" . | nindent 4 }}
- tier: database
-spec:
- type: NodePort
- ports:
- {{ range .Values.service.ports }}
- - port: {{ .port }}
- {{ end }}
- selector:
- {{- include "tngkds-postgres.selectorLabels" . | nindent 4 }}
- tier: database
+{{- if .Values.asPod.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: postgres
+ labels:
+ {{- include "tngkds-postgres.labels" . | nindent 4 }}
+ tier: database
+ namespace: {{ .Release.Namespace }}
+spec:
+ type: NodePort
+ ports:
+ {{ range .Values.service.ports }}
+ - port: {{ .port }}
+ {{ end }}
+ selector:
+ {{- include "tngkds-postgres.selectorLabels" . | nindent 4 }}
+ tier: database
+{{- end }}
diff --git a/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml b/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml
index 2b66f43..4561a40 100644
--- a/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml
+++ b/k8s/helm/tngkds/charts/tngkds-postgres/values.yaml
@@ -1,89 +1,95 @@
-# Default values for tngkds-postgres.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
- repository: nginx
- pullPolicy: IfNotPresent
- # Overrides the image tag whose default is the chart appVersion.
- tag: ""
-
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-serviceAccount:
- # Specifies whether a service account should be created
- create: true
- # Annotations to add to the service account
- annotations: {}
- # The name of the service account to use.
- # If not set and create is true, a name is generated using the fullname template
- name: ""
-
-podAnnotations: {}
-
-podSecurityContext: {}
- # fsGroup: 2000
-
-securityContext: {}
- # capabilities:
- # drop:
- # - ALL
- # readOnlyRootFilesystem: true
- # runAsNonRoot: true
- # runAsUser: 1000
-
-service:
- type: NodePort
- ports:
- - port: 5432
-
-ingress:
- enabled: false
- className: ""
- annotations: {}
- # kubernetes.io/ingress.class: nginx
- # kubernetes.io/tls-acme: "true"
- hosts:
- - host: chart-example.local
- paths:
- - path: /
- pathType: ImplementationSpecific
- tls: []
- # - secretName: chart-example-tls
- # hosts:
- # - chart-example.local
-
-resources: {}
- # We usually recommend not to specify default resources and to leave this as a conscious
- # choice for the user. This also increases chances charts run on environments with little
- # resources, such as Minikube. If you do want to specify resources, uncomment the following
- # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
- # limits:
- # cpu: 100m
- # memory: 128Mi
- # requests:
- # cpu: 100m
- # memory: 128Mi
-
-autoscaling:
- enabled: false
- minReplicas: 1
- maxReplicas: 100
- targetCPUUtilizationPercentage: 80
- # targetMemoryUtilizationPercentage: 80
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-# ConfigMap
-configMap:
- data:
- host: localhost
- dbName: postgres
+# Default values for tngkds-postgres.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+ repository: nginx
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+podAnnotations: {}
+
+podSecurityContext:
+ {}
+ # fsGroup: 2000
+
+securityContext:
+ {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+service:
+ type: NodePort
+ ports:
+ - port: 5432
+
+ingress:
+ enabled: false
+ className: ""
+ annotations:
+ {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ hosts:
+ - host: chart-example.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls: []
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+
+resources:
+ {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 100
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+# ConfigMap
+configMap:
+ data:
+ host: localhost
+ dbName: postgres
+dbuser:
+dbpassword:
diff --git a/k8s/helm/tngkds/values.yaml b/k8s/helm/tngkds/values.yaml
index a57c952..0d6c767 100644
--- a/k8s/helm/tngkds/values.yaml
+++ b/k8s/helm/tngkds/values.yaml
@@ -1,13 +1,43 @@
-# Default values for tngkds.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-tngkds-postgres:
- enabled: true
- path: /()(*)
- port: 5432
-
-tngkds-backend:
- enabled: true
- path: /()(*)
- port: 8080
+# Default values for tngkds.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+tngkds-postgres:
+ path: /()(*)
+ port: 5432
+
+ asPod:
+ enabled: false # run db as Service or Pod,set in conjunction with tngkds-backend
+
+tngkds-backend:
+ image:
+ tag:
+ liquibaseImage:
+ tag:
+ path: /()(*)
+ port: 8080
+ db:
+ driverclass: org.h2.Driver
+ plattform: org.hibernate.dialect.H2Dialect
+ url: jdbc:h2:mem:dgc;DB_CLOSE_ON_EXIT=FALSE;DB_CLOSE_DELAY=-1;
+ username: sa
+ password: ''
+ gateway:
+ connector:
+ enabled: true
+ endpoint:
+ proxy:
+ enabled: false
+ max-cache-age: 300
+ tls_trust_store: #CA of TNG Gateway of TLS certificate
+ alias: tng-tls-server-certificate
+ password:
+ path: /certs/tng_tls_server_truststore.p12
+ tls_key_store: # client cert key pair of participant
+ alias: clientcredentials
+ password:
+ path: /certs/tls_key_store.p12
+ trust_anchor: # TA pem file of TNG that was used for signing
+ alias: trustanchor
+ password:
+ path: /certs/trustanchor_store.jks
diff --git a/pom.xml b/pom.xml
index d263321..7973785 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,518 +1,310 @@
+ xmlns="http://maven.apache.org/POM/4.0.0"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
- 4.0.0
+ 4.0.0
- tng.trustnetwork.keydistribution
- tng-key-distribution
- latest
- jar
+
+ org.springframework.cloud
+ spring-cloud-starter-parent
+ 2023.0.1
+
- tng-key-distribution
- GDHCN Key Distribution Service project.
-
- T-Systems International GmbH
-
+ tng.trustnetwork.keydistribution
+ tng-key-distribution
+ latest
+ jar
-
-
- 17
- 17
- 17
-
- UTF-8
- UTF-8
-
- 8.3.1
- 3.0.9
- 2022.0.3
- 2.1.0
- 5.3.23
- 6.1.2
- 1.18.28
- 4.22.0
- 2.1.0
- 2.4.2
- 1.5.5.Final
- 5.0.0-alpha.11
- 5.4.0
- 2.2.220
- 1.5
-
- 3.3.0
- 3.9.1.2184
- 0.8.10
- 1.7.0
- 3.1.2
-
- Key Distribution Service / tng-key-distribution
- 2021
- apache_v2
-
- WorldHealthOrganization
- tng-key-distribution
-
- WorldHealthOrganization
- ${sonar.organization}_${project.artifactId}
- https://sonarcloud.io
-
- **/KeyDistributionServiceApplication.java,
- **/model/*,
- **/mapper/*,
- **/entity/*,
- **/DgcKeyStore.java,
- **/ErrorHandler.java
-
-
+ tng-key-distribution
+ GDHCN Key Distribution Service project.
+
+ T-Systems International GmbH
+
- https://github.com/WorldHealthOrganization/tng-key-distribution
-
- https://github.com/WorldHealthOrganization/tng-key-distribution/actions
-
-
- https://github.com/WorldHealthOrganization/tng-key-distribution/issues
-
-
- https://github.com/WorldHealthOrganization/tng-key-distribution
-
+
+
+ 17
+ 17
+ 17
+
+ UTF-8
+ UTF-8
+
+ 8.3.1
+ 1.5.5.Final
+ 5.12.0
+ 1.78.1
+
+ 3.3.0
+ 0.8.10
+ 2.4.0
+
+ Key Distribution Service / tng-key-distribution
+ 2021
+ apache_v2
+
+ WorldHealthOrganization
+ tng-key-distribution
+
+ WorldHealthOrganization
+ ${sonar.organization}_${project.artifactId}
+ https://sonarcloud.io
+
+ **/KeyDistributionServiceApplication.java,
+ **/model/*,
+ **/mapper/*,
+ **/entity/*,
+ **/DgcKeyStore.java,
+ **/ErrorHandler.java
+
+
-
-
- docker
-
- docker
- jar
-
-
-
-
- org.springframework.boot
- spring-boot-maven-plugin
-
- ${project.build.directory}/docker
- ddccg
-
-
-
- maven-assembly-plugin
-
-
- make-zip-ACC
- none
-
-
- make-zip-test
- none
-
-
- make-zip-PRD
- none
-
-
-
-
-
-
-
+ https://github.com/WorldHealthOrganization/tng-key-distribution
+
+ https://github.com/WorldHealthOrganization/tng-key-distribution/actions
+
+
+ https://github.com/WorldHealthOrganization/tng-key-distribution/issues
+
+
+ https://github.com/WorldHealthOrganization/tng-key-distribution
+
-
-
- who-github
- https://maven.pkg.github.com/${github.organization}/*
-
-
+
+
+ who-github
+ https://maven.pkg.github.com/${github.organization}/*
+
+
+ danubetech-maven-public
+ https://repo.danubetech.com/repository/maven-public/
+
+
-
-
- who-github
- https://maven.pkg.github.com/${github.organization}/${github.project}
-
-
+
+
+ who-github
+ https://maven.pkg.github.com/${github.organization}/${github.project}
+
+
-
-
-
-
- org.yaml
- snakeyaml
- 2.0
-
-
- com.fasterxml.jackson.core
- jackson-databind
- 2.15.2
-
-
- com.fasterxml.jackson.core
- jackson-core
- 2.15.2
-
-
- com.fasterxml.jackson.datatype
- jackson-datatype-jsr310
- 2.15.2
-
-
- com.fasterxml.jackson.core
- jackson-annotations
- 2.15.2
-
-
- com.fasterxml.jackson.jr
- jackson-jr-objects
- 2.15.2
-
-
- com.fasterxml.jackson.datatype
- jackson-datatype-jdk8
- 2.15.2
-
-
- com.fasterxml.jackson.module
- jackson-module-parameter-names
- 2.15.2
-
-
- com.fasterxml.jackson.dataformat
- jackson-dataformat-yaml
- 2.15.2
-
-
- org.json
- json
- 20230618
-
-
- com.google.guava
- guava
- 32.0.1-jre
-
-
- org.springframework.boot
- spring-boot-dependencies
- ${spring.boot.version}
- pom
- import
-
-
- org.springframework.cloud
- spring-cloud-dependencies
- ${spring.cloud.version}
- pom
- import
-
-
- org.projectlombok
- lombok
- ${lombok.version}
-
-
- org.springdoc
- springdoc-openapi-starter-webmvc-ui
- ${springdoc.version}
-
-
- org.liquibase
- liquibase-core
- ${liquibase.version}
-
-
-
+
+ eu.europa.ec.dgc
+ ddcc-gateway-lib
+ 2.0.2
+
+
+
+ org.springframework.boot
+ spring-boot-starter-data-jpa
+
+
+ org.springframework.boot
+ spring-boot-starter-actuator
+
+
+ org.springframework.boot
+ spring-boot-starter-test
+ test
+
+
+ org.springframework.boot
+ spring-boot-starter-web
+
+
+ org.springframework.cloud
+ spring-cloud-starter-openfeign
+
+
+ org.springframework
+ spring-web
+
+
+
+
+ org.springframework
+ spring-web
+ 6.1.6
+
-
-
- eu.europa.ec.dgc
- ddcc-gateway-lib
- 2.0.2
-
-
- org.springframework.boot
- spring-boot-starter
-
-
- org.springframework.boot
- spring-boot-starter-data-jpa
-
-
- org.springframework.boot
- spring-boot-starter-validation
-
-
- org.springframework.boot
- spring-boot-starter-web
-
-
- org.springframework.boot
- spring-boot-starter-actuator
-
-
- org.liquibase
- liquibase-core
-
-
- org.springframework.boot
- spring-boot-starter-test
- test
-
-
- org.projectlombok
- lombok
- provided
-
-
- org.springdoc
- springdoc-openapi-starter-webmvc-ui
- ${springdoc.version}
-
-
- com.h2database
- h2
- ${h2.version}
- runtime
-
-
- org.postgresql
- postgresql
- runtime
-
-
- org.mapstruct
- mapstruct
- ${mapstruct.version}
-
-
- org.springframework.security
- spring-security-web
- ${spring.security.version}
-
-
- com.squareup.okhttp3
- okhttp
- ${okhttp.version}
- test
-
-
- net.javacrumbs.shedlock
- shedlock-provider-jdbc-template
- ${shedlock.version}
-
-
- net.javacrumbs.shedlock
- shedlock-spring
- ${shedlock.version}
-
-
- io.pivotal.cfenv
- java-cfenv-boot
- ${pivotal.cfenv.version}
-
-
- org.springframework.boot
- spring-boot
-
-
-
-
-
- com.google.code.bean-matchers
- bean-matchers
- 0.14
- test
-
-
- commons-fileupload
- commons-fileupload
- ${commons-fileupload.version}
-
-
- org.springframework.cloud
- spring-cloud-starter-feign
- 1.4.7.RELEASE
-
-
+
+
+ org.liquibase
+ liquibase-core
+
+
+ com.h2database
+ h2
+ runtime
+
+
+ org.postgresql
+ postgresql
+ runtime
+ 42.7.3
+
-
-
-
-
- org.springframework.boot
- spring-boot-maven-plugin
- ${spring.boot.version}
-
-
- org.apache.maven.plugins
- maven-checkstyle-plugin
- ${plugin.checkstyle.version}
-
-
- com.puppycrawl.tools
- checkstyle
- 8.41.1
-
-
-
-
- org.sonarsource.scanner.maven
- sonar-maven-plugin
- ${plugin.sonar.version}
-
-
- org.jacoco
- jacoco-maven-plugin
- ${plugin.jacoco.version}
-
-
- org.apache.maven.plugins
- maven-surefire-plugin
- ${plugin.surefire.version}
-
-
- org.apache.maven.plugins
- maven-compiler-plugin
- 3.8.1
-
-
- org.codehaus.mojo
- license-maven-plugin
- 2.0.0
-
-
- org.apache.maven.plugins
- maven-resources-plugin
- 3.2.0
-
- UTF-8
-
-
-
-
-
-
- org.owasp
- dependency-check-maven
- ${owasp.version}
-
- ./owasp/suppressions.xml
- 8
- false
-
-
-
- org.apache.maven.plugins
- maven-surefire-plugin
-
-
- org.springframework.boot
- spring-boot-maven-plugin
-
-
-
- repackage
- build-info
-
-
-
-
-
- org.apache.maven.plugins
- maven-checkstyle-plugin
-
- ./codestyle/checkstyle.xml
- ./target/**/*
- true
- true
- warning
- true
- false
-
-
-
- check
- validate
-
- check
-
-
-
-
-
- org.jacoco
- jacoco-maven-plugin
- ${plugin.jacoco.version}
-
-
-
- prepare-agent
-
-
-
- report
-
- report
-
-
-
-
-
- org.apache.maven.plugins
- maven-compiler-plugin
-
-
-
- org.projectlombok
- lombok
- ${lombok.version}
-
-
- org.mapstruct
- mapstruct-processor
- ${mapstruct.version}
-
-
-
-
-
- org.codehaus.mojo
- license-maven-plugin
-
- **/*.java
- ${project.organization.name} and all other contributors
- ---license-start
- ---license-end
- ---
- false
- true
- true
-
-
-
- download-licenses
- validate
-
- download-licenses
-
-
-
-
-
- org.springdoc
- springdoc-openapi-maven-plugin
- 1.3
-
- http://localhost:8080/api/docs
-
-
-
- integration-test
-
- generate
-
-
-
-
-
-
+
+
+ org.projectlombok
+ lombok
+
+
+ org.mapstruct
+ mapstruct
+ ${mapstruct.version}
+
+
+ net.javacrumbs.shedlock
+ shedlock-provider-jdbc-template
+ ${shedlock.version}
+
+
+ net.javacrumbs.shedlock
+ shedlock-spring
+ ${shedlock.version}
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+ ${bcpkix.version}
+
+
+ info.weboftrust
+ ld-signatures-java
+ 1.1.0
+
+
+ org.bitcoinj
+ bitcoinj-core
+
+
+
+
+ com.github.ben-manes.caffeine
+ caffeine
+ 3.1.8
+
+
+ org.eclipse.jgit
+ org.eclipse.jgit
+ 6.9.0.202403050737-r
+
+
+
+
+
+
+ org.owasp
+ dependency-check-maven
+ ${owasp.version}
+
+ ./owasp/suppressions.xml
+ 8
+ false
+
+
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+
+
+ org.springframework.boot
+ spring-boot-maven-plugin
+
+
+ org.apache.maven.plugins
+ maven-checkstyle-plugin
+ ${plugin.checkstyle.version}
+
+ ./codestyle/checkstyle.xml
+ ./target/**/*
+ true
+ true
+ warning
+ true
+ false
+
+
+
+ check
+ validate
+
+ check
+
+
+
+
+
+ com.puppycrawl.tools
+ checkstyle
+ 8.41.1
+
+
+
+
+ org.jacoco
+ jacoco-maven-plugin
+ ${plugin.jacoco.version}
+
+
+
+ prepare-agent
+
+
+
+ report
+
+ report
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-compiler-plugin
+
+
+
+ org.projectlombok
+ lombok
+ ${lombok.version}
+
+
+ org.mapstruct
+ mapstruct-processor
+ ${mapstruct.version}
+
+
+
+
+
+ org.codehaus.mojo
+ license-maven-plugin
+ ${plugin.license.version}
+
+ **/*.java
+ ${project.organization.name} and all other contributors
+ ---license-start
+ ---license-end
+ ---
+ false
+ true
+ true
+
+
+
+ download-licenses
+ validate
+
+ download-licenses
+
+
+
+
+
+
diff --git a/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java b/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java
index 65bcac8..ec29444 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/KeyDistributionServiceApplication.java
@@ -2,7 +2,7 @@
* ---license-start
* WorldHealthOrganization / tng-key-distribution
* ---
- * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors
* ---
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@
@SpringBootApplication
@EnableConfigurationProperties(KdsConfigProperties.class)
@EnableFeignClients
-public class KeyDistributionServiceApplication extends SpringBootServletInitializer {
+public class KeyDistributionServiceApplication {
/**
* The main Method.
diff --git a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java b/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java
index afa781f..c32a99b 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClient.java
@@ -1,15 +1,34 @@
+/*-
+ * ---license-start
+ * WorldHealthOrganization / tng-key-distribution
+ * ---
+ * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
package tng.trustnetwork.keydistribution.clients;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
-import tng.trustnetwork.keydistribution.model.DidDocument;
@FeignClient(value = "universalresolver", url = "${universal.resolver}",
configuration = UniversalResolverClientConfig.class)
public interface UniversalResolverClient {
@GetMapping(value = "/{didKey}", produces = "application/json")
- DidDocument getDidDocument(@PathVariable("didKey") String didKey);
+ String getDidDocument(@PathVariable("didKey") String didKey);
}
diff --git a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java b/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java
index 16fab5d..cb034e0 100644
--- a/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java
+++ b/src/main/java/tng/trustnetwork/keydistribution/clients/UniversalResolverClientConfig.java
@@ -1,3 +1,23 @@
+/*-
+ * ---license-start
+ * WorldHealthOrganization / tng-key-distribution
+ * ---
+ * Copyright (C) 2021 - 2024 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
package tng.trustnetwork.keydistribution.clients;
import feign.Client;
diff --git a/src/main/java/tng/trustnetwork/keydistribution/config/ErrorHandler.java b/src/main/java/tng/trustnetwork/keydistribution/config/ErrorHandler.java
deleted file mode 100644
index dbe4f21..0000000
--- a/src/main/java/tng/trustnetwork/keydistribution/config/ErrorHandler.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * ---license-start
- * WorldHealthOrganization / tng-key-distribution
- * ---
- * Copyright (C) 2021 T-Systems International GmbH and all other contributors
- * ---
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ---license-end
- */
-
-package tng.trustnetwork.keydistribution.config;
-
-import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
-import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.ControllerAdvice;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.server.ResponseStatusException;
-import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
-import tng.trustnetwork.keydistribution.exception.BadRequestException;
-import tng.trustnetwork.keydistribution.restapi.dto.ProblemReportDto;
-
-@ControllerAdvice
-@Configuration
-@RequiredArgsConstructor
-@Slf4j
-public class ErrorHandler extends ResponseEntityExceptionHandler {
-
- /**
- * Handles {@link BadRequestException} when a validation failed.
- *
- * @param e the thrown {@link BadRequestException}
- * @return A ResponseEntity with a ErrorMessage inside.
- */
- @ExceptionHandler(BadRequestException.class)
- public ResponseEntity
-
+