Merge pull request eclipse-tractusx#1 from catenax-ng/acapy-on-ec2

Documentation for test ACA-Py on ec2, Helm chart updates
catenax-ng · Jan 17, 2023 · 48254e7 · 48254e7
2 parents a296428 + 79e5da8
commit 48254e7
Show file tree

Hide file tree

Showing 17 changed files with 531 additions and 100 deletions.
diff --git a/.github/workflows/initdb.yml b/.github/workflows/initdb.yml
@@ -42,12 +42,11 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
-      # Build and push KeyCloak custom images for central and shared idp instances
-      - name: 'Build images'
+      - name: 'Build and push initdb Docker image'
         uses: docker/build-push-action@v2
         with:
           context: .
           file: docker/Dockerfile.import
           push: true
-          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
+          tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:1.0.0
           labels: ${{ steps.meta.outputs.labels }}
diff --git a/README.md b/README.md
@@ -297,14 +297,22 @@ docker run --env-file .env.docker -p 8080:8080 catena-x/managed-identity-wallets
       --from-literal=cx-auth-client-secret='<placeholder>'
 
     kubectl -n managed-identity-wallets create secret generic catenax-managed-identity-wallets-acapy-secrets \
-      --from-literal=acapy-wallet-key='<placeholder>' \
-      --from-literal=acapy-agent-wallet-seed='<placeholder>' \
-      --from-literal=acapy-jwt-secret='<placeholder>' \
-      --from-literal=acapy-db-account='postgres' \
-      --from-literal=acapy-db-password='<placeholder>' \
-      --from-literal=acapy-db-admin='postgres' \
-      --from-literal=acapy-db-admin-password='<placeholder>' \
-      --from-literal=acapy-admin-api-key='<placeholder>'
+      --from-literal=acapy-endorser-wallet-key='<placeholder>' \
+      --from-literal=acapy-endorser-agent-wallet-seed='<placeholder>' \
+      --from-literal=acapy-endorser-jwt-secret='<placeholder>' \
+      --from-literal=acapy-endorser-db-account='postgres' \
+      --from-literal=acapy-endorser-db-password='<placeholder>' \
+      --from-literal=acapy-endorser-db-admin='postgres' \
+      --from-literal=acapy-endorser-db-admin-password='<placeholder>' \
+      --from-literal=acapy-endorser-admin-api-key='<placeholder>' \
+      --from-literal=acapy-mt-wallet-key='<placeholder>' \
+      --from-literal=acapy-mt-agent-wallet-seed='<placeholder>' \
+      --from-literal=acapy-mt-jwt-secret='<placeholder>' \
+      --from-literal=acapy-mt-db-account='postgres' \
+      --from-literal=acapy-mt-db-password='<placeholder>' \
+      --from-literal=acapy-mt-db-admin='postgres' \
+      --from-literal=acapy-mt-db-admin-password='<placeholder>' \
+      --from-literal=acapy-mt-admin-api-key='<placeholder>'
 
     kubectl -n managed-identity-wallets create secret generic postgres-acapy-secret-config \
     --from-literal=password='<placeholder>' \

diff --git a/charts/chart-testing-config.yaml b/charts/chart-testing-config.yaml
@@ -1,3 +1,3 @@
 validate-maintainers: false
 chart-repos:
-  - bitnami=https://charts.bitnami.com/bitnami
+  - bitnami=https://charts.bitnami.com/bitnami
diff --git a/charts/managed-identity-wallets/Chart.yaml b/charts/managed-identity-wallets/Chart.yaml
@@ -15,8 +15,8 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.5.19
-appVersion: 2.1.0
+version: 0.6.0
+appVersion: 3.0.0
 
 dependencies:
   - name: postgresql

diff --git a/charts/managed-identity-wallets/templates/deployment.yaml b/charts/managed-identity-wallets/templates/deployment.yaml
@@ -82,17 +82,30 @@ spec:
           value: {{ .Values.datapool.authUrl }}
         - name: BPDM_PULL_DATA_AT_HOUR
           value: {{ .Values.datapool.refreshHour | quote }}
-        - name: ACAPY_API_ADMIN_URL
-          value: {{ .Values.acapy.adminUrl }}
         - name: ACAPY_NETWORK_IDENTIFIER
-          value: {{ .Values.acapy.networkIdentifier }}
+          value: {{ .Values.acapy.networkIdentifier }}  
+        - name: ACAPY_API_ADMIN_URL
+          value: {{ .Values.acapy.mt.adminUrl }}
         - name: ACAPY_ADMIN_API_KEY
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-admin-api-key
+              key: acapy-mt-admin-api-key
+        - name: ACAPY_BASE_WALLET_API_ADMIN_URL
+          value: {{ .Values.acapy.endorser.adminUrl }}
+        - name: ACAPY_BASE_WALLET_ADMIN_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-admin-api-key
         - name: CX_BPN
           value: {{ .Values.wallet.baseWalletBpn }}
+        - name: CX_SHORT_DID
+          value: {{ .Values.wallet.baseWalletShortDid }} 
+        - name: CX_VERKEY
+          value: {{ .Values.wallet.baseWalletVerkey }} 
+        - name: CX_NAME
+          value: {{ .Values.wallet.baseWalletName }} 
         - name: REVOCATION_URL
           value: {{ .Values.revocation.revocationServiceUrl }}
         - name: REVOCATION_CREATE_STATUS_LIST_CREDENTIAL_AT_HOUR
@@ -134,83 +147,183 @@ spec:
             memory: 256Mi
         ports:
         - containerPort: 8086
-      - name: catenax-acapy
+      - name: catenax-endorser-acapy
+        image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }}
+        env:
+        - name: WALLET_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-wallet-key
+        - name: AGENT_WALLET_SEED
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-agent-wallet-seed
+        - name: LEDGER_URL
+          value: {{ .Values.acapy.endorser.ledgerUrl }}
+        - name: LABEL
+          value: {{ .Values.acapy.endorser.label }}
+        - name: JWT_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-jwt-secret
+        - name: ACAPY_ADMIN_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-admin-api-key
+        - name: LOG_LEVEL
+          value: {{ .Values.acapy.endorser.logLevel }}
+        - name: ACAPY_ENDPOINT_PORT
+          value: {{ .Values.acapy.endorser.endpointPort | quote }}
+        - name: ACAPY_ENDPOINT_URL
+          value: {{ .Values.acapy.endorser.endpointUrl }}
+        - name: ACAPY_ADMIN_PORT
+          value: {{ .Values.acapy.endorser.adminPort | quote }}
+        - name: DB_HOST
+          {{- if .Values.acapypostgresql.enabled }}
+          value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }}
+          {{- else }}
+          value: {{ .Values.acapy.endorser.databaseHost }}
+          {{- end }}
+        - name: DB_ACCOUNT
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-db-account
+        - name: DB_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-db-password
+        - name: DB_ADMIN_USER
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-db-admin
+        - name: DB_ADMIN_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "managed-identity-wallets.fullname" . }}-acapy
+              key: acapy-endorser-db-admin-password
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            cpu: 250m
+            memory: 256Mi
+        ports:
+        - containerPort: 8000
+        command: ["/bin/bash"]
+        args: ["-c", "aca-py start \
+          -e $(ACAPY_ENDPOINT_URL) \
+          --auto-provision \
+          --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \
+          --outbound-transport http \
+          --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \
+          --wallet-name AcapyCatenaXEndorserWallet \
+          --wallet-type askar \
+          --wallet-key $(WALLET_KEY) \
+          --wallet-storage-type postgres_storage
+          --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}'
+          --wallet-storage-creds '{\"account\":\"$(DB_ACCOUNT)\",\"password\":\"$(DB_PASSWORD)\",\"admin_account\":\"$(DB_ADMIN_USER)\",\"admin_password\":\"$(DB_ADMIN_PASSWORD)\"}'
+          --seed $(AGENT_WALLET_SEED) \
+          --genesis-url $(LEDGER_URL)/genesis \
+          --label $(LABEL) \
+          --admin-api-key $(ACAPY_ADMIN_API_KEY) \
+          --auto-ping-connection \
+          --jwt-secret $(JWT_SECRET) \
+          --public-invites \
+          --endorser-protocol-role endorser \
+          --auto-endorse-transactions \
+          --log-level $(LOG_LEVEL)"
+        ]
+      - name: catenax-mt-acapy
         image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }}
         env:
         - name: WALLET_KEY
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-wallet-key
+              key: acapy-mt-wallet-key
         - name: AGENT_WALLET_SEED
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-agent-wallet-seed
+              key: acapy-mt-agent-wallet-seed
         - name: LEDGER_URL
-          value: {{ .Values.acapy.ledgerUrl }}
+          value: {{ .Values.acapy.mt.ledgerUrl }}
         - name: LABEL
-          value: {{ .Values.acapy.label }}
+          value: {{ .Values.acapy.mt.label }}
         - name: JWT_SECRET
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-jwt-secret
+              key: acapy-mt-jwt-secret
         - name: ACAPY_ADMIN_API_KEY
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-admin-api-key
+              key: acapy-mt-admin-api-key
         - name: LOG_LEVEL
-          value: {{ .Values.acapy.logLevel }}
+          value: {{ .Values.acapy.mt.logLevel }}
         - name: ACAPY_ENDPOINT_PORT
-          value: {{ .Values.acapy.endpointPort | quote }}
+          value: {{ .Values.acapy.mt.endpointPort | quote }}
         - name: ACAPY_ENDPOINT_URL
-          value: {{ .Values.acapy.endpointUrl }}
+          value: {{ .Values.acapy.mt.endpointUrl }}
         - name: ACAPY_ADMIN_PORT
-          value: {{ .Values.acapy.adminPort | quote }}
+          value: {{ .Values.acapy.mt.adminPort | quote }}
         - name: DB_HOST
           {{- if .Values.acapypostgresql.enabled }}
           value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }}
           {{- else }}
-          value: {{ .Values.acapy.databaseHost }}
+          value: {{ .Values.acapy.mt.databaseHost }}
           {{- end }}
         - name: DB_ACCOUNT
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-db-account
+              key: acapy-mt-db-account
         - name: DB_PASSWORD
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-db-password
+              key: acapy-mt-db-password
         - name: DB_ADMIN_USER
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-db-admin
+              key: acapy-mt-db-admin
         - name: DB_ADMIN_PASSWORD
           valueFrom:
             secretKeyRef:
               name: {{ include "managed-identity-wallets.fullname" . }}-acapy
-              key: acapy-db-admin-password
+              key: acapy-mt-db-admin-password
+        - name: ACAPY_ENDORSER_PUBLIC_DID
+          value: {{ .Values.acapy.mt.endorserPublicDid }}
+        - name: ACAPY_WEBHOOK_URL
+          value: {{ .Values.acapy.mt.webhookUrl }}  
         resources:
           requests:
             cpu: 100m
             memory: 128Mi
           limits:
             cpu: 250m
             memory: 256Mi
+        ports:
+        - containerPort: 8003   
         command: ["/bin/bash"]
         args: ["-c", "aca-py start \
           -e $(ACAPY_ENDPOINT_URL) \
           --auto-provision \
           --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \
           --outbound-transport http \
           --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \
-          --wallet-name AcapyCatenaX \
-          --wallet-type indy \
+          --wallet-name AcapyCatenaXManagedWallet \
+          --wallet-type askar \
           --wallet-key $(WALLET_KEY) \
           --wallet-storage-type postgres_storage
           --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}'
@@ -223,5 +336,13 @@ spec:
           --jwt-secret $(JWT_SECRET) \
           --multitenant \
           --multitenant-admin \
+          --public-invites \
+          --webhook-url $(ACAPY_WEBHOOK_URL) \
+          --endorser-protocol-role author \
+          --endorser-alias endorser \
+          --endorser-public-did $(ACAPY_ENDORSER_PUBLIC_DID) \
+          --auto-request-endorsement \
+          --auto-write-transactions \
+          --auto-promote-author-did \
           --log-level $(LOG_LEVEL)"
         ]
diff --git a/charts/managed-identity-wallets/templates/ingress.yaml b/charts/managed-identity-wallets/templates/ingress.yaml
@@ -15,14 +15,39 @@ metadata:
           location ~* /list-credential/ {
               deny all;
               return 403;
-            }
+          }
+
+          location ~* /webhook/topic/ {
+            deny all;
+            return 403;
+          }
 
     # If you encounter a redirect loop or are getting a 307 response code
     # then you need to force the nginx ingress to connect to the backend using HTTPS.
     #
     # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
 spec:
   rules:
+    - host: {{ .Values.certificate.host }}
+      http:
+        paths:
+          - path: /didcomm-base
+            pathType: Exact
+            backend:
+              service:
+                name: catenax-managed-identity-wallets-acapy-base
+                port:
+                  number: 8000
+    - host: {{ .Values.certificate.host }}
+      http:
+        paths:
+          - path: /didcomm-managed-wallets
+            pathType: Exact
+            backend:
+              service:
+                name: catenax-managed-identity-wallets-acapy-mt
+                port:
+                  number: 8003
     - host: {{ .Values.certificate.host }}
       http:
         paths:
@@ -37,4 +62,4 @@ spec:
     - hosts:
         - {{ .Values.certificate.host }}
       secretName: tls-secret
-{{- end}}
+{{- end}}
diff --git a/charts/managed-identity-wallets/templates/secrets.yaml b/charts/managed-identity-wallets/templates/secrets.yaml
@@ -6,14 +6,22 @@ metadata:
   namespace: {{ .Release.Namespace }}
 type: Opaque
 stringData:
-  acapy-admin-api-key: {{ .Values.acapy.secret.apikey | quote }}
-  acapy-agent-wallet-seed: {{ .Values.acapy.secret.walletseed | quote }}
-  acapy-db-account: {{ .Values.acapy.secret.dbaccount | quote }}
-  acapy-db-admin: {{ .Values.acapy.secret.dbadminuser | quote }}
-  acapy-db-admin-password: {{ .Values.acapy.secret.dbadminpassword | quote }}
-  acapy-db-password: {{ .Values.acapy.secret.dbpassword | quote }}
-  acapy-jwt-secret: {{ .Values.acapy.secret.jwtsecret | quote }}
-  acapy-wallet-key: {{ .Values.acapy.secret.walletkey | quote }}
+  acapy-endorser-admin-api-key: {{ .Values.acapy.endorser.secret.apikey | quote }}
+  acapy-endorser-agent-wallet-seed: {{ .Values.acapy.endorser.secret.walletseed | quote }}
+  acapy-endorser-db-account: {{ .Values.acapy.endorser.secret.dbaccount | quote }}
+  acapy-endorser-db-admin: {{ .Values.acapy.endorser.secret.dbadminuser | quote }}
+  acapy-endorser-db-admin-password: {{ .Values.acapy.endorser.secret.dbadminpassword | quote }}
+  acapy-endorser-db-password: {{ .Values.acapy.endorser.secret.dbpassword | quote }}
+  acapy-endorser-jwt-secret: {{ .Values.acapy.endorser.secret.jwtsecret | quote }}
+  acapy-endorser-wallet-key: {{ .Values.acapy.endorser.secret.walletkey | quote }}
+  acapy-mt-admin-api-key: {{ .Values.acapy.mt.secret.apikey | quote }}
+  acapy-mt-agent-wallet-seed: {{ .Values.acapy.mt.secret.walletseed | quote }}
+  acapy-mt-db-account: {{ .Values.acapy.mt.secret.dbaccount | quote }}
+  acapy-mt-db-admin: {{ .Values.acapy.mt.secret.dbadminuser | quote }}
+  acapy-mt-db-admin-password: {{ .Values.acapy.mt.secret.dbadminpassword | quote }}
+  acapy-mt-db-password: {{ .Values.acapy.mt.secret.dbpassword | quote }}
+  acapy-mt-jwt-secret: {{ .Values.acapy.mt.secret.jwtsecret | quote }}
+  acapy-mt-wallet-key: {{ .Values.acapy.mt.secret.walletkey | quote }}
 {{- end}}
 {{- if not .Values.isLocal }}
 ---