Merge pull request #6 from catenax-ng/release1.7.3

Quality gate changes

AUTHORS.md

@@ -0,0 +1,6 @@
+### The following people have contributed to this repository
+
+Aditya Kumar, doubleSlash Net-Business GmbH, https://github.com/adkumar1  <br />
+Dmitrii Vasiunin, doubleSlash Net-Business GmbH, https://github.com/dvasunin  <br />
+Amol Dashwant, doubleSlash Net-Business GmbH, https://github.com/amoldashwant  <br />
+Fedor Nazarov, doubleSlash Net-Business GmbH, https://github.com/Wulghash  <br />

CHANGELOG.md

@@ -6,11 +6,30 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ## [Unreleased]
 
-## [1.7.1] - 2022-12-13
+
+## [1.7.3] - 2023-02-27
+
+### Added
+ - Added AUTHORS.md, INSTALL.md file
+ - Added comments in values.yaml
+ - Created README.md inside charts/daps-server
+ - Added sources to Chart.yaml file
+
 
 ### Changed
-- Moved helm charts from `deployment/helm` to `charts`
+ - Changed content of NOTICE.md, SECURITY.md
+ - Modified .helmignore file
+ - Modified secret.yaml
+
+ ### Removed
+ - DEPENDENCIES file not required
+
 
-## [0.1.1] - 2022-09-09
 
+## [1.7.2] - 2022-09-09
+
+### Added
 Added sematic versioning, tags & helm releases
+
+### Changed
+- Moved helm charts from `deployment/helm` to `charts`

INSTALL.md

@@ -0,0 +1,30 @@
+## Installation Steps
+
+Helm charts are provided inside https://github.com/eclipse-tractusx/daps-helm-chart
+
+1.) Using helm commands:- <br />
+
+How to install application using helm:-
+    helm install ReleaseName ChartName
+
+    a.) Add helm repository in tractusx:-
+           helm repo add daps-server https://eclipse-tractusx.github.io/charts/dev
+    b.) To search the specific repo in helm repositories 
+           helm search repo tractusx-dev
+    c.) To install using helm command:-   
+           helm install daps-server tractusx-dev/daps-server
+
+
+2.) Local installation:
+
+    a.) git clone https://github.com/eclipse-tractusx/daps-helm-chart.git <br />
+    b.) Modify values file according to your requirement.  <br />
+    c.) Add the image.repository in the values file
+    c.) You need to define the secrets as well in values.yaml  <br />
+        secret:  <br />
+          clientId:  -> Client id for DAPS.   
+          clientSecret:   -> Client Secret for DAPS  <br />
+
+    d.) These secrets should be defined in Hashicorp vault. <br />
+    e.) Deploy in a kubernetes cluster  <br />
+        helm install daps-server charts/daps-server/ -n NameSpace  <br />

NOTICE.md

@@ -1,11 +1,15 @@
-# Notices
+# Notices for Eclipse Tractus-X
 
-This content is part of [CatenaX](https://catena-x.net). 
+This content is produced and maintained by the Eclipse Tractus-X project.
 
-* Project home: https://github.com/catenax-ng
+* Project home: https://projects.eclipse.org/projects/automotive.tractusx
 
 See the AUTHORS file(s) distributed with this work for additional information regarding authorship.
 
+## Trademarks
+
+Eclipse Tractus-X is a trademark of the Eclipse Foundation.
+
 ## Copyright
 
 All content is the property of the respective authors or their employers. For
@@ -22,11 +26,9 @@ SPDX-License-Identifier: Apache-2.0
 
 ## Source Code
 
-The project maintains the following source code repositories 
-in the GitHub organization https://github.com/catenax-ng:
-
-* https://github.com/catenax-ng/product-DAPS
-
+The project maintains the following source code repositories
+in the GitHub organization https://github.com/eclipse-tractusx:
+https://github.com/eclipse-tractusx/daps-helm-chart
 
 ## Third-party Content
 

README.md

@@ -7,7 +7,7 @@ Notice: Tractus-x relies on an IDS-compatible architecture. In that context, a D
 
 [https://github.com/Fraunhofer-AISEC/omejdn-server#readme ](https://github.com/Fraunhofer-AISEC/omejdn-server#readme) 
 
-DAPS is a minimal but extensible OAuth 2.0/OpenID connect server used for ...
+DAPS is a minimal but extensible OAuth 2.0/OpenID connect server used for ..
 
 IoT devices which use their private keys to request OAuth2 access tokens in order to access protected resources
 Websites or apps which retrieve user attributes
@@ -22,7 +22,13 @@ A User Selfservice API Plugin
 Standard Compliance (see below)
 IMPORTANT: DAPS is meant to be a research sandbox in which we can (re)implement standard protocols and potentially extend and modify functionality under the hood to support research projects. Use at your own risk! At a minimum, take a look at the documentation for production setups.
 
-## DAPS installed version -> v1.7.1
+
+### Software Version
+```shell
+Helm version is v1.7.3
+Application version is v1.7.1
+```
+
 
 ## Directory structure of an DAPS server
 By default, daps uses the following directory structure for configurations and keys:  <br />
@@ -149,19 +155,7 @@ You may retrieve the server configuration under
 
 # Installation Steps
 
-Helm charts are provided inside [https://github.com/catenax-ng/product-DAPS/charts/](https://github.com/catenax-ng/product-DAPS/tree/main/charts)
-
-1. Using helm commands:
-
-   1. git clone https://github.com/eclipse-tractusx/daps-helm-chart.git
-   1. Add the daps image and version in values.yaml
-   1. Deploy in a kubernetes cluster
-        ```helm install dapsName charts/daps-server/ -n namespace```
+https://github.com/eclipse-tractusx/daps-helm-chart/blob/main/INSTALL.md
 
-1. Using ArgoCD:
 
-To see how to deploy an application on 'Hotel Budapest': 
-[How to deploy](https://catenax-ng.github.io/docs/guides/how-to-deploy-an-application)
 
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

SECURITY.md

@@ -1,63 +1,6 @@
 # Security Policy
-
-
-
-
-## Reporting a bug in Catena-X
-
-
-
-
-Report security bugs in Catena-X to "[email protected]".
-
-Your report will be acknowledged within 5 days, and you’ll receive a more detailed response to your report within 10 days indicating the next steps in handling your submission.
-
-After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement, and may ask for additional information or guidance surrounding the reported issue.
-
-Please do not report security bugs through public GitHub issues.
-
-
-
-
-Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
-
-- Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
-
-- Full paths of source file(s) related to the manifestation of the issue
-
-- The location of the affected source code (tag/branch/commit or direct URL)
-
-- Any special configuration required to reproduce the issue
-
-- Step-by-step instructions to reproduce the issue
-
-- Proof-of-concept or exploit code (if possible)
-
-- Impact of the issue, including how an attacker might exploit the issue
-
-This information will help us triage your report more quickly.
-
-
-
-
-## Reporting a bug in a third party module
-
-Security bugs in third party modules should be reported to their respective maintainers.
-
-
-
-
-## Disclosure policy
-
-Here is the security disclosure policy for Catena-X.
-
-- The security report is received and is assigned a primary handler. 
-
-- This person will coordinate the fix and release process. 
-
-- Fixes are prepared for all releases which are still under maintenance. 
-
-- A suggested embargo date for this vulnerability is chosen. Typically the embargo date will be set to 72 hours. However, this may vary depending on the severity of the bug or difficulty in applying a fix.
-
-This process can take some time, especially when coordination is required with maintainers of other projects. 
-Every effort will be made to handle the bug in as timely a manner as possible; however, it’s important that we follow the release process above to ensure that the disclosure is handled in a consistent manner.
+
+## Reporting a Vulnerability
+
+Please report a found vulnerability here:
+[https://www.eclipse.org/security/](https://www.eclipse.org/security/)

charts/.helmignore

@@ -0,0 +1,9 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+values?*.yaml
+values?*.yml

charts/daps-server/Chart.yaml

@@ -12,10 +12,13 @@ description: DAPS server helm-chart
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
+sources:
+  -  https://github.com/eclipse-tractusx/daps-helm-chart
+
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.7.2
+version: 1.7.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/daps-server/README.md

@@ -1,50 +1,56 @@
 # daps-server
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.0.0](https://img.shields.io/badge/AppVersion-1.0.0-informational?style=flat-square)
+![Version: 1.7.3](https://img.shields.io/badge/Version-1.7.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.1](https://img.shields.io/badge/AppVersion-1.7.1-informational?style=flat-square)
 
 DAPS server helm-chart
 
+## Source Code
+
+* <https://github.com/eclipse-tractusx/daps-helm-chart>
+
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Pod affinity configuration |
-| autoscaling | object | `{"enabled":false, "maxReplicas":100, "minReplicas":1, "targetCPUUtilizationPercentage":80}` | DAPS autoscaling configuration |
+| autoscaling | object | `{"enabled":false,"maxReplicas":5,"minReplicas":1,"targetMemoryUtilizationPercentage":60}` | DAPS autoscaling configuration |
+| daps.secret.clientId | string | `""` |  |
+| daps.secret.clientSecret | string | `""` |  |
 | env.config | object | `{}` | Additional env variables |
 | env.secret | object | `{}` | Additional env variables that should be stored in encrypted way |
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` | Image pull policy |
-| image.repository | string | `"nginx"` | DAPS docker image |
+| image.repository | string | `nil` | DAPS docker image |
 | image.tag | string | `""` | Image tag. Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | Secret which contains dockerconfig.json from private container registry with daps image |
 | ingress.annotations | object | `{}` | Additional ingress annotations |
 | ingress.enabled | bool | `false` | If set to `true`, DAPS will be exposed with ingress controller at http(s)://(ingress.host)/(ingress.pathPrefix) |
-| ingress.host | string | `"chart-example.local"` |  |
+| ingress.host | string | `"daps-beta.int.demo.catena-x.net"` | Ingress host name |
 | ingress.pathPrefix | string | `"/"` | Path prefix to be added to DAPS URI. Regex can be used |
 | ingress.rootPath | string | `"/"` | Root prefix without regex rules that used to configure daps host name in configuration |
 | ingress.tls.certMgr.enabled | bool | `false` | If `true` cert-manager will be used to issue a certificate with ingress.host CN name |
-| ingress.tls.certMgr.issuer | string | `""` | Cert-manager issuer name |
+| ingress.tls.certMgr.issuer | string | `"letsencrypt-prod"` | Cert-manager issuer name |
 | ingress.tls.enabled | bool | `false` | If `true` daps will be exposed with https |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` | Node selection configuration |
-| omejdn.createDefaultAdmin | bool | `false` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section |
+| omejdn.createDefaultAdmin | bool | `true` | Default user and client will be created if set to `true`. User credentials set in `omejdn.defaultAdminUser` section |
 | omejdn.defaultAdminUser | string | `"admin:admin"` | Default user credentials in format `user:password` |
 | omejdn.serverKey | string | `""` | Server key content. DAPS will generate key if it's not provided at startup |
-| omejdn.serverKeyFolderPath | string | `"/opt/server-key"` | Path to directory with private server key |
+| omejdn.serverKeyFolderPath | string | `"/opt"` | Path to directory with private server key |
 | persistence.enabled | bool | `true` | If `true` persistent volume will be used to store clients and users configuration |
 | persistence.storageClass | string | `"azurefile"` | Storage class to claim a volume. |
 | persistence.storageSize | string | `"1Gi"` | Volume size |
 | podAnnotations | object | `{}` |  |
 | podSecurityContext | object | `{}` | Pod security context configuration |
 | replicaCount | int | `1` | DAPS instances count |
-| resources | object | `{}` | Pod resources requests and limits configuration |
-| securityContext | object | `{}` | Pod security context configuration |
+| resources | object | `{"limits":{"cpu":"200m","memory":"300Mi"},"requests":{"cpu":"200m","memory":"300Mi"}}` | Pod resources requests and limits configuration |
+| securityContext | string | `nil` | Pod security context configuration |
 | service.port | int | `4567` | Service port |
 | service.type | string | `"ClusterIP"` | Service type |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
-| serviceAccount.name | string | `""` | The name of the service account to use. -- If not set and create is true, a name is generated using the fullname template |
+| serviceAccount.name | string | `""` | If not set and create is true, a name is generated using the fullname template |
 | tolerations | list | `[]` | Pod toleration settings |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)

charts/daps-server/templates/_helpers.tpl

@@ -50,6 +50,13 @@ app.kubernetes.io/name: {{ include "daps-server.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
+{{/*
+Create name of application secret
+*/}}
+{{- define "daps-server.applicationSecret.name" -}}
+{{- printf "%s-application" (include "daps-server.fullname" .) }}
+{{- end }}
+
 {{/*
 Create the name of the service account to use
 */}}

charts/daps-server/templates/persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.ingress.enabled -}}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -9,3 +10,5 @@ spec:
   resources:
     requests:
       storage: {{ .Values.persistence.storageSize }}
+
+{{- end }}

charts/daps-server/templates/secret.yml

@@ -1,19 +1,8 @@
 apiVersion: v1
 kind: Secret
 metadata:
-  name: avp-daps-secret
+  name: {{ include "daps-server.applicationSecret.name" . }}
 type: Opaque
 stringData:
-  ClientID: {{ .Values.daps.secret.clientId }}
-  ClientSecret: {{ .Values.daps.secret.clientSecret }}
-#apiVersion: v1
-#kind: Secret
-#metadata:
-#  name: avp-daps-secret
-#  annotations:
-#    avp.kubernetes.io/path: "essential-services/data/daps-beta"
-#type: Opaque
-#stringData:
-#  ClientID: <clientId>
-#  ClientSecret: <clientSecret>
-
+  ClientID: {{ .Values.daps.secret.clientId | default (randAlphaNum 16) }}
+  ClientSecret: {{ .Values.daps.secret.clientSecret | default (randAlphaNum 16) }}

charts/daps-server/values-bt.yaml → charts/daps-server/values-dev.yaml

@@ -6,7 +6,7 @@ ingress:
   #  kubernetes.io/ingress.class: nginx
   #  kubernetes.io/tls-acme: "true"
   # -- Ingress host name
-  host: daps-n.int.demo.catena-x.net
+  host: daps.dev.demo.catena-x.net
   # -- Path prefix to be added to DAPS URI. Regex can be used
   pathPrefix: "/"
   # -- Root prefix without regex rules that used to configure daps host name in configuration
@@ -23,5 +23,5 @@ ingress:
 
 daps:
   secret:
-    clientId: "<path:essential-services/data/daps#clientId>"
-    clientSecret: "<path:essential-services/data/daps#clientSecret>"
+    clientId: "<path:essential-services/data/daps-dev#clientId>"
+    clientSecret: "<path:essential-services/data/daps-dev#clientSecret>"