Skip to content

Commit

Permalink
Merge pull request #737 from catenax-ng/feature/378-separate-credenti…
Browse files Browse the repository at this point in the history
…als-config

feat(impl):[#378] separate credentials config
  • Loading branch information
ds-ext-kmassalski authored Jan 25, 2024
2 parents 64be6ee + d3464a5 commit 6998ee8
Show file tree
Hide file tree
Showing 13 changed files with 134 additions and 99 deletions.
5 changes: 5 additions & 0 deletions charts/irs-helm/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [Unreleased]
### Added
- Added configuration parameters `oauth2.semantics.clientId`,`oauth2.semantics.clientSecret`, `oauth2.discovery.clientId`,`oauth2.discovery.clientSecret`, `oauth2.bpdm.clientId`,`oauth2.bpdm.clientSecret`

### Removed
- Removed configuration parameters `oauth2.clientId`,`oauth2.clientSecret`, `portal.oauth2.clientId`,`portal.oauth2.clientSecret`

## [6.13.0] - 2024-01-15
- Update IRS version to 4.4.0
Expand Down
23 changes: 14 additions & 9 deletions charts/irs-helm/templates/configmap-spring-app-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -56,16 +56,21 @@ data:
oauth2:
client:
registration:
common:
client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV
client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV
portal:
client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV
client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV
semantics:
client-id: "${SEMANTICS_OAUTH2_CLIENT_ID}" # taken from secret ENV
client-secret: "${SEMANTICS_OAUTH2_CLIENT_SECRET}" # taken from secret ENV
discovery:
client-id: ${DISCOVERY_OAUTH2_CLIENT_ID} # taken from secret ENV
client-secret: ${DISCOVERY_OAUTH2_CLIENT_SECRET} # taken from secret ENV
bpdm:
client-id: ${BPDM_OAUTH2_CLIENT_ID} # taken from secret ENV
client-secret: ${BPDM_OAUTH2_CLIENT_SECRET} # taken from secret ENV
provider:
common:
semantics:
token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }}
portal:
discovery:
token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }}
bpdm:
token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }}
digitalTwinRegistry:
Expand Down Expand Up @@ -129,7 +134,7 @@ data:
irs:
url: {{ tpl (.Values.irsUrl | default "") . | quote }}
discovery:
oAuthClientId: {{ .Values.discovery.oAuthClientId | default "portal" }}
oAuthClientId: {{ .Values.discovery.oAuthClientId | default "discovery" }}
{{- if .Values.ess.mockEdcResult }}
mockEdcResult:
{{- tpl (toYaml .Values.ess.mockEdcResult) . | nindent 10 }}
Expand Down
26 changes: 18 additions & 8 deletions charts/irs-helm/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -81,26 +81,36 @@ spec:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: minioPassword
- name: OAUTH2_CLIENT_ID
- name: SEMANTICS_OAUTH2_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: clientId
- name: OAUTH2_CLIENT_SECRET
key: semanticsId
- name: SEMANTICS_OAUTH2_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: clientSecret
- name: PORTAL_OAUTH2_CLIENT_ID
key: semanticsSecret
- name: DISCOVERY_OAUTH2_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: portalClientId
- name: PORTAL_OAUTH2_CLIENT_SECRET
key: discoveryClientId
- name: DISCOVERY_OAUTH2_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: portalClientSecret
key: discoveryClientSecret
- name: BPDM_OAUTH2_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: bpdmClientId
- name: BPDM_OAUTH2_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "irs.secretName" . }}
key: bpdmClientSecret
- name: EDC_API_KEY_SECRET
valueFrom:
secretKeyRef:
Expand Down
10 changes: 6 additions & 4 deletions charts/irs-helm/templates/secrets.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,12 @@ type: Opaque
data:
minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }}
minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }}
clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }}
clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }}
portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }}
portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }}
semanticsId: {{ .Values.oauth2.semantics.clientId | default "semanticsId" | b64enc | quote }}
semanticsSecret: {{ .Values.oauth2.semantics.clientSecret | default "semanticsSecret" | b64enc | quote }}
discoveryClientId: {{ .Values.oauth2.discovery.clientId | default "discoveryClientId" | b64enc | quote }}
discoveryClientSecret: {{ .Values.oauth2.discovery.clientSecret | default "discoveryClientSecret" | b64enc | quote }}
bpdmClientId: {{ .Values.oauth2.bpdm.clientId | default "bpdmClientId" | b64enc | quote }}
bpdmClientSecret: {{ .Values.oauth2.bpdm.clientSecret | default "bpdmClientSecret" | b64enc | quote }}
edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }}
{{- if .Values.grafana.enabled }}
grafanaUser: {{ .Values.grafana.user | default "grafana" | b64enc | quote }}
Expand Down
17 changes: 10 additions & 7 deletions charts/irs-helm/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -152,13 +152,16 @@ minioUser: "minio" # <minio-username>
minioPassword: # <minio-password>
minioUrl: "http://{{ .Release.Name }}-minio:9000"
oauth2:
clientId: # <oauth2-client-id>
clientSecret: # <oauth2-client-secret>
clientTokenUri: # <oauth2-token-uri>
portal:
oauth2:
clientId: # <portal-client-id>
clientSecret: # <portal-client-secret>
semantics:
clientId: # <semantics-client-id>
clientSecret: # <semantics-client-secret>
discovery:
clientId: # <discovery-client-id>
clientSecret: # <discovery-client-secret>
bpdm:
clientId: # <bpdm-client-id>
clientSecret: # <bpdm-client-secret>
edc:
controlplane:
endpoint:
Expand Down Expand Up @@ -207,7 +210,7 @@ edc:
cacheTTL: PT24H # Time to live for ConnectorEndpointService for fetchConnectorEndpoints method cache

discovery:
oAuthClientId: portal # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client
oAuthClientId: discovery # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client

ess:
edc:
Expand Down
46 changes: 22 additions & 24 deletions docs/src/api/irs-api.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ info:
servers:
- url: http://localhost:8080
security:
- oAuth2: []
- api_key: []
paths:
/ess/bpn/investigations:
post:
Expand Down Expand Up @@ -58,7 +58,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Registers an IRS job to start an investigation if a given bpn is contained
in a part chain of a given globalAssetId.
tags:
Expand Down Expand Up @@ -123,7 +123,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Job with the requested jobId not found.
security:
- oAuth2: []
- api_key: []
summary: Return job with additional supplyChainImpacted information.
tags:
- Environmental and Social Standards
Expand Down Expand Up @@ -202,7 +202,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: "Registers an order for an ESS investigation with an array of {globalAssetIds}.
Each globalAssetId will be processed in an separate job, grouped in batches."
tags:
Expand Down Expand Up @@ -292,7 +292,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Returns paginated jobs with state and execution times.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -343,7 +343,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: "Register an IRS job to retrieve an item graph for given {globalAssetId}."
tags:
- Item Relationship Service
Expand Down Expand Up @@ -427,7 +427,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Job with the requested jobId not found.
security:
- oAuth2: []
- api_key: []
summary: Return job with optional item graph result for requested id.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -492,7 +492,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Job for requested jobId not found.
security:
- oAuth2: []
- api_key: []
summary: Cancel job for requested jobId.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -529,7 +529,7 @@ paths:
$ref: "#/components/schemas/ErrorResponse"
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Get all available aspect models from semantic hub or local models.
tags:
- Aspect Models
Expand Down Expand Up @@ -582,7 +582,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: "Registers an IRS order with an array of {globalAssetIds}.\
\ Each globalAssetId will be processed in an IRS Job, grouped in batches."
tags:
Expand Down Expand Up @@ -649,7 +649,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Batch Order with the requested orderId not found.
security:
- oAuth2: []
- api_key: []
summary: Get a batch order for a given orderId.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -714,7 +714,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Batch Order with the requested orderId not found.
security:
- oAuth2: []
- api_key: []
summary: Cancel a batch order for a given orderId.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -790,7 +790,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Batch with the requested orderId and batchId not found.
security:
- oAuth2: []
- api_key: []
summary: Get a batch with a given batchId for a given orderId.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -826,7 +826,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Lists the registered policies that should be accepted in EDC negotiation.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -870,7 +870,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Register a policy that should be accepted in EDC negotiation.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -915,7 +915,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Removes a policy that should no longer be accepted in EDC negotiation.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -965,7 +965,7 @@ paths:
$ref: '#/components/schemas/ErrorResponse'
description: Authorization refused by server.
security:
- oAuth2: []
- api_key: []
summary: Updates an existing policy with new validUntil value.
tags:
- Item Relationship Service
Expand Down Expand Up @@ -2639,10 +2639,8 @@ components:
required:
- validUntil
securitySchemes:
oAuth2:
flows:
clientCredentials:
scopes:
{}
tokenUrl: https://localhost
type: oauth2
api_key:
description: Api Key access
in: header
name: X-API-KEY
type: apiKey
20 changes: 16 additions & 4 deletions docs/src/docs/administration/configuration.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -156,11 +156,23 @@ This is a list of all secrets used in the deployment.
WARNING: Keep the values for these settings safe and do not publish them!
=== <common-client-id>
Client ID for OAuth2 provider. Request this from your OAuth2 operator.
=== <semantics-client-id>
Semantic Hub client ID for OAuth2 provider. Request this from your OAuth2 operator.
=== <common-client-secret>
Client secret for OAuth2 provider. Request this from your OAuth2 operator.
=== <semantics-client-secret>
Semantic Hub client secret for OAuth2 provider. Request this from your OAuth2 operator.
=== <discovery-client-id>
Dataspace Discovery client ID for OAuth2 provider. Request this from your OAuth2 operator.
=== <discovery-client-secret>
Dataspace Discovery client secret for OAuth2 provider. Request this from your OAuth2 operator.
=== <bpdm-client-id>
BPDM client ID for OAuth2 provider. Request this from your OAuth2 operator.
=== <bpdm-client-secret>
BPDM client secret for OAuth2 provider. Request this from your OAuth2 operator.
=== <minio-username>
Login username for Minio. To be defined by you.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,12 @@
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.info.Info;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.Scopes;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import io.swagger.v3.oas.models.servers.Server;
import lombok.RequiredArgsConstructor;
import org.eclipse.tractusx.irs.IrsApplication;
import org.springdoc.core.customizers.OpenApiCustomizer;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

Expand All @@ -59,7 +55,7 @@ public class OpenApiConfiguration {
@Bean
public OpenAPI customOpenAPI() {
return new OpenAPI().addServersItem(new Server().url(irsConfiguration.getApiUrl().toString()))
.addSecurityItem(new SecurityRequirement().addList("oAuth2"))
.addSecurityItem(new SecurityRequirement().addList("api_key"))
.info(new Info().title("IRS API")
.version(IrsApplication.API_VERSION)
.description(
Expand All @@ -69,20 +65,19 @@ public OpenAPI customOpenAPI() {
/**
* Generates example values in Swagger
*
* @param tokenUri the OAuth2 token uri loaded from application.yaml
* @return the customizer
*/
@Bean
public OpenApiCustomizer customizer(
@Value("${spring.security.oauth2.client.provider.common.token-uri}") final String tokenUri) {
public OpenApiCustomizer customizer() {
return openApi -> {
final Components components = openApi.getComponents();
components.addSecuritySchemes("oAuth2", new SecurityScheme().type(SecurityScheme.Type.OAUTH2)
.flows(new OAuthFlows().clientCredentials(
new OAuthFlow().scopes(
new Scopes())
.tokenUrl(tokenUri))));
components.addSecuritySchemes("api_key", new SecurityScheme().type(SecurityScheme.Type.APIKEY)
.description("Api Key access")
.in(SecurityScheme.In.HEADER)
.name("X-API-KEY")
);
openApi.getComponents().getSchemas().values().forEach(s -> s.setAdditionalProperties(false));

new OpenApiExamples().createExamples(components);
};
}
Expand Down
Loading

0 comments on commit 6998ee8

Please sign in to comment.