Skip to content

Commit

Permalink
Merge pull request #162 from eclipse-tractusx/release/3.0.1
Browse files Browse the repository at this point in the history
build(3.0.1): bump version and update docs
  • Loading branch information
evegufy authored Jul 30, 2024
2 parents ddcdbdd + 5bf6525 commit 88c74cf
Show file tree
Hide file tree
Showing 9 changed files with 89 additions and 40 deletions.
38 changes: 31 additions & 7 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,37 @@

New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances.

## 3.0.1

### Change

* realm configuration (centralidp) - changes to CX-Central realm:
* added service account for BPDM communication #[#146](https://github.com/eclipse-tractusx/portal-iam/pull/146)
* added documentation for seeded clients and service accounts [#158](https://github.com/eclipse-tractusx/portal-iam/pull/158)
* changed in roles and rights concept to markdown tables [#160](https://github.com/eclipse-tractusx/portal-iam/pull/160)
* changed licensing and legal docs [#144](https://github.com/eclipse-tractusx/portal-iam/pull/144)

### Bugfix

* realm configuration (centralidp) - fixes to CX-Central realm:
* renamed default role [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157), please see [upgrade note](/charts/centralidp/README.md#to-301) before using seeding job for upgrading the CX-Central configuration
* assigned the role `request_ssicredential` from the `Cl24-CX-SSI-CredentialIssuer` client to the composites roles `CX Admin`, `Company Admin`, `IT Admin` and `Business Admin` from the `Cl2-CX-Portal` client [#136](https://github.com/eclipse-tractusx/portal-iam/pull/136)
* assigned the role `decision_ssicredential` from the `Cl24-CX-SSI-CredentialIssuer` client to the composite role `CX Admin` from the `Cl2-CX-Portal` client [#143](https://github.com/eclipse-tractusx/portal-iam/pull/143)
* assigned the role `technical_roles_management` from the `Cl2-CX-Portal` client to the service account `sa-cl2-05` [#151](https://github.com/eclipse-tractusx/portal-iam/pull/151)

### Technical Support

* grouped version update pull request for dependabot [#133](https://github.com/eclipse-tractusx/portal-iam/pull/133)
* upgraded GitHub actions and alpine version in dockerfiles [#153](https://github.com/eclipse-tractusx/portal-iam/pull/153), [#126](https://github.com/eclipse-tractusx/portal-iam/pull/126)

### Known Knowns

The following issues were discovered:

* 403 error when accessing the Partner Network in the Portal Frontend [#132](https://github.com/eclipse-tractusx/portal-iam/pull/132)
* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan)
* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name

## 3.0.0

### Change
Expand Down Expand Up @@ -321,13 +352,6 @@ sharedidp:
* changed portal-cd references to portal due to repository renaming
* updated documentation

### Known Knowns

The following issues were recently discovered:

* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan)
* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name

## 2.0.0

### Change
Expand Down
2 changes: 1 addition & 1 deletion charts/centralidp/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
apiVersion: v2
name: centralidp
type: application
version: 3.0.0
version: 3.0.1
appVersion: 23.0.7
description: Helm chart for Central Keycloak Instance
home: https://github.com/eclipse-tractusx/portal-iam
Expand Down
29 changes: 23 additions & 6 deletions charts/centralidp/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Helm chart for Central Keycloak Instance

![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)

This helm chart installs the Helm chart for Central Keycloak Instance.

Expand Down Expand Up @@ -29,7 +29,7 @@ To use the helm chart as a dependency:
dependencies:
- name: centralidp
repository: https://eclipse-tractusx.github.io/charts/dev
version: 3.0.0
version: 3.0.1
```
## Requirements
Expand Down Expand Up @@ -59,7 +59,7 @@ dependencies:
| keycloak.extraVolumeMounts[1].name | string | `"realms"` | |
| keycloak.extraVolumeMounts[1].mountPath | string | `"/realms"` | |
| keycloak.initContainers[0].name | string | `"import"` | |
| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` | |
| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` | |
| keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | |
| keycloak.initContainers[0].command[0] | string | `"sh"` | |
| keycloak.initContainers[0].args[0] | string | `"-c"` | |
Expand Down Expand Up @@ -106,7 +106,7 @@ dependencies:
| secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'kccentral'. Secret-key 'password'. |
| secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
| seeding.enabled | bool | `false` | Seeding job to upgrade CX_Central realm: enable to upgrade the configuration of the CX-Central realm from previous version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job |
| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v3.0.0-iam"` | |
| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v3.0.1-iam"` | |
| seeding.imagePullPolicy | string | `"IfNotPresent"` | |
| seeding.portContainer | int | `8080` | |
| seeding.authRealm | string | `"master"` | |
Expand All @@ -121,7 +121,7 @@ dependencies:
| seeding.extraVolumeMounts[0].name | string | `"realms"` | |
| seeding.extraVolumeMounts[0].mountPath | string | `"app/realms"` | |
| seeding.initContainers[0].name | string | `"init-cx-central"` | |
| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` | |
| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` | |
| seeding.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | |
| seeding.initContainers[0].command[0] | string | `"sh"` | |
| seeding.initContainers[0].args[0] | string | `"-c"` | |
Expand All @@ -146,7 +146,24 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi

## Upgrade

Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm.
Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configuration of the CX-Central realm.

### To 3.0.1

The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157).
If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand.

By executing the following sql query:

```sql
UPDATE public.keycloak_role
SET name = 'default-roles-cx-central'
WHERE name = 'default-roles-catena-x realm';
```

And restarting the Keycloak services afterwards once.

Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information.

### To 3.0.0

Expand Down
36 changes: 18 additions & 18 deletions charts/centralidp/README.md.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,24 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi

## Upgrade

Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm.
Please see notes at [Values.seeding](values.yaml#L153) for upgrading the configuration of the CX-Central realm.

### To 3.0.1

The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157).
If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand.

By executing the following sql query:

```sql
UPDATE public.keycloak_role
SET name = 'default-roles-cx-central'
WHERE name = 'default-roles-catena-x realm';
```

And restarting the Keycloak services afterwards once.

Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information.

### To 3.0.0

Expand Down Expand Up @@ -113,23 +130,6 @@ Or on the primary pod of the new/green PostgreSQL instance:

Where '10-123-45-67' is the cluster IP of the old/blue PostgreSQL instance.

### From 3.0.0 to 3.0.1

The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157).
If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand.

By executing the following sql query:

```sql
UPDATE public.keycloak_role
SET name = 'default-roles-cx-central'
WHERE name = 'default-roles-catena-x realm';
```

And restarting the Keycloak service afterwards once.

Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information.

## Post-Upgrade Configuration

### Upgrading from version 1.0.0 or 1.0.1 to 1.1.0
Expand Down
6 changes: 3 additions & 3 deletions charts/centralidp/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ keycloak:
mountPath: "/realms"
initContainers:
- name: import
image: docker.io/tractusx/portal-iam:v3.0.0
image: docker.io/tractusx/portal-iam:v3.0.1
imagePullPolicy: IfNotPresent
command:
- sh
Expand Down Expand Up @@ -156,7 +156,7 @@ seeding:
# Please also refer to the 'Post-Upgrade Configuration' section in the README.md
# for configuration possibly not covered by the seeding job
enabled: false
image: "docker.io/tractusx/portal-iam-seeding:v3.0.0-iam"
image: "docker.io/tractusx/portal-iam-seeding:v3.0.1-iam"
imagePullPolicy: "IfNotPresent"
portContainer: 8080
authRealm: "master"
Expand All @@ -183,7 +183,7 @@ seeding:
mountPath: "app/realms"
initContainers:
- name: init-cx-central
image: docker.io/tractusx/portal-iam:v3.0.0
image: docker.io/tractusx/portal-iam:v3.0.1
imagePullPolicy: IfNotPresent
command:
- sh
Expand Down
2 changes: 1 addition & 1 deletion charts/sharedidp/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
apiVersion: v2
name: sharedidp
type: application
version: 3.0.0
version: 3.0.1
appVersion: 23.0.7
description: Helm chart for Shared Keycloak Instance
home: https://github.com/eclipse-tractusx/portal-iam
Expand Down
10 changes: 7 additions & 3 deletions charts/sharedidp/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Helm chart for Shared Keycloak Instance

![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)

This helm chart installs the Helm chart for Shared Keycloak Instance.

Expand Down Expand Up @@ -29,7 +29,7 @@ To use the helm chart as a dependency:
dependencies:
- name: sharedidp
repository: https://eclipse-tractusx.github.io/charts/dev
version: 3.0.0
version: 3.0.1
```
## Requirements
Expand Down Expand Up @@ -63,7 +63,7 @@ dependencies:
| keycloak.extraVolumeMounts[2].name | string | `"realms"` | |
| keycloak.extraVolumeMounts[2].mountPath | string | `"/realms"` | |
| keycloak.initContainers[0].name | string | `"import"` | |
| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` | |
| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` | |
| keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | |
| keycloak.initContainers[0].command[0] | string | `"sh"` | |
| keycloak.initContainers[0].args[0] | string | `"-c"` | |
Expand Down Expand Up @@ -138,6 +138,10 @@ Generate client-secrets for the service account with access type 'confidential'.

## Upgrade

### To 3.0.1

No major issues are expected during the upgrade.

### To 3.0.0

This major changes from the Keycloak version from 22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15.
Expand Down
4 changes: 4 additions & 0 deletions charts/sharedidp/README.md.gotmpl
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@ Generate client-secrets for the service account with access type 'confidential'.

## Upgrade

### To 3.0.1

No major issues are expected during the upgrade.

### To 3.0.0

This major changes from the Keycloak version from 22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15.
Expand Down
2 changes: 1 addition & 1 deletion charts/sharedidp/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ keycloak:
mountPath: "/realms"
initContainers:
- name: import
image: docker.io/tractusx/portal-iam:v3.0.0
image: docker.io/tractusx/portal-iam:v3.0.1
imagePullPolicy: IfNotPresent
command:
- sh
Expand Down

0 comments on commit 88c74cf

Please sign in to comment.