eclipse-tractusx · evegufy · Nov 29, 2024 · Nov 28, 2024 · Nov 29, 2024 · Nov 29, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances.
 
+## [4.0.0-rc.3](https://github.com/eclipse-tractusx/portal-iam/compare/v4.0.0-rc.2...v4.0.0-rc.3) (2024-11-29)
+
+
+### Features
+
+* **realm-seeding-job:** configure selective seeding ([#234](https://github.com/eclipse-tractusx/portal-iam/issues/234)) ([9326090](https://github.com/eclipse-tractusx/portal-iam/commit/93260903db31f5faee0fe63eb035111ba607bdb1))
+
 ## [4.0.0-rc.2](https://github.com/eclipse-tractusx/portal-iam/compare/v4.0.0-rc.1...v4.0.0-rc.2) (2024-11-20)
 
 

diff --git a/charts/centralidp/README.md b/charts/centralidp/README.md
@@ -53,7 +53,7 @@ dependencies:
 | keycloak.extraVolumeMounts[0].name | string | `"themes"` |  |
 | keycloak.extraVolumeMounts[0].mountPath | string | `"/opt/bitnami/keycloak/themes/catenax-central"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-rc.2"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-rc.3"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -91,7 +91,7 @@ dependencies:
 | keycloak.externalDatabase.existingSecretUserKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` |  |
-| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"850M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"850M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details. Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
+| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.3","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.3","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"850M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"850M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details. Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
 | realmSeeding.clients | object | `{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}}` | Set redirect addresses and - in the case of confidential clients - clients secrets for clients which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. |
 | realmSeeding.clients.existingSecret | string | `""` | Option to provide an existingSecret for the clients with clientId as key and clientSecret as value. |
 | realmSeeding.serviceAccounts | object | `{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""}` | Client secrets for service accounts which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. |

diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml
@@ -39,7 +39,7 @@ keycloak:
       mountPath: /opt/bitnami/keycloak/themes/catenax-central
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v4.0.0-rc.2
+      image: docker.io/tractusx/portal-iam:v4.0.0-rc.3
       imagePullPolicy: IfNotPresent
       command:
         - sh
@@ -227,11 +227,11 @@ realmSeeding:
     # -- Option to provide an existingSecret for additional service accounts with clientId as key and clientSecret as value.
     existingSecret: ""
   image:
-    name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2
+    name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.3
     pullPolicy: IfNotPresent
   initContainer:
     image:
-      name: docker.io/tractusx/portal-iam:v4.0.0-rc.2
+      name: docker.io/tractusx/portal-iam:v4.0.0-rc.3
       pullPolicy: IfNotPresent
   portContainer: 8080
   keycloakServicePort: 80

diff --git a/charts/sharedidp/README.md b/charts/sharedidp/README.md
@@ -57,7 +57,7 @@ dependencies:
 | keycloak.extraVolumeMounts[1].name | string | `"themes-catenax-shared-portal"` |  |
 | keycloak.extraVolumeMounts[1].mountPath | string | `"/opt/bitnami/keycloak/themes/catenax-shared-portal"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-rc.2"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-rc.3"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -97,7 +97,7 @@ dependencies:
 | keycloak.externalDatabase.existingSecretUserKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` |  |
 | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` |  |
-| realmSeeding | object | `{"enabled":true,"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"realms":{"cxOperator":{"centralidp":"https://centralidp.example.org","existingSecret":"","initialUser":{"eMail":"[email protected]","firstName":"Operator","lastName":"CX Admin","password":"","username":"[email protected]"},"mailing":{"from":"[email protected]","host":"smtp.example.org","password":"","port":"123","replyTo":"[email protected]","username":"smtp-user"},"sslRequired":"external"},"master":{"existingSecret":"","serviceAccounts":{"provisioning":{"clientSecret":""},"saCxOperator":{"clientSecret":""}}}},"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}}}` | Seeding job to create and update the CX-Operator and master realms: besides creating those realm, the job can be used to update the configuration of the realms when upgrading to a new version; Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details. Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
+| realmSeeding | object | `{"enabled":true,"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.3","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.3","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"realms":{"cxOperator":{"centralidp":"https://centralidp.example.org","existingSecret":"","initialUser":{"eMail":"[email protected]","firstName":"Operator","lastName":"CX Admin","password":"","username":"[email protected]"},"mailing":{"from":"[email protected]","host":"smtp.example.org","password":"","port":"123","replyTo":"[email protected]","username":"smtp-user"},"sslRequired":"external"},"master":{"existingSecret":"","serviceAccounts":{"provisioning":{"clientSecret":""},"saCxOperator":{"clientSecret":""}}}},"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}}}` | Seeding job to create and update the CX-Operator and master realms: besides creating those realm, the job can be used to update the configuration of the realms when upgrading to a new version; Please refer to /docs/admin/technical-documentation/14. Realm Seeding.md for more details. Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. |
 | realmSeeding.realms.cxOperator.centralidp | string | `"https://centralidp.example.org"` | Set centralidp address for the connection to the CX-Central realm. |
 | realmSeeding.realms.cxOperator.initialUser | object | `{"eMail":"[email protected]","firstName":"Operator","lastName":"CX Admin","password":"","username":"[email protected]"}` | Configure initial user in CX-Operator realm. |
 | realmSeeding.realms.cxOperator.initialUser.username | string | `"[email protected]"` | SET username for all non-testing and non-local purposes. |

diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml
@@ -43,7 +43,7 @@ keycloak:
       mountPath: /opt/bitnami/keycloak/themes/catenax-shared-portal
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v4.0.0-rc.2
+      image: docker.io/tractusx/portal-iam:v4.0.0-rc.3
       imagePullPolicy: IfNotPresent
       command:
         - sh
@@ -182,11 +182,11 @@ realmSeeding:
       # -- Option to provide an existingSecret for clients secrets with clientId as key and clientSecret as value.
       existingSecret: ""
   image:
-    name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.2
+    name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.3
     pullPolicy: IfNotPresent
   initContainer:
     image:
-      name: docker.io/tractusx/portal-iam:v4.0.0-rc.2
+      name: docker.io/tractusx/portal-iam:v4.0.0-rc.3
       pullPolicy: IfNotPresent
   portContainer: 8080
   keycloakServicePort: 80

diff --git a/docs/admin/known-knowns/Known-Knowns.md b/docs/admin/known-knowns/Known-Knowns.md
@@ -1,7 +1,13 @@
 # Known Issues and Limitations
 
+Open issues:
+
+- realm seeding takes quite long to complete depending on the size of the realm [#238](https://github.com/eclipse-tractusx/portal-iam/issues/238)
+- custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name
+
+The following issue was resolved with the upgrade to version 25:
+
 - Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](/docs/consultation/workshops/workshop-20231005.md#user-token-lifespan)
-- Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name
 
 ## NOTICE
 

diff --git a/environments/argocd-app-templates/centralidp/appsetup-int.yaml b/environments/argocd-app-templates/centralidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v4.0.0-rc.2
+    targetRevision: v4.0.0-rc.3
     plugin:
       env:
         - name: AVP_SECRET

diff --git a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/centralidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v4.0.0-rc.2
+    targetRevision: v4.0.0-rc.3
     plugin:
       env:
         - name: AVP_SECRET

diff --git a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v4.0.0-rc.2
+    targetRevision: v4.0.0-rc.3
     plugin:
       env:
         - name: AVP_SECRET

diff --git a/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml
@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/sharedidp
     repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git'
-    targetRevision: v4.0.0-rc.2
+    targetRevision: v4.0.0-rc.3
     plugin:
       env:
         - name: AVP_SECRET