eclipse-tractusx · evegufy · Jun 13, 2024 · Jun 12, 2024 · Jun 12, 2024
diff --git a/.github/workflows/chart-test.yml b/.github/workflows/chart-test.yml
@@ -121,7 +121,7 @@ jobs:
         run: ct lint --validate-maintainers=false --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }}
 
       - name: Run chart-testing (install)
-        run: ct install --charts charts/ssi-credential-issuer --config charts/chart-testing-config.yaml --helm-extra-set-args "--set issuer.image.name=kind-registry:5000/credential-issuer-service --set issuer.image.tag=testing --set issuermigrations.image.name=kind-registry:5000/credential-issuer-migrations --set issuermigrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/credential-issuer-processes-worker --set processesworker.image.tag=testing --set credentialExpiry.image.name=kind-registry:5000/credential-expiry-app --set credentialExpiry.image.tag=testing"
+        run: ct install --charts charts/ssi-credential-issuer --config charts/chart-testing-config.yaml --helm-extra-set-args "--set service.image.name=kind-registry:5000/credential-issuer-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/credential-issuer-migrations --set migrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/credential-issuer-processes-worker --set processesworker.image.tag=testing --set credentialExpiry.image.name=kind-registry:5000/credential-expiry-app --set credentialExpiry.image.tag=testing"
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
 
       # Upgrade the released chart version with the locally available chart
@@ -132,5 +132,5 @@ jobs:
           helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
           helm install ssi-credential-issuer tractusx-dev/ssi-credential-issuer --version ${{ github.event.inputs.upgrade_from || '1.0.0' }} --namespace upgrade --create-namespace
           helm dependency update charts/ssi-credential-issuer
-          helm upgrade ssi-credential-issuer charts/ssi-credential-issuer --set issuer.image.name=kind-registry:5000/credential-issuer-service --set issuer.image.tag=testing --set issuermigrations.image.name=kind-registry:5000/credential-issuer-migrations --set issuermigrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/credential-issuer-processes-worker --set processesworker.image.tag=testing --set credentialExpiry.image.name=kind-registry:5000/credential-expiry-app --set credentialExpiry.image.tag=testing --namespace upgrade
+          helm upgrade ssi-credential-issuer charts/ssi-credential-issuer --set service.image.name=kind-registry:5000/credential-issuer-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/credential-issuer-migrations --set migrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/credential-issuer-processes-worker --set processesworker.image.tag=testing --set credentialExpiry.image.name=kind-registry:5000/credential-expiry-app --set credentialExpiry.image.tag=testing --namespace upgrade
         if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true'
diff --git a/.github/workflows/owasp-zap.yml b/.github/workflows/owasp-zap.yml
@@ -107,7 +107,7 @@ jobs:
           helm dependency build
 
       - name: Install the chart on KinD cluster
-        run: helm install testing -n apps --create-namespace --wait --set issuer.image.name=kind-registry:5000/credential-issuer-service --set issuer.image.tag=testing --set issuermigrations.image.name=kind-registry:5000/credential-issuer-migrations --set issuermigrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/credential-issuer-processes-worker --set processesworker.image.tag=testing --set credentialExpiry.image.name=kind-registry:5000/credential-expiry-app --set credentialExpiry.image.tag=testing --set issuer.swaggerEnabled=true charts/ssi-credential-issuer
+        run: helm install testing -n apps --create-namespace --wait --set service.image.name=kind-registry:5000/credential-issuer-service --set service.image.tag=testing --set migrations.image.name=kind-registry:5000/credential-issuer-migrations --set migrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/credential-issuer-processes-worker --set processesworker.image.tag=testing --set credentialExpiry.image.name=kind-registry:5000/credential-expiry-app --set credentialExpiry.image.tag=testing --set service.swaggerEnabled=true charts/ssi-credential-issuer
 
       - name: Configure port forward to app in KinD
         run: |

diff --git a/charts/ssi-credential-issuer/README.md b/charts/ssi-credential-issuer/README.md
@@ -43,39 +43,39 @@ dependencies:
 | portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. |
 | walletAddress | string | `"https://wallet.example.org"` |  |
 | walletTokenAddress | string | `"https://wallet.example.org/oauth/token"` |  |
-| issuer.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-service"` |  |
-| issuer.image.tag | string | `""` |  |
-| issuer.imagePullPolicy | string | `"IfNotPresent"` |  |
-| issuer.resources | object | `{"limits":{"cpu":"45m","memory":"400M"},"requests":{"cpu":"15m","memory":"400M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
-| issuer.logging.businessLogic | string | `"Information"` |  |
-| issuer.logging.default | string | `"Information"` |  |
-| issuer.healthChecks.startup.path | string | `"/health/startup"` |  |
-| issuer.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` |  |
-| issuer.healthChecks.startup.tags[0].value | string | `"issuerdb"` |  |
-| issuer.healthChecks.liveness.path | string | `"/healthz"` |  |
-| issuer.healthChecks.readyness.path | string | `"/ready"` |  |
-| issuer.swaggerEnabled | bool | `false` |  |
-| issuer.portal.scope | string | `"openid"` |  |
-| issuer.portal.grantType | string | `"client_credentials"` |  |
-| issuer.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. |
-| issuer.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. |
-| issuer.credential.issuerDid | string | `"did:web:example"` |  |
-| issuer.credential.issuerBpn | string | `"BPNL00000001TEST"` |  |
-| issuer.credential.statusListUrl | string | `"https://example.org/statuslist"` |  |
-| issuer.credential.encryptionConfigIndex | int | `0` |  |
-| issuer.credential.encryptionConfigs.index0.index | int | `0` |  |
-| issuer.credential.encryptionConfigs.index0.cipherMode | string | `"CBC"` |  |
-| issuer.credential.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` |  |
-| issuer.credential.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for wallet. Secret-key 'credential-encryption-key0'. Expected format is 256 bit (64 digits) hex. |
-| issuermigrations.name | string | `"migrations"` |  |
-| issuermigrations.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-migrations"` |  |
-| issuermigrations.image.tag | string | `""` |  |
-| issuermigrations.imagePullPolicy | string | `"IfNotPresent"` |  |
-| issuermigrations.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
-| issuermigrations.seeding.testDataEnvironments | string | `""` |  |
-| issuermigrations.seeding.testDataPaths | string | `"Seeder/Data"` |  |
-| issuermigrations.logging.default | string | `"Information"` |  |
-| issuermigrations.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` |  |
+| service.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-service"` |  |
+| service.image.tag | string | `""` |  |
+| service.imagePullPolicy | string | `"IfNotPresent"` |  |
+| service.resources | object | `{"limits":{"cpu":"45m","memory":"400M"},"requests":{"cpu":"15m","memory":"400M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
+| service.logging.businessLogic | string | `"Information"` |  |
+| service.logging.default | string | `"Information"` |  |
+| service.healthChecks.startup.path | string | `"/health/startup"` |  |
+| service.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` |  |
+| service.healthChecks.startup.tags[0].value | string | `"issuerdb"` |  |
+| service.healthChecks.liveness.path | string | `"/healthz"` |  |
+| service.healthChecks.readyness.path | string | `"/ready"` |  |
+| service.swaggerEnabled | bool | `false` |  |
+| service.portal.scope | string | `"openid"` |  |
+| service.portal.grantType | string | `"client_credentials"` |  |
+| service.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. |
+| service.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. |
+| service.credential.issuerDid | string | `"did:web:example"` |  |
+| service.credential.issuerBpn | string | `"BPNL00000001TEST"` |  |
+| service.credential.statusListUrl | string | `"https://example.org/statuslist"` |  |
+| service.credential.encryptionConfigIndex | int | `0` |  |
+| service.credential.encryptionConfigs.index0.index | int | `0` |  |
+| service.credential.encryptionConfigs.index0.cipherMode | string | `"CBC"` |  |
+| service.credential.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` |  |
+| service.credential.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for wallet. Secret-key 'credential-encryption-key0'. Expected format is 256 bit (64 digits) hex. |
+| migrations.name | string | `"migrations"` |  |
+| migrations.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-migrations"` |  |
+| migrations.image.tag | string | `""` |  |
+| migrations.imagePullPolicy | string | `"IfNotPresent"` |  |
+| migrations.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
+| migrations.seeding.testDataEnvironments | string | `""` |  |
+| migrations.seeding.testDataPaths | string | `"Seeder/Data"` |  |
+| migrations.logging.default | string | `"Information"` |  |
+| migrations.processIdentity.identityId | string | `"ac1cf001-7fbc-1f2f-817f-bce058020006"` |  |
 | processesworker.name | string | `"processesworker"` |  |
 | processesworker.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-processes-worker"` |  |
 | processesworker.image.tag | string | `""` |  |

diff --git a/charts/ssi-credential-issuer/templates/cronjob-issuer-processes.yaml b/charts/ssi-credential-issuer/templates/cronjob-issuer-processes.yaml
@@ -67,7 +67,7 @@ spec:
               value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(ISSUER_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"
             {{- end }}
             - name: "PORTAL__CLIENTID"
-              value: "{{ .Values.issuer.portal.clientId }}"
+              value: "{{ .Values.service.portal.clientId }}"
             - name: "PORTAL__CLIENTSECRET"
               valueFrom:
                 secretKeyRef:
@@ -86,7 +86,7 @@ spec:
             - name: "PORTAL__USERNAME"
               value: "empty"
             - name: "CALLBACK__CLIENTID"
-              value: "{{ .Values.issuer.portal.clientId }}"
+              value: "{{ .Values.service.portal.clientId }}"
             - name: "CALLBACK__CLIENTSECRET"
               valueFrom:
                 secretKeyRef:

diff --git a/charts/ssi-credential-issuer/templates/deployment-issuer-service.yaml b/charts/ssi-credential-issuer/templates/deployment-issuer-service.yaml
@@ -45,8 +45,8 @@ spec:
             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
-        image: "{{ .Values.issuer.image.name }}:{{ .Values.issuer.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: "{{ .Values.issuer.imagePullPolicy }}"
+        image: "{{ .Values.service.image.name }}:{{ .Values.service.image.tag | default .Chart.AppVersion }}"
+        imagePullPolicy: "{{ .Values.service.imagePullPolicy }}"
         env:
         - name: DOTNET_ENVIRONMENT
           value: "{{ .Values.dotnetEnvironment }}"
@@ -69,14 +69,14 @@ spec:
           value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(ISSUER_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"
         {{- end }}
         - name: "HEALTHCHECKS__0__PATH"
-          value: "{{ .Values.issuer.healthChecks.startup.path}}"
-        {{- if .Values.issuer.healthChecks.startup.tags }}
-        {{- toYaml .Values.issuer.healthChecks.startup.tags | nindent 8 }}
+          value: "{{ .Values.service.healthChecks.startup.path}}"
+        {{- if .Values.service.healthChecks.startup.tags }}
+        {{- toYaml .Values.service.healthChecks.startup.tags | nindent 8 }}
         {{- end }}
         - name: "HEALTHCHECKS__1__PATH"
-          value: "{{ .Values.issuer.healthChecks.readyness.path}}"
+          value: "{{ .Values.service.healthChecks.readyness.path}}"
         - name: "HEALTHCHECKS__2__PATH"
-          value: "{{ .Values.issuer.healthChecks.liveness.path}}"
+          value: "{{ .Values.service.healthChecks.liveness.path}}"
         - name: "JWTBEAREROPTIONS__METADATAADDRESS"
           value: "{{ .Values.centralidp.address }}{{ .Values.centralidp.jwtBearerOptions.metadataPath }}"
         - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA"
@@ -88,44 +88,44 @@ spec:
         - name: "JWTBEAREROPTIONS__REFRESHINTERVAL"
           value: "{{ .Values.centralidp.jwtBearerOptions.refreshInterval }}"
         - name: "SERILOG__MINIMUMLEVEL__Default"
-          value: "{{ .Values.issuer.logging.default }}"
+          value: "{{ .Values.service.logging.default }}"
         - name: "SERILOG__MINIMUMLEVEL__OVERRIDE__Org.Eclipse.TractusX.SsiCredentialIssuer.Service"
-          value: "{{ .Values.issuer.logging.businessLogic }}"
+          value: "{{ .Values.service.logging.businessLogic }}"
         - name: "SWAGGERENABLED"
-          value: "{{ .Values.issuer.swaggerEnabled }}"
+          value: "{{ .Values.service.swaggerEnabled }}"
         - name: "PORTAL__CLIENTID"
-          value: "{{ .Values.issuer.portal.clientId }}"
+          value: "{{ .Values.service.portal.clientId }}"
         - name: "PORTAL__CLIENTSECRET"
           valueFrom:
             secretKeyRef:
               name: "{{ template "issuer.secretName" . }}"
               key: "portal-client-secret"
         - name: "PORTAL__GRANTTYPE"
-          value: "{{ .Values.issuer.portal.grantType }}"
+          value: "{{ .Values.service.portal.grantType }}"
         - name: "PORTAL__TOKENADDRESS"
           value: "{{ .Values.centralidp.address }}{{ .Values.centralidp.tokenPath }}"
         - name: "PORTAL__BASEADDRESS"
           value: "{{ .Values.portalBackendAddress }}"
         - name: "PORTAL__PASSWORD"
           value: "empty"
         - name: "PORTAL__SCOPE"
-          value: "{{ .Values.issuer.portal.scope }}"
+          value: "{{ .Values.service.portal.scope }}"
         - name: "PORTAL__USERNAME"
           value: "empty"
         - name: "CREDENTIAL__ISSUERDID"
-          value: "{{ .Values.issuer.credential.issuerDid }}"
+          value: "{{ .Values.service.credential.issuerDid }}"
         - name: "CREDENTIAL__ISSUERBPN"
-          value: "{{ .Values.issuer.credential.issuerBpn }}"
+          value: "{{ .Values.service.credential.issuerBpn }}"
         - name: "CREDENTIAL__STATUSLISTURL"
-          value: "{{ .Values.issuer.credential.statusListUrl }}"
+          value: "{{ .Values.service.credential.statusListUrl }}"
         - name: "CREDENTIAL__ENCRYPTIONCONFIG__ENCRYPTIONCONFIGINDEX"
-          value: "{{ .Values.issuer.credential.encryptionConfigIndex }}"
+          value: "{{ .Values.service.credential.encryptionConfigIndex }}"
         - name: "CREDENTIAL__ENCRYPTIONCONFIGS__0__INDEX"
-          value: "{{ .Values.issuer.credential.encryptionConfigs.index0.index}}"
+          value: "{{ .Values.service.credential.encryptionConfigs.index0.index}}"
         - name: "CREDENTIAL__ENCRYPTIONCONFIGS__0__CIPHERMODE"
-          value: "{{ .Values.issuer.credential.encryptionConfigs.index0.cipherMode}}"
+          value: "{{ .Values.service.credential.encryptionConfigs.index0.cipherMode}}"
         - name: "CREDENTIAL__ENCRYPTIONCONFIGS__0__PADDINGMODE"
-          value: "{{ .Values.issuer.credential.encryptionConfigs.index0.paddingMode}}"
+          value: "{{ .Values.service.credential.encryptionConfigs.index0.paddingMode}}"
         - name: "CREDENTIAL__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
           valueFrom:
             secretKeyRef:
@@ -169,7 +169,7 @@ spec:
           protocol: TCP
         startupProbe:
           httpGet:
-            path: {{ .Values.issuer.healthChecks.startup.path }}
+            path: {{ .Values.service.healthChecks.startup.path }}
             port: {{ .Values.portContainer }}
             scheme: HTTP
           initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
@@ -179,7 +179,7 @@ spec:
           failureThreshold: {{ .Values.startupProbe.failureThreshold }}
         livenessProbe:
           httpGet:
-            path: {{ .Values.issuer.healthChecks.liveness.path }}
+            path: {{ .Values.service.healthChecks.liveness.path }}
             port: {{ .Values.portContainer }}
             scheme: HTTP
           initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
@@ -189,7 +189,7 @@ spec:
           failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
         readinessProbe:
           httpGet:
-            path: {{ .Values.issuer.healthChecks.readyness.path }}
+            path: {{ .Values.service.healthChecks.readyness.path }}
             port: {{ .Values.portContainer }}
             scheme: HTTP
           initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
@@ -198,7 +198,7 @@ spec:
           successThreshold: {{ .Values.readinessProbe.successThreshold }}
           failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
         resources:
-          {{- toYaml .Values.issuer.resources | nindent 10 }}
+          {{- toYaml .Values.service.resources | nindent 10 }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}