diff --git a/.github/actions/run-deployment-test/action.yml b/.github/actions/run-deployment-test/action.yml index aebe8c38a..0564771c3 100644 --- a/.github/actions/run-deployment-test/action.yml +++ b/.github/actions/run-deployment-test/action.yml @@ -40,10 +40,6 @@ inputs: required: true description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory" - values_file: - required: true - description: "A yaml file that contains the values for the test installation. will be modified!" - runs: using: "composite" steps: @@ -76,11 +72,6 @@ runs: ################################################### # Install the test infrastructure ################################################### - - name: "Generate test credentials" - shell: bash - run: |- - sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \ - ${{ inputs.values_file }}" - name: Install Runtime shell: bash diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml index e5208e7fa..1ab1187e1 100644 --- a/.github/workflows/deployment-test.yaml +++ b/.github/workflows/deployment-test.yaml @@ -63,11 +63,9 @@ jobs: with: imagename: edc-runtime-memory rootDir: edc-controlplane/edc-runtime-memory - values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml helm_command: |- helm install tx-inmem charts/tractusx-connector-memory \ -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml \ - --set vault.secrets="client-secret:$(cat client.secret)" \ --wait-for-jobs --timeout=120s --dependency-update # wait for the pod to become ready @@ -87,7 +85,6 @@ jobs: with: imagename: "edc-controlplane-postgresql-hashicorp-vault edc-dataplane-hashicorp-vault" rootDir: "." - values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml helm_command: |- helm install tx-prod charts/tractusx-connector \ -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml \ @@ -121,7 +118,6 @@ jobs: with: imagename: "edc-controlplane-postgresql-azure-vault edc-dataplane-azure-vault" rootDir: "." - values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml helm_command: |- az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name aes-keys --value "$(cat aes.key)" > /dev/null az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name client-secret --value "$(cat client.secret)" > /dev/null diff --git a/.github/workflows/upgradeability-test.yaml b/.github/workflows/upgradeability-test.yaml index df486e3fd..a7f3749a4 100644 --- a/.github/workflows/upgradeability-test.yaml +++ b/.github/workflows/upgradeability-test.yaml @@ -74,9 +74,6 @@ jobs: - name: "Install latest release" run: | - sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \ - edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml" - helm upgrade --install tx-prod tractusx/tractusx-connector \ -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml \ --set "controlplane.image.tag=$RELEASE" \ diff --git a/DEPENDENCIES b/DEPENDENCIES index d55dd2faf..7b011161f 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -26,7 +26,6 @@ maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.1, Apache maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.1, Apache-2.0, approved, #7947 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.2, Apache-2.0, approved, #7947 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.3, Apache-2.0, approved, #7947 -maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.16.2, Apache-2.0, approved, #11606 maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.13.5, Apache-2.0, approved, #2133 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.1, Apache-2.0 AND MIT, approved, #4303 @@ -41,7 +40,6 @@ maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.2, Apache-2. maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.1, Apache-2.0, approved, #7934 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.2, Apache-2.0, approved, #7934 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.3, Apache-2.0, approved, #7934 -maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.16.2, Apache-2.0, approved, #11605 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.15.2, Apache-2.0, approved, #9160 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.0, Apache-2.0, approved, #14192 @@ -51,7 +49,6 @@ maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.14 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.1, Apache-2.0, approved, #8802 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.2, Apache-2.0, approved, #8802 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.0, Apache-2.0, approved, #13669 -maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.16.2, Apache-2.0, approved, #11854 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.0, Apache-2.0, approved, #14161 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.5, Apache-2.0, approved, clearlydefined maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.0, Apache-2.0, approved, #4699 @@ -152,39 +149,39 @@ maven/mavencentral/io.micrometer/micrometer-core/1.12.4, Apache-2.0 AND (Apache- maven/mavencentral/io.micrometer/micrometer-observation/1.12.4, Apache-2.0, approved, #11680 maven/mavencentral/io.netty/netty-buffer/4.1.100.Final, Apache-2.0, approved, CQ21842 maven/mavencentral/io.netty/netty-buffer/4.1.101.Final, Apache-2.0, approved, CQ21842 -maven/mavencentral/io.netty/netty-buffer/4.1.107.Final, Apache-2.0, approved, CQ21842 +maven/mavencentral/io.netty/netty-buffer/4.1.108.Final, Apache-2.0, approved, CQ21842 maven/mavencentral/io.netty/netty-buffer/4.1.86.Final, Apache-2.0, approved, CQ21842 maven/mavencentral/io.netty/netty-codec-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http2/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http2/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http2/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http2/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http2/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-socks/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-socks/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-common/4.1.100.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 maven/mavencentral/io.netty/netty-common/4.1.101.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 -maven/mavencentral/io.netty/netty-common/4.1.107.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 +maven/mavencentral/io.netty/netty-common/4.1.108.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 maven/mavencentral/io.netty/netty-common/4.1.86.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 maven/mavencentral/io.netty/netty-handler-proxy/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-handler-proxy/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-handler/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-handler/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-handler/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-handler/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-handler/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.101.Final, Apache-2.0, approved, #6367 maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.101.Final, Apache-2.0, approved, #7004 maven/mavencentral/io.netty/netty-resolver-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.56.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.62.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 @@ -192,16 +189,16 @@ maven/mavencentral/io.netty/netty-tcnative-classes/2.0.56.Final, Apache-2.0, app maven/mavencentral/io.netty/netty-tcnative-classes/2.0.62.Final, Apache-2.0, approved, clearlydefined maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.100.Final, Apache-2.0, approved, #6366 maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.101.Final, Apache-2.0, approved, #6366 -maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.107.Final, Apache-2.0, approved, #6366 +maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.108.Final, Apache-2.0, approved, #6366 maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.101.Final, Apache-2.0, approved, #4107 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport/4.1.107.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport/4.1.86.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684 maven/mavencentral/io.opentelemetry/opentelemetry-api/1.32.0, Apache-2.0, approved, #11682 @@ -561,10 +558,10 @@ maven/mavencentral/org.javassist/javassist/3.29.2-GA, Apache-2.0 AND LGPL-2.1-or maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.9.10, Apache-2.0, approved, #14186 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.0, Apache-2.0, approved, #8807 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, approved, #8807 -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.10, None, restricted, #14193 +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.10, Apache-2.0, approved, #14193 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.0, Apache-2.0, approved, #8919 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919 -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.9.10, None, restricted, #14191 +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.9.10, Apache-2.0, approved, #14191 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.9.10, Apache-2.0, approved, #11827 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.9.21, Apache-2.0, approved, #11827 @@ -631,58 +628,58 @@ maven/mavencentral/org.yaml/snakeyaml/1.33, Apache-2.0, approved, clearlydefined maven/mavencentral/org.yaml/snakeyaml/2.0, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #7275 maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232 maven/mavencentral/software.amazon.awssdk/annotations/2.24.10, Apache-2.0, approved, #13251 -maven/mavencentral/software.amazon.awssdk/annotations/2.25.16, Apache-2.0, approved, #13691 +maven/mavencentral/software.amazon.awssdk/annotations/2.25.21, Apache-2.0, approved, #13691 maven/mavencentral/software.amazon.awssdk/apache-client/2.24.10, Apache-2.0, approved, #13257 -maven/mavencentral/software.amazon.awssdk/apache-client/2.25.16, Apache-2.0, approved, #13687 +maven/mavencentral/software.amazon.awssdk/apache-client/2.25.21, Apache-2.0, approved, #13687 maven/mavencentral/software.amazon.awssdk/arns/2.24.10, Apache-2.0, approved, #13243 -maven/mavencentral/software.amazon.awssdk/arns/2.25.16, Apache-2.0, approved, #13695 +maven/mavencentral/software.amazon.awssdk/arns/2.25.21, Apache-2.0, approved, #13695 maven/mavencentral/software.amazon.awssdk/auth/2.24.10, Apache-2.0, approved, #13256 -maven/mavencentral/software.amazon.awssdk/auth/2.25.16, Apache-2.0, approved, #13692 +maven/mavencentral/software.amazon.awssdk/auth/2.25.21, Apache-2.0, approved, #13692 maven/mavencentral/software.amazon.awssdk/aws-core/2.24.10, Apache-2.0, approved, #13240 -maven/mavencentral/software.amazon.awssdk/aws-core/2.25.16, Apache-2.0, approved, #13702 +maven/mavencentral/software.amazon.awssdk/aws-core/2.25.21, Apache-2.0, approved, #13702 maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.24.10, Apache-2.0, approved, #13262 -maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.25.16, Apache-2.0, approved, #13701 +maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.25.21, Apache-2.0, approved, #13701 maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.24.10, Apache-2.0, approved, #13247 -maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.25.16, Apache-2.0, approved, #13684 +maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.25.21, Apache-2.0, approved, #13684 maven/mavencentral/software.amazon.awssdk/checksums-spi/2.24.10, Apache-2.0, approved, #13245 -maven/mavencentral/software.amazon.awssdk/checksums-spi/2.25.16, Apache-2.0, approved, #13686 +maven/mavencentral/software.amazon.awssdk/checksums-spi/2.25.21, Apache-2.0, approved, #13686 maven/mavencentral/software.amazon.awssdk/checksums/2.24.10, Apache-2.0, approved, #13242 -maven/mavencentral/software.amazon.awssdk/checksums/2.25.16, Apache-2.0, approved, #13677 +maven/mavencentral/software.amazon.awssdk/checksums/2.25.21, Apache-2.0, approved, #13677 maven/mavencentral/software.amazon.awssdk/crt-core/2.24.10, Apache-2.0, approved, #13252 -maven/mavencentral/software.amazon.awssdk/crt-core/2.25.16, Apache-2.0, approved, #13705 +maven/mavencentral/software.amazon.awssdk/crt-core/2.25.21, Apache-2.0, approved, #13705 maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.24.10, Apache-2.0, approved, #13246 -maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.25.16, Apache-2.0, approved, #13681 +maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.25.21, Apache-2.0, approved, #13681 maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.24.10, Apache-2.0, approved, #13253 -maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.25.16, Apache-2.0, approved, #13696 +maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.25.21, Apache-2.0, approved, #13696 maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.24.10, Apache-2.0, approved, #13264 -maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.25.16, Apache-2.0, approved, #13704 +maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.25.21, Apache-2.0, approved, #13704 maven/mavencentral/software.amazon.awssdk/http-auth/2.24.10, Apache-2.0, approved, #13248 -maven/mavencentral/software.amazon.awssdk/http-auth/2.25.16, Apache-2.0, approved, #13682 +maven/mavencentral/software.amazon.awssdk/http-auth/2.25.21, Apache-2.0, approved, #13682 maven/mavencentral/software.amazon.awssdk/http-client-spi/2.24.10, Apache-2.0, approved, #13259 -maven/mavencentral/software.amazon.awssdk/http-client-spi/2.25.16, Apache-2.0, approved, #13706 +maven/mavencentral/software.amazon.awssdk/http-client-spi/2.25.21, Apache-2.0, approved, #13706 maven/mavencentral/software.amazon.awssdk/iam/2.24.10, Apache-2.0, approved, #13444 maven/mavencentral/software.amazon.awssdk/identity-spi/2.24.10, Apache-2.0, approved, #13244 -maven/mavencentral/software.amazon.awssdk/identity-spi/2.25.16, Apache-2.0, approved, #13685 +maven/mavencentral/software.amazon.awssdk/identity-spi/2.25.21, Apache-2.0, approved, #13685 maven/mavencentral/software.amazon.awssdk/json-utils/2.24.10, Apache-2.0, approved, #13261 -maven/mavencentral/software.amazon.awssdk/json-utils/2.25.16, Apache-2.0, approved, #13698 +maven/mavencentral/software.amazon.awssdk/json-utils/2.25.21, Apache-2.0, approved, #13698 maven/mavencentral/software.amazon.awssdk/metrics-spi/2.24.10, Apache-2.0, approved, #13239 -maven/mavencentral/software.amazon.awssdk/metrics-spi/2.25.16, Apache-2.0, approved, #13680 +maven/mavencentral/software.amazon.awssdk/metrics-spi/2.25.21, Apache-2.0, approved, #13680 maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.24.10, Apache-2.0, approved, #13260 -maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.25.16, Apache-2.0, approved, #13693 +maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.25.21, Apache-2.0, approved, #13693 maven/mavencentral/software.amazon.awssdk/profiles/2.24.10, Apache-2.0, approved, #13258 -maven/mavencentral/software.amazon.awssdk/profiles/2.25.16, Apache-2.0, approved, #13697 +maven/mavencentral/software.amazon.awssdk/profiles/2.25.21, Apache-2.0, approved, #13697 maven/mavencentral/software.amazon.awssdk/protocol-core/2.24.10, Apache-2.0, approved, #13241 -maven/mavencentral/software.amazon.awssdk/protocol-core/2.25.16, Apache-2.0, approved, #13679 +maven/mavencentral/software.amazon.awssdk/protocol-core/2.25.21, Apache-2.0, approved, #13679 maven/mavencentral/software.amazon.awssdk/regions/2.24.10, Apache-2.0, approved, #13255 -maven/mavencentral/software.amazon.awssdk/regions/2.25.16, Apache-2.0, approved, #13694 -maven/mavencentral/software.amazon.awssdk/s3-transfer-manager/2.25.16, Apache-2.0, approved, #13699 +maven/mavencentral/software.amazon.awssdk/regions/2.25.21, Apache-2.0, approved, #13694 +maven/mavencentral/software.amazon.awssdk/s3-transfer-manager/2.25.21, Apache-2.0, approved, #13699 maven/mavencentral/software.amazon.awssdk/s3/2.24.10, Apache-2.0, approved, #13254 -maven/mavencentral/software.amazon.awssdk/s3/2.25.16, Apache-2.0, approved, #13688 +maven/mavencentral/software.amazon.awssdk/s3/2.25.21, Apache-2.0, approved, #13688 maven/mavencentral/software.amazon.awssdk/sdk-core/2.24.10, Apache-2.0, approved, #13265 -maven/mavencentral/software.amazon.awssdk/sdk-core/2.25.16, Apache-2.0, approved, #13700 +maven/mavencentral/software.amazon.awssdk/sdk-core/2.25.21, Apache-2.0, approved, #13700 maven/mavencentral/software.amazon.awssdk/sts/2.24.10, Apache-2.0, approved, #13442 maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.24.10, Apache-2.0, approved, #13249 -maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.25.16, Apache-2.0, approved, #13703 +maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.25.21, Apache-2.0, approved, #13703 maven/mavencentral/software.amazon.awssdk/utils/2.24.10, Apache-2.0, approved, #13250 -maven/mavencentral/software.amazon.awssdk/utils/2.25.16, Apache-2.0, approved, #13689 +maven/mavencentral/software.amazon.awssdk/utils/2.25.21, Apache-2.0, approved, #13689 maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined diff --git a/charts/tractusx-connector-azure-vault/Chart.yaml b/charts/tractusx-connector-azure-vault/Chart.yaml index 74b7e2e7a..1a3d03ca6 100644 --- a/charts/tractusx-connector-azure-vault/Chart.yaml +++ b/charts/tractusx-connector-azure-vault/Chart.yaml @@ -54,6 +54,6 @@ dependencies: # PostgreSQL - name: postgresql alias: postgresql - version: 12.11.2 + version: "15.2.1" repository: https://charts.bitnami.com/bitnami condition: install.postgresql diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index e056ee64f..6720cd354 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -61,24 +61,24 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.11.2 | +| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `"https://example.com"` | Specifies a backend service which will receive the EDR | | controlplane.affinity | object | `{}` | | | controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | | controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | +| controlplane.bdrs.cache_validity_seconds | int | `600` | | +| controlplane.bdrs.server.url | string | `nil` | | | controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | | controlplane.debug.enabled | bool | `false` | | | controlplane.debug.port | int | `1044` | | | controlplane.debug.suspendOnStart | bool | `false` | | -| controlplane.edr.transferProxyTokenValidity | string | `"2592000"` | | | controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | @@ -243,14 +243,29 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0. | dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | | dataplane.service.port | int | `80` | | | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | +| dataplane.token.refresh.expiry_seconds | int | `300` | | +| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | | +| dataplane.token.refresh.refresh_endpoint | string | `nil` | | +| dataplane.token.signer.privatekey_alias | string | `nil` | | +| dataplane.token.verifier.publickey_alias | string | `nil` | | | dataplane.tolerations | list | `[]` | | | dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | | dataplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | dataplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | fullnameOverride | string | `""` | | +| iatp.id | string | `"did:web:changeme"` | | +| iatp.sts.dim.url | string | `nil` | | +| iatp.sts.oauth.client.id | string | `nil` | | +| iatp.sts.oauth.client.secret_alias | string | `nil` | | +| iatp.sts.oauth.token_url | string | `nil` | | | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | | install.postgresql | bool | `true` | | | nameOverride | string | `""` | | +| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | +| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | +| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component | +| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | +| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | | participant.id | string | `"BPNLCHANGEME"` | BPN Number | | postgresql.auth.database | string | `"edc"` | | | postgresql.auth.password | string | `"password"` | | diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml index f5e187f1c..98cf57bf6 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml @@ -146,6 +146,8 @@ spec: ######################## - name: EDC_PARTICIPANT_ID value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} ####### # API # @@ -236,16 +238,6 @@ spec: - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/policy-monitor/store/sql/policy-monitor-store-sql - name: "EDC_DATASOURCE_POLICY-MONITOR_NAME" value: "policy-monitor" @@ -266,6 +258,32 @@ spec: - name: "EDC_DATASOURCE_BPN_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + + ################# + ## BDRS CLIENT ## + ################# + + {{- if .Values.controlplane.bdrs.server.url }} + - name: "TX_IAM_IATP_BDRS_SERVER_URL" + value: {{ .Values.controlplane.bdrs.server.url | required ".Values.controlplane.bdrs.server.url is required" | quote }} + {{- end }} + {{- if .Values.controlplane.bdrs.cache_validity_seconds }} + - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" + value: {{ .Values.controlplane.bdrs.cache_validity_seconds | quote}} + {{- end}} + ################ ## DATA PLANE ## ################ @@ -281,53 +299,31 @@ spec: value: |- {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" . }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - {{- end }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - {{- end }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS" - value: {{ .Values.controlplane.edr.transferProxyTokenValidity | required ".Values.controlplane.edr.transferProxyTokenValidity is required" | quote }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver - - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | required ".Values.backendService.httpProxyTokenReceiverUrl is required" | quote }} ########### ## VAULT ## ########### - - name: "EDC_VAULT_CLIENTID" + - name: "AZURE_CLIENT_ID" value: {{ .Values.vault.azure.client | required ".Values.vault.azure.client is required" | quote }} - - name: "EDC_VAULT_TENANTID" + - name: "AZURE_TENANT_ID" value: {{ .Values.vault.azure.tenant | required ".Values.vault.azure.tenant is required" | quote }} - name: "EDC_VAULT_NAME" value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }} # only set the env var if config value not null {{- if .Values.vault.azure.secret }} - - name: "EDC_VAULT_CLIENTSECRET" + - name: "AZURE_CLIENT_SECRET" value: {{ .Values.vault.azure.secret | quote }} {{- end }} # only set the env var if config value not null {{- if .Values.vault.azure.certificate }} - - name: "EDC_VAULT_CERTIFICATE" + - name: "AZURE_CLIENT_CERTIFICATE_PATH" value: {{ .Values.vault.azure.certificate | quote }} {{- end }} - ########################### - ## AAS WRAPPER EXTENSION ## - ########################### - - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER" - value: "0" - - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT" - value: "0" + ########################### ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## diff --git a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml index 48085d744..58984c928 100644 --- a/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/tractusx-connector-azure-vault/templates/deployment-dataplane.yaml @@ -1,24 +1,24 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# + # Copyright (c) 2023 ZF Friedrichshafen AG + # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH + # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + # Copyright (c) 2021,2023 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License, Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0. + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + # + # SPDX-License-Identifier: Apache-2.0 + ################################################################################# --- @@ -145,6 +145,8 @@ spec: ######################## - name: EDC_PARTICIPANT_ID value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} ####### # API # @@ -182,41 +184,72 @@ spec: value: {{ .Values.dataplane.aws.accessKeyId | quote }} {{- end }} - ############### - ## EDR CACHE ## - ############### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ .Values.postgresql.jdbcUrl | required ".Values.postgresql.jdbcUrl is required" | quote }} - ########### ## VAULT ## ########### - - name: "EDC_VAULT_CLIENTID" + - name: "AZURE_CLIENT_ID" value: {{ .Values.vault.azure.client | quote }} - - name: "EDC_VAULT_TENANTID" + - name: "AZURE_TENANT_ID" value: {{ .Values.vault.azure.tenant | quote }} - name: "EDC_VAULT_NAME" value: {{ .Values.vault.azure.name | quote }} # only set the env var if config value not null {{- if .Values.vault.azure.secret }} - - name: "EDC_VAULT_CLIENTSECRET" + - name: "AZURE_CLIENT_SECRET" value: {{ .Values.vault.azure.secret | quote }} {{- end }} # only set the env var if config value not null {{- if .Values.vault.azure.certificate }} - - name: "EDC_VAULT_CERTIFICATE" + - name: "AZURE_CLIENT_CERTIFICATE_PATH" value: {{ .Values.vault.azure.certificate | quote }} {{- end }} + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + + + ######################### + ## DATA PLANE PUBLIC API + ######################## + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" + value: {{ include "txdc.dataplane.url.public" . }} + + + ################## + ## TOKEN REFRESH + ################## + {{- if .Values.dataplane.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ .Values.dataplane.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if .Values.dataplane.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ .Values.dataplane.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if .Values.dataplane.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ .Values.dataplane.token.refresh.refresh_endpoint }} + {{- end}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" + value: {{ .Values.dataplane.token.signer.privatekey_alias | required ".Values.dataplane.token.signer.privatekey_alias is required" | quote}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" + value: {{ .Values.dataplane.token.verifier.publickey_alias | required ".Values.dataplane.token.verifier.publickey_alias" | quote }} + + ###################################### ## Additional environment variables ## ###################################### diff --git a/charts/tractusx-connector-azure-vault/values.yaml b/charts/tractusx-connector-azure-vault/values.yaml index 157fcb2b8..e0bbc34c9 100644 --- a/charts/tractusx-connector-azure-vault/values.yaml +++ b/charts/tractusx-connector-azure-vault/values.yaml @@ -40,6 +40,20 @@ participant: # -- BPN Number id: "BPNLCHANGEME" + +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + sts: + dim: + url: + oauth: + token_url: + client: + id: + secret_alias: + + controlplane: image: # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically @@ -117,8 +131,13 @@ controlplane: businessPartnerValidation: log: agreementValidation: true - edr: - transferProxyTokenValidity: "2592000" + + bdrs: + # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min + cache_validity_seconds: 600 + server: + # URL of the BPN/DID Resolution Service - required: + url: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. @@ -344,6 +363,20 @@ dataplane: metrics: port: 9090 path: /metrics + + token: + refresh: + expiry_seconds: 300 + expiry_tolerance_seconds: 10 + # optional URL that can be provided where clients go to refresh tokens. + refresh_endpoint: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: + aws: endpointOverride: "" accessKeyId: "" @@ -505,9 +538,20 @@ vault: transferProxyTokenSignerPublicKey: transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key -backendService: - # -- Specifies a backend service which will receive the EDR - httpProxyTokenReceiverUrl: "https://example.com" +networkPolicy: + # -- If `true` network policy will be created to restrict access to control- and dataplane + enabled: false + # -- Configuration of the controlplane component + controlplane: + # -- Specify from rule network policy for cp (defaults to all namespaces) + from: + - namespaceSelector: {} + # -- Configuration of the dataplane component + dataplane: + # -- Specify from rule network policy for dp (defaults to all namespaces) + from: + - namespaceSelector: {} + serviceAccount: # Specifies whether a service account should be created create: true @@ -518,6 +562,7 @@ serviceAccount: name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] + # -- Configurations for Helm tests tests: # -- Configure the hook-delete-policy for Helm tests diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index 5fa0c2d74..76a3c8126 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -56,6 +56,11 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.6.0 \ | customCaCerts | object | `{}` | Add custom ca certificates to the truststore | | customLabels | object | `{}` | To add some custom labels | | fullnameOverride | string | `""` | | +| iatp.id | string | `"did:web:changeme"` | | +| iatp.sts.dim.url | string | `nil` | | +| iatp.sts.oauth.client.id | string | `nil` | | +| iatp.sts.oauth.client.secret_alias | string | `nil` | | +| iatp.sts.oauth.token_url | string | `nil` | | | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | | nameOverride | string | `""` | | | participant.id | string | `"BPNLCHANGEME"` | BPN Number | @@ -65,11 +70,12 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.6.0 \ | runtime.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | | runtime.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | | runtime.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | +| runtime.bdrs.cache_validity_seconds | int | `600` | | +| runtime.bdrs.server.url | string | `nil` | | | runtime.businessPartnerValidation.log.agreementValidation | bool | `true` | | | runtime.debug.enabled | bool | `false` | | | runtime.debug.port | int | `1044` | | | runtime.debug.suspendOnStart | bool | `false` | | -| runtime.edr.transferProxyTokenValidity | string | `"2592000"` | | | runtime.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084},"proxy":{"path":"/proxy","port":8186},"public":{"path":"/api/public","port":8086}}` | endpoints of the control plane | | runtime.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | runtime.endpoints.control.path | string | `"/control"` | path for incoming api calls | @@ -147,6 +153,11 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.6.0 \ | runtime.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | | runtime.service.annotations | object | `{}` | | | runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | +| runtime.token.refresh.expiry_seconds | int | `300` | | +| runtime.token.refresh.expiry_tolerance_seconds | int | `10` | | +| runtime.token.refresh.refresh_endpoint | string | `nil` | | +| runtime.token.signer.privatekey_alias | string | `nil` | | +| runtime.token.verifier.publickey_alias | string | `nil` | | | runtime.tolerations | list | `[]` | | | runtime.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | | runtime.url.public | string | `""` | | diff --git a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml index a9453bcec..a5d4c0e3f 100644 --- a/charts/tractusx-connector-memory/templates/deployment-runtime.yaml +++ b/charts/tractusx-connector-memory/templates/deployment-runtime.yaml @@ -146,6 +146,8 @@ spec: ######################## - name: EDC_PARTICIPANT_ID value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} ####### # API # @@ -197,6 +199,31 @@ spec: - name: "EDC_OAUTH_ENDPOINT_AUDIENCE" value: {{ printf "%s%s" (include "txdc.runtime.url.protocol" . ) .Values.runtime.endpoints.protocol.path | quote }} + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + + ################# + ## BDRS CLIENT ## + ################# + + {{- if .Values.runtime.bdrs.server.url }} + - name: "TX_IAM_IATP_BDRS_SERVER_URL" + value: {{ .Values.runtime.bdrs.server.url | required ".Values.runtime.bdrs.server.url is required" | quote }} + {{- end }} + {{- if .Values.runtime.bdrs.cache_validity_seconds }} + - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" + value: {{ .Values.runtime.bdrs.cache_validity_seconds | quote}} + {{- end}} + ################ ## DATA PLANE ## ################ @@ -212,23 +239,35 @@ spec: value: |- {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" + + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" value: {{ include "txdc.dataplane.url.public" . }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }} + + + ################## + ## TOKEN REFRESH + ################## + {{- if .Values.runtime.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ .Values.runtime.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if .Values.runtime.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ .Values.runtime.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if .Values.runtime.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ .Values.runtime.token.refresh.refresh_endpoint }} + {{- end}} + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - {{- end }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }} + value: {{ .Values.runtime.token.signer.privatekey_alias | required ".Values.runtime.token.signer.privatekey_alias is required" | quote}} + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - {{- end }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS" - value: {{ .Values.runtime.edr.transferProxyTokenValidity | required ".Values.runtime.edr.transferProxyTokenValidity is required" | quote }} + value: {{ .Values.runtime.token.verifier.publickey_alias | required ".Values.runtime.token.verifier.publickey_alias" | quote }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/http-receiver - - name: "EDC_RECEIVER_HTTP_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | required ".Values.backendService.httpProxyTokenReceiverUrl is required" | quote }} ########### ## VAULT ## diff --git a/charts/tractusx-connector-memory/values.yaml b/charts/tractusx-connector-memory/values.yaml index 886610abb..3289edfcf 100644 --- a/charts/tractusx-connector-memory/values.yaml +++ b/charts/tractusx-connector-memory/values.yaml @@ -34,6 +34,18 @@ participant: # -- BPN Number id: "BPNLCHANGEME" +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + sts: + dim: + url: + oauth: + token_url: + client: + id: + secret_alias: + # -- Add custom ca certificates to the truststore customCaCerts: {} @@ -109,11 +121,29 @@ runtime: proxy: port: 8186 path: /proxy + businessPartnerValidation: log: agreementValidation: true - edr: - transferProxyTokenValidity: "2592000" + token: + refresh: + expiry_seconds: 300 + expiry_tolerance_seconds: 10 + # optional URL that can be provided where clients go to refresh tokens. + refresh_endpoint: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: + + bdrs: + # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min + cache_validity_seconds: 600 + server: + # URL of the BPN/DID Resolution Service - required: + url: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. diff --git a/charts/tractusx-connector/Chart.yaml b/charts/tractusx-connector/Chart.yaml index cce1ff152..b01a54b2e 100644 --- a/charts/tractusx-connector/Chart.yaml +++ b/charts/tractusx-connector/Chart.yaml @@ -54,12 +54,12 @@ dependencies: # HashiCorp Vault - name: vault alias: vault - version: 0.20.0 + version: "0.27.0" repository: https://helm.releases.hashicorp.com condition: install.vault # PostgreSQL - name: postgresql alias: postgresql - version: 12.11.2 + version: "15.2.1" repository: https://charts.bitnami.com/bitnami condition: install.postgresql diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index 922e1b816..a6db95db8 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -54,25 +54,25 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.6.0 \ | Repository | Name | Version | |------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.11.2 | -| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | +| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 | +| https://helm.releases.hashicorp.com | vault(vault) | 0.27.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `"https://example.com"` | Specifies a backend service which will receive the EDR | | controlplane.affinity | object | `{}` | | | controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | | controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | | controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | | controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | +| controlplane.bdrs.cache_validity_seconds | int | `600` | | +| controlplane.bdrs.server.url | string | `nil` | | | controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | | controlplane.debug.enabled | bool | `false` | | | controlplane.debug.port | int | `1044` | | | controlplane.debug.suspendOnStart | bool | `false` | | -| controlplane.edr.transferProxyTokenValidity | string | `"2592000"` | | | controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | @@ -154,11 +154,6 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.6.0 \ | controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | | controlplane.service.annotations | object | `{}` | | | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority | -| controlplane.ssi.miw.url | string | `""` | MIW URL | -| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak | -| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. | -| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained | | controlplane.tolerations | list | `[]` | | | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | | controlplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | @@ -242,11 +237,21 @@ helm install my-release tractusx-edc/tractusx-connector --version 0.6.0 \ | dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | | dataplane.service.port | int | `80` | | | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | +| dataplane.token.refresh.expiry_seconds | int | `300` | | +| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` | | +| dataplane.token.refresh.refresh_endpoint | string | `nil` | | +| dataplane.token.signer.privatekey_alias | string | `nil` | | +| dataplane.token.verifier.publickey_alias | string | `nil` | | | dataplane.tolerations | list | `[]` | | | dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | | dataplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | dataplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | | fullnameOverride | string | `""` | | +| iatp.id | string | `"did:web:changeme"` | | +| iatp.sts.dim.url | string | `nil` | | +| iatp.sts.oauth.client.id | string | `nil` | | +| iatp.sts.oauth.client.secret_alias | string | `nil` | | +| iatp.sts.oauth.token_url | string | `nil` | | | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | | install.postgresql | bool | `true` | | | install.vault | bool | `true` | | diff --git a/charts/tractusx-connector/templates/deployment-controlplane.yaml b/charts/tractusx-connector/templates/deployment-controlplane.yaml index 06c482763..4f3196d22 100644 --- a/charts/tractusx-connector/templates/deployment-controlplane.yaml +++ b/charts/tractusx-connector/templates/deployment-controlplane.yaml @@ -146,6 +146,8 @@ spec: ######################## - name: EDC_PARTICIPANT_ID value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} ####### # API # @@ -236,16 +238,6 @@ spec: - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/policy-monitor/store/sql/policy-monitor-store-sql - name: "EDC_DATASOURCE_POLICY-MONITOR_NAME" value: "policy-monitor" @@ -266,6 +258,32 @@ spec: - name: "EDC_DATASOURCE_BPN_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + + ################# + ## BDRS CLIENT ## + ################# + + {{- if .Values.controlplane.bdrs.server.url }} + - name: "TX_IAM_IATP_BDRS_SERVER_URL" + value: {{ .Values.controlplane.bdrs.server.url | required ".Values.controlplane.bdrs.server.url is required" | quote }} + {{- end }} + {{- if .Values.controlplane.bdrs.cache_validity_seconds }} + - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY" + value: {{ .Values.controlplane.bdrs.cache_validity_seconds | quote}} + {{- end}} + ################ ## DATA PLANE ## ################ @@ -281,24 +299,8 @@ spec: value: |- {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" . }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - {{- end }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - {{- end }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS" - value: {{ .Values.controlplane.edr.transferProxyTokenValidity | required ".Values.controlplane.edr.transferProxyTokenValidity is required" | quote }} - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver - - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | required ".Values.backendService.httpProxyTokenReceiverUrl is required" | quote }} ########### ## VAULT ## diff --git a/charts/tractusx-connector/templates/deployment-dataplane.yaml b/charts/tractusx-connector/templates/deployment-dataplane.yaml index 8a43fc37b..c02094659 100644 --- a/charts/tractusx-connector/templates/deployment-dataplane.yaml +++ b/charts/tractusx-connector/templates/deployment-dataplane.yaml @@ -1,24 +1,24 @@ ################################################################################# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -################################################################################# + # Copyright (c) 2023 ZF Friedrichshafen AG + # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH + # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) + # Copyright (c) 2021,2023 Contributors to the Eclipse Foundation + # + # See the NOTICE file(s) distributed with this work for additional + # information regarding copyright ownership. + # + # This program and the accompanying materials are made available under the + # terms of the Apache License, Version 2.0 which is available at + # https://www.apache.org/licenses/LICENSE-2.0. + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + # License for the specific language governing permissions and limitations + # under the License. + # + # SPDX-License-Identifier: Apache-2.0 + ################################################################################# --- @@ -145,6 +145,8 @@ spec: ######################## - name: EDC_PARTICIPANT_ID value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} ####### # API # @@ -182,20 +184,6 @@ spec: value: {{ .Values.dataplane.aws.accessKeyId | quote }} {{- end }} - ############### - ## EDR CACHE ## - ############### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - ########### ## VAULT ## ########### @@ -216,6 +204,50 @@ spec: - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" value: {{ .Values.vault.hashicorp.paths.health | quote }} + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + + + ######################### + ## DATA PLANE PUBLIC API + ######################## + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" + value: {{ include "txdc.dataplane.url.public" . }} + + + ################## + ## TOKEN REFRESH + ################## + {{- if .Values.dataplane.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ .Values.dataplane.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if .Values.dataplane.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ .Values.dataplane.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if .Values.dataplane.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ .Values.dataplane.token.refresh.refresh_endpoint }} + {{- end}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" + value: {{ .Values.dataplane.token.signer.privatekey_alias | required ".Values.dataplane.token.signer.privatekey_alias is required" | quote}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" + value: {{ .Values.dataplane.token.verifier.publickey_alias | required ".Values.dataplane.token.verifier.publickey_alias" | quote }} + ###################################### ## Additional environment variables ## ###################################### diff --git a/charts/tractusx-connector/values.yaml b/charts/tractusx-connector/values.yaml index 0de6875f6..70e046c0b 100644 --- a/charts/tractusx-connector/values.yaml +++ b/charts/tractusx-connector/values.yaml @@ -40,6 +40,20 @@ participant: # -- BPN Number id: "BPNLCHANGEME" + +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + sts: + dim: + url: + oauth: + token_url: + client: + id: + secret_alias: + + controlplane: image: # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically @@ -117,23 +131,13 @@ controlplane: businessPartnerValidation: log: agreementValidation: true - edr: - transferProxyTokenValidity: "2592000" - # SSI configuration - ssi: - miw: - # -- MIW URL - url: "" - # -- The BPN of the issuer authority - authorityId: "" - oauth: - # -- The URL (of KeyCloak), where access tokens can be obtained - tokenurl: "" - client: - # -- The client ID for KeyCloak - id: "" - # -- The alias under which the client secret is stored in the vault. - secretAlias: "client-secret" + + bdrs: + # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min + cache_validity_seconds: 600 + server: + # URL of the BPN/DID Resolution Service - required: + url: service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. @@ -357,6 +361,20 @@ dataplane: metrics: port: 9090 path: /metrics + + token: + refresh: + expiry_seconds: 300 + expiry_tolerance_seconds: 10 + # optional URL that can be provided where clients go to refresh tokens. + refresh_endpoint: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: + aws: endpointOverride: "" accessKeyId: "" @@ -525,9 +543,6 @@ vault: transferProxyTokenSignerPrivateKey: transferProxyTokenSignerPublicKey: transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key -backendService: - # -- Specifies a backend service which will receive the EDR - httpProxyTokenReceiverUrl: "https://example.com" networkPolicy: # -- If `true` network policy will be created to restrict access to control- and dataplane diff --git a/core/json-ld-core/src/main/resources/document/dspace.jsonld b/core/json-ld-core/src/main/resources/document/dspace.jsonld new file mode 100644 index 000000000..f475b2350 --- /dev/null +++ b/core/json-ld-core/src/main/resources/document/dspace.jsonld @@ -0,0 +1,62 @@ +{ + "@context": { + "odrl": "http://www.w3.org/ns/odrl/2/", + "xsd": "http://www.w3.org/2001/XMLSchema#", + "cred": "https://www.w3.org/2018/credentials#", + "sec": "https://w3id.org/security#", + "foaf": "http://xmlns.com/foaf/0.1/", + "cc": "http://creativecommons.org/ns#", + "dct": "http://purl.org/dc/terms/", + "dcat": "http://www.w3.org/ns/dcat#", + "dspace": "https://w3id.org/dspace/2024/1/", + + "dct:title": { "@language": "en" }, + "dct:creator": { "@type": "@id" }, + "dct:description": { "@container": "@set" }, + "dct:issued": { "@type": "xsd:dateTime" }, + "dct:modified": { "@type": "xsd:dateTime" }, + + "dcat:byteSize": { "@type": "xsd:decimal" }, + "dcat:distribution": { "@container": "@set" }, + "dcat:theme": { "@type": "@id" }, + "dcat:conformsTo": { "@type": "@id" }, + "dcat:dataset": { "@container": "@set" }, + "dcat:endpointURL": { "@type": "xsd:anyURI" }, + "dcat:endpointDescription": { "@type": "xsd:anyURI" }, + "dcat:keyword": { "@container": "@set" }, + "dcat:servesDataset": {"@container": "@set" }, + "dcat:service": { "@container": "@set" }, + "dcat:accessService": { "@container": "@set" }, + + "dspace:agreementId": { "@type": "@id" }, + "dspace:dataset": { "@type": "@id" }, + "dspace:transportType": { "@type": "@id" }, + "dspace:state": { "@type": "@id" }, + "dspace:providerId": { "@type": "@id" }, + "dspace:consumerId": { "@type": "@id" }, + "dspace:participantId": { "@type": "@id" }, + "dspace:reason": { "@container": "@set" }, + "dspace:catalog": { "@container": "@set" }, + "dspace:filter": { "@container": "@set" }, + "dspace:timestamp": { "@type": "xsd:dateTime" }, + "dspace:callbackAddress": { "@type": "xsd:anyURI" }, + "dspace:endpointProperties": { "@container": "@set" }, + + "foaf:homepage": { "@type": "xsd:anyURI" }, + + "odrl:hasPolicy": { "@container": "@set" }, + "odrl:permission": { "@container": "@set" }, + "odrl:prohibition": { "@container": "@set" }, + "odrl:obligation": { "@container": "@set" }, + "odrl:duty": { "@container": "@set" }, + "odrl:constraint": { "@container": "@set" }, + "odrl:action": { "@type": "@id" }, + "odrl:target": { "@type": "@id" }, + "odrl:leftOperand": { "@type": "@id" }, + "odrl:operator": { "@type": "@id" }, + "odrl:rightOperandReference": { "@type": "@id" }, + "odrl:profile": { "@container": "@set" } + "odrl:assigner": { "@type": "@id" }, + "odrl:assignee": { "@type": "@id" } + } +} diff --git a/edc-extensions/iatp/tx-iatp-sts-dim/src/test/java/org/eclipse/tractusx/edc/iam/iatp/sts/dim/DimSecureServiceExtensionTest.java b/edc-extensions/iatp/tx-iatp-sts-dim/src/test/java/org/eclipse/tractusx/edc/iam/iatp/sts/dim/DimSecureServiceExtensionTest.java index b8d99569b..f4c5a9b62 100644 --- a/edc-extensions/iatp/tx-iatp-sts-dim/src/test/java/org/eclipse/tractusx/edc/iam/iatp/sts/dim/DimSecureServiceExtensionTest.java +++ b/edc-extensions/iatp/tx-iatp-sts-dim/src/test/java/org/eclipse/tractusx/edc/iam/iatp/sts/dim/DimSecureServiceExtensionTest.java @@ -20,15 +20,17 @@ package org.eclipse.tractusx.edc.iam.iatp.sts.dim; import org.eclipse.edc.junit.extensions.DependencyInjectionExtension; +import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.spi.system.configuration.Config; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import static org.assertj.core.api.Assertions.assertThat; -import static org.assertj.core.api.Assertions.assertThatNoException; import static org.eclipse.tractusx.edc.iam.iatp.sts.dim.DimSecureTokenServiceExtension.DIM_URL; +import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @ExtendWith(DependencyInjectionExtension.class) @@ -44,7 +46,11 @@ void initialize(ServiceExtensionContext context, DimSecureTokenServiceExtension @Test void initialize_shouldNotThrow_whenUrlIsMissing(ServiceExtensionContext context, DimSecureTokenServiceExtension extension) { - assertThatNoException().isThrownBy(() -> extension.secureTokenService(context)); + var monitor = context.getMonitor(); + var prefixeMonitor = mock(Monitor.class); + when(monitor.withPrefix(anyString())).thenReturn(prefixeMonitor); + extension.secureTokenService(context); + verify(prefixeMonitor).severe("Mandatory config value missing: 'edc.iam.sts.dim.url'. This runtime will not be fully operational! Starting with v0.7.x this will be a runtime error."); } } diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml index 98ac76659..0b9e0e5e6 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml @@ -25,6 +25,17 @@ fullnameOverride: tx-prod ################################ participant: id: "test-participant" +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + sts: + dim: + url: "https://somewhere.dim.org" + oauth: + token_url: "https://changeme.org" + client: + id: "test-client-id" + secret_alias: "test-alias" controlplane: service: type: NodePort @@ -35,13 +46,12 @@ controlplane: pullPolicy: Never tag: "latest" repository: "edc-controlplane-postgresql-azure-vault" - ssi: - miw: - url: "http://localhost:8080" - authorityId: "authorityId" securityContext: # avoids some errors in the log: cannot write temp files of large multipart requests when R/O readOnlyRootFilesystem: false + bdrs: + server: + url: "https://bdrs.test.org" dataplane: endpoints: proxy: @@ -57,6 +67,11 @@ dataplane: endpointOverride: http://minio:9000 secretAccessKey: qwerty123 accessKeyId: qwerty123 + token: + signer: + privatekey_alias: "key-1" + verifier: + publickey_alias: "key-1" postgresql: jdbcUrl: jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc auth: diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml index 354c667ae..9032eab3a 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml @@ -23,16 +23,23 @@ fullnameOverride: tx-inmem participant: id: "test-participant" +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + sts: + dim: + url: "https://somewhere.dim.org" + oauth: + token_url: "https://changeme.org" + client: + id: "test-client-id" + secret_alias: "test-alias" runtime: service: type: NodePort endpoints: management: authKey: password - ssi: - miw: - url: "http://localhost:8080" - authorityId: "authorityId" image: pullPolicy: Never tag: "latest" @@ -40,11 +47,16 @@ runtime: securityContext: # avoids some errors in the log: cannot write temp files of large multipart requests when R/O readOnlyRootFilesystem: false + bdrs: + server: + url: "https://bdrs.test.org" + token: + signer: + privatekey_alias: "key-1" + verifier: + publickey_alias: "key-1" vault: secretNames: - transferProxyTokenEncryptionAesKey: aes-keys - # this must be set through CLI args: --set vault.secrets=$YOUR_VAULT_SECRETS where YOUR_VAULT_SECRETS should - # be a string in the format "key1:secret1;key2:secret2;..." secrets: backendService: httpProxyTokenReceiverUrl: "http://backend:8080" diff --git a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml index 20ec65cbc..dc6c63bf8 100644 --- a/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml +++ b/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml @@ -24,7 +24,27 @@ fullnameOverride: tx-prod ################################ participant: id: "test-participant" +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + sts: + dim: + url: "https://somewhere.dim.org" + oauth: + token_url: "https://changeme.org" + client: + id: "test-client-id" + secret_alias: "test-alias" controlplane: + # the ssi object is still needed for the upgradeability test + # todo: remove this after 0.7.0 is released + ssi: + miw: + url: "http://localhost:8080" + authorityId: "authorityId" + oauth: + client: + secretAlias: "client-secret" service: type: NodePort endpoints: @@ -37,13 +57,9 @@ controlplane: securityContext: # avoids some errors in the log: cannot write temp files of large multipart requests when R/O readOnlyRootFilesystem: false - ssi: - miw: - url: "http://localhost:8080" - authorityId: "authorityId" - oauth: - client: - secretAlias: "client-secret" + bdrs: + server: + url: "https://bdrs.test.org" dataplane: endpoints: proxy: @@ -59,6 +75,11 @@ dataplane: endpointOverride: http://minio:9000 secretAccessKey: qwerty123 accessKeyId: qwerty123 + token: + signer: + privatekey_alias: "key-1" + verifier: + publickey_alias: "key-1" postgresql: jdbcUrl: jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc auth: @@ -73,6 +94,21 @@ vault: # this must be set through CLI args: --set vault.secrets=$YOUR_VAULT_SECRETS where YOUR_VAULT_SECRETS should # be a string in the format "key1:secret1;key2:secret2;..." secrets: + + # the post-start object is still needed for the upgradeability test + # todo: remove this after 0.7.0 is released + server: + postStart: + - sh + - -c + - |- + { + sleep 5 + + /bin/vault kv put secret/client-secret content=kEmH7QRPWhKfy8f+x0pFMw== + + /bin/vault kv put secret/aes-keys content=YWVzX2VuY2tleV90ZXN0Cg== + } backendService: httpProxyTokenReceiverUrl: "http://backend:8080" tests: diff --git a/edc-tests/deployment/src/main/resources/prepare-test.sh b/edc-tests/deployment/src/main/resources/prepare-test.sh deleted file mode 100755 index ba3848a6b..000000000 --- a/edc-tests/deployment/src/main/resources/prepare-test.sh +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash - -# -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# -# Contributors: -# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation -# -# - -set -euo pipefail - -if [ "$#" -lt 1 ]; then - echo "usage prepare-test.sh PATH_TO_YAML" - echo "" - echo "Please provide the path to the YAML file, which contains the config for the test infrastructure! In most cases - this will be edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml" - exit 42 -fi - -VALUES_FILE=$1 - -CLIENT_SECRET=$(openssl rand -base64 16) -AES_KEY=$(echo aes_enckey_test | base64) -echo "$AES_KEY" > aes.key -echo "$CLIENT_SECRET" > client.secret - -# add a "postStart" command to the vault config, that creates a oauth client secret and an aes-keys secret -yq -i ".vault.server.postStart |= [\"sh\",\"-c\",\"{\nsleep 5\n -/bin/vault kv put secret/client-secret content=$CLIENT_SECRET\n -/bin/vault kv put secret/aes-keys content=$AES_KEY\n}\"]" "$VALUES_FILE" \ No newline at end of file diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index 207cad9f6..de13fa183 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -10,7 +10,6 @@ aws = "2.25.21" azure-identity = "1.11.4" bouncyCastle-jdk18on = "1.77" flyway = "10.10.0" -iron-vc = "0.14.0" jackson = "2.17.0" jakarta-json = "2.0.1" jupiter = "5.10.2" @@ -187,7 +186,6 @@ edc-edr-store-receiver = { module = "org.eclipse.edc:edr-store-receiver", versio apache-sshd-core = { module = "org.apache.sshd:sshd-core", version.ref = "apache-sshd" } apache-sshd-sftp = { module = "org.apache.sshd:sshd-sftp", version.ref = "apache-sshd" } -apicatalog-iron-vc = { module = "com.apicatalog:iron-verifiable-credentials", version.ref = "iron-vc" } assertj = { module = "org.assertj:assertj-core", version.ref = "assertj" } awaitility = { module = "org.awaitility:awaitility", version.ref = "awaitility" } aws-s3 = { module = "software.amazon.awssdk:s3", version.ref = "aws" } diff --git a/samples/multi-tenancy/src/main/java/org/eclipse/tractusx/edc/samples/multitenancy/MultiTenantRuntime.java b/samples/multi-tenancy/src/main/java/org/eclipse/tractusx/edc/samples/multitenancy/MultiTenantRuntime.java index d7ac26513..b4c8c0025 100644 --- a/samples/multi-tenancy/src/main/java/org/eclipse/tractusx/edc/samples/multitenancy/MultiTenantRuntime.java +++ b/samples/multi-tenancy/src/main/java/org/eclipse/tractusx/edc/samples/multitenancy/MultiTenantRuntime.java @@ -47,7 +47,8 @@ public static void main(String[] args) { runtime.boot(); } - protected void boot() { + @Override + public void boot() { loadTenantsConfig().getConfig("edc.tenants").partition().forEach(this::bootTenant); }