chore: update Helm charts

.github/actions/run-deployment-test/action.yml

@@ -40,10 +40,6 @@ inputs:
     required: true
     description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory"
 
-  values_file:
-    required: true
-    description: "A yaml file that contains the values for the test installation. will be modified!"
-
 runs:
   using: "composite"
   steps:
@@ -76,11 +72,6 @@ runs:
     ###################################################
     # Install the test infrastructure
     ###################################################
-    - name: "Generate test credentials"
-      shell: bash
-      run: |-
-        sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \
-               ${{ inputs.values_file }}"
 
     - name: Install Runtime
       shell: bash

.github/workflows/deployment-test.yaml

@@ -63,11 +63,9 @@ jobs:
         with:
           imagename: edc-runtime-memory
           rootDir: edc-controlplane/edc-runtime-memory
-          values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml
           helm_command: |-
             helm install tx-inmem charts/tractusx-connector-memory \
             -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml \
-            --set vault.secrets="client-secret:$(cat client.secret)" \
             --wait-for-jobs --timeout=120s --dependency-update
 
             # wait for the pod to become ready
@@ -87,7 +85,6 @@ jobs:
         with:
           imagename: "edc-controlplane-postgresql-hashicorp-vault edc-dataplane-hashicorp-vault"
           rootDir: "."
-          values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml
           helm_command: |-
             helm install tx-prod charts/tractusx-connector \
             -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml \
@@ -121,7 +118,6 @@ jobs:
         with:
           imagename: "edc-controlplane-postgresql-azure-vault edc-dataplane-azure-vault"
           rootDir: "."
-          values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml
           helm_command: |-
             az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name aes-keys --value "$(cat aes.key)" > /dev/null
             az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name client-secret --value "$(cat client.secret)" > /dev/null

.github/workflows/upgradeability-test.yaml

@@ -74,9 +74,6 @@ jobs:
 
       - name: "Install latest release"
         run: |
-          sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \
-                         edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml"
-
           helm upgrade --install tx-prod tractusx/tractusx-connector \
             -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml \
             --set "controlplane.image.tag=$RELEASE" \

charts/tractusx-connector-azure-vault/Chart.yaml

@@ -54,6 +54,6 @@ dependencies:
   # PostgreSQL
   - name: postgresql
     alias: postgresql
-    version: 12.11.2
+    version: "15.2.1"
     repository: https://charts.bitnami.com/bitnami
     condition: install.postgresql

charts/tractusx-connector-azure-vault/README.md

@@ -61,24 +61,24 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
 
 | Repository | Name | Version |
 |------------|------|---------|
-| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.11.2 |
+| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 |
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
-| backendService.httpProxyTokenReceiverUrl | string | `"https://example.com"` | Specifies a backend service which will receive the EDR |
 | controlplane.affinity | object | `{}` |  |
 | controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
 | controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
 | controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
 | controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
 | controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
+| controlplane.bdrs.cache_validity_seconds | int | `600` |  |
+| controlplane.bdrs.server.url | string | `nil` |  |
 | controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` |  |
 | controlplane.debug.enabled | bool | `false` |  |
 | controlplane.debug.port | int | `1044` |  |
 | controlplane.debug.suspendOnStart | bool | `false` |  |
-| controlplane.edr.transferProxyTokenValidity | string | `"2592000"` |  |
 | controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"password","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane |
 | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not |
 | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls |
@@ -243,14 +243,29 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
 | dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
 | dataplane.service.port | int | `80` |  |
 | dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
+| dataplane.token.refresh.expiry_seconds | int | `300` |  |
+| dataplane.token.refresh.expiry_tolerance_seconds | int | `10` |  |
+| dataplane.token.refresh.refresh_endpoint | string | `nil` |  |
+| dataplane.token.signer.privatekey_alias | string | `nil` |  |
+| dataplane.token.verifier.publickey_alias | string | `nil` |  |
 | dataplane.tolerations | list | `[]` |  |
 | dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) |
 | dataplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
 | dataplane.volumes | string | `nil` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
 | fullnameOverride | string | `""` |  |
+| iatp.id | string | `"did:web:changeme"` |  |
+| iatp.sts.dim.url | string | `nil` |  |
+| iatp.sts.oauth.client.id | string | `nil` |  |
+| iatp.sts.oauth.client.secret_alias | string | `nil` |  |
+| iatp.sts.oauth.token_url | string | `nil` |  |
 | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
 | install.postgresql | bool | `true` |  |
 | nameOverride | string | `""` |  |
+| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component |
+| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) |
+| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component |
+| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
+| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
 | participant.id | string | `"BPNLCHANGEME"` | BPN Number |
 | postgresql.auth.database | string | `"edc"` |  |
 | postgresql.auth.password | string | `"password"` |  |

charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml

@@ -146,6 +146,8 @@ spec:
             ########################
             - name: EDC_PARTICIPANT_ID
               value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
+            - name: "EDC_IAM_ISSUER_ID"
+              value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}}
 
             #######
             # API #
@@ -236,16 +238,6 @@ spec:
             - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL"
               value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
-            # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql
-            - name: "EDC_DATASOURCE_EDR_NAME"
-              value: "edr"
-            - name: "EDC_DATASOURCE_EDR_USER"
-              value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }}
-            - name: "EDC_DATASOURCE_EDR_PASSWORD"
-              value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
-            - name: "EDC_DATASOURCE_EDR_URL"
-              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
-
             # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/policy-monitor/store/sql/policy-monitor-store-sql
             - name: "EDC_DATASOURCE_POLICY-MONITOR_NAME"
               value: "policy-monitor"
@@ -266,6 +258,32 @@ spec:
             - name: "EDC_DATASOURCE_BPN_URL"
               value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
+
+            #############################
+            ## IATP / STS / DIM CONFIG ##
+            #############################
+            - name: "EDC_IAM_STS_OAUTH_TOKEN_URL"
+              value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.oauth.token_url is required" | quote}}
+            - name: "EDC_IAM_STS_OAUTH_CLIENT_ID"
+              value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}}
+            - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS"
+              value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}}
+            - name: "EDC_IAM_STS_DIM_URL"
+              value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}}
+
+            #################
+            ## BDRS CLIENT ##
+            #################
+
+            {{- if .Values.controlplane.bdrs.server.url }}
+            - name: "TX_IAM_IATP_BDRS_SERVER_URL"
+              value: {{ .Values.controlplane.bdrs.server.url | required ".Values.controlplane.bdrs.server.url is required" | quote }}
+            {{- end }}
+            {{- if .Values.controlplane.bdrs.cache_validity_seconds }}
+            - name: "TX_IAM_IATP_BDRS_CACHE_VALIDITY"
+              value: {{ .Values.controlplane.bdrs.cache_validity_seconds | quote}}
+            {{- end}}
+
             ################
             ## DATA PLANE ##
             ################
@@ -281,53 +299,31 @@ spec:
               value: |-
                 {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }}
 
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer
-            - name: "EDC_TRANSFER_PROXY_ENDPOINT"
-              value: {{ include "txdc.dataplane.url.public" . }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }}
-            {{- end }}
-            {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
-              value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }}
-            {{- end }}
-            - name: "EDC_TRANSFER_PROXY_TOKEN_VALIDITY_SECONDS"
-              value: {{ .Values.controlplane.edr.transferProxyTokenValidity | required ".Values.controlplane.edr.transferProxyTokenValidity is required" | quote }}
 
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver
 
-            - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT"
-              value: {{ .Values.backendService.httpProxyTokenReceiverUrl | required ".Values.backendService.httpProxyTokenReceiverUrl is required" | quote }}
 
             ###########
             ## VAULT ##
             ###########
 
-            - name: "EDC_VAULT_CLIENTID"
+            - name: "AZURE_CLIENT_ID"
               value: {{ .Values.vault.azure.client | required ".Values.vault.azure.client is required" | quote  }}
-            - name: "EDC_VAULT_TENANTID"
+            - name: "AZURE_TENANT_ID"
               value: {{ .Values.vault.azure.tenant | required ".Values.vault.azure.tenant is required" | quote }}
             - name: "EDC_VAULT_NAME"
               value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }}
             # only set the env var if config value not null
             {{- if .Values.vault.azure.secret }}
-            - name: "EDC_VAULT_CLIENTSECRET"
+            - name: "AZURE_CLIENT_SECRET"
               value: {{ .Values.vault.azure.secret | quote }}
              {{- end }}
             # only set the env var if config value not null
             {{- if .Values.vault.azure.certificate }}
-            - name: "EDC_VAULT_CERTIFICATE"
+            - name: "AZURE_CLIENT_CERTIFICATE_PATH"
               value: {{ .Values.vault.azure.certificate | quote }}
             {{- end }}
 
-            ###########################
-            ## AAS WRAPPER EXTENSION ##
-            ###########################
-            - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER"
-              value: "0"
-            - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT"
-              value: "0"
+
 
             ###########################
             ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ##