Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: create in-mem helm chart #219

Merged
merged 7 commits into from
Apr 17, 2023
+2,883 −199
Merged

feature: create in-mem helm chart #219

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
4b85f73
feature: create the tractusx-connector-memory chart
paullatzelsperger Apr 11, 2023
9528286
pr remarks
paullatzelsperger Apr 14, 2023
1e1b6ec
pr remarks
paullatzelsperger Apr 17, 2023
2c129ae
increase waiting for negotiation, sometimes takes longer then 2 seconds
paullatzelsperger Apr 17, 2023
2a050a2
Apply suggestions from code review
paullatzelsperger Apr 17, 2023
b43782d
pr remarks
paullatzelsperger Apr 17, 2023
7868f6c
Update charts/tractusx-connector-memory/templates/deployment-runtime.…
paullatzelsperger Apr 17, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions .github/actions/publish-docker-image/action.yml
View file
Original file line number Diff line number Diff line change
@@ -48,7 +48,6 @@ runs:
# Login to DockerHub
#####################
- name: DockerHub login
if: github.event_name != 'pull_request'
uses: docker/login-action@v2
with:
username: ${{ inputs.docker_user }}
@@ -108,7 +107,6 @@ runs:
# https://github.com/peter-evans/dockerhub-description
###############################
- name: Update Docker Hub description
if: github.event_name != 'pull_request'
uses: peter-evans/dockerhub-description@v3
with:
readme-filepath: ${{ inputs.rootDir }}/notice.md
103 changes: 103 additions & 0 deletions .github/actions/run-deployment-test/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
#
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
name: "Run Deployment Test"
description: "Build and publish a Docker Image to DockerHub"
inputs:
imagename:
required: true
description: "name of the docker image, e.g. edc-runtime-memory"

image_tag:
required: false
default: "latest"
description: "docker image tag, defaults to 'latest'"

helm_command:
required: true
description: "command which is executed to install the chart. must also include verification commands, such as 'helm test'"

rootDir:
required: true
description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory"

runs:
using: "composite"
steps:
- name: Checkout
uses: actions/checkout@v3.3.0

- name: Cache ContainerD Image Layers
uses: actions/cache@v3
with:
path: /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs
key: ${{ runner.os }}-io.containerd.snapshotter.v1.overlayfs

- name: Set up JDK 11
uses: actions/setup-java@v3.11.0
with:
java-version: '11'
distribution: 'temurin'
cache: 'gradle'

- name: Build docker images
shell: bash
run: |-
./gradlew -p ${{ inputs.rootDir }} dockerize
- name: Setup Helm
uses: azure/setup-helm@v3.5
with:
version: v3.8.1

- name: Setup Kubectl
uses: azure/setup-kubectl@v3.2

- name: Create k8s Kind Cluster
uses: helm/kind-action@v1.5.0

- name: Load images into KinD
shell: bash
run: |
kind get clusters | xargs -n1 kind load docker-image ${{ inputs.imagename }}:${{ inputs.image_tag }} --name
###################################################
# Install the test infrastructure
###################################################
- name: Install Infrastructure
shell: bash
run: |-
helm install infra edc-tests/deployment/src/main/resources/helm/test-infrastructure \
--wait-for-jobs --timeout=30s --dependency-update
- name: Install Runtime
shell: bash
run: ${{ inputs.helm_command }}


#################
### Tear Down ###
#################
- name: Destroy the kind cluster
if: always()
shell: bash
run: >-
kind get clusters | xargs -n1 kind delete cluster --name
11 changes: 9 additions & 2 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
@@ -55,13 +55,15 @@ jobs:
SONAR_TOKEN: ${{ steps.secret-presence.outputs.SONAR_TOKEN }}
GPG_PRIVATE_KEY: ${{ steps.secret-presence.outputs.GPG_PRIVATE_KEY }}
GPG_PASSPHRASE: ${{ steps.secret-presence.outputs.GPG_PASSPHRASE }}
DOCKER_HUB_TOKEN: ${{ steps.secret-presence.outputs.DOCKER_HUB_TOKEN }}
steps:
- name: Check whether secrets exist
id: secret-presence
run: |
[ ! -z "${{ secrets.SONAR_TOKEN }}" ] && echo "::set-output name=SONAR_TOKEN::true"
[ ! -z "${{ secrets.GPG_PRIVATE_KEY }}" ] && echo "::set-output name=GPG_PRIVATE_KEY::true"
[ ! -z "${{ secrets.GPG_PASSPHRASE }}" ] && echo "::set-output name=GPG_PASSPHRASE::true"
[ ! -z "${{ secrets.DOCKER_HUB_TOKEN }}" ] && echo "::set-output name=DOCKER_HUB_TOKEN::true"
exit 0
build-extensions:
@@ -89,11 +91,13 @@ jobs:
name: "Create Docker Images for the ControlPlane"
runs-on: ubuntu-latest
needs: [ secret-presence ]
if: |
needs.secret-presence.outputs.DOCKER_HUB_TOKEN
strategy:
fail-fast: false
matrix:
name:
- edc-controlplane-memory
- edc-runtime-memory
- edc-controlplane-memory-hashicorp-vault
- edc-controlplane-postgresql
- edc-controlplane-postgresql-hashicorp-vault
@@ -110,8 +114,11 @@ jobs:
docker_token: ${{ secrets.DOCKER_HUB_TOKEN }}

build-dataplane:
name: "Create Docker Images for the DataPlane"
runs-on: ubuntu-latest
needs: [ secret-presence ]
if: |
needs.secret-presence.outputs.DOCKER_HUB_TOKEN
strategy:
fail-fast: false
matrix:
@@ -135,7 +142,7 @@ jobs:
permissions:
contents: read
packages: write
needs: [ secret-presence, build-controlplane, build-dataplane, build-extensions ]
needs: [ secret-presence, build-extensions ]

# do not run on PR branches, do not run on releases
if: |
1 change: 0 additions & 1 deletion .github/workflows/business-tests.yaml
View file
Original file line number Diff line number Diff line change
@@ -166,7 +166,6 @@ jobs:
sleep 5s

# Wait for supporting infrastructure to become ready (control-/data-plane, backend service)
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=backend --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=backend --tail 500 && exit 1 )
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=idsdaps --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=idsdaps --tail 500 && exit 1 )
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=vault --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=vault --tail 500 && exit 1 )
kubectl wait --for=condition=ready pod -l app.kubernetes.io/name=sokrates-postgresql --timeout=120s || ( kubectl logs -l app.kubernetes.io/name=sokrates-postgresql --tail 500 && exit 1 )
51 changes: 51 additions & 0 deletions .github/workflows/deploy-test-secrets
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
daps-key:-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCv+NUvK7ppJPiM
wZPaQQxE745T5pV38O/Mkay5m82nnd5BoMoCdhhRTy3Efy79FhvBfGruFBLLGzsQ
FOEUY53Albeumo2gmpZSKjJR/M2ifK4MTaRniVOWL5mEcZSKPhsItKpxdLaiYfB6
8uzqkqNICtmAQRSclYKzLBM9xHLEtxDWCbnzYFCHoOELGi+PTNIFsUnsT3QuKaJ/
ejb47vdA/EZbwCQdtTyJ6i54jGhZUp0WMwq1Go2uhzJsygPmT2da/ZZZc7BNNEQE
sUSMZSpMH807TG/TunstotrzO4ShhpV4zbJ2FV/VlxH7yuCawmnR84F/KnXs9fUc
RSrQfuYBAgMBAAECggEAO+KjsjTgcG3bhBNQnMLsSP15Y0Yicbn18ZlVvaivGS7Z
d14fwSytY+ZdPfTGaey/L16HCVSdfK9cr0Fbw9OO2P5ajzobnp9dLsMbctlkpbpm
hNtbarzKTF8QkIkSsuUl0BWjt46vpJ1N+Jl5VO7oUFkY4dPEDvG2lAEY3zlekWDm
cQeOC/YgpoW4xfRwPPS6QE0w3Q+H5NfNjfz+mSHeItTlVfTKDRliWQLPWeRZFuXh
FlRFUQnTmEE/9wpIe3Hn7WXJ3fQqcYDzxU7/zwwY9I7bB15SgVHlR0ENDPAD5X8F
MVZ3EcLlqGBy+WvTWALp6pc8YfhW3fiTWyuamXtNrQKBgQDonsIzBKEOOKdKGW0e
uyw79ErmnmzkY5nuMrMxrmTA4WKCfJ/YRRA+4sxiltWsIJ3UkHe3OBCSSCdj79hb
ugb/+UzE70hOdgrct2NUQqbrj3gvsVvU8ZRQgTRMqKpmC0zY7KOMx6NU85z3IvS1
z5fjszcUv4kLQlldYGSAuqPy+wKBgQDBqIkc8p/wcw7ygo1q/GerNeszfoxiIFp8
h4RWLVhkwrcXFz30wBlUWuv5/kxU8tmJcmXxe72EmUstd6wvNOAnYwCiile6zQiJ
vsr1axavZnGOtNGUp6DUAsd2iviBl7IZ7kAcqCrQo4ivGhfHmahH3hmg8wuAMjYB
8f+FSPgaMwKBgQC7W4tMrjDOFIFhJEOIWfcRvvxI7VcFSNelS76aiDzsQVwnfxr7
hPzFucQmsBgfUBHvMADMWGK4f1cCnh5kGtwidXgIsjVJxLeQ+EAPkLOCzQZfW3l8
dKshgD9QcxTzpaxal5ZPAEikVqaZQtVYToCmzCTUGETYBbOWitnH+Qut2wKBgQC6
Y6DcSLUhc0xOotLDxv1sbu/aVxF8nFEbDD+Vxf0Otc4MnmUWPRHj+8KlkVkcZcR0
IrP1kThd+EDAGS+TG9wmbIY+6tH3S8HM+eJUBWcHGJ1xUZ1p61DC3Y3nDWiTKlLT
3Fi+fCkBOHSku4Npq/2odh7Kp0JJd4o9oxJg0VNhuwKBgQDSFn7dqFE0Xmwc40Vr
0wJH8cPWXKGt7KJENpj894buk2DniLD4w2x874dzTjrOFi6fKxEzbBNA9Rq9UPo8
u9gKvl/IyWmV0c4zFCNMjRwVdnkMEte/lXcJZ67T4FXZByqAZlhrr/v0FD442Z9B
AjWFbUiBCFOo+gpAFcQGrkOQHA==
-----END PRIVATE KEY-----;daps-crt:-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIUXFgjbN7jxGRUDkoUvEwcN3zcew8wDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0
bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ
TjEyMzQwHhcNMjIwNTEwMDc1NzMzWhcNMjMwNTEwMDc1NzMzWjCBkDELMAkGA1UE
BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK
DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD
DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/41S8rumkk+IzBk9pBDETvjlPmlXfw
78yRrLmbzaed3kGgygJ2GFFPLcR/Lv0WG8F8au4UEssbOxAU4RRjncCVt66ajaCa
llIqMlH8zaJ8rgxNpGeJU5YvmYRxlIo+Gwi0qnF0tqJh8Hry7OqSo0gK2YBBFJyV
grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21
PInqLniMaFlSnRYzCrUaja6HMmzKA+ZPZ1r9lllzsE00RASxRIxlKkwfzTtMb9O6
ey2i2vM7hKGGlXjNsnYVX9WXEfvK4JrCadHzgX8qdez19RxFKtB+5gECAwEAAaNT
MFEwHQYDVR0OBBYEFOcHLXRWZjHwexDqtgMGTCN/7aZlMB8GA1UdIwQYMBaAFOcH
LXRWZjHwexDqtgMGTCN/7aZlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAD2a5kuIdICNXfYLpSe7AIONwZVucaArYtpXBxHEy5lMJsTEJgjZzypd
iIMU7onEQGVbii6yVNpWfIpJYM4e8ytVdJuk5evclVKZs/lZ2IshLyWFVj+ITh2E
28X4C/Hnmt4MPBCNowQf71nMp4LEziBgXp54qFV9C+qSTEVdrherRE0PU/zKyX10
S/P5o42weTHnAO/pBN/8AmL3AymynKVgcPaW46IjjRAuc6kfZWCrYQ0M4+/7Ws5r
uM55Zae/L+C82OTNNaaK324ogsCkORPeQ23OCrRD8rZJmQ9bpoOGglPminfwEOhB
UHtyKgmvqCyOV3G/4G93W/xsLV0kxLA=
-----END CERTIFICATE-----
67 changes: 67 additions & 0 deletions .github/workflows/deployment-test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
#
# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
name: "Deployment Tests"

on:
push:
branches:
- main
- develop
tags:
- '[0-9]+.[0-9]+.[0-9]+'
release:
types:
- published
pull_request:
paths-ignore:
- 'docs/**'
- '**/*.md'
branches:
- '*'
workflow_dispatch:

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
deployment-test-memory:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3.3.0
- uses: ./.github/actions/run-deployment-test
name: "Run deployment test using KinD and Helm"
with:
imagename: edc-runtime-memory
rootDir: edc-controlplane/edc-runtime-memory
helm_command: |-
helm install tx-inmem charts/tractusx-connector-memory \
-f charts/tractusx-connector-memory/example.yaml \
--set vault.secrets="$(cat ./.github/workflows/deploy-test-secrets)" \
--wait-for-jobs --timeout=120s
# wait for the pod to become ready
kubectl rollout status deployment tx-inmem
# execute the helm test
helm test tx-inmem
2 changes: 1 addition & 1 deletion .github/workflows/publish-docker.yaml
View file
Original file line number Diff line number Diff line change
@@ -42,7 +42,7 @@ jobs:
fail-fast: false
matrix:
name:
- edc-controlplane-memory
- edc-runtime-memory
- edc-controlplane-memory-hashicorp-vault
- edc-controlplane-postgresql
- edc-controlplane-postgresql-hashicorp-vault
25 changes: 9 additions & 16 deletions .github/workflows/trivy.yml
View file
Original file line number Diff line number Diff line change
@@ -6,7 +6,7 @@ on:
- cron: "0 0 * * *"
workflow_dispatch:
workflow_run:
workflows: ["Build"]
workflows: [ "Build" ]
branches:
- main
- releases
@@ -24,8 +24,7 @@ jobs:
outputs:
value: ${{ steps.git-sha7.outputs.SHA7 }}
steps:
-
name: Resolve git 7-chars sha
- name: Resolve git 7-chars sha
id: git-sha7
run: |
echo "::set-output name=SHA7::${GITHUB_SHA::7}"
@@ -37,11 +36,9 @@ jobs:
contents: read
security-events: write
steps:
-
name: Checkout repository
- name: Checkout repository
uses: actions/checkout@v3.3.0
-
name: Run Trivy vulnerability scanner in repo mode
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@master
with:
scan-type: "config"
@@ -51,8 +48,7 @@ jobs:
format: "sarif"
output: "trivy-results-config.sarif"
severity: "CRITICAL,HIGH"
-
name: Upload Trivy scan results to GitHub Security tab
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v2
if: always()
with:
@@ -69,18 +65,16 @@ jobs:
fail-fast: false # continue scanning other images although if the other has been vulnerable
matrix:
image:
- edc-controlplane-memory
- edc-runtime-memory
- edc-controlplane-memory-hashicorp-vault
- edc-controlplane-postgresql
- edc-controlplane-postgresql-hashicorp-vault
- edc-dataplane-azure-vault
- edc-dataplane-hashicorp-vault
steps:
-
name: Checkout
- name: Checkout
uses: actions/checkout@v3.3.0
-
name: Run Trivy vulnerability scanner
- name: Run Trivy vulnerability scanner
if: always()
uses: aquasecurity/trivy-action@master
with:
@@ -90,8 +84,7 @@ jobs:
exit-code: "1"
severity: "CRITICAL,HIGH"
timeout: "10m0s"
-
name: Upload Trivy scan results to GitHub Security tab
- name: Upload Trivy scan results to GitHub Security tab
if: always()
uses: github/codeql-action/upload-sarif@v2
with:
44 changes: 15 additions & 29 deletions .github/workflows/veracode.yaml
View file
Original file line number Diff line number Diff line change
@@ -13,8 +13,7 @@ jobs:
ORG_VERACODE_API_ID: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_ID }}
ORG_VERACODE_API_KEY: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_KEY }}
steps:
-
name: Check whether secrets exist
- name: Check whether secrets exist
id: secret-presence
run: |
[ ! -z "${{ secrets.ORG_VERACODE_API_ID }}" ] && echo "::set-output name=ORG_VERACODE_API_ID::true"
@@ -24,20 +23,17 @@ jobs:
verify-formatting:
runs-on: ubuntu-latest
steps:
-
name: Checkout
- name: Checkout
uses: actions/checkout@v3.3.0
with:
fetch-depth: 0
-
name: Set up JDK 11
- name: Set up JDK 11
uses: actions/setup-java@v3.11.0
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
-
name: Verify proper formatting
- name: Verify proper formatting
run: ./gradlew spotlessCheck

build-controlplane:
@@ -49,36 +45,31 @@ jobs:
fail-fast: false
matrix:
name:
- edc-controlplane-memory
- edc-runtime-memory
- edc-controlplane-memory-hashicorp-vault
- edc-controlplane-postgresql
- edc-controlplane-postgresql-hashicorp-vault
steps:
# Set-Up
-
name: Checkout
- name: Checkout
uses: actions/checkout@v3.3.0
-
name: Set up JDK 11
- name: Set up JDK 11
uses: actions/setup-java@v3.11.0
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
# Build
-
name: Build Controlplane
- name: Build Controlplane
run: |-
./gradlew -p edc-controlplane/${{ matrix.name }} shadowJar
env:
GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-
name: Tar gzip files for veracode upload
- name: Tar gzip files for veracode upload
run: |-
tar -czvf edc-controlplane/${{ matrix.name }}/build/libs/${{ matrix.name }}.tar.gz edc-controlplane/${{ matrix.name }}/build/libs/${{ matrix.name }}.jar
-
name: Veracode Upload And Scan
- name: Veracode Upload And Scan
uses: veracode/veracode-uploadandscan-action@v1.0
if: |
needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY
@@ -104,30 +95,25 @@ jobs:
- edc-dataplane-hashicorp-vault
steps:
# Set-Up
-
name: Checkout
- name: Checkout
uses: actions/checkout@v3.3.0
-
name: Set up JDK 11
- name: Set up JDK 11
uses: actions/setup-java@v3.11.0
with:
java-version: '17'
distribution: 'temurin'
cache: 'gradle'
# Build
-
name: Build Dataplane
- name: Build Dataplane
run: |-
./gradlew -p edc-dataplane/${{ matrix.name }} shadowJar
env:
GITHUB_PACKAGE_USERNAME: ${{ github.actor }}
GITHUB_PACKAGE_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-
name: Tar gzip files for veracode upload
- name: Tar gzip files for veracode upload
run: |-
tar -czvf edc-dataplane/${{ matrix.name }}/build/libs/${{ matrix.name }}.tar.gz edc-dataplane/${{ matrix.name }}/build/libs/${{ matrix.name }}.jar
-
name: Veracode Upload And Scan
- name: Veracode Upload And Scan
uses: veracode/veracode-uploadandscan-action@v1.0
if: |
needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY
38 changes: 25 additions & 13 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -69,7 +69,7 @@ corresponding [documentation](/docs/migration/Version_0.1.x_0.3.x.md).
- update control plane docu (#623)
- update postgresql version in Chart.yaml supporting-infrastructure (#622)
- update link to edc logo in README.md (#612)
- update description of supporting infrastructure deployment (#616)
- update description of supporting infrastructure deployment (#616)

### Fixed

@@ -84,7 +84,7 @@ corresponding [documentation](/docs/migration/Version_0.1.x_0.3.x.md).
- Bump alpine (#749)
- Bump alpine (#750)
- Bump alpine (#752)
- Bump alpine in /edc-controlplane/edc-controlplane-memory/src/main/docker (#753)
- Bump alpine in /edc-controlplane/edc-runtime-memory/src/main/docker (#753)
- Bump maven-deploy-plugin from 3.0.0 to 3.1.0 (#735)
- Bump actions/setup-java from 3.9.0 to 3.10.0 (#730)
- Bump s3 from 2.19.33 to 2.20.0
@@ -117,7 +117,7 @@ corresponding [documentation](/docs/migration/Version_0.1.x_0.3.x.md).
- Bump s3 from 2.19.11 to 2.19.15 (#668)
- Bump maven-surefire-plugin from 3.0.0-M7 to 3.0.0-M8 (#670)
- Bump edc version to 0.0.1-20230109-SNAPSHOT (#666)
- Bump alpine in /edc-controlplane/edc-controlplane-memory/src/main/docker (#659)
- Bump alpine in /edc-controlplane/edc-runtime-memory/src/main/docker (#659)
- Bump alpine in /edc-dataplane/edc-dataplane-azure-vault/src/main/docker (#660)
- Bump alpine (#658)
- Bump alpine (#661)
@@ -171,7 +171,8 @@ corresponding [documentation](/docs/migration/Version_0.1.x_0.3.x.md).

## [0.1.1] - 2022-09-04

**Important Note**: Please consolidate the migration documentation before updating your connector. [documentation](/docs/migration/Version_0.1.0_0.1.1.md).
**Important Note**: Please consolidate the migration documentation before updating your
connector. [documentation](/docs/migration/Version_0.1.0_0.1.1.md).

### Added

@@ -184,7 +185,8 @@ corresponding [documentation](/docs/migration/Version_0.1.x_0.3.x.md).

### Fixed

- Connectors with Azure Vault extension are now starting again [link](https://github.com/eclipse-edc/Connector/issues/1892)
- Connectors with Azure Vault extension are now starting
again [link](https://github.com/eclipse-edc/Connector/issues/1892)

## [0.1.0] - 2022-08-19

@@ -193,31 +195,41 @@ corresponding [documentation](/docs/migration/Version_0.0.x_0.1.x.md).

### Added

- Control-Plane extension ([data-plane-selector-client](https://github.com/eclipse-edc/Connector/tree/v0.0.1-milestone-5/extensions/data-plane-selector/selector-client))
- Control-Plane
extension ([data-plane-selector-client](https://github.com/eclipse-edc/Connector/tree/v0.0.1-milestone-5/extensions/data-plane-selector/selector-client))
- run the EDC with multiple data planes at once
- Control-Plane extension ([dataplane-selector-configuration](edc-extensions/dataplane-selector-configuration))
- add data plane instances to the control plane by configuration
- Data-Plane extension ([s3-data-plane](https://github.com/eclipse-edc/Connector/tree/main/extensions/aws/data-plane-s3))
- Data-Plane
extension ([s3-data-plane](https://github.com/eclipse-edc/Connector/tree/main/extensions/aws/data-plane-s3))
- transfer from and to AWS S3 buckets
- Control-Plane extension ([data-encryption](edc-extensions/data-encryption))
- Data-Plane authentication attribute transmitted during data-plane-transfer can be encrypted symmetrically (AES)

### Changed

- Update setting name (`edc.dataplane.token.validation.endpoint` -> `edc.dataplane.token.validation.endpoint`)
- EDC has been updated to version [0.0.1-20220818-SNAPSHOT](https://oss.sonatype.org/#nexus-search;gav~org.eclipse.dataspaceconnector~~0.0.1-20220818-SNAPSHOT~~) - implications to the behavior of the connector have been covered in the [corresponding migration guide](docs/migration/Version_0.0.x_0.1.x.md)
- EDC has been updated to
version [0.0.1-20220818-SNAPSHOT](https://oss.sonatype.org/#nexus-search;gav~org.eclipse.dataspaceconnector~~0.0.1-20220818-SNAPSHOT~~) -
implications to the behavior of the connector have been covered in
the [corresponding migration guide](docs/migration/Version_0.0.x_0.1.x.md)

### Fixed

- Contract-Offer-Receiving-Connectors must also pass the ContractPolicy of the ContractDefinition before receiving offers([issue](https://github.com/eclipse-edc/Connector/issues/1331))
- Deletion of Asset becomes impossible when Contract Negotiation exists([issue](https://github.com/eclipse-edc/Connector/issues/1403))
- Deletion of Policy becomes impossible when Contract Definition exists([issue](https://github.com/eclipse-edc/Connector/issues/1410))
- Contract-Offer-Receiving-Connectors must also pass the ContractPolicy of the ContractDefinition before receiving
offers([issue](https://github.com/eclipse-edc/Connector/issues/1331))
- Deletion of Asset becomes impossible when Contract Negotiation
exists([issue](https://github.com/eclipse-edc/Connector/issues/1403))
- Deletion of Policy becomes impossible when Contract Definition
exists([issue](https://github.com/eclipse-edc/Connector/issues/1410))

## [0.0.6] - 2022-07-29

### Fixed

- Fixes [release 0.0.5](https://github.com/eclipse-tractusx/tractusx-edc/releases/tag/0.0.5), which introduced classpath issues due to usage of [net.jodah:failsafe:2.4.3](https://search.maven.org/artifact/net.jodah/failsafe/2.4.3/jar) library
- Fixes [release 0.0.5](https://github.com/eclipse-tractusx/tractusx-edc/releases/tag/0.0.5), which introduced classpath
issues due to usage of [net.jodah:failsafe:2.4.3](https://search.maven.org/artifact/net.jodah/failsafe/2.4.3/jar)
library

## [0.0.5] - 2022-07-28

@@ -245,7 +257,7 @@ corresponding [documentation](/docs/migration/Version_0.0.x_0.1.x.md).
### Fixed

- [#1515](https://github.com/eclipse-edc/Connector/issues/1515) SQL: Connector sends out 50
contract offers max.
contract offers max.

### Removed

30 changes: 22 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -16,24 +16,25 @@ Please also refer to:

## About The Project

The project provides pre-built control- and data-plane [docker](https://www.docker.com/) images and [helm](https://helm.sh/) charts of the [Eclipse DataSpaceConnector Project](https://github.com/eclipse-edc/Connector).
The project provides pre-built control- and data-plane [docker](https://www.docker.com/) images
and [helm](https://helm.sh/) charts of
the [Eclipse DataSpaceConnector Project](https://github.com/eclipse-edc/Connector).

## Inventory

The eclipse data space connector is split up into Control-Plane and Data-Plane, whereas the Control-Plane functions as administration layer
and has responsibility of resource management, contract negotiation and administer data transfer.
The eclipse data space connector is split up into Control-Plane and Data-Plane, whereas the Control-Plane functions as
administration layer and has responsibility of resource management, contract negotiation and administer data transfer.
The Data-Plane does the heavy lifting of transferring and receiving data streams.

Depending on your environment there are different derivatives of the control-plane prepared:

- [edc-controlplane-memory](edc-controlplane/edc-controlplane-memory) with dependency onto
- [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview)
- [edc-controlplane-postgresql](edc-controlplane/edc-controlplane-postgresql) with dependency onto
- [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview)
- [PostgreSQL 8.2 or newer](https://www.postgresql.org/)
- [edc-controlplane-postgresql-hashicorp-vault](edc-controlplane/edc-controlplane-postgresql-hashicorp-vault) with dependency onto
- [edc-controlplane-postgresql-hashicorp-vault](edc-controlplane/edc-controlplane-postgresql-hashicorp-vault) with
dependency onto
- [Hashicorp Vault](https://www.vaultproject.io/)
-[PostgreSQL 8.2 or newer](https://www.postgresql.org/)
- [PostgreSQL 8.2 or newer](https://www.postgresql.org/)

Derivatives of the Data-Plane can be found here

@@ -42,6 +43,10 @@ Derivatives of the Data-Plane can be found here
- [edc-dataplane-hashicorp-vault](edc-dataplane/edc-dataplane-hashicorp-vault) with dependency onto
- [Hashicorp Vault](https://www.vaultproject.io/)

For testing/development purposes:

- [edc-runtime-memory](edc-controlplane/edc-runtime-memory)

## Getting Started

### Build
@@ -54,15 +59,24 @@ Build Tractus-X EDC together with its Container Images

## License

Distributed under the Apache 2.0 License. See [LICENSE](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE) for more information.
Distributed under the Apache 2.0 License.
See [LICENSE](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE) for more information.

<!-- MARKDOWN LINKS & IMAGES -->
<!-- https://www.markdownguide.org/basic-syntax/#reference-style-links -->

[contributors-shield]: https://img.shields.io/github/contributors/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge

[contributors-url]: https://github.com/eclipse-tractusx/tractusx-edc/graphs/contributors

[stars-shield]: https://img.shields.io/github/stars/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge

[stars-url]: https://github.com/eclipse-tractusx/tractusx-edc/stargazers

[license-shield]: https://img.shields.io/github/license/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge

[license-url]: https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE

[release-shield]: https://img.shields.io/github/v/release/eclipse-tractusx/tractusx-edc.svg?style=for-the-badge

[release-url]: https://github.com/eclipse-tractusx/tractusx-edc/releases
23 changes: 23 additions & 0 deletions charts/tractusx-connector-memory/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
45 changes: 45 additions & 0 deletions charts/tractusx-connector-memory/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
#
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
apiVersion: v2
name: tractusx-connector-memory
description: A Helm chart for Tractus-X Eclipse Data Space Connector based on memory
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.3.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.3.2"
home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory
sources:
- https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory
241 changes: 241 additions & 0 deletions charts/tractusx-connector-memory/README.md
View file

Large diffs are not rendered by default.

26 changes: 26 additions & 0 deletions charts/tractusx-connector-memory/README.md.gotmpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{{ template "chart.header" . }}

{{ template "chart.deprecationWarning" . }}

{{ template "chart.badgesSection" . }}

{{ template "chart.description" . }}

{{ template "chart.homepageLine" . }}

## TL;DR

```shell
helm repo add tractusx-edc https://eclipse-tractusx.github.io/charts/dev
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the URL correct? Specifically the /dev at the end? Shouldn't we always point the the stable one? (if we have of course our first charts there)

Copy link
Contributor Author

@paullatzelsperger paullatzelsperger Apr 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TBH i did not adapt this, just took what was there in the "old" tractusx-connector chart.
there is a /stable chart as well., but i would not publish our charts there yet (or anytime in the near future :))

helm install my-release tractusx-edc/tractusx-connector --version {{ .Version }}
```

{{ template "chart.maintainersSection" . }}

{{ template "chart.sourcesSection" . }}

{{ template "chart.requirementsSection" . }}

{{ template "chart.valuesSection" . }}

{{ template "helm-docs.versionFooter" . }}
65 changes: 65 additions & 0 deletions charts/tractusx-connector-memory/example.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
#
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

## This file can be used to verify that the chart is working properly. It provides an exemplary configuration
## that is intended to be used with the supporting infrastructure.
## 1. install DAPS:
## helm install infrastructure edc-tests/deployment/src/main/resources/helm/test-infrastructure \ ─╯
## --wait-for-jobs
##
## 2. install in-mem runtime. Note that the key and crt must match exactly the DAPS setup, c.f. edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml
## export DAPSKEY="<private-key-content>"
## export DAPSCRT="<certificate-content>"
## export YOUR_VAULT_SECRETS="daps-key:$DAPSKEY;daps-crt:$DAPSCRT"
## helm install trudy charts/tractusx-connector-memory -f charts/tractusx-connector-memory/example.yaml --set vault.secrets=$YOUR_VAULT_SECRETS

fullnameOverride: tx-inmem
runtime:
service:
type: NodePort
endpoints:
data:
authKey: password
image:
pullPolicy: Never
tag: "latest"
repository: "edc-runtime-memory"
securityContext:
# avoids some errors in the log: cannot write temp files of large multipart requests when R/O
readOnlyRootFilesystem: false

vault:
secretNames:
transferProxyTokenSignerPublicKey: daps-crt
transferProxyTokenSignerPrivateKey: daps-key
transferProxyTokenEncryptionAesKey: aes-keysc
dapsPrivateKey: daps-key
dapsPublicKey: daps-crt

# this must be set through CLI args: --set vault.secrets=$YOUR_VAULT_SECRETS where YOUR_VAULT_SECRETS should
# be a string in the format "key1:secret1;key2:secret2;..."
secrets:

daps:
url: "http://ids-daps:4567"
clientId: "E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65:keyid:E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65"

backendService:
httpProxyTokenReceiverUrl: "http://backend:8080"
22 changes: 22 additions & 0 deletions charts/tractusx-connector-memory/templates/NOTES.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
1. Get the runtime URL by running these commands:
{{ with index .Values.runtime.ingresses 0}}
{{- if .enabled }}
{{- range .paths }}
http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }}
{{- end }}
{{- else if contains "NodePort" $.Values.runtime.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }})
export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" $.Values.runtime.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ $.Values.runtime.service.port }}
{{- else if contains "ClusterIP" $.Values.runtime.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }},app.kubernetes.io/instance={{ $.Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
{{- end }}
157 changes: 157 additions & 0 deletions charts/tractusx-connector-memory/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,157 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "txdc.name" -}}
{{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "txdc.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "txdc.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Control Common labels
*/}}
{{- define "txdc.labels" -}}
helm.sh/chart: {{ include "txdc.chart" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Control Common labels
*/}}
{{- define "txdc.runtime.labels" -}}
helm.sh/chart: {{ include "txdc.chart" . }}
{{ include "txdc.runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: edc-runtime
app.kubernetes.io/part-of: edc
{{- end }}

{{/*
Control Selector labels
*/}}
{{- define "txdc.runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "txdc.name" . }}-runtime
app.kubernetes.io/instance: {{ .Release.Name }}-runtime
{{- end }}

{{/*
Data Selector labels
*/}}
{{- define "txdc.dataplane.selectorLabels" -}}
app.kubernetes.io/name: {{ include "txdc.name" . }}-dataplane
app.kubernetes.io/instance: {{ .Release.Name }}-dataplane
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "txdc.runtime.serviceaccount.name" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

{{/*
Control IDS URL
*/}}
{{- define "txdc.runtime.url.ids" -}}
{{- if .Values.runtime.url.ids }}{{/* if ids api url has been specified explicitly */}}
{{- .Values.runtime.url.ids }}
{{- else }}{{/* else when ids api url has not been specified explicitly */}}
{{- with (index .Values.runtime.ingresses 0) }}
{{- if .enabled }}{{/* if ingress enabled */}}
{{- if .tls.enabled }}{{/* if TLS enabled */}}
{{- printf "https://%s" .hostname -}}
{{- else }}{{/* else when TLS not enabled */}}
{{- printf "http://%s" .hostname -}}
{{- end }}{{/* end if tls */}}
{{- else }}{{/* else when ingress not enabled */}}
{{- printf "http://%s-runtime:%v" ( include "txdc.fullname" $ ) $.Values.runtime.endpoints.ids.port -}}
{{- end }}{{/* end if ingress */}}
{{- end }}{{/* end with ingress */}}
{{- end }}{{/* end if .Values.runtime.url.ids */}}
{{- end }}

{{/*
Observability URL
*/}}
{{- define "tdxc.runtime.url.readiness" -}}
{{- printf "http://%s-runtime:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.runtime.endpoints.observability.port $.Values.runtime.endpoints.observability.path -}}
{{- end }}

{{/*
Validation URL
*/}}
{{- define "txdc.runtime.url.validation" -}}
{{- printf "http://%s-runtime:%v%s/token" ( include "txdc.fullname" $ ) $.Values.runtime.endpoints.validation.port $.Values.runtime.endpoints.validation.path -}}
{{- end }}

{{/*
Data Control URL
*/}}
{{- define "txdc.dataplane.url.control" -}}
{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) .Values.runtime.endpoints.control.port .Values.runtime.endpoints.control.path -}}
{{- end }}

{{/*
Data Public URL
*/}}
{{- define "txdc.dataplane.url.public" -}}
{{- if .Values.runtime.url.public }}{{/* if public api url has been specified explicitly */}}
{{- .Values.runtime.url.public }}
{{- else }}{{/* else when public api url has not been specified explicitly */}}
{{- with (index .Values.runtime.ingresses 0) }}
{{- if .enabled }}{{/* if ingress enabled */}}
{{- if .tls.enabled }}{{/* if TLS enabled */}}
{{- printf "https://%s%s" .hostname $.Values.runtime.endpoints.public.path -}}
{{- else }}{{/* else when TLS not enabled */}}
{{- printf "http://%s%s" .hostname $.Values.runtime.endpoints.public.path -}}
{{- end }}{{/* end if tls */}}
{{- else }}{{/* else when ingress not enabled */}}
{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" $ ) $.Values.runtime.endpoints.public.port $.Values.runtime.endpoints.public.path -}}
{{- end }}{{/* end if ingress */}}
{{- end }}{{/* end with ingress */}}
{{- end }}{{/* end if .Values.dataplane.url.public */}}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "txdc.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
33 changes: 33 additions & 0 deletions charts/tractusx-connector-memory/templates/configmap-runtime.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
#
# Copyright (c) 2023 ZF Friedrichshafen AG
# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "txdc.fullname" . }}-runtime
namespace: {{ .Release.Namespace | default "default" | quote }}
labels:
{{- include "txdc.runtime.labels" . | nindent 4 }}
data:
logging.properties: |-
{{- .Values.runtime.logging | nindent 4 }}
302 changes: 302 additions & 0 deletions charts/tractusx-connector-memory/templates/deployment-runtime.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,302 @@
#
# Copyright (c) 2023 ZF Friedrichshafen AG
# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "txdc.fullname" . }}
labels:
{{- include "txdc.runtime.labels" . | nindent 4 }}
spec:
{{- if not .Values.runtime.autoscaling.enabled }}
replicas: {{ .Values.runtime.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "txdc.runtime.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.runtime.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "txdc.runtime.selectorLabels" . | nindent 8 }}
{{- with .Values.runtime.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "txdc.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.runtime.podSecurityContext | nindent 8 }}
initContainers:
{{- toYaml .Values.runtime.initContainers | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.runtime.securityContext | nindent 12 }}
# either use the specified image, or use the default one
{{- if .Values.runtime.image.repository }}
image: "{{ .Values.runtime.image.repository }}:{{ .Values.runtime.image.tag | default .Chart.AppVersion }}"
{{- else }}
image: "ghcr.io/catenax-ng/tx-tractusx-edc/edc-runtime-memory:{{ .Values.runtime.image.tag | default .Chart.AppVersion }}"
{{- end }}

imagePullPolicy: {{ .Values.runtime.image.pullPolicy }}
ports:
{{- range $key,$value := .Values.runtime.endpoints }}
- name: {{ $key }}
containerPort: {{ $value.port }}
protocol: TCP
{{- end }}
{{- if .Values.runtime.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: {{ .Values.runtime.endpoints.observability.path }}/check/liveness
port: {{ .Values.runtime.endpoints.observability.port }}
initialDelaySeconds: {{ .Values.runtime.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.runtime.livenessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.runtime.livenessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.runtime.livenessProbe.failureThreshold }}
successThreshold: {{ .Values.runtime.livenessProbe.successThreshold }}
{{- end }}
{{- if .Values.runtime.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: {{ .Values.runtime.endpoints.observability.path }}/check/readiness
port: {{ .Values.runtime.endpoints.observability.port }}
initialDelaySeconds: {{ .Values.runtime.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.runtime.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.runtime.readinessProbe.timeoutSeconds }}
failureThreshold: {{ .Values.runtime.readinessProbe.failureThreshold }}
successThreshold: {{ .Values.runtime.readinessProbe.successThreshold }}
{{- end }}
resources:
{{- toYaml .Values.runtime.resources | nindent 12 }}
env:
{{- if .Values.runtime.debug.enabled }}
- name: "JAVA_TOOL_OPTIONS"
{{- if and .Values.runtime.debug.enabled .Values.runtime.debug.suspendOnStart }}
value: >-
{{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.runtime.debug.port }}
{{- else }}
value: >-
{{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.runtime.debug.port }}
{{- end }}
{{- end }}

########################
## DAPS CONFIGURATION ##
########################

# see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/iam/oauth2/oauth2-core
- name: EDC_OAUTH_CLIENT_ID
value: {{ .Values.daps.clientId | required ".Values.daps.clientId is required" | quote }}
- name: EDC_OAUTH_PROVIDER_JWKS_URL
value: {{ printf "%s%s" .Values.daps.url .Values.daps.paths.jwks }}
- name: EDC_OAUTH_TOKEN_URL
value: {{ printf "%s%s" .Values.daps.url .Values.daps.paths.token }}
- name: EDC_OAUTH_PRIVATE_KEY_ALIAS
value: {{ .Values.vault.secretNames.dapsPrivateKey | required ".Values.vault.secretNames.dapsPrivateKey is required" | quote }}
- name: EDC_OAUTH_PUBLIC_KEY_ALIAS
value: {{ .Values.vault.secretNames.dapsPublicKey | required ".Values.vault.secretNames.dapsPublicKey is required" | quote }}

#######
# API #
#######
- name: "EDC_API_AUTH_KEY"
value: {{ .Values.runtime.endpoints.data.authKey | required ".Values.runtime.endpoints.data.authKey is required" | quote }}
- name: "WEB_HTTP_DEFAULT_PORT"
value: {{ .Values.runtime.endpoints.default.port | quote }}
- name: "WEB_HTTP_DEFAULT_PATH"
value: {{ .Values.runtime.endpoints.default.path | quote }}
{{- if or (eq (substr 0 3 .Values.runtime.image.tag) "0.1") (eq (substr 0 3 .Values.runtime.image.tag) "0.2") }}
# WEB_HTTP_DATA_PORT is renamed to WEB_HTTP_MANAGEMENT_PORT from version 0.2.1 and newer
# we will keep both settings for downward capabilities
- name: "WEB_HTTP_DATA_PORT"
value: {{ .Values.runtime.endpoints.data.port | quote }}
# WEB_HTTP_DATA_PATH is renamed to WEB_HTTP_MANAGEMENT_PATH from version 0.2.1 and newer
# we will keep both settings for downward capabilities
- name: "WEB_HTTP_DATA_PATH"
value: {{ .Values.runtime.endpoints.data.path | quote }}
{{- else }}
- name: "WEB_HTTP_MANAGEMENT_PORT"
value: {{ .Values.runtime.endpoints.data.port | quote }}
- name: "WEB_HTTP_MANAGEMENT_PATH"
value: {{ .Values.runtime.endpoints.data.path | quote }}
{{- end }}
- name: "WEB_HTTP_VALIDATION_PORT"
value: {{ .Values.runtime.endpoints.validation.port | quote }}
- name: "WEB_HTTP_VALIDATION_PATH"
value: {{ .Values.runtime.endpoints.validation.path | quote }}
- name: "WEB_HTTP_CONTROL_PORT"
value: {{ .Values.runtime.endpoints.control.port | quote }}
- name: "WEB_HTTP_CONTROL_PATH"
value: {{ .Values.runtime.endpoints.control.path | quote }}
- name: "WEB_HTTP_IDS_PORT"
value: {{ .Values.runtime.endpoints.ids.port | quote }}
- name: "WEB_HTTP_IDS_PATH"
value: {{ .Values.runtime.endpoints.ids.path | quote }}
- name: "WEB_HTTP_OBSERVABILITY_PORT"
value: {{ .Values.runtime.endpoints.observability.port | quote}}
- name: "WEB_HTTP_OBSERVABILITY_PATH"
value: {{ .Values.runtime.endpoints.observability.path | quote}}
- name: "TRACTUSX_API_OBSERVABILITY_ALLOW-INSECURE"
value: {{ .Values.runtime.endpoints.observability.insecure | quote }}
- name: "WEB_HTTP_PUBLIC_PORT"
value: {{ .Values.runtime.endpoints.public.port | quote }}
- name: "WEB_HTTP_PUBLIC_PATH"
value: {{ .Values.runtime.endpoints.public.path | quote }}
- name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT"
value: {{ include "txdc.runtime.url.validation" .}}

#########
## IDS ##
#########
- name: "IDS_WEBHOOK_ADDRESS"
value: {{ include "txdc.runtime.url.ids" . | quote }}
- name: "EDC_IDS_ENDPOINT"
value: {{ printf "%s%s" (include "txdc.runtime.url.ids" .) .Values.runtime.endpoints.ids.path | quote }}
- name: "EDC_IDS_ID"
value: {{ printf "urn:connector:%s" (lower .Values.runtime.internationalDataSpaces.id) | quote }}
- name: "EDC_IDS_DESCRIPTION"
value: {{ .Values.runtime.internationalDataSpaces.description | quote }}
- name: "EDC_IDS_TITLE"
value: {{ .Values.runtime.internationalDataSpaces.title | quote }}
- name: "EDC_IDS_MAINTAINER"
value: {{ .Values.runtime.internationalDataSpaces.maintainer | quote }}
- name: "EDC_IDS_CURATOR"
value: {{ .Values.runtime.internationalDataSpaces.curator | quote }}
- name: "EDC_IDS_CATALOG_ID"
value: {{ printf "urn:catalog:%s" (lower .Values.runtime.internationalDataSpaces.catalogId) | quote }}
- name: "EDC_OAUTH_PROVIDER_AUDIENCE"
value: "idsc:IDS_CONNECTORS_ALL"
- name: "EDC_OAUTH_ENDPOINT_AUDIENCE"
value: {{ printf "%s%s%s" (include "txdc.runtime.url.ids" . ) .Values.runtime.endpoints.ids.path "/data" | quote }}
# this is the old setting name for 'EDC_OAUTH_ENDPOINT_AUDIENCE' and is mandatory for Produce EDC v0.1.2 and older
- name: "EDC_IDS_ENDPOINT_AUDIENCE"
value: {{ printf "%s%s%s" (include "txdc.runtime.url.ids" . ) .Values.runtime.endpoints.ids.path "/data" | quote }}

################
## DATA PLANE ##
################

# see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/develop/edc-extensions/dataplane-selector-configuration
- name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_URL"
value: {{ include "txdc.dataplane.url.control" . }}/transfer
- name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_SOURCETYPES"
value: "HttpData,AmazonS3"
- name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_DESTINATIONTYPES"
value: "HttpProxy,AmazonS3"
- name: "EDC_DATAPLANE_SELECTOR_DEFAULTPLANE_PROPERTIES"
value: |-
{{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" . ) }}
# see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer
- name: "EDC_TRANSFER_PROXY_ENDPOINT"
value: {{ include "txdc.dataplane.url.public" . }}
- name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }}
- name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }}

# see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/http-receiver
- name: "EDC_RECEIVER_HTTP_ENDPOINT"
value: {{ .Values.backendService.httpProxyTokenReceiverUrl | required ".Values.backendService.httpProxyTokenReceiverUrl is required" | quote }}

###########
## VAULT ##
###########

# see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/develop/edc-extensions/hashicorp-vault
- name: "SECRETS"
value: {{ .Values.vault.secrets | quote}}

#####################
## DATA ENCRYPTION ##
#####################

# see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/develop/edc-extensions/data-encryption
- name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS"
value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }}
- name: "EDC_DATA_ENCRYPTION_ALGORITHM"
value: "AES"

###########################
## AAS WRAPPER EXTENSION ##
###########################
- name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER"
value: "0"
- name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT"
value: "0"

######################################
## Additional environment variables ##
######################################
{{- range $key, $value := .Values.runtime.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{- tpl (toYaml $value) $ | nindent 16 }}
{{- end }}
{{- range $key, $value := .Values.runtime.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
{{- end }}
{{- if and (or .Values.runtime.envSecretNames .Values.runtime.envConfigMapNames) (or (gt (len .Values.runtime.envSecretNames) 0) (gt (len .Values.runtime.envConfigMapNames) 0)) }}
envFrom:
{{- range $value := .Values.runtime.envSecretNames }}
- secretRef:
name: {{ $value | quote }}
{{- end }}
{{- range $value := .Values.runtime.envConfigMapNames }}
- configMapRef:
name: {{ $value | quote }}
{{- end }}
{{- end }}
volumeMounts:
- name: "configuration"
mountPath: "/app/logging.properties"
subPath: "logging.properties"
volumes:
- name: "configuration"
configMap:
name: {{ include "txdc.fullname" . }}-runtime
items:
- key: "logging.properties"
path: "logging.properties"
{{- with .Values.runtime.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.runtime.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.runtime.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
29 changes: 29 additions & 0 deletions charts/tractusx-connector-memory/templates/hpa-runtime.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
{{- if .Values.runtime.autoscaling.enabled }}
---
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "txdc.fullname" . }}-runtime
labels:
{{- include "txdc.runtime.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "txdc.fullname" . }}-runtime
minReplicas: {{ .Values.runtime.autoscaling.minReplicas }}
maxReplicas: {{ .Values.runtime.autoscaling.maxReplicas }}
metrics:
{{- if .Values.runtime.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.runtime.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.runtime.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.runtime.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
77 changes: 77 additions & 0 deletions charts/tractusx-connector-memory/templates/ingress-runtime.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{{- $fullName := include "txdc.fullname" . }}
{{- $controlLabels := include "txdc.runtime.labels" . | nindent 4 }}
{{- $controlEdcEndpoints := .Values.runtime.endpoints }}
{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }}
{{- $namespace := .Release.Namespace }}

{{- range .Values.runtime.ingresses }}
{{- if and .enabled .endpoints }}
{{- $controlIngressName := printf "%s-runtime-%s" $fullName .hostname }}
---
{{- if semverCompare ">=1.19-0" $gitVersion }}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" $gitVersion }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $controlIngressName }}
namespace: {{ $namespace | default "default" | quote }}
labels:
{{- $controlLabels | nindent 2 }}
annotations:
{{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }}
{{- if not (hasKey .annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .annotations "kubernetes.io/ingress.class" .className}}
{{- end }}
{{- end }}
{{- if .certManager }}
{{- if .certManager.issuer }}
{{- $_ := set .annotations "cert-manager.io/issuer" .certManager.issuer}}
{{- end }}
{{- if .certManager.clusterIssuer }}
{{- $_ := set .annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}}
{{- end }}
{{- end }}
{{- with .annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .className (semverCompare ">=1.18-0" $gitVersion) }}
ingressClassName: {{ .className }}
{{- end }}
{{- if .hostname }}
{{- if .tls.enabled }}
tls:
- hosts:
- {{ .hostname }}
{{- if .tls.secretName }}
secretName: {{ .tls.secretName }}
{{- else }}
secretName: {{ $controlIngressName }}-tls
{{- end }}
{{- end }}
rules:
- host: {{ .hostname }}
http:
paths:
{{- $ingressEdcEndpoints := .endpoints }}
{{- range $name, $mapping := $controlEdcEndpoints }}
{{- if (has $name $ingressEdcEndpoints) }}
- path: {{ $mapping.path }}
pathType: Prefix
backend:
{{- if semverCompare ">=1.19-0" $gitVersion }}
service:
name: {{ $fullName }}-runtime
port:
number: {{ $mapping.port }}
{{- else }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}{{- /* end: if .enabled */}}
{{- end }}{{- /* end: range .Values.ingresses */}}
59 changes: 59 additions & 0 deletions charts/tractusx-connector-memory/templates/service-runtime.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
#
# Copyright (c) 2023 ZF Friedrichshafen AG
# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
apiVersion: v1
kind: Service
metadata:
name: {{ include "txdc.fullname" . }}-runtime
namespace: {{ .Release.Namespace | default "default" | quote }}
labels:
{{- include "txdc.runtime.labels" . | nindent 4 }}
spec:
type: {{ .Values.runtime.service.type }}
ports:
- port: {{ .Values.runtime.endpoints.default.port }}
targetPort: default
protocol: TCP
name: default
- port: {{ .Values.runtime.endpoints.control.port }}
targetPort: control
protocol: TCP
name: control
- port: {{ .Values.runtime.endpoints.data.port }}
targetPort: data
protocol: TCP
name: data
- port: {{ .Values.runtime.endpoints.validation.port }}
targetPort: validation
protocol: TCP
name: validation
- port: {{ .Values.runtime.endpoints.ids.port }}
targetPort: ids
protocol: TCP
name: ids
- port: {{ .Values.runtime.endpoints.observability.port}}
targetPort: observability
protocol: TCP
name: observability
selector:
{{- include "txdc.runtime.selectorLabels" . | nindent 4 }}
16 changes: 16 additions & 0 deletions charts/tractusx-connector-memory/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "txdc.serviceAccountName" . }}
labels:
{{- include "txdc.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.serviceAccount.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 2 }}
{{- end }}
{{- end }}
15 changes: 15 additions & 0 deletions charts/tractusx-connector-memory/templates/tests/test-readiness.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "txdc.fullname" . }}-test-readiness"
labels:
{{- include "txdc.runtime.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: curlimages/curl
command: ['curl']
args: ['{{ include "tdxc.runtime.url.readiness" . }}']
restartPolicy: Never
313 changes: 313 additions & 0 deletions charts/tractusx-connector-memory/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,313 @@
#
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

---
# Default values for eclipse-dataspace-connector.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

fullnameOverride: ""
nameOverride: ""

# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
imagePullSecrets: []

customLabels: {}

runtime:
image:
repository: ""
# -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion
tag: ""
initContainers: []
debug:
enabled: false
port: 1044
suspendOnStart: false
internationalDataSpaces:
id: TXDC
description: Tractus-X Eclipse IDS Data Space Connector
title: ""
maintainer: ""
curator: ""
catalogId: TXDC-Catalog
livenessProbe:
# -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
enabled: true
# -- seconds to wait before performing the first liveness check
initialDelaySeconds: 30
# -- this fields specifies that kubernetes should perform a liveness check every 10 seconds
periodSeconds: 10
# -- number of seconds after which the probe times out
timeoutSeconds: 5
# -- when a probe fails kubernetes will try 6 times before giving up
failureThreshold: 6
# -- number of consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
readinessProbe:
# -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/)
enabled: true
# -- seconds to wait before performing the first readiness check
initialDelaySeconds: 30
# -- this fields specifies that kubernetes should perform a readiness check every 10 seconds
periodSeconds: 10
# -- number of seconds after which the probe times out
timeoutSeconds: 5
# -- when a probe fails kubernetes will try 6 times before giving up
failureThreshold: 6
# -- number of consecutive successes for the probe to be considered successful after having failed
successThreshold: 1
# -- endpoints of the control plane
endpoints:
# -- default api for health checks, should not be added to any ingress
default:
# -- port for incoming api calls
port: 8080
# -- path for incoming api calls
path: /api
# -- data management api, used by internal users, can be added to an ingress and must not be internet facing
data:
# -- port for incoming api calls
port: 8081
# -- path for incoming api calls
path: /data
# -- authentication key, must be attached to each 'X-Api-Key' request header
authKey: ""
# -- validation api, only used by the data plane and should not be added to any ingress
validation:
# -- port for incoming api calls
port: 8082
# -- path for incoming api calls
path: /validation
# -- control api, used for internal control calls. can be added to the internal ingress, but should probably not
control:
# -- port for incoming api calls
port: 8083
# -- path for incoming api calls
path: /control
# -- ids api, used for inter connector communication and must be internet facing
ids:
# -- port for incoming api calls
port: 8084
# -- path for incoming api calls
path: /api/v1/ids
# -- observability api with unsecured access, must not be internet facing
observability:
# -- port for incoming API calls
port: 8085
# -- observability api, provides /health /readiness and /liveness endpoints
path: /observability
# -- allow or disallow insecure access, i.e. access without authentication
insecure: true
public:
port: 8086
path: /api/public
service:
# -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
type: ClusterIP
annotations: {}
# -- additional labels for the pod
podLabels: {}
# -- additional annotations for the pod
podAnnotations: {}
# -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
podSecurityContext:
seccompProfile:
# -- Restrict a Container's Syscalls with seccomp
type: RuntimeDefault
# -- Runs all processes within a pod with a special uid
runAsUser: 10001
# -- Processes within a pod will belong to this guid
runAsGroup: 10001
# -- The owner for volumes and any files created within volumes will belong to this guid
fsGroup: 10001
# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
securityContext:
capabilities:
# -- Specifies which capabilities to drop to reduce syscall attack surface
drop:
- ALL
# -- Specifies which capabilities to add to issue specialized syscalls
add: []
# -- Whether the root filesystem is mounted in read-only mode
readOnlyRootFilesystem: true
# -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID
allowPrivilegeEscalation: false
# -- Requires the container to run without root privileges
runAsNonRoot: true
# -- The container's process will run with the specified uid
runAsUser: 10001
# Extra environment variables that will be pass onto deployment pods
env: {}
# ENV_NAME: value

# "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
# ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
envValueFrom: {}
# ENV_NAME:
# configMapKeyRef:
# name: configmap-name
# key: value_key
# secretKeyRef:
# name: secret-name
# key: value_key

# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from
envSecretNames: []
# - first-secret
# - second-secret

# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from
envConfigMapNames: []
# - first-config-map
# - second-config-map

## Ingress declaration to expose the network service.
ingresses:
## Public / Internet facing Ingress
- enabled: false
# -- The hostname to be used to precisely map incoming traffic onto the underlying network service
hostname: "edc-control.local"
# -- Additional ingress annotations to add
annotations: {}
# -- EDC endpoints exposed by this ingress resource
endpoints:
- ids
# -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use
className: ""
# -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
tls:
# -- Enables TLS on the ingress resource
enabled: false
# -- If present overwrites the default secret name
secretName: ""
## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
certManager:
# -- If preset enables certificate generation via cert-manager namespace scoped issuer
issuer: ""
# -- If preset enables certificate generation via cert-manager cluster-wide issuer
clusterIssuer: ""
## Private / Intranet facing Ingress
- enabled: false
# -- The hostname to be used to precisely map incoming traffic onto the underlying network service
hostname: "edc-control.intranet"
# -- Additional ingress annotations to add
annotations: {}
# -- EDC endpoints exposed by this ingress resource
endpoints:
- data
- control
# -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use
className: ""
# -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
tls:
# -- Enables TLS on the ingress resource
enabled: false
# -- If present overwrites the default secret name
secretName: ""
## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource
certManager:
# -- If preset enables certificate generation via cert-manager namespace scoped issuer
issuer: ""
# -- If preset enables certificate generation via cert-manager cluster-wide issuer
clusterIssuer: ""
# -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container
volumeMounts: []
# -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
volumes: []
# -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
replicaCount: 1
autoscaling:
# -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
enabled: false
# -- Minimal replicas if resource consumption falls below resource threshholds
minReplicas: 1
# -- Maximum replicas if resource consumption exceeds resource threshholds
maxReplicas: 100
# -- targetAverageUtilization of cpu provided to a pod
targetCPUUtilizationPercentage: 80
# -- targetAverageUtilization of memory provided to a pod
targetMemoryUtilizationPercentage: 80
# -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html)
logging: |-
.level=INFO
org.eclipse.edc.level=ALL
handlers=java.util.logging.ConsoleHandler
java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter
java.util.logging.ConsoleHandler.level=ALL
java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n
# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes
nodeSelector: {}
# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes
tolerations: []
# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on
affinity: {}

url:
# -- Explicitly declared url for reaching the ids api (e.g. if ingresses not used)
ids: ""
public: ""
readiness: ""

vault:
# secrets can be seeded by supplying them in a comma separated list key1:secret2,key2:secret2
secrets: ""
secretNames:
transferProxyTokenSignerPrivateKey: transfer-proxy-token-signer-private-key
transferProxyTokenSignerPublicKey: transfer-proxy-token-signer-public-key
transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key
dapsPrivateKey: daps-private-key
dapsPublicKey: daps-public-key

daps:
url: ""
clientId: ""
paths:
jwks: /jwks.json
token: /token

backendService:
httpProxyTokenReceiverUrl: ""

serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
imagePullSecrets: []
2 changes: 1 addition & 1 deletion charts/tractusx-connector/templates/deployment-controlplane.yaml
View file
Original file line number Diff line number Diff line change
@@ -68,7 +68,7 @@ spec:
{{- else if .Values.vault.hashicorp.enabled }}
image: "tractusx/edc-controlplane-memory-hashicorp-vault:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}"
{{- else if .Values.vault.azure.enabled }}
image: "tractusx/edc-controlplane-memory:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}"
image: "tractusx/edc-runtime-memory:{{ .Values.controlplane.image.tag | default .Chart.AppVersion }}"
{{- else }}
{{- fail "cannot choose control-plane image automatically based on configuration" }}
{{- end }}
12 changes: 7 additions & 5 deletions docs/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
# Tractus-X EDC

The Tractus-X EDC repository creates runnable applications out of EDC extensions from the [Eclipse DataSpace Connector](https://github.com/eclipse-edc/Connector) repository.
The Tractus-X EDC repository creates runnable applications out of EDC extensions from
the [Eclipse DataSpace Connector](https://github.com/eclipse-edc/Connector) repository.

When running a EDC connector from the Tractus-X EDC repository there are three setups to choose from. They only vary by using different extensions for
When running a EDC connector from the Tractus-X EDC repository there are three setups to choose from. They only vary by
using different extensions for

- Resolving of Connector-Identities
- Persistence of the Control-Plane-State
@@ -12,11 +14,11 @@ When running a EDC connector from the Tractus-X EDC repository there are three s

The three supported setups are.

- Setup 1: In Memory & Azure Vault
- [Control Plane](../edc-controlplane/edc-controlplane-memory/README.md)
- Setup 1: Pure in Memory **Not intended for production use!**
- [Control Plane](../edc-controlplane/edc-runtime-memory/README.md)
- [IDS DAPS Extensions](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/iam/oauth2/daps)
- In Memory Persistence done by using no extension
- [Azure Key Vault Extension](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/vault/azure-vault)
- In Memory Keyvault with seedable secrets.
- [Data Plane](../edc-dataplane/edc-dataplane-azure-vault/README.md)
- [Azure Key Vault Extension](https://github.com/eclipse-edc/Connector/tree/main/extensions/common/vault/azure-vault)
- Setup 2: PostgreSQL & Azure Vault
2 changes: 1 addition & 1 deletion docs/migration/Version_0.3.1_0.3.2.md
View file
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

## Configuration of Azure KeyVault

When using Helm Charts that use the Azure KeyVault (`edc-controlplane-memory`, `edc-controlplane-postgres`)
When using Helm Charts that use the Azure KeyVault (`edc-runtime-memory`, `edc-controlplane-postgres`)
it is now possible to select _either_ authentication via Client Secret (`azure.vault.secret`) or via
certificate (`azure.vault.certificate`).

3 changes: 1 addition & 2 deletions edc-controlplane/build.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@

plugins {
`java-library`
}

dependencies {
implementation(project(":edc-controlplane:edc-controlplane-base"))
implementation(project(":edc-controlplane:edc-controlplane-memory"))
implementation(project(":edc-controlplane:edc-runtime-memory"))
implementation(project(":edc-controlplane:edc-controlplane-memory-hashicorp-vault"))
implementation(project(":edc-controlplane:edc-controlplane-postgresql"))
implementation(project(":edc-controlplane:edc-controlplane-postgresql-hashicorp-vault"))
109 changes: 51 additions & 58 deletions ...olplane/edc-controlplane-memory/README.md → ...controlplane/edc-runtime-memory/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,54 +1,64 @@
# EDC Control-Plane backed by In-Memory Stores

## Security

### In-memory Vault implementation

The goal of this extension is to provide an ephemeral, memory-based vault implementation that can be used in testing or
demo scenarios.

Please not that this vault does not encrypt the secrets, they are held in memory in plain text at runtime! In addition,
its ephemeral nature makes it unsuitable for replicated/multi-instance scenarios, i.e. Kubernetes.

> It is not a secure secret store, please do NOT use it in production workloads!
## Building

```shell
./gradlew :edc-controlplane:edc-controlplane-memory:dockerize
./gradlew :edc-controlplane:edc-runtime-memory:dockerize
```

## Configuration (configuration.properties)

Listed below are configuration keys needed to get the `edc-controlplane-memory` up and running.
Details regarding each configuration property can be found at the [documentary section of the EDC](https://github.com/eclipse-edc/Connector/tree/main/docs).

| Key | Required | Example | Description |
|--------------------------------------------------|----------|--------------------------------------|----------------------------|
| edc.api.auth.key | | password | default value: random UUID |
| web.http.default.port | X | 8080 | |
| web.http.default.path | X | /api | |
| web.http.data.port | X | 8181 | |
| web.http.data.path | X | /data | |
| web.http.validation.port | X | 8182 | |
| web.http.validation.path | X | /validation | |
| web.http.control.port | X | 9999 | |
| web.http.control.path | X | /api/controlplane/control | |
| web.http.ids.port | X | 8282 | |
| web.http.ids.path | X | /api/v1/ids | |
| edc.receiver.http.endpoint | X | <http://backend-service> | |
| edc.ids.title | | Eclipse Dataspace Connector | |
| edc.ids.description | | Eclipse Dataspace Connector | |
| edc.ids.id | | urn:connector:edc | |
| edc.ids.security.profile | | base | |
| edc.ids.endpoint | | <http://localhost:8282/api/v1/ids> | |
| edc.ids.maintainer | | <http://localhost> | |
| edc.ids.curator | | <http://localhost> | |
| edc.ids.catalog.id | | urn:catalog:default | |
| ids.webhook.address | | <http://localhost:8282/api/v1/ids> | |
| edc.hostname | | localhost | |
| edc.oauth.token.url | X | <https://daps.catena-x.net> | |
| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | |
| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | |
| edc.oauth.client.id | X | daps-oauth-client-id | |
| edc.vault.clientid | X | 00000000-1111-2222-3333-444444444444 | |
| edc.vault.tenantid | X | 55555555-6666-7777-8888-999999999999 | |
| edc.vault.name | X | my-vault-name | |
| edc.vault.clientsecret | X | 34-chars-secret | |
| edc.transfer.proxy.endpoint | X | | |
| edc.transfer.proxy.token.signer.privatekey.alias | X | | |
Listed below are configuration keys needed to get the `edc-runtime-memory` up and running.
Details regarding each configuration property can be found at
the [documentary section of the EDC](https://github.com/eclipse-edc/Connector/tree/main/docs).

| Key | Required | Example | Description |
|--------------------------------------------------|----------|-------------------------------------|----------------------------|
| edc.api.auth.key | | password | default value: random UUID |
| web.http.default.port | X | 8080 | |
| web.http.default.path | X | /api | |
| web.http.data.port | X | 8181 | |
| web.http.data.path | X | /data | |
| web.http.validation.port | X | 8182 | |
| web.http.validation.path | X | /validation | |
| web.http.control.port | X | 9999 | |
| web.http.control.path | X | /api/controlplane/control | |
| web.http.ids.port | X | 8282 | |
| web.http.ids.path | X | /api/v1/ids | |
| edc.receiver.http.endpoint | X | <http://backend-service> | |
| edc.ids.title | | Eclipse Dataspace Connector | |
| edc.ids.description | | Eclipse Dataspace Connector | |
| edc.ids.id | | urn:connector:edc | |
| edc.ids.security.profile | | base | |
| edc.ids.endpoint | | <http://localhost:8282/api/v1/ids> | |
| edc.ids.maintainer | | <http://localhost> | |
| edc.ids.curator | | <http://localhost> | |
| edc.ids.catalog.id | | urn:catalog:default | |
| ids.webhook.address | | <http://localhost:8282/api/v1/ids> | |
| edc.hostname | | localhost | |
| edc.oauth.token.url | X | <https://daps.catena-x.net> | |
| edc.oauth.public.key.alias | X | key-to-daps-certificate-in-keyvault | |
| edc.oauth.private.key.alias | X | key-to-private-key-in-keyvault | |
| edc.oauth.client.id | X | daps-oauth-client-id | |
| edc.transfer.proxy.endpoint | X | | |
| edc.transfer.proxy.token.signer.privatekey.alias | X | | |

### Example configuration.properties

JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties` within the container.
JDK properties-style configuration of the EDC Control-Plane is expected to be mounted to `/app/configuration.properties`
within the container.

```shell
# Create configuration.properties
@@ -88,12 +98,6 @@ edc.oauth.public.key.alias=key-to-daps-certificate-in-keyvault
edc.oauth.private.key.alias=key-to-private-key-in-keyvault
edc.oauth.client.id=daps-oauth-client-id
# Azure vault related configuration
edc.vault.clientid=00000000-1111-2222-3333-444444444444
edc.vault.tenantid=55555555-6666-7777-8888-999999999999
edc.vault.name=my-vault-name
edc.vault.clientsecret=34-chars-secret
# Control- / Data- Plane configuration
edc.transfer.proxy.endpoint=http://dataplane-public-endpoint/public
edc.transfer.proxy.token.signer.privatekey.alias=azure-vault-token-signer-private-key
@@ -115,24 +119,13 @@ java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [
EOF
```

### Example opentelemetry.properties

```shell
# Create opentelemetry.properties
export OPENTELEMETRY_PROPERTIES_FILE=$(mktemp /tmp/opentelemetry.properties.XXXXXX)
cat << 'EOF' > ${OPENTELEMETRY_PROPERTIES_FILE}
otel.javaagent.enabled=true
otel.javaagent.debug=false
EOF
```

## Running

```shell
docker run \
-e SECRETS="key1:secret1,key2:secret2" \
-p 8080:8080 -p 8181:8181 -p 8182:8182 -p 8282:8282 -p 9090:9090 -p 9999:9999 \
-v ${CONFIGURATION_PROPERTIES_FILE:-/dev/null}:/app/configuration.properties \
-v ${LOGGING_PROPERTIES_FILE:-/dev/null}:/app/logging.properties \
-v ${OPENTELEMETRY_PROPERTIES_FILE:-/dev/null}:/app/opentelemetry.properties \
-i edc-controlplane-memory:latest
-i edc-runtime-memory:latest
```
11 changes: 5 additions & 6 deletions .../edc-controlplane-memory/build.gradle.kts → ...plane/edc-runtime-memory/build.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,16 @@
import com.bmuschko.gradle.docker.tasks.image.DockerBuildImage

plugins {
`java-library`
id("application")
id("com.github.johnrengelman.shadow") version "8.0.0"
}

dependencies {
runtimeOnly(project(":edc-controlplane:edc-controlplane-base"))
implementation(edc.spi.core)
runtimeOnly(project(":edc-controlplane:edc-controlplane-base")) {
exclude(module = "data-encryption")
}
runtimeOnly(project(":edc-dataplane:edc-dataplane-base"))
runtimeOnly(edc.core.controlplane)
runtimeOnly(edc.azure.vault)
runtimeOnly(edc.azure.identity)

}

tasks.withType<com.github.jengelman.gradle.plugins.shadow.tasks.ShadowJar> {
4 changes: 2 additions & 2 deletions ...olplane/edc-controlplane-memory/notice.md → ...controlplane/edc-runtime-memory/notice.md
View file
Original file line number Diff line number Diff line change
@@ -2,15 +2,15 @@

An EDC Control Plane using memory-based storage, and Azure KeyVault as secret store.

DockerHub: https://hub.docker.com/r/tractusx/edc-controlplane-memory
DockerHub: https://hub.docker.com/r/tractusx/edc-runtime-memory

Eclipse Tractus-X product(s) installed within the image:

## TractusX-EDC Control Plane

- GitHub: https://github.com/eclipse-tractusx/tractusx-edc
- Project home: https://projects.eclipse.org/projects/automotive.tractusx
- Dockerfile: https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-controlplane/edc-controlplane-memory/src/main/docker/Dockerfile
- Dockerfile: https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-controlplane/edc-runtime-memory/src/main/docker/Dockerfile
- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/LICENSE)

## Used base image
22 changes: 4 additions & 18 deletions ...olplane-memory/src/main/docker/Dockerfile → ...runtime-memory/src/main/docker/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
#
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2023 ZF Friedrichshafen AG
# Copyright (c) 2022,2023 Mercedes-Benz Tech Innovation GmbH
# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
@@ -18,13 +19,6 @@
#
# SPDX-License-Identifier: Apache-2.0
#
FROM alpine:3.17.3 as otel

ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar"

HEALTHCHECK NONE

RUN wget ${OTEL_AGENT_LOCATION} -O /tmp/opentelemetry-javaagent.jar

FROM eclipse-temurin:17.0.6_10-jre-alpine
ARG JAR
@@ -46,18 +40,10 @@ RUN adduser \
USER "$APP_USER"
WORKDIR /app

COPY --from=otel /tmp/opentelemetry-javaagent.jar .
COPY ${JAR} edc-controlplane.jar

HEALTHCHECK NONE

CMD ["java", \
"-javaagent:/app/opentelemetry-javaagent.jar", \
"-Dedc.fs.config=/app/configuration.properties", \
"-Djava.util.logging.config.file=/app/logging.properties", \
"-Dotel.javaagent.configuration-file=/app/opentelemetry.properties", \
"-Dotel.metrics.exporter=prometheus", \
"-Dotel.exporter.prometheus.port=9090", \
"-Djava.security.egd=file:/dev/urandom", \
"-jar", \
"edc-controlplane.jar"]
# need the sh -c syntax so that the SECRETS variable gets expanded
# use the "exec" syntax so that SIGINT reaches the JVM -> graceful termination
CMD ["sh", "-c", "exec java -Dedc.fs.config=/app/configuration.properties -Dedc.vault.secrets=\"${SECRETS}\" -Djava.util.logging.config.file=/app/logging.properties -Djava.security.egd=file:/dev/urandom -jar edc-controlplane.jar"]
53 changes: 53 additions & 0 deletions ...edc-runtime-memory/src/main/java/org/eclipse/tractusx/edc/vault/memory/InMemoryVault.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

package org.eclipse.tractusx.edc.vault.memory;

import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.result.Result;
import org.eclipse.edc.spi.security.Vault;
import org.jetbrains.annotations.Nullable;

import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;

public class InMemoryVault implements Vault {
private final Map<String, String> secrets = new ConcurrentHashMap<>();
private final Monitor monitor;

public InMemoryVault(Monitor monitor) {
this.monitor = monitor;
}

@Override
public @Nullable String resolveSecret(String s) {
monitor.debug("resolving secret " + s);
return secrets.getOrDefault(s, null);
}

@Override
public Result<Void> storeSecret(String s, String s1) {
monitor.debug("storing secret " + s);
secrets.put(s, s1);
return Result.success();
}

@Override
public Result<Void> deleteSecret(String s) {
monitor.debug("deleting secret " + s);
return secrets.remove(s) == null ?
Result.failure("Secret with key " + s + " does not exist") :
Result.success();
}
}
54 changes: 54 additions & 0 deletions ...time-memory/src/main/java/org/eclipse/tractusx/edc/vault/memory/VaultMemoryExtension.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/
package org.eclipse.tractusx.edc.vault.memory;

import org.eclipse.edc.runtime.metamodel.annotation.Extension;
import org.eclipse.edc.runtime.metamodel.annotation.Provider;
import org.eclipse.edc.runtime.metamodel.annotation.Provides;
import org.eclipse.edc.runtime.metamodel.annotation.Setting;
import org.eclipse.edc.spi.security.*;
import org.eclipse.edc.spi.system.ServiceExtension;
import org.eclipse.edc.spi.system.ServiceExtensionContext;

import java.util.stream.Stream;

@Provides({PrivateKeyResolver.class, CertificateResolver.class})
@Extension(value = "In-memory vault extension", categories = {"vault", "security"})
public class VaultMemoryExtension implements ServiceExtension {

@Setting(value = "Secrets with which the vault gets initially populated. Specify as comma-separated list of key:secret pairs.")
public static final String VAULT_MEMORY_SECRETS_PROPERTY = "edc.vault.secrets";
public static final String NAME = "In-Memory Vault Extension";

@Override
public String name() {
return NAME;
}

@Provider
public Vault createInMemVault(ServiceExtensionContext context) {
var seedSecrets = context.getSetting(VAULT_MEMORY_SECRETS_PROPERTY, null);
var vault = new InMemoryVault(context.getMonitor());
context.registerService(PrivateKeyResolver.class, new VaultPrivateKeyResolver(vault));
context.registerService(CertificateResolver.class, new VaultCertificateResolver(vault));
if (seedSecrets != null) {
Stream.of(seedSecrets.split(";"))
.filter(pair -> pair.contains(":"))
.map(kvp -> kvp.split(":", 2))
.filter(kvp -> kvp.length >= 2)
.forEach(pair -> vault.storeSecret(pair[0], pair[1]));
}
return vault;
}
}
21 changes: 21 additions & 0 deletions ...e-memory/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#
# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
# Copyright (c) 2021,2022 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
#

org.eclipse.tractusx.edc.vault.memory.VaultMemoryExtension
56 changes: 56 additions & 0 deletions ...runtime-memory/src/test/java/org/eclipse/tractusx/edc/vault/memory/InMemoryVaultTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

package org.eclipse.tractusx.edc.vault.memory;

import org.eclipse.edc.spi.monitor.Monitor;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.mock;

class InMemoryVaultTest {

private InMemoryVault vault;

@BeforeEach
void setUp() {
vault = new InMemoryVault(mock(Monitor.class));
}

@Test
void resolveSecret() {
assertThat(vault.resolveSecret("key")).isNull();
vault.storeSecret("key", "secret");
assertThat(vault.resolveSecret("key")).isEqualTo("secret");
}

@Test
void storeSecret() {
assertThat(vault.storeSecret("key", "value1").succeeded()).isTrue();
assertThat(vault.resolveSecret("key")).isEqualTo("value1");
assertThat(vault.storeSecret("key", "value2").succeeded()).isTrue();
assertThat(vault.resolveSecret("key")).isEqualTo("value2");
}

@Test
void deleteSecret() {
assertThat(vault.deleteSecret("key").succeeded()).isFalse();
assertThat(vault.storeSecret("key", "value1").succeeded()).isTrue();
assertThat(vault.deleteSecret("key").succeeded()).isTrue();
assertThat(vault.resolveSecret("key")).isNull();

}
}
52 changes: 52 additions & 0 deletions ...-memory/src/test/java/org/eclipse/tractusx/edc/vault/memory/VaultMemoryExtensionTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
* Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
*
* This program and the accompanying materials are made available under the
* terms of the Apache License, Version 2.0 which is available at
* https://www.apache.org/licenses/LICENSE-2.0
*
* SPDX-License-Identifier: Apache-2.0
*
* Contributors:
* Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation
*
*/

package org.eclipse.tractusx.edc.vault.memory;

import org.eclipse.edc.spi.monitor.Monitor;
import org.eclipse.edc.spi.system.ServiceExtensionContext;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;

import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Mockito.*;

class VaultMemoryExtensionTest {
private VaultMemoryExtension extension;
private ServiceExtensionContext context;
private Monitor monitor;

@BeforeEach
void setup() {
extension = new VaultMemoryExtension();
context = mock(ServiceExtensionContext.class);
monitor = mock(Monitor.class);
when(context.getMonitor()).thenReturn(monitor);
}

@Test
void name() {
assertThat(extension.name()).isEqualTo("In-Memory Vault Extension");
}

@ParameterizedTest
@ValueSource(strings = {"key1:", "key1:value1", "key1:value1;", ";key1:value1", ";sdf;key1:value1"})
void createInMemVault_validString(String secret) {
when(context.getSetting(eq(VaultMemoryExtension.VAULT_MEMORY_SECRETS_PROPERTY), eq(null))).thenReturn(secret);
extension.createInMemVault(context);
verify(monitor, times(1)).debug(anyString());
}
}
13 changes: 0 additions & 13 deletions edc-tests/cucumber/src/main/resources/deployment/helm/supporting-infrastructure/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -8,19 +8,6 @@ install:
postgresql: true
vault: true
minio: true
backendservice: true

###################
# Backend Service #
###################
backend:
fullnameOverride: "backend"
service:
type: NodePort
frontend:
port: 8080
backend:
port: 8081


########
2 changes: 1 addition & 1 deletion edc-tests/cucumber/src/test/java/org/eclipse/tractusx/edc/tests/data/Negotiation.java
View file
Original file line number Diff line number Diff line change
@@ -22,7 +22,7 @@ public Negotiation(String id) {

public void waitUntilComplete(DataManagementAPI dataManagementAPI) {
await()
.pollDelay(Duration.ofMillis(2000))
.pollDelay(Duration.ofMillis(5000))
.atMost(Timeouts.CONTRACT_NEGOTIATION)
.until(() -> isComplete(dataManagementAPI));
}
23 changes: 23 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
25 changes: 25 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
apiVersion: v2
name: ids-daps
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.0.1

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.0.1"
21 changes: 21 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
# Omejdn DAPS

This chart deployes an [IDS Omejdn DAPS](https://github.com/Fraunhofer-AISEC/omejdn-server).

Two Eclipse Dataspace Connectors need to be registered at the same DAPS instance, to be able to talk to each other. Each connector is registered in the DAPS by an unique client ID and a correpsonding client certificate.

New connectors are configured in the omejdn _values.yaml_.

In each Eclipse Dataspace Connector configure the following properties to use the DAPS.

```properties
edc.oauth.client.id=<client ID from omejdn values.yaml>

edc.oauth.provider.jwks.url="http://<name>:4567/.well-known/jwks.json"
edc.oauth.token.url="http://<name>:4567/token"

edc.oauth.private.key.alias=<key vault alias of certificate private key>
edc.oauth.public.key.alias=<key vault alias of certificate configured in omejdn values.yaml>

edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL
```
62 changes: 62 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "omejdn.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "omejdn.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}

{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "omejdn.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}

{{/*
Common labels
*/}}
{{- define "omejdn.labels" -}}
helm.sh/chart: {{ include "omejdn.chart" . }}
{{ include "omejdn.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}

{{/*
Selector labels
*/}}
{{- define "omejdn.selectorLabels" -}}
app.kubernetes.io/name: {{ include "omejdn.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

{{/*
Create the name of the service account to use
*/}}
{{- define "omejdn.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "omejdn.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
73 changes: 73 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "omejdn.fullname" . }}
labels:
{{- include "omejdn.labels" . | nindent 4 }}
data:
scope_mapping.yml: |-
---
idsc:IDS_CONNECTOR_ATTRIBUTES_ALL:
- referringConnector
omejdn.yml: |-
---
host: http://ids-daps:4567/
path_prefix: ''
bind_to: 0.0.0.0
allow_origin: "*"
app_env: debug
openid: false
user_backend:
- yaml
user_backend_default: yaml
accept_audience: idsc:IDS_CONNECTORS_ALL
issuer: http://ids-daps:4567/
environment: development
default_audience:
- idsc:IDS_CONNECTORS_ALL
access_token:
expiration: 3600
algorithm: RS256
id_token:
expiration: 3600
algorithm: RS256
plugins.yml: |-
---
plugins:
token_user_attributes:
clients.yml: |-
---
- client_id: data-plane-oauth2
client_secret: supersecret
name: provision oauth2
grant_types:
- client_credentials
token_endpoint_auth_method: client_secret_post
scope: openid
{{- range $i, $val := .Values.connectors }}
- client_id: {{ quote $val.id }}
name: {{ quote $val.name }}
token_endpoint_auth_method: private_key_jwt
grant_types:
- client_credentials
scope:
- idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
attributes:
- key: idsc
value: IDS_CONNECTOR_ATTRIBUTES_ALL
- key: securityProfile
value: idsc:BASE_SECURITY_PROFILE
{{- range $key, $value := $val.attributes }}
- key: {{ $key }}
value: {{ $value }}
{{- end }}
redirect_uri: http://localhost:4200
{{ end -}}


{{- range $i, $val := .Values.connectors }}
{{ $val.name }}: {{ quote $val.certificate | toString }}
{{ end -}}
149 changes: 149 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "omejdn.fullname" . }}
labels:
{{- include "omejdn.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "omejdn.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "omejdn.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.imagePullSecret.dockerconfigjson }}
imagePullSecrets:
- name: {{ include "omejdn.fullname" . }}-imagepullsecret
{{- else }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ include "omejdn.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
initContainers:
- name: init-daps-pvc
image: alpine
command:
- "sh"
- "-c"
args:
- |
cp /opt/config/omejdn.yml /etc/daps/omejdn.yml
cp /opt/config/clients.yml /etc/daps/clients.yml
cp /opt/config/plugins.yml /etc/daps/plugins.yml
cp /opt/config/scope_mapping.yml /etc/daps/scope_mapping.yml
apk add --update openssl
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout /etc/keys/omejdn/omejdn.key \
-subj "/C=DE/ST=Berlin/L=Berlin/O=TractusX-EDC-Test, Inc./OU=DE"
volumeMounts:
- mountPath: /etc/daps
name: config-dir
- mountPath: /etc/keys/omejdn
name: omejdn-key-dir
- mountPath: /opt/config/omejdn.yml
name: omejdn-config
subPath: omejdn.yml
- mountPath: /opt/config/scope_mapping.yml
name: scope-mapping
subPath: scope_mapping.yml
- mountPath: /opt/config/clients.yml
name: clients-config
subPath: clients.yml
- mountPath: /opt/config/plugins.yml
name: plugins-config
subPath: plugins.yml
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- mountPath: /opt/config/
name: config-dir
- mountPath: /opt/keys/omejdn/omejdn.key
name: omejdn-key-dir
subPath: omejdn.key
- mountPath: /opt/keys/clients/
name: client-certificates
ports:
- name: http
containerPort: 4567
protocol: TCP
livenessProbe:
httpGet:
path: /jwks.json
port: http
readinessProbe:
httpGet:
path: /jwks.json
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: OMEJDN_JWT_AUD_OVERRIDE
value: "idsc:IDS_CONNECTORS_ALL"
- name: OMEJDN_PLUGINS
value: "config/plugins.yml"
volumes:
- name: config-dir
emptyDir: {}
- name: omejdn-key-dir
emptyDir: {}
- name: omejdn-config
configMap:
name: {{ include "omejdn.fullname" . }}
items:
- key: omejdn.yml
path: omejdn.yml
- name: scope-mapping
configMap:
name: {{ include "omejdn.fullname" . }}
items:
- key: scope_mapping.yml
path: scope_mapping.yml
- name: clients-config
configMap:
name: {{ include "omejdn.fullname" . }}
items:
- key: clients.yml
path: clients.yml
- name: plugins-config
configMap:
name: {{ include "omejdn.fullname" . }}
items:
- key: plugins.yml
path: plugins.yml
- name: client-certificates
configMap:
name: {{ include "omejdn.fullname" . }}
items:
{{- range $i, $val := .Values.connectors }}
- key: {{ $val.name }}
path: {{ $val.id }}.cert
{{- end }}
28 changes: 28 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/hpa.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "omejdn.fullname" . }}
labels:
{{- include "omejdn.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "omejdn.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
13 changes: 13 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/imagepullsecret.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{- if .Values.imagePullSecret.dockerconfigjson }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ include "edc-dataplane.fullname" . }}-imagepullsecret
namespace: {{ .Release.Namespace | default "default" | quote }}
labels:
{{- include "edc-dataplane.labels" . | nindent 4 }}
data:
.dockerconfigjson: {{ .Values.imagePullSecret.dockerconfigjson }}
type: kubernetes.io/dockerconfigjson
{{- end }}
15 changes: 15 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/service.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "omejdn.fullname" . }}
labels:
{{- include "omejdn.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "omejdn.selectorLabels" . | nindent 4 }}
12 changes: 12 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/templates/serviceaccount.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "omejdn.serviceAccountName" . }}
labels:
{{- include "omejdn.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
91 changes: 91 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/omejdn/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
---
# Default values for omejdn.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

# -- Specifies how many replicas of a deployed pod shall be created during the deployment
# Note: If horizontal pod autoscaling is enabled this setting has no effect
replicaCount: 1

image:
# -- Which omjedn container image to use
repository: ghcr.io/fraunhofer-aisec/omejdn-server
# -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use
pullPolicy: IfNotPresent
# -- Overrides the image tag whose default is the chart appVersion
tag: "1.7.1"

imagePullSecret:
# -- Image pull secret to create to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
# Note: This value needs to adhere to the [(base64 encoded) .dockerconfigjson format](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials).
# Furthermore, if 'imagePullSecret.dockerconfigjson' is defined, it takes precedence over 'imagePullSecrets'.
dockerconfigjson: ""

# -- Overrides the charts name
nameOverride: ""

# -- Overrides the releases full name
fullnameOverride: ""

serviceAccount:
# -- Specifies whether a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) should be created per release
create: true
# -- [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to add to the service account
annotations: {}
# -- The name of the service account to use. If not set and create is true, a name is generated using the release's fullname template
name: ""

# -- Whether to [automount kubernetes API credentials](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server) into the pod
automountServiceAccountToken: false

# -- [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) added to deployed [pods](https://kubernetes.io/docs/concepts/workloads/pods/)
podAnnotations: {}

# The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment
podSecurityContext: {}

# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod
securityContext: {}

service:
# -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
type: ClusterIP
# -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service) to expose the running application on a set of Pods as a network service.
port: 4567

# -- [Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) applied to the deployed pod
resources: {}

autoscaling:
# -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
enabled: false
# -- Minimal replicas if resource consumption falls below resource threshholds
minReplicas: 1
# -- Maximum replicas if resource consumption exceeds resource threshholds
maxReplicas: 100
# -- targetAverageUtilization of cpu provided to a pod
targetCPUUtilizationPercentage: 80
# -- targetAverageUtilization of memory provided to a pod
targetMemoryUtilizationPercentage: 80

# -- [Node-Selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain the Pod to nodes with specific labels.
nodeSelector: {}

# -- [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) are applied to Pods to schedule onto nodes with matching taints.
tolerations: []

# -- [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) constrains which nodes the Pod can be scheduled on based on node labels.
affinity: {}

# List of connector clients. Certificate and Client-ID must be configured in parallel.
# <br/>
# Example Connector:
# - id: grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21
# name: my-connector
# attributes:
# issuerConnector: http://localhost:8080/
# certificate: |-
# -----BEGIN CERTIFICATE-----
# foo
# -----END CERTIFICATE-----
connectors: []
4 changes: 4 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/test-infrastructure/.gitignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# ignore downloaded helm depdencies
charts/

Chart.lock
24 changes: 24 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/test-infrastructure/.helmignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
docs
54 changes: 54 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/test-infrastructure/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
---
apiVersion: v2
name: all-in-one
description: A Helm chart for Kubernetes

# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application

# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.16.0"

dependencies:
# IDS Dynamic Attribute Provisioning Service (IAM)
- name: ids-daps
version: 0.0.1
repository: "file://../omejdn"
alias: idsdaps
condition: install.daps

# HashiCorp Vault
- name: vault
alias: vault
version: 0.20.0
repository: https://helm.releases.hashicorp.com
condition: install.vault

# PostgreSQL
- name: postgresql
alias: postgresql
version: 12.1.6
repository: https://charts.bitnami.com/bitnami
condition: install.postgresql

# MinIo
- name: minio
alias: minio
repository: https://charts.min.io
version: 4.1.0
condition: install.minio
54 changes: 54 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/test-infrastructure/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# Supporting Infrastructure Deployment

The Supporting Infrastructure Deployment creates a complete, independent and already configured EDC test environment.
During the automated business tests, these infrastructure components are deployed together with two connectors (Plato & Sokrates).

This deployment could also be used as

- reference setup for teams, that want to create their own connector
- standalone infrastructure to try things out

This deployment should **never** be used

- in **any** production or near production environments
- in **any** long living internet facing connector setups

## Omejdn DAPS

The Dynamic Attribute Provisioning Service (DAPS) is a component of the IDS Ecosystem.
The Fraunhofer Institute has created a DAPS reference implementation, the Omejdn
DAPS ([link](https://github.com/Fraunhofer-AISEC/omejdn-server)). This deplyoment configures and deployes a instance of
this reference implementation.

Definition of DAPS from the IDS Reference architecture v3.0:

> The Identity Provider acts as an agent for the International
> Data Spaces Association. It is responsible for issuing technical identities to parties that have been approved to become
> Participants in the International Data Spaces. The Identity
> Provider is instructed to issue identities based on approved
> roles (e.g., App Store or App Provider). Only if equipped with
> such an identity, an entity is allowed to participate in the International Data Spaces
Also, please note, that the Omejdn DAPS is meant as research sandbox and should not be used in anq
productive environment.

> **IMPORTANT:** Omejdn is meant to be a research sandbox in which we can (re)implement standard protocols and
> potentially extend and modify functionality under the hood to support research projects. Use at your own
> risk! ([source](https://github.com/Fraunhofer-AISEC/omejdn-server))
## HashiCorp Vault

The Control- and Data Plane persist confidential in the vault and persist and communicate using only the secret
names. Hence, it is not possible to run a connector without an instance of a vault.

## PostgreSQL

This database is used to persist the state of the Control Plane.

## Setup

Simply execute the following comment in a shell:

```shell
helm install infra edc-tests/deployment/src/main/resources/helm/test-infrastructure --update-dependencies
```
185 changes: 185 additions & 0 deletions edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,185 @@
---

###########
# Install #
###########
install:
daps: true
postgresql: true
vault: true
minio: false


########
# DAPS #
########
idsdaps:
fullnameOverride: "ids-daps"
connectors:
- id: E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65:keyid:E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65
name: sokrates
attributes:
referringConnector: http://sokrates-controlplane/BPNSOKRATES
# Must be the same certificate that is stores in section 'sokrates-vault'
certificate: |-
-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIUXFgjbN7jxGRUDkoUvEwcN3zcew8wDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0
bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ
TjEyMzQwHhcNMjIwNTEwMDc1NzMzWhcNMjMwNTEwMDc1NzMzWjCBkDELMAkGA1UE
BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK
DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD
DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/41S8rumkk+IzBk9pBDETvjlPmlXfw
78yRrLmbzaed3kGgygJ2GFFPLcR/Lv0WG8F8au4UEssbOxAU4RRjncCVt66ajaCa
llIqMlH8zaJ8rgxNpGeJU5YvmYRxlIo+Gwi0qnF0tqJh8Hry7OqSo0gK2YBBFJyV
grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21
PInqLniMaFlSnRYzCrUaja6HMmzKA+ZPZ1r9lllzsE00RASxRIxlKkwfzTtMb9O6
ey2i2vM7hKGGlXjNsnYVX9WXEfvK4JrCadHzgX8qdez19RxFKtB+5gECAwEAAaNT
MFEwHQYDVR0OBBYEFOcHLXRWZjHwexDqtgMGTCN/7aZlMB8GA1UdIwQYMBaAFOcH
LXRWZjHwexDqtgMGTCN/7aZlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAD2a5kuIdICNXfYLpSe7AIONwZVucaArYtpXBxHEy5lMJsTEJgjZzypd
iIMU7onEQGVbii6yVNpWfIpJYM4e8ytVdJuk5evclVKZs/lZ2IshLyWFVj+ITh2E
28X4C/Hnmt4MPBCNowQf71nMp4LEziBgXp54qFV9C+qSTEVdrherRE0PU/zKyX10
S/P5o42weTHnAO/pBN/8AmL3AymynKVgcPaW46IjjRAuc6kfZWCrYQ0M4+/7Ws5r
uM55Zae/L+C82OTNNaaK324ogsCkORPeQ23OCrRD8rZJmQ9bpoOGglPminfwEOhB
UHtyKgmvqCyOV3G/4G93W/xsLV0kxLA=
-----END CERTIFICATE-----
##############
# PostgreSQL #
##############
postgresql:
fullnameOverride: "postgresql"
primary:
persistence:
enabled: false
readReplicas:
persistence:
enabled: false
auth:
database: "edc"
username: "user"
password: "password"

#########
# MINIO #
#########
minio:
fullnameOverride: minio
replicas: 2
drivesPerNode: 0
serviceAccount:
create: false
persistence:
size: 128Mi
resources:
requests:
memory: 128Mi
service:
type: NodePort
control:
port: 9000
users:
- accessKey: qwerty123
secretKey: qwerty123
policy: customBucketPolicy
buckets:
# in some cases the minio API acts strange if there exists no bucket at all
- name: dummybucket
policy: none
purge: true
policies:
- name: customBucketPolicy
statements:
- resources:
- 'arn:aws:s3:::*'
actions:
- "s3:PutObject"
- "s3:ListBucket"
- "s3:CreateBucket"
- "s3:GetObject"
- "s3:DeleteObject"
- "s3:DeleteBucket"

#########
# VAULT #
#########
vault:
fullnameOverride: "vault"
injector:
enabled: false
server:
dev:
enabled: true
devRootToken: "root"
# Must be the same certificate that is configured in section 'ids-daps'
postStart:
- "sh"
- "-c"
- |
{
sleep 5
/bin/vault kv put secret/sokrates/data-encryption-aes-keys content=OcvxzWCK8ETSjt1jmZw3RA==
cat << EOF | /bin/vault kv put secret/sokrates/daps/daps-key content=-
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCv+NUvK7ppJPiM
wZPaQQxE745T5pV38O/Mkay5m82nnd5BoMoCdhhRTy3Efy79FhvBfGruFBLLGzsQ
FOEUY53Albeumo2gmpZSKjJR/M2ifK4MTaRniVOWL5mEcZSKPhsItKpxdLaiYfB6
8uzqkqNICtmAQRSclYKzLBM9xHLEtxDWCbnzYFCHoOELGi+PTNIFsUnsT3QuKaJ/
ejb47vdA/EZbwCQdtTyJ6i54jGhZUp0WMwq1Go2uhzJsygPmT2da/ZZZc7BNNEQE
sUSMZSpMH807TG/TunstotrzO4ShhpV4zbJ2FV/VlxH7yuCawmnR84F/KnXs9fUc
RSrQfuYBAgMBAAECggEAO+KjsjTgcG3bhBNQnMLsSP15Y0Yicbn18ZlVvaivGS7Z
d14fwSytY+ZdPfTGaey/L16HCVSdfK9cr0Fbw9OO2P5ajzobnp9dLsMbctlkpbpm
hNtbarzKTF8QkIkSsuUl0BWjt46vpJ1N+Jl5VO7oUFkY4dPEDvG2lAEY3zlekWDm
cQeOC/YgpoW4xfRwPPS6QE0w3Q+H5NfNjfz+mSHeItTlVfTKDRliWQLPWeRZFuXh
FlRFUQnTmEE/9wpIe3Hn7WXJ3fQqcYDzxU7/zwwY9I7bB15SgVHlR0ENDPAD5X8F
MVZ3EcLlqGBy+WvTWALp6pc8YfhW3fiTWyuamXtNrQKBgQDonsIzBKEOOKdKGW0e
uyw79ErmnmzkY5nuMrMxrmTA4WKCfJ/YRRA+4sxiltWsIJ3UkHe3OBCSSCdj79hb
ugb/+UzE70hOdgrct2NUQqbrj3gvsVvU8ZRQgTRMqKpmC0zY7KOMx6NU85z3IvS1
z5fjszcUv4kLQlldYGSAuqPy+wKBgQDBqIkc8p/wcw7ygo1q/GerNeszfoxiIFp8
h4RWLVhkwrcXFz30wBlUWuv5/kxU8tmJcmXxe72EmUstd6wvNOAnYwCiile6zQiJ
vsr1axavZnGOtNGUp6DUAsd2iviBl7IZ7kAcqCrQo4ivGhfHmahH3hmg8wuAMjYB
8f+FSPgaMwKBgQC7W4tMrjDOFIFhJEOIWfcRvvxI7VcFSNelS76aiDzsQVwnfxr7
hPzFucQmsBgfUBHvMADMWGK4f1cCnh5kGtwidXgIsjVJxLeQ+EAPkLOCzQZfW3l8
dKshgD9QcxTzpaxal5ZPAEikVqaZQtVYToCmzCTUGETYBbOWitnH+Qut2wKBgQC6
Y6DcSLUhc0xOotLDxv1sbu/aVxF8nFEbDD+Vxf0Otc4MnmUWPRHj+8KlkVkcZcR0
IrP1kThd+EDAGS+TG9wmbIY+6tH3S8HM+eJUBWcHGJ1xUZ1p61DC3Y3nDWiTKlLT
3Fi+fCkBOHSku4Npq/2odh7Kp0JJd4o9oxJg0VNhuwKBgQDSFn7dqFE0Xmwc40Vr
0wJH8cPWXKGt7KJENpj894buk2DniLD4w2x874dzTjrOFi6fKxEzbBNA9Rq9UPo8
u9gKvl/IyWmV0c4zFCNMjRwVdnkMEte/lXcJZ67T4FXZByqAZlhrr/v0FD442Z9B
AjWFbUiBCFOo+gpAFcQGrkOQHA==
-----END PRIVATE KEY-----
EOF
cat << EOF | /bin/vault kv put secret/sokrates/daps/daps-crt content=-
-----BEGIN CERTIFICATE-----
MIIEAzCCAuugAwIBAgIUXFgjbN7jxGRUDkoUvEwcN3zcew8wDQYJKoZIhvcNAQEL
BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0
bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ
TjEyMzQwHhcNMjIwNTEwMDc1NzMzWhcNMjMwNTEwMDc1NzMzWjCBkDELMAkGA1UE
BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK
DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD
DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/41S8rumkk+IzBk9pBDETvjlPmlXfw
78yRrLmbzaed3kGgygJ2GFFPLcR/Lv0WG8F8au4UEssbOxAU4RRjncCVt66ajaCa
llIqMlH8zaJ8rgxNpGeJU5YvmYRxlIo+Gwi0qnF0tqJh8Hry7OqSo0gK2YBBFJyV
grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21
PInqLniMaFlSnRYzCrUaja6HMmzKA+ZPZ1r9lllzsE00RASxRIxlKkwfzTtMb9O6
ey2i2vM7hKGGlXjNsnYVX9WXEfvK4JrCadHzgX8qdez19RxFKtB+5gECAwEAAaNT
MFEwHQYDVR0OBBYEFOcHLXRWZjHwexDqtgMGTCN/7aZlMB8GA1UdIwQYMBaAFOcH
LXRWZjHwexDqtgMGTCN/7aZlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAD2a5kuIdICNXfYLpSe7AIONwZVucaArYtpXBxHEy5lMJsTEJgjZzypd
iIMU7onEQGVbii6yVNpWfIpJYM4e8ytVdJuk5evclVKZs/lZ2IshLyWFVj+ITh2E
28X4C/Hnmt4MPBCNowQf71nMp4LEziBgXp54qFV9C+qSTEVdrherRE0PU/zKyX10
S/P5o42weTHnAO/pBN/8AmL3AymynKVgcPaW46IjjRAuc6kfZWCrYQ0M4+/7Ws5r
uM55Zae/L+C82OTNNaaK324ogsCkORPeQ23OCrRD8rZJmQ9bpoOGglPminfwEOhB
UHtyKgmvqCyOV3G/4G93W/xsLV0kxLA=
-----END CERTIFICATE-----
EOF
}
36 changes: 16 additions & 20 deletions settings.gradle.kts
View file
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@ include(":edc-tests:cucumber")
// modules for controlplane artifacts
include(":edc-controlplane")
include(":edc-controlplane:edc-controlplane-base")
include(":edc-controlplane:edc-controlplane-memory")
include(":edc-controlplane:edc-runtime-memory")
include(":edc-controlplane:edc-controlplane-memory-hashicorp-vault")
include(":edc-controlplane:edc-controlplane-postgresql")
include(":edc-controlplane:edc-controlplane-postgresql-hashicorp-vault")
@@ -137,38 +137,34 @@ dependencyResolutionManagement {
library("micrometer-jersey", "org.eclipse.edc", "jersey-micrometer").versionRef("edc")
library("micrometer-jetty", "org.eclipse.edc", "jetty-micrometer").versionRef("edc")
library("monitor-jdklogger", "org.eclipse.edc", "monitor-jdk-logger").versionRef("edc")
library(
"transfer.dynamicreceiver",
"org.eclipse.edc",
"transfer-pull-http-dynamic-receiver"
).versionRef("edc")
library("transfer.dynamicreceiver", "org.eclipse.edc", "transfer-pull-http-dynamic-receiver").versionRef("edc")

library("transfer.receiver", "org.eclipse.edc", "transfer-pull-http-receiver").versionRef("edc")

bundle(
"connector",
listOf("boot", "core-connector", "core-jersey", "core-controlplane", "api-observability")
"connector",
listOf("boot", "core-connector", "core-jersey", "core-controlplane", "api-observability")
)

bundle(
"dpf",
listOf("dpf-transfer", "dpf-selector-core", "dpf-selector-client", "spi-dataplane-selector")
"dpf",
listOf("dpf-transfer", "dpf-selector-core", "dpf-selector-client", "spi-dataplane-selector")
)

bundle(
"sqlstores",
listOf(
"sql-assetindex",
"sql-contract-definition",
"sql-contract-negotiation",
"sql-transferprocess",
"sql-policydef"
)
"sqlstores",
listOf(
"sql-assetindex",
"sql-contract-definition",
"sql-contract-negotiation",
"sql-transferprocess",
"sql-policydef"
)
)

bundle(
"monitoring",
listOf("micrometer-core", "micrometer-jersey", "micrometer-jetty")
"monitoring",
listOf("micrometer-core", "micrometer-jersey", "micrometer-jetty")
// listOf("micrometer-core", "micrometer-jersey", "micrometer-jetty", "monitor-jdklogger")
)
}