feature: create helm chart using the Azure KeyVault variant (eclipse-tractusx#279)

* feat: add Helm chart that utilized Azure KeyVault + Postgres

* pr remarks

* Update charts/tractusx-connector-azure-vault/README.md.gotmpl

Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com>

* use cUrl instead of wget do satisfy SonarCloud

---------

Co-authored-by: Florian Rusch (ZF Friedrichshafen AG) <florian.rusch.external@zf.com>

Author: paullatzelsperger

.github/dependabot.yml

@@ -36,7 +36,7 @@ updates:
   -
     package-ecosystem: "docker"
     target-branch: main
-    directory: ./edc-controlplane/edc-controlplane-postgresql/src/main/docker/
+    directory: ./edc-controlplane/edc-controlplane-postgresql-azure-vault/src/main/docker/
     labels:
       - "dependabot"
       - "docker"

.github/workflows/build.yaml

@@ -78,7 +78,7 @@ jobs:
         variant: [ { dir: edc-controlplane, img: edc-runtime-memory },
                    { dir: edc-controlplane, img: edc-controlplane-memory-hashicorp-vault },
                    { dir: edc-controlplane, img: edc-controlplane-postgresql-hashicorp-vault },
-                   { dir: edc-controlplane, img: edc-controlplane-postgresql },
+                   { dir: edc-controlplane, img: edc-controlplane-postgresql-azure-vault },
                    { dir: edc-dataplane,    img: edc-dataplane-azure-vault },
                    { dir: edc-dataplane,    img: edc-dataplane-hashicorp-vault } ]
     permissions:

.github/workflows/deployment-test.yaml

@@ -45,6 +45,21 @@ concurrency:
 
 jobs:
 
+  secret-presence:
+    runs-on: ubuntu-latest
+    outputs:
+      AZURE_KV_CREDS: ${{ steps.secret-presence.outputs.AZURE_KV_CREDS }}
+    steps:
+      - name: Check whether secrets exist
+        id: secret-presence
+        run: |
+          [ ! -z "${{ secrets.AZURE_TENANT_ID }}" ] && 
+          [ ! -z "${{ secrets.AZURE_CLIENT_ID }}" ] && 
+          [ ! -z "${{ secrets.AZURE_CLIENT_SECRET }}" ] && 
+          [ ! -z "${{ secrets.AZURE_VAULT_NAME }}" ]  && 
+          echo "AZURE_KV_CREDS=true" >> $GITHUB_OUTPUT
+          exit 0
+
   test-prepare:
     runs-on: ubuntu-latest
     steps:
@@ -99,3 +114,33 @@ jobs:
 
             # execute the helm test
             helm test tx-prod --logs
+
+  test-azure-vault-postgres:
+    runs-on: ubuntu-latest
+    needs: [ test-prepare, secret-presence ]
+    if: |
+      needs.secret-presence.outputs.AZURE_KV_CREDS
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3.3.0
+      - uses: ./.github/actions/run-deployment-test
+        name: "Run deployment test using KinD and Helm"
+        with:
+          imagename: "edc-controlplane-postgresql-azure-vault edc-dataplane-azure-vault"
+          rootDir: "."
+          helm_command: |-
+            helm install tx-prod charts/tractusx-connector-azure-vault \
+             -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml \
+             --dependency-update \
+             --set vault.azure.name=${{ secrets.AZURE_VAULT_NAME }} \
+             --set vault.azure.client=${{ secrets.AZURE_CLIENT_ID }} \
+             --set vault.azure.secret=${{ secrets.AZURE_CLIENT_SECRET }} \
+             --set vault.azure.tenant=${{ secrets.AZURE_TENANT_ID }} \
+             --wait-for-jobs --timeout=120s
+
+            # wait for the pod to become ready
+            kubectl rollout status deployment tx-prod-controlplane
+            kubectl rollout status deployment tx-prod-dataplane
+
+            # execute the helm test
+            helm test tx-prod --logs

.github/workflows/publish-docker.yaml

@@ -47,7 +47,7 @@ jobs:
         variant: [ { dir: edc-controlplane, img: edc-runtime-memory },
                    { dir: edc-controlplane, img: edc-controlplane-memory-hashicorp-vault },
                    { dir: edc-controlplane, img: edc-controlplane-postgresql-hashicorp-vault },
-                   { dir: edc-controlplane, img: edc-controlplane-postgresql },
+                   { dir: edc-controlplane, img: edc-controlplane-postgresql-azure-vault },
                    { dir: edc-dataplane,    img: edc-dataplane-azure-vault },
                    { dir: edc-dataplane,    img: edc-dataplane-hashicorp-vault } ]
     permissions:

.github/workflows/publish-new-release.yml

@@ -86,7 +86,7 @@ jobs:
         variant: [{dir: edc-controlplane, img: edc-runtime-memory},
                 {dir: edc-controlplane, img: edc-controlplane-memory-hashicorp-vault},
                 {dir: edc-controlplane, img: edc-controlplane-postgresql-hashicorp-vault},
-                {dir: edc-controlplane, img: edc-controlplane-postgresql},
+                {dir: edc-controlplane, img: edc-controlplane-postgresql-azure-vault},
                 {dir: edc-dataplane,    img: edc-dataplane-azure-vault},
                 {dir: edc-dataplane,    img: edc-dataplane-hashicorp-vault}]
 

.github/workflows/trivy.yml

@@ -66,7 +66,7 @@ jobs:
         image:
           - edc-runtime-memory
           - edc-controlplane-memory-hashicorp-vault
-          - edc-controlplane-postgresql
+          - edc-controlplane-postgresql-azure-vault
           - edc-controlplane-postgresql-hashicorp-vault
           - edc-dataplane-azure-vault
           - edc-dataplane-hashicorp-vault

.github/workflows/veracode.yaml

@@ -41,7 +41,7 @@ jobs:
         variant: [ { dir: edc-controlplane, name: edc-runtime-memory },
                    { dir: edc-controlplane, name: edc-controlplane-memory-hashicorp-vault },
                    { dir: edc-controlplane, name: edc-controlplane-postgresql-hashicorp-vault },
-                   { dir: edc-controlplane, name: edc-controlplane-postgresql },
+                   { dir: edc-controlplane, name: edc-controlplane-postgresql-azure-vault },
                    { dir: edc-dataplane,    name: edc-dataplane-azure-vault },
                    { dir: edc-dataplane,    name: edc-dataplane-hashicorp-vault } ]
     steps:

README.md

@@ -30,7 +30,7 @@ The Data-Plane does the heavy lifting of transferring and receiving data streams
 
 Depending on your environment there are different derivatives of the control-plane prepared:
 
-- [edc-controlplane-postgresql](edc-controlplane/edc-controlplane-postgresql) with dependency onto
+- [edc-controlplane-postgresql-azure-vault](edc-controlplane/edc-controlplane-postgresql-azure-vault) with dependency onto
   - [Azure Key Vault](https://azure.microsoft.com/en-us/services/key-vault/#product-overview)
   - [PostgreSQL 8.2 or newer](https://www.postgresql.org/)
 - [edc-controlplane-postgresql-hashicorp-vault](edc-controlplane/edc-controlplane-postgresql-hashicorp-vault) with

charts/tractusx-connector-azure-vault/Chart.yaml

@@ -0,0 +1,51 @@
+#
+#  Copyright (c) 2023 ZF Friedrichshafen AG
+#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+---
+apiVersion: v2
+name: tractusx-connector-azure-vault
+description: |
+  A Helm chart for Tractus-X Eclipse Data Space Connector. The connector deployment consists of two runtime consists of a
+  Control Plane and a Data Plane. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included.
+
+  This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault.
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.3.3
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.3.3"
+home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
+sources:
+  - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector