diff --git a/.github/build/install.sh b/.github/build/install.sh new file mode 100755 index 0000000..1515b6c --- /dev/null +++ b/.github/build/install.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +wget "https://get.helm.sh/helm-v3.15.2-linux-amd64.tar.gz" +tar zxf helm-v3.15.2-linux-amd64.tar.gz +mkdir bin +mv linux-amd64/helm ./bin/helm + +go install github.com/yannh/kubeconform/cmd/kubeconform@latest diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 831900f..f6cd443 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,63 +8,63 @@ version: 2 # List of directories to scan for updates updates: - package-ecosystem: "docker" - directory: "applications/activation-service" + directory: "argocd/applications/activation-service" schedule: interval: "daily" - package-ecosystem: "docker" - directory: "applications/contract-management" + directory: "argocd/applications/contract-management" schedule: interval: "daily" - package-ecosystem: "docker" - directory: "applications/credentials-config-service" + directory: "argocd/applications/credentials-config-service" schedule: interval: "daily" - package-ecosystem: "docker" - directory: "applications/dsba-pdp" + directory: "argocd/applications/dsba-pdp" schedule: interval: "daily" #- package-ecosystem: "docker" - # directory: "applications/keycloak" + # directory: "argocd/applications/keycloak" # schedule: # interval: "daily" #- package-ecosystem: "docker" - # directory: "applications/keyrock" + # directory: "argocd/applications/keyrock" # schedule: # interval: "daily" - package-ecosystem: "docker" - directory: "applications/kong" + directory: "argocd/applications/kong" schedule: interval: "daily" #- package-ecosystem: "docker" - # directory: "applications/mongodb" + # directory: "argocd/applications/mongodb" # schedule: # interval: "daily" #- package-ecosystem: "docker" - # directory: "applications/mysql" + # directory: "argocd/applications/mysql" # schedule: # interval: "daily" - package-ecosystem: "docker" - directory: "applications/orion-ld" + directory: "argocd/applications/orion-ld" schedule: interval: "daily" #- package-ecosystem: "docker" - # directory: "applications/postgres" + # directory: "argocd/applications/postgres" # schedule: # interval: "daily" - package-ecosystem: "docker" - directory: "applications/tm-forum-api" + directory: "argocd/applications/tm-forum-api" schedule: interval: "daily" - package-ecosystem: "docker" - directory: "applications/trusted-issuers-list" + directory: "argocd/applications/trusted-issuers-list" schedule: interval: "daily" - package-ecosystem: "docker" - directory: "applications/vcwaltid" + directory: "argocd/applications/vcwaltid" schedule: interval: "daily" - package-ecosystem: "docker" - directory: "applications/verifier" + directory: "argocd/applications/verifier" schedule: interval: "daily" diff --git a/.github/scripts/eval.sh b/.github/scripts/eval.sh new file mode 100755 index 0000000..1547d8d --- /dev/null +++ b/.github/scripts/eval.sh @@ -0,0 +1,20 @@ +#! /bin/bash + +CHARTS=$(pwd)/charts/* +RETURN_VAL=0 +for chart in $CHARTS +do + ./bin/helm dependency build ${chart} + ./bin/helm template ${chart} | kubeconform -strict + + ret=$? + if [ $ret -ne 0 ]; then + RETURN_VAL=$ret + fi +done + +if [ $RETURN_VAL -eq 0 ]; then + echo "Chart evaluation successful !!!" +fi + +exit $RETURN_VAL diff --git a/.github/scripts/lint.sh b/.github/scripts/lint.sh new file mode 100755 index 0000000..93e46c7 --- /dev/null +++ b/.github/scripts/lint.sh @@ -0,0 +1,7 @@ +#! /bin/bash + +CHARTS=./charts/* +for chart in $CHARTS +do + docker run --rm -v $(pwd):/apps alpine/helm:2.9.0 lint $chart +done diff --git a/.github/workflows/check.yaml b/.github/workflows/check.yaml index 86189c1..2911a62 100644 --- a/.github/workflows/check.yaml +++ b/.github/workflows/check.yaml @@ -12,9 +12,38 @@ on: - main jobs: - check: + + lint: runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Lint + run: ./.github/scripts/lint.sh + + eval: + runs-on: ubuntu-latest + needs: + - lint + + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-go@v5 + with: + go-version: '>=1.17.0' + + - name: Eval + run: | + .github/build/install.sh + .github/scripts/eval.sh + + check-labels: + runs-on: ubuntu-latest + needs: + - lint + - eval + steps: - uses: actions/checkout@v2 @@ -38,6 +67,9 @@ jobs: comment: runs-on: ubuntu-latest + needs: + - "check-labels" + if: always() steps: - uses: technote-space/workflow-conclusion-action@v2 @@ -50,3 +82,92 @@ jobs: with: message: "Please apply one of the following labels to the PR: 'patch', 'minor', 'major'." GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + prepare-release: + needs: ["check-labels", "comment"] + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - id: bump + uses: zwaldowski/match-label-action@v4 + with: + allowed: major,minor,patch + + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v14.6 + + + # prepare yaml parser + - uses: actions/setup-go@v4 + - name: Install yq + run: | + go install github.com/mikefarah/yq/v4@latest + yq --version + + - uses: actions/checkout@v3 + with: + ref: ${{ github.head_ref }} + + - name: Update versions + shell: bash + run: | + declare -A changedCharts + + for file in ${{ steps.changed-files.outputs.all_changed_and_modified_files }}; do + + echo "$file was changed" + baseFolder=$(cut -d'/' -f1 <<< "$file") + if [ $baseFolder = "charts" ]; then + chartName=$(cut -d'/' -f2 <<< "$file") + changedCharts[$chartName]=$chartName + fi + done + + for c in "${changedCharts[@]}"; do + # get version from chart yaml + version=$(yq e '.version' "charts/$c/Chart.yaml") + major=$(cut -d'.' -f1 <<< "$version") + minor=$(cut -d'.' -f2 <<< "$version") + patch=$(cut -d'.' -f3 <<< "$version") + + prType=${{ steps.bump.outputs.match }} + echo Update version $version with type $prType + if [ $prType = "major" ]; then + echo Update major + major=$((major+1)) + minor=0 + patch=0 + elif [ $prType = "minor" ]; then + echo Update minor + minor=$((minor+1)) + patch=0 + elif [ $prType = "patch" ]; then + echo Update patch + patch=$((patch+1)) + fi + echo Update version to $major.$minor.$patch for $c + yq e -i '.version = "'$major.$minor.$patch'"' charts/$c/Chart.yaml + done + + - name: Commit files + continue-on-error: true + run: | + git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com" + git config --local user.name "github-actions[bot]" + git status + echo commit + git commit -m "Update helm chart versions" -a + echo status update + git status + + - name: Push changes + continue-on-error: true + uses: ad-m/github-push-action@master + with: + branch: ${{ github.head_ref }} diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index c1eb4b9..516c905 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -71,11 +71,11 @@ jobs: - name: Download values for participant run: | - cd data-space-connector/ + cd argocd/data-space-connector/ wget -O values-participant.yaml ${{ env.GITOPS_REPO }}/${{ env.NAMESPACE }}/${{ matrix.participant }}/${{ env.VALUES_DIR }}/values.yaml cat values-participant.yaml - name: Deploy applications run: | - cd data-space-connector/ + cd argocd/data-space-connector/ helm template ${{ secrets.OVERWRITE_VALUES }} -f values-participant.yaml . | oc -n argocd apply -f - diff --git a/.github/workflows/release-helm.yaml b/.github/workflows/release-helm.yaml index ab8920a..fa9cd9f 100644 --- a/.github/workflows/release-helm.yaml +++ b/.github/workflows/release-helm.yaml @@ -7,8 +7,57 @@ on: jobs: - deploy: + generate-version: + name: "Generate version" + runs-on: ubuntu-latest + + outputs: + version: ${{ steps.out.outputs.version }} + + steps: + - uses: actions/checkout@v2 + + - uses: actions/setup-java@v1 + with: + java-version: '17' + java-package: jdk + - id: pr + uses: actions-ecosystem/action-get-merged-pull-request@v1.0.1 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Match semver label via bash + id: match-label-bash + run: | + LABELS=$(cat <<-END + ${{ steps.pr.outputs.labels }} + END + ) + IFS='\n' read -ra LABEL <<< "$LABELS" + for i in "${LABEL[@]}"; do + case $i in + # Will just use the first occurence + 'major'|'minor'|'patch') + echo "RELEASE_LABEL=$i" >> $GITHUB_OUTPUT + break + esac + done + + - uses: zwaldowski/semver-release-action@v2 + with: + dry_run: true + bump: ${{ steps.match-label-bash.outputs.RELEASE_LABEL }} + github_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Set version output + id: out + run: echo "::set-output name=version::$(echo ${VERSION})" + + deploy: + name: "Release charts" + needs: + - "generate-version" runs-on: ubuntu-latest steps: @@ -35,7 +84,8 @@ jobs: CR_SKIP_EXISTING: true git-release: - needs: ["deploy"] + name: "Create Git Release" + needs: ["generate-version", "deploy"] runs-on: ubuntu-latest steps: diff --git a/README.md b/README.md index 11d5e17..1fd4f52 100644 --- a/README.md +++ b/README.md @@ -48,19 +48,11 @@ The chart is available at the repository ```https://fiware-ops.github.io/data-sp structure and type of the required VCs, internal hostnames of the different connector components and providing the configuration of the DID and keys/certs. Also have a look at the [examples](#examples). -The chart also contains the [argo-cd applications support](./data-space-connector/templates/), thus it can be used to generate argo-deployments, too. In plain Helm deployments, this should be disabled in the values.yaml: -```yaml -argoApplications: false -``` - -Configurations for all sub-charts(and sub-dependencies) can be managed through the top-level values.yaml of the chart. It contains the default values of each [application](./applications/). The configuration of the applications can be changed under the key ``````, please see the individual applications and there sub-charts for the available options. +Configurations for all sub-charts (and sub-dependencies) can be managed through the top-level [values.yaml](./charts/data-space-connector/values.yaml) of the chart. It contains the default values of each [application](./argocd/applications/) and additional parameter shared between the components. The configuration of the applications can be changed under the key ``````, please see the individual applications and there sub-charts for the available options. Example: -In order to change the image-tag of [Keycloak](./applications/keycloak/) and the issuer did used by it, the values.yaml looks as following: +In order to change the image-tag of [Keycloak](./argocd/applications/keycloak/), the values.yaml looks as following: ```yaml keycloak: - # configuration directly in the application chart, extending the original keycloak chart - didConfig: - domain: "my-new-did-domain.org" # configuration for the keycloak-sub-chart. Its used as a dependency to the application, thus all config is accessible under the dependency name keycloak: image: @@ -88,4 +80,11 @@ The tests can be executed via: ```shell mvn clean integration-test -Ptest ``` -They will spin up the [Local Data Space](./doc/LOCAL.MD) and run the [test-scenarios](./it/src/test/resources/it/mvds_basic.feature) against it. \ No newline at end of file +They will spin up the [Local Data Space](./doc/LOCAL.MD) and run the [test-scenarios](./it/src/test/resources/it/mvds_basic.feature) against it. + + +## Additional Resources + +Following is a list with additional resources about the FIWARE Data Space Connector and Data Spaces in general: +* [FIWARE Webinar about Data Spaces, its roles and components (by Stefan Wiedemann)](https://www.youtube.com/watch?v=hm5qMlhpK0g) + diff --git a/applications/activation-service/Chart.yaml b/argocd/applications/activation-service/Chart.yaml similarity index 100% rename from applications/activation-service/Chart.yaml rename to argocd/applications/activation-service/Chart.yaml diff --git a/applications/activation-service/values.yaml b/argocd/applications/activation-service/values.yaml similarity index 100% rename from applications/activation-service/values.yaml rename to argocd/applications/activation-service/values.yaml diff --git a/applications/contract-management/Chart.yaml b/argocd/applications/contract-management/Chart.yaml similarity index 100% rename from applications/contract-management/Chart.yaml rename to argocd/applications/contract-management/Chart.yaml diff --git a/applications/contract-management/values.yaml b/argocd/applications/contract-management/values.yaml similarity index 100% rename from applications/contract-management/values.yaml rename to argocd/applications/contract-management/values.yaml diff --git a/applications/credentials-config-service/Chart.yaml b/argocd/applications/credentials-config-service/Chart.yaml similarity index 100% rename from applications/credentials-config-service/Chart.yaml rename to argocd/applications/credentials-config-service/Chart.yaml diff --git a/applications/credentials-config-service/values.yaml b/argocd/applications/credentials-config-service/values.yaml similarity index 100% rename from applications/credentials-config-service/values.yaml rename to argocd/applications/credentials-config-service/values.yaml diff --git a/applications/dsba-pdp/Chart.yaml b/argocd/applications/dsba-pdp/Chart.yaml similarity index 100% rename from applications/dsba-pdp/Chart.yaml rename to argocd/applications/dsba-pdp/Chart.yaml diff --git a/applications/dsba-pdp/values.yaml b/argocd/applications/dsba-pdp/values.yaml similarity index 100% rename from applications/dsba-pdp/values.yaml rename to argocd/applications/dsba-pdp/values.yaml diff --git a/applications/keycloak/Chart.yaml b/argocd/applications/keycloak/Chart.yaml similarity index 100% rename from applications/keycloak/Chart.yaml rename to argocd/applications/keycloak/Chart.yaml diff --git a/applications/keycloak/templates/_helpers.tpl b/argocd/applications/keycloak/templates/_helpers.tpl similarity index 100% rename from applications/keycloak/templates/_helpers.tpl rename to argocd/applications/keycloak/templates/_helpers.tpl diff --git a/applications/keycloak/templates/certificate.yaml b/argocd/applications/keycloak/templates/certificate.yaml similarity index 100% rename from applications/keycloak/templates/certificate.yaml rename to argocd/applications/keycloak/templates/certificate.yaml diff --git a/applications/keycloak/templates/didConfigMap.yaml b/argocd/applications/keycloak/templates/didConfigMap.yaml similarity index 100% rename from applications/keycloak/templates/didConfigMap.yaml rename to argocd/applications/keycloak/templates/didConfigMap.yaml diff --git a/applications/keycloak/templates/profilesConfigMap.yaml b/argocd/applications/keycloak/templates/profilesConfigMap.yaml similarity index 100% rename from applications/keycloak/templates/profilesConfigMap.yaml rename to argocd/applications/keycloak/templates/profilesConfigMap.yaml diff --git a/applications/keycloak/templates/route.yaml b/argocd/applications/keycloak/templates/route.yaml similarity index 100% rename from applications/keycloak/templates/route.yaml rename to argocd/applications/keycloak/templates/route.yaml diff --git a/applications/keycloak/values.yaml b/argocd/applications/keycloak/values.yaml similarity index 100% rename from applications/keycloak/values.yaml rename to argocd/applications/keycloak/values.yaml diff --git a/applications/keyrock/Chart.yaml b/argocd/applications/keyrock/Chart.yaml similarity index 100% rename from applications/keyrock/Chart.yaml rename to argocd/applications/keyrock/Chart.yaml diff --git a/applications/keyrock/values.yaml b/argocd/applications/keyrock/values.yaml similarity index 100% rename from applications/keyrock/values.yaml rename to argocd/applications/keyrock/values.yaml diff --git a/applications/kong/Chart.yaml b/argocd/applications/kong/Chart.yaml similarity index 100% rename from applications/kong/Chart.yaml rename to argocd/applications/kong/Chart.yaml diff --git a/applications/kong/templates/_helpers.tpl b/argocd/applications/kong/templates/_helpers.tpl similarity index 100% rename from applications/kong/templates/_helpers.tpl rename to argocd/applications/kong/templates/_helpers.tpl diff --git a/applications/kong/templates/proxy-certificate.yaml b/argocd/applications/kong/templates/proxy-certificate.yaml similarity index 100% rename from applications/kong/templates/proxy-certificate.yaml rename to argocd/applications/kong/templates/proxy-certificate.yaml diff --git a/applications/kong/templates/proxy-route.yaml b/argocd/applications/kong/templates/proxy-route.yaml similarity index 100% rename from applications/kong/templates/proxy-route.yaml rename to argocd/applications/kong/templates/proxy-route.yaml diff --git a/applications/kong/values.yaml b/argocd/applications/kong/values.yaml similarity index 100% rename from applications/kong/values.yaml rename to argocd/applications/kong/values.yaml diff --git a/applications/mongodb/Chart.yaml b/argocd/applications/mongodb/Chart.yaml similarity index 100% rename from applications/mongodb/Chart.yaml rename to argocd/applications/mongodb/Chart.yaml diff --git a/applications/mongodb/values.yaml b/argocd/applications/mongodb/values.yaml similarity index 100% rename from applications/mongodb/values.yaml rename to argocd/applications/mongodb/values.yaml diff --git a/applications/mysql/Chart.yaml b/argocd/applications/mysql/Chart.yaml similarity index 100% rename from applications/mysql/Chart.yaml rename to argocd/applications/mysql/Chart.yaml diff --git a/applications/mysql/values.yaml b/argocd/applications/mysql/values.yaml similarity index 100% rename from applications/mysql/values.yaml rename to argocd/applications/mysql/values.yaml diff --git a/applications/orion-ld/Chart.yaml b/argocd/applications/orion-ld/Chart.yaml similarity index 100% rename from applications/orion-ld/Chart.yaml rename to argocd/applications/orion-ld/Chart.yaml diff --git a/applications/orion-ld/values.yaml b/argocd/applications/orion-ld/values.yaml similarity index 100% rename from applications/orion-ld/values.yaml rename to argocd/applications/orion-ld/values.yaml diff --git a/applications/postgres/Chart.yaml b/argocd/applications/postgres/Chart.yaml similarity index 100% rename from applications/postgres/Chart.yaml rename to argocd/applications/postgres/Chart.yaml diff --git a/applications/postgres/values.yaml b/argocd/applications/postgres/values.yaml similarity index 100% rename from applications/postgres/values.yaml rename to argocd/applications/postgres/values.yaml diff --git a/applications/tm-forum-api/Chart.yaml b/argocd/applications/tm-forum-api/Chart.yaml similarity index 100% rename from applications/tm-forum-api/Chart.yaml rename to argocd/applications/tm-forum-api/Chart.yaml diff --git a/applications/tm-forum-api/values.yaml b/argocd/applications/tm-forum-api/values.yaml similarity index 100% rename from applications/tm-forum-api/values.yaml rename to argocd/applications/tm-forum-api/values.yaml diff --git a/applications/trusted-issuers-list/Chart.yaml b/argocd/applications/trusted-issuers-list/Chart.yaml similarity index 100% rename from applications/trusted-issuers-list/Chart.yaml rename to argocd/applications/trusted-issuers-list/Chart.yaml diff --git a/applications/trusted-issuers-list/values.yaml b/argocd/applications/trusted-issuers-list/values.yaml similarity index 100% rename from applications/trusted-issuers-list/values.yaml rename to argocd/applications/trusted-issuers-list/values.yaml diff --git a/applications/vcwaltid/Chart.yaml b/argocd/applications/vcwaltid/Chart.yaml similarity index 100% rename from applications/vcwaltid/Chart.yaml rename to argocd/applications/vcwaltid/Chart.yaml diff --git a/applications/vcwaltid/templates/_helpers.tpl b/argocd/applications/vcwaltid/templates/_helpers.tpl similarity index 100% rename from applications/vcwaltid/templates/_helpers.tpl rename to argocd/applications/vcwaltid/templates/_helpers.tpl diff --git a/applications/vcwaltid/templates/certificate.yaml b/argocd/applications/vcwaltid/templates/certificate.yaml similarity index 100% rename from applications/vcwaltid/templates/certificate.yaml rename to argocd/applications/vcwaltid/templates/certificate.yaml diff --git a/applications/vcwaltid/templates/deployment.yaml b/argocd/applications/vcwaltid/templates/deployment.yaml similarity index 100% rename from applications/vcwaltid/templates/deployment.yaml rename to argocd/applications/vcwaltid/templates/deployment.yaml diff --git a/applications/vcwaltid/templates/ingress-certs.yaml b/argocd/applications/vcwaltid/templates/ingress-certs.yaml similarity index 100% rename from applications/vcwaltid/templates/ingress-certs.yaml rename to argocd/applications/vcwaltid/templates/ingress-certs.yaml diff --git a/applications/vcwaltid/templates/ingress.yaml b/argocd/applications/vcwaltid/templates/ingress.yaml similarity index 100% rename from applications/vcwaltid/templates/ingress.yaml rename to argocd/applications/vcwaltid/templates/ingress.yaml diff --git a/applications/vcwaltid/templates/route-certs.yaml b/argocd/applications/vcwaltid/templates/route-certs.yaml similarity index 100% rename from applications/vcwaltid/templates/route-certs.yaml rename to argocd/applications/vcwaltid/templates/route-certs.yaml diff --git a/applications/vcwaltid/templates/route.yaml b/argocd/applications/vcwaltid/templates/route.yaml similarity index 100% rename from applications/vcwaltid/templates/route.yaml rename to argocd/applications/vcwaltid/templates/route.yaml diff --git a/applications/vcwaltid/templates/service.yaml b/argocd/applications/vcwaltid/templates/service.yaml similarity index 100% rename from applications/vcwaltid/templates/service.yaml rename to argocd/applications/vcwaltid/templates/service.yaml diff --git a/applications/vcwaltid/values.yaml b/argocd/applications/vcwaltid/values.yaml similarity index 100% rename from applications/vcwaltid/values.yaml rename to argocd/applications/vcwaltid/values.yaml diff --git a/applications/verifier/Chart.yaml b/argocd/applications/verifier/Chart.yaml similarity index 100% rename from applications/verifier/Chart.yaml rename to argocd/applications/verifier/Chart.yaml diff --git a/applications/verifier/values.yaml b/argocd/applications/verifier/values.yaml similarity index 100% rename from applications/verifier/values.yaml rename to argocd/applications/verifier/values.yaml diff --git a/data-space-connector/Chart.yaml b/argocd/data-space-connector/Chart.yaml similarity index 100% rename from data-space-connector/Chart.yaml rename to argocd/data-space-connector/Chart.yaml diff --git a/data-space-connector/templates/_helpers.tpl b/argocd/data-space-connector/templates/_helpers.tpl similarity index 100% rename from data-space-connector/templates/_helpers.tpl rename to argocd/data-space-connector/templates/_helpers.tpl diff --git a/data-space-connector/templates/argo-application.yaml b/argocd/data-space-connector/templates/argo-application.yaml similarity index 100% rename from data-space-connector/templates/argo-application.yaml rename to argocd/data-space-connector/templates/argo-application.yaml diff --git a/data-space-connector/values.yaml b/argocd/data-space-connector/values.yaml similarity index 75% rename from data-space-connector/values.yaml rename to argocd/data-space-connector/values.yaml index dbe3c6b..764cc3c 100644 --- a/data-space-connector/values.yaml +++ b/argocd/data-space-connector/values.yaml @@ -14,7 +14,7 @@ applications: - name: mysql enabled: true - source_path: applications/mysql + source_path: argocd/applications/mysql source_ref: *branch destination: *destination helm_values: @@ -22,7 +22,7 @@ applications: - name: mongodb enabled: true - source_path: applications/mongodb + source_path: argocd/applications/mongodb source_ref: *branch destination: *destination helm_values: @@ -30,7 +30,7 @@ applications: - name: postgres enabled: true - source_path: applications/postgres + source_path: argocd/applications/postgres source_ref: *branch destination: *destination helm_values: @@ -38,7 +38,7 @@ applications: - name: orion enabled: true - source_path: applications/orion-ld + source_path: argocd/applications/orion-ld source_ref: *branch destination: *destination helm_values: @@ -46,7 +46,7 @@ applications: - name: credentials-config-service enabled: true - source_path: applications/credentials-config-service + source_path: argocd/applications/credentials-config-service source_ref: *branch destination: *destination helm_values: @@ -54,7 +54,7 @@ applications: - name: trusted-issuers-list enabled: true - source_path: applications/trusted-issuers-list + source_path: argocd/applications/trusted-issuers-list source_ref: *branch destination: *destination helm_values: @@ -62,7 +62,7 @@ applications: - name: vcwaltid enabled: true - source_path: applications/vcwaltid + source_path: argocd/applications/vcwaltid source_ref: *branch destination: *destination helm_values: @@ -70,7 +70,7 @@ applications: - name: verifier enabled: true - source_path: applications/verifier + source_path: argocd/applications/verifier source_ref: *branch destination: *destination helm_values: @@ -78,7 +78,7 @@ applications: - name: keycloak enabled: true - source_path: applications/keycloak + source_path: argocd/applications/keycloak source_ref: *branch destination: *destination helm_values: @@ -86,7 +86,7 @@ applications: - name: keyrock enabled: true - source_path: applications/keyrock + source_path: argocd/applications/keyrock source_ref: *branch destination: *destination helm_values: @@ -94,7 +94,7 @@ applications: - name: dsba-pdp enabled: true - source_path: applications/dsba-pdp + source_path: argocd/applications/dsba-pdp source_ref: *branch destination: *destination helm_values: @@ -102,7 +102,7 @@ applications: - name: kong enabled: true - source_path: applications/kong + source_path: argocd/applications/kong source_ref: *branch destination: *destination helm_values: @@ -110,7 +110,7 @@ applications: - name: activation-service enabled: true - source_path: applications/activation-service + source_path: argocd/applications/activation-service source_ref: *branch destination: *destination helm_values: @@ -118,7 +118,7 @@ applications: - name: tm-forum-api enabled: true - source_path: applications/tm-forum-api + source_path: argocd/applications/tm-forum-api source_ref: *branch destination: *destination helm_values: @@ -126,7 +126,7 @@ applications: - name: contract-management enabled: true - source_path: applications/contract-management + source_path: argocd/applications/contract-management source_ref: *branch destination: *destination helm_values: diff --git a/charts/data-space-connector/Chart.yaml b/charts/data-space-connector/Chart.yaml index 5950ab5..a310ff6 100644 --- a/charts/data-space-connector/Chart.yaml +++ b/charts/data-space-connector/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: data-space-connector description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant. type: application -version: 3.0.1 +version: 5.0.0 dependencies: - name: postgresql condition: postgresql.enabled diff --git a/charts/data-space-connector/templates/did-key-ingress.yaml b/charts/data-space-connector/templates/did-key-ingress.yaml index a56cf9b..0f091b4 100644 --- a/charts/data-space-connector/templates/did-key-ingress.yaml +++ b/charts/data-space-connector/templates/did-key-ingress.yaml @@ -1,4 +1,4 @@ -{{- if .Values.did.ingress.enabled }} +{{- if and .Values.did.enabled .Values.did.ingress.enabled }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: @@ -18,4 +18,4 @@ spec: name: did-helper port: name: http -{{- end }} \ No newline at end of file +{{- end }} diff --git a/examples/README.md b/examples/README.md index b4e16eb..745fec8 100644 --- a/examples/README.md +++ b/examples/README.md @@ -7,27 +7,30 @@ other frameworks. Contents - [Deployment of service providers](#deployment-of-service-providers) - - [IPS Service Provider (helm)](#ips-service-provider-helm) + - [Local deployment of Minimal Viable Dataspace (helm/k3s)](#local-deployment-of-minimal-viable-dataspace-helmk3s) - [Packet Delivery Company (ArgoCD)](#packet-delivery-company-argocd) - [Integration with AWS Garnet Framework](#integration-with-aws-garnet-framework-formerly-aws-smart-territory-framework) + ## Deployment of service providers -### IPS Service Provider (helm) +### Local deployment of Minimal Viable Dataspace (helm/k3s) -This is an example of a data service provider, providing a fictitious digital service -for packet delivery services as a company called `IPS`. +This is an example of a "Minimal Viable Dataspace", consisting of a fictitious data service +provider called M&P Operations Inc. (using the FIWARE Data Space Connector), a data service consumer +called Fancy Marketplace Co. and the +data space's trust anchor. -The service is provided by the orion-ld ontext Broker via the NGSI-LD API, offering -access to the entities of certain delivery orders. +The service is provided by the Scorpio Context via the NGSI-LD API, offering access to +energy report entities. -The example uses plain helm for the deployment. +The example uses [k3s](https://k3s.io/) and helm for deployment. More information can be found here: -* [./service-provider-ips](./service-provider-ips) +* [Local Deployment](../doc/LOCAL.MD) @@ -35,7 +38,7 @@ More information can be found here: This is an example of a data service provider called Packet Delivery Company (PDC). -Basically, it's identical to IPS above, but deployment is performed via +The deployment is performed via [GitOps pattern](https://www.gitops.tech/) and [ArgoCD](https://argo-cd.readthedocs.io/en/stable/). The configuration can be found at the diff --git a/examples/service-provider-ips/README.md b/examples/service-provider-ips/README.md deleted file mode 100644 index 9a72bde..0000000 --- a/examples/service-provider-ips/README.md +++ /dev/null @@ -1,72 +0,0 @@ -# Service Provider - IPS - -Example deployment of a packet delivery service provider named IPS. - - -## Prerequisites - -Assuming existing namespace `ips`, where the connector will be deployed. - -Assuming [nginx-ingress](https://docs.nginx.com/nginx-ingress-controller/) as Ingress Controller -and [cert-manager](https://cert-manager.io/) being configured to issue certificates -for domain `*.aws.fiware.io` with ClusterIssuer `letsencrypt-fiware-eks`. -When using a different Ingress Controller or specific load balancer, make sure to add -the necessary annotations. -Also change the domains and hostnames according to your DNS config. - -It is assumed, that the organisation IPS is part of a data space where the trusted participant list -can be found at [https://tir.dsba.fiware.dev](https://tir.dsba.fiware.dev). -When operating a different data space with different trusted participant list, change this -accordingly. - - -## Deployment with helm - -After downloading the chart (see [../../README.md#deployment-with-helm](../../README.md#deployment-with-helm)), -use the following command: -```shell -helm install -n ips -f ./values-dsc.yaml ips-dsc /data-space-connector/charts/data-space-connector -``` - -Alternatively, install using the remote chart: -```shell -helm repo add dsc https://fiware-ops.github.io/data-space-connector/ -helm install -n ips -f ./values-dsc.yaml ips-dsc dsc/data-space-connector -``` - -## Authentication at IPS - -For authentication VCs of type [`InternationalParcelService`](https://github.com/FIWARE-Ops/fiware-gitops/blob/5698dedd9e75620c5706841b06da357cb0b1096a/aws/dsba/happypets/walt-id/values.yaml#L88) need to be issued. Make sure that the consumer issuer is configured -for such credential type (e.g., adding a [client](https://github.com/FIWARE-Ops/fiware-gitops/blob/5698dedd9e75620c5706841b06da357cb0b1096a/aws/dsba/happypets/keycloak/templates/realmConfigMap.yaml#L315) in the Keycloak realm of the consumer issuer). - -The IPS `credentials-config-service` (CCS) requires an entry for such credentials, pointing to the IPS `trusted-issuers-list` -and data space `trusted-issuers-registry` at [https://tir.dsba.fiware.dev](https://tir.dsba.fiware.dev). - -Below is an example when using curl to add an entry at the CCS: -```shell -curl -X 'POST' \ -'http://ips-dsc-credentials-config-service:8080/service' \ --H 'Accept: */*' \ --H 'Content-Type: application/json' \ --d '{ - "id": "ips-service", - "defaultOidcScope": "default", - "oidcScopes": { - "default": [ - { - "type": "InternationalParcelService", - "trustedParticipantsLists": [ - "https://tir.dsba.fiware.dev" - ], - "trustedIssuersLists": [ - "http://ips-dsc-trusted-issuers-list:8080" - ] - } - ] - } - }' -``` - -Alternatively, some application charts allow to create initial entries during deployment, e.g., compare to -the [portal](https://github.com/FIWARE-Ops/fiware-gitops/blob/5698dedd9e75620c5706841b06da357cb0b1096a/aws/dsba/packet-delivery/portal/values.yaml#L27) -of the Packet Delivery example. diff --git a/examples/service-provider-ips/values-dsc.yaml b/examples/service-provider-ips/values-dsc.yaml deleted file mode 100644 index c5835fe..0000000 --- a/examples/service-provider-ips/values-dsc.yaml +++ /dev/null @@ -1,1796 +0,0 @@ -# should argo-cd applications be created? -argoApplications: false - - -#Sub-Chart configuration - -activation-service: - # Enable the deployment of application: activation-service - deploymentEnabled: true - - activation-service: - ## Configuration of activation service execution - activationService: - # -- Number of (gunicorn) workers that should be created - workers: 1 - # -- Maximum header size in bytes - maxHeaderSize: 32768 - # -- Log Level - logLevel: "debug" - - ## Add Ingress or OpenShift Route - route: - enabled: false - - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - kubernetes.io/ingress.class: nginx - hosts: - - host: ips-as.dsba.aws.fiware.io - paths: - - / - tls: - - hosts: - - ips-as.dsba.aws.fiware.io - secretName: as-ips-dsba-tls - - ## CCS config - ccs: - endpoint: "http://ips-dsc-credentials-config-service:8080/" - id: "ips-activation-service" - defaultOidcScope: "default" - oidcScopes: - default: - - type: "VerifiableCredential" - trustedParticipantsLists: [ - "https://tir.dsba.fiware.dev" - ] - trustedIssuersLists: [ - "http://ips-dsc-trusted-issuers-list:8080" - ] - - type: "IpsActivationService" - trustedParticipantsLists: [ - "https://tir.dsba.fiware.dev" - ] - trustedIssuersLists: [ - "http://ips-dsc-trusted-issuers-list:8080" - ] - - ## AS config - config: - - # DB - db: - # -- Use sqlite in-memory database - useMemory: true - # -- Enable tracking of modifications - modTracking: false - # -- Enable SQL logging to stderr - echo: true - - # Configuration for additional API keys to protect certain endpoints - apikeys: - # Config for Trusted-Issuers-List flow - issuer: - # Header name - headerName: "AS-API-KEY" - # API key (auto-generated if left empty) - apiKey: "77ab4a67-ea3c-4348-98bd-2e9f0304bfb8" - # Enable for /issuer endpoint (API key will be required) - enabledIssuer: true - - issuer: - clientId: "ips-activation-service" - providerId: "did:web:ips.dsba.aws.fiware.io:did" - tilUri: "http://ips-dsc-trusted-issuers-list:8080" - verifierUri: "https://ips-verifier.dsba.aws.fiware.io" - samedevicePath: "/api/v1/samedevice" - jwksPath: "/.well-known/jwks" - algorithms: - - "ES256" - roles: - createRole: "CREATE_ISSUER" - updateRole: "UPDATE_ISSUER" - deleteRole: "DELETE_ISSUER" - -credentials-config-service: - # Enable the deployment of application: credentials-config-service - deploymentEnabled: true - - credentials-config-service: - - # Database config - database: - persistence: true - host: mysql-ips - name: ccs - - # Should use Secret in production environment - username: root - password: "dbPassword" - -dsba-pdp: - # Enable the deployment of application: dsba-pdp - deploymentEnabled: true - - dsba-pdp: - - # DB - db: - enabled: false - migrate: - enabled: false - - deployment: - # Log level - logLevel: DEBUG - - # iSHARE config - ishare: - existingSecret: ips-dsc-vcwaltid-tls-sec - - clientId: did:web:ips.dsba.aws.fiware.io:did - - # Initial list of fingerprints for trusted CAs. This will be overwritten - # after the first update from the trust anchor. - trustedFingerprints: - - D2F62092F982CF783D4632BD86FA86C3FBFDB2D8C8A58BC6809163FCF5CD030B - - ar: - id: "did:web:ips.dsba.aws.fiware.io:did" - delegationPath: "/ar/delegation" - tokenPath: "/oauth2/token" - url: "https://ar-ips.dsba.aws.fiware.io" - - trustAnchor: - id: "EU.EORI.FIWARESATELLITE" - tokenPath: "/token" - trustedListPath: "/trusted_list" - url: "https://tir.dsba.fiware.dev" - - # Verifier - trustedVerifiers: - - https://ips-verifier.dsba.aws.fiware.io/.well-known/jwks - - # Provider DID - providerId: "did:web:ips.dsba.aws.fiware.io:did" - - # ENVs - additionalEnvVars: - - name: ISHARE_CERTIFICATE_PATH - value: /iShare/tls.crt - - name: ISHARE_KEY_PATH - value: /iShare/tls.key - -kong: - # Enable the deployment of application: kong - deploymentEnabled: true - - kong: - replicaCount: 1 - - proxy: - enabled: true - tls: - enabled: false - - # Provide Ingress or Route config here - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - ingressClassName: nginx - tls: kong-ips-dsba-tls - hostname: ips-kong.dsba.aws.fiware.io - route: - enabled: false - - # Provide the kong.yml configuration (either as existing CM, secret or directly in the values.yaml) - dblessConfig: - configMap: "" - secret: "" - config: | - _format_version: "2.1" - _transform: true - - consumers: - - username: token-consumer - keyauth_credentials: - - tags: - - token-key - - tir-key - - services: - - host: "ips-dsc-orion" - name: "ips" - port: 1026 - protocol: http - - routes: - - name: ips - paths: - - /ips - strip_path: true - - plugins: - - name: pep-plugin - config: - pathprefix: "/ips" - authorizationendpointtype: ExtAuthz - authorizationendpointaddress: http://ips-dsc-dsba-pdp:8080/authz - - - name: request-transformer - config: - remove: - headers: - - Authorization - - authorization - -mongodb: - # Enable the deployment of application: mongodb - deploymentEnabled: true - - mongodb: - - # DB Authorization - auth: - enabled: true - # Should use a Secret on production deployments - rootPassword: "dbPassword" - - # Required for permissions to PVC - podSecurityContext: - enabled: true - fsGroup: 1001 - containerSecurityContext: - enabled: true - runAsUser: 1001 - runAsGroup: 0 - runAsNonRoot: true - - # Set resources - resources: - limits: - cpu: 200m - memory: 512Mi - - persistence: - enabled: true - size: 8Gi - -mysql: - # Enable the deployment of application: mysql - deploymentEnabled: true - - mysql: - fullnameOverride: mysql-ips - auth: - # Should use a Secret on production deployments - rootPassword: "dbPassword" - password: "dbPassword" - -orion-ld: - # Enable the deployment of application: orion-ld - deploymentEnabled: true - - orion: - - broker: - db: - auth: - user: root - password: "dbPassword" - mech: "SCRAM-SHA-1" - hosts: - - ips-dsc-mongodb - - initData: - initEnabled: true - hook: post-install - backoffLimit: 6 - entities: - - name: deliveryorder_happypets001.json - data: | - { - "id": "urn:ngsi-ld:DELIVERYORDER:HAPPYPETS001", - "type": "DELIVERYORDER", - "issuer": { - "type": "Property", - "value": "Happy Pets" - }, - "destinee": { - "type": "Property", - "value": "Happy Pets customer via IPS" - }, - "deliveryAddress": { - "type": "Property", - "value": { - "addressCountry": "DE", - "addressRegion": "Berlin", - "addressLocality": "Berlin", - "postalCode": "12345", - "streetAddress": "Customer Strasse 23" - } - }, - "originAddress": { - "type": "Property", - "value": { - "addressCountry": "DE", - "addressRegion": "Berlin", - "addressLocality": "Berlin", - "postalCode": "12345", - "streetAddress": "HappyPets Strasse 15" - } - }, - "pda": { - "type": "Property", - "value": "2021-10-03" - }, - "pta": { - "type": "Property", - "value": "14:00:00" - }, - "eda": { - "type": "Property", - "value": "2021-10-02" - }, - "eta": { - "type": "Property", - "value": "14:00:00" - }, - "@context": [ - "https://schema.lab.fiware.org/ld/context" - ] - } - - - name: deliveryorder_happypets002.json - data: | - { - "id": "urn:ngsi-ld:DELIVERYORDER:HAPPYPETS002", - "type": "DELIVERYORDER", - "issuer": { - "type": "Property", - "value": "Happy Pets" - }, - "destinee": { - "type": "Property", - "value": "Happy Pets 2nd customer via IPS" - }, - "deliveryAddress": { - "type": "Property", - "value": { - "addressCountry": "DE", - "addressRegion": "Hamburg", - "addressLocality": "Hamburg", - "postalCode": "23456", - "streetAddress": "Customer Str. 19" - } - }, - "originAddress": { - "type": "Property", - "value": { - "addressCountry": "DE", - "addressRegion": "Berlin", - "addressLocality": "Berlin", - "postalCode": "12345", - "streetAddress": "HappyPets Strasse 15" - } - }, - "pda": { - "type": "Property", - "value": "2021-11-12" - }, - "pta": { - "type": "Property", - "value": "11:00:00" - }, - "eda": { - "type": "Property", - "value": "2021-11-12" - }, - "eta": { - "type": "Property", - "value": "11:00:00" - }, - "@context": [ - "https://schema.lab.fiware.org/ld/context" - ] - } - -postgres: - # Enable the deployment of application: postgres - deploymentEnabled: true - - postgresql: - - fullnameOverride: postgresql-ips - - auth: - # Should use a Secret for PWs on production deployments - # Credentials for Keycloak DB - username: keycloak - password: "dbPassword" - enablePostgresUser: true - - # Credentials for postgres admin user - postgresPassword: "dbRootPassword" - - # Init DB - primary: - initdb: - scripts: - create.sh: | - psql postgresql://postgres:${POSTGRES_POSTGRES_PASSWORD}@localhost:5432 -c "CREATE DATABASE keycloak_ips;" - -trusted-issuers-list: - # Enable the deployment of application: trusted-issuers-list - deploymentEnabled: true - - trusted-issuers-list: - - # Ingress - ingress: - til: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - kubernetes.io/ingress.class: nginx - hosts: - - host: til-ips.dsba.aws.fiware.io - tls: - - hosts: - - til-ips.dsba.aws.fiware.io - secretName: til-ips-dsba-til-tls - tir: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - kubernetes.io/ingress.class: nginx - hosts: - - host: tir-ips.dsba.aws.fiware.io - tls: - - hosts: - - tir-ips.dsba.aws.fiware.io - secretName: til-ips-dsba-tir-tls - - # Database config - database: - persistence: true - host: mysql-ips - name: til - - # Should use Secret in production environment - username: root - password: "dbPassword" - - # Init data - initData: - initEnabled: true - hook: post-install - backoffLimit: 6 - issuers: - - name: mp_create - issuer: - did: "did:web:marketplace.dsba.fiware.dev:did" - credentials: - - validFor: - from: "2022-07-21T17:32:28Z" - to: "2040-07-21T17:32:28Z" - credentialsType: "IpsActivationService" - claims: - - name: "roles" - allowedValues: - - - names: - - "CREATE_ISSUER" - target: "did:web:ips.dsba.aws.fiware.io:did" - - validFor: - from: "2022-07-21T17:32:28Z" - to: "2040-07-21T17:32:28Z" - credentialsType: "VerifiableCredential" - -vcwaltid: - # Enable the deployment of application: vcwaltid - deploymentEnabled: true - - # Organisation DID - did: did:web:ips.dsba.aws.fiware.io:did - ingress: - enabled: true - host: ips.dsba.aws.fiware.io - annotations: - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - tls: - enabled: true - route: - enabled: false - - # Walt-id config - vcwaltid: - - # Persistence - persistence: - enabled: true - pvc: - size: 1Gi - - # List of templates to be created - templates: - GaiaXParticipantCredential.json: | - { - "@context": [ - "https://www.w3.org/2018/credentials/v1", - "https://registry.lab.dsba.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#" - ], - "type": [ - "VerifiableCredential" - ], - "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", - "issuer": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", - "issuanceDate": "2023-03-21T12:00:00.148Z", - "credentialSubject": { - "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", - "type": "gx:LegalParticipant", - "gx:legalName": "dsba compliant participant", - "gx:legalRegistrationNumber": { - "gx:vatID": "MYVATID" - }, - "gx:headquarterAddress": { - "gx:countrySubdivisionCode": "BE-BRU" - }, - "gx:legalAddress": { - "gx:countrySubdivisionCode": "BE-BRU" - }, - "gx-terms-and-conditions:gaiaxTermsAndConditions": "70c1d713215f95191a11d38fe2341faed27d19e083917bc8732ca4fea4976700" - } - } - NaturalPersonCredential.json: | - { - "@context": ["https://www.w3.org/2018/credentials/v1"], - "credentialSchema": { - "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", - "type": "FullJsonSchemaValidator2021" - }, - "credentialSubject": { - "type": "gx:NaturalParticipant", - "familyName": "Happy", - "firstName": "User", - "roles": [{ - "names": ["LEGAL_REPRESENTATIVE"], - "target": "did:web:onboarding" - }] - }, - "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", - "issued": "2021-08-31T00:00:00Z", - "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", - "validFrom": "2021-08-31T00:00:00Z", - "issuanceDate": "2021-08-31T00:00:00Z", - "type": ["VerifiableCredential", "LegalPersonCredential"] - } - MarketplaceUserCredential.json: | - { - "@context": ["https://www.w3.org/2018/credentials/v1"], - "credentialSchema": { - "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", - "type": "FullJsonSchemaValidator2021" - }, - "credentialSubject": { - "type": "gx:NaturalParticipant", - "email": "normal-user@fiware.org", - "familyName": "IPS", - "firstName": "employee", - "lastName": "IPS", - "roles": [{ - "names": ["LEGAL_REPRESENTATIVE"], - "target": "did:web:onboarding" - }] - }, - "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", - "issued": "2021-08-31T00:00:00Z", - "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", - "validFrom": "2021-08-31T00:00:00Z", - "issuanceDate": "2021-08-31T00:00:00Z", - "type": ["MarketplaceUserCredential"] - } - EmployeeCredential.json: | - { - "@context": ["https://www.w3.org/2018/credentials/v1"], - "credentialSchema": { - "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", - "type": "FullJsonSchemaValidator2021" - }, - "credentialSubject": { - "type": "gx:NaturalParticipant", - "email": "normal-user@fiware.org", - "familyName": "IPS", - "firstName": "employee", - "lastName": "IPS", - "roles": [{ - "names": ["LEGAL_REPRESENTATIVE"], - "target": "did:web:onboarding" - }] - }, - "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", - "issued": "2021-08-31T00:00:00Z", - "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", - "validFrom": "2021-08-31T00:00:00Z", - "issuanceDate": "2021-08-31T00:00:00Z", - "type": ["EmployeeCredential"] - } - -verifier: - # Enable the deployment of application: verifier - deploymentEnabled: true - - vcverifier: - - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - kubernetes.io/ingress.class: nginx - hosts: - - host: ips-verifier.dsba.aws.fiware.io - paths: - - / - tls: - - hosts: - - ips-verifier.dsba.aws.fiware.io - secretName: verifier-ips-dsba-tls - - deployment: - - # Logging - logging: - level: DEBUG - pathsToSkip: - - "/health" - - # Server config - server: - # Place external host here when publishing verifier with public URL - host: https://ips-verifier.dsba.aws.fiware.io - - # Walt-id config - ssikit: - auditorUrl: http://ips-dsc-vcwaltid:7003 - - # Verifier config - verifier: - # URL endpoint of data space trusted issuers registry - tirAddress: https://tir.dsba.fiware.dev/v3/issuers - # DID of organisation - did: did:web:ips.dsba.aws.fiware.io:did - - # Config service - configRepo: - configEndpoint: http://ips-dsc-credentials-config-service:8080/ - - -keyrock: - # Enable the deployment of application: keyrock - deploymentEnabled: true - - keyrock: - fullnameOverride: keyrock-ips - - # DB config - db: - user: root - password: "dbPassword" - host: mysql-ips - - # Admin user to be created - admin: - user: admin - password: "admin" - email: admin@fiware.org - - # External hostname of Keyrock - host: https://ar-ips.dsba.aws.fiware.io - - # Ingress - ingress: - enabled: true - annotations: - cert-manager.io/cluster-issuer: letsencrypt-fiware-eks - kubernetes.io/ingress.class: nginx - hosts: - - host: ar-ips.dsba.aws.fiware.io - paths: - - / - tls: - - hosts: - - ar-ips.dsba.aws.fiware.io - secretName: ar-ips-dsba-tls - - ## Theme configuration for Keyrock - theme: - ## -- Enable theme - enabled: false - - ## Configuration of Authorisation Registry (AR) - authorisationRegistry: - # -- Enable usage of authorisation registry - enabled: true - # -- Identifier (EORI) of AR - identifier: "did:web:ips.dsba.aws.fiware.io:did" - # -- URL of AR - url: "internal" - - ## Configuration of iSHARE Satellite - satellite: - # -- Enable usage of satellite - enabled: true - # -- Identifier (EORI) of satellite - identifier: "EU.EORI.FIWARESATELLITE" - # -- URL of satellite - url: "https://tir.dsba.fiware.dev" - # -- Token endpoint of satellite - tokenEndpoint: "https://tir.dsba.fiware.dev/token" - # -- Parties endpoint of satellite - partiesEndpoint: "https://tir.dsba.fiware.dev/parties" - - ## -- Configuration of local key and certificate for validation and generation of tokens - token: - # -- Enable storage of local key and certificate - enabled: false - - # ENV variables for Keyrock - additionalEnvVars: - - name: IDM_TITLE - value: "IPS AR" - - name: IDM_DEBUG - value: "true" - - name: DEBUG - value: "*" - - name: IDM_DB_NAME - value: ar_idm_ips - - name: IDM_DB_SEED - value: "true" - - name: IDM_SERVER_MAX_HEADER_SIZE - value: "32768" - - name: IDM_PR_CLIENT_ID - value: "did:web:ips.dsba.aws.fiware.io:did" - - name: IDM_PR_CLIENT_KEY - valueFrom: - secretKeyRef: - name: ips-dsc-vcwaltid-tls-sec - key: tls.key - - name: IDM_PR_CLIENT_CRT - valueFrom: - secretKeyRef: - name: ips-dsc-vcwaltid-tls-sec - key: tls.crt - - # Init data - initData: - initEnabled: true - hook: post-install - backoffLimit: 6 - command: - - /bin/sh - - /scripts/create.sh - volumeMount: - name: scripts - mountPath: /scripts - env: - - name: DB_PASSWORD - value: "dbPassword" - scriptData: - create.sh: |- - mysql -h mysql-ips -u root -p$DB_PASSWORD ar_idm_ips <IPS Keycloak", - "enabled": true, - "attributes": { - "frontendUrl": "https://ips-kc.dsba.aws.fiware.io" - }, - "sslRequired": "none", - "roles": { - "realm": [ - { - "name": "user", - "description": "User privileges", - "composite": false, - "clientRole": false, - "containerId": "fiware-server", - "attributes": {} - } - ], - "client": { - "did:web:onboarding.dsba.fiware.dev:did": [ - { - "name": "LEGAL_REPRESENTATIVE", - "description": "Is allowed to register participants", - "clientRole": true - }, - { - "name": "EMPLOYEE", - "description": "Is allowed to see participants", - "clientRole": true - } - ], - "did:web:marketplace.dsba.fiware.dev:did": [ - { - "name": "customer", - "description": "Is allowed to buy.", - "clientRole": true - }, - { - "name": "seller", - "description": "Is allowed to offer.", - "clientRole": true - } - ], - "did:web:ips.dsba.aws.fiware.io:did": [ - { - "name": "STANDARD_CUSTOMER", - "description": "User to access IPS with read access", - "clientRole": true - }, - { - "name": "GOLD_CUSTOMER", - "description": "User to access IPS with read/write access", - "clientRole": true - } - ] - } - }, - "groups": [ - { - "name": "admin", - "path": "/admin", - "realmRoles": [ - "user" - ] - }, - { - "name": "consumer", - "path": "/consumer", - "realmRoles": [ - "user" - ] - } - ], - "users": [ - { - "username": "the-lear", - "enabled": true, - "email": "lear@ips.org", - "credentials": [ - { - "type": "password", - "value": "the-lear" - } - ], - "clientRoles": { - "did:web:onboarding.dsba.fiware.dev:did": [ - "LEGAL_REPRESENTATIVE", - "EMPLOYEE" - ], - "account": [ - "view-profile", - "manage-account" - ] - }, - "groups": [ - "/admin", - "/consumer" - ] - }, - { - "username": "legal-representative", - "enabled": true, - "email": "legal-representative@ips.org", - "firstName": "Legal", - "lastName": "IPSEmployee", - "credentials": [ - { - "type": "password", - "value": "legal-representative" - } - ], - "clientRoles": { - "did:web:marketplace.dsba.fiware.dev:did" : [ - "customer", - "seller" - ], - "did:web:onboarding.dsba.fiware.dev:did": [ - "LEGAL_REPRESENTATIVE" - ], - "account": [ - "view-profile", - "manage-account" - ] - }, - "groups": [ - "/admin", - "/consumer" - ] - }, - { - "username": "standard-employee", - "enabled": true, - "email": "standard-employee@ips.org", - "credentials": [ - { - "type": "password", - "value": "standard-employee" - } - ], - "clientRoles": { - "did:web:onboarding.dsba.fiware.dev:did": [ - "EMPLOYEE" - ], - "did:web:ips.dsba.aws.fiware.io:did": [ - "GOLD_CUSTOMER" - ], - "account": [ - "view-profile", - "manage-account" - ] - }, - "groups": [ - "/consumer" - ] - } - ], - "clients": [ - { - "clientId": "did:web:ips.dsba.aws.fiware.io:did", - "enabled": true, - "description": "Client for internal users", - "surrogateAuthRequired": false, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "defaultRoles": [], - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "SIOP-2", - "attributes": { - "client.secret.creation.time": "1675260539", - "expiryInMin": "3600", - "vctypes_EmployeeCredential": "ldp_vc,jwt_vc_json", - "EmployeeCredential_claims": "email,firstName,familyName,roles" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "clientId": "did:web:marketplace.dsba.fiware.dev:did", - "enabled": true, - "description": "Client to connect to the marketplace", - "surrogateAuthRequired": false, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "defaultRoles": [], - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "SIOP-2", - "attributes": { - "client.secret.creation.time": "1675260539", - "expiryInMin": "3600", - "vctypes_MarketplaceUserCredential": "ldp_vc,jwt_vc_json", - "MarketplaceUserCredential_claims": "email,firstName,lastName,roles" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "clientId": "did:web:onboarding.dsba.fiware.dev:did", - "enabled": true, - "description": "Client to connect the onboarding service at portal.dsba.fiware.dev", - "surrogateAuthRequired": false, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "defaultRoles": [], - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "SIOP-2", - "attributes": { - "client.secret.creation.time": "1675260539", - "expiryInMin": "3600", - "vctypes_NaturalPersonCredential": "ldp_vc,jwt_vc_json", - "vctypes_GaiaXParticipantCredential": "ldp_vc,jwt_vc_json", - "vc_subjectDid": "did:web:packetdelivery.dsba.fiware.dev:did", - "vc_gx:legalName": "Packet Delivery Company Inc.", - "GaiaXParticipantCredential_claims": "subjectDid,gx:legalName", - "NaturalPersonCredential_claims": "email,firstName,familyName,roles" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [], - "optionalClientScopes": [] - }, - { - "clientId": "did:web:marketplace.dsba.fiware.dev:did", - "enabled": true, - "description": "Client to connect to the marketplace", - "surrogateAuthRequired": false, - "alwaysDisplayInConsole": false, - "clientAuthenticatorType": "client-secret", - "defaultRoles": [], - "redirectUris": [], - "webOrigins": [], - "notBefore": 0, - "bearerOnly": false, - "consentRequired": false, - "standardFlowEnabled": true, - "implicitFlowEnabled": false, - "directAccessGrantsEnabled": false, - "serviceAccountsEnabled": false, - "publicClient": false, - "frontchannelLogout": false, - "protocol": "SIOP-2", - "attributes": { - "client.secret.creation.time": "1675260539", - "expiryInMin": "3600", - "vctypes_MarketplaceUserCredential": "ldp_vc,jwt_vc_json", - "MarketplaceUserCredential_claims": "email,firstName,lastName,roles" - }, - "authenticationFlowBindingOverrides": {}, - "fullScopeAllowed": true, - "nodeReRegistrationTimeout": -1, - "defaultClientScopes": [], - "optionalClientScopes": [] - } - ], - "clientScopes": [ - { - "name": "fiware-scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "name": "fiware-scope-object", - "protocol": "openid-connect", - "protocolMapper": "oidc-script-based-protocol-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "multivalued": "true", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "fiware-scope-object", - "script": "/**\n * Available variables: \n * user - the current user\n * realm - the current realm\n * token - the current token\n * userSession - the current userSession\n * keycloakSession - the current userSession\n */\n\nvar ArrayList = Java.type(\"java.util.ArrayList\");\nvar fiware_scope = new ArrayList();\n\nvar forEach = Array.prototype.forEach;\n\nvar fiware_service;\nvar fiware_servicepath;\nvar fiware_entry;\nvar roles = '';\n\nvar orion_client = realm.getClientByClientId('orion-pep');\n\nfiware_service = user.getFirstAttribute('fiware-service');\nfiware_servicepath = user.getFirstAttribute('fiware-servicepath');\nif (fiware_service !== null && fiware_servicepath !== null) {\n\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n\n var roleModels = user.getClientRoleMappings(orion_client);\n if (roleModels.size() > 0) {\n forEach.call(\n user.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = {};\n}\n\nforEach.call(\n user.getGroups().toArray(),\n function (group) {\n\n fiware_service = group.getFirstAttribute('fiware-service');\n fiware_servicepath = group.getFirstAttribute('fiware-servicepath');\n if (fiware_service !== null && fiware_servicepath !== null) {\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n\n var roleModels = group.getClientRoleMappings(orion_client);\n if (roleModels.size() > 0) {\n forEach.call(\n group.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = {};\n } else if (group.getParentId() !== null) {\n fiware_service = group.getParent().getFirstAttribute('fiware-service');\n fiware_servicepath = group.getParent().getFirstAttribute('fiware-servicepath');\n\n if (fiware_service !== null && fiware_servicepath !== null) {\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n var subroleModels = group.getClientRoleMappings(orion_client);\n if (subroleModels.size() > 0) {\n forEach.call(\n group.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = '';\n }\n }\n }\n);\n\nexports = fiware_scope;" - } - } - ] - }, - { - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" - } - }, - { - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String" - } - }, - { - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - } - ] - }, - { - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - }, - { - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String", - "multivalued": "true" - } - }, - { - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String", - "multivalued": "true" - } - } - ] - }, - { - "name": "email", - "description": "OpenID Connect built-in scope: email", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${emailScopeConsentText}" - }, - "protocolMappers": [ - { - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String" - } - }, - { - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean" - } - } - ] - }, - { - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${phoneScopeConsentText}" - }, - "protocolMappers": [ - { - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean" - } - }, - { - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String" - } - } - ] - }, - { - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${addressScopeConsentText}" - }, - "protocolMappers": [ - { - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${profileScopeConsentText}" - }, - "protocolMappers": [ - { - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String" - } - }, - { - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String" - } - }, - { - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String" - } - }, - { - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String" - } - }, - { - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String" - } - }, - { - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String" - } - }, - { - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String" - } - }, - { - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String" - } - }, - { - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String" - } - }, - { - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String" - } - }, - { - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "String" - } - }, - { - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String" - } - }, - { - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "userinfo.token.claim": "true", - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String" - } - } - ] - }, - { - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false", - "consent.screen.text": "" - }, - "protocolMappers": [ - { - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - } - ], - "defaultDefaultClientScopes": [ - "roles", - "role_list", - "email", - "web-origins", - "profile" - ], - "defaultOptionalClientScopes": [ - "microprofile-jwt", - "phone", - "address", - "offline_access" - ] - } - -contract-management: - # Enable the deployment of application: contract-management - deploymentEnabled: true - contract-management: - til: - ## Type of Verifiable Credential necessary for accessing the service - credentialType: VerifiableCredential - ## Claims with permissions granted to given Verifiable Credential - claims: - ## DID of the target service that is requiring the permissions - - target: "did:web:ips.dsba.aws.fiware.io:did" - ## Roles that are added/allowed for the given service - roles: - - STANDARD_CUSTOMER - - GOLD_CUSTOMER - services: - product: - url: http://ips-dsc-tm-forum-api-envoy:8080 - party: - url: http://ips-dsc-tm-forum-api-envoy:8080 - til: - url: http://ips-dsc-trusted-issuers-list:8080