Align with deploy/dsba branch (#49)

* deploy (#35)

* Dev/provider (#5)

* Add keyrock

* Increase chart version

* Add PDP

* Add kong

* Adding AS

* Add AS to DSC values

* Add participant label

* Change issuer version and add data volume

* Fix data volume

* Test AS pre-release

* Change to latest AS release

* Switch to default PDC values

* Rename folder of PDP

* Make DID CM optional

* Renaming walt-id chart

* Renaimg default URLs and secret names for walt chart name change

* verifier using did registry (#6)

* Verifier using DID Registry (#8)

* Allow to disable certain apps when deploying with Helm and various fixes for plain Helm deployment with Ingress (#10)

* Allow to disable certain apps when deploying with Helm

* Adding example values file

* Add waltId ingress

* Updating walt-id config and adding keycloak

* Update doc

* Adding verifier

* Add TIL

* Remove doubled PDP app

* Adding Keyrock and dsba-pdp

* Adding kong

* Adding AS

* Extend doc

* Update examples/service-provider-ips/README.md

Fix typo

Co-authored-by: Tim Smyth <[email protected]>

---------

Co-authored-by: Tim Smyth <[email protected]>
Co-authored-by: Tim Smyth <[email protected]>

* Updated images of keycloak-vc-issuer and waltid (#11)

* Update values.yaml

* Update values.yaml (#14)

* Add TMForum APIs (#13)

* Add TMForum APIs

* Remove spec URL

* Switching to Test-Image

---------

Co-authored-by: Stefan Wiedemann <[email protected]>

* Change TMForum chart (#17)

* Add TMForum APIs

* Remove spec URL

* Switching to Test-Image

* Change TMForum chart

---------

Co-authored-by: Stefan Wiedemann <[email protected]>

* enable the proxy (#18)

* Update values.yaml (#20)

* Update values.yaml (#22)

* Extend documentation (#30)

* Extend documentation

* typo

* Extend doc for providing config parameters (#32)

* Extend documentation

* typo

* Extend doc for providing config parameters

* Update README.md

Co-authored-by: Tim Smyth <[email protected]>

---------

Co-authored-by: Tim Smyth <[email protected]>

* Integration with AWS Garnet (#33)

* Adding folder for AWS STF

* Add TOC

* Fix TOC

* rename aws-smart-territory-framework to aws-garnet in file structure

* add content structure to AWS Garnet integration example documentation

* add placeholder EKS nginx Ingress Controller Configuration

* add resources to help deploy eks cluster

* clean up unused resources

* add steps to create eks cluster

* add steps to deploy nginx ingress controller

* restructure readme separating 2 possible configurations

* add modified cdk stack for deployment of aws garnet iot module only

* add steps to deploy isolated aws garnet iot module and integrate to amazon eks cluster

* fix scenario image order

* improve diagram image quality

* fix diagram order

* fix diagram order

* add useful kubectl scripts for debugging

* add separate structures for scenario 1 and scenario 2

* add instructions for scenario2 deployment

* fix scenario 2 disable orion deployment

* add links to internal files in project structure

* add podLogs placeholder for doc links

* Update ToC link

---------

Co-authored-by: EC2 Default User <[email protected]>
Co-authored-by: asanode-aws <[email protected]>

* Update values.yaml

* Added redis caching support (#34)

Co-authored-by: Stefan Wiedemann <[email protected]>

---------

Co-authored-by: Dennis Wendland <[email protected]>
Co-authored-by: Tim Smyth <[email protected]>
Co-authored-by: Tim Smyth <[email protected]>
Co-authored-by: beknazaresenbek <[email protected]>
Co-authored-by: EC2 Default User <[email protected]>
Co-authored-by: asanode-aws <[email protected]>

* fix indent, remove yaml anchors (#37)

* Deploy

---------

Co-authored-by: Stefan Wiedemann <[email protected]>
Co-authored-by: Tim Smyth <[email protected]>
Co-authored-by: Tim Smyth <[email protected]>
Co-authored-by: beknazaresenbek <[email protected]>
Co-authored-by: EC2 Default User <[email protected]>
Co-authored-by: asanode-aws <[email protected]>

README.md

@@ -74,4 +74,4 @@ The chart is [generated](generate.sh) on each merge to master from the current a
 ### Examples
 
 Different examples for the deployment of the FIWARE Data Space connector can be found 
-under [./examples](./examples).
+under the [./examples](./examples) directory.

data-space-connector/values.yaml

@@ -9,8 +9,6 @@ secretsEnabled: &secretsEnabled false
 host: &host
 tlsSecret: &tlsSecret
 participant: my-provider
-tmForumProxy: &tmForumProxy proxy-tmforum-api
-tilService: &tilService til-service
 
 applications:
 
@@ -61,10 +59,6 @@ applications:
     destination: *destination
     helm_values:
     - values.yaml
-    values:
-      trusted-issuers-list:
-        service:
-          serviceNameOverride: *tilService
 
   - name: vcwaltid
     enabled: true
@@ -129,11 +123,6 @@ applications:
     destination: *destination
     helm_values:
     - values.yaml
-    values:
-      tm-forum-api:
-        apiProxy:
-          service:
-            nameOverride: *tmForumProxy
 
   - name: contract-management
     enabled: true
@@ -142,12 +131,3 @@ applications:
     destination: *destination
     helm_values:
       - values.yaml
-    values:
-      contract-management:
-        services:
-          product:
-            url: http://*tmForumProxy:8080
-          party:
-            url: http://*tmForumProxy:8080
-          til:
-            url: http://*tilService:8080

examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/index.ts

@@ -0,0 +1,98 @@
+import { Aws, CfnOutput, Duration, Names } from "aws-cdk-lib"
+import { EndpointType, LambdaRestApi } from "aws-cdk-lib/aws-apigateway"
+import { InterfaceVpcEndpoint, Peer, Port, SecurityGroup, Vpc } from "aws-cdk-lib/aws-ec2"
+import { AnyPrincipal, Effect, PolicyDocument, PolicyStatement } from "aws-cdk-lib/aws-iam"
+import { Architecture, Code, Function, Runtime } from "aws-cdk-lib/aws-lambda"
+import { Construct } from "constructs"
+
+export interface GarnetPrivateSubProps {
+    vpc: Vpc
+  }
+
+  export class GarnetPrivateSub extends Construct {
+
+    public readonly private_sub_endpoint: string
+
+    constructor(scope: Construct, id: string, props: GarnetPrivateSubProps) {
+      super(scope, id)
+
+        // SECURITY GROUP
+        const sg_garnet_vpc_endpoint = new SecurityGroup(this, 'PrivateSubSecurityGroup', {
+            securityGroupName: `garnet-private-sub-endpoint-sg-${Names.uniqueId(this).slice(-8).toLowerCase()}`,
+            vpc: props.vpc,
+            allowAllOutbound: true
+        })
+        sg_garnet_vpc_endpoint.addIngressRule(Peer.anyIpv4(), Port.tcp(443))
+
+        // VPC ENDPOINT  
+        const vpc_endpoint = new InterfaceVpcEndpoint(this, 'GarnetPrivateSubEndpoint', {
+            vpc: props.vpc,
+            service: {
+            name: `com.amazonaws.${Aws.REGION}.execute-api`,
+            port: 443
+            },
+            privateDnsEnabled: true,
+            securityGroups: [sg_garnet_vpc_endpoint]
+        })
+
+        // LAMBDA 
+        const lambda_garnet_private_sub_path = `${__dirname}/lambda/garnetSub`
+        const lambda_garnet_private_sub = new Function(this, 'GarnetSubFunction', {
+        functionName: `garnet-private-sub-lambda-${Names.uniqueId(this).slice(-8).toLowerCase()}`, 
+            runtime: Runtime.NODEJS_18_X,
+            code: Code.fromAsset(lambda_garnet_private_sub_path),
+            handler: 'index.handler',
+            timeout: Duration.seconds(50),
+            architecture: Architecture.ARM_64,
+            environment: {
+            AWSIOTREGION: Aws.REGION
+            }
+        })
+
+        lambda_garnet_private_sub.addToRolePolicy(new PolicyStatement({
+            actions: ["iot:Publish"],
+            resources: [`arn:aws:iot:${Aws.REGION}:${Aws.ACCOUNT_ID}:topic/garnet/subscriptions/*`]
+        }))
+
+        // POLICY 
+        const api_policy = new PolicyDocument({
+            statements: [
+            new PolicyStatement({
+                principals: [new AnyPrincipal],
+                actions: ['execute-api:Invoke'],
+                resources: ['execute-api:/*'],
+                effect: Effect.DENY,
+                conditions: {
+                StringNotEquals: {
+                    "aws:SourceVpce": vpc_endpoint.vpcEndpointId
+                }
+                }
+            }),
+            new PolicyStatement({
+                principals: [new AnyPrincipal],
+                actions: ['execute-api:Invoke'],
+                resources: ['execute-api:/*'],
+                effect: Effect.ALLOW
+            })
+            ]
+        })
+
+
+        const api_private_sub = new LambdaRestApi(this, 'ApiPrivateSub', {
+            restApiName:'garnet-private-sub-endpoint-api',
+            endpointTypes: [EndpointType.PRIVATE], 
+            handler: lambda_garnet_private_sub,
+            policy: api_policy
+          })
+
+          this.private_sub_endpoint = api_private_sub.url
+
+          new CfnOutput(this, 'ApiEndpoint', {
+            value: api_private_sub.url,
+            description: 'Private API Endpoint for Subscriptions'
+          })
+
+
+
+    }
+  }

examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/lambda/garnetSub/index.js

@@ -0,0 +1,56 @@
+const iot_region = process.env.AWSIOTREGION 
+const { IoTDataPlaneClient, PublishCommand } = require("@aws-sdk/client-iot-data-plane")
+const iotdata = new IoTDataPlaneClient({region: iot_region})
+
+exports.handler = async (event) => {
+    try {
+        const {body} = event
+        if(!body){
+            return {
+                statusCode: 400, 
+                headers: {
+                    "Content-Type": "application/json"
+                },
+                body: JSON.stringify({message: 'Bad Request. Notification is the only type valid'})
+            }
+        }
+        const payload = JSON.parse(body)
+        if(payload?.type != "Notification") {
+            console.log('ERROR not Notification')
+            return {
+                statusCode: 400, 
+                headers: {
+                    "Content-Type": "application/json"
+                },
+                body: JSON.stringify({message: 'Bad Request. Notification is the only type valid'})
+            }
+        }
+         // GET THE SUBSCRIPTION NAME FROM SUBSCRIPTION ID
+         const subName = `${payload.subscriptionId.split(':').slice(-1)}`
+         const publish = await iotdata.send(
+            new PublishCommand({
+                topic: `garnet/subscriptions/${subName}`,
+                payload: JSON.stringify(payload)
+            })
+         )
+
+         const response = {
+            statusCode: 200
+        }
+        return response
+
+    } catch (e) {
+        const response = {
+            statusCode: 500,
+            headers: {
+                "Content-Type": "application/json"
+            },
+            body: JSON.stringify({message: e.message}),
+        }
+        console.log(e)
+        return response
+
+    }
+
+
+}