diff --git a/README.md b/README.md index a4d057e..7178e3a 100644 --- a/README.md +++ b/README.md @@ -74,4 +74,4 @@ The chart is [generated](generate.sh) on each merge to master from the current a ### Examples Different examples for the deployment of the FIWARE Data Space connector can be found -under [./examples](./examples). +under the [./examples](./examples) directory. diff --git a/data-space-connector/values.yaml b/data-space-connector/values.yaml index 1d544de..dbe3c6b 100644 --- a/data-space-connector/values.yaml +++ b/data-space-connector/values.yaml @@ -9,8 +9,6 @@ secretsEnabled: &secretsEnabled false host: &host tlsSecret: &tlsSecret participant: my-provider -tmForumProxy: &tmForumProxy proxy-tmforum-api -tilService: &tilService til-service applications: @@ -61,10 +59,6 @@ applications: destination: *destination helm_values: - values.yaml - values: - trusted-issuers-list: - service: - serviceNameOverride: *tilService - name: vcwaltid enabled: true @@ -129,11 +123,6 @@ applications: destination: *destination helm_values: - values.yaml - values: - tm-forum-api: - apiProxy: - service: - nameOverride: *tmForumProxy - name: contract-management enabled: true @@ -142,12 +131,3 @@ applications: destination: *destination helm_values: - values.yaml - values: - contract-management: - services: - product: - url: http://*tmForumProxy:8080 - party: - url: http://*tmForumProxy:8080 - til: - url: http://*tilService:8080 diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/bucket_time.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/bucket_time.png new file mode 100644 index 0000000..87cfd32 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/bucket_time.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/bucket_type.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/bucket_type.png new file mode 100644 index 0000000..e32544e Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/bucket_type.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/cdkoutputs.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/cdkoutputs.png new file mode 100644 index 0000000..63f4402 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/cdkoutputs.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/cfoutputs.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/cfoutputs.png new file mode 100644 index 0000000..b046e69 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/cfoutputs.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deletething.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deletething.png new file mode 100644 index 0000000..de71fa5 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deletething.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadow.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadow.png new file mode 100644 index 0000000..b075136 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadow.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadow2.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadow2.png new file mode 100644 index 0000000..de7d111 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadow2.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadowlist2.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadowlist2.png new file mode 100644 index 0000000..09e7e38 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/deviceshadowlist2.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/entities.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/entities.png new file mode 100644 index 0000000..e78c490 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/entities.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/geospatialbikes.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/geospatialbikes.png new file mode 100644 index 0000000..7af5610 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/geospatialbikes.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/getthing.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/getthing.png new file mode 100644 index 0000000..4e6d85f Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/getthing.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/iotbucket.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/iotbucket.png new file mode 100644 index 0000000..ec5a307 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/iotbucket.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/lambdavpc.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/lambdavpc.png new file mode 100644 index 0000000..6f9d8d4 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/lambdavpc.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/listthings.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/listthings.png new file mode 100644 index 0000000..b250f92 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/listthings.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/orion_arch.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/orion_arch.png new file mode 100644 index 0000000..9a6b53d Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/orion_arch.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/parameters.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/parameters.png new file mode 100644 index 0000000..c30f35a Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/parameters.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postdevice.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postdevice.png new file mode 100644 index 0000000..904cf25 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postdevice.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmandelentity.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmandelentity.png new file mode 100644 index 0000000..c0f284b Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmandelentity.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmangetentity.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmangetentity.png new file mode 100644 index 0000000..b45647b Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmangetentity.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmanheader.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmanheader.png new file mode 100644 index 0000000..6e80d61 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmanheader.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmanpostentity.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmanpostentity.png new file mode 100644 index 0000000..7c48e8d Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postmanpostentity.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postshadow.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postshadow.png new file mode 100644 index 0000000..8ace196 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/postshadow.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/referencearch.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/referencearch.png new file mode 100644 index 0000000..88a561b Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/referencearch.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/scorpio_arch.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/scorpio_arch.png new file mode 100644 index 0000000..1bd3a57 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/scorpio_arch.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/shadowstate.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/shadowstate.png new file mode 100644 index 0000000..0105d9a Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/shadowstate.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/stf-yt2.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/stf-yt2.png new file mode 100644 index 0000000..b79b0f7 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/stf-yt2.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/stfiot_arch.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/stfiot_arch.png new file mode 100644 index 0000000..279bd67 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/stfiot_arch.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/things.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/things.png new file mode 100644 index 0000000..220521c Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/things.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/upsert.png b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/upsert.png new file mode 100644 index 0000000..aa0d975 Binary files /dev/null and b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/docs/images/upsert.png differ diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/index.ts b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/index.ts new file mode 100644 index 0000000..dd7f0ba --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/index.ts @@ -0,0 +1,98 @@ +import { Aws, CfnOutput, Duration, Names } from "aws-cdk-lib" +import { EndpointType, LambdaRestApi } from "aws-cdk-lib/aws-apigateway" +import { InterfaceVpcEndpoint, Peer, Port, SecurityGroup, Vpc } from "aws-cdk-lib/aws-ec2" +import { AnyPrincipal, Effect, PolicyDocument, PolicyStatement } from "aws-cdk-lib/aws-iam" +import { Architecture, Code, Function, Runtime } from "aws-cdk-lib/aws-lambda" +import { Construct } from "constructs" + +export interface GarnetPrivateSubProps { + vpc: Vpc + } + + export class GarnetPrivateSub extends Construct { + + public readonly private_sub_endpoint: string + + constructor(scope: Construct, id: string, props: GarnetPrivateSubProps) { + super(scope, id) + + // SECURITY GROUP + const sg_garnet_vpc_endpoint = new SecurityGroup(this, 'PrivateSubSecurityGroup', { + securityGroupName: `garnet-private-sub-endpoint-sg-${Names.uniqueId(this).slice(-8).toLowerCase()}`, + vpc: props.vpc, + allowAllOutbound: true + }) + sg_garnet_vpc_endpoint.addIngressRule(Peer.anyIpv4(), Port.tcp(443)) + + // VPC ENDPOINT + const vpc_endpoint = new InterfaceVpcEndpoint(this, 'GarnetPrivateSubEndpoint', { + vpc: props.vpc, + service: { + name: `com.amazonaws.${Aws.REGION}.execute-api`, + port: 443 + }, + privateDnsEnabled: true, + securityGroups: [sg_garnet_vpc_endpoint] + }) + + // LAMBDA + const lambda_garnet_private_sub_path = `${__dirname}/lambda/garnetSub` + const lambda_garnet_private_sub = new Function(this, 'GarnetSubFunction', { + functionName: `garnet-private-sub-lambda-${Names.uniqueId(this).slice(-8).toLowerCase()}`, + runtime: Runtime.NODEJS_18_X, + code: Code.fromAsset(lambda_garnet_private_sub_path), + handler: 'index.handler', + timeout: Duration.seconds(50), + architecture: Architecture.ARM_64, + environment: { + AWSIOTREGION: Aws.REGION + } + }) + + lambda_garnet_private_sub.addToRolePolicy(new PolicyStatement({ + actions: ["iot:Publish"], + resources: [`arn:aws:iot:${Aws.REGION}:${Aws.ACCOUNT_ID}:topic/garnet/subscriptions/*`] + })) + + // POLICY + const api_policy = new PolicyDocument({ + statements: [ + new PolicyStatement({ + principals: [new AnyPrincipal], + actions: ['execute-api:Invoke'], + resources: ['execute-api:/*'], + effect: Effect.DENY, + conditions: { + StringNotEquals: { + "aws:SourceVpce": vpc_endpoint.vpcEndpointId + } + } + }), + new PolicyStatement({ + principals: [new AnyPrincipal], + actions: ['execute-api:Invoke'], + resources: ['execute-api:/*'], + effect: Effect.ALLOW + }) + ] + }) + + + const api_private_sub = new LambdaRestApi(this, 'ApiPrivateSub', { + restApiName:'garnet-private-sub-endpoint-api', + endpointTypes: [EndpointType.PRIVATE], + handler: lambda_garnet_private_sub, + policy: api_policy + }) + + this.private_sub_endpoint = api_private_sub.url + + new CfnOutput(this, 'ApiEndpoint', { + value: api_private_sub.url, + description: 'Private API Endpoint for Subscriptions' + }) + + + + } + } \ No newline at end of file diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/lambda/garnetSub/index.js b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/lambda/garnetSub/index.js new file mode 100644 index 0000000..d61bcd4 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-constructs/privatesub/lambda/garnetSub/index.js @@ -0,0 +1,56 @@ +const iot_region = process.env.AWSIOTREGION +const { IoTDataPlaneClient, PublishCommand } = require("@aws-sdk/client-iot-data-plane") +const iotdata = new IoTDataPlaneClient({region: iot_region}) + +exports.handler = async (event) => { + try { + const {body} = event + if(!body){ + return { + statusCode: 400, + headers: { + "Content-Type": "application/json" + }, + body: JSON.stringify({message: 'Bad Request. Notification is the only type valid'}) + } + } + const payload = JSON.parse(body) + if(payload?.type != "Notification") { + console.log('ERROR not Notification') + return { + statusCode: 400, + headers: { + "Content-Type": "application/json" + }, + body: JSON.stringify({message: 'Bad Request. Notification is the only type valid'}) + } + } + // GET THE SUBSCRIPTION NAME FROM SUBSCRIPTION ID + const subName = `${payload.subscriptionId.split(':').slice(-1)}` + const publish = await iotdata.send( + new PublishCommand({ + topic: `garnet/subscriptions/${subName}`, + payload: JSON.stringify(payload) + }) + ) + + const response = { + statusCode: 200 + } + return response + + } catch (e) { + const response = { + statusCode: 500, + headers: { + "Content-Type": "application/json" + }, + body: JSON.stringify({message: e.message}), + } + console.log(e) + return response + + } + + +} \ No newline at end of file diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/index.ts b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/index.ts new file mode 100644 index 0000000..7eddae8 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/index.ts @@ -0,0 +1,317 @@ +import { Aws, Duration, Names } from "aws-cdk-lib"; +import { SubnetType, Vpc } from "aws-cdk-lib/aws-ec2"; +import { + ManagedPolicy, + PolicyStatement, + Role, + ServicePrincipal, +} from "aws-cdk-lib/aws-iam"; +import { CfnTopicRule } from "aws-cdk-lib/aws-iot"; +import { CfnDeliveryStream } from "aws-cdk-lib/aws-kinesisfirehose"; +import { + Code, + LayerVersion, + Runtime, + Function, + Architecture, +} from "aws-cdk-lib/aws-lambda"; +import { SqsEventSource } from "aws-cdk-lib/aws-lambda-event-sources"; +import { RetentionDays } from "aws-cdk-lib/aws-logs"; +import { Bucket } from "aws-cdk-lib/aws-s3"; +import { Topic } from "aws-cdk-lib/aws-sns"; +import { SqsSubscription } from "aws-cdk-lib/aws-sns-subscriptions"; +import { Queue } from "aws-cdk-lib/aws-sqs"; +import { + AwsCustomResource, + AwsCustomResourcePolicy, + PhysicalResourceId, +} from "aws-cdk-lib/custom-resources"; +import { Construct } from "constructs"; +import { Parameters } from "../../../../parameters"; + +export interface GarnetIotprops { + dns_context_broker: string; + vpc: Vpc; + bucket_arn: string; +} + +export class GarnetIot extends Construct { + public readonly sqs_garnet_iot_arn: string; + public readonly sns_garnet_iot: Topic; + + constructor(scope: Construct, id: string, props: GarnetIotprops) { + super(scope, id); + + //CHECK PROPS + if (!props.vpc) { + throw new Error( + "The property vpc is required to create an instance of GarnetIot Construct" + ); + } + if (!props.dns_context_broker) { + throw new Error( + "The property dns_context_broker is required to create an instance of GarnetIot Construct" + ); + } + if (!props.bucket_arn) { + throw new Error( + "The property bucket_arn is required to create an instance of GarnetIot Construct" + ); + } + + // IoT DATALAKE BUCKET + const bucket = Bucket.fromBucketArn(this, "IoTBucket", props.bucket_arn); + + // LAMBDA LAYER (SHARED LIBRARIES) + const layer_lambda_path = `./lib/stacks/garnet-iot/layers`; + const layer_lambda = new LayerVersion(this, "LayerLambda", { + code: Code.fromAsset(layer_lambda_path), + compatibleRuntimes: [Runtime.NODEJS_18_X], + }); + + // SQS ENTRY POINT + const sqs_garnet_endpoint = new Queue(this, "SqsGarnetIot", { + queueName: `garnet-iot-queue-${Aws.REGION}`, + }); + this.sqs_garnet_iot_arn = sqs_garnet_endpoint.queueArn; + + // LAMBDA TO UPDATE DEVICE SHADOW + const lambda_update_shadow_path = `${__dirname}/lambda/updateShadow`; + const lambda_update_shadow = new Function(this, "LambdaUpdateShadow", { + functionName: `garnet-iot-update-shadow-lambda-${Names.uniqueId(this) + .slice(-8) + .toLowerCase()}`, + runtime: Runtime.NODEJS_18_X, + code: Code.fromAsset(lambda_update_shadow_path), + handler: "index.handler", + timeout: Duration.seconds(15), + logRetention: RetentionDays.THREE_MONTHS, + architecture: Architecture.ARM_64, + environment: { + AWSIOTREGION: Aws.REGION, + SHADOW_PREFIX: Parameters.garnet_iot.shadow_prefix + }, + }); + + // ADD PERMISSION FOR LAMBDA THAT UPDATES SHADOW TO ACCESS SQS ENTRY POINT + lambda_update_shadow.addToRolePolicy( + new PolicyStatement({ + actions: [ + "sqs:ReceiveMessage", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + ], + resources: [`${sqs_garnet_endpoint.queueArn}`], + }) + ); + + // ADD PERMISSION TO ACCESS AWS IoT DEVICE SHADOW + lambda_update_shadow.addToRolePolicy( + new PolicyStatement({ + actions: ["iot:UpdateThingShadow"], + resources: [ + `arn:aws:iot:${Aws.REGION}:${Aws.ACCOUNT_ID}:thing/*/${Parameters.garnet_iot.shadow_prefix}-*`, + ], + }) + ); + + // ADD THE SQS ENTRY POINT AS EVENT SOURCE FOR LAMBDA + lambda_update_shadow.addEventSource( + new SqsEventSource(sqs_garnet_endpoint, { batchSize: 10 }) + ); + + // SQS TO LAMBDA CONTEXT BROKER + const sqs_to_context_broker = new Queue(this, "SqsToLambdaContextBroker", { + queueName: `garnet-iot-contextbroker-queue-${Aws.REGION}` + }); + + // ROLE THAT GRANTS ACCESS TO FIREHOSE TO READ/WRITE BUCKET + const role_firehose = new Role(this, "FirehoseRole", { + assumedBy: new ServicePrincipal("firehose.amazonaws.com"), + }); + bucket.grantReadWrite(role_firehose); + + // KINESIS FIREHOSE DELIVERY STREAM + const kinesis_firehose = new CfnDeliveryStream( + this, + "KinesisFirehoseDeliveryGarnetIotDataLake", + { + deliveryStreamName: `garnet-iot-firehose-stream-${Names.uniqueId(this).slice(-8).toLowerCase()}`, + deliveryStreamType: "DirectPut", + extendedS3DestinationConfiguration: { + bucketArn: bucket.bucketArn, + roleArn: role_firehose.roleArn, + bufferingHints: { + intervalInSeconds: 60, + sizeInMBs: 64, + }, + processingConfiguration: { + enabled: true, + processors: [ + { + type: "MetadataExtraction", + parameters: [ + { + parameterName: "MetadataExtractionQuery", + parameterValue: "{type:.type}", + }, + { + parameterName: "JsonParsingEngine", + parameterValue: "JQ-1.6", + }, + ], + }, + ], + }, + dynamicPartitioningConfiguration: { + enabled: true, + }, + prefix: `type=!{partitionKeyFromQuery:type}/dt=!{timestamp:yyyy}-!{timestamp:MM}-!{timestamp:dd}-!{timestamp:HH}/`, + errorOutputPrefix: `type=!{firehose:error-output-type}/dt=!{timestamp:yyy}-!{timestamp:MM}-!{timestamp:dd}-!{timestamp:HH}/`, + }, + } + ); + + // ROLE THAT GRANT ACCESS TO IOT RULE TO ACTIONS + const iot_rule_actions_role = new Role(this, "RoleGarnetIotRuleIngestion", { + assumedBy: new ServicePrincipal("iot.amazonaws.com"), + }); + iot_rule_actions_role.addToPolicy( + new PolicyStatement({ + resources: [ + `${sqs_to_context_broker.queueArn}`, + `${kinesis_firehose.attrArn}`, + ], + actions: [ + "sqs:SendMessage", + "firehose:DescribeDeliveryStream", + "firehose:ListDeliveryStreams", + "firehose:ListTagsForDeliveryStream", + "firehose:PutRecord", + "firehose:PutRecordBatch", + ], + }) + ); + + // IOT RULE THAT LISTENS TO CHANGES IN GARNET SHADOWS AND PUSH TO SQS + const iot_rule = new CfnTopicRule(this, "IoTRuleShadows", { + ruleName: `garnet_iot_rule_${Names.uniqueId(this).slice(-8).toLowerCase()}`, + topicRulePayload: { + awsIotSqlVersion: "2016-03-23", + ruleDisabled: false, + sql: `SELECT current.state.reported.* + FROM '$aws/things/+/shadow/name/+/update/documents' + WHERE startswith(topic(6), '${Parameters.garnet_iot.shadow_prefix}') + AND NOT isUndefined(current.state.reported.type)`, + actions: [ + { + sqs: { + queueUrl: sqs_to_context_broker.queueUrl, + roleArn: iot_rule_actions_role.roleArn, + }, + }, + { + firehose: { + deliveryStreamName: kinesis_firehose.ref, + roleArn: iot_rule_actions_role.roleArn, + separator: "\n", + }, + }, + ], + }, + }) + + + // IOT RULE THAT LISTENS TO SUBSCRIPTIONS AND PUSH TO FIREHOSE + const iot_rule_sub = new CfnTopicRule(this, "IotRuleSub", { + ruleName: `garnet_subscriptions_rule_${Names.uniqueId(this).slice(-8).toLowerCase()}`, + topicRulePayload: { + awsIotSqlVersion: "2016-03-23", + ruleDisabled: false, + sql: `SELECT * FROM 'garnet/subscriptions/+'`, + actions: [ + { + firehose: { + deliveryStreamName: kinesis_firehose.ref, + roleArn: iot_rule_actions_role.roleArn, + separator: "\n", + }, + }, + ], + }, + }) + + + + + // LAMBDA THAT GETS MESSAGES FROM THE QUEUE AND UPDATES CONTEXT BROKER + const lambda_to_context_broker_path = `${__dirname}/lambda/updateContextBroker`; + const lambda_to_context_broker = new Function( + this, + "LambdaUpdateContextBroker", + { + functionName: `garnet-iot-update-broker-lambda-${Names.uniqueId(this) + .slice(-8) + .toLowerCase()}`, + vpc: props.vpc, + vpcSubnets: { + subnetType: SubnetType.PRIVATE_WITH_EGRESS, + }, + runtime: Runtime.NODEJS_18_X, + code: Code.fromAsset(lambda_to_context_broker_path), + handler: "index.handler", + timeout: Duration.seconds(15), + logRetention: RetentionDays.THREE_MONTHS, + layers: [layer_lambda], + architecture: Architecture.ARM_64, + environment: { + DNS_CONTEXT_BROKER: props.dns_context_broker, + URL_SMART_DATA_MODEL: Parameters.garnet_iot.smart_data_model_url, + AWSIOTREGION: Aws.REGION, + SHADOW_PREFIX: Parameters.garnet_iot.shadow_prefix + }, + } + ); + + lambda_to_context_broker.addToRolePolicy( + new PolicyStatement({ + actions: [ + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + "ec2:CreateNetworkInterface", + "ec2:DescribeNetworkInterfaces", + "ec2:DeleteNetworkInterface", + "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", + ], + resources: ["*"], + }) + ); + + // ADD PERMISSION FOR LAMBDA TO ACCESS SQS + lambda_to_context_broker.addToRolePolicy( + new PolicyStatement({ + actions: [ + "sqs:ReceiveMessage", + "sqs:DeleteMessage", + "sqs:GetQueueAttributes", + ], + resources: [`${sqs_to_context_broker.queueArn}`], + }) + ); + + lambda_to_context_broker.addToRolePolicy( + new PolicyStatement({ + actions: ["iot:UpdateThingShadow", "iot:GetThingShadow"], + resources: [ + `arn:aws:iot:${Aws.REGION}:${Aws.ACCOUNT_ID}:thing/*/${Parameters.garnet_iot.shadow_prefix}-*`, + ], + }) + ); + + lambda_to_context_broker.addEventSource( + new SqsEventSource(sqs_to_context_broker, { batchSize: 10 }) + ); + } +} diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/lambda/updateContextBroker/index.js b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/lambda/updateContextBroker/index.js new file mode 100644 index 0000000..6e8d6e8 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/lambda/updateContextBroker/index.js @@ -0,0 +1,89 @@ +const iot_region = process.env.AWSIOTREGION +const shadow_prefix = process.env.SHADOW_PREFIX +const dns_broker = `http://${process.env.DNS_CONTEXT_BROKER}/ngsi-ld/v1` +const URL_SMART_DATA_MODEL = process.env.URL_SMART_DATA_MODEL + +const {IoTDataPlaneClient, UpdateThingShadowCommand, GetThingShadowCommand} = require('@aws-sdk/client-iot-data-plane') +const iotdata = new IoTDataPlaneClient({region: iot_region}) + +const axios = require('axios') + + + + +exports.handler = async (event, context) => { + + try { + let entities = [] + + for await (let msg of event.Records){ + let payload = JSON.parse(msg.body) + const thingName = `${payload.id.split(':').slice(-1)}` + if(!payload.id || !payload.type){ + throw new Error('Invalid entity: id or type is missing') + } + + // Check if location property is in the payload. If not, get it from the Garnet-Device named shadow + if(!payload.location && payload.type != 'Device') { + + try { + let {payload : device_shadow} = await iotdata.send( + new GetThingShadowCommand({ + thingName: thingName, + shadowName: `${shadow_prefix}-Device` + }) + ) + + device_shadow = JSON.parse( + new TextDecoder('utf-8').decode(device_shadow) + ) + payload.location = device_shadow.state.reported.location + + if(payload.location){ + const shadow_payload = { + state: { + reported: payload + } + } + let updateThingShadow = await iotdata.send( + new UpdateThingShadowCommand({ + payload: JSON.stringify(shadow_payload), + thingName: thingName, + shadowName: `${shadow_prefix}-${payload.type}` + }) + ) + } + + + + } catch (e) { + console.log(e.message) + } + } + if (payload.raw) delete payload.raw + entities.push(payload) + } + const headers = { + 'Content-Type': 'application/json', + 'Link': `<${URL_SMART_DATA_MODEL}>; rel="http://www.w3.org/ns/json-ld#context"; type="application/ld+json"` + } + try { + let upsert = await axios.post(`${dns_broker}/entityOperations/upsert`, entities, {headers: headers}) + } catch (e) { + log_error(event,context, e.message, e) + } + } catch (e) { + log_error(event,context, e.message, e) + } +} + + +const log_error = (event, context, message, error) => { + console.error(JSON.stringify({ + message: message, + event: event, + error: error, + context: context + })) +} + diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/lambda/updateShadow/index.js b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/lambda/updateShadow/index.js new file mode 100644 index 0000000..052e3e1 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/garnet-iot-core/lambda/updateShadow/index.js @@ -0,0 +1,54 @@ +const iot_region = process.env.AWSIOTREGION +const shadow_prefix = process.env.SHADOW_PREFIX +const url_broker = process.env.URL_CONTEXT_BROKER + +const {IoTDataPlaneClient, UpdateThingShadowCommand} = require('@aws-sdk/client-iot-data-plane') +const iotdata = new IoTDataPlaneClient({region: iot_region}) + + +exports.handler = async (event, context) => { + try { + + for await (let msg of event.Records){ + let payload = JSON.parse(msg.body) + + if(!payload.id || !payload.type){ + throw new Error('Invalid entity - id or type is missing') + } + + const thingName = `${payload.id.split(':').slice(-1)}` + + try { + const shadow_payload = { + state: { + reported: payload + } + } + + let updateThingShadow = await iotdata.send( + new UpdateThingShadowCommand({ + payload: JSON.stringify(shadow_payload), + thingName: thingName, + shadowName: `${shadow_prefix}-${payload.type}` + }) + ) + + } catch (e) { + log_error(event,context, e.message, e) + } + + } + + } catch (e) { + log_error(event,context, e.message, e) + } +} + +const log_error = (event, context, message, error) => { + console.error(JSON.stringify({ + message: message, + event: event, + error: error, + context: context + })) +} \ No newline at end of file diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/layers/nodejs/package-lock.json b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/layers/nodejs/package-lock.json new file mode 100644 index 0000000..125f2a8 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/layers/nodejs/package-lock.json @@ -0,0 +1,435 @@ +{ + "name": "nodejs", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "nodejs", + "version": "1.0.0", + "license": "ISC", + "dependencies": { + "aws-sdk": "^2.1426.0", + "axios": "^1.4.0" + } + }, + "node_modules/asynckit": { + "version": "0.4.0", + "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz", + "integrity": "sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q==" + }, + "node_modules/available-typed-arrays": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz", + "integrity": "sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/aws-sdk": { + "version": "2.1426.0", + "resolved": "https://registry.npmjs.org/aws-sdk/-/aws-sdk-2.1426.0.tgz", + "integrity": "sha512-qq4ydcRzQW2IqjMdCz5FklORREEtkSCJ2tm9CUJ2PaUOaljxpdxq9UI64vXiyRD+GIp5vdkmVNoTRi2rCXh3rA==", + "dependencies": { + "buffer": "4.9.2", + "events": "1.1.1", + "ieee754": "1.1.13", + "jmespath": "0.16.0", + "querystring": "0.2.0", + "sax": "1.2.1", + "url": "0.10.3", + "util": "^0.12.4", + "uuid": "8.0.0", + "xml2js": "0.5.0" + }, + "engines": { + "node": ">= 10.0.0" + } + }, + "node_modules/axios": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.4.0.tgz", + "integrity": "sha512-S4XCWMEmzvo64T9GfvQDOXgYRDJ/wsSZc7Jvdgx5u1sd0JwsuPLqb3SYmusag+edF6ziyMensPVqLTSc1PiSEA==", + "dependencies": { + "follow-redirects": "^1.15.0", + "form-data": "^4.0.0", + "proxy-from-env": "^1.1.0" + } + }, + "node_modules/base64-js": { + "version": "1.5.1", + "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz", + "integrity": "sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ] + }, + "node_modules/buffer": { + "version": "4.9.2", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.2.tgz", + "integrity": "sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg==", + "dependencies": { + "base64-js": "^1.0.2", + "ieee754": "^1.1.4", + "isarray": "^1.0.0" + } + }, + "node_modules/call-bind": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz", + "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==", + "dependencies": { + "function-bind": "^1.1.1", + "get-intrinsic": "^1.0.2" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/combined-stream": { + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz", + "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==", + "dependencies": { + "delayed-stream": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/delayed-stream": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz", + "integrity": "sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ==", + "engines": { + "node": ">=0.4.0" + } + }, + "node_modules/events": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/events/-/events-1.1.1.tgz", + "integrity": "sha512-kEcvvCBByWXGnZy6JUlgAp2gBIUjfCAV6P6TgT1/aaQKcmuAEC4OZTV1I4EWQLz2gxZw76atuVyvHhTxvi0Flw==", + "engines": { + "node": ">=0.4.x" + } + }, + "node_modules/follow-redirects": { + "version": "1.15.2", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz", + "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==", + "funding": [ + { + "type": "individual", + "url": "https://github.com/sponsors/RubenVerborgh" + } + ], + "engines": { + "node": ">=4.0" + }, + "peerDependenciesMeta": { + "debug": { + "optional": true + } + } + }, + "node_modules/for-each": { + "version": "0.3.3", + "resolved": "https://registry.npmjs.org/for-each/-/for-each-0.3.3.tgz", + "integrity": "sha512-jqYfLp7mo9vIyQf8ykW2v7A+2N4QjeCeI5+Dz9XraiO1ign81wjiH7Fb9vSOWvQfNtmSa4H2RoQTrrXivdUZmw==", + "dependencies": { + "is-callable": "^1.1.3" + } + }, + "node_modules/form-data": { + "version": "4.0.0", + "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.0.tgz", + "integrity": "sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww==", + "dependencies": { + "asynckit": "^0.4.0", + "combined-stream": "^1.0.8", + "mime-types": "^2.1.12" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==" + }, + "node_modules/get-intrinsic": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.1.tgz", + "integrity": "sha512-2DcsyfABl+gVHEfCOaTrWgyt+tb6MSEGmKq+kI5HwLbIYgjgmMcV8KQ41uaKz1xxUcn9tJtgFbQUEVcEbd0FYw==", + "dependencies": { + "function-bind": "^1.1.1", + "has": "^1.0.3", + "has-proto": "^1.0.1", + "has-symbols": "^1.0.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/gopd": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz", + "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==", + "dependencies": { + "get-intrinsic": "^1.1.3" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dependencies": { + "function-bind": "^1.1.1" + }, + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/has-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.1.tgz", + "integrity": "sha512-7qE+iP+O+bgF9clE5+UoBFzE65mlBiVj3tKCrlNQ0Ogwm0BjpT/gK4SlLYDMybDh5I3TCTKnPPa0oMG7JDYrhg==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-symbols": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.3.tgz", + "integrity": "sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-tostringtag": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/has-tostringtag/-/has-tostringtag-1.0.0.tgz", + "integrity": "sha512-kFjcSNhnlGV1kyoGk7OXKSawH5JOb/LzUc5w9B02hOTO0dfFRjbHQKvg1d6cf3HbeUmtU9VbbV3qzZ2Teh97WQ==", + "dependencies": { + "has-symbols": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/ieee754": { + "version": "1.1.13", + "resolved": "https://registry.npmjs.org/ieee754/-/ieee754-1.1.13.tgz", + "integrity": "sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg==" + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==" + }, + "node_modules/is-arguments": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/is-arguments/-/is-arguments-1.1.1.tgz", + "integrity": "sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA==", + "dependencies": { + "call-bind": "^1.0.2", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-callable": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz", + "integrity": "sha512-1BC0BVFhS/p0qtw6enp8e+8OD0UrK0oFLztSjNzhcKA3WDuJxxAPXzPuPtKkjEY9UUoEWlX/8fgKeu2S8i9JTA==", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-generator-function": { + "version": "1.0.10", + "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.10.tgz", + "integrity": "sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A==", + "dependencies": { + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/is-typed-array": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/is-typed-array/-/is-typed-array-1.1.12.tgz", + "integrity": "sha512-Z14TF2JNG8Lss5/HMqt0//T9JeHXttXy5pH/DBU4vi98ozO2btxzq9MwYDZYnKwU8nRsz/+GVFVRDq3DkVuSPg==", + "dependencies": { + "which-typed-array": "^1.1.11" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==" + }, + "node_modules/jmespath": { + "version": "0.16.0", + "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.16.0.tgz", + "integrity": "sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==", + "engines": { + "node": ">= 0.6.0" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==" + }, + "node_modules/punycode": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.3.2.tgz", + "integrity": "sha512-RofWgt/7fL5wP1Y7fxE7/EmTLzQVnB0ycyibJ0OOHIlJqTNzglYFxVwETOcIoJqJmpDXJ9xImDv+Fq34F/d4Dw==" + }, + "node_modules/querystring": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz", + "integrity": "sha512-X/xY82scca2tau62i9mDyU9K+I+djTMUsvwf7xnUX5GLvVzgJybOJf4Y6o9Zx3oJK/LSXg5tTZBjwzqVPaPO2g==", + "deprecated": "The querystring API is considered Legacy. new code should use the URLSearchParams API instead.", + "engines": { + "node": ">=0.4.x" + } + }, + "node_modules/sax": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.1.tgz", + "integrity": "sha512-8I2a3LovHTOpm7NV5yOyO8IHqgVsfK4+UuySrXU8YXkSRX7k6hCV9b3HrkKCr3nMpgj+0bmocaJJWpvp1oc7ZA==" + }, + "node_modules/url": { + "version": "0.10.3", + "resolved": "https://registry.npmjs.org/url/-/url-0.10.3.tgz", + "integrity": "sha512-hzSUW2q06EqL1gKM/a+obYHLIO6ct2hwPuviqTTOcfFVc61UbfJ2Q32+uGL/HCPxKqrdGB5QUwIe7UqlDgwsOQ==", + "dependencies": { + "punycode": "1.3.2", + "querystring": "0.2.0" + } + }, + "node_modules/util": { + "version": "0.12.5", + "resolved": "https://registry.npmjs.org/util/-/util-0.12.5.tgz", + "integrity": "sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA==", + "dependencies": { + "inherits": "^2.0.3", + "is-arguments": "^1.0.4", + "is-generator-function": "^1.0.7", + "is-typed-array": "^1.1.3", + "which-typed-array": "^1.1.2" + } + }, + "node_modules/uuid": { + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/uuid/-/uuid-8.0.0.tgz", + "integrity": "sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw==", + "bin": { + "uuid": "dist/bin/uuid" + } + }, + "node_modules/which-typed-array": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.11.tgz", + "integrity": "sha512-qe9UWWpkeG5yzZ0tNYxDmd7vo58HDBc39mZ0xWWpolAGADdFOzkfamWLDxkOWcvHQKVmdTyQdLD4NOfjLWTKew==", + "dependencies": { + "available-typed-arrays": "^1.0.5", + "call-bind": "^1.0.2", + "for-each": "^0.3.3", + "gopd": "^1.0.1", + "has-tostringtag": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/xml2js": { + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz", + "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==", + "dependencies": { + "sax": ">=0.6.0", + "xmlbuilder": "~11.0.0" + }, + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/xmlbuilder": { + "version": "11.0.1", + "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz", + "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA==", + "engines": { + "node": ">=4.0" + } + } + } +} diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/layers/nodejs/package.json b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/layers/nodejs/package.json new file mode 100644 index 0000000..b6289e8 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-iot/layers/nodejs/package.json @@ -0,0 +1,16 @@ +{ + "name": "nodejs", + "version": "1.0.0", + "description": "", + "main": "index.js", + "scripts": { + "test": "echo \"Error: no test specified\" && exit 1" + }, + "keywords": [], + "author": "", + "license": "ISC", + "dependencies": { + "aws-sdk": "^2.1426.0", + "axios": "^1.4.0" + } +} diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-orion/garnet-orion.ts b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-orion/garnet-orion.ts new file mode 100644 index 0000000..2e0aa40 --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/lib/stacks/garnet-orion/garnet-orion.ts @@ -0,0 +1,42 @@ +import { Aws, CfnOutput, NestedStack, NestedStackProps } from "aws-cdk-lib" +import { Construct } from "constructs" +import { GarnetSecret } from "../garnet-constructs/secret"; +import { GarnetNetworking } from "../garnet-constructs/networking"; +//import { GarnetOrionDatabase } from "./database"; +//import { GarnetOrionFargate } from "./fargate"; +import { Parameters } from "../../../parameters"; +import { Vpc } from "aws-cdk-lib/aws-ec2"; +import { GarnetApiGateway } from "../garnet-constructs/apigateway"; +import { Secret } from "aws-cdk-lib/aws-secretsmanager"; + +export interface GarnetOrionProps extends NestedStackProps{ + vpc: Vpc, + secret: Secret +} + +export class GarnetOrion extends NestedStack { + + public readonly dns_context_broker: string + public readonly broker_api_endpoint: string + public readonly api_ref: string + + + constructor(scope: Construct, id: string, props: GarnetOrionProps) { + super(scope, id, props) + + const api_stack = new GarnetApiGateway(this, "Api", { + vpc: props.vpc, + fargate_albListenerArn: Parameters.amazon_eks_cluster_load_balancer_listener_arn, //TODO Replace with EKS Cluster Load Balancer Listener ARN // Pass the listenerArn as a string fargate_alb: ``//fargate_construct.fargate_alb, + }) + + new CfnOutput(this, "garnet_endpoint", { + value: `https://${api_stack.api_ref}.execute-api.${Aws.REGION}.amazonaws.com`, + }) + + this.broker_api_endpoint = `https://${api_stack.api_ref}.execute-api.${Aws.REGION}.amazonaws.com`; + this.dns_context_broker = Parameters.amazon_eks_cluster_load_balancer_dns //TODO Replace with EKS Cluster Load Balancer DNS name //fargate_construct.fargate_alb.loadBalancer.loadBalancerDnsName; + this.api_ref = api_stack.api_ref; + + } + +} diff --git a/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/test/stf-core.test.ts b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/test/stf-core.test.ts new file mode 100644 index 0000000..2c3c74b --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/aws-garnet-iot-module/test/stf-core.test.ts @@ -0,0 +1,17 @@ +// import * as cdk from 'aws-cdk-lib'; +// import { Template } from 'aws-cdk-lib/assertions'; +// import * as Garnet from '../lib/garnet-stack'; + +// example test. To run these tests, uncomment this file along with the +// example resource in lib/garnet-stack.ts +test('SQS Queue Created', () => { +// const app = new cdk.App(); +// // WHEN +// const stack = new Garnet.GarnetStack(app, 'MyTestStack'); +// // THEN +// const template = Template.fromStack(stack); + +// template.hasResourceProperties('AWS::SQS::Queue', { +// VisibilityTimeout: 300 +// }); +}); diff --git a/examples/aws-garnet/scenario-1-deployment/yaml/values-dsc-awl-load-balancer-controller-scenario1.yaml b/examples/aws-garnet/scenario-1-deployment/yaml/values-dsc-awl-load-balancer-controller-scenario1.yaml new file mode 100644 index 0000000..a8f213e --- /dev/null +++ b/examples/aws-garnet/scenario-1-deployment/yaml/values-dsc-awl-load-balancer-controller-scenario1.yaml @@ -0,0 +1,1770 @@ +# should argo-cd applications be created? +argoApplications: false + + +#Sub-Chart configuration + +activation-service: + # Enable the deployment of application: activation-service + deploymentEnabled: true + + activation-service: + ## Configuration of activation service execution + activationService: + # -- Number of (gunicorn) workers that should be created + workers: 1 + # -- Maximum header size in bytes + maxHeaderSize: 32768 + # -- Log Level + logLevel: "debug" + + ## Add Ingress or OpenShift Route + route: + enabled: false + + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: ips-as.dsba.aws.fiware.io + paths: + - / + tls: + - hosts: + - ips-as.dsba.aws.fiware.io + secretName: as-ips-dsba-tls + + ## CCS config + ccs: + endpoint: "http://ips-dsc-credentials-config-service:8080/" + id: "ips-activation-service" + credentials: + - type: "VerifiableCredential" + trustedParticipantsLists: [ + "https://tir.dsba.fiware.dev" + ] + trustedIssuersLists: [ + "http://ips-dsc-trusted-issuers-list:8080" + ] + - type: "IpsActivationService" + trustedParticipantsLists: [ + "https://tir.dsba.fiware.dev" + ] + trustedIssuersLists: [ + "http://ips-dsc-trusted-issuers-list:8080" + ] + + ## AS config + config: + + # DB + db: + # -- Use sqlite in-memory database + useMemory: true + # -- Enable tracking of modifications + modTracking: false + # -- Enable SQL logging to stderr + echo: true + + # Configuration for additional API keys to protect certain endpoints + apikeys: + # Config for Trusted-Issuers-List flow + issuer: + # Header name + headerName: "AS-API-KEY" + # API key (auto-generated if left empty) + apiKey: "77ab4a67-ea3c-4348-98bd-2e9f0304bfb8" + # Enable for /issuer endpoint (API key will be required) + enabledIssuer: true + + issuer: + clientId: "ips-activation-service" + providerId: "did:web:ips.dsba.aws.fiware.io:did" + tilUri: "http://ips-dsc-trusted-issuers-list:8080" + verifierUri: "https://ips-verifier.dsba.aws.fiware.io" + samedevicePath: "/api/v1/samedevice" + jwksPath: "/.well-known/jwks" + algorithms: + - "ES256" + roles: + createRole: "CREATE_ISSUER" + updateRole: "UPDATE_ISSUER" + deleteRole: "DELETE_ISSUER" + +credentials-config-service: + # Enable the deployment of application: credentials-config-service + deploymentEnabled: true + + credentials-config-service: + + # Database config + database: + persistence: true + host: mysql-ips + name: ccs + + # Should use Secret in production environment + username: root + password: "dbPassword" + +dsba-pdp: + # Enable the deployment of application: dsba-pdp + deploymentEnabled: true + + dsba-pdp: + + # DB + db: + enabled: false + migrate: + enabled: false + + deployment: + # Log level + logLevel: DEBUG + + # iSHARE config + ishare: + existingSecret: ips-dsc-vcwaltid-tls-sec + + clientId: did:web:ips.dsba.aws.fiware.io:did + + # Initial list of fingerprints for trusted CAs. This will be overwritten + # after the first update from the trust anchor. + trustedFingerprints: + - D2F62092F982CF783D4632BD86FA86C3FBFDB2D8C8A58BC6809163FCF5CD030B + + ar: + id: "did:web:ips.dsba.aws.fiware.io:did" + delegationPath: "/ar/delegation" + tokenPath: "/oauth2/token" + url: "https://ar-ips.dsba.aws.fiware.io" + + trustAnchor: + id: "EU.EORI.FIWARESATELLITE" + tokenPath: "/token" + trustedListPath: "/trusted_list" + url: "https://tir.dsba.fiware.dev" + + # Verifier + trustedVerifiers: + - https://ips-verifier.dsba.aws.fiware.io/.well-known/jwks + + # Provider DID + providerId: "did:web:ips.dsba.aws.fiware.io:did" + + # ENVs + additionalEnvVars: + - name: ISHARE_CERTIFICATE_PATH + value: /iShare/tls.crt + - name: ISHARE_KEY_PATH + value: /iShare/tls.key + +kong: + # Enable the deployment of application: kong + deploymentEnabled: true + + kong: + replicaCount: 1 + + proxy: + enabled: true + tls: + enabled: false + + # Provide Ingress or Route config here + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + #ingressClassName: nginx + tls: kong-ips-dsba-tls + hostname: ips-kong.dsba.aws.fiware.io + route: + enabled: false + + # Provide the kong.yml configuration (either as existing CM, secret or directly in the values.yaml) + dblessConfig: + configMap: "" + secret: "" + config: | + _format_version: "2.1" + _transform: true + + consumers: + - username: token-consumer + keyauth_credentials: + - tags: + - token-key + - tir-key + + services: + - host: "ips-dsc-orion" + name: "ips" + port: 1026 + protocol: http + + routes: + - name: ips + paths: + - /ips + strip_path: true + + plugins: + - name: pep-plugin + config: + pathprefix: "/ips" + authorizationendpointtype: ExtAuthz + authorizationendpointaddress: http://ips-dsc-dsba-pdp:8080/authz + + - name: request-transformer + config: + remove: + headers: + - Authorization + - authorization + +mongodb: + # Enable the deployment of application: mongodb + deploymentEnabled: true + + mongodb: + + # DB Authorization + auth: + enabled: true + # Should use a Secret on production deployments + rootPassword: "dbPassword" + + # Required for permissions to PVC + podSecurityContext: + enabled: true + fsGroup: 1001 + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + + # Set resources + resources: + limits: + cpu: 200m + memory: 512Mi + + persistence: + enabled: true + size: 8Gi + +mysql: + # Enable the deployment of application: mysql + deploymentEnabled: true + + mysql: + fullnameOverride: mysql-ips + auth: + # Should use a Secret on production deployments + rootPassword: "dbPassword" + password: "dbPassword" + +orion-ld: + # Enable the deployment of application: orion-ld + deploymentEnabled: true + + orion: + + broker: + db: + auth: + user: root + password: "dbPassword" + mech: "SCRAM-SHA-1" + hosts: + - ips-dsc-mongodb + + initData: + initEnabled: true + hook: post-install + backoffLimit: 6 + entities: + - name: deliveryorder_happypets001.json + data: | + { + "id": "urn:ngsi-ld:DELIVERYORDER:HAPPYPETS001", + "type": "DELIVERYORDER", + "issuer": { + "type": "Property", + "value": "Happy Pets" + }, + "destinee": { + "type": "Property", + "value": "Happy Pets customer via IPS" + }, + "deliveryAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Berlin", + "addressLocality": "Berlin", + "postalCode": "12345", + "streetAddress": "Customer Strasse 23" + } + }, + "originAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Berlin", + "addressLocality": "Berlin", + "postalCode": "12345", + "streetAddress": "HappyPets Strasse 15" + } + }, + "pda": { + "type": "Property", + "value": "2021-10-03" + }, + "pta": { + "type": "Property", + "value": "14:00:00" + }, + "eda": { + "type": "Property", + "value": "2021-10-02" + }, + "eta": { + "type": "Property", + "value": "14:00:00" + }, + "@context": [ + "https://schema.lab.fiware.org/ld/context" + ] + } + + - name: deliveryorder_happypets002.json + data: | + { + "id": "urn:ngsi-ld:DELIVERYORDER:HAPPYPETS002", + "type": "DELIVERYORDER", + "issuer": { + "type": "Property", + "value": "Happy Pets" + }, + "destinee": { + "type": "Property", + "value": "Happy Pets 2nd customer via IPS" + }, + "deliveryAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Hamburg", + "addressLocality": "Hamburg", + "postalCode": "23456", + "streetAddress": "Customer Str. 19" + } + }, + "originAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Berlin", + "addressLocality": "Berlin", + "postalCode": "12345", + "streetAddress": "HappyPets Strasse 15" + } + }, + "pda": { + "type": "Property", + "value": "2021-11-12" + }, + "pta": { + "type": "Property", + "value": "11:00:00" + }, + "eda": { + "type": "Property", + "value": "2021-11-12" + }, + "eta": { + "type": "Property", + "value": "11:00:00" + }, + "@context": [ + "https://schema.lab.fiware.org/ld/context" + ] + } + +postgres: + # Enable the deployment of application: postgres + deploymentEnabled: true + + postgresql: + + fullnameOverride: postgresql-ips + + auth: + # Should use a Secret for PWs on production deployments + # Credentials for Keycloak DB + username: keycloak + password: "dbPassword" + enablePostgresUser: true + + # Credentials for postgres admin user + postgresPassword: "dbRootPassword" + + # Init DB + primary: + initdb: + scripts: + create.sh: | + psql postgresql://postgres:${POSTGRES_POSTGRES_PASSWORD}@localhost:5432 -c "CREATE DATABASE keycloak_ips;" + +trusted-issuers-list: + # Enable the deployment of application: trusted-issuers-list + deploymentEnabled: true + + trusted-issuers-list: + + # Ingress + ingress: + til: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: til-ips.dsba.aws.fiware.io + tls: + - hosts: + - til-ips.dsba.aws.fiware.io + secretName: til-ips-dsba-til-tls + tir: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: tir-ips.dsba.aws.fiware.io + tls: + - hosts: + - tir-ips.dsba.aws.fiware.io + secretName: til-ips-dsba-tir-tls + + # Database config + database: + persistence: true + host: mysql-ips + name: til + + # Should use Secret in production environment + username: root + password: "dbPassword" + + # Init data + initData: + initEnabled: true + hook: post-install + backoffLimit: 6 + issuers: + - name: mp_create + issuer: + did: "did:web:marketplace.dsba.fiware.dev:did" + credentials: + - validFor: + from: "2022-07-21T17:32:28Z" + to: "2040-07-21T17:32:28Z" + credentialsType: "IpsActivationService" + claims: + - name: "roles" + allowedValues: + - - names: + - "CREATE_ISSUER" + target: "did:web:ips.dsba.aws.fiware.io:did" + - validFor: + from: "2022-07-21T17:32:28Z" + to: "2040-07-21T17:32:28Z" + credentialsType: "VerifiableCredential" + +vcwaltid: + # Enable the deployment of application: vcwaltid + deploymentEnabled: true + + # Organisation DID + did: did:web:ips.dsba.aws.fiware.io:did + ingress: + enabled: true + host: ips.dsba.aws.fiware.io + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + tls: + enabled: true + route: + enabled: false + + # Walt-id config + vcwaltid: + + # Persistence + persistence: + enabled: true + pvc: + size: 1Gi + + # List of templates to be created + templates: + GaiaXParticipantCredential.json: | + { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://registry.lab.dsba.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#" + ], + "type": [ + "VerifiableCredential" + ], + "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", + "issuer": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", + "issuanceDate": "2023-03-21T12:00:00.148Z", + "credentialSubject": { + "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", + "type": "gx:LegalParticipant", + "gx:legalName": "dsba compliant participant", + "gx:legalRegistrationNumber": { + "gx:vatID": "MYVATID" + }, + "gx:headquarterAddress": { + "gx:countrySubdivisionCode": "BE-BRU" + }, + "gx:legalAddress": { + "gx:countrySubdivisionCode": "BE-BRU" + }, + "gx-terms-and-conditions:gaiaxTermsAndConditions": "70c1d713215f95191a11d38fe2341faed27d19e083917bc8732ca4fea4976700" + } + } + NaturalPersonCredential.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "type": "gx:NaturalParticipant", + "familyName": "Happy", + "firstName": "User", + "roles": [{ + "names": ["LEGAL_REPRESENTATIVE"], + "target": "did:web:onboarding" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["VerifiableCredential", "LegalPersonCredential"] + } + MarketplaceUserCredential.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "type": "gx:NaturalParticipant", + "email": "normal-user@fiware.org", + "familyName": "IPS", + "firstName": "employee", + "lastName": "IPS", + "roles": [{ + "names": ["LEGAL_REPRESENTATIVE"], + "target": "did:web:onboarding" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["MarketplaceUserCredential"] + } + EmployeeCredential.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "type": "gx:NaturalParticipant", + "email": "normal-user@fiware.org", + "familyName": "IPS", + "firstName": "employee", + "lastName": "IPS", + "roles": [{ + "names": ["LEGAL_REPRESENTATIVE"], + "target": "did:web:onboarding" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["EmployeeCredential"] + } + +verifier: + # Enable the deployment of application: verifier + deploymentEnabled: true + + vcverifier: + + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: ips-verifier.dsba.aws.fiware.io + paths: + - / + tls: + - hosts: + - ips-verifier.dsba.aws.fiware.io + secretName: verifier-ips-dsba-tls + + deployment: + + # Logging + logging: + level: DEBUG + pathsToSkip: + - "/health" + + # Walt-id config + ssikit: + auditorUrl: http://ips-dsc-vcwaltid:7003 + + # Verifier config + verifier: + # URL endpoint of data space trusted issuers registry + tirAddress: https://tir.dsba.fiware.dev/v3/issuers + # DID of organisation + did: did:web:ips.dsba.aws.fiware.io:did + + # Config service + configRepo: + configEndpoint: http://ips-dsc-credentials-config-service:8080/ + + +keyrock: + # Enable the deployment of application: keyrock + deploymentEnabled: true + + keyrock: + fullnameOverride: keyrock-ips + + # DB config + db: + user: root + password: "dbPassword" + host: mysql-ips + + # Admin user to be created + admin: + user: admin + password: "admin" + email: admin@fiware.org + + # External hostname of Keyrock + host: https://ar-ips.dsba.aws.fiware.io + + # Ingress + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: ar-ips.dsba.aws.fiware.io + paths: + - / + tls: + - hosts: + - ar-ips.dsba.aws.fiware.io + secretName: ar-ips-dsba-tls + + ## Theme configuration for Keyrock + theme: + ## -- Enable theme + enabled: false + + ## Configuration of Authorisation Registry (AR) + authorisationRegistry: + # -- Enable usage of authorisation registry + enabled: true + # -- Identifier (EORI) of AR + identifier: "did:web:ips.dsba.aws.fiware.io:did" + # -- URL of AR + url: "internal" + + ## Configuration of iSHARE Satellite + satellite: + # -- Enable usage of satellite + enabled: true + # -- Identifier (EORI) of satellite + identifier: "EU.EORI.FIWARESATELLITE" + # -- URL of satellite + url: "https://tir.dsba.fiware.dev" + # -- Token endpoint of satellite + tokenEndpoint: "https://tir.dsba.fiware.dev/token" + # -- Parties endpoint of satellite + partiesEndpoint: "https://tir.dsba.fiware.dev/parties" + + ## -- Configuration of local key and certificate for validation and generation of tokens + token: + # -- Enable storage of local key and certificate + enabled: false + + # ENV variables for Keyrock + additionalEnvVars: + - name: IDM_TITLE + value: "IPS AR" + - name: IDM_DEBUG + value: "true" + - name: DEBUG + value: "*" + - name: IDM_DB_NAME + value: ar_idm_ips + - name: IDM_DB_SEED + value: "true" + - name: IDM_SERVER_MAX_HEADER_SIZE + value: "32768" + - name: IDM_PR_CLIENT_ID + value: "did:web:ips.dsba.aws.fiware.io:did" + - name: IDM_PR_CLIENT_KEY + valueFrom: + secretKeyRef: + name: ips-dsc-vcwaltid-tls-sec + key: tls.key + - name: IDM_PR_CLIENT_CRT + valueFrom: + secretKeyRef: + name: ips-dsc-vcwaltid-tls-sec + key: tls.crt + + # Init data + initData: + initEnabled: true + hook: post-install + backoffLimit: 6 + command: + - /bin/sh + - /scripts/create.sh + volumeMount: + name: scripts + mountPath: /scripts + env: + - name: DB_PASSWORD + value: "dbPassword" + scriptData: + create.sh: |- + mysql -h mysql-ips -u root -p$DB_PASSWORD ar_idm_ips <IPS Keycloak", + "enabled": true, + "attributes": { + "frontendUrl": "https://ips-kc.dsba.aws.fiware.io" + }, + "sslRequired": "none", + "roles": { + "realm": [ + { + "name": "user", + "description": "User privileges", + "composite": false, + "clientRole": false, + "containerId": "fiware-server", + "attributes": {} + } + ], + "client": { + "did:web:onboarding.dsba.fiware.dev:did": [ + { + "name": "LEGAL_REPRESENTATIVE", + "description": "Is allowed to register participants", + "clientRole": true + }, + { + "name": "EMPLOYEE", + "description": "Is allowed to see participants", + "clientRole": true + } + ], + "did:web:marketplace.dsba.fiware.dev:did": [ + { + "name": "customer", + "description": "Is allowed to buy.", + "clientRole": true + }, + { + "name": "seller", + "description": "Is allowed to offer.", + "clientRole": true + } + ], + "did:web:ips.dsba.aws.fiware.io:did": [ + { + "name": "STANDARD_CUSTOMER", + "description": "User to access IPS with read access", + "clientRole": true + }, + { + "name": "GOLD_CUSTOMER", + "description": "User to access IPS with read/write access", + "clientRole": true + } + ] + } + }, + "groups": [ + { + "name": "admin", + "path": "/admin", + "realmRoles": [ + "user" + ] + }, + { + "name": "consumer", + "path": "/consumer", + "realmRoles": [ + "user" + ] + } + ], + "users": [ + { + "username": "the-lear", + "enabled": true, + "email": "lear@ips.org", + "credentials": [ + { + "type": "password", + "value": "the-lear" + } + ], + "clientRoles": { + "did:web:onboarding.dsba.fiware.dev:did": [ + "LEGAL_REPRESENTATIVE", + "EMPLOYEE" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/admin", + "/consumer" + ] + }, + { + "username": "legal-representative", + "enabled": true, + "email": "legal-representative@ips.org", + "firstName": "Legal", + "lastName": "IPSEmployee", + "credentials": [ + { + "type": "password", + "value": "legal-representative" + } + ], + "clientRoles": { + "did:web:marketplace.dsba.fiware.dev:did" : [ + "customer", + "seller" + ], + "did:web:onboarding.dsba.fiware.dev:did": [ + "LEGAL_REPRESENTATIVE" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/admin", + "/consumer" + ] + }, + { + "username": "standard-employee", + "enabled": true, + "email": "standard-employee@ips.org", + "credentials": [ + { + "type": "password", + "value": "standard-employee" + } + ], + "clientRoles": { + "did:web:onboarding.dsba.fiware.dev:did": [ + "EMPLOYEE" + ], + "did:web:ips.dsba.aws.fiware.io:did": [ + "GOLD_CUSTOMER" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/consumer" + ] + } + ], + "clients": [ + { + "clientId": "did:web:ips.dsba.aws.fiware.io:did", + "enabled": true, + "description": "Client for internal users", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_EmployeeCredential": "ldp_vc,jwt_vc_json", + "EmployeeCredential_claims": "email,firstName,familyName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "clientId": "did:web:marketplace.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to connect to the marketplace", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_MarketplaceUserCredential": "ldp_vc,jwt_vc_json", + "MarketplaceUserCredential_claims": "email,firstName,lastName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "clientId": "did:web:onboarding.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to connect the onboarding service at portal.dsba.fiware.dev", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_NaturalPersonCredential": "ldp_vc,jwt_vc_json", + "vctypes_GaiaXParticipantCredential": "ldp_vc,jwt_vc_json", + "vc_subjectDid": "did:web:packetdelivery.dsba.fiware.dev:did", + "vc_gx:legalName": "Packet Delivery Company Inc.", + "GaiaXParticipantCredential_claims": "subjectDid,gx:legalName", + "NaturalPersonCredential_claims": "email,firstName,familyName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "clientId": "did:web:marketplace.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to connect to the marketplace", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_MarketplaceUserCredential": "ldp_vc,jwt_vc_json", + "MarketplaceUserCredential_claims": "email,firstName,lastName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + } + ], + "clientScopes": [ + { + "name": "fiware-scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "name": "fiware-scope-object", + "protocol": "openid-connect", + "protocolMapper": "oidc-script-based-protocol-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "multivalued": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "fiware-scope-object", + "script": "/**\n * Available variables: \n * user - the current user\n * realm - the current realm\n * token - the current token\n * userSession - the current userSession\n * keycloakSession - the current userSession\n */\n\nvar ArrayList = Java.type(\"java.util.ArrayList\");\nvar fiware_scope = new ArrayList();\n\nvar forEach = Array.prototype.forEach;\n\nvar fiware_service;\nvar fiware_servicepath;\nvar fiware_entry;\nvar roles = '';\n\nvar orion_client = realm.getClientByClientId('orion-pep');\n\nfiware_service = user.getFirstAttribute('fiware-service');\nfiware_servicepath = user.getFirstAttribute('fiware-servicepath');\nif (fiware_service !== null && fiware_servicepath !== null) {\n\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n\n var roleModels = user.getClientRoleMappings(orion_client);\n if (roleModels.size() > 0) {\n forEach.call(\n user.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = {};\n}\n\nforEach.call(\n user.getGroups().toArray(),\n function (group) {\n\n fiware_service = group.getFirstAttribute('fiware-service');\n fiware_servicepath = group.getFirstAttribute('fiware-servicepath');\n if (fiware_service !== null && fiware_servicepath !== null) {\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n\n var roleModels = group.getClientRoleMappings(orion_client);\n if (roleModels.size() > 0) {\n forEach.call(\n group.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = {};\n } else if (group.getParentId() !== null) {\n fiware_service = group.getParent().getFirstAttribute('fiware-service');\n fiware_servicepath = group.getParent().getFirstAttribute('fiware-servicepath');\n\n if (fiware_service !== null && fiware_servicepath !== null) {\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n var subroleModels = group.getClientRoleMappings(orion_client);\n if (subroleModels.size() > 0) {\n forEach.call(\n group.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = '';\n }\n }\n }\n);\n\nexports = fiware_scope;" + } + } + ] + }, + { + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + } + ], + "defaultDefaultClientScopes": [ + "roles", + "role_list", + "email", + "web-origins", + "profile" + ], + "defaultOptionalClientScopes": [ + "microprofile-jwt", + "phone", + "address", + "offline_access" + ] + } + + + + diff --git a/examples/aws-garnet/scenario-2-deployment/yaml/values-dsc-awl-load-balancer-controller-scenario2.yaml b/examples/aws-garnet/scenario-2-deployment/yaml/values-dsc-awl-load-balancer-controller-scenario2.yaml new file mode 100644 index 0000000..e8ca6fb --- /dev/null +++ b/examples/aws-garnet/scenario-2-deployment/yaml/values-dsc-awl-load-balancer-controller-scenario2.yaml @@ -0,0 +1,1770 @@ +# should argo-cd applications be created? +argoApplications: false + + +#Sub-Chart configuration + +activation-service: + # Enable the deployment of application: activation-service + deploymentEnabled: true + + activation-service: + ## Configuration of activation service execution + activationService: + # -- Number of (gunicorn) workers that should be created + workers: 1 + # -- Maximum header size in bytes + maxHeaderSize: 32768 + # -- Log Level + logLevel: "debug" + + ## Add Ingress or OpenShift Route + route: + enabled: false + + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: ips-as.dsba.aws.fiware.io + paths: + - / + tls: + - hosts: + - ips-as.dsba.aws.fiware.io + secretName: as-ips-dsba-tls + + ## CCS config + ccs: + endpoint: "http://ips-dsc-credentials-config-service:8080/" + id: "ips-activation-service" + credentials: + - type: "VerifiableCredential" + trustedParticipantsLists: [ + "https://tir.dsba.fiware.dev" + ] + trustedIssuersLists: [ + "http://ips-dsc-trusted-issuers-list:8080" + ] + - type: "IpsActivationService" + trustedParticipantsLists: [ + "https://tir.dsba.fiware.dev" + ] + trustedIssuersLists: [ + "http://ips-dsc-trusted-issuers-list:8080" + ] + + ## AS config + config: + + # DB + db: + # -- Use sqlite in-memory database + useMemory: true + # -- Enable tracking of modifications + modTracking: false + # -- Enable SQL logging to stderr + echo: true + + # Configuration for additional API keys to protect certain endpoints + apikeys: + # Config for Trusted-Issuers-List flow + issuer: + # Header name + headerName: "AS-API-KEY" + # API key (auto-generated if left empty) + apiKey: "77ab4a67-ea3c-4348-98bd-2e9f0304bfb8" + # Enable for /issuer endpoint (API key will be required) + enabledIssuer: true + + issuer: + clientId: "ips-activation-service" + providerId: "did:web:ips.dsba.aws.fiware.io:did" + tilUri: "http://ips-dsc-trusted-issuers-list:8080" + verifierUri: "https://ips-verifier.dsba.aws.fiware.io" + samedevicePath: "/api/v1/samedevice" + jwksPath: "/.well-known/jwks" + algorithms: + - "ES256" + roles: + createRole: "CREATE_ISSUER" + updateRole: "UPDATE_ISSUER" + deleteRole: "DELETE_ISSUER" + +credentials-config-service: + # Enable the deployment of application: credentials-config-service + deploymentEnabled: true + + credentials-config-service: + + # Database config + database: + persistence: true + host: mysql-ips + name: ccs + + # Should use Secret in production environment + username: root + password: "dbPassword" + +dsba-pdp: + # Enable the deployment of application: dsba-pdp + deploymentEnabled: true + + dsba-pdp: + + # DB + db: + enabled: false + migrate: + enabled: false + + deployment: + # Log level + logLevel: DEBUG + + # iSHARE config + ishare: + existingSecret: ips-dsc-vcwaltid-tls-sec + + clientId: did:web:ips.dsba.aws.fiware.io:did + + # Initial list of fingerprints for trusted CAs. This will be overwritten + # after the first update from the trust anchor. + trustedFingerprints: + - D2F62092F982CF783D4632BD86FA86C3FBFDB2D8C8A58BC6809163FCF5CD030B + + ar: + id: "did:web:ips.dsba.aws.fiware.io:did" + delegationPath: "/ar/delegation" + tokenPath: "/oauth2/token" + url: "https://ar-ips.dsba.aws.fiware.io" + + trustAnchor: + id: "EU.EORI.FIWARESATELLITE" + tokenPath: "/token" + trustedListPath: "/trusted_list" + url: "https://tir.dsba.fiware.dev" + + # Verifier + trustedVerifiers: + - https://ips-verifier.dsba.aws.fiware.io/.well-known/jwks + + # Provider DID + providerId: "did:web:ips.dsba.aws.fiware.io:did" + + # ENVs + additionalEnvVars: + - name: ISHARE_CERTIFICATE_PATH + value: /iShare/tls.crt + - name: ISHARE_KEY_PATH + value: /iShare/tls.key + +kong: + # Enable the deployment of application: kong + deploymentEnabled: true + + kong: + replicaCount: 1 + + proxy: + enabled: true + tls: + enabled: false + + # Provide Ingress or Route config here + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + #ingressClassName: nginx + tls: kong-ips-dsba-tls + hostname: ips-kong.dsba.aws.fiware.io + route: + enabled: false + + # Provide the kong.yml configuration (either as existing CM, secret or directly in the values.yaml) + dblessConfig: + configMap: "" + secret: "" + config: | + _format_version: "2.1" + _transform: true + + consumers: + - username: token-consumer + keyauth_credentials: + - tags: + - token-key + - tir-key + + services: + - host: "psr8tihlz1.execute-api.eu-west-1.amazonaws.com" + name: "ips" + port: 443 + protocol: http + + routes: + - name: ips + paths: + - /ips + strip_path: true + + plugins: + - name: pep-plugin + config: + pathprefix: "/ips" + authorizationendpointtype: ExtAuthz + authorizationendpointaddress: http://ips-dsc-dsba-pdp:8080/authz + + - name: request-transformer + config: + remove: + headers: + - Authorization + - authorization + +mongodb: + # Enable the deployment of application: mongodb + deploymentEnabled: false + + mongodb: + + # DB Authorization + auth: + enabled: true + # Should use a Secret on production deployments + rootPassword: "dbPassword" + + # Required for permissions to PVC + podSecurityContext: + enabled: true + fsGroup: 1001 + containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsGroup: 0 + runAsNonRoot: true + + # Set resources + resources: + limits: + cpu: 200m + memory: 512Mi + + persistence: + enabled: true + size: 8Gi + +mysql: + # Enable the deployment of application: mysql + deploymentEnabled: true + + mysql: + fullnameOverride: mysql-ips + auth: + # Should use a Secret on production deployments + rootPassword: "dbPassword" + password: "dbPassword" + +orion-ld: + # Enable the deployment of application: orion-ld + deploymentEnabled: false + + orion: + + broker: + db: + auth: + user: root + password: "dbPassword" + mech: "SCRAM-SHA-1" + hosts: + - ips-dsc-mongodb + + initData: + initEnabled: true + hook: post-install + backoffLimit: 6 + entities: + - name: deliveryorder_happypets001.json + data: | + { + "id": "urn:ngsi-ld:DELIVERYORDER:HAPPYPETS001", + "type": "DELIVERYORDER", + "issuer": { + "type": "Property", + "value": "Happy Pets" + }, + "destinee": { + "type": "Property", + "value": "Happy Pets customer via IPS" + }, + "deliveryAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Berlin", + "addressLocality": "Berlin", + "postalCode": "12345", + "streetAddress": "Customer Strasse 23" + } + }, + "originAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Berlin", + "addressLocality": "Berlin", + "postalCode": "12345", + "streetAddress": "HappyPets Strasse 15" + } + }, + "pda": { + "type": "Property", + "value": "2021-10-03" + }, + "pta": { + "type": "Property", + "value": "14:00:00" + }, + "eda": { + "type": "Property", + "value": "2021-10-02" + }, + "eta": { + "type": "Property", + "value": "14:00:00" + }, + "@context": [ + "https://schema.lab.fiware.org/ld/context" + ] + } + + - name: deliveryorder_happypets002.json + data: | + { + "id": "urn:ngsi-ld:DELIVERYORDER:HAPPYPETS002", + "type": "DELIVERYORDER", + "issuer": { + "type": "Property", + "value": "Happy Pets" + }, + "destinee": { + "type": "Property", + "value": "Happy Pets 2nd customer via IPS" + }, + "deliveryAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Hamburg", + "addressLocality": "Hamburg", + "postalCode": "23456", + "streetAddress": "Customer Str. 19" + } + }, + "originAddress": { + "type": "Property", + "value": { + "addressCountry": "DE", + "addressRegion": "Berlin", + "addressLocality": "Berlin", + "postalCode": "12345", + "streetAddress": "HappyPets Strasse 15" + } + }, + "pda": { + "type": "Property", + "value": "2021-11-12" + }, + "pta": { + "type": "Property", + "value": "11:00:00" + }, + "eda": { + "type": "Property", + "value": "2021-11-12" + }, + "eta": { + "type": "Property", + "value": "11:00:00" + }, + "@context": [ + "https://schema.lab.fiware.org/ld/context" + ] + } + +postgres: + # Enable the deployment of application: postgres + deploymentEnabled: true + + postgresql: + + fullnameOverride: postgresql-ips + + auth: + # Should use a Secret for PWs on production deployments + # Credentials for Keycloak DB + username: keycloak + password: "dbPassword" + enablePostgresUser: true + + # Credentials for postgres admin user + postgresPassword: "dbRootPassword" + + # Init DB + primary: + initdb: + scripts: + create.sh: | + psql postgresql://postgres:${POSTGRES_POSTGRES_PASSWORD}@localhost:5432 -c "CREATE DATABASE keycloak_ips;" + +trusted-issuers-list: + # Enable the deployment of application: trusted-issuers-list + deploymentEnabled: true + + trusted-issuers-list: + + # Ingress + ingress: + til: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: til-ips.dsba.aws.fiware.io + tls: + - hosts: + - til-ips.dsba.aws.fiware.io + secretName: til-ips-dsba-til-tls + tir: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: tir-ips.dsba.aws.fiware.io + tls: + - hosts: + - tir-ips.dsba.aws.fiware.io + secretName: til-ips-dsba-tir-tls + + # Database config + database: + persistence: true + host: mysql-ips + name: til + + # Should use Secret in production environment + username: root + password: "dbPassword" + + # Init data + initData: + initEnabled: true + hook: post-install + backoffLimit: 6 + issuers: + - name: mp_create + issuer: + did: "did:web:marketplace.dsba.fiware.dev:did" + credentials: + - validFor: + from: "2022-07-21T17:32:28Z" + to: "2040-07-21T17:32:28Z" + credentialsType: "IpsActivationService" + claims: + - name: "roles" + allowedValues: + - - names: + - "CREATE_ISSUER" + target: "did:web:ips.dsba.aws.fiware.io:did" + - validFor: + from: "2022-07-21T17:32:28Z" + to: "2040-07-21T17:32:28Z" + credentialsType: "VerifiableCredential" + +vcwaltid: + # Enable the deployment of application: vcwaltid + deploymentEnabled: true + + # Organisation DID + did: did:web:ips.dsba.aws.fiware.io:did + ingress: + enabled: true + host: ips.dsba.aws.fiware.io + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + tls: + enabled: true + route: + enabled: false + + # Walt-id config + vcwaltid: + + # Persistence + persistence: + enabled: true + pvc: + size: 1Gi + + # List of templates to be created + templates: + GaiaXParticipantCredential.json: | + { + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://registry.lab.dsba.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#" + ], + "type": [ + "VerifiableCredential" + ], + "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", + "issuer": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", + "issuanceDate": "2023-03-21T12:00:00.148Z", + "credentialSubject": { + "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master", + "type": "gx:LegalParticipant", + "gx:legalName": "dsba compliant participant", + "gx:legalRegistrationNumber": { + "gx:vatID": "MYVATID" + }, + "gx:headquarterAddress": { + "gx:countrySubdivisionCode": "BE-BRU" + }, + "gx:legalAddress": { + "gx:countrySubdivisionCode": "BE-BRU" + }, + "gx-terms-and-conditions:gaiaxTermsAndConditions": "70c1d713215f95191a11d38fe2341faed27d19e083917bc8732ca4fea4976700" + } + } + NaturalPersonCredential.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "type": "gx:NaturalParticipant", + "familyName": "Happy", + "firstName": "User", + "roles": [{ + "names": ["LEGAL_REPRESENTATIVE"], + "target": "did:web:onboarding" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["VerifiableCredential", "LegalPersonCredential"] + } + MarketplaceUserCredential.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "type": "gx:NaturalParticipant", + "email": "normal-user@fiware.org", + "familyName": "IPS", + "firstName": "employee", + "lastName": "IPS", + "roles": [{ + "names": ["LEGAL_REPRESENTATIVE"], + "target": "did:web:onboarding" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["MarketplaceUserCredential"] + } + EmployeeCredential.json: | + { + "@context": ["https://www.w3.org/2018/credentials/v1"], + "credentialSchema": { + "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json", + "type": "FullJsonSchemaValidator2021" + }, + "credentialSubject": { + "type": "gx:NaturalParticipant", + "email": "normal-user@fiware.org", + "familyName": "IPS", + "firstName": "employee", + "lastName": "IPS", + "roles": [{ + "names": ["LEGAL_REPRESENTATIVE"], + "target": "did:web:onboarding" + }] + }, + "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4", + "issued": "2021-08-31T00:00:00Z", + "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN", + "validFrom": "2021-08-31T00:00:00Z", + "issuanceDate": "2021-08-31T00:00:00Z", + "type": ["EmployeeCredential"] + } + +verifier: + # Enable the deployment of application: verifier + deploymentEnabled: true + + vcverifier: + + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: ips-verifier.dsba.aws.fiware.io + paths: + - / + tls: + - hosts: + - ips-verifier.dsba.aws.fiware.io + secretName: verifier-ips-dsba-tls + + deployment: + + # Logging + logging: + level: DEBUG + pathsToSkip: + - "/health" + + # Walt-id config + ssikit: + auditorUrl: http://ips-dsc-vcwaltid:7003 + + # Verifier config + verifier: + # URL endpoint of data space trusted issuers registry + tirAddress: https://tir.dsba.fiware.dev/v3/issuers + # DID of organisation + did: did:web:ips.dsba.aws.fiware.io:did + + # Config service + configRepo: + configEndpoint: http://ips-dsc-credentials-config-service:8080/ + + +keyrock: + # Enable the deployment of application: keyrock + deploymentEnabled: true + + keyrock: + fullnameOverride: keyrock-ips + + # DB config + db: + user: root + password: "dbPassword" + host: mysql-ips + + # Admin user to be created + admin: + user: admin + password: "admin" + email: admin@fiware.org + + # External hostname of Keyrock + host: https://ar-ips.dsba.aws.fiware.io + + # Ingress + ingress: + enabled: true + annotations: + cert-manager.io/cluster-issuer: letsencrypt-fiware-eks + kubernetes.io/ingress.class: nginx + hosts: + - host: ar-ips.dsba.aws.fiware.io + paths: + - / + tls: + - hosts: + - ar-ips.dsba.aws.fiware.io + secretName: ar-ips-dsba-tls + + ## Theme configuration for Keyrock + theme: + ## -- Enable theme + enabled: false + + ## Configuration of Authorisation Registry (AR) + authorisationRegistry: + # -- Enable usage of authorisation registry + enabled: true + # -- Identifier (EORI) of AR + identifier: "did:web:ips.dsba.aws.fiware.io:did" + # -- URL of AR + url: "internal" + + ## Configuration of iSHARE Satellite + satellite: + # -- Enable usage of satellite + enabled: true + # -- Identifier (EORI) of satellite + identifier: "EU.EORI.FIWARESATELLITE" + # -- URL of satellite + url: "https://tir.dsba.fiware.dev" + # -- Token endpoint of satellite + tokenEndpoint: "https://tir.dsba.fiware.dev/token" + # -- Parties endpoint of satellite + partiesEndpoint: "https://tir.dsba.fiware.dev/parties" + + ## -- Configuration of local key and certificate for validation and generation of tokens + token: + # -- Enable storage of local key and certificate + enabled: false + + # ENV variables for Keyrock + additionalEnvVars: + - name: IDM_TITLE + value: "IPS AR" + - name: IDM_DEBUG + value: "true" + - name: DEBUG + value: "*" + - name: IDM_DB_NAME + value: ar_idm_ips + - name: IDM_DB_SEED + value: "true" + - name: IDM_SERVER_MAX_HEADER_SIZE + value: "32768" + - name: IDM_PR_CLIENT_ID + value: "did:web:ips.dsba.aws.fiware.io:did" + - name: IDM_PR_CLIENT_KEY + valueFrom: + secretKeyRef: + name: ips-dsc-vcwaltid-tls-sec + key: tls.key + - name: IDM_PR_CLIENT_CRT + valueFrom: + secretKeyRef: + name: ips-dsc-vcwaltid-tls-sec + key: tls.crt + + # Init data + initData: + initEnabled: true + hook: post-install + backoffLimit: 6 + command: + - /bin/sh + - /scripts/create.sh + volumeMount: + name: scripts + mountPath: /scripts + env: + - name: DB_PASSWORD + value: "dbPassword" + scriptData: + create.sh: |- + mysql -h mysql-ips -u root -p$DB_PASSWORD ar_idm_ips <IPS Keycloak", + "enabled": true, + "attributes": { + "frontendUrl": "https://ips-kc.dsba.aws.fiware.io" + }, + "sslRequired": "none", + "roles": { + "realm": [ + { + "name": "user", + "description": "User privileges", + "composite": false, + "clientRole": false, + "containerId": "fiware-server", + "attributes": {} + } + ], + "client": { + "did:web:onboarding.dsba.fiware.dev:did": [ + { + "name": "LEGAL_REPRESENTATIVE", + "description": "Is allowed to register participants", + "clientRole": true + }, + { + "name": "EMPLOYEE", + "description": "Is allowed to see participants", + "clientRole": true + } + ], + "did:web:marketplace.dsba.fiware.dev:did": [ + { + "name": "customer", + "description": "Is allowed to buy.", + "clientRole": true + }, + { + "name": "seller", + "description": "Is allowed to offer.", + "clientRole": true + } + ], + "did:web:ips.dsba.aws.fiware.io:did": [ + { + "name": "STANDARD_CUSTOMER", + "description": "User to access IPS with read access", + "clientRole": true + }, + { + "name": "GOLD_CUSTOMER", + "description": "User to access IPS with read/write access", + "clientRole": true + } + ] + } + }, + "groups": [ + { + "name": "admin", + "path": "/admin", + "realmRoles": [ + "user" + ] + }, + { + "name": "consumer", + "path": "/consumer", + "realmRoles": [ + "user" + ] + } + ], + "users": [ + { + "username": "the-lear", + "enabled": true, + "email": "lear@ips.org", + "credentials": [ + { + "type": "password", + "value": "the-lear" + } + ], + "clientRoles": { + "did:web:onboarding.dsba.fiware.dev:did": [ + "LEGAL_REPRESENTATIVE", + "EMPLOYEE" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/admin", + "/consumer" + ] + }, + { + "username": "legal-representative", + "enabled": true, + "email": "legal-representative@ips.org", + "firstName": "Legal", + "lastName": "IPSEmployee", + "credentials": [ + { + "type": "password", + "value": "legal-representative" + } + ], + "clientRoles": { + "did:web:marketplace.dsba.fiware.dev:did" : [ + "customer", + "seller" + ], + "did:web:onboarding.dsba.fiware.dev:did": [ + "LEGAL_REPRESENTATIVE" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/admin", + "/consumer" + ] + }, + { + "username": "standard-employee", + "enabled": true, + "email": "standard-employee@ips.org", + "credentials": [ + { + "type": "password", + "value": "standard-employee" + } + ], + "clientRoles": { + "did:web:onboarding.dsba.fiware.dev:did": [ + "EMPLOYEE" + ], + "did:web:ips.dsba.aws.fiware.io:did": [ + "GOLD_CUSTOMER" + ], + "account": [ + "view-profile", + "manage-account" + ] + }, + "groups": [ + "/consumer" + ] + } + ], + "clients": [ + { + "clientId": "did:web:ips.dsba.aws.fiware.io:did", + "enabled": true, + "description": "Client for internal users", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_EmployeeCredential": "ldp_vc,jwt_vc_json", + "EmployeeCredential_claims": "email,firstName,familyName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "clientId": "did:web:marketplace.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to connect to the marketplace", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_MarketplaceUserCredential": "ldp_vc,jwt_vc_json", + "MarketplaceUserCredential_claims": "email,firstName,lastName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "clientId": "did:web:onboarding.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to connect the onboarding service at portal.dsba.fiware.dev", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_NaturalPersonCredential": "ldp_vc,jwt_vc_json", + "vctypes_GaiaXParticipantCredential": "ldp_vc,jwt_vc_json", + "vc_subjectDid": "did:web:packetdelivery.dsba.fiware.dev:did", + "vc_gx:legalName": "Packet Delivery Company Inc.", + "GaiaXParticipantCredential_claims": "subjectDid,gx:legalName", + "NaturalPersonCredential_claims": "email,firstName,familyName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + }, + { + "clientId": "did:web:marketplace.dsba.fiware.dev:did", + "enabled": true, + "description": "Client to connect to the marketplace", + "surrogateAuthRequired": false, + "alwaysDisplayInConsole": false, + "clientAuthenticatorType": "client-secret", + "defaultRoles": [], + "redirectUris": [], + "webOrigins": [], + "notBefore": 0, + "bearerOnly": false, + "consentRequired": false, + "standardFlowEnabled": true, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": false, + "frontchannelLogout": false, + "protocol": "SIOP-2", + "attributes": { + "client.secret.creation.time": "1675260539", + "expiryInMin": "3600", + "vctypes_MarketplaceUserCredential": "ldp_vc,jwt_vc_json", + "MarketplaceUserCredential_claims": "email,firstName,lastName,roles" + }, + "authenticationFlowBindingOverrides": {}, + "fullScopeAllowed": true, + "nodeReRegistrationTimeout": -1, + "defaultClientScopes": [], + "optionalClientScopes": [] + } + ], + "clientScopes": [ + { + "name": "fiware-scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "name": "fiware-scope-object", + "protocol": "openid-connect", + "protocolMapper": "oidc-script-based-protocol-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "multivalued": "true", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "fiware-scope-object", + "script": "/**\n * Available variables: \n * user - the current user\n * realm - the current realm\n * token - the current token\n * userSession - the current userSession\n * keycloakSession - the current userSession\n */\n\nvar ArrayList = Java.type(\"java.util.ArrayList\");\nvar fiware_scope = new ArrayList();\n\nvar forEach = Array.prototype.forEach;\n\nvar fiware_service;\nvar fiware_servicepath;\nvar fiware_entry;\nvar roles = '';\n\nvar orion_client = realm.getClientByClientId('orion-pep');\n\nfiware_service = user.getFirstAttribute('fiware-service');\nfiware_servicepath = user.getFirstAttribute('fiware-servicepath');\nif (fiware_service !== null && fiware_servicepath !== null) {\n\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n\n var roleModels = user.getClientRoleMappings(orion_client);\n if (roleModels.size() > 0) {\n forEach.call(\n user.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = {};\n}\n\nforEach.call(\n user.getGroups().toArray(),\n function (group) {\n\n fiware_service = group.getFirstAttribute('fiware-service');\n fiware_servicepath = group.getFirstAttribute('fiware-servicepath');\n if (fiware_service !== null && fiware_servicepath !== null) {\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n\n var roleModels = group.getClientRoleMappings(orion_client);\n if (roleModels.size() > 0) {\n forEach.call(\n group.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = {};\n } else if (group.getParentId() !== null) {\n fiware_service = group.getParent().getFirstAttribute('fiware-service');\n fiware_servicepath = group.getParent().getFirstAttribute('fiware-servicepath');\n\n if (fiware_service !== null && fiware_servicepath !== null) {\n fiware_entry = {\n \"fiware-service\": fiware_service,\n \"fiware-servicepath\": fiware_servicepath\n };\n var subroleModels = group.getClientRoleMappings(orion_client);\n if (subroleModels.size() > 0) {\n forEach.call(\n group.getClientRoleMappings(orion_client).toArray(),\n function (role) {\n roles = roles + role.getName() + \",\";\n }\n );\n roles = roles.substring(0, roles.length - 1);\n fiware_entry[\"orion-roles\"] = roles;\n roles = '';\n }\n\n fiware_scope.add(JSON.stringify(fiware_entry));\n fiware_entry = '';\n }\n }\n }\n);\n\nexports = fiware_scope;" + } + } + ] + }, + { + "name": "offline_access", + "description": "OpenID Connect built-in scope: offline_access", + "protocol": "openid-connect", + "attributes": { + "consent.screen.text": "${offlineAccessScopeConsentText}", + "display.on.consent.screen": "true" + } + }, + { + "name": "microprofile-jwt", + "description": "Microprofile - JWT built-in scope", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "false" + }, + "protocolMappers": [ + { + "name": "upn", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "upn", + "jsonType.label": "String" + } + }, + { + "name": "groups", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "multivalued": "true", + "user.attribute": "foo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "groups", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "roles", + "description": "OpenID Connect scope for add user roles to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "true", + "consent.screen.text": "${rolesScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "audience resolve", + "protocol": "openid-connect", + "protocolMapper": "oidc-audience-resolve-mapper", + "consentRequired": false, + "config": {} + }, + { + "name": "client roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "resource_access.${client_id}.roles", + "jsonType.label": "String", + "multivalued": "true" + } + }, + { + "name": "realm roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-realm-role-mapper", + "consentRequired": false, + "config": { + "user.attribute": "foo", + "access.token.claim": "true", + "claim.name": "realm_access.roles", + "jsonType.label": "String", + "multivalued": "true" + } + } + ] + }, + { + "name": "email", + "description": "OpenID Connect built-in scope: email", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${emailScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "email", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "email", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email", + "jsonType.label": "String" + } + }, + { + "name": "email verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "emailVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "email_verified", + "jsonType.label": "boolean" + } + } + ] + }, + { + "name": "phone", + "description": "OpenID Connect built-in scope: phone", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${phoneScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "phone number verified", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumberVerified", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number_verified", + "jsonType.label": "boolean" + } + }, + { + "name": "phone number", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "phoneNumber", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "phone_number", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "address", + "description": "OpenID Connect built-in scope: address", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${addressScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "address", + "protocol": "openid-connect", + "protocolMapper": "oidc-address-mapper", + "consentRequired": false, + "config": { + "user.attribute.formatted": "formatted", + "user.attribute.country": "country", + "user.attribute.postal_code": "postal_code", + "userinfo.token.claim": "true", + "user.attribute.street": "street", + "id.token.claim": "true", + "user.attribute.region": "region", + "access.token.claim": "true", + "user.attribute.locality": "locality" + } + } + ] + }, + { + "name": "role_list", + "description": "SAML role list", + "protocol": "saml", + "attributes": { + "consent.screen.text": "${samlRoleListScopeConsentText}", + "display.on.consent.screen": "true" + }, + "protocolMappers": [ + { + "name": "role list", + "protocol": "saml", + "protocolMapper": "saml-role-list-mapper", + "consentRequired": false, + "config": { + "single": "false", + "attribute.nameformat": "Basic", + "attribute.name": "Role" + } + } + ] + }, + { + "name": "profile", + "description": "OpenID Connect built-in scope: profile", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "true", + "display.on.consent.screen": "true", + "consent.screen.text": "${profileScopeConsentText}" + }, + "protocolMappers": [ + { + "name": "zoneinfo", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "zoneinfo", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "zoneinfo", + "jsonType.label": "String" + } + }, + { + "name": "nickname", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "nickname", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "nickname", + "jsonType.label": "String" + } + }, + { + "name": "profile", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "profile", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "profile", + "jsonType.label": "String" + } + }, + { + "name": "full name", + "protocol": "openid-connect", + "protocolMapper": "oidc-full-name-mapper", + "consentRequired": false, + "config": { + "id.token.claim": "true", + "access.token.claim": "true", + "userinfo.token.claim": "true" + } + }, + { + "name": "birthdate", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "birthdate", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "birthdate", + "jsonType.label": "String" + } + }, + { + "name": "family name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "lastName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "family_name", + "jsonType.label": "String" + } + }, + { + "name": "picture", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "picture", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "picture", + "jsonType.label": "String" + } + }, + { + "name": "website", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "website", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "website", + "jsonType.label": "String" + } + }, + { + "name": "locale", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "locale", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "locale", + "jsonType.label": "String" + } + }, + { + "name": "username", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "username", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "preferred_username", + "jsonType.label": "String" + } + }, + { + "name": "given name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "firstName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "given_name", + "jsonType.label": "String" + } + }, + { + "name": "updated at", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "updatedAt", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "updated_at", + "jsonType.label": "String" + } + }, + { + "name": "middle name", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "middleName", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "middle_name", + "jsonType.label": "String" + } + }, + { + "name": "gender", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-attribute-mapper", + "consentRequired": false, + "config": { + "userinfo.token.claim": "true", + "user.attribute": "gender", + "id.token.claim": "true", + "access.token.claim": "true", + "claim.name": "gender", + "jsonType.label": "String" + } + } + ] + }, + { + "name": "web-origins", + "description": "OpenID Connect scope for add allowed web origins to the access token", + "protocol": "openid-connect", + "attributes": { + "include.in.token.scope": "false", + "display.on.consent.screen": "false", + "consent.screen.text": "" + }, + "protocolMappers": [ + { + "name": "allowed web origins", + "protocol": "openid-connect", + "protocolMapper": "oidc-allowed-origins-mapper", + "consentRequired": false, + "config": {} + } + ] + } + ], + "defaultDefaultClientScopes": [ + "roles", + "role_list", + "email", + "web-origins", + "profile" + ], + "defaultOptionalClientScopes": [ + "microprofile-jwt", + "phone", + "address", + "offline_access" + ] + } + + + + diff --git a/examples/service-provider-ips/values-dsc.yaml b/examples/service-provider-ips/values-dsc.yaml index e201636..c412c5b 100644 --- a/examples/service-provider-ips/values-dsc.yaml +++ b/examples/service-provider-ips/values-dsc.yaml @@ -1768,14 +1768,22 @@ keycloak: contract-management: # Enable the deployment of application: contract-management deploymentEnabled: true - til: - ## Type of Verifiable Credential necessary for accessing the service - credentialType: VerifiableCredential - ## Claims with permissions granted to given Verifiable Credential - claims: - ## DID of the target service that is requiring the permissions - - target: "did:web:ips.dsba.aws.fiware.io:did" - ## Roles that are added/allowed for the given service - roles: - - STANDARD_CUSTOMER - - GOLD_CUSTOMER \ No newline at end of file + contract-management: + til: + ## Type of Verifiable Credential necessary for accessing the service + credentialType: VerifiableCredential + ## Claims with permissions granted to given Verifiable Credential + claims: + ## DID of the target service that is requiring the permissions + - target: "did:web:ips.dsba.aws.fiware.io:did" + ## Roles that are added/allowed for the given service + roles: + - STANDARD_CUSTOMER + - GOLD_CUSTOMER + services: + product: + url: http://ips-dsc-tm-forum-api-envoy:8080 + party: + url: http://ips-dsc-tm-forum-api-envoy:8080 + til: + url: http://ips-dsc-trusted-issuers-list:8080 \ No newline at end of file