From 4739a4d197d542d13691f22f8fe029da735977b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Oct 2023 06:20:15 +0000 Subject: [PATCH 01/62] chore(deps): bump docker/login-action from 2 to 3 Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/trivy.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 383efad5..7b72a002 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -95,7 +95,7 @@ jobs: # Enable deployment access (on main branch and version tags only) - name: Login to GitHub Container Registry if: ${{ ( github.event.inputs.deploy_docker == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ steps.set-docker-repo.outputs.REGISTRY }} # Use existing DockerHub credentials present as secrets diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 65dd737a..f0d2edad 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -104,7 +104,7 @@ jobs: # Enable repository access (on main branch and version tags only) - name: Login to GitHub Container Registry if: ${{ ( github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/v')) }} - uses: docker/login-action@v2 + uses: docker/login-action@v3 with: registry: ${{ steps.set-docker-repo.outputs.REGISTRY }} # Use existing DockerHub credentials present as secrets From 56d06618b2d7966c29f2db70a52ead7b3cad8cfd Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 19 Oct 2023 16:53:29 +0200 Subject: [PATCH 02/62] feat: first try to upgrade to current versions of EDC and Jena. --- pom.xml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/pom.xml b/pom.xml index 4a300368..8fb1ce65 100644 --- a/pom.xml +++ b/pom.xml @@ -37,24 +37,24 @@ 11 false - 5.9.3 + 5.10.0 5.4.0 - 0.5.0 - 0.1.3 + 0.6.0-rc1 + 0.3.1 3.3.2 4.11.0 3.4.0 - 2.0.7 + 2.0.9 3.1.0 3.0.2 - 9.31 + 9.35 4.0.1 5.0.2 - 4.8.0 - 1.9.1 - 4.6.2 - 2.0 - 2.4.11 + 4.9.0 + 1.10.1 + 4.6.5 + 2.2 + 2.5.0 UTF-8 From fb587a3bae8fa0b5606b063bef993f9ded6a20de Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 20 Oct 2023 08:52:39 +0200 Subject: [PATCH 03/62] feat: Adapt location of shaded google collections. Adapt to changes in the EDC dataaddress interface. --- .../java/org/eclipse/tractusx/agents/edc/TupleSet.java | 4 ++-- .../tractusx/agents/edc/http/transfer/AgentSource.java | 2 +- .../edc/http/transfer/AgentSourceHttpParamsDecorator.java | 8 ++++---- .../agents/edc/sparql/DataspaceServiceExecutor.java | 2 +- .../tractusx/agents/edc/sparql/SparqlQueryProcessor.java | 8 +++++--- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java index 1994da6a..12dac8de 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java @@ -23,7 +23,7 @@ import java.util.List; import java.util.Set; -import org.apache.jena.ext.com.google.common.collect.ArrayListMultimap; +import com.github.jsonldjava.shaded.com.google.common.collect.ArrayListMultimap; /** * Implementation of a compact representation of @@ -33,7 +33,7 @@ */ public class TupleSet { - ArrayListMultimap bindings=ArrayListMultimap.create(); + ArrayListMultimap bindings= ArrayListMultimap.create(); List explodes=new ArrayList<>(); /** diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java index 2cf2848f..75e9af59 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java @@ -85,7 +85,7 @@ protected StreamResult> openMatchmaking() { // Agent call, we translate from KA-MATCH to KA-TRANSFER String skill=null; String graph=null; - String asset= request.getSourceDataAddress().getProperties().get(AgentSourceHttpParamsDecorator.ASSET_PROP_ID); + String asset= String.valueOf(request.getSourceDataAddress().getProperties().get(AgentSourceHttpParamsDecorator.ASSET_PROP_ID)); if(asset!=null && asset.length() > 0) { Matcher graphMatcher= AgentExtension.GRAPH_PATTERN.matcher(asset); if(graphMatcher.matches()) { diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java index 9dcf7a7d..695814ee 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java @@ -141,13 +141,13 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre Map> queryParams=parseParams("?"+getRequestQueryParams(address,request)); if(isTransferRequest(request)) { - if(!address.getProperty(BASE_URL).endsWith(SLASH)) { - params.baseUrl(address.getProperty(BASE_URL)+SLASH); + if(!address.getStringProperty(BASE_URL).endsWith(SLASH)) { + params.baseUrl(address.getStringProperty(BASE_URL)+SLASH); } } else { // we need to annotate the base url "pure" because we do not directly hit the endpoint params.baseUrl("https://w3id.org/catenax"); - params.header(DataspaceServiceExecutor.TARGET_URL_SYMBOL.getSymbol(), address.getProperty(BASE_URL)); + params.header(DataspaceServiceExecutor.TARGET_URL_SYMBOL.getSymbol(), address.getStringProperty(BASE_URL)); // there is the case where a KA-BIND protocol call is // one-to-one routed through the transfer plane ... in which case @@ -165,7 +165,7 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre queryParams.remove(QUERY_PARAM); mergeParams(queryParams,bodyParams); } - String accept=address.getProperty(ACCEPT_HEADER,null); + String accept=address.getStringProperty(ACCEPT_HEADER,null); List cxAccepts=queryParams.getOrDefault(CX_ACCEPT_PARAM,List.of()); queryParams.remove(CX_ACCEPT_PARAM); if(accept==null) { diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java index cbc34cf4..1e8ae6ee 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java @@ -323,7 +323,7 @@ public QueryIterator createExecution(OpService opOriginal, String serviceURL, Se } } // the asset type should be annotated in the rdf type property - assetType=endpoint.getProperties().getOrDefault("http://www.w3.org/1999/02/22-rdf-syntax-ns#type",assetType); + assetType=String.valueOf(endpoint.getProperties().getOrDefault("http://www.w3.org/1999/02/22-rdf-syntax-ns#type",assetType)); // put the endpoint information into a new service operator // and cater for the EDC public api slash problem diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java index bb1499e8..4e200d85 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java @@ -189,7 +189,7 @@ protected void executeAction(AgentHttpAction action) { * @param targetProperties a set of address properties of the asset to invoke * @return simulated ok response */ - public Response execute(Request request, String skill, String graph, Map targetProperties) { + public Response execute(Request request, String skill, String graph, Map targetProperties) { // wrap jakarta into java.servlet HttpServletContextAdapter contextAdapter=new HttpServletContextAdapter(request); @@ -208,12 +208,14 @@ public Response execute(Request request, String skill, String graph, Map Date: Fri, 20 Oct 2023 09:06:29 +0200 Subject: [PATCH 04/62] feat: upgrade okio to non-vulnerable version. remove jakarata validation test dependency. --- agent-plane/agent-plane-protocol/pom.xml | 6 ------ pom.xml | 3 +-- 2 files changed, 1 insertion(+), 8 deletions(-) diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 5e6f4667..0290a35e 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -343,12 +343,6 @@ mockito-core test - - jakarta.validation - jakarta.validation-api - ${jakarta.validation.version} - test - org.eclipse.edc jersey-core diff --git a/pom.xml b/pom.xml index 8fb1ce65..eeee511c 100644 --- a/pom.xml +++ b/pom.xml @@ -43,10 +43,9 @@ 0.3.1 3.3.2 4.11.0 - 3.4.0 + 3.6.0 2.0.9 3.1.0 - 3.0.2 9.35 4.0.1 5.0.2 From d355e6a6409c9df45ed1e911ce9906cc382fd49b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Nov 2023 23:02:28 +0000 Subject: [PATCH 05/62] chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.1 Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.4.0 to 2.6.1. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/v2.4.0...v2.6.1) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/helm-chart-lint.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index b84b03d3..698abe9f 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -71,7 +71,7 @@ jobs: python-version: 3.9 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed From 0204a1c3b080e3643eed16b90316eb9b01c6d06a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 Nov 2023 22:55:59 +0000 Subject: [PATCH 06/62] chore(deps): bump org.junit:junit-bom from 5.9.3 to 5.10.1 Bumps [org.junit:junit-bom](https://github.com/junit-team/junit5) from 5.9.3 to 5.10.1. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.9.3...r5.10.1) --- updated-dependencies: - dependency-name: org.junit:junit-bom dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 4a300368..a4b6fdcb 100644 --- a/pom.xml +++ b/pom.xml @@ -37,7 +37,7 @@ 11 false - 5.9.3 + 5.10.1 5.4.0 0.5.0 0.1.3 From e8b99daac9c92c2e883a4fe257b2eca6ee0bef3e Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 9 Nov 2023 16:45:26 +0100 Subject: [PATCH 07/62] fix: adapt aws netty lib to match the EDC awssdk dependency. --- agent-plane/agent-plane-protocol/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 0290a35e..630c5cbf 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -304,7 +304,7 @@ software.amazon.awssdk netty-nio-client - 2.20.94 + 2.20.153 runtime From f76ab27279239d8f957c2a914c30aee60cd2846f Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 9 Nov 2023 17:02:44 +0100 Subject: [PATCH 08/62] fix: upgrade docker image and opentelemetry versions. flexibilize remote service addressing. --- .../eclipse/tractusx/agents/edc/http/DelegationService.java | 6 ++++++ .../agentplane-azure-vault/src/main/docker/Dockerfile | 4 ++-- agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile | 4 ++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationService.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationService.java index abec6318..9ff88a6d 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationService.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationService.java @@ -90,6 +90,12 @@ public DelegationResponse executeQueryRemote(String remoteUrl, String skill, Str if(serviceDenyPattern.matcher(remoteUrl).matches()) { return new DelegationResponse( HttpUtils.respond(monitor,headers, HttpStatus.SC_FORBIDDEN,String.format("Service %s matches the denied service pattern %s",remoteUrl,serviceDenyPattern.pattern()),null)); } + // replace edc addresses with their real underlying protocol + if (remoteUrl.startsWith("edc://")) { + remoteUrl="http://"+remoteUrl.substring(6); + } else if (remoteUrl.startsWith("edcs://")) { + remoteUrl="https://"+remoteUrl.substring(7); + } String asset = skill != null ? skill : graph; EndpointDataReference endpoint = agreementController.get(asset); if(endpoint==null) { diff --git a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile index e58f62ef..f73ef443 100644 --- a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile +++ b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile @@ -16,9 +16,9 @@ # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.18.2 AS otel +FROM alpine:3.18.4 AS otel -ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" +ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.27.0/opentelemetry-javaagent.jar" HEALTHCHECK NONE diff --git a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile index 54f0b768..872b277b 100644 --- a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile +++ b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile @@ -15,9 +15,9 @@ # # SPDX-License-Identifier: Apache-2.0 -FROM alpine:3.18.2 AS otel +FROM alpine:3.18.4 AS otel -ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.12.1/opentelemetry-javaagent.jar" +ENV OTEL_AGENT_LOCATION "https://github.com/open-telemetry/opentelemetry-java-instrumentation/releases/download/v1.27.0/opentelemetry-javaagent.jar" HEALTHCHECK NONE From 7f541e6b43f5c85f139173cc25d9c217368941f4 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 13 Feb 2024 15:12:24 +0100 Subject: [PATCH 09/62] feat: upgrade version and get tests to run --- .github/workflows/build.yml | 4 +-- agent-plane/README.md | 4 +-- agent-plane/agent-plane-protocol/README.md | 2 +- agent-plane/agent-plane-protocol/pom.xml | 2 +- .../eclipse/tractusx/agents/edc/TupleSet.java | 3 +-- .../JakartaServletInputStreamAdapter.java | 5 ++-- .../JakartaServletOutputStreamAdapter.java | 5 ++-- .../agents/edc/http/transfer/AgentSource.java | 5 ++++ .../edc/http/transfer/AgentSourceFactory.java | 2 +- .../AgentSourceHttpParamsDecorator.java | 2 +- .../AgentSourceRequestParamsSupplier.java | 6 ++--- .../agents/edc/MockAgreementController.java | 2 +- .../service/TestDataspaceSynchronizer.java | 4 +-- agent-plane/agentplane-azure-vault/README.md | 2 +- agent-plane/agentplane-azure-vault/pom.xml | 2 +- agent-plane/agentplane-hashicorp/README.md | 4 +-- agent-plane/agentplane-hashicorp/pom.xml | 2 +- agent-plane/pom.xml | 2 +- charts/agent-connector-azure-vault/Chart.yaml | 4 +-- charts/agent-connector-azure-vault/README.md | 4 +-- charts/agent-connector-memory/Chart.yaml | 4 +-- charts/agent-connector-memory/README.md | 4 +-- charts/agent-connector/Chart.yaml | 4 +-- charts/agent-connector/README.md | 4 +-- common/README.md | 2 +- common/auth-jwt/README.md | 2 +- common/auth-jwt/pom.xml | 2 +- docs/README.md | 6 ++--- pom.xml | 26 ++++++++++--------- upgrade_version.sh | 2 +- 30 files changed, 63 insertions(+), 59 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2aa80fa2..c13a11ad 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -137,7 +137,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.11.16-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.12.17-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Hashicorp Container Build and push @@ -175,7 +175,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.11.16-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.12.17-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Azure Vault Container Build and push diff --git a/agent-plane/README.md b/agent-plane/README.md index ead45cea..9c3beba9 100644 --- a/agent-plane/README.md +++ b/agent-plane/README.md @@ -66,10 +66,10 @@ mvn package -Pwith-docker-image Alternatively, after a successful build, you can invoke docker yourself ```console -docker build -t tractusx/agentplane-azure-vault:1.11.16-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-azure-vault:1.12.17-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile . ``` ```console -docker build -t tractusx/agentplane-hashicorp:1.11.16-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-hashicorp:1.12.17-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile . ``` diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md index a15690e1..02487cef 100644 --- a/agent-plane/agent-plane-protocol/README.md +++ b/agent-plane/agent-plane-protocol/README.md @@ -63,7 +63,7 @@ Add the following dependency to your data-plane artifact pom: org.eclipse.tractusx.agents.edc agent-plane-protocol - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ``` diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index bbb143c3..5506ab8a 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ../pom.xml diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java index 42aa9e2a..7184ee75 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/TupleSet.java @@ -16,7 +16,7 @@ // SPDX-License-Identifier: Apache-2.0 package org.eclipse.tractusx.agents.edc; -import org.apache.jena.ext.com.google.common.collect.ArrayListMultimap; +import com.github.jsonldjava.shaded.com.google.common.collect.ArrayListMultimap; import java.util.ArrayList; import java.util.Arrays; @@ -25,7 +25,6 @@ import java.util.List; import java.util.Set; -import com.github.jsonldjava.shaded.com.google.common.collect.ArrayListMultimap; /** * Implementation of a compact representation of diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java index 310cc12f..cf18eac9 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletInputStreamAdapter.java @@ -18,7 +18,6 @@ import jakarta.servlet.ServletInputStream; import org.eclipse.edc.spi.monitor.Monitor; -import org.jetbrains.annotations.NotNull; import java.io.IOException; import javax.servlet.ReadListener; @@ -68,12 +67,12 @@ public int read() throws IOException { } @Override - public int read(byte @NotNull [] buf) throws IOException { + public int read(byte[] buf) throws IOException { return jakartaDelegate.read(buf); } @Override - public int read(byte @NotNull [] b, int off, int len) throws IOException { + public int read(byte[] b, int off, int len) throws IOException { return jakartaDelegate.read(b, off, len); } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java index 127bbccf..b01ee96a 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/JakartaServletOutputStreamAdapter.java @@ -18,7 +18,6 @@ import jakarta.servlet.ServletOutputStream; import org.eclipse.edc.spi.monitor.Monitor; -import org.jetbrains.annotations.NotNull; import java.io.IOException; import javax.servlet.WriteListener; @@ -63,12 +62,12 @@ public void write(int b) throws IOException { } @Override - public void write(byte @NotNull [] b) throws IOException { + public void write(byte[] b) throws IOException { jakartaDelegate.write(b); } @Override - public void write(byte @NotNull [] b, int off, int len) throws IOException { + public void write(byte[] b, int off, int len) throws IOException { jakartaDelegate.write(b, off, len); } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java index 1bc7a07e..345c3b92 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java @@ -141,6 +141,11 @@ public String toString() { return String.format("AgentSource(%s,%s)", requestId, name); } + @Override + public void close() throws Exception { + + } + /** * the agent source builder */ diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java index 5cd0f203..d60508e4 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java @@ -17,10 +17,10 @@ package org.eclipse.tractusx.agents.edc.http.transfer; import org.eclipse.edc.connector.dataplane.http.params.HttpRequestFactory; +import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress; import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSource; import org.eclipse.edc.spi.http.EdcHttpClient; import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.types.domain.HttpDataAddress; import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; import org.eclipse.tractusx.agents.edc.AgentProtocol; import org.eclipse.tractusx.agents.edc.SkillStore; diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java index b1c730d4..29b5ea90 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java @@ -16,11 +16,11 @@ // SPDX-License-Identifier: Apache-2.0 package org.eclipse.tractusx.agents.edc.http.transfer; +import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress; import org.eclipse.edc.connector.dataplane.http.spi.HttpParamsDecorator; import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams; import org.eclipse.edc.spi.EdcException; import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.types.domain.HttpDataAddress; import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; import org.eclipse.tractusx.agents.edc.AgentConfig; import org.eclipse.tractusx.agents.edc.http.HttpUtils; diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java index 6cd8c271..41b61253 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java @@ -18,13 +18,13 @@ import org.eclipse.edc.connector.dataplane.http.params.decorators.BaseCommonHttpParamsDecorator; import org.eclipse.edc.connector.dataplane.http.params.decorators.BaseSinkHttpParamsDecorator; +import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress; import org.eclipse.edc.connector.dataplane.http.spi.HttpParamsDecorator; import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams; import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParamsProvider; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.types.TypeManager; -import org.eclipse.edc.spi.types.domain.HttpDataAddress; import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; import org.eclipse.tractusx.agents.edc.AgentConfig; @@ -83,7 +83,7 @@ public void registerSinkDecorator(HttpParamsDecorator decorator) { @Override public HttpRequestParams provideSourceParams(DataFlowRequest request) { HttpRequestParams.Builder params = HttpRequestParams.Builder.newInstance(); - HttpDataAddress address = org.eclipse.edc.spi.types.domain.HttpDataAddress.Builder.newInstance().copyFrom(request.getSourceDataAddress()).build(); + HttpDataAddress address = HttpDataAddress.Builder.newInstance().copyFrom(request.getSourceDataAddress()).build(); this.sourceDecorators.forEach((decorator) -> decorator.decorate(request, address, params)); return params.build(); } @@ -91,7 +91,7 @@ public HttpRequestParams provideSourceParams(DataFlowRequest request) { @Override public HttpRequestParams provideSinkParams(DataFlowRequest request) { HttpRequestParams.Builder params = HttpRequestParams.Builder.newInstance(); - HttpDataAddress address = org.eclipse.edc.spi.types.domain.HttpDataAddress.Builder.newInstance().copyFrom(request.getDestinationDataAddress()).build(); + HttpDataAddress address = HttpDataAddress.Builder.newInstance().copyFrom(request.getDestinationDataAddress()).build(); this.sinkDecorators.forEach((decorator) -> decorator.decorate(request, address, params)); return params.build(); } diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java index 13191e17..1269ed6a 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/MockAgreementController.java @@ -55,7 +55,7 @@ public MockAgreementController() { @Override public EndpointDataReference get(String assetId) { EndpointDataReference.Builder builder= EndpointDataReference.Builder.newInstance(); - builder.endpoint(String.format("http://localhost:%d/%s#%s",port,path,assetId)); + builder.id(assetId).contractId(assetId).endpoint(String.format("http://localhost:%d/%s#%s",port,path,assetId)); return builder.build(); } diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java index 5add5b1b..3b4c0361 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java @@ -88,7 +88,7 @@ public void testQuadRepresentation() { .add("@id", "4bf62562-9026-4dcf-93b5-42ea0de25490") .add("https://w3id.org/edc/v0.0.1/ns/id", "https://w3id.org/catenax/ontology/common#GraphAsset?test:ExampleAsset") .add("https://w3id.org/edc/v0.0.1/ns/contenttype", "application/json, application/xml") - .add("https://w3id.org/edc/v0.0.1/ns/version", "1.11.16-SNAPSHOT") + .add("https://w3id.org/edc/v0.0.1/ns/version", "1.12.17-SNAPSHOT") .add("https://w3id.org/edc/v0.0.1/ns/name", "Test Asset") .add("https://w3id.org/edc/v0.0.1/ns/description", "Test Asset for RDF Representation") .add("https://w3id.org/catenax/ontology/common#publishedUnderContract", "") @@ -178,7 +178,7 @@ public void testCatalogDeserialization() { " },\n" + " \"dcat:accessService\": \"ddd4b79e-f785-4e71-9fe5-4a177b3ccf54\"\n" + " },\n" + - " \"edc:version\": \"1.11.16-SNAPSHOT\",\n" + + " \"edc:version\": \"1.12.17-SNAPSHOT\",\n" + " \"http://www.w3.org/2000/01/rdf-schema#isDefinedBy\": \"\",\n" + " \"edc:name\": \"Diagnostic Trouble Code Catalogue Version 2022\",\n" + " \"http://www.w3.org/ns/shacl#shapeGraph\": \"@prefix cx-common: . \\n@prefix : .\\n@prefix cx-diag: .\\n@prefix owl: .\\n@prefix rdf: .\\n@prefix xsd: .\\n@prefix sh: .\\n\\n:OemDTC rdf:type sh:NodeShape ;\\n sh:targetClass cx-diag:DTC ;\\n sh:property [\\n sh:path cx-diag:provisionedBy ;\\n sh:hasValue ;\\n ] ;\\n sh:property [\\n sh:path cx-diag:version ;\\n sh:hasValue 0^^xsd:long ;\\n ] ;\\n sh:property [\\n sh:path cx-diag:affects ;\\n sh:class :OemDiagnosedParts ;\\n ] ;\\n\\n:OemDiagnosedParts rdf:type sh:NodeShape ;\\n sh:targetClass cx-diag:DiagnosedPart ;\\n sh:property [\\n sh:path cx-diag:provisionedBy ;\\n sh:hasValue ;\\n ] ;\\n\",\n" + diff --git a/agent-plane/agentplane-azure-vault/README.md b/agent-plane/agentplane-azure-vault/README.md index c997993d..d4f6157e 100644 --- a/agent-plane/agentplane-azure-vault/README.md +++ b/agent-plane/agentplane-azure-vault/README.md @@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using ```console -docker build -t tractusx//agentplane-azure-vault:1.11.16-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx//agentplane-azure-vault:1.12.17-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image, you could invoke this command diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 75493cb5..83c5dfcc 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ../pom.xml diff --git a/agent-plane/agentplane-hashicorp/README.md b/agent-plane/agentplane-hashicorp/README.md index 0f678993..40b8b16b 100644 --- a/agent-plane/agentplane-hashicorp/README.md +++ b/agent-plane/agentplane-hashicorp/README.md @@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using ```console -docker build -t tractusx/agentplane-hashicorp:1.11.16-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-hashicorp:1.12.17-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image, you could invoke this command @@ -66,7 +66,7 @@ docker run -p 8082:8082 \ -v $(pwd)/resources/dataplane.properties:/app/configuration.properties \ -v $(pwd)/resources/opentelemetry.properties:/app/opentelemetry.properties \ -v $(pwd)/resources/logging.properties:/app/logging.properties \ - tractusx/agentplane-hashicorp:1.11.16-SNAPSHOT + tractusx/agentplane-hashicorp:1.12.17-SNAPSHOT ```` Afterwards, you should be able to access the [local SparQL endpoint](http://localhost:8082/api/agent) via diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index f68d6868..fd7622b6 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ../pom.xml diff --git a/agent-plane/pom.xml b/agent-plane/pom.xml index f5635c1f..a9e14420 100644 --- a/agent-plane/pom.xml +++ b/agent-plane/pom.xml @@ -28,7 +28,7 @@ org.eclipse.tractusx.agents edc - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ../pom.xml Tractus-X EDC Agent Plane diff --git a/charts/agent-connector-azure-vault/Chart.yaml b/charts/agent-connector-azure-vault/Chart.yaml index b03f20f6..06129965 100644 --- a/charts/agent-connector-azure-vault/Chart.yaml +++ b/charts/agent-connector-azure-vault/Chart.yaml @@ -42,12 +42,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.11.16-SNAPSHOT +version: 1.12.17-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.11.16-SNAPSHOT" +appVersion: "1.12.17-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-connector-azure-vault/README.md b/charts/agent-connector-azure-vault/README.md index f75fc617..da3f79ac 100644 --- a/charts/agent-connector-azure-vault/README.md +++ b/charts/agent-connector-azure-vault/README.md @@ -20,7 +20,7 @@ # agent-connector-azure-vault -![Version: 1.11.16-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.11.16-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.17-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.17-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector configured against Azure Vault. This is a variant of [the Tractus-X Azure Vault Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-azure-vault) which allows to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a @@ -112,7 +112,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1.11.16-SNAPSHOT\ +helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1.12.17-SNAPSHOT\ -f /tractusx-connector-azure-vault-test.yaml \ --set vault.azure.name=$AZURE_VAULT_NAME \ --set vault.azure.client=$AZURE_CLIENT_ID \ diff --git a/charts/agent-connector-memory/Chart.yaml b/charts/agent-connector-memory/Chart.yaml index f09e3294..a515f12a 100644 --- a/charts/agent-connector-memory/Chart.yaml +++ b/charts/agent-connector-memory/Chart.yaml @@ -42,12 +42,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.11.16-SNAPSHOT +version: 1.12.17-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.11.16-SNAPSHOT" +appVersion: "1.12.17-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-connector-memory/README.md b/charts/agent-connector-memory/README.md index 76fc0015..4d6d3d62 100644 --- a/charts/agent-connector-memory/README.md +++ b/charts/agent-connector-memory/README.md @@ -20,7 +20,7 @@ # agent-connector-memory -![Version: 1.11.16-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.11.16-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.17-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.17-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector using In-Memory Persistence. This is a variant of [the Tractus-X In-Memory Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory) which allows to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a @@ -108,7 +108,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector --version 1.11.16-SNAPSHOT +helm install my-release eclipse-tractusx/agent-connector --version 1.12.17-SNAPSHOT ``` ## Maintainers diff --git a/charts/agent-connector/Chart.yaml b/charts/agent-connector/Chart.yaml index 16063ba4..753a1210 100644 --- a/charts/agent-connector/Chart.yaml +++ b/charts/agent-connector/Chart.yaml @@ -41,12 +41,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.11.16-SNAPSHOT +version: 1.12.17-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.11.16-SNAPSHOT" +appVersion: "1.12.17-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-connector/README.md b/charts/agent-connector/README.md index b14a8bbf..c0c28e28 100644 --- a/charts/agent-connector/README.md +++ b/charts/agent-connector/README.md @@ -20,7 +20,7 @@ # agent-connector -![Version: 1.11.16-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.11.16-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.17-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.17-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector. This is a variant of [the Tractus-X Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector) which allows to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a @@ -108,7 +108,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector --version 1.11.16-SNAPSHOT +helm install my-release eclipse-tractusx/agent-connector --version 1.12.17-SNAPSHOT ``` ## Maintainers diff --git a/common/README.md b/common/README.md index 4471a909..d093545f 100644 --- a/common/README.md +++ b/common/README.md @@ -57,7 +57,7 @@ add the following dependency to your maven dependencies (gradle should work anal org.eclipse.tractusx.edc auth-jwt - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT diff --git a/common/auth-jwt/README.md b/common/auth-jwt/README.md index ad5dc24a..7f58582a 100644 --- a/common/auth-jwt/README.md +++ b/common/auth-jwt/README.md @@ -37,7 +37,7 @@ Add the following dependency to your EDC artifact pom: org.eclipse.tractusx.agents.edc auth-jwt - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ``` diff --git a/common/auth-jwt/pom.xml b/common/auth-jwt/pom.xml index 37d7eba3..eba46e7e 100644 --- a/common/auth-jwt/pom.xml +++ b/common/auth-jwt/pom.xml @@ -27,7 +27,7 @@ org.eclipse.tractusx.agents edc - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT ../../pom.xml diff --git a/docs/README.md b/docs/README.md index d29a0661..5f1ee041 100644 --- a/docs/README.md +++ b/docs/README.md @@ -76,7 +76,7 @@ dependencies: - name: agent-connector-memory repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.11.16-SNAPSHOT + version: 1.12.17-SNAPSHOT alias: my-connector ``` @@ -87,7 +87,7 @@ dependencies: - name: agent-connector-azure-vault repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.11.16-SNAPSHOT + version: 1.12.17-SNAPSHOT alias: my-connector ``` @@ -98,7 +98,7 @@ dependencies: - name: agent-connector repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.11.16-SNAPSHOT + version: 1.12.17-SNAPSHOT alias: my-connector ``` diff --git a/pom.xml b/pom.xml index 2e984d99..cda1e6fd 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ 4.0.0 org.eclipse.tractusx.agents edc - 1.11.16-SNAPSHOT + 1.12.17-SNAPSHOT pom Tractus-X Knowledge Agents EDC Extensions EDC-Related Artifacts for Federated Procedure Calls @@ -37,30 +37,30 @@ 11 false - 5.10.1 - 5.4.0 - 0.6.0-rc1 - 0.3.1 + 5.10.2 + 5.2.0 + 0.6.0 + 0.5.1 3.3.2 - 4.11.0 + 4.12.0 3.6.0 - 2.0.9 + 2.0.12 3.1.0 - 9.35 + 9.37.3 4.0.1 5.0.2 4.9.0 - 1.10.1 - 4.6.5 + 1.11.1 + 4.7.3 2.2 2.5.0 5.13.0 1.0.4 1.8.0 - 1.11.3 + 1.12.2 4.1.101.Final 1.24.0 - 11.0.16 + 11.0.20 1.0.39 @@ -69,6 +69,7 @@ tractusx/ linux/amd64 + @@ -117,6 +118,7 @@ !online + @{jvm.agent} -Dnet.bytebuddy.experimental=true diff --git a/upgrade_version.sh b/upgrade_version.sh index e9de2ffa..dd43c782 100755 --- a/upgrade_version.sh +++ b/upgrade_version.sh @@ -16,7 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 -OLD_VERSION=1.11.16-SNAPSHOT +OLD_VERSION=1.12.17-SNAPSHOT echo Upgrading from $OLD_VERSION to $1 PATTERN=s/$OLD_VERSION/$1/g LC_ALL=C From a195e613940d18dbf97e2827b25c950f2f768bc2 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 4 Mar 2024 13:46:57 +0100 Subject: [PATCH 10/62] feat: refactor full connector chart into agent plane only chart --- charts/README.md | 6 +- charts/agent-connector-azure-vault/Chart.yaml | 62 -- charts/agent-connector-azure-vault/README.md | 382 ----------- .../README.md.gotmpl | 131 ---- .../ci/integration-values.yaml | 57 -- .../templates/NOTES.txt | 64 -- .../templates/_helpers.tpl | 200 ------ .../templates/configmap-controlplane.yaml | 35 - .../templates/configmap-dataplane.yaml | 45 -- .../templates/deployment-controlplane.yaml | 367 ---------- .../templates/deployment-dataplane.yaml | 362 ---------- .../templates/hpa-controlplane.yaml | 50 -- .../templates/hpa-dataplane.yaml | 53 -- .../templates/ingress-controlplane.yaml | 99 --- .../templates/networkpolicy.yaml | 45 -- .../templates/service-controlplane.yaml | 54 -- .../templates/service-dataplane.yaml | 64 -- .../tests/test-controlplane-readiness.yaml | 36 - .../agent-connector-azure-vault/values.yaml | 620 ----------------- charts/agent-connector-memory/.helmignore | 45 -- charts/agent-connector-memory/LICENSE | 202 ------ charts/agent-connector-memory/README.md | 372 ---------- .../agent-connector-memory/README.md.gotmpl | 120 ---- .../ci/integration-values.yaml | 57 -- .../templates/configmap-controlplane.yaml | 35 - .../templates/configmap-dataplane.yaml | 45 -- .../templates/deployment-controlplane.yaml | 302 --------- .../templates/hpa-controlplane.yaml | 50 -- .../templates/hpa-dataplane.yaml | 53 -- .../templates/ingress-controlplane.yaml | 99 --- .../templates/ingress-dataplane.yaml | 103 --- .../templates/networkpolicy.yaml | 45 -- .../templates/service-controlplane.yaml | 54 -- .../templates/service-dataplane.yaml | 64 -- .../templates/serviceaccount.yaml | 38 -- .../tests/test-controlplane-readiness.yaml | 36 - .../tests/test-dataplane-readiness.yaml | 41 -- charts/agent-connector-memory/values.yaml | 622 ----------------- charts/agent-connector/.helmignore | 45 -- charts/agent-connector/Chart.yaml | 67 -- charts/agent-connector/LICENSE | 202 ------ charts/agent-connector/README.md | 381 ----------- charts/agent-connector/templates/NOTES.txt | 64 -- charts/agent-connector/templates/_helpers.tpl | 199 ------ .../templates/configmap-controlplane.yaml | 35 - .../templates/deployment-controlplane.yaml | 366 ---------- .../templates/deployment-dataplane.yaml | 360 ---------- .../templates/hpa-controlplane.yaml | 50 -- .../templates/ingress-controlplane.yaml | 99 --- .../templates/ingress-dataplane.yaml | 103 --- .../templates/networkpolicy.yaml | 45 -- .../templates/service-controlplane.yaml | 54 -- .../templates/serviceaccount.yaml | 38 -- .../tests/test-controlplane-readiness.yaml | 36 - .../tests/test-dataplane-readiness.yaml | 41 -- charts/agent-connector/values.yaml | 634 ------------------ .../.helmignore | 0 .../Chart.yaml | 15 +- .../LICENSE | 0 charts/agent-plane/README.md | 237 +++++++ .../README.md.gotmpl | 54 +- .../ci/integration-values.yaml | 10 - .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/configmap-dataplane.yaml | 12 +- .../templates/deployment-dataplane.yaml | 8 +- .../templates/hpa-dataplane.yaml | 6 +- .../templates/ingress-dataplane.yaml | 5 +- .../templates/service-dataplane.yaml | 13 +- .../templates/serviceaccount.yaml | 0 .../tests/test-dataplane-readiness.yaml | 9 +- charts/agent-plane/values.yaml | 371 ++++++++++ 72 files changed, 643 insertions(+), 8031 deletions(-) delete mode 100644 charts/agent-connector-azure-vault/Chart.yaml delete mode 100644 charts/agent-connector-azure-vault/README.md delete mode 100644 charts/agent-connector-azure-vault/README.md.gotmpl delete mode 100644 charts/agent-connector-azure-vault/ci/integration-values.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/NOTES.txt delete mode 100644 charts/agent-connector-azure-vault/templates/_helpers.tpl delete mode 100644 charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/networkpolicy.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/service-controlplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/service-dataplane.yaml delete mode 100644 charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml delete mode 100644 charts/agent-connector-azure-vault/values.yaml delete mode 100644 charts/agent-connector-memory/.helmignore delete mode 100644 charts/agent-connector-memory/LICENSE delete mode 100644 charts/agent-connector-memory/README.md delete mode 100644 charts/agent-connector-memory/README.md.gotmpl delete mode 100644 charts/agent-connector-memory/ci/integration-values.yaml delete mode 100644 charts/agent-connector-memory/templates/configmap-controlplane.yaml delete mode 100644 charts/agent-connector-memory/templates/configmap-dataplane.yaml delete mode 100644 charts/agent-connector-memory/templates/deployment-controlplane.yaml delete mode 100644 charts/agent-connector-memory/templates/hpa-controlplane.yaml delete mode 100644 charts/agent-connector-memory/templates/hpa-dataplane.yaml delete mode 100644 charts/agent-connector-memory/templates/ingress-controlplane.yaml delete mode 100644 charts/agent-connector-memory/templates/ingress-dataplane.yaml delete mode 100644 charts/agent-connector-memory/templates/networkpolicy.yaml delete mode 100644 charts/agent-connector-memory/templates/service-controlplane.yaml delete mode 100644 charts/agent-connector-memory/templates/service-dataplane.yaml delete mode 100644 charts/agent-connector-memory/templates/serviceaccount.yaml delete mode 100644 charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml delete mode 100644 charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml delete mode 100644 charts/agent-connector-memory/values.yaml delete mode 100644 charts/agent-connector/.helmignore delete mode 100644 charts/agent-connector/Chart.yaml delete mode 100644 charts/agent-connector/LICENSE delete mode 100644 charts/agent-connector/README.md delete mode 100644 charts/agent-connector/templates/NOTES.txt delete mode 100644 charts/agent-connector/templates/_helpers.tpl delete mode 100644 charts/agent-connector/templates/configmap-controlplane.yaml delete mode 100644 charts/agent-connector/templates/deployment-controlplane.yaml delete mode 100644 charts/agent-connector/templates/deployment-dataplane.yaml delete mode 100644 charts/agent-connector/templates/hpa-controlplane.yaml delete mode 100644 charts/agent-connector/templates/ingress-controlplane.yaml delete mode 100644 charts/agent-connector/templates/ingress-dataplane.yaml delete mode 100644 charts/agent-connector/templates/networkpolicy.yaml delete mode 100644 charts/agent-connector/templates/service-controlplane.yaml delete mode 100644 charts/agent-connector/templates/serviceaccount.yaml delete mode 100644 charts/agent-connector/templates/tests/test-controlplane-readiness.yaml delete mode 100644 charts/agent-connector/templates/tests/test-dataplane-readiness.yaml delete mode 100644 charts/agent-connector/values.yaml rename charts/{agent-connector-azure-vault => agent-plane}/.helmignore (100%) rename charts/{agent-connector-memory => agent-plane}/Chart.yaml (76%) rename charts/{agent-connector-azure-vault => agent-plane}/LICENSE (100%) create mode 100644 charts/agent-plane/README.md rename charts/{agent-connector => agent-plane}/README.md.gotmpl (63%) rename charts/{agent-connector => agent-plane}/ci/integration-values.yaml (83%) rename charts/{agent-connector-memory => agent-plane}/templates/NOTES.txt (100%) rename charts/{agent-connector-memory => agent-plane}/templates/_helpers.tpl (100%) rename charts/{agent-connector => agent-plane}/templates/configmap-dataplane.yaml (77%) rename charts/{agent-connector-memory => agent-plane}/templates/deployment-dataplane.yaml (98%) rename charts/{agent-connector => agent-plane}/templates/hpa-dataplane.yaml (94%) rename charts/{agent-connector-azure-vault => agent-plane}/templates/ingress-dataplane.yaml (96%) rename charts/{agent-connector => agent-plane}/templates/service-dataplane.yaml (82%) rename charts/{agent-connector-azure-vault => agent-plane}/templates/serviceaccount.yaml (100%) rename charts/{agent-connector-azure-vault => agent-plane}/templates/tests/test-dataplane-readiness.yaml (87%) create mode 100644 charts/agent-plane/values.yaml diff --git a/charts/README.md b/charts/README.md index bac9da9c..a6bb9123 100644 --- a/charts/README.md +++ b/charts/README.md @@ -20,11 +20,9 @@ # Helm Charts -This folder contains ready-made charts for the following variants of the Agent-Enabled EDC +This folder contains ready-made charts for obtaining an Agent-Enabled EDC -- [Agent-Enabled EDC based on Hashicorp Vault and PostgreSQL persistence](agent-connector) -- [Agent-Enabled EDC based on Azure Vault and PostgreSQL persistence](agent-connector-azure-vault) -- [Agent-Enabled EDC based on Hashicorp Vault and in-memory persistence](agent-connector-memory) +- [Agent-Enabled Dataplane](agent-plane) ## Chart Linting diff --git a/charts/agent-connector-azure-vault/Chart.yaml b/charts/agent-connector-azure-vault/Chart.yaml deleted file mode 100644 index 3c86532b..00000000 --- a/charts/agent-connector-azure-vault/Chart.yaml +++ /dev/null @@ -1,62 +0,0 @@ -# -# Copyright (c) 2023,2024 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -apiVersion: v2 -name: agent-connector-azure-vault -description: | - A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector configured against Azure Vault. This is a variant of [the Tractus-X Azure Vault Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-azure-vault) which allows - to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a - Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included. - - This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault. -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.17-SNAPSHOT -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.12.17-SNAPSHOT" -home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ -sources: - - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector -dependencies: - # PostgreSQL - - name: postgresql - alias: postgresql - version: 12.1.6 - repository: https://charts.bitnami.com/bitnami - condition: install.postgresql -maintainers: - - name: 'Tractus-X Knowledge Agents Team' diff --git a/charts/agent-connector-azure-vault/README.md b/charts/agent-connector-azure-vault/README.md deleted file mode 100644 index f214ae7e..00000000 --- a/charts/agent-connector-azure-vault/README.md +++ /dev/null @@ -1,382 +0,0 @@ - - -# agent-connector-azure-vault - -![Version: 1.12.17-SNAPSHOT](https://img.shields.io/badge/Version-1.12.17--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.17-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.17--SNAPSHOT-informational?style=flat-square) - -A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector configured against Azure Vault. This is a variant of [the Tractus-X Azure Vault Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-azure-vault) which allows -to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a -Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and Azure KeyVault are included. - -This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ Azure KeyVault. - -**Homepage:** - -## Setting up your BPNL and the Control Plane's Management API Key - -The secure API-Key that is shared between control and agent plane is configured in the following property: -- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls). - -You should set your BPNL in the folloing property: -- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding. - -## Setting up Azure Vault - -You should set your BPNL in the folloing property: -- 'vault.azure.name': Name of the vault -- 'vault.azure.client': Id of the registered application that this EDC represents -- 'vault.azure.tenant': Id of the subscription that the vault runs into -- 'vault.azure.secret' or 'vault.azure.certificate': the secret/credential to use when interacting with Azure Vault - -### Setting up the transfer token encryption - -Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose -you should setup a private/public certificate as well as a symmetric AES key. - -- 'vault.secretNames.transferProxyTokenSignerPrivateKey': -- 'vault.secretNames.transferProxyTokenSignerPublicKey': -- 'vault.secretNames.transferProxyTokenEncryptionAesKey': - -## Setting up SSI - -### Preconditions - -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the - Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows: - ```bash - az keyvault secret set --vault-name --name client-secret --value "$YOUR_CLIENT_SECRET" - ``` - By default, Tractus-X EDC expects to find the secret under `client-secret`. - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - -## Setting up the Agent Planes - -Make sure to adapt the Agent Plane's application-facing endpoint security: -- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) -- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key -- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault -- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found -- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) - -Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. -- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. -- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. -- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. -- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. - -Be sure to adapt the agent configuration -- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. -- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. -- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. -- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1.12.17-SNAPSHOT\ - -f /tractusx-connector-azure-vault-test.yaml \ - --set vault.azure.name=$AZURE_VAULT_NAME \ - --set vault.azure.client=$AZURE_CLIENT_ID \ - --set vault.azure.secret=$AZURE_CLIENT_SECRET \ - --set vault.azure.tenant=$AZURE_TENANT_ID -``` - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Tractus-X Knowledge Agents Team | | | - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.1.6 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `""` | | -| controlplane.affinity | object | `{}` | | -| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | -| controlplane.debug.enabled | bool | `false` | | -| controlplane.debug.port | int | `1044` | | -| controlplane.debug.suspendOnStart | bool | `false` | | -| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | -| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | -| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | -| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | -| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | -| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | -| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | -| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | -| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | -| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | -| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | -| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | -| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | -| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| controlplane.env.EDC_JSONLD_HTTPS_ENABLED | string | `"true"` | | -| controlplane.envConfigMapNames | list | `[]` | | -| controlplane.envSecretNames | list | `[]` | | -| controlplane.envValueFrom | object | `{}` | | -| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | -| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.initContainers | list | `[]` | | -| controlplane.limits.cpu | float | `1.5` | | -| controlplane.limits.memory | string | `"512Mi"` | | -| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| controlplane.nodeSelector | object | `{}` | | -| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| controlplane.podAnnotations | object | `{}` | additional annotations for the pod | -| controlplane.podLabels | object | `{}` | additional labels for the pod | -| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds | -| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.replicaCount | int | `1` | | -| controlplane.requests.cpu | string | `"500m"` | | -| controlplane.requests.memory | string | `"128Mi"` | | -| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | | -| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority | -| controlplane.ssi.miw.url | string | `""` | MIW URL | -| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak | -| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. | -| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained | -| controlplane.tolerations | list | `[]` | | -| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | -| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| customLabels | object | `{}` | To add some custom labels | -| dataplanes.dataplane.affinity | object | `{}` | | -| dataplanes.dataplane.agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | -| dataplanes.dataplane.agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | -| dataplanes.dataplane.agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | -| dataplanes.dataplane.agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | -| dataplanes.dataplane.agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | -| dataplanes.dataplane.agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) | -| dataplanes.dataplane.agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) | -| dataplanes.dataplane.agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue | -| dataplanes.dataplane.auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries | -| dataplanes.dataplane.auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service | -| dataplanes.dataplane.auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. | -| dataplanes.dataplane.auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt | -| dataplanes.dataplane.auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas | -| dataplanes.dataplane.auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation | -| dataplanes.dataplane.auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt | -| dataplanes.dataplane.auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally | -| dataplanes.dataplane.auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) | -| dataplanes.dataplane.auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead | -| dataplanes.dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| dataplanes.dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| dataplanes.dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| dataplanes.dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| dataplanes.dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| dataplanes.dataplane.aws.accessKeyId | string | `""` | | -| dataplanes.dataplane.aws.endpointOverride | string | `""` | | -| dataplanes.dataplane.aws.secretAccessKey | string | `""` | | -| dataplanes.dataplane.configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | -| dataplanes.dataplane.configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | -| dataplanes.dataplane.debug.enabled | bool | `false` | | -| dataplanes.dataplane.debug.port | int | `1044` | | -| dataplanes.dataplane.debug.suspendOnStart | bool | `false` | | -| dataplanes.dataplane.destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | -| dataplanes.dataplane.endpoints.callback.path | string | `"/callback"` | | -| dataplanes.dataplane.endpoints.callback.port | int | `8087` | | -| dataplanes.dataplane.endpoints.control.path | string | `"/api/dataplane/control"` | | -| dataplanes.dataplane.endpoints.control.port | int | `8083` | | -| dataplanes.dataplane.endpoints.default.path | string | `"/api"` | | -| dataplanes.dataplane.endpoints.default.port | int | `8080` | | -| dataplanes.dataplane.endpoints.metrics.path | string | `"/metrics"` | | -| dataplanes.dataplane.endpoints.metrics.port | int | `9090` | | -| dataplanes.dataplane.endpoints.proxy.path | string | `"/proxy"` | | -| dataplanes.dataplane.endpoints.proxy.port | int | `8186` | | -| dataplanes.dataplane.endpoints.public.path | string | `"/api/public"` | | -| dataplanes.dataplane.endpoints.public.port | int | `8081` | | -| dataplanes.dataplane.env | object | `{}` | | -| dataplanes.dataplane.envConfigMapNames | list | `[]` | | -| dataplanes.dataplane.envSecretNames | list | `[]` | | -| dataplanes.dataplane.envValueFrom | object | `{}` | | -| dataplanes.dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| dataplanes.dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | -| dataplanes.dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| dataplanes.dataplane.ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} | -| dataplanes.dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| dataplanes.dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| dataplanes.dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| dataplanes.dataplane.ingresses[0].enabled | bool | `false` | | -| dataplanes.dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | -| dataplanes.dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| dataplanes.dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| dataplanes.dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| dataplanes.dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| dataplanes.dataplane.initContainers | list | `[]` | | -| dataplanes.dataplane.limits.cpu | float | `1.5` | | -| dataplanes.dataplane.limits.memory | string | `"1024Mi"` | | -| dataplanes.dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplanes.dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplanes.dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| dataplanes.dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplanes.dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplanes.dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplanes.dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| dataplanes.dataplane.name | string | `"agentplane"` | the name of the dataplane | -| dataplanes.dataplane.nodeSelector | object | `{}` | | -| dataplanes.dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| dataplanes.dataplane.podAnnotations | object | `{}` | additional annotations for the pod | -| dataplanes.dataplane.podLabels | object | `{}` | additional labels for the pod | -| dataplanes.dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| dataplanes.dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| dataplanes.dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| dataplanes.dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| dataplanes.dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| dataplanes.dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplanes.dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplanes.dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| dataplanes.dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplanes.dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplanes.dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplanes.dataplane.replicaCount | int | `1` | | -| dataplanes.dataplane.requests.cpu | string | `"500m"` | | -| dataplanes.dataplane.requests.memory | string | `"128Mi"` | | -| dataplanes.dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| dataplanes.dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| dataplanes.dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| dataplanes.dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| dataplanes.dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| dataplanes.dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| dataplanes.dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplanes.dataplane.service.port | int | `80` | | -| dataplanes.dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplanes.dataplane.sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | -| dataplanes.dataplane.tolerations | list | `[]` | | -| dataplanes.dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| dataplanes.dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| dataplanes.dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| fullnameOverride | string | `""` | | -| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| imageRegistry | string | `"docker.io/"` | Image registry to use | -| install.postgresql | bool | `true` | | -| nameOverride | string | `""` | | -| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | -| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | -| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component | -| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | -| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | -| participant.id | string | `""` | BPN Number | -| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | -| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | -| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| vault.azure.certificate | string | `nil` | | -| vault.azure.client | string | `""` | | -| vault.azure.name | string | `""` | | -| vault.azure.secret | string | `nil` | | -| vault.azure.tenant | string | `""` | | -| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/agent-connector-azure-vault/README.md.gotmpl b/charts/agent-connector-azure-vault/README.md.gotmpl deleted file mode 100644 index 2aa860fa..00000000 --- a/charts/agent-connector-azure-vault/README.md.gotmpl +++ /dev/null @@ -1,131 +0,0 @@ - - -{{ template "chart.header" . }} - -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -## Setting up your BPNL and the Control Plane's Management API Key - -The secure API-Key that is shared between control and agent plane is configured in the following property: -- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls). - -You should set your BPNL in the folloing property: -- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding. - -## Setting up Azure Vault - -You should set your BPNL in the folloing property: -- 'vault.azure.name': Name of the vault -- 'vault.azure.client': Id of the registered application that this EDC represents -- 'vault.azure.tenant': Id of the subscription that the vault runs into -- 'vault.azure.secret' or 'vault.azure.certificate': the secret/credential to use when interacting with Azure Vault - -### Setting up the transfer token encryption - -Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose -you should setup a private/public certificate as well as a symmetric AES key. - -- 'vault.secretNames.transferProxyTokenSignerPrivateKey': -- 'vault.secretNames.transferProxyTokenSignerPublicKey': -- 'vault.secretNames.transferProxyTokenEncryptionAesKey': - -## Setting up SSI - -### Preconditions - -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the - Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows: - ```bash - az keyvault secret set --vault-name --name client-secret --value "$YOUR_CLIENT_SECRET" - ``` - By default, Tractus-X EDC expects to find the secret under `client-secret`. - - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - -## Setting up the Agent Planes - -Make sure to adapt the Agent Plane's application-facing endpoint security: -- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) -- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key -- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault -- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found -- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) - -Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. -- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. -- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. -- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. -- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. - -Be sure to adapt the agent configuration -- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. -- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. -- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. -- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector-azure-vault --version {{ .Version }}\ - -f /tractusx-connector-azure-vault-test.yaml \ - --set vault.azure.name=$AZURE_VAULT_NAME \ - --set vault.azure.client=$AZURE_CLIENT_ID \ - --set vault.azure.secret=$AZURE_CLIENT_SECRET \ - --set vault.azure.tenant=$AZURE_TENANT_ID -``` - - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -{{ template "helm-docs.versionFooter" . }} diff --git a/charts/agent-connector-azure-vault/ci/integration-values.yaml b/charts/agent-connector-azure-vault/ci/integration-values.yaml deleted file mode 100644 index 37cc28cb..00000000 --- a/charts/agent-connector-azure-vault/ci/integration-values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - -install: - postgresql: true - -controlplane: - endpoints: - management: - authKey: "bla" - ssi: - miw: - url: "https://managed-identity-wallets.int" - authorityId: "BPNL0000000DUMMY" - oauth: - tokenurl: "https://keycloak/auth/realms/REALM/protocol/openid-connect/token" - client: - id: "serviceaccount" - secretAlias: "miw-secret" - -vault: - azure: - name: "AZURE_NAME" - tenant: "AZURE_TENANT" - client: "AZURE_CLIENT" - secret: "AZURE_SECRET" - hashicorp: - url: "https://vault.demo" - token: "VAULT_TOKEN" - paths: - secret: "/v1/secrets" - secretNames: - transferProxyTokenSignerPrivateKey: "key" - transferProxyTokenSignerPublicKey: "cert" - transferProxyTokenEncryptionAesKey: "symmetric-key" -participant: - id: "BPNL0000000DUMMY" diff --git a/charts/agent-connector-azure-vault/templates/NOTES.txt b/charts/agent-connector-azure-vault/templates/NOTES.txt deleted file mode 100644 index 02f84e82..00000000 --- a/charts/agent-connector-azure-vault/templates/NOTES.txt +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 - - 1. Get the control plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.controlplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }} -{{- else if contains "ClusterIP" $.Values.controlplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} - -2. Get the data plane URL(s) by running these commands: -{{- range $dataplane_name, $dataplane := .Values.repositories }} -{{ with index $dataplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $dataplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }}) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $dataplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $dataplane.service.port }} -{{- else if contains "ClusterIP" $dataplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector-azure-vault/templates/_helpers.tpl b/charts/agent-connector-azure-vault/templates/_helpers.tpl deleted file mode 100644 index a6fcc117..00000000 --- a/charts/agent-connector-azure-vault/templates/_helpers.tpl +++ /dev/null @@ -1,200 +0,0 @@ -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - -{{/* -Expand the name of the chart. -*/}} -{{- define "txdc.name" -}} -{{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "txdc.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "txdc.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.controlplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.controlplane.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-controlplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" .root }} -{{ include "txdc.dataplane.selectorLabels" . }} -{{- if .root.Chart.AppVersion }} -app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .root.Release.Service }} -app.kubernetes.io/component: edc-dataplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Control Selector labels -*/}} -{{- define "txdc.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane -app.kubernetes.io/instance: {{ .Release.Name }}-controlplane -{{- end }} - -{{/* -Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }} -app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.controlplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.dataplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Control DSP URL -*/}} -{{- define "txdc.controlplane.url.protocol" -}} -{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} -{{- .Values.controlplane.url.protocol }} -{{- else }}{{/* else when dsp api url has not been specified explicitly */}} -{{- with (index .Values.controlplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s" .hostname -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s" .hostname -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.controlplane.url.protocol */}} -{{- end }} - -{{/* -Validation URL -*/}} -{{- define "txdc.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.url.public" -}} -{{- $dataplane := .dataplane -}} -{{- $root := .root -}} -{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- .dataplane.url.public }} -{{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index .dataplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .url.public */}} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml b/charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml deleted file mode 100644 index d69e0de8..00000000 --- a/charts/agent-connector-azure-vault/templates/configmap-controlplane.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.controlplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- .Values.controlplane.logging | nindent 4 }} diff --git a/charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml b/charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml deleted file mode 100644 index b5dda6ea..00000000 --- a/charts/agent-connector-azure-vault/templates/configmap-dataplane.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -data: - opentelemetry.properties: |- - {{- $dataplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- $dataplane.logging | nindent 4 }} - - {{- range $config_name, $config_value := $dataplane.configs }} - {{ $config_name }}: |- - {{ $config_value | nindent 4 }} - {{- end }} - -{{- end }} diff --git a/charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml b/charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml deleted file mode 100644 index 2f064d2c..00000000 --- a/charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml +++ /dev/null @@ -1,367 +0,0 @@ ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.controlplane.autoscaling.enabled }} - replicas: {{ .Values.controlplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.controlplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }} - {{- with .Values.controlplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }} - initContainers: - {{- toYaml .Values.controlplane.initContainers | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.controlplane.securityContext | nindent 12 }} - - # either use the specified image, or use the default one - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default "0.5.1" }}" - {{- else }} - image: "tractusx/edc-controlplane-postgresql-azure-vault:{{ .Values.controlplane.image.tag | default "0.5.1" }}" - {{- end }} - imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }} - ports: - {{- range $key,$value := .Values.controlplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.controlplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.controlplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.controlplane.resources | nindent 12 }} - env: - {{- if .Values.controlplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if .Values.controlplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }} - {{- end }} - {{- end }} - - ######################## - ## ID CONFIGURATION ## - ######################## - - name: EDC_PARTICIPANT_ID - value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - - ########################## - # SSI / MIW CONFIGURATION - ########################## - - name: "TX_SSI_MIW_URL" - value: {{ .Values.controlplane.ssi.miw.url | quote }} - - name: "TX_SSI_MIW_AUTHORITY_ID" - value: {{ .Values.controlplane.ssi.miw.authorityId | quote }} - - name: "TX_SSI_OAUTH_TOKEN_URL" - value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }} - - name: "TX_SSI_OAUTH_CLIENT_ID" - value: {{ .Values.controlplane.ssi.oauth.client.id | quote }} - - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS" - value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }} - - name: "TX_SSI_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - ####### - # API # - ####### - - name: "EDC_API_AUTH_KEY" - value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }} - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.controlplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.controlplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_MANAGEMENT_PORT" - value: {{ .Values.controlplane.endpoints.management.port | quote }} - - name: "WEB_HTTP_MANAGEMENT_PATH" - value: {{ .Values.controlplane.endpoints.management.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.controlplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.controlplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PROTOCOL_PORT" - value: {{ .Values.controlplane.endpoints.protocol.port | quote }} - - name: "WEB_HTTP_PROTOCOL_PATH" - value: {{ .Values.controlplane.endpoints.protocol.path | quote }} - - ######### - ## DSP ## - ######### - - - name: "EDC_DSP_CALLBACK_ADDRESS" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - name: "EDC_OAUTH_PROVIDER_AUDIENCE" - value: "idsc:IDS_CONNECTORS_ALL" - - name: "EDC_OAUTH_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }} - - ################ - ## POSTGRESQL ## - ################ - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/asset-index-sql - - name: "EDC_DATASOURCE_ASSET_NAME" - value: "asset" - - name: "EDC_DATASOURCE_ASSET_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_ASSET_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_ASSET_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-definition-store-sql - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_NAME" - value: "contractdefinition" - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-negotiation-store-sql - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME" - value: "contractnegotiation" - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/policy-store-sql - - name: "EDC_DATASOURCE_POLICY_NAME" - value: "policy" - - name: "EDC_DATASOURCE_POLICY_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_POLICY_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_POLICY_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/transfer-process-store-sql - - name: "EDC_DATASOURCE_TRANSFERPROCESS_NAME" - value: "transferprocess" - - name: "EDC_DATASOURCE_TRANSFERPROCESS_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - ################ - ## DATA PLANE ## - ################ - - {{- range $dataplane_name, $dataplane := .Values.dataplanes }} - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_URL" (upper $dataplane.name) | quote }} - value: {{ include "txdc.dataplane.url.control" (dict "dataplane" $dataplane "root" $) }}/transfer - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_SOURCETYPES" (upper $dataplane.name) | quote }} - value: {{ $dataplane.sourceTypes }} - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_DESTINATIONTYPES" (upper $dataplane.name) | quote }} - value: {{ $dataplane.destinationTypes }} - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_PROPERTIES" (upper $dataplane.name) | quote }} - value: |- - {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" (dict "dataplane" $dataplane "root" $)) }} - {{- end }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" (dict "dataplane" .Values.dataplanes.dataplane "root" $) }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - {{- end }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - {{- end }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver - {{- if .Values.backendService.httpProxyTokenReceiverUrl }} - - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | quote }} - {{- end }} - - ########### - ## VAULT ## - ########### - - - name: "EDC_VAULT_CLIENTID" - value: {{ .Values.vault.azure.client | required ".Values.vault.azure.client is required" | quote }} - - name: "EDC_VAULT_TENANTID" - value: {{ .Values.vault.azure.tenant | required ".Values.vault.azure.tenant is required" | quote }} - - name: "EDC_VAULT_NAME" - value: {{ .Values.vault.azure.name | required ".Values.vault.azure.name is required" | quote }} - # only set the env var if config value not null - {{- if .Values.vault.azure.secret }} - - name: "EDC_VAULT_CLIENTSECRET" - value: {{ .Values.vault.azure.secret | quote }} - {{- end }} - # only set the env var if config value not null - {{- if .Values.vault.azure.certificate }} - - name: "EDC_VAULT_CERTIFICATE" - value: {{ .Values.vault.azure.certificate | quote }} - {{- end }} - - ##################### - ## DATA ENCRYPTION ## - ##################### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/data-encryption - - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }} - - name: "EDC_DATA_ENCRYPTION_ALGORITHM" - value: "AES" - - ########################### - ## AAS WRAPPER EXTENSION ## - ########################### - - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER" - value: "0" - - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT" - value: "0" - - ########################### - ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## - ########################### - - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION" - value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }} - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" .}}-controlplane - {{- range $key, $value := .Values.controlplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.controlplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.controlplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.controlplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - - name: "tmp" - mountPath: "/tmp" - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-controlplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - - name: "tmp" - emptyDir: { } - {{- with .Values.controlplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml deleted file mode 100644 index d6524e8a..00000000 --- a/charts/agent-connector-azure-vault/templates/deployment-dataplane.yaml +++ /dev/null @@ -1,362 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -spec: - {{- if not $dataplane.autoscaling.enabled }} - replicas: {{ $dataplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }} - template: - metadata: - {{- with $dataplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }} - {{- with $dataplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $root.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" $root }} - securityContext: - {{- toYaml $dataplane.podSecurityContext | nindent 8 }} - initContainers: - {{- toYaml $dataplane.initContainers | nindent 8 }} - containers: - - name: {{ $root.Chart.Name }} - securityContext: - {{- toYaml $dataplane.securityContext | nindent 12 }} - {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.5.0" }}" - {{- else if $dataplane.agent }} - image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" - {{- else }} - image: "tractusx/edc-dataplane-azure-vault:{{ $dataplane.image.tag | default "0.5.0" }}" - {{- end }} - imagePullPolicy: {{ $dataplane.image.pullPolicy }} - ports: - {{- range $key,$value := $dataplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if $dataplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ $dataplane.endpoints.default.path }}/check/liveness - port: {{ $dataplane.endpoints.default.port }} - initialDelaySeconds: {{ $dataplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ $dataplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ $dataplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ $dataplane.livenessProbe.failureThreshold }} - successThreshold: {{ $dataplane.livenessProbe.successThreshold }} - {{- end }} - {{- if $dataplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ $dataplane.endpoints.default.path }}/check/readiness - port: {{ $dataplane.endpoints.default.port }} - initialDelaySeconds: {{ $dataplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ $dataplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ $dataplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ $dataplane.readinessProbe.failureThreshold }} - successThreshold: {{ $dataplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml $dataplane.resources | nindent 12 }} - env: - {{- if $dataplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if and $dataplane.debug.enabled $dataplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" $dataplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" $dataplane.debug.port }} - {{- end }} - {{- end }} - - ####### - # API # - ####### - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ $dataplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ $dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ $dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ $dataplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PUBLIC_PORT" - value: {{ $dataplane.endpoints.public.port | quote }} - - name: "WEB_HTTP_PUBLIC_PATH" - value: {{ $dataplane.endpoints.public.path | quote }} - - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txdc.controlplane.url.validation" $root}} - - ################### - # AUTH (JWT) # - ################### - {{- if $dataplane.auth }} - {{- range $auth, $authDef := $dataplane.auth }} - - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }} - value: {{ $authDef.type | required "Authentication Service needs a type" | quote }} - - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }} - value: {{ $authDef.context | required "Authentication Service needs a context" | quote }} - {{- if $authDef.exclude }} - - name: {{ printf "TRACTUSX_AUTH_%s_EXCLUDE" (upper $auth) | quote }} - value: {{ $authDef.exclude | quote }} - {{- end }} - {{- if $authDef.register }} - - name: {{ printf "TRACTUSX_AUTH_%s_REGISTER" (upper $auth) | quote }} - value: {{ $authDef.register | quote }} - {{- end }} - {{- if $authDef.apiCode }} - - name: {{ printf "TRACTUSX_AUTH_%s_APICODE" (upper $auth) | quote }} - value: {{ $authDef.apiCode | quote }} - {{- end }} - {{- if $authDef.vaultKey }} - - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }} - value: {{ $authDef.vaultKey | quote }} - {{- end }} - {{- if $authDef.publicKey }} - - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }} - value: {{ $authDef.publicKey | quote }} - {{- end }} - {{- if $authDef.checkExpiry }} - - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }} - value: {{ $authDef.checkExpiry | quote }} - {{- end }} - {{- end }} - {{- end }} - - {{- if $dataplane.endpoints.callback }} - - ################### - # AGENT CALLBACK # - ################### - - name: "WEB_HTTP_CALLBACK_PORT" - value: {{ $dataplane.endpoints.callback.port | quote }} - - name: "WEB_HTTP_CALLBACK_PATH" - value: {{ $dataplane.endpoints.callback.path | quote }} - - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - - name: "EDC_API_AUTH_KEY" - value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} - - name: "EDC_PARTICIPANT_ID" - value: {{ $root.Values.participant.id | quote }} - - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" - value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} - - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" - value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} - {{- end }} - - {{- if $dataplane.agent }} - - name: "CX_AGENT_EDC_VERSION" - value: {{ $dataplane.agent.edcVersion | default $root.Values.controlplane.image.tag | quote }} - {{- end }} - - {{- if $dataplane.agent.default }} - - ############### - # AGENT INIT # - ############### - - name: "CX_AGENT_ASSET_FILE" - value: {{ join "," $dataplane.agent.default | quote }} - - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" - value: {{ $dataplane.agent.skillcontract | quote }} - {{- end }} - - {{- if $dataplane.agent.services }} - - ################### - # AGENT SERVICES # - ################### - {{- if $dataplane.agent.services.allow }} - - name: "CX_AGENT_SERVICE_ALLOW" - value: {{ $dataplane.agent.services.allow | quote }} - {{- end }} - {{- if $dataplane.agent.services.deny }} - - name: "CX_AGENT_SERVICE_DENY" - value: {{ $dataplane.agent.services.deny | quote }} - {{- end }} - {{- if $dataplane.agent.services.asset }} - {{- if $dataplane.agent.services.asset.allow }} - - name: "CX_AGENT_SERVICE_ASSET_ALLOW" - value: {{ $dataplane.agent.services.asset.allow | quote }} - {{- end }} - {{- if $dataplane.agent.services.asset.deny }} - - name: "CX_AGENT_SERVICE_ASSET_DENY" - value: {{ $dataplane.agent.services.asset.deny | quote }} - {{- end }} - {{- end }} - {{- end }} - - - {{- if $dataplane.agent.connectors }} - - ################### - # AGENT SYNC # - ################### - - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{ join "," $dataplane.agent.connectors | quote }} - - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" - value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - - name: "CX_AGENT_FEDERATION_BATCH_MAX" - value: {{ $dataplane.agent.maxbatchsize | quote }} - {{- end }} - - ####### - # AWS # - ####### - {{- if $dataplane.aws.endpointOverride }} - - name: "EDC_AWS_ENDPOINT_OVERRIDE" - value: {{ $dataplane.aws.endpointOverride | quote }} - {{- end }} - {{- if $dataplane.aws.secretAccessKey }} - - name: "AWS_SECRET_ACCESS_KEY" - value: {{ $dataplane.aws.secretAccessKey | quote }} - {{- end }} - {{- if $dataplane.aws.accessKeyId }} - - name: "AWS_ACCESS_KEY_ID" - value: {{ $dataplane.aws.accessKeyId | quote }} - {{- end }} - - ############### - ## EDR CACHE ## - ############### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ $root.Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ $root.Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl $root.Values.postgresql.jdbcUrl $root | quote }} - - ########### - ## VAULT ## - ########### - - - name: "EDC_VAULT_CLIENTID" - value: {{ $root.Values.vault.azure.client | quote }} - - name: "EDC_VAULT_TENANTID" - value: {{ $root.Values.vault.azure.tenant | quote }} - - name: "EDC_VAULT_NAME" - value: {{ $root.Values.vault.azure.name | quote }} - # only set the env var if config value not null - {{- if $root.Values.vault.azure.secret }} - - name: "EDC_VAULT_CLIENTSECRET" - value: {{ $root.Values.vault.azure.secret | quote }} - {{- end }} - # only set the env var if config value not null - {{- if $root.Values.vault.azure.certificate }} - - name: "EDC_VAULT_CERTIFICATE" - value: {{ $root.Values.vault.azure.certificate | quote }} - {{- end }} - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }} - {{- range $key, $value := $dataplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := $dataplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or $dataplane.envSecretNames $dataplane.envConfigMapNames) (or (gt (len $dataplane.envSecretNames) 0) (gt (len $dataplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := $dataplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := $dataplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - - name: "tmp" - mountPath: "/tmp" - - {{- range $config_name, $config_value := $dataplane.configs }} - - name: "configuration" - mountPath: {{ printf "/app/%s" $config_name | quote }} - subPath: {{ printf "%s" $config_name | quote }} - {{- end }} - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }} - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - {{- range $config_name, $config_value := $dataplane.configs }} - - key: {{ printf "%s" $config_name | quote }} - path: {{ printf "%s" $config_name | quote }} - {{- end }} - - name: "tmp" - emptyDir: { } - {{- with $dataplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $dataplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $dataplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml b/charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml deleted file mode 100644 index 50c1dbb5..00000000 --- a/charts/agent-connector-azure-vault/templates/hpa-controlplane.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.controlplane.autoscaling.enabled }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-controlplane - minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml b/charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml deleted file mode 100644 index d9c0f6c2..00000000 --- a/charts/agent-connector-azure-vault/templates/hpa-dataplane.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} -{{- if $dataplane.autoscaling.enabled }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - minReplicas: {{ $dataplane.autoscaling.minReplicas }} - maxReplicas: {{ $dataplane.autoscaling.maxReplicas }} - metrics: - {{- if $dataplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $dataplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if $dataplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml b/charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml deleted file mode 100644 index 47806a8d..00000000 --- a/charts/agent-connector-azure-vault/templates/ingress-controlplane.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- $fullName := include "txdc.fullname" . }} -{{- $controlLabels := include "txdc.controlplane.labels" . }} -{{- $controlEdcEndpoints := .Values.controlplane.endpoints }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.controlplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }} -{{- $annotations := .annotations | default dict }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $controlIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $controlLabels | nindent 4 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }} - {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $controlIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $controlEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-controlplane - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/agent-connector-azure-vault/templates/networkpolicy.yaml b/charts/agent-connector-azure-vault/templates/networkpolicy.yaml deleted file mode 100644 index 05b59029..00000000 --- a/charts/agent-connector-azure-vault/templates/networkpolicy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} -{{- range tuple "controlplane" "dataplane" }} -{{- $name := . }} ---- -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "txdc.fullname" $ }}-{{ $name }} - labels: - {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }} - ingress: - - from: - {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }} - ports: - {{- range $key,$value := (index $.Values $name "endpoints") }} - - port: {{ $value.port }} - protocol: TCP - {{- end }} - policyTypes: - - Ingress ---- -{{- end }} -{{- end }} diff --git a/charts/agent-connector-azure-vault/templates/service-controlplane.yaml b/charts/agent-connector-azure-vault/templates/service-controlplane.yaml deleted file mode 100644 index e993b46d..00000000 --- a/charts/agent-connector-azure-vault/templates/service-controlplane.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - type: {{ .Values.controlplane.service.type }} - ports: - - port: {{ .Values.controlplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.controlplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.controlplane.endpoints.management.port }} - targetPort: management - protocol: TCP - name: management - - port: {{ .Values.controlplane.endpoints.protocol.port }} - targetPort: protocol - protocol: TCP - name: protocol - - port: {{ .Values.controlplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: - {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }} diff --git a/charts/agent-connector-azure-vault/templates/service-dataplane.yaml b/charts/agent-connector-azure-vault/templates/service-dataplane.yaml deleted file mode 100644 index 71619f89..00000000 --- a/charts/agent-connector-azure-vault/templates/service-dataplane.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -spec: - type: {{ $dataplane.service.type }} - ports: - - port: {{ $dataplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ $dataplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ $dataplane.endpoints.public.port }} - targetPort: public - protocol: TCP - name: public - - port: {{ $dataplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - - port: {{ $dataplane.endpoints.proxy.port }} - targetPort: proxy - protocol: TCP - name: proxy - {{- if $dataplane.endpoints.callback }} - - port: {{ $dataplane.endpoints.callback.port }} - targetPort: callback - protocol: TCP - name: callback - {{- end }} - selector: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml b/charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml deleted file mode 100644 index efd6f3b1..00000000 --- a/charts/agent-connector-azure-vault/templates/tests/test-controlplane-readiness.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-controlplane-readiness" - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ 'curl' ] - args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] - restartPolicy: Never diff --git a/charts/agent-connector-azure-vault/values.yaml b/charts/agent-connector-azure-vault/values.yaml deleted file mode 100644 index 18b9d72a..00000000 --- a/charts/agent-connector-azure-vault/values.yaml +++ /dev/null @@ -1,620 +0,0 @@ -# -# Copyright (c) 2023,2024 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - - ---- -# Default values for agent-connector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -install: - postgresql: true -fullnameOverride: "" -nameOverride: "" -# -- Image registry to use -imageRegistry: docker.io/ -# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] -# -- To add some custom labels -customLabels: {} - -participant: - # -- BPN Number - id: "" - -controlplane: - image: - # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # -- endpoints of the control plane - endpoints: - # -- default api for health checks, should not be added to any ingress - default: - # -- port for incoming api calls - port: 8080 - # -- path for incoming api calls - path: /api - # -- data management api, used by internal users, can be added to an ingress and must not be internet facing - management: - # -- port for incoming api calls - port: 8081 - # -- path for incoming api calls - path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header - authKey: "" - # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not - control: - # -- port for incoming api calls - port: 8083 - # -- path for incoming api calls - path: /control - # -- dsp api, used for inter connector communication and must be internet facing - protocol: - # -- port for incoming api calls - port: 8084 - # -- path for incoming api calls - path: /api/v1/dsp - # -- metrics api, used for application metrics, must not be internet facing - metrics: - # -- port for incoming api calls - port: 9090 - # -- path for incoming api calls - path: /metrics - - businessPartnerValidation: - log: - agreementValidation: true - - # SSI configuration - ssi: - miw: - # -- MIW URL - url: "" - # -- The BPN of the issuer authority - authorityId: "" - oauth: - # -- The URL (of KeyCloak), where access tokens can be obtained - tokenurl: "" - client: - # -- The client ID for KeyCloak - id: "" - # -- The alias under which the client secret is stored in the vault. - secretAlias: "" - - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - annotations: {} - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: { - EDC_JSONLD_HTTPS_ENABLED: "true" - } - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - protocol - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - ## Private / Intranet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.intranet" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - management - - control - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 512Mi - requests: - cpu: 500m - memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - org.eclipse.edc.level=ALL - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.ConsoleHandler.level=ALL - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - - url: - # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) - protocol: "" -dataplanes: - dataplane: - # -- the name of the dataplane - name: "agentplane" - # -- a comma-separated list of supported asset types - sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3" - # -- a comma-separated list of supported transfer types - destinationTypes: "HttpProxy,AmazonS3" - image: - # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - port: 80 - endpoints: - default: - port: 8080 - path: /api - public: - port: 8081 - path: /api/public - control: - port: 8083 - path: /api/dataplane/control - proxy: - port: 8186 - path: /proxy - callback: - port: 8087 - path: /callback - metrics: - port: 9090 - path: /metrics - # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries - auth: - # -- the default authentication service - default: - # -- the type of the default authentication service (api-key, jwt or composite) - type: api-key - # -- the context(s) of the default authentication service separated by commas - context: default - # -- excluded paths for liveness checks and validation - exclude: ".*/(check|validation).*" - # -- controls whether this service should be registered as the default EDC authentication service globally - register: false - # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. - apiCode: "69609650" - # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead - vaultKey: - # -- public key for checking the validity of jwt tokens, set this when type=jwt - publicKey: - # -- controls whether the expiry date of jwt tokens is checked when type=jwt - checkExpiry: true - aws: - endpointOverride: "" - accessKeyId: "" - secretAccessKey: "" - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-data.local" - # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} - annotations: - # Sample settings for more demanding use cases - # nginx.org/proxy-connect-timeout: "30s" - # nginx.org/proxy-read-timeout: "360s" - # nginx.org/client-max-body-size: "10m" - # -- EDC endpoints exposed by this ingress resource - endpoints: - - public - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 1024Mi - requests: - cpu: 500m - memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - org.eclipse.edc.level=ALL - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.ConsoleHandler.level=ALL - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - url: - # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) - public: "" - # -- A set of additional configuration files - configs: - # -- An example of an empty graph in ttl syntax - dataspace.ttl: | - ################################################################# - # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT - ################################################################# - @prefix : . - @base . - # -- Agent-Specific Settings - agent: - # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue - default: - - dataspace.ttl - - https://w3id.org/catenax/ontology.ttl - # -- The synchronization interval in ms to update the federated data catalogue - synchronization: -1 - # -- The list of remote connector IDS URLs to synchronize with - connectors: [] - # -- Names the visible contract under which new skills are published (if not otherwise specified) - skillcontract: Contract?partner=Skill - # -- Sets the maximal batch size when delegating to agents and services - maxbatchsize: '9223372036854775807' - # -- A set of configs for regulating outgoing service calls - services: - # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) - allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)' - # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) - deny: 'http://.*' - # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) - asset: - # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) - allow: '(edcs?://.*)' - # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) - deny: 'https?://.*' - -# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden -postgresql: - jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" - primary: - persistence: - enabled: false - readReplicas: - persistence: - enabled: false - auth: - database: "edc" - username: "user" - password: "password" -vault: - azure: - name: "" - client: "" - tenant: "" - secret: - certificate: - secretNames: - transferProxyTokenSignerPrivateKey: - transferProxyTokenSignerPublicKey: - transferProxyTokenEncryptionAesKey: - -backendService: - httpProxyTokenReceiverUrl: "" - -networkPolicy: - # -- If `true` network policy will be created to restrict access to control- and dataplane - enabled: false - # -- Configuration of the controlplane component - controlplane: - # -- Specify from rule network policy for cp (defaults to all namespaces) - from: - - namespaceSelector: {} - # -- Configuration of the dataplane component - dataplane: - # -- Specify from rule network policy for dp (defaults to all namespaces) - from: - - namespaceSelector: {} - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) - imagePullSecrets: [] - -# -- Configurations for Helm tests -tests: - # -- Configure the hook-delete-policy for Helm tests - hookDeletePolicy: before-hook-creation,hook-succeeded diff --git a/charts/agent-connector-memory/.helmignore b/charts/agent-connector-memory/.helmignore deleted file mode 100644 index 9a12504f..00000000 --- a/charts/agent-connector-memory/.helmignore +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# Doc Templates -README.md.gotmpl -# Accept only values.yaml -values?*.yaml -values?*.yml \ No newline at end of file diff --git a/charts/agent-connector-memory/LICENSE b/charts/agent-connector-memory/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/charts/agent-connector-memory/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/agent-connector-memory/README.md b/charts/agent-connector-memory/README.md deleted file mode 100644 index acf119b9..00000000 --- a/charts/agent-connector-memory/README.md +++ /dev/null @@ -1,372 +0,0 @@ - - -# agent-connector-memory - -![Version: 1.12.17-SNAPSHOT](https://img.shields.io/badge/Version-1.12.17--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.17-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.17--SNAPSHOT-informational?style=flat-square) - -A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector using In-Memory Persistence. This is a variant of [the Tractus-X In-Memory Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory) which allows -to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a -Control Plane and one or several Data Planes. Note that _no_ external dependencies such as HashiCorp Vault are included. - -This chart is intended for use with an _existing_ HashiCorp Vault. - -**Homepage:** - -## Setting up your BPNL and the Control Plane's Management API Key - -The secure API-Key that is shared between control and agent plane is configured in the following property: -- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls). - -You should set your BPNL in the folloing property: -- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding. - -## Setting up Hashicorp Vault - -You should set configure access to required secrets as follows: -- 'vault.hashicorp.url': URL of the vault API -- 'vault.hashicorp.token': A valid, generated access token. -- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1) - -### Setting up the transfer token encryption - -Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose -you should setup a private/public certificate as well as a symmetric AES key. - -- 'vault.secretNames.transferProxyTokenSignerPrivateKey': -- 'vault.secretNames.transferProxyTokenSignerPublicKey': -- 'vault.secretNames.transferProxyTokenEncryptionAesKey': - -## Setting up SSI - -### Preconditions - -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the - Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - -## Setting up the Agent Planes - -Make sure to adapt the Agent Plane's application-facing endpoint security: -- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) -- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key -- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault -- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found -- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) - -Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. -- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. -- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. -- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. -- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. - -Be sure to adapt the agent configuration -- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. -- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. -- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. -- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector --version 1.12.17-SNAPSHOT -``` - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Tractus-X Knowledge Agents Team | | | - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `""` | | -| controlplane.affinity | object | `{}` | | -| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | -| controlplane.debug.enabled | bool | `false` | | -| controlplane.debug.port | int | `1044` | | -| controlplane.debug.suspendOnStart | bool | `false` | | -| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | -| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | -| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | -| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | -| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | -| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | -| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | -| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | -| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | -| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | -| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | -| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | -| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | -| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| controlplane.env.EDC_JSONLD_HTTPS_ENABLED | string | `"true"` | | -| controlplane.envConfigMapNames | list | `[]` | | -| controlplane.envSecretNames | list | `[]` | | -| controlplane.envValueFrom | object | `{}` | | -| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | -| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.initContainers | list | `[]` | | -| controlplane.limits.cpu | float | `1.5` | | -| controlplane.limits.memory | string | `"512Mi"` | | -| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| controlplane.nodeSelector | object | `{}` | | -| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| controlplane.podAnnotations | object | `{}` | additional annotations for the pod | -| controlplane.podLabels | object | `{}` | additional labels for the pod | -| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds | -| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.replicaCount | int | `1` | | -| controlplane.requests.cpu | string | `"500m"` | | -| controlplane.requests.memory | string | `"128Mi"` | | -| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | | -| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority | -| controlplane.ssi.miw.url | string | `""` | MIW URL | -| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak | -| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. | -| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained | -| controlplane.tolerations | list | `[]` | | -| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | -| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| customLabels | object | `{}` | To add some custom labels | -| dataplanes.dataplane.affinity | object | `{}` | | -| dataplanes.dataplane.agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | -| dataplanes.dataplane.agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | -| dataplanes.dataplane.agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | -| dataplanes.dataplane.agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | -| dataplanes.dataplane.agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | -| dataplanes.dataplane.agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) | -| dataplanes.dataplane.agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) | -| dataplanes.dataplane.agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue | -| dataplanes.dataplane.auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries | -| dataplanes.dataplane.auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service | -| dataplanes.dataplane.auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. | -| dataplanes.dataplane.auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt | -| dataplanes.dataplane.auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas | -| dataplanes.dataplane.auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation | -| dataplanes.dataplane.auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt | -| dataplanes.dataplane.auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally | -| dataplanes.dataplane.auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) | -| dataplanes.dataplane.auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead | -| dataplanes.dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| dataplanes.dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| dataplanes.dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| dataplanes.dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| dataplanes.dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| dataplanes.dataplane.aws.accessKeyId | string | `""` | | -| dataplanes.dataplane.aws.endpointOverride | string | `""` | | -| dataplanes.dataplane.aws.secretAccessKey | string | `""` | | -| dataplanes.dataplane.configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | -| dataplanes.dataplane.configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | -| dataplanes.dataplane.debug.enabled | bool | `false` | | -| dataplanes.dataplane.debug.port | int | `1044` | | -| dataplanes.dataplane.debug.suspendOnStart | bool | `false` | | -| dataplanes.dataplane.destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | -| dataplanes.dataplane.endpoints.callback.path | string | `"/callback"` | | -| dataplanes.dataplane.endpoints.callback.port | int | `8087` | | -| dataplanes.dataplane.endpoints.control.path | string | `"/api/dataplane/control"` | | -| dataplanes.dataplane.endpoints.control.port | int | `8083` | | -| dataplanes.dataplane.endpoints.default.path | string | `"/api"` | | -| dataplanes.dataplane.endpoints.default.port | int | `8080` | | -| dataplanes.dataplane.endpoints.metrics.path | string | `"/metrics"` | | -| dataplanes.dataplane.endpoints.metrics.port | int | `9090` | | -| dataplanes.dataplane.endpoints.proxy.path | string | `"/proxy"` | | -| dataplanes.dataplane.endpoints.proxy.port | int | `8186` | | -| dataplanes.dataplane.endpoints.public.path | string | `"/api/public"` | | -| dataplanes.dataplane.endpoints.public.port | int | `8081` | | -| dataplanes.dataplane.env | object | `{}` | | -| dataplanes.dataplane.envConfigMapNames | list | `[]` | | -| dataplanes.dataplane.envSecretNames | list | `[]` | | -| dataplanes.dataplane.envValueFrom | object | `{}` | | -| dataplanes.dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| dataplanes.dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | -| dataplanes.dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| dataplanes.dataplane.ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} | -| dataplanes.dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| dataplanes.dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| dataplanes.dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| dataplanes.dataplane.ingresses[0].enabled | bool | `false` | | -| dataplanes.dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | -| dataplanes.dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| dataplanes.dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| dataplanes.dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| dataplanes.dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| dataplanes.dataplane.initContainers | list | `[]` | | -| dataplanes.dataplane.limits.cpu | float | `1.5` | | -| dataplanes.dataplane.limits.memory | string | `"1024Mi"` | | -| dataplanes.dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplanes.dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplanes.dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| dataplanes.dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplanes.dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplanes.dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplanes.dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| dataplanes.dataplane.name | string | `"agentplane"` | the name of the dataplane | -| dataplanes.dataplane.nodeSelector | object | `{}` | | -| dataplanes.dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| dataplanes.dataplane.podAnnotations | object | `{}` | additional annotations for the pod | -| dataplanes.dataplane.podLabels | object | `{}` | additional labels for the pod | -| dataplanes.dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| dataplanes.dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| dataplanes.dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| dataplanes.dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| dataplanes.dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| dataplanes.dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplanes.dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplanes.dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| dataplanes.dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplanes.dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplanes.dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplanes.dataplane.replicaCount | int | `1` | | -| dataplanes.dataplane.requests.cpu | string | `"500m"` | | -| dataplanes.dataplane.requests.memory | string | `"128Mi"` | | -| dataplanes.dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| dataplanes.dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| dataplanes.dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| dataplanes.dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| dataplanes.dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| dataplanes.dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| dataplanes.dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplanes.dataplane.service.port | int | `80` | | -| dataplanes.dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplanes.dataplane.sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | -| dataplanes.dataplane.tolerations | list | `[]` | | -| dataplanes.dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| dataplanes.dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| dataplanes.dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| fullnameOverride | string | `""` | | -| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| imageRegistry | string | `"docker.io/"` | Image registry to use | -| install.vault | bool | `false` | | -| nameOverride | string | `""` | | -| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | -| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | -| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component | -| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | -| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | -| participant.id | string | `""` | BPN Number | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | -| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | -| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | -| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api | -| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false | -| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false | -| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false | -| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/agent-connector-memory/README.md.gotmpl b/charts/agent-connector-memory/README.md.gotmpl deleted file mode 100644 index fcba6066..00000000 --- a/charts/agent-connector-memory/README.md.gotmpl +++ /dev/null @@ -1,120 +0,0 @@ - - -{{ template "chart.header" . }} - -{{ template "chart.deprecationWarning" . }} - -{{ template "chart.badgesSection" . }} - -{{ template "chart.description" . }} - -{{ template "chart.homepageLine" . }} - -## Setting up your BPNL and the Control Plane's Management API Key - -The secure API-Key that is shared between control and agent plane is configured in the following property: -- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls). - -You should set your BPNL in the folloing property: -- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding. - -## Setting up Hashicorp Vault - -You should set configure access to required secrets as follows: -- 'vault.hashicorp.url': URL of the vault API -- 'vault.hashicorp.token': A valid, generated access token. -- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1) - -### Setting up the transfer token encryption - -Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose -you should setup a private/public certificate as well as a symmetric AES key. - -- 'vault.secretNames.transferProxyTokenSignerPrivateKey': -- 'vault.secretNames.transferProxyTokenSignerPublicKey': -- 'vault.secretNames.transferProxyTokenEncryptionAesKey': - -## Setting up SSI - -### Preconditions - -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the - Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - -## Setting up the Agent Planes - -Make sure to adapt the Agent Plane's application-facing endpoint security: -- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) -- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key -- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault -- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found -- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) - -Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. -- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. -- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. -- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. -- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. - -Be sure to adapt the agent configuration -- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. -- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. -- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. -- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector --version {{ .Version }} -``` - -{{ template "chart.maintainersSection" . }} - -{{ template "chart.sourcesSection" . }} - -{{ template "chart.requirementsSection" . }} - -{{ template "chart.valuesSection" . }} - -{{ template "helm-docs.versionFooter" . }} diff --git a/charts/agent-connector-memory/ci/integration-values.yaml b/charts/agent-connector-memory/ci/integration-values.yaml deleted file mode 100644 index 37cc28cb..00000000 --- a/charts/agent-connector-memory/ci/integration-values.yaml +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - -install: - postgresql: true - -controlplane: - endpoints: - management: - authKey: "bla" - ssi: - miw: - url: "https://managed-identity-wallets.int" - authorityId: "BPNL0000000DUMMY" - oauth: - tokenurl: "https://keycloak/auth/realms/REALM/protocol/openid-connect/token" - client: - id: "serviceaccount" - secretAlias: "miw-secret" - -vault: - azure: - name: "AZURE_NAME" - tenant: "AZURE_TENANT" - client: "AZURE_CLIENT" - secret: "AZURE_SECRET" - hashicorp: - url: "https://vault.demo" - token: "VAULT_TOKEN" - paths: - secret: "/v1/secrets" - secretNames: - transferProxyTokenSignerPrivateKey: "key" - transferProxyTokenSignerPublicKey: "cert" - transferProxyTokenEncryptionAesKey: "symmetric-key" -participant: - id: "BPNL0000000DUMMY" diff --git a/charts/agent-connector-memory/templates/configmap-controlplane.yaml b/charts/agent-connector-memory/templates/configmap-controlplane.yaml deleted file mode 100644 index d69e0de8..00000000 --- a/charts/agent-connector-memory/templates/configmap-controlplane.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.controlplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- .Values.controlplane.logging | nindent 4 }} diff --git a/charts/agent-connector-memory/templates/configmap-dataplane.yaml b/charts/agent-connector-memory/templates/configmap-dataplane.yaml deleted file mode 100644 index b5dda6ea..00000000 --- a/charts/agent-connector-memory/templates/configmap-dataplane.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -data: - opentelemetry.properties: |- - {{- $dataplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- $dataplane.logging | nindent 4 }} - - {{- range $config_name, $config_value := $dataplane.configs }} - {{ $config_name }}: |- - {{ $config_value | nindent 4 }} - {{- end }} - -{{- end }} diff --git a/charts/agent-connector-memory/templates/deployment-controlplane.yaml b/charts/agent-connector-memory/templates/deployment-controlplane.yaml deleted file mode 100644 index f379c8ec..00000000 --- a/charts/agent-connector-memory/templates/deployment-controlplane.yaml +++ /dev/null @@ -1,302 +0,0 @@ ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.controlplane.autoscaling.enabled }} - replicas: {{ .Values.controlplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.controlplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }} - {{- with .Values.controlplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }} - initContainers: - {{- toYaml .Values.controlplane.initContainers | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.controlplane.securityContext | nindent 12 }} - - # either use the specified image, or use the default one - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default "0.5.1" }}" - {{- else }} - image: "tractusx/edc-controlplane-memory-hashicorp-vault:{{ .Values.controlplane.image.tag | default "0.5.1" }}" - {{- end }} - imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }} - ports: - {{- range $key,$value := .Values.controlplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.controlplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.controlplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.controlplane.resources | nindent 12 }} - env: - {{- if .Values.controlplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if .Values.controlplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }} - {{- end }} - {{- end }} - - ######################## - ## ID CONFIGURATION ## - ######################## - - name: EDC_PARTICIPANT_ID - value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - - ########################## - # SSI / MIW CONFIGURATION - ########################## - - name: "TX_SSI_MIW_URL" - value: {{ .Values.controlplane.ssi.miw.url | quote }} - - name: "TX_SSI_MIW_AUTHORITY_ID" - value: {{ .Values.controlplane.ssi.miw.authorityId | quote }} - - name: "TX_SSI_OAUTH_TOKEN_URL" - value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }} - - name: "TX_SSI_OAUTH_CLIENT_ID" - value: {{ .Values.controlplane.ssi.oauth.client.id | quote }} - - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS" - value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }} - - name: "TX_SSI_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - ####### - # API # - ####### - - name: "EDC_API_AUTH_KEY" - value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }} - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.controlplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.controlplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_MANAGEMENT_PORT" - value: {{ .Values.controlplane.endpoints.management.port | quote }} - - name: "WEB_HTTP_MANAGEMENT_PATH" - value: {{ .Values.controlplane.endpoints.management.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.controlplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.controlplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PROTOCOL_PORT" - value: {{ .Values.controlplane.endpoints.protocol.port | quote }} - - name: "WEB_HTTP_PROTOCOL_PATH" - value: {{ .Values.controlplane.endpoints.protocol.path | quote }} - - ######### - ## DSP ## - ######### - - - name: "EDC_DSP_CALLBACK_ADDRESS" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - name: "EDC_OAUTH_PROVIDER_AUDIENCE" - value: "idsc:IDS_CONNECTORS_ALL" - - name: "EDC_OAUTH_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }} - - ################ - ## DATA PLANE ## - ################ - - {{- range $dataplane_name, $dataplane := .Values.dataplanes }} - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_URL" (upper $dataplane.name) | quote }} - value: {{ include "txdc.dataplane.url.control" (dict "dataplane" $dataplane "root" $) }}/transfer - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_SOURCETYPES" (upper $dataplane.name) | quote }} - value: {{ $dataplane.sourceTypes }} - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_DESTINATIONTYPES" (upper $dataplane.name) | quote }} - value: {{ $dataplane.destinationTypes }} - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_PROPERTIES" (upper $dataplane.name) | quote }} - value: |- - {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" (dict "dataplane" $dataplane "root" $)) }} - {{- end }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" (dict "dataplane" .Values.dataplanes.dataplane "root" $) }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - {{- end }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - {{- end }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver - {{- if .Values.backendService.httpProxyTokenReceiverUrl }} - - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | quote }} - {{- end }} - - ########### - ## VAULT ## - ########### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault - - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl .Values.vault.hashicorp.url . | quote }} - - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ .Values.vault.hashicorp.timeout | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }} - - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ .Values.vault.hashicorp.paths.secret | quote }} - - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ .Values.vault.hashicorp.paths.health | quote }} - - ##################### - ## DATA ENCRYPTION ## - ##################### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/data-encryption - - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }} - - name: "EDC_DATA_ENCRYPTION_ALGORITHM" - value: "AES" - - ########################### - ## AAS WRAPPER EXTENSION ## - ########################### - - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER" - value: "0" - - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT" - value: "0" - - ########################### - ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## - ########################### - - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION" - value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }} - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" .}}-controlplane - {{- range $key, $value := .Values.controlplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.controlplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.controlplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.controlplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - - name: "tmp" - mountPath: "/tmp" - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-controlplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - - name: "tmp" - emptyDir: { } - {{- with .Values.controlplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/agent-connector-memory/templates/hpa-controlplane.yaml b/charts/agent-connector-memory/templates/hpa-controlplane.yaml deleted file mode 100644 index 50c1dbb5..00000000 --- a/charts/agent-connector-memory/templates/hpa-controlplane.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.controlplane.autoscaling.enabled }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-controlplane - minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/agent-connector-memory/templates/hpa-dataplane.yaml b/charts/agent-connector-memory/templates/hpa-dataplane.yaml deleted file mode 100644 index d9c0f6c2..00000000 --- a/charts/agent-connector-memory/templates/hpa-dataplane.yaml +++ /dev/null @@ -1,53 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} -{{- if $dataplane.autoscaling.enabled }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - minReplicas: {{ $dataplane.autoscaling.minReplicas }} - maxReplicas: {{ $dataplane.autoscaling.maxReplicas }} - metrics: - {{- if $dataplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ $dataplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if $dataplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector-memory/templates/ingress-controlplane.yaml b/charts/agent-connector-memory/templates/ingress-controlplane.yaml deleted file mode 100644 index 47806a8d..00000000 --- a/charts/agent-connector-memory/templates/ingress-controlplane.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- $fullName := include "txdc.fullname" . }} -{{- $controlLabels := include "txdc.controlplane.labels" . }} -{{- $controlEdcEndpoints := .Values.controlplane.endpoints }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.controlplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }} -{{- $annotations := .annotations | default dict }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $controlIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $controlLabels | nindent 4 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }} - {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $controlIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $controlEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-controlplane - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/agent-connector-memory/templates/ingress-dataplane.yaml b/charts/agent-connector-memory/templates/ingress-dataplane.yaml deleted file mode 100644 index 7d03fbff..00000000 --- a/charts/agent-connector-memory/templates/ingress-dataplane.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- $fullName := include "txdc.fullname" . }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} -{{- $dataEdcEndpoints := $dataplane.endpoints }} -{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} - -{{- range $dataplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }} -{{- $annotations := .annotations | default dict }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $dataIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $dataLabels | nindent 2 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }} - {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $dataIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $dataEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-{{ $dataplane.name }} - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} -{{- end }}{{- /* end: range .Values.dataplanes */}} diff --git a/charts/agent-connector-memory/templates/networkpolicy.yaml b/charts/agent-connector-memory/templates/networkpolicy.yaml deleted file mode 100644 index 05b59029..00000000 --- a/charts/agent-connector-memory/templates/networkpolicy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} -{{- range tuple "controlplane" "dataplane" }} -{{- $name := . }} ---- -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "txdc.fullname" $ }}-{{ $name }} - labels: - {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }} - ingress: - - from: - {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }} - ports: - {{- range $key,$value := (index $.Values $name "endpoints") }} - - port: {{ $value.port }} - protocol: TCP - {{- end }} - policyTypes: - - Ingress ---- -{{- end }} -{{- end }} diff --git a/charts/agent-connector-memory/templates/service-controlplane.yaml b/charts/agent-connector-memory/templates/service-controlplane.yaml deleted file mode 100644 index e993b46d..00000000 --- a/charts/agent-connector-memory/templates/service-controlplane.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - type: {{ .Values.controlplane.service.type }} - ports: - - port: {{ .Values.controlplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.controlplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.controlplane.endpoints.management.port }} - targetPort: management - protocol: TCP - name: management - - port: {{ .Values.controlplane.endpoints.protocol.port }} - targetPort: protocol - protocol: TCP - name: protocol - - port: {{ .Values.controlplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: - {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }} diff --git a/charts/agent-connector-memory/templates/service-dataplane.yaml b/charts/agent-connector-memory/templates/service-dataplane.yaml deleted file mode 100644 index 71619f89..00000000 --- a/charts/agent-connector-memory/templates/service-dataplane.yaml +++ /dev/null @@ -1,64 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -spec: - type: {{ $dataplane.service.type }} - ports: - - port: {{ $dataplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ $dataplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ $dataplane.endpoints.public.port }} - targetPort: public - protocol: TCP - name: public - - port: {{ $dataplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - - port: {{ $dataplane.endpoints.proxy.port }} - targetPort: proxy - protocol: TCP - name: proxy - {{- if $dataplane.endpoints.callback }} - - port: {{ $dataplane.endpoints.callback.port }} - targetPort: callback - protocol: TCP - name: callback - {{- end }} - selector: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -{{- end }} \ No newline at end of file diff --git a/charts/agent-connector-memory/templates/serviceaccount.yaml b/charts/agent-connector-memory/templates/serviceaccount.yaml deleted file mode 100644 index f94ad14e..00000000 --- a/charts/agent-connector-memory/templates/serviceaccount.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.serviceAccount.create -}} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "txdc.serviceAccountName" . }} - labels: - {{- include "txdc.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.serviceAccount.imagePullSecrets }} -imagePullSecrets: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml b/charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml deleted file mode 100644 index efd6f3b1..00000000 --- a/charts/agent-connector-memory/templates/tests/test-controlplane-readiness.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-controlplane-readiness" - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ 'curl' ] - args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] - restartPolicy: Never diff --git a/charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml b/charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml deleted file mode 100644 index 2147c743..00000000 --- a/charts/agent-connector-memory/templates/tests/test-dataplane-readiness.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- $root := . -}} -{{- $allcommands := (dict "commands" (list)) -}} -{{- range $dataplane_name, $dataplane := .Values.dataplanes -}} -{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | append $allcommands.commands | set $allcommands "commands" -}} -{{- end }} - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-dataplane-readiness" - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" .Values.dataplanes.dataplane "root" $root) | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ '/bin/sh','-c' ] - args: [ {{ join "&&" $allcommands.commands | quote }} ] - restartPolicy: Never diff --git a/charts/agent-connector-memory/values.yaml b/charts/agent-connector-memory/values.yaml deleted file mode 100644 index 091eb427..00000000 --- a/charts/agent-connector-memory/values.yaml +++ /dev/null @@ -1,622 +0,0 @@ -# -# Copyright (c) 2023,2024 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -# Default values for agent-connector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -install: - vault: false -fullnameOverride: "" -nameOverride: "" -# -- Image registry to use -imageRegistry: docker.io/ -# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] -# -- To add some custom labels -customLabels: {} - -participant: - # -- BPN Number - id: "" - -controlplane: - image: - # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # -- endpoints of the control plane - endpoints: - # -- default api for health checks, should not be added to any ingress - default: - # -- port for incoming api calls - port: 8080 - # -- path for incoming api calls - path: /api - # -- data management api, used by internal users, can be added to an ingress and must not be internet facing - management: - # -- port for incoming api calls - port: 8081 - # -- path for incoming api calls - path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header - authKey: "" - # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not - control: - # -- port for incoming api calls - port: 8083 - # -- path for incoming api calls - path: /control - # -- dsp api, used for inter connector communication and must be internet facing - protocol: - # -- port for incoming api calls - port: 8084 - # -- path for incoming api calls - path: /api/v1/dsp - # -- metrics api, used for application metrics, must not be internet facing - metrics: - # -- port for incoming api calls - port: 9090 - # -- path for incoming api calls - path: /metrics - - businessPartnerValidation: - log: - agreementValidation: true - - # SSI configuration - ssi: - miw: - # -- MIW URL - url: "" - # -- The BPN of the issuer authority - authorityId: "" - oauth: - # -- The URL (of KeyCloak), where access tokens can be obtained - tokenurl: "" - client: - # -- The client ID for KeyCloak - id: "" - # -- The alias under which the client secret is stored in the vault. - secretAlias: "" - - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - annotations: {} - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: { - EDC_JSONLD_HTTPS_ENABLED: "true" - } # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - protocol - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - ## Private / Intranet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.intranet" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - management - - control - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 512Mi - requests: - cpu: 500m - memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - org.eclipse.edc.level=ALL - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.ConsoleHandler.level=ALL - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - url: - # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) - protocol: "" -dataplanes: - dataplane: - # -- the name of the dataplane - name: "agentplane" - # -- a comma-separated list of supported asset types - sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3" - # -- a comma-separated list of supported transfer types - destinationTypes: "HttpProxy,AmazonS3" - image: - # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - port: 80 - endpoints: - default: - port: 8080 - path: /api - public: - port: 8081 - path: /api/public - control: - port: 8083 - path: /api/dataplane/control - proxy: - port: 8186 - path: /proxy - callback: - port: 8087 - path: /callback - metrics: - port: 9090 - path: /metrics - # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries - auth: - # -- the default authentication service - default: - # -- the type of the default authentication service (api-key, jwt or composite) - type: api-key - # -- the context(s) of the default authentication service separated by commas - context: default - # -- excluded paths for liveness checks and validation - exclude: ".*/(check|validation).*" - # -- controls whether this service should be registered as the default EDC authentication service globally - register: false - # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. - apiCode: "69609650" - # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead - vaultKey: - # -- public key for checking the validity of jwt tokens, set this when type=jwt - publicKey: - # -- controls whether the expiry date of jwt tokens is checked when type=jwt - checkExpiry: true - aws: - endpointOverride: "" - accessKeyId: "" - secretAccessKey: "" - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-data.local" - # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} - annotations: - # Sample settings for more demanding use cases - # nginx.org/proxy-connect-timeout: "30s" - # nginx.org/proxy-read-timeout: "360s" - # nginx.org/client-max-body-size: "10m" - # -- EDC endpoints exposed by this ingress resource - endpoints: - - public - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - limits: - cpu: 1.5 - memory: 1024Mi - requests: - cpu: 500m - memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - org.eclipse.edc.level=ALL - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.ConsoleHandler.level=ALL - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - url: - # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) - public: "" - # -- A set of additional configuration files - configs: - # -- An example of an empty graph in ttl syntax - dataspace.ttl: | - ################################################################# - # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT - ################################################################# - @prefix : . - @base . - # -- Agent-Specific Settings - agent: - # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue - default: - - dataspace.ttl - - https://w3id.org/catenax/ontology.ttl - # -- The synchronization interval in ms to update the federated data catalogue - synchronization: -1 - # -- The list of remote connector IDS URLs to synchronize with - connectors: [] - # -- Names the visible contract under which new skills are published (if not otherwise specified) - skillcontract: Contract?partner=Skill - # -- Sets the maximal batch size when delegating to agents and services - maxbatchsize: '9223372036854775807' - # -- A set of configs for regulating outgoing service calls - services: - # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) - allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)' - # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) - deny: 'http://.*' - # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) - asset: - # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) - allow: '(edcs?://.*)' - # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) - deny: 'https?://.*' - -# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden -vault: - injector: - enabled: false - server: - dev: - enabled: true - devRootToken: "root" - postStart: # must be set externally! - hashicorp: - # -- URL to the vault service, needs to be changed if install.vault=false - url: "http://{{ .Release.Name }}-vault:8200" - # -- Access token to the vault service needs to be changed if install.vault=false - token: "" - timeout: 30 - healthCheck: - enabled: true - standbyOk: true - paths: - # -- Path to secrets needs to be changed if install.vault=false - secret: /v1/secret - # -- Default health api - health: /v1/sys/health - secretNames: - # -- sign handed out tokens with this key - transferProxyTokenSignerPrivateKey: - # -- sign handed out tokens with this certificate - transferProxyTokenSignerPublicKey: - # -- encrypt handed out tokens with this symmetric key - transferProxyTokenEncryptionAesKey: -backendService: - httpProxyTokenReceiverUrl: "" - -networkPolicy: - # -- If `true` network policy will be created to restrict access to control- and dataplane - enabled: false - # -- Configuration of the controlplane component - controlplane: - # -- Specify from rule network policy for cp (defaults to all namespaces) - from: - - namespaceSelector: {} - # -- Configuration of the dataplane component - dataplane: - # -- Specify from rule network policy for dp (defaults to all namespaces) - from: - - namespaceSelector: {} - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) - imagePullSecrets: [] - -# -- Configurations for Helm tests -tests: - # -- Configure the hook-delete-policy for Helm tests - hookDeletePolicy: before-hook-creation,hook-succeeded diff --git a/charts/agent-connector/.helmignore b/charts/agent-connector/.helmignore deleted file mode 100644 index 9a12504f..00000000 --- a/charts/agent-connector/.helmignore +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 - -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ -# Doc Templates -README.md.gotmpl -# Accept only values.yaml -values?*.yaml -values?*.yml \ No newline at end of file diff --git a/charts/agent-connector/Chart.yaml b/charts/agent-connector/Chart.yaml deleted file mode 100644 index 3050ae37..00000000 --- a/charts/agent-connector/Chart.yaml +++ /dev/null @@ -1,67 +0,0 @@ ---- -# -# Copyright (c) 2023,2024 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v2 -name: agent-connector -description: | - A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector. This is a variant of [the Tractus-X Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector) which allows - to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a - Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and HashiCorp Vault are included. - - This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ HashiCorp Vault. -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.17-SNAPSHOT -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.12.17-SNAPSHOT" -home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ -sources: - - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector -dependencies: - # HashiCorp Vault - - name: vault - alias: vault - version: 0.20.0 - repository: https://helm.releases.hashicorp.com - condition: install.vault - # PostgreSQL - - name: postgresql - alias: postgresql - version: 12.1.6 - repository: https://charts.bitnami.com/bitnami - condition: install.postgresql -maintainers: - - name: 'Tractus-X Knowledge Agents Team' diff --git a/charts/agent-connector/LICENSE b/charts/agent-connector/LICENSE deleted file mode 100644 index d6456956..00000000 --- a/charts/agent-connector/LICENSE +++ /dev/null @@ -1,202 +0,0 @@ - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/charts/agent-connector/README.md b/charts/agent-connector/README.md deleted file mode 100644 index 25453b8b..00000000 --- a/charts/agent-connector/README.md +++ /dev/null @@ -1,381 +0,0 @@ - - -# agent-connector - -![Version: 1.12.17-SNAPSHOT](https://img.shields.io/badge/Version-1.12.17--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.17-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.17--SNAPSHOT-informational?style=flat-square) - -A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector. This is a variant of [the Tractus-X Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector) which allows -to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a -Control Plane and one or several Data Planes. Note that _no_ external dependencies such as a PostgreSQL database and HashiCorp Vault are included. - -This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ HashiCorp Vault. - -**Homepage:** - -## Setting up your BPNL and the Control Plane's Management API Key - -The secure API-Key that is shared between control and agent plane is configured in the following property: -- 'controlplane.endpoints.management.authKey': Cleartext API Key as used to secure the control planes management api (and is used by the agent plane to synchronize assets and negotiate calls). - -You should set your BPNL in the folloing property: -- 'participant.id': 'BPNL' followed by 12 alphanumerical characters as handed out to you during onboarding. - -## Setting up Hashicorp Vault - -You should set configure access to required secrets as follows: -- 'vault.hashicorp.url': URL of the vault API -- 'vault.hashicorp.token': A valid, generated access token. -- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1) - -### Setting up the transfer token encryption - -Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose -you should setup a private/public certificate as well as a symmetric AES key. - -- 'vault.secretNames.transferProxyTokenSignerPrivateKey': -- 'vault.secretNames.transferProxyTokenSignerPublicKey': -- 'vault.secretNames.transferProxyTokenEncryptionAesKey': - -## Setting up SSI - -### Preconditions - -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the - Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens -- the client ID and client secret corresponding to that account must be known - -### Preparatory work - -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. - -### Configure the chart - -Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - -## Setting up the Agent Planes - -Make sure to adapt the Agent Plane's application-facing endpoint security: -- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) -- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key -- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault -- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found -- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) - -Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. -- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. -- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. -- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. -- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. - -Be sure to adapt the agent configuration -- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. -- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. -- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. -- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. - -### Launching the application - -As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) -to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. -Combined, run this shell command to start the in-memory Tractus-X EDC runtime: - -```shell -helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-connector --version 1.12.17-SNAPSHOT -``` - -## Maintainers - -| Name | Email | Url | -| ---- | ------ | --- | -| Tractus-X Knowledge Agents Team | | | - -## Source Code - -* - -## Requirements - -| Repository | Name | Version | -|------------|------|---------| -| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.1.6 | -| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | - -## Values - -| Key | Type | Default | Description | -|-----|------|---------|-------------| -| backendService.httpProxyTokenReceiverUrl | string | `""` | | -| controlplane.affinity | object | `{}` | | -| controlplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| controlplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| controlplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| controlplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| controlplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| controlplane.businessPartnerValidation.log.agreementValidation | bool | `true` | | -| controlplane.debug.enabled | bool | `false` | | -| controlplane.debug.port | int | `1044` | | -| controlplane.debug.suspendOnStart | bool | `false` | | -| controlplane.endpoints | object | `{"control":{"path":"/control","port":8083},"default":{"path":"/api","port":8080},"management":{"authKey":"","path":"/management","port":8081},"metrics":{"path":"/metrics","port":9090},"protocol":{"path":"/api/v1/dsp","port":8084}}` | endpoints of the control plane | -| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | -| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | -| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | -| controlplane.endpoints.default.path | string | `"/api"` | path for incoming api calls | -| controlplane.endpoints.default.port | int | `8080` | port for incoming api calls | -| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | -| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | -| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | -| controlplane.endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | -| controlplane.endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | -| controlplane.endpoints.metrics.port | int | `9090` | port for incoming api calls | -| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | -| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | -| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| controlplane.env.EDC_JSONLD_HTTPS_ENABLED | string | `"true"` | | -| controlplane.envConfigMapNames | list | `[]` | | -| controlplane.envSecretNames | list | `[]` | | -| controlplane.envValueFrom | object | `{}` | | -| controlplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| controlplane.image.repository | string | `""` | Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically | -| controlplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.initContainers | list | `[]` | | -| controlplane.limits.cpu | float | `1.5` | | -| controlplane.limits.memory | string | `"512Mi"` | | -| controlplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| controlplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| controlplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| controlplane.nodeSelector | object | `{}` | | -| controlplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| controlplane.podAnnotations | object | `{}` | additional annotations for the pod | -| controlplane.podLabels | object | `{}` | additional labels for the pod | -| controlplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| controlplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| controlplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| controlplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| controlplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| controlplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| controlplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| controlplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| controlplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a readiness check every 10 seconds | -| controlplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| controlplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| controlplane.replicaCount | int | `1` | | -| controlplane.requests.cpu | string | `"500m"` | | -| controlplane.requests.memory | string | `"128Mi"` | | -| controlplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| controlplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| controlplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| controlplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| controlplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| controlplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| controlplane.service.annotations | object | `{}` | | -| controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority | -| controlplane.ssi.miw.url | string | `""` | MIW URL | -| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak | -| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. | -| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained | -| controlplane.tolerations | list | `[]` | | -| controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) | -| controlplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| customLabels | object | `{}` | To add some custom labels | -| dataplanes.dataplane.affinity | object | `{}` | | -| dataplanes.dataplane.agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | -| dataplanes.dataplane.agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | -| dataplanes.dataplane.agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | -| dataplanes.dataplane.agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | -| dataplanes.dataplane.agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | -| dataplanes.dataplane.agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) | -| dataplanes.dataplane.agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | -| dataplanes.dataplane.agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) | -| dataplanes.dataplane.agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue | -| dataplanes.dataplane.auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries | -| dataplanes.dataplane.auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service | -| dataplanes.dataplane.auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. | -| dataplanes.dataplane.auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt | -| dataplanes.dataplane.auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas | -| dataplanes.dataplane.auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation | -| dataplanes.dataplane.auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt | -| dataplanes.dataplane.auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally | -| dataplanes.dataplane.auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) | -| dataplanes.dataplane.auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead | -| dataplanes.dataplane.autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | -| dataplanes.dataplane.autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | -| dataplanes.dataplane.autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | -| dataplanes.dataplane.autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | -| dataplanes.dataplane.autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | -| dataplanes.dataplane.aws.accessKeyId | string | `""` | | -| dataplanes.dataplane.aws.endpointOverride | string | `""` | | -| dataplanes.dataplane.aws.secretAccessKey | string | `""` | | -| dataplanes.dataplane.configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | -| dataplanes.dataplane.configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | -| dataplanes.dataplane.debug.enabled | bool | `false` | | -| dataplanes.dataplane.debug.port | int | `1044` | | -| dataplanes.dataplane.debug.suspendOnStart | bool | `false` | | -| dataplanes.dataplane.destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | -| dataplanes.dataplane.endpoints.callback.path | string | `"/callback"` | | -| dataplanes.dataplane.endpoints.callback.port | int | `8087` | | -| dataplanes.dataplane.endpoints.control.path | string | `"/api/dataplane/control"` | | -| dataplanes.dataplane.endpoints.control.port | int | `8083` | | -| dataplanes.dataplane.endpoints.default.path | string | `"/api"` | | -| dataplanes.dataplane.endpoints.default.port | int | `8080` | | -| dataplanes.dataplane.endpoints.metrics.path | string | `"/metrics"` | | -| dataplanes.dataplane.endpoints.metrics.port | int | `9090` | | -| dataplanes.dataplane.endpoints.proxy.path | string | `"/proxy"` | | -| dataplanes.dataplane.endpoints.proxy.port | int | `8186` | | -| dataplanes.dataplane.endpoints.public.path | string | `"/api/public"` | | -| dataplanes.dataplane.endpoints.public.port | int | `8081` | | -| dataplanes.dataplane.env | object | `{}` | | -| dataplanes.dataplane.envConfigMapNames | list | `[]` | | -| dataplanes.dataplane.envSecretNames | list | `[]` | | -| dataplanes.dataplane.envValueFrom | object | `{}` | | -| dataplanes.dataplane.image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | -| dataplanes.dataplane.image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | -| dataplanes.dataplane.image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | -| dataplanes.dataplane.ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} | -| dataplanes.dataplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| dataplanes.dataplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| dataplanes.dataplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| dataplanes.dataplane.ingresses[0].enabled | bool | `false` | | -| dataplanes.dataplane.ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | -| dataplanes.dataplane.ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| dataplanes.dataplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| dataplanes.dataplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| dataplanes.dataplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| dataplanes.dataplane.initContainers | list | `[]` | | -| dataplanes.dataplane.limits.cpu | float | `1.5` | | -| dataplanes.dataplane.limits.memory | string | `"1024Mi"` | | -| dataplanes.dataplane.livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplanes.dataplane.livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplanes.dataplane.livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | -| dataplanes.dataplane.livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplanes.dataplane.livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplanes.dataplane.livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplanes.dataplane.logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | -| dataplanes.dataplane.name | string | `"agentplane"` | the name of the dataplane | -| dataplanes.dataplane.nodeSelector | object | `{}` | | -| dataplanes.dataplane.opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | -| dataplanes.dataplane.podAnnotations | object | `{}` | additional annotations for the pod | -| dataplanes.dataplane.podLabels | object | `{}` | additional labels for the pod | -| dataplanes.dataplane.podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | -| dataplanes.dataplane.podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | -| dataplanes.dataplane.podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | -| dataplanes.dataplane.podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | -| dataplanes.dataplane.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| dataplanes.dataplane.readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | -| dataplanes.dataplane.readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | -| dataplanes.dataplane.readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | -| dataplanes.dataplane.readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | -| dataplanes.dataplane.readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | -| dataplanes.dataplane.readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | -| dataplanes.dataplane.replicaCount | int | `1` | | -| dataplanes.dataplane.requests.cpu | string | `"500m"` | | -| dataplanes.dataplane.requests.memory | string | `"128Mi"` | | -| dataplanes.dataplane.resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | -| dataplanes.dataplane.securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | -| dataplanes.dataplane.securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | -| dataplanes.dataplane.securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | -| dataplanes.dataplane.securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | -| dataplanes.dataplane.securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | -| dataplanes.dataplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | -| dataplanes.dataplane.service.port | int | `80` | | -| dataplanes.dataplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| dataplanes.dataplane.sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | -| dataplanes.dataplane.tolerations | list | `[]` | | -| dataplanes.dataplane.url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| dataplanes.dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | -| dataplanes.dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | -| fullnameOverride | string | `""` | | -| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| imageRegistry | string | `"docker.io/"` | Image registry to use | -| install.postgresql | bool | `false` | | -| install.vault | bool | `false` | | -| nameOverride | string | `""` | | -| networkPolicy.controlplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the controlplane component | -| networkPolicy.controlplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for cp (defaults to all namespaces) | -| networkPolicy.dataplane | object | `{"from":[{"namespaceSelector":{}}]}` | Configuration of the dataplane component | -| networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | -| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | -| participant.id | string | `""` | BPN Number | -| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | -| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | -| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | -| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| vault.hashicorp.healthCheck.enabled | bool | `true` | | -| vault.hashicorp.healthCheck.standbyOk | bool | `true` | | -| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api | -| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false | -| vault.hashicorp.timeout | int | `30` | | -| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false | -| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false | -| vault.injector.enabled | bool | `false` | | -| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | -| vault.server.dev.devRootToken | string | `"root"` | | -| vault.server.dev.enabled | bool | `true` | | -| vault.server.postStart | string | `nil` | | - ----------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/agent-connector/templates/NOTES.txt b/charts/agent-connector/templates/NOTES.txt deleted file mode 100644 index 02f84e82..00000000 --- a/charts/agent-connector/templates/NOTES.txt +++ /dev/null @@ -1,64 +0,0 @@ -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0. -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 - - 1. Get the control plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.controlplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }} -{{- else if contains "ClusterIP" $.Values.controlplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} - -2. Get the data plane URL(s) by running these commands: -{{- range $dataplane_name, $dataplane := .Values.repositories }} -{{ with index $dataplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $dataplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }}) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $dataplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $dataplane.service.port }} -{{- else if contains "ClusterIP" $dataplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector/templates/_helpers.tpl b/charts/agent-connector/templates/_helpers.tpl deleted file mode 100644 index 8e0a20ae..00000000 --- a/charts/agent-connector/templates/_helpers.tpl +++ /dev/null @@ -1,199 +0,0 @@ -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{/* -Expand the name of the chart. -*/}} -{{- define "txdc.name" -}} -{{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "txdc.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "txdc.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Control Common labels -*/}} -{{- define "txdc.controlplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.controlplane.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-controlplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" .root }} -{{ include "txdc.dataplane.selectorLabels" . }} -{{- if .root.Chart.AppVersion }} -app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .root.Release.Service }} -app.kubernetes.io/component: edc-dataplane -app.kubernetes.io/part-of: edc -{{- end }} - -{{/* -Control Selector labels -*/}} -{{- define "txdc.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane -app.kubernetes.io/instance: {{ .Release.Name }}-controlplane -{{- end }} - -{{/* -Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }} -app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.controlplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.dataplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - -{{/* -Control DSP URL -*/}} -{{- define "txdc.controlplane.url.protocol" -}} -{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} -{{- .Values.controlplane.url.protocol }} -{{- else }}{{/* else when dsp api url has not been specified explicitly */}} -{{- with (index .Values.controlplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s" .hostname -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s" .hostname -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.controlplane.url.protocol */}} -{{- end }} - -{{/* -Validation URL -*/}} -{{- define "txdc.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}} -{{- end }} - -{{/* -Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) -*/}} -{{- define "txdc.dataplane.url.public" -}} -{{- $dataplane := .dataplane -}} -{{- $root := .root -}} -{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- .dataplane.url.public }} -{{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index .dataplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} -{{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} -{{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}} -{{- end }}{{/* end if tls */}} -{{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}} -{{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .url.public */}} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "txdc.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector/templates/configmap-controlplane.yaml b/charts/agent-connector/templates/configmap-controlplane.yaml deleted file mode 100644 index d69e0de8..00000000 --- a/charts/agent-connector/templates/configmap-controlplane.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -data: - opentelemetry.properties: |- - {{- .Values.controlplane.opentelemetry | nindent 4 }} - - logging.properties: |- - {{- .Values.controlplane.logging | nindent 4 }} diff --git a/charts/agent-connector/templates/deployment-controlplane.yaml b/charts/agent-connector/templates/deployment-controlplane.yaml deleted file mode 100644 index 45d94c86..00000000 --- a/charts/agent-connector/templates/deployment-controlplane.yaml +++ /dev/null @@ -1,366 +0,0 @@ ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - {{- if not .Values.controlplane.autoscaling.enabled }} - replicas: {{ .Values.controlplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.controlplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.controlplane.selectorLabels" . | nindent 8 }} - {{- with .Values.controlplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.controlplane.podSecurityContext | nindent 8 }} - initContainers: - {{- toYaml .Values.controlplane.initContainers | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.controlplane.securityContext | nindent 12 }} - - # either use the specified image, or use the default one - {{- if .Values.controlplane.image.repository }} - image: "{{ .Values.controlplane.image.repository }}:{{ .Values.controlplane.image.tag | default "0.5.1" }}" - {{- else }} - image: "tractusx/edc-controlplane-postgresql-hashicorp-vault:{{ .Values.controlplane.image.tag | default "0.5.1" }}" - {{- end }} - imagePullPolicy: {{ .Values.controlplane.image.pullPolicy }} - ports: - {{- range $key,$value := .Values.controlplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if .Values.controlplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/liveness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.livenessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.livenessProbe.successThreshold }} - {{- end }} - {{- if .Values.controlplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.controlplane.endpoints.default.path }}/check/readiness - port: {{ .Values.controlplane.endpoints.default.port }} - initialDelaySeconds: {{ .Values.controlplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.controlplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ .Values.controlplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ .Values.controlplane.readinessProbe.failureThreshold }} - successThreshold: {{ .Values.controlplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml .Values.controlplane.resources | nindent 12 }} - env: - {{- if .Values.controlplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if .Values.controlplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" .Values.controlplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" .Values.controlplane.debug.port }} - {{- end }} - {{- end }} - - ######################## - ## ID CONFIGURATION ## - ######################## - - name: EDC_PARTICIPANT_ID - value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - - ########################## - # SSI / MIW CONFIGURATION - ########################## - - name: "TX_SSI_MIW_URL" - value: {{ .Values.controlplane.ssi.miw.url | quote }} - - name: "TX_SSI_MIW_AUTHORITY_ID" - value: {{ .Values.controlplane.ssi.miw.authorityId | quote }} - - name: "TX_SSI_OAUTH_TOKEN_URL" - value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }} - - name: "TX_SSI_OAUTH_CLIENT_ID" - value: {{ .Values.controlplane.ssi.oauth.client.id | quote }} - - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS" - value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }} - - name: "TX_SSI_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - ####### - # API # - ####### - - name: "EDC_API_AUTH_KEY" - value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.management.authKey is required" | quote }} - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ .Values.controlplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ .Values.controlplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_MANAGEMENT_PORT" - value: {{ .Values.controlplane.endpoints.management.port | quote }} - - name: "WEB_HTTP_MANAGEMENT_PATH" - value: {{ .Values.controlplane.endpoints.management.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ .Values.controlplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ .Values.controlplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PROTOCOL_PORT" - value: {{ .Values.controlplane.endpoints.protocol.port | quote }} - - name: "WEB_HTTP_PROTOCOL_PATH" - value: {{ .Values.controlplane.endpoints.protocol.path | quote }} - - ######### - ## DSP ## - ######### - - - name: "EDC_DSP_CALLBACK_ADDRESS" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }} - - name: "EDC_OAUTH_PROVIDER_AUDIENCE" - value: "idsc:IDS_CONNECTORS_ALL" - - name: "EDC_OAUTH_ENDPOINT_AUDIENCE" - value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" . ) .Values.controlplane.endpoints.protocol.path | quote }} - - ################ - ## POSTGRESQL ## - ################ - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/asset-index-sql - - name: "EDC_DATASOURCE_ASSET_NAME" - value: "asset" - - name: "EDC_DATASOURCE_ASSET_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_ASSET_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_ASSET_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-definition-store-sql - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_NAME" - value: "contractdefinition" - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTDEFINITION_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-negotiation-store-sql - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_NAME" - value: "contractnegotiation" - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_CONTRACTNEGOTIATION_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/policy-store-sql - - name: "EDC_DATASOURCE_POLICY_NAME" - value: "policy" - - name: "EDC_DATASOURCE_POLICY_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_POLICY_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_POLICY_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/transfer-process-store-sql - - name: "EDC_DATASOURCE_TRANSFERPROCESS_NAME" - value: "transferprocess" - - name: "EDC_DATASOURCE_TRANSFERPROCESS_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_TRANSFERPROCESS_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_TRANSFERPROCESS_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} - - ################ - ## DATA PLANE ## - ################ - - {{- range $dataplane_name, $dataplane := .Values.dataplanes }} - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/dataplane-selector-configuration - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_URL" (upper $dataplane.name) | quote }} - value: {{ include "txdc.dataplane.url.control" (dict "dataplane" $dataplane "root" $) }}/transfer - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_SOURCETYPES" (upper $dataplane.name) | quote }} - value: {{ $dataplane.sourceTypes }} - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_DESTINATIONTYPES" (upper $dataplane.name) | quote }} - value: {{ $dataplane.destinationTypes }} - - name: {{ printf "EDC_DATAPLANE_SELECTOR_%s_PROPERTIES" (upper $dataplane.name) | quote }} - value: |- - {{ printf "{ \"publicApiUrl\": \"%s\" }" (include "txdc.dataplane.url.public" (dict "dataplane" $dataplane "root" $)) }} - {{- end }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer - - name: "EDC_TRANSFER_PROXY_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" (dict "dataplane" .Values.dataplanes.dataplane "root" $) }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }} - {{- end }} - {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }} - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }} - {{- end }} - - # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver - {{- if .Values.backendService.httpProxyTokenReceiverUrl }} - - name: "EDC_RECEIVER_HTTP_DYNAMIC_ENDPOINT" - value: {{ .Values.backendService.httpProxyTokenReceiverUrl | quote }} - {{- end }} - - ########### - ## VAULT ## - ########### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault - - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl .Values.vault.hashicorp.url . | quote }} - - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ .Values.vault.hashicorp.timeout | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }} - - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ .Values.vault.hashicorp.paths.secret | quote }} - - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ .Values.vault.hashicorp.paths.health | quote }} - - ##################### - ## DATA ENCRYPTION ## - ##################### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/data-encryption - - name: "EDC_DATA_ENCRYPTION_KEYS_ALIAS" - value: {{ .Values.vault.secretNames.transferProxyTokenEncryptionAesKey | quote }} - - name: "EDC_DATA_ENCRYPTION_ALGORITHM" - value: "AES" - - ########################### - ## AAS WRAPPER EXTENSION ## - ########################### - - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER" - value: "0" - - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT" - value: "0" - - ########################### - ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ## - ########################### - - name: "TRACTUSX_BUSINESSPARTNERVALIDATION_LOG_AGREEMENT_VALIDATION" - value: {{ .Values.controlplane.businessPartnerValidation.log.agreementValidation | quote }} - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" .}}-controlplane - {{- range $key, $value := .Values.controlplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := .Values.controlplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or .Values.controlplane.envSecretNames .Values.controlplane.envConfigMapNames) (or (gt (len .Values.controlplane.envSecretNames) 0) (gt (len .Values.controlplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := .Values.controlplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := .Values.controlplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - - name: "tmp" - mountPath: "/tmp" - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" . }}-controlplane - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - - name: "tmp" - emptyDir: { } - {{- with .Values.controlplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.controlplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/charts/agent-connector/templates/deployment-dataplane.yaml b/charts/agent-connector/templates/deployment-dataplane.yaml deleted file mode 100644 index b487be00..00000000 --- a/charts/agent-connector/templates/deployment-dataplane.yaml +++ /dev/null @@ -1,360 +0,0 @@ -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} -spec: - {{- if not $dataplane.autoscaling.enabled }} - replicas: {{ $dataplane.replicaCount }} - {{- end }} - selector: - matchLabels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }} - template: - metadata: - {{- with $dataplane.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }} - {{- with $dataplane.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- with $root.Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" $root }} - securityContext: - {{- toYaml $dataplane.podSecurityContext | nindent 8 }} - initContainers: - {{- toYaml $dataplane.initContainers | nindent 8 }} - containers: - - name: {{ $root.Chart.Name }} - securityContext: - {{- toYaml $dataplane.securityContext | nindent 12 }} - {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.5.0" }}" - {{- else if $dataplane.agent }} - image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" - {{- else }} - image: "tractusx/edc-dataplane-hashicorp-vault:{{ $dataplane.image.tag | default "0.5.0" }}" - {{- end }} - imagePullPolicy: {{ $dataplane.image.pullPolicy }} - ports: - {{- range $key,$value := $dataplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }} - {{- if $dataplane.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ $dataplane.endpoints.default.path }}/check/liveness - port: {{ $dataplane.endpoints.default.port }} - initialDelaySeconds: {{ $dataplane.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ $dataplane.livenessProbe.periodSeconds }} - timeoutSeconds: {{ $dataplane.livenessProbe.timeoutSeconds }} - failureThreshold: {{ $dataplane.livenessProbe.failureThreshold }} - successThreshold: {{ $dataplane.livenessProbe.successThreshold }} - {{- end }} - {{- if $dataplane.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ $dataplane.endpoints.default.path }}/check/readiness - port: {{ $dataplane.endpoints.default.port }} - initialDelaySeconds: {{ $dataplane.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ $dataplane.readinessProbe.periodSeconds }} - timeoutSeconds: {{ $dataplane.readinessProbe.timeoutSeconds }} - failureThreshold: {{ $dataplane.readinessProbe.failureThreshold }} - successThreshold: {{ $dataplane.readinessProbe.successThreshold }} - {{- end }} - resources: - {{- toYaml $dataplane.resources | nindent 12 }} - env: - {{- if $dataplane.debug.enabled }} - - name: "JAVA_TOOL_OPTIONS" - {{- if and $dataplane.debug.enabled $dataplane.debug.suspendOnStart }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" $dataplane.debug.port }} - {{- else }} - value: >- - {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" $dataplane.debug.port }} - {{- end }} - {{- end }} - - ####### - # API # - ####### - - name: "WEB_HTTP_DEFAULT_PORT" - value: {{ $dataplane.endpoints.default.port | quote }} - - name: "WEB_HTTP_DEFAULT_PATH" - value: {{ $dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ $dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ $dataplane.endpoints.control.path | quote }} - - name: "WEB_HTTP_PUBLIC_PORT" - value: {{ $dataplane.endpoints.public.port | quote }} - - name: "WEB_HTTP_PUBLIC_PATH" - value: {{ $dataplane.endpoints.public.path | quote }} - - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txdc.controlplane.url.validation" $root}} - - ################### - # AUTH (JWT) # - ################### - {{- if $dataplane.auth }} - {{- range $auth, $authDef := $dataplane.auth }} - - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }} - value: {{ $authDef.type | required "Authentication Service needs a type" | quote }} - - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }} - value: {{ $authDef.context | required "Authentication Service needs a context" | quote }} - {{- if $authDef.exclude }} - - name: {{ printf "TRACTUSX_AUTH_%s_EXCLUDE" (upper $auth) | quote }} - value: {{ $authDef.exclude | quote }} - {{- end }} - {{- if $authDef.register }} - - name: {{ printf "TRACTUSX_AUTH_%s_REGISTER" (upper $auth) | quote }} - value: {{ $authDef.register | quote }} - {{- end }} - {{- if $authDef.apiCode }} - - name: {{ printf "TRACTUSX_AUTH_%s_APICODE" (upper $auth) | quote }} - value: {{ $authDef.apiCode | quote }} - {{- end }} - {{- if $authDef.vaultKey }} - - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }} - value: {{ $authDef.vaultKey | quote }} - {{- end }} - {{- if $authDef.publicKey }} - - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }} - value: {{ $authDef.publicKey | quote }} - {{- end }} - {{- if $authDef.checkExpiry }} - - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }} - value: {{ $authDef.checkExpiry | quote }} - {{- end }} - {{- end }} - {{- end }} - - {{- if $dataplane.endpoints.callback }} - - ################### - # AGENT CALLBACK # - ################### - - name: "WEB_HTTP_CALLBACK_PORT" - value: {{ $dataplane.endpoints.callback.port | quote }} - - name: "WEB_HTTP_CALLBACK_PATH" - value: {{ $dataplane.endpoints.callback.path | quote }} - - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - - name: "EDC_API_AUTH_KEY" - value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} - - name: "EDC_PARTICIPANT_ID" - value: {{ $root.Values.participant.id | quote }} - - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" - value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} - - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" - value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} - {{- end }} - - {{- if $dataplane.agent }} - - name: "CX_AGENT_EDC_VERSION" - value: {{ $dataplane.agent.edcVersion | default $root.Values.controlplane.image.tag | quote }} - {{- end }} - - {{- if $dataplane.agent.default }} - - ############### - # AGENT INIT # - ############### - - name: "CX_AGENT_ASSET_FILE" - value: {{ join "," $dataplane.agent.default | quote }} - - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" - value: {{ $dataplane.agent.skillcontract | quote }} - {{- end }} - - {{- if $dataplane.agent.services }} - - ################### - # AGENT SERVICES # - ################### - {{- if $dataplane.agent.services.allow }} - - name: "CX_AGENT_SERVICE_ALLOW" - value: {{ $dataplane.agent.services.allow | quote }} - {{- end }} - {{- if $dataplane.agent.services.deny }} - - name: "CX_AGENT_SERVICE_DENY" - value: {{ $dataplane.agent.services.deny | quote }} - {{- end }} - {{- if $dataplane.agent.services.asset }} - {{- if $dataplane.agent.services.asset.allow }} - - name: "CX_AGENT_SERVICE_ASSET_ALLOW" - value: {{ $dataplane.agent.services.asset.allow | quote }} - {{- end }} - {{- if $dataplane.agent.services.asset.deny }} - - name: "CX_AGENT_SERVICE_ASSET_DENY" - value: {{ $dataplane.agent.services.asset.deny | quote }} - {{- end }} - {{- end }} - {{- end }} - - {{- if $dataplane.agent.connectors }} - - ################### - # AGENT SYNC # - ################### - - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{ join "," $dataplane.agent.connectors | quote }} - - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" - value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - - name: "CX_AGENT_FEDERATION_BATCH_MAX" - value: {{ $dataplane.agent.maxbatchsize | quote }} - {{- end }} - - ####### - # AWS # - ####### - {{- if $dataplane.aws.endpointOverride }} - - name: "EDC_AWS_ENDPOINT_OVERRIDE" - value: {{ $dataplane.aws.endpointOverride | quote }} - {{- end }} - {{- if $dataplane.aws.secretAccessKey }} - - name: "AWS_SECRET_ACCESS_KEY" - value: {{ $dataplane.aws.secretAccessKey | quote }} - {{- end }} - {{- if $dataplane.aws.accessKeyId }} - - name: "AWS_ACCESS_KEY_ID" - value: {{ $dataplane.aws.accessKeyId | quote }} - {{- end }} - - ############### - ## EDR CACHE ## - ############### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/edr-cache-sql - - name: "EDC_DATASOURCE_EDR_NAME" - value: "edr" - - name: "EDC_DATASOURCE_EDR_USER" - value: {{ $root.Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} - - name: "EDC_DATASOURCE_EDR_PASSWORD" - value: {{ $root.Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} - - name: "EDC_DATASOURCE_EDR_URL" - value: {{ tpl $root.Values.postgresql.jdbcUrl $root | quote }} - - ########### - ## VAULT ## - ########### - - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault - - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl $root.Values.vault.hashicorp.url $root | required ".Values.vault.hashicorp.url is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ $root.Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ $root.Values.vault.hashicorp.timeout | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ $root.Values.vault.hashicorp.healthCheck.enabled | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ $root.Values.vault.hashicorp.healthCheck.standbyOk | quote }} - - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ $root.Values.vault.hashicorp.paths.secret | quote }} - - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ $root.Values.vault.hashicorp.paths.health | quote }} - - ###################################### - ## Additional environment variables ## - ###################################### - - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }} - {{- range $key, $value := $dataplane.envValueFrom }} - - name: {{ $key | quote }} - valueFrom: - {{- tpl (toYaml $value) $ | nindent 16 }} - {{- end }} - {{- range $key, $value := $dataplane.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} - {{- end }} - {{- if and (or $dataplane.envSecretNames $dataplane.envConfigMapNames) (or (gt (len $dataplane.envSecretNames) 0) (gt (len $dataplane.envConfigMapNames) 0)) }} - envFrom: - {{- range $value := $dataplane.envSecretNames }} - - secretRef: - name: {{ $value | quote }} - {{- end }} - {{- range $value := $dataplane.envConfigMapNames }} - - configMapRef: - name: {{ $value | quote }} - {{- end }} - {{- end }} - volumeMounts: - - name: "configuration" - mountPath: "/app/opentelemetry.properties" - subPath: "opentelemetry.properties" - - name: "configuration" - mountPath: "/app/logging.properties" - subPath: "logging.properties" - - name: "tmp" - mountPath: "/tmp" - - {{- range $config_name, $config_value := $dataplane.configs }} - - name: "configuration" - mountPath: {{ printf "/app/%s" $config_name | quote }} - subPath: {{ printf "%s" $config_name | quote }} - {{- end }} - volumes: - - name: "configuration" - configMap: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }} - items: - - key: "opentelemetry.properties" - path: "opentelemetry.properties" - - key: "logging.properties" - path: "logging.properties" - {{- range $config_name, $config_value := $dataplane.configs }} - - key: {{ printf "%s" $config_name | quote }} - path: {{ printf "%s" $config_name | quote }} - {{- end }} - - name: "tmp" - emptyDir: { } - {{- with $dataplane.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $dataplane.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $dataplane.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/charts/agent-connector/templates/hpa-controlplane.yaml b/charts/agent-connector/templates/hpa-controlplane.yaml deleted file mode 100644 index 50c1dbb5..00000000 --- a/charts/agent-connector/templates/hpa-controlplane.yaml +++ /dev/null @@ -1,50 +0,0 @@ -{{- if .Values.controlplane.autoscaling.enabled }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "txdc.fullname" . }}-controlplane - minReplicas: {{ .Values.controlplane.autoscaling.minReplicas }} - maxReplicas: {{ .Values.controlplane.autoscaling.maxReplicas }} - metrics: - {{- if .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.controlplane.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/agent-connector/templates/ingress-controlplane.yaml b/charts/agent-connector/templates/ingress-controlplane.yaml deleted file mode 100644 index 47806a8d..00000000 --- a/charts/agent-connector/templates/ingress-controlplane.yaml +++ /dev/null @@ -1,99 +0,0 @@ -{{- $fullName := include "txdc.fullname" . }} -{{- $controlLabels := include "txdc.controlplane.labels" . }} -{{- $controlEdcEndpoints := .Values.controlplane.endpoints }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} - -{{- range .Values.controlplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $controlIngressName := printf "%s-controlplane-%s" $fullName .hostname }} -{{- $annotations := .annotations | default dict }} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $controlIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $controlLabels | nindent 4 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }} - {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $controlIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $controlEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-controlplane - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/agent-connector/templates/ingress-dataplane.yaml b/charts/agent-connector/templates/ingress-dataplane.yaml deleted file mode 100644 index 7d03fbff..00000000 --- a/charts/agent-connector/templates/ingress-dataplane.yaml +++ /dev/null @@ -1,103 +0,0 @@ -{{- $fullName := include "txdc.fullname" . }} -{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} -{{- $namespace := .Release.Namespace }} -{{ $root := . }} -{{- range $dataplane_name, $dataplane := .Values.dataplanes }} -{{- $dataEdcEndpoints := $dataplane.endpoints }} -{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} - -{{- range $dataplane.ingresses }} -{{- if and .enabled .endpoints }} -{{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }} -{{- $annotations := .annotations | default dict }} ---- -# -# Copyright (c) 2023 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- if semverCompare ">=1.19-0" $gitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" $gitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: {{ $dataIngressName }} - namespace: {{ $namespace | default "default" | quote }} - labels: - {{- $dataLabels | nindent 2 }} - annotations: - {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} - {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }} - {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}} - {{- end }} - {{- end }} - {{- if .certManager }} - {{- if .certManager.issuer }} - {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} - {{- end }} - {{- if .certManager.clusterIssuer }} - {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} - {{- end }} - {{- end }} - {{- with $annotations }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} - ingressClassName: {{ .className }} - {{- end }} - {{- if .hostname }} - {{- if .tls.enabled }} - tls: - - hosts: - - {{ .hostname }} - {{- if .tls.secretName }} - secretName: {{ .tls.secretName }} - {{- else }} - secretName: {{ $dataIngressName }}-tls - {{- end }} - {{- end }} - rules: - - host: {{ .hostname }} - http: - paths: - {{- $ingressEdcEndpoints := .endpoints }} - {{- range $name, $mapping := $dataEdcEndpoints }} - {{- if (has $name $ingressEdcEndpoints) }} - - path: {{ $mapping.path }} - pathType: Prefix - backend: - {{- if semverCompare ">=1.19-0" $gitVersion }} - service: - name: {{ $fullName }}-{{ $dataplane.name }} - port: - number: {{ $mapping.port }} - {{- else }} - {{- end }} - {{- end }} - {{- end }} - {{- end }} -{{- end }}{{- /* end: if .enabled */}} -{{- end }}{{- /* end: range .Values.ingresses */}} -{{- end }}{{- /* end: range .Values.dataplanes */}} diff --git a/charts/agent-connector/templates/networkpolicy.yaml b/charts/agent-connector/templates/networkpolicy.yaml deleted file mode 100644 index 05b59029..00000000 --- a/charts/agent-connector/templates/networkpolicy.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} -{{- range tuple "controlplane" "dataplane" }} -{{- $name := . }} ---- -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: {{ include "txdc.fullname" $ }}-{{ $name }} - labels: - {{- include (printf "txdc.%s.labels" $name) $ | nindent 4 }} -spec: - podSelector: - matchLabels: - {{- include (printf "txdc.%s.selectorLabels" $name) $ | nindent 6 }} - ingress: - - from: - {{- toYaml (index $.Values.networkPolicy $name "from") | nindent 6 }} - ports: - {{- range $key,$value := (index $.Values $name "endpoints") }} - - port: {{ $value.port }} - protocol: TCP - {{- end }} - policyTypes: - - Ingress ---- -{{- end }} -{{- end }} diff --git a/charts/agent-connector/templates/service-controlplane.yaml b/charts/agent-connector/templates/service-controlplane.yaml deleted file mode 100644 index e993b46d..00000000 --- a/charts/agent-connector/templates/service-controlplane.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: Service -metadata: - name: {{ include "txdc.fullname" . }}-controlplane - namespace: {{ .Release.Namespace | default "default" | quote }} - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} -spec: - type: {{ .Values.controlplane.service.type }} - ports: - - port: {{ .Values.controlplane.endpoints.default.port }} - targetPort: default - protocol: TCP - name: default - - port: {{ .Values.controlplane.endpoints.control.port }} - targetPort: control - protocol: TCP - name: control - - port: {{ .Values.controlplane.endpoints.management.port }} - targetPort: management - protocol: TCP - name: management - - port: {{ .Values.controlplane.endpoints.protocol.port }} - targetPort: protocol - protocol: TCP - name: protocol - - port: {{ .Values.controlplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - selector: - {{- include "txdc.controlplane.selectorLabels" . | nindent 4 }} diff --git a/charts/agent-connector/templates/serviceaccount.yaml b/charts/agent-connector/templates/serviceaccount.yaml deleted file mode 100644 index f94ad14e..00000000 --- a/charts/agent-connector/templates/serviceaccount.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.serviceAccount.create -}} ---- -# -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "txdc.serviceAccountName" . }} - labels: - {{- include "txdc.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- with .Values.serviceAccount.imagePullSecrets }} -imagePullSecrets: - {{- toYaml . | nindent 2 }} -{{- end }} -{{- end }} diff --git a/charts/agent-connector/templates/tests/test-controlplane-readiness.yaml b/charts/agent-connector/templates/tests/test-controlplane-readiness.yaml deleted file mode 100644 index efd6f3b1..00000000 --- a/charts/agent-connector/templates/tests/test-controlplane-readiness.yaml +++ /dev/null @@ -1,36 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-controlplane-readiness" - labels: - {{- include "txdc.controlplane.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ 'curl' ] - args: [ '{{- printf "http://%s-controlplane:%v%s/check/readiness" (include "txdc.fullname" $ ) $.Values.controlplane.endpoints.default.port $.Values.controlplane.endpoints.default.path -}}' ] - restartPolicy: Never diff --git a/charts/agent-connector/templates/tests/test-dataplane-readiness.yaml b/charts/agent-connector/templates/tests/test-dataplane-readiness.yaml deleted file mode 100644 index 2147c743..00000000 --- a/charts/agent-connector/templates/tests/test-dataplane-readiness.yaml +++ /dev/null @@ -1,41 +0,0 @@ -# -# Copyright (c) 2023 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -{{- $root := . -}} -{{- $allcommands := (dict "commands" (list)) -}} -{{- range $dataplane_name, $dataplane := .Values.dataplanes -}} -{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | append $allcommands.commands | set $allcommands "commands" -}} -{{- end }} - ---- -apiVersion: v1 -kind: Pod -metadata: - name: "{{include "txdc.fullname" .}}test-dataplane-readiness" - labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" .Values.dataplanes.dataplane "root" $root) | nindent 4 }} - annotations: - "helm.sh/hook": test - "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} -spec: - containers: - - name: wget - image: curlimages/curl - command: [ '/bin/sh','-c' ] - args: [ {{ join "&&" $allcommands.commands | quote }} ] - restartPolicy: Never diff --git a/charts/agent-connector/values.yaml b/charts/agent-connector/values.yaml deleted file mode 100644 index e597c6b5..00000000 --- a/charts/agent-connector/values.yaml +++ /dev/null @@ -1,634 +0,0 @@ ---- -# -# Copyright (c) 2023,2024 T-Systems International GmbH -# Copyright (c) 2023 ZF Friedrichshafen AG -# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# -# Default values for agent-connector. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -install: - postgresql: false - vault: false -fullnameOverride: "" -nameOverride: "" -# -- Image registry to use -imageRegistry: docker.io/ -# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) -imagePullSecrets: [] -# -- To add some custom labels -customLabels: {} - -participant: - # -- BPN Number - id: "" - -controlplane: - image: - # -- Which derivate of the control plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a readiness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - # -- endpoints of the control plane - endpoints: - # -- default api for health checks, should not be added to any ingress - default: - # -- port for incoming api calls - port: 8080 - # -- path for incoming api calls - path: /api - # -- data management api, used by internal users, can be added to an ingress and must not be internet facing - management: - # -- port for incoming api calls - port: 8081 - # -- path for incoming api calls - path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header - authKey: "" - # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not - control: - # -- port for incoming api calls - port: 8083 - # -- path for incoming api calls - path: /control - # -- dsp api, used for inter connector communication and must be internet facing - protocol: - # -- port for incoming api calls - port: 8084 - # -- path for incoming api calls - path: /api/v1/dsp - # -- metrics api, used for application metrics, must not be internet facing - metrics: - # -- port for incoming api calls - port: 9090 - # -- path for incoming api calls - path: /metrics - - businessPartnerValidation: - log: - agreementValidation: true - - # SSI configuration - ssi: - miw: - # -- MIW URL - url: "" - # -- The BPN of the issuer authority - authorityId: "" - oauth: - # -- The URL (of KeyCloak), where access tokens can be obtained - tokenurl: "" - client: - # -- The client ID for KeyCloak - id: "" - # -- The alias under which the client secret is stored in the vault. - secretAlias: "" - - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - annotations: {} - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: { - EDC_JSONLD_HTTPS_ENABLED: "true" - } - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.local" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - protocol - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - ## Private / Intranet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-control.intranet" - # -- Additional ingress annotations to add - annotations: {} - # -- EDC endpoints exposed by this ingress resource - endpoints: - - management - - control - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 512Mi - requests: - cpu: 500m - memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - org.eclipse.edc.level=ALL - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.ConsoleHandler.level=ALL - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - url: - # -- Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) - protocol: "" -dataplanes: - dataplane: - # -- the name of the dataplane - name: "agentplane" - # -- a comma-separated list of supported asset types - sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3" - # -- a comma-separated list of supported transfer types - destinationTypes: "HttpProxy,AmazonS3" - image: - # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically - repository: "" - # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use - pullPolicy: IfNotPresent - # -- Overrides the image tag whose default is the chart appVersion - tag: "" - initContainers: [] - debug: - enabled: false - port: 1044 - suspendOnStart: false - livenessProbe: - # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first liveness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - readinessProbe: - # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) - enabled: true - # -- seconds to wait before performing the first readiness check - initialDelaySeconds: 30 - # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds - periodSeconds: 10 - # -- number of seconds after which the probe times out - timeoutSeconds: 5 - # -- when a probe fails kubernetes will try 6 times before giving up - failureThreshold: 6 - # -- number of consecutive successes for the probe to be considered successful after having failed - successThreshold: 1 - service: - # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. - type: ClusterIP - port: 80 - endpoints: - default: - port: 8080 - path: /api - public: - port: 8081 - path: /api/public - control: - port: 8083 - path: /api/dataplane/control - proxy: - port: 8186 - path: /proxy - callback: - port: 8087 - path: /callback - metrics: - port: 9090 - path: /metrics - # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries - auth: - # -- the default authentication service - default: - # -- the type of the default authentication service (api-key, jwt or composite) - type: api-key - # -- the context(s) of the default authentication service separated by commas - context: default - # -- excluded paths for liveness checks and validation - exclude: ".*/(check|validation).*" - # -- controls whether this service should be registered as the default EDC authentication service globally - register: false - # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. - apiCode: "69609650" - # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead - vaultKey: - # -- public key for checking the validity of jwt tokens, set this when type=jwt - publicKey: - # -- controls whether the expiry date of jwt tokens is checked when type=jwt - checkExpiry: true - aws: - endpointOverride: "" - accessKeyId: "" - secretAccessKey: "" - # -- additional labels for the pod - podLabels: {} - # -- additional annotations for the pod - podAnnotations: {} - # -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment - podSecurityContext: - seccompProfile: - # -- Restrict a Container's Syscalls with seccomp - type: RuntimeDefault - # -- Runs all processes within a pod with a special uid - runAsUser: 10001 - # -- Processes within a pod will belong to this guid - runAsGroup: 10001 - # -- The owner for volumes and any files created within volumes will belong to this guid - fsGroup: 10001 - # The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod - securityContext: - capabilities: - # -- Specifies which capabilities to drop to reduce syscall attack surface - drop: - - ALL - # -- Specifies which capabilities to add to issue specialized syscalls - add: [] - # -- Whether the root filesystem is mounted in read-only mode - readOnlyRootFilesystem: true - # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID - allowPrivilegeEscalation: false - # -- Requires the container to run without root privileges - runAsNonRoot: true - # -- The container's process will run with the specified uid - runAsUser: 10001 - # Extra environment variables that will be pass onto deployment pods - env: {} - # ENV_NAME: value - - # "valueFrom" environment variable references that will be added to deployment pods. Name is templated. - # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core - envValueFrom: {} - # ENV_NAME: - # configMapKeyRef: - # name: configmap-name - # key: value_key - # secretKeyRef: - # name: secret-name - # key: value_key - - # [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from - envSecretNames: [] - # - first-secret - # - second-secret - - # [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from - envConfigMapNames: [] - # - first-config-map - # - second-config-map - - ## Ingress declaration to expose the network service. - ingresses: - ## Public / Internet facing Ingress - - enabled: false - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "edc-data.local" - # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} - annotations: - # Sample settings for more demanding use cases - # nginx.org/proxy-connect-timeout: "30s" - # nginx.org/proxy-read-timeout: "360s" - # nginx.org/client-max-body-size: "10m" - # -- EDC endpoints exposed by this ingress resource - endpoints: - - public - # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use - className: "" - # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource - tls: - # -- Enables TLS on the ingress resource - enabled: false - # -- If present overwrites the default secret name - secretName: "" - ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource - certManager: - # -- If preset enables certificate generation via cert-manager namespace scoped issuer - issuer: "" - # -- If preset enables certificate generation via cert-manager cluster-wide issuer - clusterIssuer: "" - # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container - volumeMounts: [] - # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories - volumes: [] - # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - limits: - cpu: 1.5 - memory: 1024Mi - requests: - cpu: 500m - memory: 128Mi - replicaCount: 1 - autoscaling: - # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) - enabled: false - # -- Minimal replicas if resource consumption falls below resource threshholds - minReplicas: 1 - # -- Maximum replicas if resource consumption exceeds resource threshholds - maxReplicas: 100 - # -- targetAverageUtilization of cpu provided to a pod - targetCPUUtilizationPercentage: 80 - # -- targetAverageUtilization of memory provided to a pod - targetMemoryUtilizationPercentage: 80 - # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics - opentelemetry: |- - otel.javaagent.enabled=false - otel.javaagent.debug=false - # -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) - logging: |- - .level=INFO - org.eclipse.edc.level=ALL - handlers=java.util.logging.ConsoleHandler - java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter - java.util.logging.ConsoleHandler.level=ALL - java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes - nodeSelector: {} - # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes - tolerations: [] - # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on - affinity: {} - url: - # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) - public: "" - # -- A set of additional configuration files - configs: - # -- An example of an empty graph in ttl syntax - dataspace.ttl: | - ################################################################# - # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT - ################################################################# - @prefix : . - @base . - # -- Agent-Specific Settings - agent: - # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue - default: - - dataspace.ttl - - https://w3id.org/catenax/ontology.ttl - # -- The synchronization interval in ms to update the federated data catalogue - synchronization: -1 - # -- The list of remote connector IDS URLs to synchronize with - connectors: [] - # -- Names the visible contract under which new skills are published (if not otherwise specified) - skillcontract: Contract?partner=Skill - # -- Sets the maximal batch size when delegating to agents and services - maxbatchsize: '9223372036854775807' - # -- A set of configs for regulating outgoing service calls - services: - # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) - allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)' - # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) - deny: 'http://.*' - # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) - asset: - # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) - allow: '(edcs?://.*)' - # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) - deny: 'https?://.*' - -# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden -postgresql: - jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" - primary: - persistence: - enabled: false - readReplicas: - persistence: - enabled: false - auth: - database: "edc" - username: "user" - password: "password" -vault: - injector: - enabled: false - server: - dev: - enabled: true - devRootToken: "root" - postStart: # must be set externally! - hashicorp: - # -- URL to the vault service, needs to be changed if install.vault=false - url: "http://{{ .Release.Name }}-vault:8200" - # -- Access token to the vault service needs to be changed if install.vault=false - token: "" - timeout: 30 - healthCheck: - enabled: true - standbyOk: true - paths: - # -- Path to secrets needs to be changed if install.vault=false - secret: /v1/secret - # -- Default health api - health: /v1/sys/health - secretNames: - # -- sign handed out tokens with this key - transferProxyTokenSignerPrivateKey: - # -- sign handed out tokens with this certificate - transferProxyTokenSignerPublicKey: - # -- encrypt handed out tokens with this symmetric key - transferProxyTokenEncryptionAesKey: -backendService: - httpProxyTokenReceiverUrl: "" - -networkPolicy: - # -- If `true` network policy will be created to restrict access to control- and dataplane - enabled: false - # -- Configuration of the controlplane component - controlplane: - # -- Specify from rule network policy for cp (defaults to all namespaces) - from: - - namespaceSelector: {} - # -- Configuration of the dataplane component - dataplane: - # -- Specify from rule network policy for dp (defaults to all namespaces) - from: - - namespaceSelector: {} - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) - imagePullSecrets: [] - -# -- Configurations for Helm tests -tests: - # -- Configure the hook-delete-policy for Helm tests - hookDeletePolicy: before-hook-creation,hook-succeeded diff --git a/charts/agent-connector-azure-vault/.helmignore b/charts/agent-plane/.helmignore similarity index 100% rename from charts/agent-connector-azure-vault/.helmignore rename to charts/agent-plane/.helmignore diff --git a/charts/agent-connector-memory/Chart.yaml b/charts/agent-plane/Chart.yaml similarity index 76% rename from charts/agent-connector-memory/Chart.yaml rename to charts/agent-plane/Chart.yaml index a132c336..ffc3cbab 100644 --- a/charts/agent-connector-memory/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -1,9 +1,9 @@ # -# Copyright (c) 2023,2024 T-Systems International GmbH +# Copyright (c) 2023 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -23,11 +23,10 @@ --- apiVersion: v2 -name: agent-connector-memory +name: agent-plane description: | - A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector using In-Memory Persistence. This is a variant of [the Tractus-X In-Memory Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory) which allows - to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a - Control Plane and one or several Data Planes. Note that _no_ external dependencies such as HashiCorp Vault are included. + A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running + Control Plane. This chart is intended for use with an _existing_ HashiCorp Vault. # A chart can be either an 'application' or a 'library' chart. @@ -42,12 +41,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.17-SNAPSHOT +version: 1.12.18-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.12.17-SNAPSHOT" +appVersion: "1.12.18-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-connector-azure-vault/LICENSE b/charts/agent-plane/LICENSE similarity index 100% rename from charts/agent-connector-azure-vault/LICENSE rename to charts/agent-plane/LICENSE diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md new file mode 100644 index 00000000..90eb8baf --- /dev/null +++ b/charts/agent-plane/README.md @@ -0,0 +1,237 @@ + + +# agent-plane + +![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) + +A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running +Control Plane. + +This chart is intended for use with an _existing_ HashiCorp Vault. + +**Homepage:** + +## Setting up the Agent Planes + +Make sure to adapt the Agent Plane's application-facing endpoint security: +- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) +- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key +- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault +- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found +- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) + +Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. +- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. +- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. +- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. +- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. + +Be sure to adapt the agent configuration +- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. +- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. +- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. +- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. + +### Launching the application + +As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) +to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. +Combined, run this shell command to start the in-memory Tractus-X EDC runtime: + +```shell +helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev +helm install my-release eclipse-tractusx/agent-plane --version 1.12.18-SNAPSHOT +``` + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Tractus-X Knowledge Agents Team | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | +| agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | +| agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | +| agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | +| agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | +| agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | +| agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) | +| agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | +| agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | +| agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | +| agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) | +| agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue | +| auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries | +| auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service | +| auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. | +| auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt | +| auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas | +| auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation | +| auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt | +| auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally | +| auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) | +| auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead | +| autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | +| autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | +| autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | +| autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | +| aws.accessKeyId | string | `""` | | +| aws.endpointOverride | string | `""` | | +| aws.secretAccessKey | string | `""` | | +| configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | +| configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | +| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | +| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | +| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | +| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | +| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | +| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | +| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | +| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | +| controlplane.ingresses[0].enabled | bool | `false` | | +| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | +| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | +| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | +| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | +| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | +| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | +| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | +| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | +| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | +| controlplane.ingresses[1].enabled | bool | `false` | | +| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | +| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | +| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | +| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | +| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | +| customLabels | object | `{}` | To add some custom labels | +| debug.enabled | bool | `false` | | +| debug.port | int | `1044` | | +| debug.suspendOnStart | bool | `false` | | +| destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | +| endpoints.callback.path | string | `"/callback"` | | +| endpoints.callback.port | int | `8087` | | +| endpoints.control.path | string | `"/api/dataplane/control"` | | +| endpoints.control.port | int | `8083` | | +| endpoints.default.path | string | `"/api"` | | +| endpoints.default.port | int | `8080` | | +| endpoints.metrics.path | string | `"/metrics"` | | +| endpoints.metrics.port | int | `9090` | | +| endpoints.proxy.path | string | `"/proxy"` | | +| endpoints.proxy.port | int | `8186` | | +| endpoints.public.path | string | `"/api/public"` | | +| endpoints.public.port | int | `8081` | | +| env | object | `{}` | | +| envConfigMapNames | list | `[]` | | +| envSecretNames | list | `[]` | | +| envValueFrom | object | `{}` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | +| image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | +| imageRegistry | string | `"docker.io/"` | Image registry to use | +| ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} | +| ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | +| ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | +| ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | +| ingresses[0].enabled | bool | `false` | | +| ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | +| ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | +| ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | +| ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | +| ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | +| initContainers | list | `[]` | | +| install.vault | bool | `false` | | +| livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | +| livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | +| livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | +| livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | +| livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | +| logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | +| name | string | `"agentplane"` | the name of the dataplane | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | +| participant.id | string | `""` | BPN Number | +| podAnnotations | object | `{}` | additional annotations for the pod | +| podLabels | object | `{}` | additional labels for the pod | +| podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | +| podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | +| podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | +| podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | +| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | +| readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | +| readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | +| readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | +| readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | +| readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | +| replicaCount | int | `1` | | +| resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | +| securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | +| securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | +| securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | +| securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | +| securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | +| serviceAccount.name | string | `""` | | +| sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | +| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | +| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | +| tolerations | list | `[]` | | +| url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | +| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | +| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api | +| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false | +| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false | +| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false | +| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | +| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | +| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | +| volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | +| volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/agent-connector/README.md.gotmpl b/charts/agent-plane/README.md.gotmpl similarity index 63% rename from charts/agent-connector/README.md.gotmpl rename to charts/agent-plane/README.md.gotmpl index fcba6066..3c808f17 100644 --- a/charts/agent-connector/README.md.gotmpl +++ b/charts/agent-plane/README.md.gotmpl @@ -1,5 +1,6 @@ + +# agent-plane + +![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) + +A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running +Control Plane. + +This chart is intended for use with an _existing_ HashiCorp Vault. + +**Homepage:** + +## Setting up the Agent Planes + +Make sure to adapt the Agent Plane's application-facing endpoint security: +- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) +- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key +- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault +- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found +- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) + +Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. +- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. +- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. +- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. +- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. + +Be sure to adapt the agent configuration +- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. +- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. +- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. +- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. + +### Launching the application + +As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) +to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. +Combined, run this shell command to start the in-memory Tractus-X EDC runtime: + +```shell +helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev +helm install my-release eclipse-tractusx/agent-plane --version 1.12.18-SNAPSHOT +``` + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Tractus-X Knowledge Agents Team | | | + +## Source Code + +* + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | | +| agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | +| agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | +| agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | +| agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | +| agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | +| agent.services.allow | string | `"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | +| agent.services.asset | object | `{"allow":"(edcs?://.*)","deny":"https?://.*"}` | A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) | +| agent.services.asset.allow | string | `"(edcs?://.*)"` | A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) | +| agent.services.asset.deny | string | `"https?://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | +| agent.services.deny | string | `"http://.*"` | A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) | +| agent.skillcontract | string | `"Contract?partner=Skill"` | Names the visible contract under which new skills are published (if not otherwise specified) | +| agent.synchronization | int | `-1` | The synchronization interval in ms to update the federated data catalogue | +| auth | object | `{"default":{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}}` | Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries | +| auth.default | object | `{"apiCode":"69609650","checkExpiry":true,"context":"default","exclude":".*/(check|validation).*","publicKey":null,"register":false,"type":"api-key","vaultKey":null}` | the default authentication service | +| auth.default.apiCode | string | `"69609650"` | specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. | +| auth.default.checkExpiry | bool | `true` | controls whether the expiry date of jwt tokens is checked when type=jwt | +| auth.default.context | string | `"default"` | the context(s) of the default authentication service separated by commas | +| auth.default.exclude | string | `".*/(check|validation).*"` | excluded paths for liveness checks and validation | +| auth.default.publicKey | string | `nil` | public key for checking the validity of jwt tokens, set this when type=jwt | +| auth.default.register | bool | `false` | controls whether this service should be registered as the default EDC authentication service globally | +| auth.default.type | string | `"api-key"` | the type of the default authentication service (api-key, jwt or composite) | +| auth.default.vaultKey | string | `nil` | vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead | +| autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) | +| autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds | +| autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds | +| autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod | +| autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod | +| aws.accessKeyId | string | `""` | | +| aws.endpointOverride | string | `""` | | +| aws.secretAccessKey | string | `""` | | +| configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | +| configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | +| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | +| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | +| controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | +| controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | +| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | +| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | +| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | +| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | +| controlplane.ingresses[0].enabled | bool | `false` | | +| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | +| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | +| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | +| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | +| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | +| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | +| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | +| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | +| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | +| controlplane.ingresses[1].enabled | bool | `false` | | +| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | +| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | +| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | +| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | +| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | +| customLabels | object | `{}` | To add some custom labels | +| debug.enabled | bool | `false` | | +| debug.port | int | `1044` | | +| debug.suspendOnStart | bool | `false` | | +| destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | +| endpoints.callback.path | string | `"/callback"` | | +| endpoints.callback.port | int | `8087` | | +| endpoints.control.path | string | `"/api/dataplane/control"` | | +| endpoints.control.port | int | `8083` | | +| endpoints.default.path | string | `"/api"` | | +| endpoints.default.port | int | `8080` | | +| endpoints.metrics.path | string | `"/metrics"` | | +| endpoints.metrics.port | int | `9090` | | +| endpoints.proxy.path | string | `"/proxy"` | | +| endpoints.proxy.port | int | `8186` | | +| endpoints.public.path | string | `"/api/public"` | | +| endpoints.public.port | int | `8081` | | +| env | object | `{}` | | +| envConfigMapNames | list | `[]` | | +| envSecretNames | list | `[]` | | +| envValueFrom | object | `{}` | | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | +| image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | +| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | +| imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | +| imageRegistry | string | `"docker.io/"` | Image registry to use | +| ingresses[0].annotations | string | `nil` | Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} | +| ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | +| ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | +| ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | +| ingresses[0].enabled | bool | `false` | | +| ingresses[0].endpoints | list | `["public"]` | EDC endpoints exposed by this ingress resource | +| ingresses[0].hostname | string | `"edc-data.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | +| ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | +| ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | +| ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | +| initContainers | list | `[]` | | +| install.vault | bool | `false` | | +| livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | +| livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | +| livenessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | +| livenessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | +| livenessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | +| logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | +| name | string | `"agentplane"` | the name of the dataplane | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | +| participant.id | string | `""` | BPN Number | +| podAnnotations | object | `{}` | additional annotations for the pod | +| podLabels | object | `{}` | additional labels for the pod | +| podSecurityContext | object | `{"fsGroup":10001,"runAsGroup":10001,"runAsUser":10001,"seccompProfile":{"type":"RuntimeDefault"}}` | The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment | +| podSecurityContext.fsGroup | int | `10001` | The owner for volumes and any files created within volumes will belong to this guid | +| podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | +| podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | +| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | +| readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | +| readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | +| readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | +| readinessProbe.periodSeconds | int | `10` | this fields specifies that kubernetes should perform a liveness check every 10 seconds | +| readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | +| readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | +| replicaCount | int | `1` | | +| resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | +| securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | +| securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | +| securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | +| securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | +| securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | +| service.port | int | `80` | | +| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | +| serviceAccount.name | string | `""` | | +| sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | +| tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | +| tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | +| tolerations | list | `[]` | | +| url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | +| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | +| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api | +| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false | +| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false | +| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false | +| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | +| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | +| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | +| volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | +| volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.2](https://github.com/norwoodj/helm-docs/releases/v1.11.2) diff --git a/charts/agent-plane-azure-vault/README.md.gotmpl b/charts/agent-plane-azure-vault/README.md.gotmpl new file mode 100644 index 00000000..3c808f17 --- /dev/null +++ b/charts/agent-plane-azure-vault/README.md.gotmpl @@ -0,0 +1,72 @@ + + +{{ template "chart.header" . }} + +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +## Setting up the Agent Planes + +Make sure to adapt the Agent Plane's application-facing endpoint security: +- 'dataplanes.agentplane.auth.default.type': The type of authentication service to use (defaults to api-key, you could also use jwt) +- 'dataplanes.agentplane.auth.default.apiCode': If type is api-key, this is the hash of the accepted api key +- 'dataplanes.agentplane.auth.default.vaultKey': If type is api-key, this is the key where the api key can be retrieved from the configured vault +- 'dataplanes.agentplane.auth.default.publicKey': If type is jwt, this is a url where the public key to verify token with can be found +- 'dataplanes.agentplane.auth.default.checkExpiry': If type is jwt, determines whether token expiry is checked (default: true) + +Be sure to review the Agent Plane's service delegation filter which regulates with which external Agent's (SERVICE) this instance may interact. These properties form typical allow/deny conditions. Because of the nature of SPARQL, interacting with such a service may not only mean to import data from there, but you must take into account bound variables in the SERVICE contexts are also exported to there. So you should be rather prohibitive here. +- 'dataplanes.agentplane.agent.services.allow': A regular expression of allowed Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). The default graph only contains meta-data and can only be invoked by any in-house application, so usually you can be a bit more relaxed on this level. For example, you might be tempted to allow to mix your application logic and data with some universal service, such as Wikidata. +- 'dataplanes.agentplane.agent.services.deny': A regular expression of denied outgoing Agent/Sparql SERVICE contexts in the default graph (federated data catalogue). Typically you would restrict any unsecured http call by this properties. +- 'dataplanes.agentplane.agent.services.assets.allow': A regular expression of allowed Agent/Sparql SERVICE contexts when inside a data graph/asset (unless there are more specific settings in the asset itself). Since this affects how you can spice up your business data, you would only allow connections to trusted business partners connectors. +- 'dataplanes.agentplane.agent.services.assets.deny': A regular expression of denied Agent/Sparql SERVICE contexts. Use this to filter out unsecure protocols such as edc and http as well as to implement blacklists. + +Be sure to adapt the agent configuration +- 'dataplanes.agentplane.configs.dataspace.ttl': additional TTL text resource which lists the partner BPNs and their associated connectors. +- 'dataplanes.agentplane.agent.maxbatchsize': Should be restricted to a smaller number of tuples (10-100) if you intend to communicate over larger datasets. +- 'dataplanes.agentplane.agent.synchronization': Should be set to a positive number of seconds to activate the automatic synchronization of federated data catalogues. +- 'dataplanes.agentplane.agent.connectors': Should be a list of partner connector addresses which will be synchronized in the federated data catalogue. + +### Launching the application + +As an easy starting point, please consider using [this example configuration](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml) +to launch the application. The configuration values mentioned above (`controlplane.ssi.*`) will have to be adapted manually. +Combined, run this shell command to start the in-memory Tractus-X EDC runtime: + +```shell +helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev +helm install my-release eclipse-tractusx/agent-plane --version {{ .Version }} +``` + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml new file mode 100644 index 00000000..6edc9945 --- /dev/null +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -0,0 +1,47 @@ +# +# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +install: + +controlplane: + endpoints: + management: + authKey: "bla" + +vault: + azure: + name: "AZURE_NAME" + tenant: "AZURE_TENANT" + client: "AZURE_CLIENT" + secret: "AZURE_SECRET" + hashicorp: + url: "https://vault.demo" + token: "VAULT_TOKEN" + paths: + secret: "/v1/secrets" + secretNames: + transferProxyTokenSignerPrivateKey: "key" + transferProxyTokenSignerPublicKey: "cert" + transferProxyTokenEncryptionAesKey: "symmetric-key" +participant: + id: "BPNL0000000DUMMY" diff --git a/charts/agent-plane-azure-vault/templates/NOTES.txt b/charts/agent-plane-azure-vault/templates/NOTES.txt new file mode 100644 index 00000000..c0d295a6 --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/NOTES.txt @@ -0,0 +1,41 @@ +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 + +2. Get the data plane URL(s) by running these commands: +{{- $dataplane_name := .Values.name }} +{{- $dataplane := .Values }} +{{ with index $dataplane.ingresses 0}} +{{- if .enabled }} +{{- range .paths }} + http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} +{{- end }} +{{- else if contains "NodePort" $dataplane.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }}) + export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" $dataplane.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ $dataplane.service.port }} +{{- else if contains "ClusterIP" $dataplane.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT + echo "Visit http://127.0.0.1:8080 to use your application" +{{- end }} +{{- end }} diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl new file mode 100644 index 00000000..28f9e3bb --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -0,0 +1,199 @@ +# +# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +{{/* +Expand the name of the chart. +*/}} +{{- define "txdc.name" -}} +{{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "txdc.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "txdc.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Control Common labels +*/}} +{{- define "txdc.labels" -}} +helm.sh/chart: {{ include "txdc.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Control Common labels +*/}} +{{- define "txdc.controlplane.labels" -}} +helm.sh/chart: {{ include "txdc.chart" . }} +{{ include "txdc.controlplane.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/component: edc-controlplane +app.kubernetes.io/part-of: edc +{{- end }} + +{{/* +Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +*/}} +{{- define "txdc.dataplane.labels" -}} +helm.sh/chart: {{ include "txdc.chart" .root }} +{{ include "txdc.dataplane.selectorLabels" . }} +{{- if .root.Chart.AppVersion }} +app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .root.Release.Service }} +app.kubernetes.io/component: edc-dataplane +app.kubernetes.io/part-of: edc +{{- end }} + +{{/* +Control Selector labels +*/}} +{{- define "txdc.controlplane.selectorLabels" -}} +app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane +app.kubernetes.io/instance: {{ .Release.Name }}-controlplane +{{- end }} + +{{/* +Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +*/}} +{{- define "txdc.dataplane.selectorLabels" -}} +app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }} +app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "txdc.controlplane.serviceaccount.name" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "txdc.dataplane.serviceaccount.name" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Control DSP URL +*/}} +{{- define "txdc.controlplane.url.protocol" -}} +{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} +{{- .Values.controlplane.url.protocol }} +{{- else }}{{/* else when dsp api url has not been specified explicitly */}} +{{- with (index .Values.controlplane.ingresses 0) }} +{{- if .enabled }}{{/* if ingress enabled */}} +{{- if .tls.enabled }}{{/* if TLS enabled */}} +{{- printf "https://%s" .hostname -}} +{{- else }}{{/* else when TLS not enabled */}} +{{- printf "http://%s" .hostname -}} +{{- end }}{{/* end if tls */}} +{{- else }}{{/* else when ingress not enabled */}} +{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} +{{- end }}{{/* end if ingress */}} +{{- end }}{{/* end with ingress */}} +{{- end }}{{/* end if .Values.controlplane.url.protocol */}} +{{- end }} + +{{/* +Validation URL +*/}} +{{- define "txdc.controlplane.url.validation" -}} +{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} +{{- end }} + +{{/* +Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +*/}} +{{- define "txdc.dataplane.url.control" -}} +{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}} +{{- end }} + +{{/* +Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +*/}} +{{- define "txdc.dataplane.url.public" -}} +{{- $dataplane := .dataplane -}} +{{- $root := .root -}} +{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}} +{{- .dataplane.url.public }} +{{- else }}{{/* else when public api url has not been specified explicitly */}} +{{- with (index .dataplane.ingresses 0) }} +{{- if .enabled }}{{/* if ingress enabled */}} +{{- if .tls.enabled }}{{/* if TLS enabled */}} +{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} +{{- else }}{{/* else when TLS not enabled */}} +{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}} +{{- end }}{{/* end if tls */}} +{{- else }}{{/* else when ingress not enabled */}} +{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}} +{{- end }}{{/* end if ingress */}} +{{- end }}{{/* end with ingress */}} +{{- end }}{{/* end if .url.public */}} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "txdc.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml b/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml new file mode 100644 index 00000000..18068775 --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml @@ -0,0 +1,43 @@ +{{ $root := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +--- +# +# Copyright (c) 2024 T-Systems International GmbH +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }} + namespace: {{ $root.Release.Namespace | default "default" | quote }} + labels: + {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} +data: + opentelemetry.properties: |- + {{- $dataplane.opentelemetry | nindent 4 }} + + logging.properties: |- + {{- $dataplane.logging | nindent 4 }} + + {{- range $config_name, $config_value := $dataplane.configs }} + {{ $config_name }}: |- + {{ $config_value | nindent 4 }} + {{- end }} + diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml new file mode 100644 index 00000000..0439590b --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -0,0 +1,347 @@ +{{ $root := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +--- +# +# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + labels: + {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} +spec: + {{- if not $dataplane.autoscaling.enabled }} + replicas: {{ $dataplane.replicaCount }} + {{- end }} + selector: + matchLabels: + {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }} + template: + metadata: + {{- with $dataplane.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }} + {{- with $dataplane.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with $root.Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "txdc.serviceAccountName" $root }} + securityContext: + {{- toYaml $dataplane.podSecurityContext | nindent 8 }} + initContainers: + {{- toYaml $dataplane.initContainers | nindent 8 }} + containers: + - name: {{ $root.Chart.Name }} + securityContext: + {{- toYaml $dataplane.securityContext | nindent 12 }} + {{- if $dataplane.image.repository }} + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.6.0" }}" + {{- else if $dataplane.agent }} + image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + {{- else }} + image: "tractusx/edc-data-plane-azure-vault:{{ $dataplane.image.tag | default "0.6.0" }}" + {{- end }} + imagePullPolicy: {{ $dataplane.image.pullPolicy }} + ports: + {{- range $key,$value := $dataplane.endpoints }} + - name: {{ $key }} + containerPort: {{ $value.port }} + protocol: TCP + {{- end }} + {{- if $dataplane.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ $dataplane.endpoints.default.path }}/check/liveness + port: {{ $dataplane.endpoints.default.port }} + initialDelaySeconds: {{ $dataplane.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $dataplane.livenessProbe.periodSeconds }} + timeoutSeconds: {{ $dataplane.livenessProbe.timeoutSeconds }} + failureThreshold: {{ $dataplane.livenessProbe.failureThreshold }} + successThreshold: {{ $dataplane.livenessProbe.successThreshold }} + {{- end }} + {{- if $dataplane.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ $dataplane.endpoints.default.path }}/check/readiness + port: {{ $dataplane.endpoints.default.port }} + initialDelaySeconds: {{ $dataplane.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $dataplane.readinessProbe.periodSeconds }} + timeoutSeconds: {{ $dataplane.readinessProbe.timeoutSeconds }} + failureThreshold: {{ $dataplane.readinessProbe.failureThreshold }} + successThreshold: {{ $dataplane.readinessProbe.successThreshold }} + {{- end }} + resources: + {{- toYaml $dataplane.resources | nindent 12 }} + env: + {{- if $dataplane.debug.enabled }} + - name: "JAVA_TOOL_OPTIONS" + {{- if and $dataplane.debug.enabled $dataplane.debug.suspendOnStart }} + value: >- + {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=%v" $dataplane.debug.port }} + {{- else }} + value: >- + {{ printf "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=%v" $dataplane.debug.port }} + {{- end }} + {{- end }} + + ####### + # API # + ####### + - name: "WEB_HTTP_DEFAULT_PORT" + value: {{ $dataplane.endpoints.default.port | quote }} + - name: "WEB_HTTP_DEFAULT_PATH" + value: {{ $dataplane.endpoints.default.path | quote }} + - name: "WEB_HTTP_CONTROL_PORT" + value: {{ $dataplane.endpoints.control.port | quote }} + - name: "WEB_HTTP_CONTROL_PATH" + value: {{ $dataplane.endpoints.control.path | quote }} + - name: "WEB_HTTP_PUBLIC_PORT" + value: {{ $dataplane.endpoints.public.port | quote }} + - name: "WEB_HTTP_PUBLIC_PATH" + value: {{ $dataplane.endpoints.public.path | quote }} + - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" + value: {{ include "txdc.controlplane.url.validation" $root}} + + ################### + # AUTH (JWT) # + ################### + {{- if $dataplane.auth }} + {{- range $auth, $authDef := $dataplane.auth }} + - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }} + value: {{ $authDef.type | required "Authentication Service needs a type" | quote }} + - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }} + value: {{ $authDef.context | required "Authentication Service needs a context" | quote }} + {{- if $authDef.exclude }} + - name: {{ printf "TRACTUSX_AUTH_%s_EXCLUDE" (upper $auth) | quote }} + value: {{ $authDef.exclude | quote }} + {{- end }} + {{- if $authDef.register }} + - name: {{ printf "TRACTUSX_AUTH_%s_REGISTER" (upper $auth) | quote }} + value: {{ $authDef.register | quote }} + {{- end }} + {{- if $authDef.apiCode }} + - name: {{ printf "TRACTUSX_AUTH_%s_APICODE" (upper $auth) | quote }} + value: {{ $authDef.apiCode | quote }} + {{- end }} + {{- if $authDef.vaultKey }} + - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }} + value: {{ $authDef.vaultKey | quote }} + {{- end }} + {{- if $authDef.publicKey }} + - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }} + value: {{ $authDef.publicKey | quote }} + {{- end }} + {{- if $authDef.checkExpiry }} + - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }} + value: {{ $authDef.checkExpiry | quote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if $dataplane.endpoints.callback }} + + ################### + # AGENT CALLBACK # + ################### + - name: "WEB_HTTP_CALLBACK_PORT" + value: {{ $dataplane.endpoints.callback.port | quote }} + - name: "WEB_HTTP_CALLBACK_PATH" + value: {{ $dataplane.endpoints.callback.path | quote }} + - name: "CX_AGENT_CALLBACK" + value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + - name: "EDC_API_AUTH_KEY" + value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} + - name: "EDC_PARTICIPANT_ID" + value: {{ $root.Values.participant.id | quote }} + - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" + value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} + - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" + value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} + {{- end }} + + {{- if $dataplane.agent }} + - name: "CX_AGENT_EDC_VERSION" + value: {{ $dataplane.agent.edcVersion | quote }} + {{- end }} + + {{- if $dataplane.agent.default }} + + ############### + # AGENT INIT # + ############### + - name: "CX_AGENT_ASSET_FILE" + value: {{ join "," $dataplane.agent.default | quote }} + - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" + value: {{ $dataplane.agent.skillcontract | quote }} + {{- end }} + + {{- if $dataplane.agent.services }} + + ################### + # AGENT SERVICES # + ################### + {{- if $dataplane.agent.services.allow }} + - name: "CX_AGENT_SERVICE_ALLOW" + value: {{ $dataplane.agent.services.allow | quote }} + {{- end }} + {{- if $dataplane.agent.services.deny }} + - name: "CX_AGENT_SERVICE_DENY" + value: {{ $dataplane.agent.services.deny | quote }} + {{- end }} + {{- if $dataplane.agent.services.asset }} + {{- if $dataplane.agent.services.asset.allow }} + - name: "CX_AGENT_SERVICE_ASSET_ALLOW" + value: {{ $dataplane.agent.services.asset.allow | quote }} + {{- end }} + {{- if $dataplane.agent.services.asset.deny }} + - name: "CX_AGENT_SERVICE_ASSET_DENY" + value: {{ $dataplane.agent.services.asset.deny | quote }} + {{- end }} + {{- end }} + {{- end }} + + {{- if $dataplane.agent.connectors }} + + ################### + # AGENT SYNC # + ################### + - name: "CX_AGENT_DATASPACE_REMOTES" + value: {{ join "," $dataplane.agent.connectors | quote }} + - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" + value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} + - name: "CX_AGENT_FEDERATION_BATCH_MAX" + value: {{ $dataplane.agent.maxbatchsize | quote }} + {{- end }} + + ####### + # AWS # + ####### + {{- if $dataplane.aws.endpointOverride }} + - name: "EDC_AWS_ENDPOINT_OVERRIDE" + value: {{ $dataplane.aws.endpointOverride | quote }} + {{- end }} + {{- if $dataplane.aws.secretAccessKey }} + - name: "AWS_SECRET_ACCESS_KEY" + value: {{ $dataplane.aws.secretAccessKey | quote }} + {{- end }} + {{- if $dataplane.aws.accessKeyId }} + - name: "AWS_ACCESS_KEY_ID" + value: {{ $dataplane.aws.accessKeyId | quote }} + {{- end }} + + ########### + ## VAULT ## + ########### + + - name: "EDC_VAULT_CLIENTID" + value: {{ .Values.vault.azure.client | quote }} + - name: "EDC_VAULT_TENANTID" + value: {{ .Values.vault.azure.tenant | quote }} + - name: "EDC_VAULT_NAME" + value: {{ .Values.vault.azure.name | quote }} + # only set the env var if config value not null + {{- if .Values.vault.azure.secret }} + - name: "EDC_VAULT_CLIENTSECRET" + value: {{ .Values.vault.azure.secret | quote }} + {{- end }} + # only set the env var if config value not null + {{- if .Values.vault.azure.certificate }} + - name: "EDC_VAULT_CERTIFICATE" + value: {{ .Values.vault.azure.certificate | quote }} + {{- end }} + + ###################################### + ## Additional environment variables ## + ###################################### + - name: "EDC_CONNECTOR_NAME" + value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }} + {{- range $key, $value := $dataplane.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: + {{- tpl (toYaml $value) $ | nindent 16 }} + {{- end }} + {{- range $key, $value := $dataplane.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + {{- if and (or $dataplane.envSecretNames $dataplane.envConfigMapNames) (or (gt (len $dataplane.envSecretNames) 0) (gt (len $dataplane.envConfigMapNames) 0)) }} + envFrom: + {{- range $value := $dataplane.envSecretNames }} + - secretRef: + name: {{ $value | quote }} + {{- end }} + {{- range $value := $dataplane.envConfigMapNames }} + - configMapRef: + name: {{ $value | quote }} + {{- end }} + {{- end }} + volumeMounts: + - name: "configuration" + mountPath: "/app/opentelemetry.properties" + subPath: "opentelemetry.properties" + - name: "configuration" + mountPath: "/app/logging.properties" + subPath: "logging.properties" + - name: "tmp" + mountPath: "/tmp" + + {{- range $config_name, $config_value := $dataplane.configs }} + - name: "configuration" + mountPath: {{ printf "/app/%s" $config_name | quote }} + subPath: {{ printf "%s" $config_name | quote }} + {{- end }} + volumes: + - name: "configuration" + configMap: + name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }} + items: + - key: "opentelemetry.properties" + path: "opentelemetry.properties" + - key: "logging.properties" + path: "logging.properties" + {{- range $config_name, $config_value := $dataplane.configs }} + - key: {{ printf "%s" $config_name | quote }} + path: {{ printf "%s" $config_name | quote }} + {{- end }} + - name: "tmp" + emptyDir: { } + {{- with $dataplane.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $dataplane.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $dataplane.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml new file mode 100644 index 00000000..5d74ae5c --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml @@ -0,0 +1,54 @@ +{{ $root := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +{{- if $dataplane.autoscaling.enabled }} +--- +# +# Copyright (c) 2024 T-Systems International GmbH +# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + labels: + {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + minReplicas: {{ $dataplane.autoscaling.minReplicas }} + maxReplicas: {{ $dataplane.autoscaling.maxReplicas }} + metrics: + {{- if $dataplane.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + targetAverageUtilization: {{ $dataplane.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if $dataplane.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml new file mode 100644 index 00000000..4c035257 --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml @@ -0,0 +1,103 @@ +{{- $fullName := include "txdc.fullname" . }} +{{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} +{{- $namespace := .Release.Namespace }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +{{ $root := . }} +{{- $dataEdcEndpoints := $dataplane.endpoints }} +{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + +{{- range $dataplane.ingresses }} +{{- if and .enabled .endpoints }} +{{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }} +{{- $annotations := .annotations | default dict }} +--- +# +# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +{{- if semverCompare ">=1.19-0" $gitVersion }} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" $gitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $dataIngressName }} + namespace: {{ $namespace | default "default" | quote }} + labels: + {{- $dataLabels | nindent 2 }} + annotations: + {{- if and .className (not (semverCompare ">=1.18-0" $gitVersion)) }} + {{- if not (hasKey $annotations "kubernetes.io/ingress.class") }} + {{- $_ := set $annotations "kubernetes.io/ingress.class" .className}} + {{- end }} + {{- end }} + {{- if .certManager }} + {{- if .certManager.issuer }} + {{- $_ := set $annotations "cert-manager.io/issuer" .certManager.issuer}} + {{- end }} + {{- if .certManager.clusterIssuer }} + {{- $_ := set $annotations "cert-manager.io/cluster-issuer" .certManager.clusterIssuer}} + {{- end }} + {{- end }} + {{- with $annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .className (semverCompare ">=1.18-0" $gitVersion) }} + ingressClassName: {{ .className }} + {{- end }} + {{- if .hostname }} + {{- if .tls.enabled }} + tls: + - hosts: + - {{ .hostname }} + {{- if .tls.secretName }} + secretName: {{ .tls.secretName }} + {{- else }} + secretName: {{ $dataIngressName }}-tls + {{- end }} + {{- end }} + rules: + - host: {{ .hostname }} + http: + paths: + {{- $ingressEdcEndpoints := .endpoints }} + {{- range $name, $mapping := $dataEdcEndpoints }} + {{- if (has $name $ingressEdcEndpoints) }} + - path: {{ $mapping.path }} + pathType: Prefix + backend: + {{- if semverCompare ">=1.19-0" $gitVersion }} + service: + name: {{ $fullName }}-{{ $dataplane.name }} + port: + number: {{ $mapping.port }} + {{- else }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} +{{- end }}{{- /* end: if .enabled */}} +{{- end }}{{- /* end: range .Values.ingresses */}} diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml new file mode 100644 index 00000000..a1d428b7 --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml @@ -0,0 +1,61 @@ +{{ $root := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +--- +# +# Copyright (c) 2024 T-Systems International GmbH +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: v1 +kind: Service +metadata: + name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + namespace: {{ $root.Release.Namespace | default "default" | quote }} + labels: + {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} +spec: + type: {{ $dataplane.service.type }} + ports: + - port: {{ $dataplane.endpoints.default.port }} + targetPort: default + protocol: TCP + name: default + - port: {{ $dataplane.endpoints.control.port }} + targetPort: control + protocol: TCP + name: control + - port: {{ $dataplane.endpoints.public.port }} + targetPort: public + protocol: TCP + name: public + - port: {{ $dataplane.endpoints.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics + - port: {{ $dataplane.endpoints.proxy.port }} + targetPort: proxy + protocol: TCP + name: proxy + {{- if $dataplane.endpoints.callback }} + - port: {{ $dataplane.endpoints.callback.port }} + targetPort: callback + protocol: TCP + name: callback + {{- end }} + selector: + {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} \ No newline at end of file diff --git a/charts/agent-plane-azure-vault/templates/serviceaccount.yaml b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml new file mode 100644 index 00000000..6d21ddc3 --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml @@ -0,0 +1,39 @@ +{{- if .Values.serviceAccount.create -}} +--- +# +# Copyright (c) 2024 T-Systems International GmbH +# Copyright (c) 2023 ZF Friedrichshafen AG +# Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "txdc.serviceAccountName" . }} + labels: + {{- include "txdc.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml b/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml new file mode 100644 index 00000000..5aa323d9 --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml @@ -0,0 +1,38 @@ +# +# Copyright (c) 2023,2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# +{{ $root := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +--- +apiVersion: v1 +kind: Pod +metadata: + name: "{{include "txdc.fullname" .}}test-dataplane-readiness" + labels: + {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} +spec: + containers: + - name: wget + image: curlimages/curl + command: [ '/bin/sh','-c' ] + args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ] + restartPolicy: Never diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml new file mode 100644 index 00000000..4309f46c --- /dev/null +++ b/charts/agent-plane-azure-vault/values.yaml @@ -0,0 +1,355 @@ +# +# Copyright (c) 2024 T-Systems International GmbH +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +# Default values for agent-plane. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +fullnameOverride: "" +nameOverride: "" +# -- Image registry to use +imageRegistry: docker.io/ +# -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) +imagePullSecrets: [] +# -- To add some custom labels +customLabels: {} + +participant: + # -- BPN Number + id: "" + +# -- References to the control plane deployment +controlplane: + endpoints: + # -- data management api, used by internal users, can be added to an ingress and must not be internet facing + management: + # -- port for incoming api calls + port: 8081 + # -- path for incoming api calls + path: /management + # -- authentication key, must be attached to each 'X-Api-Key' request header + authKey: "" + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not + control: + # -- port for incoming api calls + port: 8083 + # -- path for incoming api calls + path: /control + # -- dsp api, used for inter connector communication and must be internet facing + protocol: + # -- port for incoming api calls + port: 8084 + # -- path for incoming api calls + path: /api/v1/dsp +# -- the name of the dataplane +name: "agentplane" +# -- a comma-separated list of supported asset types +sourceTypes: "cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3" +# -- a comma-separated list of supported transfer types +destinationTypes: "HttpProxy,AmazonS3" +image: + # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically + repository: "" + # -- [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use + pullPolicy: IfNotPresent + # -- Overrides the image tag whose default is the chart appVersion + tag: "" +initContainers: [] +debug: + enabled: false + port: 1044 + suspendOnStart: false +livenessProbe: + # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) + enabled: true + # -- seconds to wait before performing the first liveness check + initialDelaySeconds: 30 + # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds + periodSeconds: 10 + # -- number of seconds after which the probe times out + timeoutSeconds: 5 + # -- when a probe fails kubernetes will try 6 times before giving up + failureThreshold: 6 + # -- number of consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 +readinessProbe: + # -- Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) + enabled: true + # -- seconds to wait before performing the first readiness check + initialDelaySeconds: 30 + # -- this fields specifies that kubernetes should perform a liveness check every 10 seconds + periodSeconds: 10 + # -- number of seconds after which the probe times out + timeoutSeconds: 5 + # -- when a probe fails kubernetes will try 6 times before giving up + failureThreshold: 6 + # -- number of consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 +service: + # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. + type: ClusterIP + port: 80 +endpoints: + default: + port: 8080 + path: /api + public: + port: 8081 + path: /api/public + control: + port: 8083 + path: /api/dataplane/control + proxy: + port: 8186 + path: /proxy + callback: + port: 8087 + path: /callback + metrics: + port: 9090 + path: /metrics +# -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries +auth: + # -- the default authentication service + default: + # -- the type of the default authentication service (api-key, jwt or composite) + type: api-key + # -- the context(s) of the default authentication service separated by commas + context: default + # -- excluded paths for liveness checks and validation + exclude: ".*/(check|validation).*" + # -- controls whether this service should be registered as the default EDC authentication service globally + register: false + # -- specific api-code associated to the default api-key 'Hello', Change this when type=api-key or use the vault-key property instead. Althugh this represents a number, remember to use quotes not to confuse rendering into the chart. + apiCode: "69609650" + # -- vault key for obtaining the API key, Set this when type=api-key or use the api-code property instead + vaultKey: + # -- public key for checking the validity of jwt tokens, set this when type=jwt + publicKey: + # -- controls whether the expiry date of jwt tokens is checked when type=jwt + checkExpiry: true +aws: + endpointOverride: "" + accessKeyId: "" + secretAccessKey: "" +# -- additional labels for the pod +podLabels: {} +# -- additional annotations for the pod +podAnnotations: {} +# -- The [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) defines privilege and access control settings for a Pod within the deployment +podSecurityContext: + seccompProfile: + # -- Restrict a Container's Syscalls with seccomp + type: RuntimeDefault + # -- Runs all processes within a pod with a special uid + runAsUser: 10001 + # -- Processes within a pod will belong to this guid + runAsGroup: 10001 + # -- The owner for volumes and any files created within volumes will belong to this guid + fsGroup: 10001 +# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod +securityContext: + capabilities: + # -- Specifies which capabilities to drop to reduce syscall attack surface + drop: + - ALL + # -- Specifies which capabilities to add to issue specialized syscalls + add: [] + # -- Whether the root filesystem is mounted in read-only mode + readOnlyRootFilesystem: true + # -- Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID + allowPrivilegeEscalation: false + # -- Requires the container to run without root privileges + runAsNonRoot: true + # -- The container's process will run with the specified uid + runAsUser: 10001 +# Extra environment variables that will be pass onto deployment pods +env: {} +# ENV_NAME: value + +# "valueFrom" environment variable references that will be added to deployment pods. Name is templated. +# ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core +envValueFrom: {} +# ENV_NAME: +# configMapKeyRef: +# name: configmap-name +# key: value_key +# secretKeyRef: +# name: secret-name +# key: value_key + +# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from +envSecretNames: [] +# - first-secret +# - second-secret + +# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from +envConfigMapNames: [] +# - first-config-map +# - second-config-map + +## Ingress declaration to expose the network service. +ingresses: + ## Public / Internet facing Ingress + - enabled: false + # -- The hostname to be used to precisely map incoming traffic onto the underlying network service + hostname: "edc-data.local" + # -- Additional ingress annotations to add, for example when supporting more demanding use cases you may set { nginx.org/proxy-connect-timeout: "30s", nginx.org/proxy-read-timeout: "360s", nginx.org/client-max-body-size: "10m"} + annotations: + # Sample settings for more demanding use cases + # nginx.org/proxy-connect-timeout: "30s" + # nginx.org/proxy-read-timeout: "360s" + # nginx.org/client-max-body-size: "10m" + # -- EDC endpoints exposed by this ingress resource + endpoints: + - public + # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use + className: "" + # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource + tls: + # -- Enables TLS on the ingress resource + enabled: false + # -- If present overwrites the default secret name + secretName: "" + ## Adds [cert-manager](https://cert-manager.io/docs/) annotations to the ingress resource + certManager: + # -- If preset enables certificate generation via cert-manager namespace scoped issuer + issuer: "" + # -- If preset enables certificate generation via cert-manager cluster-wide issuer + clusterIssuer: "" +# -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container +volumeMounts: [] +# -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories +volumes: [] +# -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container +resources: {} +# We usually recommend not to specify default resources and to leave this as a conscious +# choice for the user. This also increases chances charts run on environments with little +# resources, such as Minikube. If you do want to specify resources, uncomment the following +# lines, adjust them as necessary, and remove the curly braces after 'resources:'. +# limits: +# cpu: 100m +# memory: 128Mi +# requests: +# cpu: 100m +# memory: 128Mi +replicaCount: 1 +autoscaling: + # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) + enabled: false + # -- Minimal replicas if resource consumption falls below resource threshholds + minReplicas: 1 + # -- Maximum replicas if resource consumption exceeds resource threshholds + maxReplicas: 100 + # -- targetAverageUtilization of cpu provided to a pod + targetCPUUtilizationPercentage: 80 + # -- targetAverageUtilization of memory provided to a pod + targetMemoryUtilizationPercentage: 80 +# -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics +opentelemetry: |- + otel.javaagent.enabled=false + otel.javaagent.debug=false +# -- configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) +logging: |- + .level=INFO + org.eclipse.edc.level=ALL + handlers=java.util.logging.ConsoleHandler + java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter + java.util.logging.ConsoleHandler.level=ALL + java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n +# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes +nodeSelector: {} +# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes +tolerations: [] +# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on +affinity: {} +url: + # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) + public: "" +# -- A set of additional configuration files +configs: + # -- An example of an empty graph in ttl syntax + dataspace.ttl: | + ################################################################# + # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT + ################################################################# + @prefix : . + @base . + +# -- Agent-Specific Settings +agent: + # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue + default: + - dataspace.ttl + - https://w3id.org/catenax/ontology.ttl + # -- The synchronization interval in ms to update the federated data catalogue + synchronization: -1 + # -- The list of remote connector IDS URLs to synchronize with + connectors: [] + # -- Names the visible contract under which new skills are published (if not otherwise specified) + skillcontract: Contract?partner=Skill + # -- Sets the maximal batch size when delegating to agents and services + maxbatchsize: '9223372036854775807' + # -- A set of configs for regulating outgoing service calls + services: + # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) + allow: '(edcs?://.*)|(https://query\\.wikidata\\.org/sparql)' + # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) + deny: 'http://.*' + # -- A set of configs for regulating outgoing service calls when providing an asset (when no specific asset property is given) + asset: + # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) + allow: '(edcs?://.*)' + # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) + deny: 'https?://.*' + +# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden +vault: + azure: + name: "" + client: "" + tenant: "" + secret: + certificate: + + secretNames: + # -- sign handed out tokens with this key + transferProxyTokenSignerPrivateKey: + # -- sign handed out tokens with this certificate + transferProxyTokenSignerPublicKey: + # -- encrypt handed out tokens with this symmetric key + transferProxyTokenEncryptionAesKey: + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) + imagePullSecrets: [] + +# -- Configurations for Helm tests +tests: + # -- Configure the hook-delete-policy for Helm tests + hookDeletePolicy: before-hook-creation,hook-succeeded diff --git a/charts/agent-plane/.helmignore b/charts/agent-plane/.helmignore index 9a12504f..49603135 100644 --- a/charts/agent-plane/.helmignore +++ b/charts/agent-plane/.helmignore @@ -1,4 +1,4 @@ -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index ffc3cbab..5d1d92b6 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) @@ -28,7 +28,7 @@ description: | A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. - This chart is intended for use with an _existing_ HashiCorp Vault. + This chart is intended for use with an _existing_ HashiCorp Vault and Tractusx Connector. # A chart can be either an 'application' or a 'library' chart. # # Application charts are a collection of templates that can be packaged into versioned archives diff --git a/charts/agent-plane/templates/NOTES.txt b/charts/agent-plane/templates/NOTES.txt index a9709f70..c0d295a6 100644 --- a/charts/agent-plane/templates/NOTES.txt +++ b/charts/agent-plane/templates/NOTES.txt @@ -1,4 +1,4 @@ -# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -15,31 +15,9 @@ # # SPDX-License-Identifier: Apache-2.0 -1. Get the control plane URL by running these commands: -{{ with index .Values.controlplane.ingresses 0}} -{{- if .enabled }} -{{- range .paths }} - http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} -{{- end }} -{{- else if contains "NodePort" $.Values.controlplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-controlplane) - export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" $.Values.controlplane.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "txdc.fullname" . }}-controlplane' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" . }}-controlplane --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ $.Values.controlplane.service.port }} -{{- else if contains "ClusterIP" $.Values.controlplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-controlplane,app.kubernetes.io/instance={{ $.Release.Name }}-controlplane" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT - echo "Visit http://127.0.0.1:8080 to use your application" -{{- end }} -{{- end }} - 2. Get the data plane URL(s) by running these commands: -{{- range $dataplane_name, $dataplane := .Values.repositories }} +{{- $dataplane_name := .Values.name }} +{{- $dataplane := .Values }} {{ with index $dataplane.ingresses 0}} {{- if .enabled }} {{- range .paths }} @@ -61,4 +39,3 @@ echo "Visit http://127.0.0.1:8080 to use your application" {{- end }} {{- end }} -{{- end }} diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index 8e0a20ae..baf975fd 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -1,9 +1,9 @@ # -# Copyright (c) 2023 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/configmap-dataplane.yaml b/charts/agent-plane/templates/configmap-dataplane.yaml index 8d3a48ce..18068775 100644 --- a/charts/agent-plane/templates/configmap-dataplane.yaml +++ b/charts/agent-plane/templates/configmap-dataplane.yaml @@ -1,6 +1,6 @@ {{ $root := . }} -{{ $dataplane_name := .name }} -{{ $dataplane := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} --- # # Copyright (c) 2024 T-Systems International GmbH diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index dec21a9d..d6f69c53 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -1,13 +1,13 @@ {{ $root := . }} -{{ $dataplane_name := .name }} -{{ $dataplane := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} --- # -# Copyright (c) 2023 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -63,11 +63,11 @@ spec: securityContext: {{- toYaml $dataplane.securityContext | nindent 12 }} {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.5.0" }}" + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.6.0" }}" {{- else if $dataplane.agent }} image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" {{- else }} - image: "tractusx/edc-dataplane-hashicorp-vault:{{ $dataplane.image.tag | default "0.5.0" }}" + image: "tractusx/edc-dataplane-hashicorp-vault:{{ $dataplane.image.tag | default "0.6.0" }}" {{- end }} imagePullPolicy: {{ $dataplane.image.pullPolicy }} ports: diff --git a/charts/agent-plane/templates/hpa-dataplane.yaml b/charts/agent-plane/templates/hpa-dataplane.yaml index ec470e62..5d74ae5c 100644 --- a/charts/agent-plane/templates/hpa-dataplane.yaml +++ b/charts/agent-plane/templates/hpa-dataplane.yaml @@ -1,12 +1,14 @@ {{ $root := . }} -{{ $dataplane_name := .name }} -{{ $dataplane := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +{{- if $dataplane.autoscaling.enabled }} --- # +# Copyright (c) 2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -49,5 +51,4 @@ spec: name: memory targetAverageUtilization: {{ $dataplane.autoscaling.targetMemoryUtilizationPercentage }} {{- end }} -{{- end }} - +{{- end }} \ No newline at end of file diff --git a/charts/agent-plane/templates/ingress-dataplane.yaml b/charts/agent-plane/templates/ingress-dataplane.yaml index 50ec9fc1..4965796b 100644 --- a/charts/agent-plane/templates/ingress-dataplane.yaml +++ b/charts/agent-plane/templates/ingress-dataplane.yaml @@ -1,8 +1,9 @@ {{- $fullName := include "txdc.fullname" . }} {{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} {{- $namespace := .Release.Namespace }} -{{ $dataplane_name := .name }} -{{ $dataplane := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} +{{ $root := . }} {{- $dataEdcEndpoints := $dataplane.endpoints }} {{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} @@ -12,7 +13,7 @@ {{- $annotations := .annotations | default dict }} --- # -# Copyright (c) 2023 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml index 929db539..a1d428b7 100644 --- a/charts/agent-plane/templates/service-dataplane.yaml +++ b/charts/agent-plane/templates/service-dataplane.yaml @@ -1,6 +1,6 @@ {{ $root := . }} -{{ $dataplane_name := .name }} -{{ $dataplane := . }} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} --- # # Copyright (c) 2024 T-Systems International GmbH diff --git a/charts/agent-plane/templates/serviceaccount.yaml b/charts/agent-plane/templates/serviceaccount.yaml index f94ad14e..6d21ddc3 100644 --- a/charts/agent-plane/templates/serviceaccount.yaml +++ b/charts/agent-plane/templates/serviceaccount.yaml @@ -1,10 +1,11 @@ {{- if .Values.serviceAccount.create -}} --- # +# Copyright (c) 2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml index aea3f61b..dae9d468 100644 --- a/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml +++ b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023 Contributors to the Eclipse Foundation +# Copyright (c) 202,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -17,10 +17,8 @@ # SPDX-License-Identifier: Apache-2.0 # {{ $root := . }} -{{ $dataplane_name := .name }} -{{ $dataplane := . }} -{{- $allcommands := (dict "commands" (list)) -}} -{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | append $allcommands.commands | set $allcommands "commands" -}} +{{ $dataplane_name := .Values.name }} +{{ $dataplane := .Values }} --- apiVersion: v1 kind: Pod @@ -36,5 +34,5 @@ spec: - name: wget image: curlimages/curl command: [ '/bin/sh','-c' ] - args: [ {{ join "&&" $allcommands.commands | quote }} ] + args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ] restartPolicy: Never diff --git a/charts/config/chart-integration-config.yaml b/charts/config/chart-integration-config.yaml index 175364a9..376625f0 100644 --- a/charts/config/chart-integration-config.yaml +++ b/charts/config/chart-integration-config.yaml @@ -18,7 +18,7 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-args: +helm-extra-args: "--set controlplane.endpoints.management.authKey=test --set vault.hashicorp.token=DUMMY --set participant.id=BPNL0000000DUMMY --set vault.azure.client=AZURE_CLIENT --set vault.azure.tenant=AZURE_TENANT --set vault.azure.name=AZURE_NAME" chart-repos: - helm=https://helm.releases.hashicorp.com - bitnami=https://charts.bitnami.com/bitnami diff --git a/kind.config.yaml b/kind.config.yaml new file mode 100644 index 00000000..ff072195 --- /dev/null +++ b/kind.config.yaml @@ -0,0 +1,35 @@ +# Copyright (c) 2024 T-Systems International GmbH +# +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +--- +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: + - role: control-plane + kubeadmConfigPatches: + - | + kind: InitConfiguration + nodeRegistration: + kubeletExtraArgs: + node-labels: "ingress-ready=true" + extraPortMappings: + - containerPort: 80 + hostPort: 80 + protocol: TCP + - containerPort: 443 + hostPort: 443 + protocol: TCP \ No newline at end of file From 95adb6715ad7899cd98859807d6ba18e669169af Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 9 Mar 2024 12:37:48 +0100 Subject: [PATCH 12/62] chore: add chart test and upgradability check. --- .github/workflows/build.yml | 4 +-- .github/workflows/helm-chart-lint.yml | 50 +++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 62aaccd6..31de4979 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -137,7 +137,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.12.17-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.12.18-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Hashicorp Container Build and push @@ -175,7 +175,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.12.17-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.12.18-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Azure Vault Container Build and push diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 961d3fa6..544f5cd2 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -84,3 +84,53 @@ jobs: # run chart linting - name: Run chart-testing (lint) run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.base_ref || github.ref_name }}) + if [[ -n "$changed" ]]; then + echo "CHART_CHANGED=true" >> $GITHUB_ENV + fi + + # Preparing a kind cluster to install and test charts on + - name: Create kind cluster + uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3 + with: + # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions + version: v0.20.0 + # default value for event_name != workflow_dispatch + node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }} + if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true' + + - name: Build Java/Docker via Maven + run: | + ./mvnw -s settings.xml deploy -Drepo=kind-registry:5000/tractusx/ -Dmaven.deploy.skip -DskipTests -Pwith-docker-image + if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true' + + # install the chart to the kind cluster and run helm test + # define charts to test with the --charts parameter + - name: Run chart-testing (install) + run: ct install --charts charts/agent-plane,charts/agent-plane-azure-vault --config charts/config/chart-testing-config.yaml --helm-extra-set-args="--set=image.registry=kind-registry:5000/" + if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true' + + # Upgrade the released chart version with the locally available chart + # default value for event_name != workflow_dispatch + - name: Run helm upgrade on agent plane + run: | + helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev + helm install agent tractusx-dev/agent-plane --version ${{ github.event.inputs.upgrade_from }} --set=image.registry=kind-registry:5000/ + helm dependency update charts/agent-plane + helm upgrade agent charts/agent-plamne + if: (github.event_name != 'pull_request' || env.CHART_CHANGED == 'true') && github.event.inputs.upgrade_from != '' && github.event.inputs.upgrade_from != 'x.x.x' + + # Upgrade the released chart version with the locally available chart + # default value for event_name != workflow_dispatch + - name: Run helm upgrade on agent plane azure vault + run: | + helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev + helm install agent-azure tractusx-dev/agent-plane-azure-vault --version ${{ github.event.inputs.upgrade_from }} --set=image.registry=kind-registry:5000/ + helm dependency update charts/agent-plane-azure-vault + helm upgrade agent-azure charts/agent-plane-azure-vault + if: (github.event_name != 'pull_request' || env.CHART_CHANGED == 'true') && github.event.inputs.upgrade_from != '' && github.event.inputs.upgrade_from != 'x.x.x' + From 841e41caa2808395400b3ef7be1aeb5a6a30f000 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 9 Mar 2024 12:40:54 +0100 Subject: [PATCH 13/62] chore: upgrade version and add s3 runtime dependency. --- README.md | 27 ++++++++++++++++++++++ agent-plane/agentplane-azure-vault/pom.xml | 7 ++++++ agent-plane/agentplane-hashicorp/pom.xml | 6 +++++ pom.xml | 1 + upgrade_version.sh | 2 +- 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1700fa9e..a102c8dc 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,33 @@ Deployment can be done See the [user documentation](docs/README.md) for more detailed deployment information. +#### Setup using Helm/Kind + +In order to run Build via helm on your local machine, please make sure the following +preconditions are met. + +- Have a local Kubernetes runtime ready. We've tested this setup with [KinD](https://kind.sigs.k8s.io/), but other + runtimes such + as [Minikube](https://minikube.sigs.k8s.io/docs/start/) may work as well, we just haven't tested them. All following + instructions will assume KinD. + +For the most bare-bones installation of the dataspace, execute the following commands in a shell: + +```shell +kind create cluster -n ka --config kind.config.yaml +# the next step is specific to KinD and will be different for other Kubernetes runtimes! +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml +# wait until the ingress controller is ready +kubectl wait --namespace ingress-nginx \ + --for=condition=ready pod \ + --selector=app.kubernetes.io/component=controller \ + --timeout=90s +# transfer images +kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT --name ka +kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.12.18-SNAPSHOT --name ka +ct install --charts charts/agent-plane +ct install --charts charts/agent-plane-azure-vault +`````` ### Notice for Docker Images * [Notice for Agent Data Plane Running Against Hashicorp Vault](agent-plane/agentplane-hashicorp/README.md#notice-for-docker-images) diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 2e718276..ff7c9700 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -214,6 +214,13 @@ ${project.version} + + + software.amazon.awssdk + utils + ${awssdk.version} + + org.junit.jupiter diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index 24959352..9bc1979b 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -176,6 +176,12 @@ ${project.version} + + + software.amazon.awssdk + utils + ${awssdk.version} + diff --git a/pom.xml b/pom.xml index 7ef350d4..9dc98bee 100644 --- a/pom.xml +++ b/pom.xml @@ -62,6 +62,7 @@ 1.24.0 11.0.20 1.0.39 + 2.22.9 UTF-8 diff --git a/upgrade_version.sh b/upgrade_version.sh index 77d4e8e5..d4df3391 100755 --- a/upgrade_version.sh +++ b/upgrade_version.sh @@ -16,7 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 -OLD_VERSION=1.12.17-SNAPSHOT +OLD_VERSION=1.12.18-SNAPSHOT echo Upgrading from $OLD_VERSION to $1 PATTERN=s/$OLD_VERSION/$1/g LC_ALL=C From fcd00d1dc6c8ca65742470d17bf23064e99e882d Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 17 Apr 2024 12:32:48 +0200 Subject: [PATCH 14/62] chore: double step in helm-chart-lint workflow --- .github/workflows/helm-chart-lint.yml | 8 -------- 1 file changed, 8 deletions(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 544f5cd2..77b06e58 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -85,14 +85,6 @@ jobs: - name: Run chart-testing (lint) run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml - - name: Run chart-testing (list-changed) - id: list-changed - run: | - changed=$(ct list-changed --target-branch ${{ github.base_ref || github.ref_name }}) - if [[ -n "$changed" ]]; then - echo "CHART_CHANGED=true" >> $GITHUB_ENV - fi - # Preparing a kind cluster to install and test charts on - name: Create kind cluster uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3 From 7f2eb48202339ca4844a6c2efbdffda25a9543d1 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 17 Apr 2024 12:44:09 +0200 Subject: [PATCH 15/62] chore: make sure the right java version is used for linting build --- .github/workflows/helm-chart-lint.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 77b06e58..e51a4ba7 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -56,20 +56,32 @@ jobs: lint-test: runs-on: ubuntu-latest steps: + # get the code - name: Checkout uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: fetch-depth: 0 + # Set-Up Helm - name: Set up Helm uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 with: version: v3.10.3 + # Set-Up Java + - name: Setup JDK 17 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + with: + java-version: '17' + distribution: 'temurin' + cache: 'maven' + + # Set-Up Python - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.9 + # Set-Up CT - name: Set up chart-testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 From 459ee8172cafd42761938b90383f1d434040d64f Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 17 Apr 2024 13:11:00 +0200 Subject: [PATCH 16/62] chore: wrong extra args --- charts/config/chart-integration-config.yaml | 4 +--- charts/config/chart-testing-config.yaml | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/charts/config/chart-integration-config.yaml b/charts/config/chart-integration-config.yaml index 376625f0..faeba696 100644 --- a/charts/config/chart-integration-config.yaml +++ b/charts/config/chart-integration-config.yaml @@ -18,7 +18,5 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-args: "--set controlplane.endpoints.management.authKey=test --set vault.hashicorp.token=DUMMY --set participant.id=BPNL0000000DUMMY --set vault.azure.client=AZURE_CLIENT --set vault.azure.tenant=AZURE_TENANT --set vault.azure.name=AZURE_NAME" +helm-extra-args: "--set=image.registry=kind-registry:5000/" chart-repos: - - helm=https://helm.releases.hashicorp.com - - bitnami=https://charts.bitnami.com/bitnami diff --git a/charts/config/chart-testing-config.yaml b/charts/config/chart-testing-config.yaml index 4363be3e..faeba696 100644 --- a/charts/config/chart-testing-config.yaml +++ b/charts/config/chart-testing-config.yaml @@ -18,7 +18,5 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-args: "--set imageRegistry=kind-registry:5000/ --set controlplane.endpoints.management.authKey=test --set vault.hashicorp.token=DUMMY --set participant.id=BPNL0000000DUMMY --set vault.azure.client=AZURE_CLIENT --set vault.azure.tenant=AZURE_TENANT --set vault.azure.name=AZURE_NAME" +helm-extra-args: "--set=image.registry=kind-registry:5000/" chart-repos: - - helm=https://helm.releases.hashicorp.com - - bitnami=https://charts.bitnami.com/bitnami From 540059924e3e57c9b4a5b397641a83adbcb3ab07 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 17 Apr 2024 16:49:37 +0200 Subject: [PATCH 17/62] chore: ct --helm-extra-args and --helm-extra-set-args are bevaving differently. --- .github/workflows/helm-chart-lint.yml | 11 +++++------ charts/agent-plane-azure-vault/Chart.yaml | 2 +- charts/config/chart-integration-config.yaml | 2 +- charts/config/chart-testing-config.yaml | 2 +- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index e51a4ba7..df62f5fa 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -1,6 +1,6 @@ --- # -# Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -75,7 +75,7 @@ jobs: java-version: '17' distribution: 'temurin' cache: 'maven' - + # Set-Up Python - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: @@ -85,6 +85,9 @@ jobs: - name: Set up chart-testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + - name: Run chart-testing (lint) + run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml + - name: Run chart-testing (list-changed) id: list-changed run: | @@ -93,10 +96,6 @@ jobs: echo "CHART_CHANGED=true" >> $GITHUB_ENV fi - # run chart linting - - name: Run chart-testing (lint) - run: ct lint --target-branch ${{ github.base_ref || github.ref_name }} --config charts/config/chart-testing-config.yaml - # Preparing a kind cluster to install and test charts on - name: Create kind cluster uses: container-tools/kind-action@0fc957b58d9a5bc9ca57a1b419324a2074c7653b # v2.0.3 diff --git a/charts/agent-plane-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml index d7ab3b0e..5906e3e3 100644 --- a/charts/agent-plane-azure-vault/Chart.yaml +++ b/charts/agent-plane-azure-vault/Chart.yaml @@ -23,7 +23,7 @@ --- apiVersion: v2 -name: agent-plane +name: agent-plane-azure-vault description: | A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. diff --git a/charts/config/chart-integration-config.yaml b/charts/config/chart-integration-config.yaml index faeba696..09dee03e 100644 --- a/charts/config/chart-integration-config.yaml +++ b/charts/config/chart-integration-config.yaml @@ -18,5 +18,5 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-args: "--set=image.registry=kind-registry:5000/" +helm-extra-set-args: "--set=image.registry=kind-registry:5000/" chart-repos: diff --git a/charts/config/chart-testing-config.yaml b/charts/config/chart-testing-config.yaml index faeba696..09dee03e 100644 --- a/charts/config/chart-testing-config.yaml +++ b/charts/config/chart-testing-config.yaml @@ -18,5 +18,5 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-args: "--set=image.registry=kind-registry:5000/" +helm-extra-set-args: "--set=image.registry=kind-registry:5000/" chart-repos: From fca0d00c00dcbc85413849d79bf95532fab2321f Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 17 Apr 2024 16:51:26 +0200 Subject: [PATCH 18/62] chore: upgrade version because of helm/chart changes. --- .github/workflows/build.yml | 4 ++-- README.md | 4 ++-- agent-plane/README.md | 4 ++-- agent-plane/agent-plane-protocol/README.md | 2 +- agent-plane/agent-plane-protocol/pom.xml | 2 +- .../agents/edc/service/TestDataspaceSynchronizer.java | 4 ++-- agent-plane/agentplane-azure-vault/README.md | 2 +- agent-plane/agentplane-azure-vault/pom.xml | 2 +- agent-plane/agentplane-hashicorp/README.md | 4 ++-- agent-plane/agentplane-hashicorp/pom.xml | 2 +- agent-plane/pom.xml | 2 +- charts/agent-plane-azure-vault/Chart.yaml | 4 ++-- charts/agent-plane-azure-vault/README.md | 4 ++-- charts/agent-plane/Chart.yaml | 4 ++-- charts/agent-plane/README.md | 4 ++-- common/README.md | 2 +- common/auth-jwt/README.md | 2 +- common/auth-jwt/pom.xml | 2 +- docs/README.md | 6 +++--- pom.xml | 2 +- upgrade_version.sh | 2 +- 21 files changed, 32 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d98fae84..5363fb52 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,7 +142,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.12.18-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.12.19-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Hashicorp Container Build and push @@ -180,7 +180,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.12.18-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.12.19-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Azure Vault Container Build and push diff --git a/README.md b/README.md index a4076b39..8d854d6d 100644 --- a/README.md +++ b/README.md @@ -120,8 +120,8 @@ kubectl wait --namespace ingress-nginx \ --selector=app.kubernetes.io/component=controller \ --timeout=90s # transfer images -kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT --name ka -kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.12.18-SNAPSHOT --name ka +kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT --name ka +kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.12.19-SNAPSHOT --name ka # run chart testing ct install --charts charts/agent-plane ct install --charts charts/agent-plane-azure-vault diff --git a/agent-plane/README.md b/agent-plane/README.md index 0e4bf97d..92abdc4d 100644 --- a/agent-plane/README.md +++ b/agent-plane/README.md @@ -66,10 +66,10 @@ mvn package -Pwith-docker-image Alternatively, after a successful build, you can invoke docker yourself ```console -docker build -t tractusx/agentplane-azure-vault:1.12.18-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-azure-vault:1.12.19-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile . ``` ```console -docker build -t tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile . ``` diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md index e55b12b2..084d7971 100644 --- a/agent-plane/agent-plane-protocol/README.md +++ b/agent-plane/agent-plane-protocol/README.md @@ -64,7 +64,7 @@ Add the following dependency to your data-plane artifact pom: org.eclipse.tractusx.agents.edc agent-plane-protocol - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ``` diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 8a37d29d..48d08148 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ../pom.xml diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java index 49daa7cb..6db36327 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java @@ -122,7 +122,7 @@ private static JsonObjectBuilder createOffer() { JsonObjectBuilder offerBuilder = Json.createObjectBuilder() .add("@id", "cx-taxo:GraphAsset?test=ExampleAsset") .add("https://w3id.org/edc/v0.0.1/ns/contenttype", "application/json, application/xml") - .add("https://w3id.org/catenax/ontology/common#version", "1.12.18-SNAPSHOT") + .add("https://w3id.org/catenax/ontology/common#version", "1.12.19-SNAPSHOT") .add("https://w3id.org/catenax/ontology/common#name", "Test Asset") .add("https://w3id.org/catenax/ontology/common#description", "Test Asset for RDF Representation") .add("https://w3id.org/catenax/ontology/common#description@de", "Beispiel Asset für RDF Darstellung") @@ -211,7 +211,7 @@ public void testCatalogDeserialization() { " },\n" + " \"dcat:accessService\": \"ddd4b79e-f785-4e71-9fe5-4a177b3ccf54\"\n" + " },\n" + - " \"edc:version\": \"1.12.18-SNAPSHOT\",\n" + + " \"edc:version\": \"1.12.19-SNAPSHOT\",\n" + " \"http://www.w3.org/2000/01/rdf-schema#isDefinedBy\": \"\",\n" + " \"edc:name\": \"Diagnostic Trouble Code Catalogue Version 2022\",\n" + " \"http://www.w3.org/ns/shacl#shapesGraph\": \"@prefix cx-common: . \\n@prefix : .\\n@prefix cx-diag: .\\n@prefix owl: .\\n@prefix rdf: .\\n@prefix xsd: .\\n@prefix sh: .\\n\\n:OemDTC rdf:type sh:NodeShape ;\\n sh:targetClass cx-diag:DTC ;\\n sh:property [\\n sh:path cx-diag:provisionedBy ;\\n sh:hasValue ;\\n ] ;\\n sh:property [\\n sh:path cx-diag:version ;\\n sh:hasValue \\\"0\\\"^^xsd:long ;\\n ] ;\\n sh:property [\\n sh:path cx-diag:affects ;\\n sh:class :OemDiagnosedParts ;\\n ].\\n\\n:OemDiagnosedParts rdf:type sh:NodeShape ;\\n sh:targetClass cx-diag:DiagnosedPart ;\\n sh:property [\\n sh:path cx-diag:provisionedBy ;\\n sh:hasValue ;\\n ] .\\n\",\n" + diff --git a/agent-plane/agentplane-azure-vault/README.md b/agent-plane/agentplane-azure-vault/README.md index 2de37cfe..782b6062 100644 --- a/agent-plane/agentplane-azure-vault/README.md +++ b/agent-plane/agentplane-azure-vault/README.md @@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using ```console -docker build -t tractusx//agentplane-azure-vault:1.12.18-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx//agentplane-azure-vault:1.12.19-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image, you could invoke this command diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 1af469f9..db983a0e 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ../pom.xml diff --git a/agent-plane/agentplane-hashicorp/README.md b/agent-plane/agentplane-hashicorp/README.md index b2be868b..8d7a3e64 100644 --- a/agent-plane/agentplane-hashicorp/README.md +++ b/agent-plane/agentplane-hashicorp/README.md @@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using ```console -docker build -t tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image, you could invoke this command @@ -66,7 +66,7 @@ docker run -p 8082:8082 \ -v $(pwd)/resources/dataplane.properties:/app/configuration.properties \ -v $(pwd)/resources/opentelemetry.properties:/app/opentelemetry.properties \ -v $(pwd)/resources/logging.properties:/app/logging.properties \ - tractusx/agentplane-hashicorp:1.12.18-SNAPSHOT + tractusx/agentplane-hashicorp:1.12.19-SNAPSHOT ```` Afterwards, you should be able to access the [local SparQL endpoint](http://localhost:8082/api/agent) via diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index e939d895..b087d3ef 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ../pom.xml diff --git a/agent-plane/pom.xml b/agent-plane/pom.xml index 0afb0d58..89903210 100644 --- a/agent-plane/pom.xml +++ b/agent-plane/pom.xml @@ -28,7 +28,7 @@ org.eclipse.tractusx.agents edc - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ../pom.xml Tractus-X EDC Agent Plane diff --git a/charts/agent-plane-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml index 5906e3e3..b33cf33f 100644 --- a/charts/agent-plane-azure-vault/Chart.yaml +++ b/charts/agent-plane-azure-vault/Chart.yaml @@ -41,12 +41,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.18-SNAPSHOT +version: 1.12.19-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.12.18-SNAPSHOT" +appVersion: "1.12.19-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-plane-azure-vault/README.md b/charts/agent-plane-azure-vault/README.md index 90eb8baf..35a3e4c8 100644 --- a/charts/agent-plane-azure-vault/README.md +++ b/charts/agent-plane-azure-vault/README.md @@ -21,7 +21,7 @@ # agent-plane -![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. @@ -59,7 +59,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-plane --version 1.12.18-SNAPSHOT +helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT ``` ## Maintainers diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index 5d1d92b6..08e489ca 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -41,12 +41,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.12.18-SNAPSHOT +version: 1.12.19-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.12.18-SNAPSHOT" +appVersion: "1.12.19-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md index 90eb8baf..35a3e4c8 100644 --- a/charts/agent-plane/README.md +++ b/charts/agent-plane/README.md @@ -21,7 +21,7 @@ # agent-plane -![Version: 1.12.18-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.18-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. @@ -59,7 +59,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-plane --version 1.12.18-SNAPSHOT +helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT ``` ## Maintainers diff --git a/common/README.md b/common/README.md index 507d1e67..d22c5248 100644 --- a/common/README.md +++ b/common/README.md @@ -57,7 +57,7 @@ add the following dependency to your maven dependencies (gradle should work anal org.eclipse.tractusx.edc auth-jwt - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT diff --git a/common/auth-jwt/README.md b/common/auth-jwt/README.md index ca49fcb1..e62de9af 100644 --- a/common/auth-jwt/README.md +++ b/common/auth-jwt/README.md @@ -37,7 +37,7 @@ Add the following dependency to your EDC artifact pom: org.eclipse.tractusx.agents.edc auth-jwt - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ``` diff --git a/common/auth-jwt/pom.xml b/common/auth-jwt/pom.xml index 35550357..6a95c4a1 100644 --- a/common/auth-jwt/pom.xml +++ b/common/auth-jwt/pom.xml @@ -27,7 +27,7 @@ org.eclipse.tractusx.agents edc - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT ../../pom.xml diff --git a/docs/README.md b/docs/README.md index a52f3ac8..71214543 100644 --- a/docs/README.md +++ b/docs/README.md @@ -76,7 +76,7 @@ dependencies: - name: agent-connector-memory repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.12.18-SNAPSHOT + version: 1.12.19-SNAPSHOT alias: my-connector ``` @@ -87,7 +87,7 @@ dependencies: - name: agent-connector-azure-vault repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.12.18-SNAPSHOT + version: 1.12.19-SNAPSHOT alias: my-connector ``` @@ -98,7 +98,7 @@ dependencies: - name: agent-connector repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.12.18-SNAPSHOT + version: 1.12.19-SNAPSHOT alias: my-connector ``` diff --git a/pom.xml b/pom.xml index 5f50f9c0..c4a57058 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ 4.0.0 org.eclipse.tractusx.agents edc - 1.12.18-SNAPSHOT + 1.12.19-SNAPSHOT pom Tractus-X Knowledge Agents EDC Extensions EDC-Related Artifacts for Federated Procedure Calls diff --git a/upgrade_version.sh b/upgrade_version.sh index d4df3391..a432f540 100755 --- a/upgrade_version.sh +++ b/upgrade_version.sh @@ -16,7 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 -OLD_VERSION=1.12.18-SNAPSHOT +OLD_VERSION=1.12.19-SNAPSHOT echo Upgrading from $OLD_VERSION to $1 PATTERN=s/$OLD_VERSION/$1/g LC_ALL=C From 6987e8ded894772559361692e4e91adc6d573a63 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 17 Apr 2024 17:13:01 +0200 Subject: [PATCH 19/62] chore: choose the correct chart value for the image regisry. --- .github/workflows/helm-chart-lint.yml | 4 ++-- charts/config/chart-integration-config.yaml | 2 +- charts/config/chart-testing-config.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index df62f5fa..d4dc8bcf 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -114,7 +114,7 @@ jobs: # install the chart to the kind cluster and run helm test # define charts to test with the --charts parameter - name: Run chart-testing (install) - run: ct install --charts charts/agent-plane,charts/agent-plane-azure-vault --config charts/config/chart-testing-config.yaml --helm-extra-set-args="--set=image.registry=kind-registry:5000/" + run: ct install --charts charts/agent-plane,charts/agent-plane-azure-vault --config charts/config/chart-testing-config.yaml --helm-extra-set-args="--set=imageRegistry=kind-registry:5000/" if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true' # Upgrade the released chart version with the locally available chart @@ -132,7 +132,7 @@ jobs: - name: Run helm upgrade on agent plane azure vault run: | helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev - helm install agent-azure tractusx-dev/agent-plane-azure-vault --version ${{ github.event.inputs.upgrade_from }} --set=image.registry=kind-registry:5000/ + helm install agent-azure tractusx-dev/agent-plane-azure-vault --version ${{ github.event.inputs.upgrade_from }} --set=imageRegistry=kind-registry:5000/ helm dependency update charts/agent-plane-azure-vault helm upgrade agent-azure charts/agent-plane-azure-vault if: (github.event_name != 'pull_request' || env.CHART_CHANGED == 'true') && github.event.inputs.upgrade_from != '' && github.event.inputs.upgrade_from != 'x.x.x' diff --git a/charts/config/chart-integration-config.yaml b/charts/config/chart-integration-config.yaml index 09dee03e..690637ff 100644 --- a/charts/config/chart-integration-config.yaml +++ b/charts/config/chart-integration-config.yaml @@ -18,5 +18,5 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-set-args: "--set=image.registry=kind-registry:5000/" +helm-extra-set-args: "--set=imageRegistry=kind-registry:5000/" chart-repos: diff --git a/charts/config/chart-testing-config.yaml b/charts/config/chart-testing-config.yaml index 09dee03e..690637ff 100644 --- a/charts/config/chart-testing-config.yaml +++ b/charts/config/chart-testing-config.yaml @@ -18,5 +18,5 @@ --- # Config for testing charts validate-maintainers: false -helm-extra-set-args: "--set=image.registry=kind-registry:5000/" +helm-extra-set-args: "--set=imageRegistry=kind-registry:5000/" chart-repos: From 8425a142fba7b6d04e02a9c4b46b377154df8e9f Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 23 Apr 2024 13:19:48 +0200 Subject: [PATCH 20/62] feat: align with matchmaking implementation. --- .../tractusx/agents/edc/rdf/RdfStore.java | 110 +++++++++++ .../agents/edc/service/DataManagement.java | 178 ++++++++---------- 2 files changed, 190 insertions(+), 98 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java index 700f0a6d..870d42ea 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java @@ -59,6 +59,7 @@ public class RdfStore { public RdfStore(AgentConfig config, Monitor monitor) { this.config = config; this.dataset = DatasetGraphFactory.createTxnMem(); + DataService.Builder dataService = DataService.newBuilder(dataset); this.service = dataService.build(); api = new DataAccessPoint(config.getAccessPoint(), service); @@ -88,6 +89,115 @@ public RdfStore(AgentConfig config, Monitor monitor) { } } + public static final String CSV_REGEX = "(\"[^\"]*\")?([^%s]*)"; + + /** + * registers (overwrites/extends) an asset + * + * @param asset asset iri + * @param content stream for rdf data + * @param format the format of the stream + * @return number of resulting triples + */ + public long registerAsset(String asset, String content, ExternalFormat format) { + if (!asset.contains("/")) { + asset = "http://server/unset-base/" + asset; + } + monitor.info(String.format("Upserting asset %s with turtle source.", asset)); + startTx(); + StreamRDF dest = StreamRDFLib.dataset(dataset); + StreamRDF graphDest = StreamRDFLib.extendTriplesToQuads(NodeFactory.createURI(asset), dest); + StreamRDFCounting countingDest = StreamRDFLib.count(graphDest); + ErrorHandler errorHandler = ErrorHandlerFactory.errorHandlerStd(monitorWrapper); + switch (format) { + default: + RDFParser.create() + .errorHandler(errorHandler) + .source(new ByteArrayInputStream(content.getBytes())) + .lang(Lang.TTL) + .parse(countingDest); + break; + case CSV: + countingDest.start(); + Pattern csvCell = Pattern.compile(String.format(CSV_REGEX, ",")); + try (BufferedReader reader = new BufferedReader(new StringReader(content))) { + String header = reader.readLine(); + List predicates = new ArrayList<>(); + if (header != null) { + int position = 0; + Matcher headerMatcher = csvCell.matcher(header); + while (position <= header.length() && headerMatcher.find(position)) { + predicates.add(NodeFactory.createURI(headerMatcher.group())); + position = headerMatcher.end() + 1; + } + reader.lines().forEach(factLine -> { + int fposition = 0; + Matcher factMatcher = csvCell.matcher(factLine); + if (factMatcher.find(fposition)) { + Node subject = NodeFactory.createURI(factMatcher.group()); + fposition = factMatcher.end() + 1; + for (int fact = 1; fact < predicates.size() && fposition <= factLine.length() && factMatcher.find(fposition); fact++) { + Node object = parseObject(factMatcher.group()); + countingDest.triple(NodeFactory.createTripleNode(subject, predicates.get(fact), object).getTriple()); + fposition = factMatcher.end() + 1; + } + } + }); + } + } catch (IOException e) { + monitor.warning("An exception has occurred while parsing a CSV stream. Ignoring some/all data.", e); + } + countingDest.finish(); + break; + } + long numberOfTriples = countingDest.countTriples(); + monitor.debug(String.format("Upserting asset %s resulted in %d triples", asset, numberOfTriples)); + commit(); + return numberOfTriples; + } + + /** + * parses a given rdf snippet into a node + * + * @param group rdf snippet node + * @return a parsed node + */ + private Node parseObject(String group) { + if (group.startsWith("<")) { + group = group.replaceAll("[\\<\\>]", ""); + return NodeFactory.createURI(group); + } else if (group.contains("^^")) { + int index = group.lastIndexOf("^^"); + String type = group.substring(index + 2); + group = group.substring(0, index - 1); + } + return NodeFactory.createLiteral(group); + } + + /** + * deletes an asset + * + * @param asset asset iri + * @return number of deleted triples + */ + public long deleteAsset(String asset) { + if (!asset.contains("/")) { + asset = "http://server/unset-base/" + asset; + } + monitor.info(String.format("Deleting asset %s.", asset)); + startTx(); + Quad findAssets = Quad.create(NodeFactory.createURI(asset), Node.ANY, Node.ANY, Node.ANY); + Iterator assetQuads = getDataSet().find(findAssets); + int tupleCount = 0; + while (assetQuads.hasNext()) { + getDataSet().delete(assetQuads.next()); + tupleCount++; + } + monitor.debug(String.format("Deleting asset %s resulted in %d triples", asset, tupleCount)); + commit(); + return tupleCount; + } + /** * access * diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index c04f4fc9..09b8b51e 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -61,21 +61,21 @@ public class DataManagement { public static final String CATALOG_REQUEST_BODY = "{" + "\"@context\": {}," + "\"protocol\": \"dataspace-protocol-http\"," + - "\"counterPartyAddress\": \"%s\", " + - "\"querySpec\": %s }"; - // catalog request 0.5.0 - public static final String CATALOG_REQUEST_BODY_PRERELEASE = "{" + - "\"@context\": {}," + - "\"protocol\": \"dataspace-protocol-http\"," + - "\"providerUrl\": \"%s\", " + - "\"querySpec\": %s }"; + "\"counterPartyAddress\": \"%1$s\", " + + "\"querySpec\": %2$s }"; + + public static final String ASSET_CREATE_CALL = "%1$s%2$s/assets"; + public static final String ASSET_UPDATE_CALL = "%1$s%2$s/assets/%3$s"; - public static final String ASSET_CREATE_CALL = "%s%s/assets"; - public static final String ASSET_CREATE_BODY = "{\n" + + /** + * template for skill asset creation + */ + public static final String SKILL_ASSET_CREATE_BODY = "{\n" + " \"@context\": {\n" + " \"rdf\": \"http://www.w3.org/1999/02/22-rdf-syntax-ns#\",\n" + " \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n" + " \"cx-common\": \"https://w3id.org/catenax/ontology/common#\",\n" + + " \"xsd\": \"http://www.w3.org/2001/XMLSchema#\",\n" + " \"sh\": \"http://www.w3.org/ns/shacl#\"\n" + " },\n" + " \"asset\": {\n" + @@ -108,45 +108,10 @@ public class DataManagement { " \"proxyBody\": \"true\",\n" + " \"cx-common:allowServicePattern\": \"%10$s\",\n" + " \"cx-common:denyServicePattern\": \"%11$s\"\n" + - "}\n"; - - public static final String SKILL_ASSET_CREATE_BODY_V3 = "{\n" + - " \"@context\": {\n" + - " \"rdf\": \"http://www.w3.org/1999/02/22-rdf-syntax-ns#\",\n" + - " \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n" + - " \"cx-common\": \"https://w3id.org/catenax/ontology/common#\",\n" + - " \"sh\": \"http://www.w3.org/ns/shacl#\"\n" + - " },\n" + - " \"@id\": \"%1$s\", \n" + - " \"properties\": {\n" + - " \"name\": \"%2$s\",\n" + - " \"description\": \"%3$s\",\n" + - " \"version\": \"%4$s\",\n" + - " \"contenttype\": \"application/json, application/xml\",\n" + - "%5$s" + - " \"rdf:type\": \"cx-common:SkillAsset\",\n" + - " \"rdfs:isDefinedBy\": \"%6$s\",\n" + - " \"cx-common:implementsProtocol\": \"cx-common:Protocol?w3c:http:SKILL\",\n" + - " \"cx-common:distributionMode\": \"%7$s\",\n" + - " \"cx-common:isFederated\": \"%8$b^^xsd:boolean\"\n" + - " },\n" + - " \"privateProperties\": {\n" + - " \"cx-common:query\":%9$s\n" + - " },\n" + - " \"dataAddress\": {\n" + - " \"id\":\"%1$s\",\n" + - " \"@type\": \"DataAddress\",\n" + - " \"type\": \"cx-common:Protocol?w3c:http:SKILL\",\n" + - " \"baseUrl\":\"https://w3id.org/catenax\",\n" + - " \"proxyPath\": \"false\",\n" + - " \"proxyMethod\": \"true\",\n" + - " \"proxyQueryParams\": \"true\",\n" + - " \"proxyBody\": \"true\",\n" + - " \"cx-common:allowServicePattern\": \"%10$s\",\n" + - " \"cx-common:denyServicePattern\": \"%11$s\"\n" + " }\n" + "}\n"; + public static final String ASSET_CALL = "%s%s/assets/request"; // negotiation request 0.5.>=1 @@ -164,21 +129,6 @@ public class DataManagement { "}\n" + "}"; - // negotiation request 0.5.0 - roles of provider and connector are wrong - public static final String NEGOTIATION_REQUEST_BODY_PRERELEASE = "{\n" + - "\"@context\": { \"odrl\": \"http://www.w3.org/ns/odrl/2/\"},\n" + - "\"@type\": \"NegotiationInitiateRequestDto\",\n" + - "\"connectorAddress\": \"%1$s\",\n" + - "\"protocol\": \"dataspace-protocol-http\",\n" + - "\"providerId\": \"%2$s\",\n" + - "\"connectorId\": \"%3$s\",\n" + - "\"offer\": {\n" + - " \"offerId\": \"%4$s\",\n" + - " \"assetId\": \"%5$s\",\n" + - " \"policy\": %6$s\n" + - "}\n" + - "}"; - public static final String NEGOTIATION_INITIATE_CALL = "%s/v2/contractnegotiations"; public static final String NEGOTIATION_CHECK_CALL = "%s/v2/contractnegotiations/%s"; public static final String TRANSFER_INITIATE_CALL = "%s/v2/transferprocesses"; @@ -257,12 +207,7 @@ public DcatCatalog findContractOffers(String remoteControlPlaneIdsUrl, String as */ public DcatCatalog getCatalog(String remoteControlPlaneIdsUrl, QuerySpec spec) throws IOException { var url = String.format(CATALOG_CALL, config.getControlPlaneManagementUrl()); - - // use a version specific call - String template = config.isPrerelease() ? CATALOG_REQUEST_BODY_PRERELEASE : CATALOG_REQUEST_BODY; - - var catalogSpec = String.format(template, - String.format(DSP_PATH, remoteControlPlaneIdsUrl), objectMapper.writeValueAsString(spec)); + var catalogSpec = String.format(CATALOG_REQUEST_BODY, String.format(DSP_PATH, remoteControlPlaneIdsUrl), objectMapper.writeValueAsString(spec)); var request = new Request.Builder().url(url).post(RequestBody.create(catalogSpec, MediaType.parse("application/json"))); config.getControlPlaneManagementHeaders().forEach(request::addHeader); @@ -290,10 +235,10 @@ public DcatCatalog getCatalog(String remoteControlPlaneIdsUrl, QuerySpec spec) t */ public List listAssets(QuerySpec spec) throws IOException { - String version = config.isPrerelease() ? "/v2" : "/v3"; + String version = "/v3"; var url = String.format(ASSET_CALL, config.getControlPlaneManagementProviderUrl(), version); var assetObject = (ObjectNode) objectMapper.readTree(objectMapper.writeValueAsString(spec)); - assetObject.put("@context", objectMapper.createObjectNode()); + assetObject.set("@context", objectMapper.createObjectNode()); var assetSpec = objectMapper.writeValueAsString(assetObject); var request = new Request.Builder().url(url).post(RequestBody.create(assetSpec, MediaType.parse("application/json"))); @@ -314,7 +259,48 @@ public List listAssets(QuerySpec spec) throws IOException { } /** - * creates or updates a given asset + * helper to create or update assets + * + * @param assetSpec json text of the asset description + * @return a response listing the id of the created/updated asset + * @throws IOException in case something goes wrong + */ + protected IdResponse createOrUpdateAsset(String assetId, String assetSpec) throws IOException { + String version = "/v3"; + var url = String.format(ASSET_CREATE_CALL, config.getControlPlaneManagementProviderUrl(), version); + var request = new Request.Builder().url(url).post(RequestBody.create(assetSpec, MediaType.parse("application/json"))); + config.getControlPlaneManagementHeaders().forEach(request::addHeader); + + try (var response = httpClient.newCall(request.build()).execute()) { + ResponseBody body = response.body(); + + if (!response.isSuccessful() || body == null) { + + if (response.code() != 409 || body == null) { + throw new InternalServerErrorException(format("Control plane responded with: %s %s", response.code(), body != null ? body.string() : "")); + } + + url = String.format(ASSET_UPDATE_CALL, config.getControlPlaneManagementProviderUrl(), version, assetId); + var patchRequest = new Request.Builder().url(url).patch(RequestBody.create(assetSpec, MediaType.parse("application/json"))); + config.getControlPlaneManagementHeaders().forEach(patchRequest::addHeader); + + try (var patchResponse = httpClient.newCall(patchRequest.build()).execute()) { + body = patchResponse.body(); + if (!patchResponse.isSuccessful() || body == null) { + monitor.warning(format("Failure in updating the resource at %s. Ignoring", url)); + return null; + } + } + } + return JsonLd.processIdResponse(body.string()); + } catch (Exception e) { + monitor.severe(format("Error in calling the control plane at %s", url), e); + throw e; + } + } + + /** + * creates or updates a given skill asset * * @param assetId key * @param name of skill @@ -333,15 +319,12 @@ public List listAssets(QuerySpec spec) throws IOException { public IdResponse createOrUpdateSkill(String assetId, String name, String description, String version, String contract, String ontologies, String distributionMode, boolean isFederated, String query, String allowServicePattern, String denyServicePattern) throws IOException { - - String apiVersion = config.isPrerelease() ? "/v2" : "/v3"; - var url = String.format(ASSET_CREATE_CALL, config.getControlPlaneManagementProviderUrl(), apiVersion); if (contract != null) { contract = String.format(" \"cx-common:publishedUnderContract\": \"%1$s\",\n", contract); } else { contract = ""; } - String spec = config.isPrerelease() ? ASSET_CREATE_BODY : SKILL_ASSET_CREATE_BODY_V3; + String body = SKILL_ASSET_CREATE_BODY; if (allowServicePattern == null) { allowServicePattern = config.getServiceAllowPattern().pattern(); @@ -349,40 +332,39 @@ public IdResponse createOrUpdateSkill(String assetId, String name, String descri if (denyServicePattern == null) { denyServicePattern = config.getServiceDenyPattern().pattern(); } - var assetSpec = String.format(spec, assetId, name, description, version, contract, ontologies, distributionMode, + + var assetSpec = String.format(body, assetId, name, description, version, contract, ontologies, distributionMode, isFederated, query, allowServicePattern, denyServicePattern); - var request = new Request.Builder().url(url).post(RequestBody.create(assetSpec, MediaType.parse("application/json"))); - config.getControlPlaneManagementHeaders().forEach(request::addHeader); + return createOrUpdateAsset(assetId, assetSpec); + } + /** + * deletes an existing aseet + * + * @param assetId key of the asset + * @return idresponse + */ + + public IdResponse deleteAsset(String assetId) throws IOException { + String version = "/v3"; + var url = String.format(ASSET_UPDATE_CALL, config.getControlPlaneManagementProviderUrl(), version, assetId); + var request = new Request.Builder().url(url).delete(); + config.getControlPlaneManagementHeaders().forEach(request::addHeader); try (var response = httpClient.newCall(request.build()).execute()) { ResponseBody body = response.body(); - - if (!response.isSuccessful()) { - if (response.code() != 409 || body == null) { - throw new InternalServerErrorException(format("Control plane responded with: %s %s", response.code(), body != null ? body.string() : "")); - } - - var putRequest = new Request.Builder().url(url).put(RequestBody.create(assetSpec, MediaType.parse("application/json"))); - config.getControlPlaneManagementHeaders().forEach(putRequest::addHeader); - - try (var putResponse = httpClient.newCall(putRequest.build()).execute()) { - body = putResponse.body(); - if (!putResponse.isSuccessful() || body == null) { - throw new InternalServerErrorException(format("Control plane responded with: %s %s", response.code(), body != null ? body.string() : "")); - } - return new IdResponse(jakarta.json.Json.createObjectBuilder().add("@id", "assetId").build()); - } + if (response.isSuccessful() && body != null) { + return JsonLd.processIdResponse(body.string()); + } else { + monitor.warning(format("Failure in calling the control plane at %s. Ignoring", url)); + return null; } - - return JsonLd.processIdResponse(body.string()); } catch (Exception e) { monitor.severe(format("Error in calling the control plane at %s", url), e); throw e; } } - /** * initiates negotation * @@ -394,7 +376,7 @@ public String initiateNegotiation(ContractNegotiationRequest negotiationRequest) var url = String.format(NEGOTIATION_INITIATE_CALL, config.getControlPlaneManagementUrl()); // use a version specific call - String template = config.isPrerelease() ? NEGOTIATION_REQUEST_BODY_PRERELEASE : NEGOTIATION_REQUEST_BODY; + String template = NEGOTIATION_REQUEST_BODY; var negotiateSpec = String.format(template, negotiationRequest.getConnectorAddress(), @@ -461,7 +443,7 @@ public ContractNegotiation getNegotiation(String negotiationId) throws IOExcepti } /** - * access a pending agreement + * get a contract agreement by its id * * @param agreementId id of the agreement * @return contract agreement From 955ded3eb2691258f414925425154011e8952726 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 23 Apr 2024 14:56:44 +0200 Subject: [PATCH 21/62] feat: upgrade to tx-edc 0.7.0 / edc 0.6.1 --- DEPENDENCIES | 349 +++++++++--------- agent-plane/agent-plane-protocol/pom.xml | 57 ++- .../tractusx/agents/edc/AgentExtension.java | 4 +- .../agents/edc/http/HttpClientFactory.java | 4 +- .../agents/edc/http/transfer/AgentSource.java | 8 +- .../edc/http/transfer/AgentSourceFactory.java | 8 +- .../AgentSourceHttpParamsDecorator.java | 18 +- .../AgentSourceRequestParamsSupplier.java | 8 +- .../agents/edc/rdf/ExternalFormat.java | 66 ++++ .../tractusx/agents/edc/rdf/RdfStore.java | 13 +- .../agents/edc/service/DataManagement.java | 2 +- .../agents/edc/http/TestAgentController.java | 3 +- .../service/TestDataspaceSynchronizer.java | 3 +- .../edc/sparql/TestSparqlProcessor.java | 3 +- agent-plane/agentplane-azure-vault/pom.xml | 26 ++ .../src/main/docker/Dockerfile | 2 +- agent-plane/agentplane-hashicorp/pom.xml | 17 + .../src/main/docker/Dockerfile | 2 +- .../edc/auth/CompositeJwsVerifier.java | 4 +- pom.xml | 16 +- 20 files changed, 399 insertions(+), 214 deletions(-) create mode 100644 agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java diff --git a/DEPENDENCIES b/DEPENDENCIES index 97df638c..8840b02f 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -1,24 +1,24 @@ maven/mavencentral/com.apicatalog/carbon-did/0.0.2, Apache-2.0, approved, #9239 maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.8.1, Apache-2.0, approved, #9234 -maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.2, Apache-2.0, approved, #8912 -maven/mavencentral/com.apicatalog/titanium-json-ld/1.3.3, Apache-2.0, approved, #8912 -maven/mavencentral/com.azure/azure-core-http-netty/1.13.11, MIT AND Apache-2.0, approved, #7948 -maven/mavencentral/com.azure/azure-core-http-netty/1.13.9, MIT AND Apache-2.0, approved, #7948 -maven/mavencentral/com.azure/azure-core/1.44.1, MIT, approved, clearlydefined -maven/mavencentral/com.azure/azure-core/1.45.1, MIT AND Apache-2.0, approved, #11845 -maven/mavencentral/com.azure/azure-identity/1.11.1, MIT AND Apache-2.0, approved, #13237 +maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.0, Apache-2.0, approved, #13683 +maven/mavencentral/com.azure/azure-core-http-netty/1.14.0, MIT AND Apache-2.0, approved, #13238 +maven/mavencentral/com.azure/azure-core-http-netty/1.14.1, MIT AND Apache-2.0, approved, #13238 +maven/mavencentral/com.azure/azure-core/1.46.0, MIT AND Apache-2.0, approved, #13234 +maven/mavencentral/com.azure/azure-core/1.47.0, MIT AND Apache-2.0, approved, #13678 +maven/mavencentral/com.azure/azure-identity/1.11.4, MIT AND Apache-2.0, approved, #13237 maven/mavencentral/com.azure/azure-json/1.1.0, MIT AND Apache-2.0, approved, #10547 -maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.7.3, MIT, approved, #10868 -maven/mavencentral/com.azure/azure-storage-blob/12.24.1, MIT, approved, #10568 -maven/mavencentral/com.azure/azure-storage-common/12.23.1, MIT, approved, #10569 -maven/mavencentral/com.azure/azure-storage-internal-avro/12.9.1, MIT, approved, #10560 -maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.16.1, Apache-2.0, approved, #11606 -maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.16.1, Apache-2.0 AND MIT, approved, #11602 -maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.16.1, Apache-2.0, approved, #11605 +maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.8.1, MIT, approved, #13690 +maven/mavencentral/com.azure/azure-storage-blob/12.25.2, MIT, approved, #13400 +maven/mavencentral/com.azure/azure-storage-common/12.24.2, MIT, approved, #13402 +maven/mavencentral/com.azure/azure-storage-internal-avro/12.10.2, MIT, approved, #13399 +maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672 +maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665 +maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.15.2, Apache-2.0, approved, #9160 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.13.5, Apache-2.0, approved, #3768 maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.1, Apache-2.0, approved, #8802 -maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.16.1, Apache-2.0, approved, #11854 -maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.16.1, Apache-2.0, approved, #11853 +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.0, Apache-2.0, approved, #14161 +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.0, Apache-2.0, approved, #14160 maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.15.1, Apache-2.0, approved, #9235 maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.15.1, Apache-2.0, approved, #9236 maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.15.1, Apache-2.0, approved, #9241 @@ -26,9 +26,9 @@ maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-a maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.4.0, Apache-2.0, approved, #5309 maven/mavencentral/com.github.andrewoma.dexx/collection/0.7, MIT, approved, CQ22160 maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.6, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.github.docker-java/docker-java-api/3.3.4, Apache-2.0, approved, #10346 -maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.4, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946 -maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.4, Apache-2.0, approved, #7942 +maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346 +maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946 +maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942 maven/mavencentral/com.github.jsonld-java/jsonld-java/0.13.4, BSD-3-Clause, approved, CQ22136 maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949 maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, Apache-2.0, approved, #20 @@ -37,11 +37,11 @@ maven/mavencentral/com.google.crypto.tink/tink/1.12.0, Apache-2.0, approved, #12 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.22.0, Apache-2.0, approved, #10661 maven/mavencentral/com.google.protobuf/protobuf-java/3.24.3, BSD-3-Clause, approved, clearlydefined maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.2.0, MIT, approved, clearlydefined -maven/mavencentral/com.microsoft.azure/msal4j/1.14.0, MIT, approved, #14159 -maven/mavencentral/com.nimbusds/content-type/2.2, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.microsoft.azure/msal4j/1.14.3, MIT, approved, #14159 +maven/mavencentral/com.nimbusds/content-type/2.3, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701 -maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/10.7.1, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/11.9.1, Apache-2.0, approved, #12667 maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, approved, #11159 maven/mavencentral/com.squareup.okhttp3/okhttp/4.12.0, Apache-2.0, approved, #11156 maven/mavencentral/com.squareup.okio/okio-jvm/3.6.0, Apache-2.0, approved, #11158 @@ -52,55 +52,37 @@ maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #9178 maven/mavencentral/dev.failsafe/failsafe/3.3.2, Apache-2.0, approved, #9268 maven/mavencentral/io.github.classgraph/classgraph/4.8.154, MIT, approved, CQ22530 -maven/mavencentral/io.micrometer/micrometer-commons/1.12.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11679 -maven/mavencentral/io.micrometer/micrometer-core/1.12.2, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678 -maven/mavencentral/io.micrometer/micrometer-observation/1.12.2, Apache-2.0, approved, #11680 +maven/mavencentral/io.micrometer/micrometer-commons/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11679 +maven/mavencentral/io.micrometer/micrometer-core/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678 +maven/mavencentral/io.micrometer/micrometer-observation/1.12.5, Apache-2.0, approved, #11680 maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.1, Apache-2.0, approved, #9805 maven/mavencentral/io.netty/netty-buffer/4.1.101.Final, Apache-2.0, approved, CQ21842 -maven/mavencentral/io.netty/netty-buffer/4.1.94.Final, Apache-2.0, approved, CQ21842 -maven/mavencentral/io.netty/netty-codec-dns/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-http2/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-socks/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec-socks/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-codec/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-common/4.1.101.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 -maven/mavencentral/io.netty/netty-common/4.1.94.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 -maven/mavencentral/io.netty/netty-handler-proxy/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-handler-proxy/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-handler/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.100.Final, Apache-2.0, approved, #6367 maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.101.Final, Apache-2.0, approved, #6367 -maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.100.Final, Apache-2.0, approved, #7004 maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.101.Final, Apache-2.0, approved, #7004 -maven/mavencentral/io.netty/netty-resolver-dns/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.62.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 maven/mavencentral/io.netty/netty-tcnative-classes/2.0.62.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.100.Final, Apache-2.0, approved, #6366 maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.101.Final, Apache-2.0, approved, #6366 -maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.94.Final, Apache-2.0, approved, #6366 -maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.100.Final, Apache-2.0, approved, #4107 maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.101.Final, Apache-2.0, approved, #4107 -maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.100.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport/4.1.94.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684 maven/mavencentral/io.opentelemetry/opentelemetry-api/1.32.0, Apache-2.0, approved, #11682 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.32.0, Apache-2.0, approved, #11683 -maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.38, Apache-2.0, approved, #9687 -maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.39, Apache-2.0, approved, #9687 -maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.38, Apache-2.0, approved, #11661 -maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.39, Apache-2.0, approved, #11661 -maven/mavencentral/io.projectreactor/reactor-core/3.4.33, Apache-2.0, approved, #7517 +maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.40, Apache-2.0, approved, #9687 +maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.40, Apache-2.0, approved, #11661 maven/mavencentral/io.projectreactor/reactor-core/3.4.34, Apache-2.0, approved, #7517 maven/mavencentral/io.prometheus/simpleclient/0.16.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.prometheus/simpleclient_common/0.16.0, Apache-2.0, approved, clearlydefined @@ -116,7 +98,7 @@ maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.15, Apache-2.0, maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi -maven/mavencentral/jakarta.json/jakarta.json-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp +maven/mavencentral/jakarta.json/jakarta.json-api/2.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jta maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest @@ -125,12 +107,12 @@ maven/mavencentral/javax.servlet/javax.servlet-api/4.0.1, (CDDL-1.1 OR GPL-2.0-o maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.1, Apache-2.0, approved, #7164 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.1, Apache-2.0 AND BSD-3-Clause, approved, #7163 +maven/mavencentral/net.bytebuddy/byte-buddy/1.14.11, Apache-2.0 AND BSD-3-Clause, approved, #7163 +maven/mavencentral/net.bytebuddy/byte-buddy/1.14.9, Apache-2.0 AND BSD-3-Clause, approved, #7163 maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #6707 maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390 maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #6709 -maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515 maven/mavencentral/net.minidev/accessors-smart/2.5.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/net.minidev/json-smart/2.4.10, Apache-2.0, approved, #3288 maven/mavencentral/net.minidev/json-smart/2.5.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368 @@ -159,81 +141,104 @@ maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, , restricted, clearlydefined maven/mavencentral/org.apache.thrift/libthrift/0.18.1, Apache-2.0, approved, #8911 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585 -maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.77, MIT, approved, #11593 -maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.77, MIT AND CC0-1.0, approved, #11595 -maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.77, MIT, approved, #11596 +maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434 +maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433 +maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435 maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined -maven/mavencentral/org.checkerframework/checker-qual/3.41.0, MIT, approved, #12032 +maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670 -maven/mavencentral/org.eclipse.edc/api-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/api-observability/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/auth-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/aws-s3-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/azure-blob-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/boot/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/catalog-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/connector-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/contract-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-api-configuration/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/core-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/crypto-common/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-aws-s3/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-azure-storage/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-public-api/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-util/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/http-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/http/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/identity-did-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jersey-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jersey-providers/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jetty-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/json-ld-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/json-ld/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/junit/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jwt-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/micrometer-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/oauth2-client/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/oauth2-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-engine/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-evaluator/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-model/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/sql-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/sql-lease/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/state-machine/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/token-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/token-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transaction-local/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transaction-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transfer-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transform-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transform-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/util/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/validator-core/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/validator-spi/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/vault-azure/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.5.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/web-spi/0.5.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/api-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/api-observability/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/asset-index-sql/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/asset-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/auth-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/aws-s3-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/azure-blob-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/boot-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/boot-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/boot/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/catalog-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/connector-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/contract-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-api-configuration/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-plane-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/core-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-aws-s3/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-azure-storage/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-public-api-v2/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-signaling-api-configuration/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-signaling-api/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-signaling-transform/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-store-sql/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-util/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/edr-index-sql/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/edr-store-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/edr-store-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/http-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/http-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/http/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-did-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-did-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-did-web/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jersey-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jersey-providers-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jetty-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-ld-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-ld-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-ld/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/junit-base/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/junit/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jwt-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/keys-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/keys-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/micrometer-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/oauth2-client/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/oauth2-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-engine-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-evaluator-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-model/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/query-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/sql-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/sql-lease/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/state-machine-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/store-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/token-core/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/token-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transaction-local/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transaction-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transfer-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transform-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transform-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/util-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/validator-lib/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/validator-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/vault-azure/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/web-spi/0.6.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty @@ -256,19 +261,25 @@ maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.20, EPL-2.0 OR Apache-2. maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.12.18-SNAPSHOT, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.12.18-SNAPSHOT, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-provider-api/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-provider-core/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-provider-spi/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edr-cache-core/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edr-cache-sql/0.6.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.6.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.12.19-SNAPSHOT, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.12.19-SNAPSHOT, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/core-utils/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/data-plane-migration/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edr-core/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/postgresql-migration-lib/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-api/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-core/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-handler/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-spi/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/tx-iatp-sts-dim/0.7.0, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.flywaydb/flyway-core/10.11.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.11.0, Apache-2.0, approved, #14239 maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish @@ -287,14 +298,13 @@ maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only wit maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429 maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192 maven/mavencentral/org.javassist/javassist/3.29.2-GA, Apache-2.0 AND LGPL-2.1-or-later AND MPL-1.1, approved, #6023 -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.0, Apache-2.0, approved, #8910 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.9.10, Apache-2.0, approved, #14186 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, approved, #8807 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.10, Apache-2.0, approved, #14193 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.8.21, Apache-2.0, approved, #8919 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.9.10, Apache-2.0, approved, #14191 -maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.0, Apache-2.0, approved, #8865 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.21, Apache-2.0, approved, #8865 +maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.9.10, Apache-2.0, approved, #11827 maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857 @@ -311,45 +321,42 @@ maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydef maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713 maven/mavencentral/org.ow2.asm/asm-commons/9.6, BSD-3-Clause, approved, #10775 maven/mavencentral/org.ow2.asm/asm-tree/9.6, BSD-3-Clause, approved, #10773 -maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, clearlydefined maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776 -maven/mavencentral/org.postgresql/postgresql/42.7.1, BSD-2-Clause AND Apache-2.0, approved, #11681 +maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined maven/mavencentral/org.roaringbitmap/RoaringBitmap/0.9.45, Apache-2.0, approved, clearlydefined maven/mavencentral/org.roaringbitmap/shims/0.9.45, Apache-2.0, approved, clearlydefined maven/mavencentral/org.slf4j/slf4j-api/2.0.12, MIT, approved, #5915 -maven/mavencentral/org.testcontainers/junit-jupiter/1.19.4, MIT, approved, #10344 -maven/mavencentral/org.testcontainers/testcontainers/1.19.4, Apache-2.0 AND MIT, approved, #10347 +maven/mavencentral/org.testcontainers/junit-jupiter/1.19.7, MIT, approved, #10344 +maven/mavencentral/org.testcontainers/testcontainers/1.19.7, Apache-2.0 AND MIT, approved, #10347 maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232 -maven/mavencentral/software.amazon.awssdk/annotations/2.20.162, Apache-2.0, approved, #8598 -maven/mavencentral/software.amazon.awssdk/annotations/2.22.9, Apache-2.0, approved, #12618 -maven/mavencentral/software.amazon.awssdk/apache-client/2.22.9, Apache-2.0, approved, #12633 -maven/mavencentral/software.amazon.awssdk/arns/2.22.9, Apache-2.0, approved, #12647 -maven/mavencentral/software.amazon.awssdk/auth/2.22.9, Apache-2.0, approved, #12622 -maven/mavencentral/software.amazon.awssdk/aws-core/2.22.9, Apache-2.0, approved, #12640 -maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.22.9, Apache-2.0, approved, #12645 -maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.22.9, Apache-2.0, approved, #12628 -maven/mavencentral/software.amazon.awssdk/checksums-spi/2.22.9, Apache-2.0, approved, #12642 -maven/mavencentral/software.amazon.awssdk/checksums/2.22.9, Apache-2.0, approved, #12641 -maven/mavencentral/software.amazon.awssdk/crt-core/2.22.9, Apache-2.0, approved, #12635 -maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.22.9, Apache-2.0, approved, #12624 -maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.22.9, Apache-2.0, approved, #12637 -maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.22.9, Apache-2.0, approved, #12638 -maven/mavencentral/software.amazon.awssdk/http-auth/2.22.9, Apache-2.0, approved, #12626 -maven/mavencentral/software.amazon.awssdk/http-client-spi/2.20.162, Apache-2.0, approved, #8608 -maven/mavencentral/software.amazon.awssdk/iam/2.22.9, Apache-2.0, approved, clearlydefined -maven/mavencentral/software.amazon.awssdk/identity-spi/2.22.9, Apache-2.0, approved, #12636 -maven/mavencentral/software.amazon.awssdk/json-utils/2.22.9, Apache-2.0, approved, #12646 -maven/mavencentral/software.amazon.awssdk/metrics-spi/2.20.162, Apache-2.0, approved, #8636 -maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.20.162, Apache-2.0, approved, #8613 -maven/mavencentral/software.amazon.awssdk/profiles/2.22.9, Apache-2.0, approved, #12620 -maven/mavencentral/software.amazon.awssdk/protocol-core/2.22.9, Apache-2.0, approved, #12648 -maven/mavencentral/software.amazon.awssdk/regions/2.22.9, Apache-2.0, approved, #12643 -maven/mavencentral/software.amazon.awssdk/s3/2.22.9, Apache-2.0, approved, #12630 -maven/mavencentral/software.amazon.awssdk/sdk-core/2.22.9, Apache-2.0, approved, #12639 -maven/mavencentral/software.amazon.awssdk/sts/2.22.9, Apache-2.0, approved, clearlydefined -maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.22.9, Apache-2.0, approved, #12629 -maven/mavencentral/software.amazon.awssdk/utils/2.20.162, Apache-2.0, approved, #8625 -maven/mavencentral/software.amazon.awssdk/utils/2.22.9, Apache-2.0, approved, #12631 +maven/mavencentral/software.amazon.awssdk/annotations/2.24.10, Apache-2.0, approved, #13251 +maven/mavencentral/software.amazon.awssdk/apache-client/2.24.10, Apache-2.0, approved, #13257 +maven/mavencentral/software.amazon.awssdk/arns/2.24.10, Apache-2.0, approved, #13243 +maven/mavencentral/software.amazon.awssdk/auth/2.24.10, Apache-2.0, approved, #13256 +maven/mavencentral/software.amazon.awssdk/aws-core/2.24.10, Apache-2.0, approved, #13240 +maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.24.10, Apache-2.0, approved, #13262 +maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.24.10, Apache-2.0, approved, #13247 +maven/mavencentral/software.amazon.awssdk/checksums-spi/2.24.10, Apache-2.0, approved, #13245 +maven/mavencentral/software.amazon.awssdk/checksums/2.24.10, Apache-2.0, approved, #13242 +maven/mavencentral/software.amazon.awssdk/crt-core/2.24.10, Apache-2.0, approved, #13252 +maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.24.10, Apache-2.0, approved, #13246 +maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.24.10, Apache-2.0, approved, #13253 +maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.24.10, Apache-2.0, approved, #13264 +maven/mavencentral/software.amazon.awssdk/http-auth/2.24.10, Apache-2.0, approved, #13248 +maven/mavencentral/software.amazon.awssdk/http-client-spi/2.24.10, Apache-2.0, approved, #13259 +maven/mavencentral/software.amazon.awssdk/iam/2.24.10, Apache-2.0, approved, #13444 +maven/mavencentral/software.amazon.awssdk/identity-spi/2.24.10, Apache-2.0, approved, #13244 +maven/mavencentral/software.amazon.awssdk/json-utils/2.24.10, Apache-2.0, approved, #13261 +maven/mavencentral/software.amazon.awssdk/metrics-spi/2.24.10, Apache-2.0, approved, #13239 +maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.24.10, Apache-2.0, approved, #13260 +maven/mavencentral/software.amazon.awssdk/profiles/2.24.10, Apache-2.0, approved, #13258 +maven/mavencentral/software.amazon.awssdk/protocol-core/2.24.10, Apache-2.0, approved, #13241 +maven/mavencentral/software.amazon.awssdk/regions/2.24.10, Apache-2.0, approved, #13255 +maven/mavencentral/software.amazon.awssdk/s3/2.24.10, Apache-2.0, approved, #13254 +maven/mavencentral/software.amazon.awssdk/sdk-core/2.24.10, Apache-2.0, approved, #13265 +maven/mavencentral/software.amazon.awssdk/sts/2.24.10, Apache-2.0, approved, #13442 +maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.24.10, Apache-2.0, approved, #13249 +maven/mavencentral/software.amazon.awssdk/utils/2.24.10, Apache-2.0, approved, #13250 maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 48d08148..7e126f44 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -176,6 +176,12 @@ junit ${edc.version} test + + + net.bytebuddy + byte-buddy + + @@ -302,8 +308,38 @@ software.amazon.awssdk netty-nio-client - 2.20.162 + ${awssdk.version} runtime + + + io.netty + netty-buffer + + + io.netty + netty-codec-http + + + io.netty + netty-codec + + + io.netty + netty-common + + + io.netty + netty-handler + + + io.netty + netty-resolver + + + io.netty + netty-transport + + @@ -371,6 +407,12 @@ org.mockito mockito-core test + + + net.bytebuddy + byte-buddy + + org.eclipse.edc @@ -385,6 +427,12 @@ + + org.eclipse.edc + jetty-core + ${edc.version} + test + org.jetbrains.kotlin kotlin-stdlib @@ -392,6 +440,13 @@ compile + + org.jetbrains.kotlin + kotlin-stdlib-jdk8 + ${jetbrains.kotlin.version} + compile + + io.micrometer diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java index 806357ec..569f9867 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -23,9 +23,9 @@ import org.eclipse.edc.connector.dataplane.http.params.HttpRequestFactory; import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParamsProvider; import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService; +import org.eclipse.edc.http.spi.EdcHttpClient; import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.runtime.metamodel.annotation.Requires; -import org.eclipse.edc.spi.http.EdcHttpClient; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.system.ServiceExtension; diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java index eaf69395..6b1e2d67 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -19,7 +19,7 @@ import okhttp3.OkHttpClient; import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSourceFactory; import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService; -import org.eclipse.edc.spi.http.EdcHttpClient; +import org.eclipse.edc.http.spi.EdcHttpClient; import org.eclipse.tractusx.agents.edc.AgentConfig; import org.jetbrains.annotations.NotNull; diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java index 5cce2117..194dceaa 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java @@ -24,8 +24,8 @@ import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams; import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSource; import org.eclipse.edc.connector.dataplane.spi.pipeline.StreamResult; -import org.eclipse.edc.spi.http.EdcHttpClient; -import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; +import org.eclipse.edc.http.spi.EdcHttpClient; +import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; import org.eclipse.tractusx.agents.edc.AgentExtension; import org.eclipse.tractusx.agents.edc.SkillDistribution; import org.eclipse.tractusx.agents.edc.SkillStore; @@ -69,7 +69,7 @@ public class AgentSource implements DataSource { protected SparqlQueryProcessor processor; protected SkillStore skillStore; - protected DataFlowRequest request; + protected DataFlowStartMessage request; protected String matchmakingAgentUrl; @@ -290,7 +290,7 @@ public AgentSource.Builder skillStore(SkillStore skillStore) { return this; } - public AgentSource.Builder request(DataFlowRequest request) { + public AgentSource.Builder request(DataFlowStartMessage request) { dataSource.request = request; return this; } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java index 43426238..3dd4c368 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java @@ -19,9 +19,9 @@ import org.eclipse.edc.connector.dataplane.http.params.HttpRequestFactory; import org.eclipse.edc.connector.dataplane.http.spi.HttpDataAddress; import org.eclipse.edc.connector.dataplane.spi.pipeline.DataSource; -import org.eclipse.edc.spi.http.EdcHttpClient; +import org.eclipse.edc.http.spi.EdcHttpClient; import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; +import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; import org.eclipse.tractusx.agents.edc.AgentProtocol; import org.eclipse.tractusx.agents.edc.SkillStore; import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor; @@ -66,7 +66,7 @@ public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupp * @return flag */ @Override - public boolean canHandle(DataFlowRequest request) { + public boolean canHandle(DataFlowStartMessage request) { return AgentProtocol.SPARQL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType()) || AgentProtocol.SKILL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType()); } @@ -79,7 +79,7 @@ public boolean canHandle(DataFlowRequest request) { * @return new data source */ @Override - public DataSource createSource(DataFlowRequest request) { + public DataSource createSource(DataFlowStartMessage request) { var dataAddress = HttpDataAddress.Builder.newInstance() .copyFrom(request.getSourceDataAddress()) .build(); diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java index 29b5ea90..f4c01d03 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceHttpParamsDecorator.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -21,7 +21,7 @@ import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParams; import org.eclipse.edc.spi.EdcException; import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; +import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; import org.eclipse.tractusx.agents.edc.AgentConfig; import org.eclipse.tractusx.agents.edc.http.HttpUtils; import org.eclipse.tractusx.agents.edc.sparql.DataspaceServiceExecutor; @@ -100,7 +100,7 @@ public AgentSourceHttpParamsDecorator(AgentConfig config, Monitor monitor) { * @param dataflowRequest the request to check * @return if this is a transfer request */ - public static boolean isTransferRequest(DataFlowRequest dataflowRequest) { + public static boolean isTransferRequest(DataFlowStartMessage dataflowRequest) { return false; } @@ -143,7 +143,7 @@ public static Map> mergeParams(Map> pa * @return translated call content (identical to params) */ @Override - public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddress address, HttpRequestParams.Builder params) { + public HttpRequestParams.Builder decorate(DataFlowStartMessage request, HttpDataAddress address, HttpRequestParams.Builder params) { String contentType = this.extractContentType(address, request); String body = this.extractBody(address, request); Map> queryParams = parseParams("?" + getRequestQueryParams(address, request)); @@ -196,7 +196,7 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre return params; } - protected @NotNull String extractMethod(HttpDataAddress address, DataFlowRequest request) { + protected @NotNull String extractMethod(HttpDataAddress address, DataFlowStartMessage request) { if (Boolean.parseBoolean(address.getProxyMethod())) { return Optional.ofNullable(request.getProperties().get(METHOD)).orElseThrow(() -> new EdcException(String.format("DataFlowRequest %s: 'method' property is missing", request.getId()))); } else { @@ -204,11 +204,11 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre } } - protected @Nullable String extractPath(HttpDataAddress address, DataFlowRequest request) { + protected @Nullable String extractPath(HttpDataAddress address, DataFlowStartMessage request) { return Boolean.parseBoolean(address.getProxyPath()) ? request.getProperties().get(PATH_SEGMENTS) : address.getPath(); } - protected @Nullable String getRequestQueryParams(HttpDataAddress address, DataFlowRequest request) { + protected @Nullable String getRequestQueryParams(HttpDataAddress address, DataFlowStartMessage request) { return Boolean.parseBoolean(address.getProxyQueryParams()) ? request.getProperties().get(QUERY_PARAMS) : null; } @@ -219,12 +219,12 @@ public HttpRequestParams.Builder decorate(DataFlowRequest request, HttpDataAddre * @param request data flow request * @return the content type (which would be derived from the query language part in case the original content type is a url-encoded form) */ - protected @Nullable String extractContentType(HttpDataAddress address, DataFlowRequest request) { + protected @Nullable String extractContentType(HttpDataAddress address, DataFlowStartMessage request) { String contentType = Boolean.parseBoolean(address.getProxyBody()) ? request.getProperties().get(MEDIA_TYPE) : address.getContentType(); return contentType; } - protected @Nullable String extractBody(HttpDataAddress address, DataFlowRequest request) { + protected @Nullable String extractBody(HttpDataAddress address, DataFlowStartMessage request) { return Boolean.parseBoolean(address.getProxyBody()) ? request.getProperties().get(BODY) : null; } } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java index e6eb58b2..245ccc11 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceRequestParamsSupplier.java @@ -25,7 +25,7 @@ import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.security.Vault; import org.eclipse.edc.spi.types.TypeManager; -import org.eclipse.edc.spi.types.domain.transfer.DataFlowRequest; +import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; import org.eclipse.tractusx.agents.edc.AgentConfig; import java.util.ArrayList; @@ -81,7 +81,7 @@ public void registerSinkDecorator(HttpParamsDecorator decorator) { } @Override - public HttpRequestParams provideSourceParams(DataFlowRequest request) { + public HttpRequestParams provideSourceParams(DataFlowStartMessage request) { HttpRequestParams.Builder params = HttpRequestParams.Builder.newInstance(); HttpDataAddress address = HttpDataAddress.Builder.newInstance().copyFrom(request.getSourceDataAddress()).build(); this.sourceDecorators.forEach((decorator) -> decorator.decorate(request, address, params)); @@ -89,7 +89,7 @@ public HttpRequestParams provideSourceParams(DataFlowRequest request) { } @Override - public HttpRequestParams provideSinkParams(DataFlowRequest request) { + public HttpRequestParams provideSinkParams(DataFlowStartMessage request) { HttpRequestParams.Builder params = HttpRequestParams.Builder.newInstance(); HttpDataAddress address = HttpDataAddress.Builder.newInstance().copyFrom(request.getDestinationDataAddress()).build(); this.sinkDecorators.forEach((decorator) -> decorator.decorate(request, address, params)); @@ -104,7 +104,7 @@ public HttpRequestParams provideSinkParams(DataFlowRequest request) { * * @return a fitting matchmaking agent address */ - public String provideMatchmakingUrl(DataFlowRequest request) { + public String provideMatchmakingUrl(DataFlowStartMessage request) { return config.getMatchmakingAgentUrl(); } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java new file mode 100644 index 00000000..1d8dacc5 --- /dev/null +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/ExternalFormat.java @@ -0,0 +1,66 @@ +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation +// +// See the NOTICE file(s) distributed with this work for additional +// information regarding copyright ownership. +// +// This program and the accompanying materials are made available under the +// terms of the Apache License, Version 2.0 which is available at +// https://www.apache.org/licenses/LICENSE-2.0. +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +// License for the specific language governing permissions and limitations +// under the License. +// +// SPDX-License-Identifier: Apache-2.0 +package org.eclipse.tractusx.agents.edc.rdf; + +/** + * lists the various formats that the rdf store can import + */ +public enum ExternalFormat { + TURTLE("text/turtle"), + CSV("text/csv"); + + private final String contentType; + + /** + * Constructoe for ExternalFormat + * + * @param contentType the mime type + */ + + ExternalFormat(final String contentType) { + this.contentType = contentType; + } + + /** + * get the content type + * + * @return mode as argument + */ + + public String getContentType() { + return this.contentType; + } + + /** + * converts a mime type into a format + * + * @param contentType as argument + * @return respective enum, null if format cannot be deduced + */ + + public static ExternalFormat valueOfFormat(String contentType) { + if (contentType != null) { + if (contentType.endsWith("turtle")) { + return TURTLE; + } + if (contentType.endsWith("csv")) { + return CSV; + } + } + return null; + } +} diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java index 870d42ea..a9dcb2c9 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -30,10 +30,21 @@ import org.apache.jena.riot.system.StreamRDFLib; import org.apache.jena.sparql.core.DatasetGraph; import org.apache.jena.sparql.core.DatasetGraphFactory; +import org.apache.jena.sparql.core.Quad; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.tractusx.agents.edc.AgentConfig; import org.eclipse.tractusx.agents.edc.MonitorWrapper; +import java.io.BufferedReader; +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.StringReader; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + /** * a service sitting on a local RDF store/graph * (which hosts the ontology and the federated dataspace diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index 09b8b51e..de1d8fab 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -336,7 +336,7 @@ public IdResponse createOrUpdateSkill(String assetId, String name, String descri var assetSpec = String.format(body, assetId, name, description, version, contract, ontologies, distributionMode, isFederated, query, allowServicePattern, denyServicePattern); - return createOrUpdateAsset(assetId, assetSpec); + return createOrUpdateAsset(assetId, assetSpec); } /** diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java index 6ab99daf..8e779151 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java @@ -26,6 +26,7 @@ import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor; import okhttp3.*; import org.apache.jena.sparql.service.ServiceExecutorRegistry; +import org.eclipse.edc.json.JacksonTypeManager; import org.eclipse.edc.spi.types.TypeManager; import org.eclipse.tractusx.agents.edc.*; import org.junit.jupiter.api.AfterEach; @@ -73,7 +74,7 @@ public class TestAgentController extends RestControllerTestBase { OkHttpClient client=new OkHttpClient(); AgreementController mockController = new MockAgreementController("test",port); ExecutorService threadedExecutor= Executors.newSingleThreadExecutor(); - TypeManager typeManager = new TypeManager(); + TypeManager typeManager = new JacksonTypeManager(); DataspaceServiceExecutor exec=new DataspaceServiceExecutor(monitor,mockController,agentConfig,client,threadedExecutor,typeManager); RdfStore store = new RdfStore(agentConfig,monitor); diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java index 6db36327..e4153271 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java @@ -26,6 +26,7 @@ import okhttp3.*; import org.apache.jena.graph.Node; import org.apache.jena.sparql.core.Quad; +import org.eclipse.edc.json.JacksonTypeManager; import org.eclipse.edc.spi.types.TypeManager; import org.eclipse.tractusx.agents.edc.AgentConfig; import org.junit.jupiter.api.AfterEach; @@ -59,7 +60,7 @@ public class TestDataspaceSynchronizer { ScheduledExecutorService threadedExecutor = Executors.newSingleThreadScheduledExecutor(); RdfStore store = new RdfStore(agentConfig, monitor); - TypeManager typeManager = new TypeManager(); + TypeManager typeManager = new JacksonTypeManager(); DataManagement dm = new DataManagement(monitor, typeManager, client, agentConfig); DataspaceSynchronizer synchronizer = new DataspaceSynchronizer(threadedExecutor, agentConfig, dm, store, monitor); diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java index 36878012..e082f954 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/sparql/TestSparqlProcessor.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import okhttp3.*; import org.apache.jena.sparql.service.ServiceExecutorRegistry; +import org.eclipse.edc.json.JacksonTypeManager; import org.eclipse.edc.spi.monitor.ConsoleMonitor; import org.eclipse.edc.spi.types.TypeManager; import org.eclipse.tractusx.agents.edc.*; @@ -50,7 +51,7 @@ public class TestSparqlProcessor { OkHttpClient client=new OkHttpClient(); AgreementController mockController = new MockAgreementController(); ExecutorService threadedExecutor= Executors.newSingleThreadExecutor(); - TypeManager typeManager = new TypeManager(); + TypeManager typeManager = new JacksonTypeManager(); DataspaceServiceExecutor exec=new DataspaceServiceExecutor(monitor,mockController,agentConfig,client,threadedExecutor,typeManager); RdfStore store = new RdfStore(agentConfig,monitor); diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index db983a0e..8cf3e3d8 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -160,6 +160,26 @@ net.java.dev.jna jna-platform + + com.fasterxml.jackson.core + jackson-annotations + + + com.fasterxml.jackson.core + jackson-core + + + com.fasterxml.jackson.core + jackson-databind + + + com.fasterxml.jackson.datatype + jackson-datatype-jsr310 + + + com.fasterxml.jackson.module + jackson-module-jakarta-xmlbind-annotations + @@ -174,6 +194,12 @@ net.minidev json-smart ${net.minidev.jsonsmart.version} + + + org.ow2.asm + asm + + diff --git a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile index 38010729..43210948 100644 --- a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile +++ b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile @@ -25,7 +25,7 @@ HEALTHCHECK NONE RUN apk update && apk add curl=8.5.0-r0 --no-cache RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar -FROM eclipse-temurin:17-jre-alpine +FROM eclipse-temurin:22_36-jre-alpine ARG APP_USER=docker ARG APP_UID=10100 diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index b087d3ef..5d77f23e 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -153,6 +153,10 @@ com.squareup.okio okio + + io.netty + netty-transport-classes-epoll + @@ -183,6 +187,19 @@ ${awssdk.version} + + + net.minidev + json-smart + ${net.minidev.jsonsmart.version} + + + org.ow2.asm + asm + + + + org.junit.jupiter diff --git a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile index 3a1dca50..e36a378a 100644 --- a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile +++ b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile @@ -24,7 +24,7 @@ HEALTHCHECK NONE RUN apk update && apk add curl=8.5.0-r0 --no-cache RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar -FROM eclipse-temurin:17-jre-alpine +FROM eclipse-temurin:22_36-jre-alpine ARG APP_USER=docker ARG APP_UID=10100 diff --git a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java index d9a55b51..5f09f50f 100644 --- a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java +++ b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -186,7 +186,7 @@ public Builder addKey(String key) { key = null; } } catch (MalformedURLException e) { - monitor.warning("Trying to parse key URL run into error. Ignoring", e); + monitor.debug("Trying to parse key URL run into error. Ignoring", e); } } if (key != null) { diff --git a/pom.xml b/pom.xml index c4a57058..8e67b2c1 100644 --- a/pom.xml +++ b/pom.xml @@ -39,8 +39,8 @@ 5.10.2 5.2.0 - 0.6.0 - 0.5.1 + 0.7.0 + 0.6.1 3.3.2 4.12.0 3.6.0 @@ -50,19 +50,19 @@ 4.0.1 5.0.2 4.9.0 - 1.11.1 - 4.7.3 + 1.11.4 + 4.8.1 2.2 2.5.0 5.13.0 1.0.4 - 1.8.0 - 1.12.2 + 1.9.10 + 1.12.5 4.1.101.Final 1.24.0 11.0.20 - 1.0.39 - 2.22.9 + 1.0.40 + 2.24.10 UTF-8 From d3b53abf578d729356de8522f5decb4707500221 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 23 Apr 2024 15:08:18 +0200 Subject: [PATCH 22/62] fix: trailing spaces in chart. --- charts/agent-plane-azure-vault/values.yaml | 1 - charts/agent-plane/values.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index 4309f46c..f7133ce2 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -293,7 +293,6 @@ configs: ################################################################# @prefix : . @base . - # -- Agent-Specific Settings agent: # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 05ef1d16..5c6d46ca 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -295,7 +295,6 @@ configs: ################################################################# @prefix : . @base . - # -- Agent-Specific Settings agent: # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue From 9055b187b50afc5eb5a1a9780b8689686afa2d8e Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 25 Apr 2024 09:20:09 +0200 Subject: [PATCH 23/62] fix: http client configguration override adopted to EDC 0.6.1 upstream --- .../org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java index 6b1e2d67..05298ab3 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/HttpClientFactory.java @@ -51,7 +51,7 @@ public class HttpClientFactory { httpDataSourceFactory = HttpClientFactory.class.getClassLoader().loadClass("org.eclipse.edc.connector.dataplane.http.pipeline.HttpDataSourceFactory"); httpClient = httpDataSourceFactory.getDeclaredField("httpClient"); httpClient.setAccessible(true); - okHttpClient = HttpClientFactory.class.getClassLoader().loadClass("org.eclipse.edc.connector.core.base.EdcHttpClientImpl").getDeclaredField("okHttpClient"); + okHttpClient = HttpClientFactory.class.getClassLoader().loadClass("org.eclipse.edc.http.client.EdcHttpClientImpl").getDeclaredField("okHttpClient"); okHttpClient.setAccessible(true); connectTimeoutMillis = OkHttpClient.class.getDeclaredField("connectTimeoutMillis"); connectTimeoutMillis.setAccessible(true); From 7120f2ea3e4af907cf3d56898ab86eae69036f17 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 25 Apr 2024 11:06:34 +0200 Subject: [PATCH 24/62] fix: jackson dependencies completed and homogenized. --- agent-plane/agent-plane-protocol/pom.xml | 37 ++++++++++++++++++++++ agent-plane/agentplane-azure-vault/pom.xml | 26 ++++----------- pom.xml | 1 + 3 files changed, 44 insertions(+), 20 deletions(-) diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 7e126f44..e1f2c591 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -304,6 +304,42 @@ + + com.fasterxml.jackson.dataformat + jackson-dataformat-toml + ${jackson.version} + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-xml + ${jackson.version} + + + + com.fasterxml.jackson.dataformat + jackson-dataformat-yaml + ${jackson.version} + + + + com.fasterxml.jackson.jakarta.rs + jackson-jakarta-rs-base + ${jackson.version} + + + + com.fasterxml.jackson.jakarta.rs + jackson-jakarta-rs-json-provider + ${jackson.version} + + + + com.fasterxml.jackson.module + jackson-module-jakarta-xmlbind-annotations + ${jackson.version} + + software.amazon.awssdk @@ -397,6 +433,7 @@ ${slf4j.version} provided + org.junit.jupiter diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 8cf3e3d8..8cdfad00 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -160,29 +160,15 @@ net.java.dev.jna jna-platform - - com.fasterxml.jackson.core - jackson-annotations - - - com.fasterxml.jackson.core - jackson-core - - - com.fasterxml.jackson.core - jackson-databind - - - com.fasterxml.jackson.datatype - jackson-datatype-jsr310 - - - com.fasterxml.jackson.module - jackson-module-jakarta-xmlbind-annotations - + + org.yaml snakeyaml diff --git a/pom.xml b/pom.xml index 8e67b2c1..2a7d49a0 100644 --- a/pom.xml +++ b/pom.xml @@ -52,6 +52,7 @@ 4.9.0 1.11.4 4.8.1 + 2.17.0 2.2 2.5.0 5.13.0 From 3290298d8f2944a8cd4647617bbca9ad08e14f5e Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 25 Apr 2024 11:33:22 +0200 Subject: [PATCH 25/62] fix: mitigate some CVE's in dependencies. --- agent-plane/agent-plane-protocol/pom.xml | 33 ++++++++++++++++++++++ agent-plane/agentplane-azure-vault/pom.xml | 6 ---- pom.xml | 6 ++-- 3 files changed, 36 insertions(+), 9 deletions(-) diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index e1f2c591..5989490b 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -384,12 +384,45 @@ ${netty.nio.core-http2.version} + + io.netty + netty-resolver-dns + ${netty.nio.core-http2.version} + + + + io.netty + netty-handler-proxy + ${netty.nio.core-http2.version} + + + + io.netty + netty-resolver-dns-native-macos + ${netty.nio.core-http2.version} + osx-x86_64 + + + + io.netty + netty-transport-native-kqueue + ${netty.nio.core-http2.version} + osx-x86_64 + + + io.netty netty-handler ${netty.nio.core-http2.version} + + io.netty + netty-transport-classes-epoll + ${netty.nio.core-http2.version} + + org.apache.commons commons-compress diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 8cdfad00..e22f9e9f 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -163,12 +163,6 @@ - - org.yaml snakeyaml diff --git a/pom.xml b/pom.xml index 2a7d49a0..5c76fd08 100644 --- a/pom.xml +++ b/pom.xml @@ -59,10 +59,10 @@ 1.0.4 1.9.10 1.12.5 - 4.1.101.Final - 1.24.0 + 4.1.108.Final + 1.26.0 11.0.20 - 1.0.40 + 1.0.44 2.24.10 From ee9ccc1ae1177a5a036c526bb0f8ee5fe500089b Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 25 Apr 2024 11:35:25 +0200 Subject: [PATCH 26/62] chore: refresh dependencies. --- DEPENDENCIES | 69 +++++++++++++++++++++++++++------------------------- 1 file changed, 36 insertions(+), 33 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 8840b02f..bfbae920 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -14,16 +14,16 @@ maven/mavencentral/com.azure/azure-storage-internal-avro/12.10.2, MIT, approved, maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672 maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665 maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671 -maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.15.2, Apache-2.0, approved, #9160 -maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.13.5, Apache-2.0, approved, #3768 -maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.1, Apache-2.0, approved, #8802 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.0, Apache-2.0, approved, #14192 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.0, Apache-2.0, approved, #13666 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.0, Apache-2.0, approved, #13669 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.0, Apache-2.0, approved, #14161 +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.5, Apache-2.0, approved, clearlydefined maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.0, Apache-2.0, approved, #14160 -maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.15.1, Apache-2.0, approved, #9235 -maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.15.1, Apache-2.0, approved, #9236 -maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.15.1, Apache-2.0, approved, #9241 -maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.15.3, Apache-2.0, approved, #9241 -maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.4.0, Apache-2.0, approved, #5309 +maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.17.0, Apache-2.0, approved, #14194 +maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.17.0, Apache-2.0, approved, #14195 +maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.17.0, Apache-2.0, approved, #13668 +maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.6.1, Apache-2.0, approved, #12789 maven/mavencentral/com.github.andrewoma.dexx/collection/0.7, MIT, approved, CQ22160 maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.6, Apache-2.0, approved, clearlydefined maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346 @@ -46,9 +46,10 @@ maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, maven/mavencentral/com.squareup.okhttp3/okhttp/4.12.0, Apache-2.0, approved, #11156 maven/mavencentral/com.squareup.okio/okio-jvm/3.6.0, Apache-2.0, approved, #11158 maven/mavencentral/com.squareup.okio/okio/3.6.0, Apache-2.0, approved, #11155 +maven/mavencentral/com.sun.activation/jakarta.activation/2.0.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/commons-cli/commons-cli/1.5.0, Apache-2.0, approved, clearlydefined maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641 -maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745 +maven/mavencentral/commons-io/commons-io/2.15.1, Apache-2.0, approved, #11244 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #9178 maven/mavencentral/dev.failsafe/failsafe/3.3.2, Apache-2.0, approved, #9268 maven/mavencentral/io.github.classgraph/classgraph/4.8.154, MIT, approved, CQ22530 @@ -56,34 +57,37 @@ maven/mavencentral/io.micrometer/micrometer-commons/1.12.5, Apache-2.0 AND (Apac maven/mavencentral/io.micrometer/micrometer-core/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678 maven/mavencentral/io.micrometer/micrometer-observation/1.12.5, Apache-2.0, approved, #11680 maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.1, Apache-2.0, approved, #9805 -maven/mavencentral/io.netty/netty-buffer/4.1.101.Final, Apache-2.0, approved, CQ21842 -maven/mavencentral/io.netty/netty-codec-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-http2/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec-socks/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-codec/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-common/4.1.101.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 -maven/mavencentral/io.netty/netty-handler-proxy/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-handler/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.101.Final, Apache-2.0, approved, #6367 -maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.101.Final, Apache-2.0, approved, #7004 -maven/mavencentral/io.netty/netty-resolver-dns/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-resolver/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-buffer/4.1.108.Final, Apache-2.0, approved, CQ21842 +maven/mavencentral/io.netty/netty-codec-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-http2/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec-socks/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-codec/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-common/4.1.108.Final, Apache-2.0 AND MIT AND CC0-1.0, approved, CQ21843 +maven/mavencentral/io.netty/netty-handler-proxy/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-handler/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.108.Final, Apache-2.0, approved, #6367 +maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.108.Final, Apache-2.0, approved, #7004 +maven/mavencentral/io.netty/netty-resolver-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-resolver/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.62.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 maven/mavencentral/io.netty/netty-tcnative-classes/2.0.62.Final, Apache-2.0, approved, clearlydefined -maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.100.Final, Apache-2.0, approved, #6366 -maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.101.Final, Apache-2.0, approved, #6366 -maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.101.Final, Apache-2.0, approved, #4107 +maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.108.Final, Apache-2.0, approved, #6366 +maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.108.Final, Apache-2.0, approved, #4107 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-transport/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 +maven/mavencentral/io.netty/netty-transport/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684 maven/mavencentral/io.opentelemetry/opentelemetry-api/1.32.0, Apache-2.0, approved, #11682 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.32.0, Apache-2.0, approved, #11683 maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.40, Apache-2.0, approved, #9687 +maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.44, Apache-2.0, approved, #9687 maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.40, Apache-2.0, approved, #11661 +maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.44, Apache-2.0, approved, #11661 maven/mavencentral/io.projectreactor/reactor-core/3.4.34, Apache-2.0, approved, #7517 +maven/mavencentral/io.projectreactor/reactor-core/3.4.37, Apache-2.0, approved, #7517 maven/mavencentral/io.prometheus/simpleclient/0.16.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.prometheus/simpleclient_common/0.16.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.prometheus/simpleclient_tracer_common/0.16.0, Apache-2.0, approved, clearlydefined @@ -102,12 +106,11 @@ maven/mavencentral/jakarta.json/jakarta.json-api/2.1.3, EPL-2.0 OR GPL-2.0-only maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jta maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest -maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb +maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/javax.servlet/javax.servlet-api/4.0.1, (CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ16125 maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.1, Apache-2.0, approved, #7164 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.1, Apache-2.0 AND BSD-3-Clause, approved, #7163 -maven/mavencentral/net.bytebuddy/byte-buddy/1.14.11, Apache-2.0 AND BSD-3-Clause, approved, #7163 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.9, Apache-2.0 AND BSD-3-Clause, approved, #7163 maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #6707 maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390 @@ -115,9 +118,9 @@ maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later maven/mavencentral/net.minidev/accessors-smart/2.5.0, Apache-2.0, approved, clearlydefined maven/mavencentral/net.minidev/json-smart/2.5.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.apache.commons/commons-compress/1.24.0, Apache-2.0 AND BSD-3-Clause AND bzip2-1.0.6 AND LicenseRef-Public-Domain, approved, #10368 +maven/mavencentral/org.apache.commons/commons-compress/1.26.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #13288 maven/mavencentral/org.apache.commons/commons-csv/1.10.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.apache.commons/commons-lang3/3.14.0, Apache-2.0, approved, #11677 maven/mavencentral/org.apache.commons/commons-pool2/2.12.0, Apache-2.0 AND LicenseRef-Public-Domain, approved, #10843 maven/mavencentral/org.apache.httpcomponents/httpclient-cache/4.5.14, Apache-2.0, approved, CQ11714 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 @@ -146,7 +149,7 @@ maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approv maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435 maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined -maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.1, BSD-2-Clause, approved, #2670 +maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.2, BSD-2-Clause, approved, #2670 maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.6.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/api-core/0.6.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/api-observability/0.6.1, Apache-2.0, approved, technology.edc From ae73c1b1e5aa766a53acf194e36f9a7357fc305d Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 29 Apr 2024 12:17:41 +0200 Subject: [PATCH 27/62] feat: upgrade to EDC 0.7.0 asset definitions and transfer callback interface (instead of edr callback). --- .../agents/edc/AgreementControllerImpl.java | 22 +++++++++++------ .../agents/edc/service/DataManagement.java | 24 +++++++++++-------- 2 files changed, 29 insertions(+), 17 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java index 977261dc..01250181 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java @@ -28,6 +28,8 @@ import jakarta.ws.rs.WebApplicationException; import jakarta.ws.rs.core.MediaType; import jakarta.ws.rs.core.Response; +import org.eclipse.edc.connector.controlplane.transfer.spi.event.TransferProcessStarted; +import org.eclipse.edc.spi.event.EventEnvelope; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.types.domain.DataAddress; import org.eclipse.edc.spi.types.domain.callback.CallbackAddress; @@ -117,21 +119,27 @@ public String toString() { * @param dataReference contains the actual call token */ @POST - public void receiveEdcCallback(EndpointDataReference dataReference) { - var agreementId = dataReference.getId(); - monitor.debug(String.format("An endpoint data reference for agreement %s has been posted.", agreementId)); + public void receiveEdcCallback(EventEnvelope dataReference) { + var processId = dataReference.getPayload().getTransferProcessId(); + monitor.debug(String.format("An endpoint data reference for agreement %s has been posted.", processId)); synchronized (processStore) { for (Map.Entry process : processStore.entrySet()) { - if (process.getValue().getId().equals(agreementId)) { + if (process.getValue().getId().equals(processId)) { synchronized (endpointStore) { - monitor.debug(String.format("Agreement %s belongs to asset %s.", agreementId, process.getKey())); - endpointStore.put(process.getKey(), dataReference); + monitor.debug(String.format("Agreement %s belongs to asset %s.", processId, process.getKey())); + EndpointDataReference newRef = EndpointDataReference.Builder.newInstance() + .contractId(dataReference.getPayload().getContractId()) + .endpoint(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/endpoint", null)) + .authCode("Authorization") + .authKey(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/authorization", null)) + .build(); + endpointStore.put(process.getKey(), newRef); return; } } } } - monitor.debug(String.format("Agreement %s has no active asset. Guess that came for another plane. Ignoring.", agreementId)); + monitor.debug(String.format("Process %s has no active asset. Guess that came for another plane. Ignoring.", processId)); } /** diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index de1d8fab..fb63af69 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -72,16 +72,15 @@ public class DataManagement { */ public static final String SKILL_ASSET_CREATE_BODY = "{\n" + " \"@context\": {\n" + + " \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"," + " \"rdf\": \"http://www.w3.org/1999/02/22-rdf-syntax-ns#\",\n" + " \"rdfs\": \"http://www.w3.org/2000/01/rdf-schema#\",\n" + " \"cx-common\": \"https://w3id.org/catenax/ontology/common#\",\n" + " \"xsd\": \"http://www.w3.org/2001/XMLSchema#\",\n" + " \"sh\": \"http://www.w3.org/ns/shacl#\"\n" + " },\n" + - " \"asset\": {\n" + - " \"@type\": \"Asset\",\n" + - " \"@id\": \"%1$s\", \n" + - " \"properties\": {\n" + + " \"@id\": \"%1$s\", \n" + + " \"properties\": {\n" + " \"name\": \"%2$s\",\n" + " \"description\": \"%3$s\",\n" + " \"version\": \"%4$s\",\n" + @@ -92,10 +91,9 @@ public class DataManagement { " \"cx-common:implementsProtocol\": \"cx-common:Protocol?w3c:http:SKILL\",\n" + " \"cx-common:distributionMode\": \"%7$s\",\n" + " \"cx-common:isFederated\": \"%8$b^^xsd:boolean\"\n" + - " },\n" + - " \"privateProperties\": {\n" + + " },\n" + + " \"privateProperties\": {\n" + " \"cx-common:query\":%9$s\n" + - " }\n" + " },\n" + " \"dataAddress\": {\n" + " \"id\":\"%1$s\",\n" + @@ -145,14 +143,20 @@ public class DataManagement { " \"type\": \"HttpProxy\"\n" + " },\n" + " \"managedResources\": false,\n" + - " \"privateProperties\": {\n" + - " \"receiverHttpEndpoint\": \"%4$s\"\n" + - " },\n" + " \"protocol\": \"dataspace-protocol-http\",\n" + " \"transferType\": {\n" + " \"contentType\": \"application/octet-stream\",\n" + " \"isFinite\": true\n" + " }\n" + + " \"callbackAddresses\": [\n" + + " {\n" + + " \"transactional\": false,\n" + + " \"uri\": \"%4$s\",\n" + + " \"events\": [\n" + + " \"transfer.process.started\"\n" + + " ],\n" + + " }\n" + + " ] \n" + "}"; public static final String TRANSFER_CHECK_CALL = "%s/v2/transferprocesses/%s"; public static final String AGREEMENT_CHECK_CALL = "%s/v2/contractagreements/%s"; From 20b91672335cff4694e53558a44659a3f7080ec7 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 30 Apr 2024 14:13:10 +0200 Subject: [PATCH 28/62] fix: cleanup code aligned with matchmaking agent. --- .../agents/edc/AgreementControllerImpl.java | 31 +++++++------------ .../agents/edc/service/DataManagement.java | 4 +-- 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java index 01250181..619f1078 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java @@ -121,25 +121,18 @@ public String toString() { @POST public void receiveEdcCallback(EventEnvelope dataReference) { var processId = dataReference.getPayload().getTransferProcessId(); - monitor.debug(String.format("An endpoint data reference for agreement %s has been posted.", processId)); - synchronized (processStore) { - for (Map.Entry process : processStore.entrySet()) { - if (process.getValue().getId().equals(processId)) { - synchronized (endpointStore) { - monitor.debug(String.format("Agreement %s belongs to asset %s.", processId, process.getKey())); - EndpointDataReference newRef = EndpointDataReference.Builder.newInstance() - .contractId(dataReference.getPayload().getContractId()) - .endpoint(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/endpoint", null)) - .authCode("Authorization") - .authKey(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/authorization", null)) - .build(); - endpointStore.put(process.getKey(), newRef); - return; - } - } - } + var assetId = dataReference.getPayload().getAssetId(); + monitor.debug(String.format("A transfer process %s for asset %s has been started.", processId, assetId)); + synchronized (endpointStore) { + EndpointDataReference newRef = EndpointDataReference.Builder.newInstance() + .id(dataReference.getId()) + .contractId(dataReference.getPayload().getContractId()) + .endpoint(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/endpoint", null)) + .authCode("Authorization") + .authKey(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/authorization", null)) + .build(); + endpointStore.put(assetId, newRef); } - monitor.debug(String.format("Process %s has no active asset. Guess that came for another plane. Ignoring.", processId)); } /** @@ -377,7 +370,7 @@ public EndpointDataReference createAgreement(String remoteUrl, String asset) thr monitor.debug(String.format("About to initiate transfer for agreement %s (for asset %s at connector %s)", negotiation.getContractAgreementId(), asset, remoteUrl)); String transferId; - TransferProcess process = null; + TransferProcess process; try { synchronized (processStore) { diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index fb63af69..87e356c4 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -55,8 +55,8 @@ public class DataManagement { /** * some constants when interacting with control plane */ - public static final String DSP_PATH = "%s/api/v1/dsp"; - public static final String CATALOG_CALL = "%s/v2/catalog/request"; + public static final String DSP_PATH = "%1$s/api/v1/dsp"; + public static final String CATALOG_CALL = "%1$s/v2/catalog/request"; // catalog request 0.5.>=1 public static final String CATALOG_REQUEST_BODY = "{" + "\"@context\": {}," + From e6d97467fa132752a776f4316e7a1a6b25733509 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 6 May 2024 08:36:21 +0200 Subject: [PATCH 29/62] fix: debug the transfer process/callback mechanism. --- agent-plane/agent-plane-protocol/README.md | 6 +- .../tractusx/agents/edc/AgentConfig.java | 58 ++++++++++----- .../tractusx/agents/edc/AgentExtension.java | 15 ++++ .../agents/edc/AgreementControllerImpl.java | 8 +-- .../tractusx/agents/edc/jsonld/JsonLd.java | 7 +- .../agents/edc/model/DcatCatalog.java | 9 ++- .../tractusx/agents/edc/model/OdrlPolicy.java | 15 +++- .../agents/edc/service/DataManagement.java | 71 +++++++++++-------- .../edc/service/DataspaceSynchronizer.java | 14 ++-- charts/agent-plane/templates/_helpers.tpl | 12 ++++ .../templates/deployment-dataplane.yaml | 6 +- charts/agent-plane/values.yaml | 4 +- 12 files changed, 154 insertions(+), 71 deletions(-) diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md index 084d7971..a6e34897 100644 --- a/agent-plane/agent-plane-protocol/README.md +++ b/agent-plane/agent-plane-protocol/README.md @@ -104,14 +104,14 @@ See [this sample configuration file](resources/dataplane.properties) | edc.dataplane.token.validation.endpoints. | (X) | http://oem-control-plane:9999/control/token | Additional token validation endpoints to switch between (if multiple control planes) | * | | web.http.callback.port | X | 8187 | Callback endpoint port | | | web.http.callback.path | X | /callback | Callback endpoint path prefix | | -| cx.agent.callback | X | http://oem-data-plane:8187/callback/endpoint-data-reference | Callback endpoint full address as seen from the consuming control plane | | +| cx.agent.callback | X | http://oem-data-plane:8187/callback/transfer-process-started | Callback endpoint full address as seen from the consuming control plane | | | cx.agent.skill.contract | | cx.agent.skill.contract.default=Contract?partner=Skill | Id/IRI of the default contract put in the cx-common:publishedUnderContract property for new skills | | | cx.agent.dataspace.synchronization | | -1 / 60000 | If positive, number of seconds between each catalogue synchronization attempt | | | cx.agent.service.allow | | (http|edc)s?://.* | Regular expression for determining which IRIs are allowed in SERVICE calls (on top level/federated data catalogue) | | | cx.agent.service.deny | | ^$ | Regular expression for determining which IRIs are denied in SERVICE calls (on top level/federated data catalogue) | | | | cx.agent.service.asset.allow | | (http|edc)s://.* | Regular expression for determining which IRIs are allowed in delegated SERVICE calls (if not overriden by the cx-common:allowServicePattern address property) | | | cx.agent.service.asset.deny | | ^$ | Regular expression for determining which IRIs are denied in delegated SERVICE calls (it not overridden by the cx-common:denyServicePattern address property) | | | -| cx.agent.dataspace.remotes | | http://consumer-edc-control:8282,http://tiera-edc-control:8282 | business partner control plane protocol urls to synchronize with (if using internal matchmaking) | L | +| cx.agent.dataspace.remotes | | BPNL00000003COJN=http://oem-control-plane:8084,BPNL00000003CPIY=http://tiera-control-plane:8084 | business partner control plane protocol urls wkth associated partner ids to synchronize with (if using internal matchmaking) | L | | cx.agent.sparql.verbose | | false | Controls the verbosity of the SparQL Engine | | | cx.agent.threadpool.size | | 4 | Number of threads pooled for any concurrent batch calls and synchronisation actions | | | cx.agent.federation.batch.max | | 9223372036854775807 / 8 | Maximal number of tuples to send in one query | | @@ -121,5 +121,5 @@ See [this sample configuration file](resources/dataplane.properties) | cx.agent.read.timeout | | 1080000 | Number of milliseconds after which a reading attempt is regarded as stale | | | cx.agent.call.timeout | | | Number of milliseconds after which a complete call is regarded as stale | | | cx.agent.write.timeout | | | Number of milliseconds after which a write attempt is regarded as stale | | -| cx.agent.edc.version | | 0.5.1 | Version of the TX EDC that is used (in case that management/transfer API changes) | | +| cx.agent.edc.version | | 0.7.0 | Version of the TX EDC that is used (in case that management/transfer API changes) | | diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java index 75532cb0..08d349de 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java @@ -19,7 +19,9 @@ import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.system.configuration.Config; +import java.util.HashMap; import java.util.Map; +import java.util.UUID; import java.util.regex.Pattern; /** @@ -49,20 +51,20 @@ public class AgentConfig { public static final String NEGOTIATION_TIMEOUT_PROPERTY = "cx.agent.negotiation.timeout"; public static final long DEFAULT_NEGOTIATION_TIMEOUT = 30000; - + public static final String NEGOTIATION_POLLINTERVAL_PROPERTY = "cx.agent.negotiation.poll"; public static final long DEFAULT_NEGOTIATION_POLLINTERVAL = 1000; - + public static final String DATASPACE_SYNCINTERVAL_PROPERTY = "cx.agent.dataspace.synchronization"; public static final long DEFAULT_DATASPACE_SYNCINTERVAL = -1; - + public static final String DATASPACE_SYNCCONNECTORS_PROPERTY = "cx.agent.dataspace.remotes"; - + public static final String VALIDATION_ENDPOINTS = "edc.dataplane.token.validation.endpoints"; - + public static final String FEDERATION_SERVICE_BATCH_SIZE = "cx.agent.federation.batch.max"; public static final long DEFAULT_FEDERATION_SERVICE_BATCH_SIZE = Long.MAX_VALUE; - + public static final String THREAD_POOL_SIZE = "cx.agent.threadpool.size"; public static final int DEFAULT_THREAD_POOL_SIZE = 4; @@ -89,7 +91,7 @@ public class AgentConfig { public static final String DEFAULT_SERVICE_DENY_ASSET_PATTERN = "^$"; public static final String TX_EDC_VERSION_PROPERTY = "cx.agent.edc.version"; - + public static final String MATCHMAKING_URL = "cx.agent.matchmaking"; /** @@ -99,7 +101,7 @@ public class AgentConfig { protected final Pattern serviceDenyPattern; protected final Pattern serviceAssetAllowPattern; protected final Pattern serviceAssetDenyPattern; - + /** * references to EDC services */ @@ -110,7 +112,7 @@ public class AgentConfig { * creates the typed config * * @param monitor logger - * @param config untyped config + * @param config untyped config */ public AgentConfig(Monitor monitor, Config config) { this.monitor = monitor; @@ -242,19 +244,37 @@ public long getDataspaceSynchronizationInterval() { return config.getLong(DATASPACE_SYNCINTERVAL_PROPERTY, DEFAULT_DATASPACE_SYNCINTERVAL); } + protected volatile Map knownConnectors; + /** * access * - * @return array of connector urls to synchronize, null if no sync + * @return map of business partner ids to connector urls to synchronize with, null if no sync */ - public String[] getDataspaceSynchronizationConnectors() { - String[] connectors = config.getString(DATASPACE_SYNCCONNECTORS_PROPERTY, "").split(","); - if (connectors.length == 1 && (connectors[0] == null || connectors[0].length() == 0)) { - return null; + public Map getDataspaceSynchronizationConnectors() { + if (knownConnectors == null) { + synchronized (config) { + if (knownConnectors == null) { + knownConnectors = new HashMap<>(); + String[] connectors = config.getString(DATASPACE_SYNCCONNECTORS_PROPERTY, "").split(","); + for (String connector : connectors) { + String[] entry = connector.split("="); + if (entry.length > 0) { + String key = UUID.randomUUID().toString(); + String value = entry[0]; + if (entry.length > 1) { + key = entry[0]; + value = entry[1]; + } + knownConnectors.put(key, value); + } + } + } + } } - return connectors; + return knownConnectors; } - + /** * access * @@ -326,7 +346,7 @@ public Integer getCallTimeout() { public String getDefaultSkillContract() { return config.getString(DEFAULT_SKILL_CONTRACT_PROPERTY, null); } - + /** * access * @@ -380,7 +400,7 @@ public String getEdcVersion() { public boolean isPrerelease() { return getEdcVersion().compareTo("0.5.0") <= 0; } - + /** * access * @@ -389,5 +409,5 @@ public boolean isPrerelease() { public String getMatchmakingAgentUrl() { return config.getString(MATCHMAKING_URL, null); } - + } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java index 569f9867..bb2c8cd3 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java @@ -22,12 +22,15 @@ import org.apache.jena.sparql.service.ServiceExecutorRegistry; import org.eclipse.edc.connector.dataplane.http.params.HttpRequestFactory; import org.eclipse.edc.connector.dataplane.http.spi.HttpRequestParamsProvider; +import org.eclipse.edc.connector.dataplane.spi.Endpoint; +import org.eclipse.edc.connector.dataplane.spi.iam.PublicEndpointGeneratorService; import org.eclipse.edc.connector.dataplane.spi.pipeline.PipelineService; import org.eclipse.edc.http.spi.EdcHttpClient; import org.eclipse.edc.runtime.metamodel.annotation.Inject; import org.eclipse.edc.runtime.metamodel.annotation.Requires; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.security.Vault; +import org.eclipse.edc.spi.system.Hostname; import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; import org.eclipse.edc.spi.types.TypeManager; @@ -87,6 +90,10 @@ public class AgentExtension implements ServiceExtension { protected EdcHttpClient edcHttpClient; @Inject protected OkHttpClient httpClient; + @Inject + private PublicEndpointGeneratorService generatorService; + @Inject + private Hostname hostname; /** * refers a scheduler @@ -169,6 +176,14 @@ public void initialize(ServiceExtensionContext context) { HttpRequestFactory httpRequestFactory = new HttpRequestFactory(); AgentSourceFactory sourceFactory = new AgentSourceFactory(edcHttpClient, new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor), monitor, httpRequestFactory, processor, skillStore); pipelineService.registerFactory(sourceFactory); + + var publicEndpoint = context.getSetting("edc.dataplane.api.public.baseurl", null); + if (publicEndpoint == null) { + publicEndpoint = String.format("http://%s:%d%s", hostname.get(), context.getSetting("web.http.public.port", 8185), context.getSetting("web.http.public.path", "/api/public")); + } + var endpoint = Endpoint.url(publicEndpoint); + generatorService.addGeneratorFunction(AgentProtocol.SPARQL_HTTP.getProtocolId(), dataAddress -> endpoint); + generatorService.addGeneratorFunction(AgentProtocol.SKILL_HTTP.getProtocolId(), dataAddress -> endpoint); } /** diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java index 619f1078..00019ee4 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -61,7 +61,7 @@ * An endpoint/service that receives information from the control plane */ @Consumes({MediaType.APPLICATION_JSON}) -@Path("/endpoint-data-reference") +@Path("/transfer-process-started") public class AgreementControllerImpl implements AgreementController { /** @@ -128,8 +128,8 @@ public void receiveEdcCallback(EventEnvelope dataReferen .id(dataReference.getId()) .contractId(dataReference.getPayload().getContractId()) .endpoint(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/endpoint", null)) - .authCode("Authorization") - .authKey(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/authorization", null)) + .authKey("Authorization") + .authCode(dataReference.getPayload().getDataAddress().getStringProperty("https://w3id.org/edc/v0.0.1/ns/authorization", null)) .build(); endpointStore.put(assetId, newRef); } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java index 84c6adda..67d3e2d7 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/jsonld/JsonLd.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -37,6 +37,7 @@ import java.util.Map; import java.util.stream.Collectors; + /** * base facility to deal with EDC specific JSONLD structures */ @@ -134,6 +135,10 @@ public static JSONTYPE processJsonLd(JSONTYPE sourc prefix = prefix + ":"; } prop = prefix + prop.substring(colonIndex + 1); + } else { + if (!prop.startsWith("@") && namespaces.containsKey("@vocab")) { + prop = namespaces.get("@vocab") + prop; + } } object.add(prop, processJsonLd(value, namespaces)); }); diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java index a84cf32e..7e9193ed 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/DcatCatalog.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -32,7 +32,10 @@ public class DcatCatalog extends JsonLdObject { public DcatCatalog(JsonObject node) { super(node); - JsonValue dataset = node.get("https://www.w3.org/ns/dcat/dataset"); + JsonValue dataset = node.getOrDefault( + "https://www.w3.org/ns/dcat/dataset", + node.get("http://www.w3.org/ns/dcat#dataset") + ); if (dataset != null) { if (dataset.getValueType() == JsonValue.ValueType.ARRAY) { for (JsonValue ds : dataset.asJsonArray()) { @@ -45,7 +48,7 @@ public DcatCatalog(JsonObject node) { } public String getParticipantId() { - return object.getString("https://w3id.org/edc/v0.0.1/ns/participantId", "anonymous"); + return object.getString("https://w3id.org/dspace/v0.8/participantId", "anonymous"); } public List getDatasets() { diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java index e40e3b2f..d0c5fc0f 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/model/OdrlPolicy.java @@ -1,4 +1,4 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation +// Copyright (c) 2022,2024 Contributors to the Eclipse Foundation // // See the NOTICE file(s) distributed with this work for additional // information regarding copyright ownership. @@ -17,6 +17,7 @@ package org.eclipse.tractusx.agents.edc.model; import jakarta.json.JsonObject; +import org.eclipse.tractusx.agents.edc.jsonld.JsonLd; import org.eclipse.tractusx.agents.edc.jsonld.JsonLdObject; /** @@ -28,4 +29,16 @@ public OdrlPolicy(JsonObject node) { super(node); } + public String getPermissionAsString() { + return JsonLd.asString(object.get("http://www.w3.org/ns/odrl/2/permission")); + } + + public String getObligationAsString() { + return JsonLd.asString(object.get("http://www.w3.org/ns/odrl/2/obligation")); + } + + public String getProhibitionAsString() { + return JsonLd.asString(object.get("http://www.w3.org/ns/odrl/2/prohibition")); + } + } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index 87e356c4..cc7e35fa 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -43,6 +43,7 @@ import java.net.URLEncoder; import java.nio.charset.StandardCharsets; import java.util.List; +import java.util.UUID; import static java.lang.String.format; @@ -61,8 +62,9 @@ public class DataManagement { public static final String CATALOG_REQUEST_BODY = "{" + "\"@context\": {}," + "\"protocol\": \"dataspace-protocol-http\"," + - "\"counterPartyAddress\": \"%1$s\", " + - "\"querySpec\": %2$s }"; + "\"counterPartyAddress\": \"%2$s\", " + + "\"counterPartyId\": \"%1$s\", " + + "\"querySpec\": %3$s }"; public static final String ASSET_CREATE_CALL = "%1$s%2$s/assets"; public static final String ASSET_UPDATE_CALL = "%1$s%2$s/assets/%3$s"; @@ -113,19 +115,25 @@ public class DataManagement { public static final String ASSET_CALL = "%s%s/assets/request"; // negotiation request 0.5.>=1 - public static final String NEGOTIATION_REQUEST_BODY = "{\n" + - "\"@context\": { \"odrl\": \"http://www.w3.org/ns/odrl/2/\"},\n" + - "\"@type\": \"NegotiationInitiateRequestDto\",\n" + - "\"connectorAddress\": \"%1$s\",\n" + - "\"protocol\": \"dataspace-protocol-http\",\n" + - "\"providerId\": \"%3$s\",\n" + - "\"connectorId\": \"%2$s\",\n" + - "\"offer\": {\n" + - " \"offerId\": \"%4$s\",\n" + - " \"assetId\": \"%5$s\",\n" + - " \"policy\": %6$s\n" + - "}\n" + - "}"; + public static final String NEGOTIATION_REQUEST_BODY = + "{\n" + + " \"@context\": {\n" + + " \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" + + " },\n" + + " \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n" + + " \"counterPartyAddress\": \"%1$s\",\n" + + " \"protocol\": \"dataspace-protocol-http\",\n" + + " \"policy\": {\n" + + " \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n" + + " \"@type\": \"odrl:Offer\",\n" + + " \"@id\": \"%4$s\",\n" + + " \"target\": \"%5$s\",\n" + + " \"assigner\": \"%3$s\",\n" + + " \"odrl:permission\": %6$s,\n" + + " \"odrl:prohibition\": %7$s,\n" + + " \"odrl:obligation\": %8$s\n" + + " }\n" + + "}"; public static final String NEGOTIATION_INITIATE_CALL = "%s/v2/contractnegotiations"; public static final String NEGOTIATION_CHECK_CALL = "%s/v2/contractnegotiations/%s"; @@ -133,28 +141,25 @@ public class DataManagement { public static final String TRANSFER_REQUEST_BODY = "{\n" + " \"@context\": {\n" + - " \"odrl\": \"http://www.w3.org/ns/odrl/2/\"\n" + + " \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" + " },\n" + + " \"@type\": \"TransferRequest\",\n" + " \"assetId\": \"%1$s\",\n" + - " \"connectorAddress\": \"%2$s\",\n" + - " \"connectorId\": \"%5$s\",\n" + " \"contractId\": \"%3$s\",\n" + + " \"counterPartyAddress\": \"%2$s\",\n" + " \"dataDestination\": {\n" + " \"type\": \"HttpProxy\"\n" + " },\n" + - " \"managedResources\": false,\n" + " \"protocol\": \"dataspace-protocol-http\",\n" + - " \"transferType\": {\n" + - " \"contentType\": \"application/octet-stream\",\n" + - " \"isFinite\": true\n" + - " }\n" + + " \"transferType\": \"HttpData-PULL\",\n" + + " \"privateProperties\": {},\n" + " \"callbackAddresses\": [\n" + " {\n" + " \"transactional\": false,\n" + " \"uri\": \"%4$s\",\n" + " \"events\": [\n" + " \"transfer.process.started\"\n" + - " ],\n" + + " ]\n" + " }\n" + " ] \n" + "}"; @@ -198,20 +203,24 @@ public DcatCatalog findContractOffers(String remoteControlPlaneIdsUrl, String as QuerySpec findAsset = QuerySpec.Builder.newInstance().filter( List.of(new Criterion("https://w3id.org/edc/v0.0.1/ns/id", "=", assetId)) ).build(); - return getCatalog(remoteControlPlaneIdsUrl, findAsset); + String partnerId = config.getDataspaceSynchronizationConnectors().entrySet() + .stream().filter(entry -> entry.getValue().equals(remoteControlPlaneIdsUrl)) + .findFirst().map(entry -> entry.getKey()).orElse(UUID.randomUUID().toString()); + return getCatalog(partnerId, remoteControlPlaneIdsUrl, findAsset); } /** * Access the catalogue * + * @param partnerId business partner id * @param remoteControlPlaneIdsUrl url of the remote control plane ids endpoint * @param spec query specification * @return catalog object * @throws IOException in case something went wrong */ - public DcatCatalog getCatalog(String remoteControlPlaneIdsUrl, QuerySpec spec) throws IOException { + public DcatCatalog getCatalog(String partnerId, String remoteControlPlaneIdsUrl, QuerySpec spec) throws IOException { var url = String.format(CATALOG_CALL, config.getControlPlaneManagementUrl()); - var catalogSpec = String.format(CATALOG_REQUEST_BODY, String.format(DSP_PATH, remoteControlPlaneIdsUrl), objectMapper.writeValueAsString(spec)); + var catalogSpec = String.format(CATALOG_REQUEST_BODY, partnerId, String.format(DSP_PATH, remoteControlPlaneIdsUrl), objectMapper.writeValueAsString(spec)); var request = new Request.Builder().url(url).post(RequestBody.create(catalogSpec, MediaType.parse("application/json"))); config.getControlPlaneManagementHeaders().forEach(request::addHeader); @@ -388,7 +397,10 @@ public String initiateNegotiation(ContractNegotiationRequest negotiationRequest) negotiationRequest.getRemoteBusinessPartnerNumber(), negotiationRequest.getOffer().getOfferId(), negotiationRequest.getOffer().getAssetId(), - negotiationRequest.getOffer().getPolicy().asString()); + negotiationRequest.getOffer().getPolicy().getPermissionAsString(), + negotiationRequest.getOffer().getPolicy().getObligationAsString(), + negotiationRequest.getOffer().getPolicy().getProhibitionAsString() + ); var requestBody = RequestBody.create(negotiateSpec, MediaType.parse("application/json")); @@ -490,8 +502,7 @@ public String initiateHttpProxyTransferProcess(TransferRequest transferRequest) transferRequest.getAssetId(), transferRequest.getConnectorAddress(), transferRequest.getContractId(), - transferRequest.getCallbackAddresses().get(0).getUri(), - transferRequest.getConnectorAddress()); + transferRequest.getCallbackAddresses().get(0).getUri()); var requestBody = RequestBody.create(transferSpec, MediaType.parse("application/json")); diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java index d670322b..52a4753c 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java @@ -183,9 +183,9 @@ public synchronized void start() { if (!isStarted) { isStarted = true; long interval = config.getDataspaceSynchronizationInterval(); - String[] connectors = config.getDataspaceSynchronizationConnectors(); - if (interval > 0 && connectors != null && connectors.length > 0) { - monitor.info(String.format("Starting dataspace synchronization on %d connectors with interval %d milliseconds", connectors.length, interval)); + Map connectors = config.getDataspaceSynchronizationConnectors(); + if (interval > 0 && connectors != null && connectors.size() > 0) { + monitor.info(String.format("Starting dataspace synchronization on %d connectors with interval %d milliseconds", connectors.size(), interval)); service.schedule(this, interval, TimeUnit.MILLISECONDS); } } @@ -209,16 +209,16 @@ public synchronized void shutdown() { public void run() { monitor.debug("Synchronization run has been started"); if (isStarted) { - for (String remote : config.getDataspaceSynchronizationConnectors()) { + for (Map.Entry remote : config.getDataspaceSynchronizationConnectors().entrySet()) { if (isStarted) { monitor.debug(String.format("About to synchronize remote connector %s", remote)); rdfStore.startTx(); try { - DcatCatalog catalog = dataManagement.getCatalog(remote, FEDERATED_ASSET_QUERY); + DcatCatalog catalog = dataManagement.getCatalog(remote.getKey(), remote.getValue(), FEDERATED_ASSET_QUERY); Node graph = rdfStore.getDefaultGraph(); - Node connector = NodeFactory.createURI(remote.replace("https", "edcs").replace("http", "edc")); + Node connector = NodeFactory.createURI(remote.getValue().replace("https", "edcs").replace("http", "edc")); deleteConnectorFacts(graph, connector); - addConnectorFacts(remote, catalog, graph, connector); + addConnectorFacts(remote.getValue(), catalog, graph, connector); rdfStore.commit(); } catch (Throwable io) { monitor.warning(String.format("Could not synchronize remote connector %s because of %s. Going ahead.", remote, io)); diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index baf975fd..55e2cf8f 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -197,3 +197,15 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + + +{{/* +join a map +*/}} +{{- define "txdc.remotes" -}} +{{- $res := := dict "servers" (list) -}} +{{- range $bpn, $connector := .Values.agent.connectors -}} +{{- $noop := printf "$s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} +{{- end -}} +{{- join "," $res.servers -}} +{{- end -}} diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 9e12805c..2ccbc106 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -239,7 +239,11 @@ spec: # AGENT SYNC # ################### - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{ join "," $dataplane.agent.connectors | quote }} + value: {{- range $key,$value := $dataplane.endpoints }} + - name: {{ $key }} + containerPort: {{ $value.port }} + protocol: TCP + {{- end }}{{ join "," $dataplane.agent.connectors | quote }} - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - name: "CX_AGENT_FEDERATION_BATCH_MAX" diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 5c6d46ca..d22cc49d 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -303,8 +303,8 @@ agent: - https://w3id.org/catenax/ontology.ttl # -- The synchronization interval in ms to update the federated data catalogue synchronization: -1 - # -- The list of remote connector IDS URLs to synchronize with - connectors: [] + # -- A map of partner ids to remote connector IDS URLs to synchronize with + connectors: {} # -- Names the visible contract under which new skills are published (if not otherwise specified) skillcontract: Contract?partner=Skill # -- Sets the maximal batch size when delegating to agents and services From 7e64c0a912be4f5f0db11d6af75eada9ee9e4b6a Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 6 May 2024 16:35:28 +0200 Subject: [PATCH 30/62] fix: correct logging rendering of the callback endpoint. --- .../eclipse/tractusx/agents/edc/AgreementControllerImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java index 00019ee4..f7c9efb2 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java @@ -110,7 +110,7 @@ public AgreementControllerImpl(Monitor monitor, AgentConfig config, DataManageme */ @Override public String toString() { - return super.toString() + "/endpoint-data-reference"; + return super.toString() + "/transfer-process-started"; } /** From 619c69d90fa8c5f320f498b36de338b05aba692e Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 6 May 2024 18:17:19 +0200 Subject: [PATCH 31/62] fix: skill creation/update needs to escape regexes. --- .../tractusx/agents/edc/service/DataManagement.java | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index cc7e35fa..24572250 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -18,6 +18,7 @@ import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.node.ObjectNode; +import jakarta.json.Json; import jakarta.ws.rs.InternalServerErrorException; import okhttp3.MediaType; import okhttp3.OkHttpClient; @@ -67,7 +68,7 @@ public class DataManagement { "\"querySpec\": %3$s }"; public static final String ASSET_CREATE_CALL = "%1$s%2$s/assets"; - public static final String ASSET_UPDATE_CALL = "%1$s%2$s/assets/%3$s"; + public static final String ASSET_UPDATE_CALL = "%1$s%2$s/assets"; /** * template for skill asset creation @@ -106,8 +107,8 @@ public class DataManagement { " \"proxyMethod\": \"true\",\n" + " \"proxyQueryParams\": \"true\",\n" + " \"proxyBody\": \"true\",\n" + - " \"cx-common:allowServicePattern\": \"%10$s\",\n" + - " \"cx-common:denyServicePattern\": \"%11$s\"\n" + + " \"cx-common:allowServicePattern\": %10$s,\n" + + " \"cx-common:denyServicePattern\": %11$s\n" + " }\n" + "}\n"; @@ -294,7 +295,7 @@ protected IdResponse createOrUpdateAsset(String assetId, String assetSpec) throw } url = String.format(ASSET_UPDATE_CALL, config.getControlPlaneManagementProviderUrl(), version, assetId); - var patchRequest = new Request.Builder().url(url).patch(RequestBody.create(assetSpec, MediaType.parse("application/json"))); + var patchRequest = new Request.Builder().url(url).put(RequestBody.create(assetSpec, MediaType.parse("application/json"))); config.getControlPlaneManagementHeaders().forEach(patchRequest::addHeader); try (var patchResponse = httpClient.newCall(patchRequest.build()).execute()) { @@ -346,6 +347,9 @@ public IdResponse createOrUpdateSkill(String assetId, String name, String descri denyServicePattern = config.getServiceDenyPattern().pattern(); } + allowServicePattern = Json.createValue(allowServicePattern).toString(); + denyServicePattern = Json.createValue(denyServicePattern).toString(); + var assetSpec = String.format(body, assetId, name, description, version, contract, ontologies, distributionMode, isFederated, query, allowServicePattern, denyServicePattern); From 419eaa590ec47117fceac0700cff73435db38c19 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 7 May 2024 12:42:20 +0200 Subject: [PATCH 32/62] fix: add default runMode=ALL for skill registration. remove redundant edc version property. --- .../tractusx/agents/edc/AgentConfig.java | 20 ------------------- .../agents/edc/AgreementControllerImpl.java | 2 +- .../agents/edc/http/AgentController.java | 2 +- .../agents/edc/service/EdcSkillStore.java | 3 +++ 4 files changed, 5 insertions(+), 22 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java index 08d349de..33acd277 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java @@ -90,8 +90,6 @@ public class AgentConfig { public static final String SERVICE_DENY_ASSET_PROPERTY = "cx.agent.service.asset.deny"; public static final String DEFAULT_SERVICE_DENY_ASSET_PATTERN = "^$"; - public static final String TX_EDC_VERSION_PROPERTY = "cx.agent.edc.version"; - public static final String MATCHMAKING_URL = "cx.agent.matchmaking"; /** @@ -383,24 +381,6 @@ public Pattern getServiceAssetDenyPattern() { return serviceAssetDenyPattern; } - /** - * access - * - * @return tx edc version as a string - */ - public String getEdcVersion() { - return config.getString(TX_EDC_VERSION_PROPERTY, "0.5.0"); - } - - /** - * check - * - * @return whether the edc version is less than 23.09 - */ - public boolean isPrerelease() { - return getEdcVersion().compareTo("0.5.0") <= 0; - } - /** * access * diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java index f7c9efb2..ab7fb6d5 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementControllerImpl.java @@ -389,7 +389,7 @@ public EndpointDataReference createAgreement(String remoteUrl, String asset) thr startTime = System.currentTimeMillis(); // EDC 0.5.1 has a problem with the checker configuration and wont process to COMPLETED - String expectedTransferState = config.isPrerelease() ? "COMPLETED" : "STARTED"; + String expectedTransferState = "STARTED"; try { while ((System.currentTimeMillis() - startTime < config.getNegotiationTimeout()) && (process == null || !process.getState().equals(expectedTransferState))) { diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java index c7fb97d9..e88770b5 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java @@ -455,7 +455,7 @@ public Response postSkill(String query, @QueryParam("denyServicesPattern") String denyServicePattern, @QueryParam("ontology") String[] ontologies ) { - monitor.debug(String.format("Received a POST skill request %s %s %s %s %s %b %s %s %s ", asset, name, description, version, contract, mode.getMode(), isFederated, allowServicePattern, denyServicePattern, query)); + monitor.debug(String.format("Received a POST skill request %s %s %s %s %s %b %s %s %s ", asset, name, description, version, contract, mode, isFederated, allowServicePattern, denyServicePattern, query)); Response.ResponseBuilder rb; if (skillStore.put(asset, query, name, description, version, contract, mode, isFederated, allowServicePattern, denyServicePattern, ontologies) != null) { rb = Response.ok(); diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java index c722cdf3..43a48bde 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java @@ -64,6 +64,9 @@ public String put(String key, String skill, String name, String description, Str if (contract == null) { contract = config.getDefaultSkillContract(); } + if (dist == null) { + dist = SkillDistribution.ALL; + } String ontologiesString = String.join(",", ontologies); try { return management.createOrUpdateSkill( From 1cc7858ea9f130d0985411124d7136dca15a222a Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 7 May 2024 17:02:09 +0200 Subject: [PATCH 33/62] feat: upgrade charts to EDC 0.7 and 2405 ssi/iatp functionality --- charts/agent-plane-azure-vault/Chart.yaml | 6 + .../ci/integration-values.yaml | 23 +++ .../templates/_helpers.tpl | 24 ++- .../templates/deployment-dataplane.yaml | 182 +++++++++++++----- .../templates/ingress-dataplane.yaml | 4 +- .../templates/service-dataplane.yaml | 14 +- charts/agent-plane-azure-vault/values.yaml | 60 +++++- charts/agent-plane/Chart.yaml | 6 + charts/agent-plane/ci/integration-values.yaml | 23 +++ charts/agent-plane/templates/_helpers.tpl | 12 +- .../templates/deployment-dataplane.yaml | 182 +++++++++++++----- .../templates/service-dataplane.yaml | 14 +- .../tests/test-dataplane-readiness.yaml | 2 +- charts/agent-plane/values.yaml | 54 +++++- 14 files changed, 445 insertions(+), 161 deletions(-) diff --git a/charts/agent-plane-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml index b33cf33f..36c91683 100644 --- a/charts/agent-plane-azure-vault/Chart.yaml +++ b/charts/agent-plane-azure-vault/Chart.yaml @@ -51,5 +51,11 @@ home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector dependencies: + # PostgreSQL + - name: postgresql + alias: postgresql + version: "15.2.1" + repository: https://charts.bitnami.com/bitnami + condition: install.postgresql maintainers: - name: 'Tractus-X Knowledge Agents Team' diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 6edc9945..d34c4cbc 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -22,12 +22,35 @@ # install: + postgresql: true +image: + repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault + tag: 1.12.19-SNAPSHOT + controlplane: endpoints: management: authKey: "bla" +token: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: "key" + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: "cert" + +iatp: + sts: + oauth: + token_url: "http://keycloak/oauth/token" + client: + id: "dummy" + secret_alias: "dummy" + dim: + url: "http://sts.server" + vault: azure: name: "AZURE_NAME" diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index 28f9e3bb..55abab89 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -1,5 +1,5 @@ # -# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) @@ -168,12 +168,12 @@ Data Control URL (Expects the Chart Root to be accessible via .root, the current Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} {{- define "txdc.dataplane.url.public" -}} -{{- $dataplane := .dataplane -}} -{{- $root := .root -}} -{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- .dataplane.url.public }} +{{- $dataplane := .Values -}} +{{- $root := . -}} +{{- if $dataplane.url.public }}{{/* if public api url has been specified explicitly */}} +{{- $dataplane.url.public }} {{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index .dataplane.ingresses 0) }} +{{- with (index $dataplane.ingresses 0) }} {{- if .enabled }}{{/* if ingress enabled */}} {{- if .tls.enabled }}{{/* if TLS enabled */}} {{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} @@ -197,3 +197,15 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + + +{{/* +join a map +*/}} +{{- define "txdc.remotes" -}} +{{- $res := dict "servers" (list) -}} +{{- range $bpn, $connector := .Values.agent.connectors -}} +{{- $noop := printf "$s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} +{{- end -}} +{{- join "," $res.servers -}} +{{- end -}} diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index bb7e3c3b..34caf9a0 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -3,7 +3,7 @@ {{ $dataplane := .Values }} --- # -# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) @@ -63,11 +63,9 @@ spec: securityContext: {{- toYaml $dataplane.securityContext | nindent 12 }} {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.6.0" }}" - {{- else if $dataplane.agent }} - image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" {{- else }} - image: "tractusx/edc-data-plane-azure-vault:{{ $dataplane.image.tag | default "0.6.0" }}" + image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ $dataplane.image.pullPolicy }} ports: @@ -112,24 +110,88 @@ spec: {{- end }} {{- end }} + ######################## + ## ID CONFIGURATION ## + ######################## + - name: EDC_PARTICIPANT_ID + value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} + ####### # API # ####### + - name: "EDC_API_AUTH_KEY" + value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} + - name: "WEB_HTTP_DEFAULT_PORT" value: {{ $dataplane.endpoints.default.port | quote }} - name: "WEB_HTTP_DEFAULT_PATH" value: {{ $dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ $dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ $dataplane.endpoints.control.path | quote }} - name: "WEB_HTTP_PUBLIC_PORT" value: {{ $dataplane.endpoints.public.port | quote }} - name: "WEB_HTTP_PUBLIC_PATH" value: {{ $dataplane.endpoints.public.path | quote }} + - name: "WEB_HTTP_SIGNALING_PORT" + value: {{ $dataplane.endpoints.signaling.port | quote }} + - name: "WEB_HTTP_SIGNALING_PATH" + value: {{ $dataplane.endpoints.signaling.path | quote }} + - name: "WEB_HTTP_CALLBACK_PORT" + value: {{ $dataplane.endpoints.callback.port | quote }} + - name: "WEB_HTTP_CALLBACK_PATH" + value: {{ $dataplane.endpoints.callback.path | quote }} + - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" value: {{ include "txdc.controlplane.url.validation" $root}} + ########### + ## VAULT ## + ########### + + - name: "EDC_VAULT_CLIENTID" + value: {{ .Values.vault.azure.client | quote }} + - name: "EDC_VAULT_TENANTID" + value: {{ .Values.vault.azure.tenant | quote }} + - name: "EDC_VAULT_NAME" + value: {{ .Values.vault.azure.name | quote }} + # only set the env var if config value not null + {{- if .Values.vault.azure.secret }} + - name: "EDC_VAULT_CLIENTSECRET" + value: {{ .Values.vault.azure.secret | quote }} + {{- end }} + # only set the env var if config value not null + {{- if .Values.vault.azure.certificate }} + - name: "EDC_VAULT_CERTIFICATE" + value: {{ .Values.vault.azure.certificate | quote }} + {{- end }} + + ################## + ## TOKEN REFRESH + ################## + {{- if $dataplane.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ $dataplane.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if $dataplane.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if $dataplane.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ $dataplane.token.refresh.refresh_endpoint }} + {{- else}} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txdc.dataplane.url.public" . }}/token + {{- end}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" + value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" + value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }} + ################### # AUTH (JWT) # ################### @@ -166,50 +228,58 @@ spec: {{- end }} {{- end }} - {{- if $dataplane.endpoints.callback }} + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + {{- range $key, $value := .Values.iatp.trustedIssuers }} + - name: {{- printf "EDC_IAM_TRUSTED-ISSUER_%s_ID" (upper $key) | quote }} + value: {{- $value | quote }} + {{- end }} + + ######################### + ## DATA PLANE PUBLIC API + ######################## + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" + value: {{ include "txdc.dataplane.url.public" . }} ################### # AGENT CALLBACK # ################### - - name: "WEB_HTTP_CALLBACK_PORT" - value: {{ $dataplane.endpoints.callback.port | quote }} - - name: "WEB_HTTP_CALLBACK_PATH" - value: {{ $dataplane.endpoints.callback.path | quote }} - name: "CX_AGENT_CALLBACK" value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - - name: "EDC_API_AUTH_KEY" - value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} - - name: "EDC_PARTICIPANT_ID" - value: {{ $root.Values.participant.id | quote }} - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} - {{- end }} - - {{- if $dataplane.agent }} - - name: "CX_AGENT_EDC_VERSION" - value: {{ $dataplane.agent.edcVersion | quote }} - {{- end }} {{- if $dataplane.agent.matchmaking }} - name: "CX_AGENT_MATCHMAKING" value: {{ $dataplane.agent.matchmaking | quote }} {{- end }} - {{- if $dataplane.agent.default }} + {{- if $dataplane.agent.skillcontract }} + - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" + value: {{ $dataplane.agent.skillcontract | quote }} + {{- end }} + {{- if $dataplane.agent.default }} ############### # AGENT INIT # ############### - name: "CX_AGENT_ASSET_FILE" value: {{ join "," $dataplane.agent.default | quote }} - - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" - value: {{ $dataplane.agent.skillcontract | quote }} {{- end }} - {{- if $dataplane.agent.services }} + {{- if $dataplane.agent.services }} ################### # AGENT SERVICES # ################### @@ -233,18 +303,15 @@ spec: {{- end }} {{- end }} - {{- if $dataplane.agent.connectors }} - ################### # AGENT SYNC # ################### - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{ join "," $dataplane.agent.connectors | quote }} + value: {{- include "txdc.remotes" . }} - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - name: "CX_AGENT_FEDERATION_BATCH_MAX" value: {{ $dataplane.agent.maxbatchsize | quote }} - {{- end }} ####### # AWS # @@ -262,26 +329,39 @@ spec: value: {{ $dataplane.aws.accessKeyId | quote }} {{- end }} - ########### - ## VAULT ## - ########### + ################ + ## POSTGRESQL ## + ################ - - name: "EDC_VAULT_CLIENTID" - value: {{ .Values.vault.azure.client | quote }} - - name: "EDC_VAULT_TENANTID" - value: {{ .Values.vault.azure.tenant | quote }} - - name: "EDC_VAULT_NAME" - value: {{ .Values.vault.azure.name | quote }} - # only set the env var if config value not null - {{- if .Values.vault.azure.secret }} - - name: "EDC_VAULT_CLIENTSECRET" - value: {{ .Values.vault.azure.secret | quote }} - {{- end }} - # only set the env var if config value not null - {{- if .Values.vault.azure.certificate }} - - name: "EDC_VAULT_CERTIFICATE" - value: {{ .Values.vault.azure.certificate | quote }} - {{- end }} + # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/common/store/sql/edr-index-sql + - name: "EDC_DATASOURCE_EDR_NAME" + value: "edr" + - name: "EDC_DATASOURCE_EDR_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_EDR_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_EDR_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + + # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/data-plane-store-sql + - name: "EDC_DATASOURCE_DATAPLANE_NAME" + value: "edr" + - name: "EDC_DATASOURCE_DATAPLANE_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_DATAPLANE_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_DATAPLANE_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + + # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/accesstokendata-store-sql + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_NAME" + value: "edr" + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} ###################################### ## Additional environment variables ## diff --git a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml index 4c035257..4965796b 100644 --- a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml @@ -13,11 +13,11 @@ {{- $annotations := .annotations | default dict }} --- # -# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml index a1d428b7..c543d252 100644 --- a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml @@ -35,27 +35,17 @@ spec: targetPort: default protocol: TCP name: default - - port: {{ $dataplane.endpoints.control.port }} + - port: {{ $dataplane.endpoints.signaling.port }} targetPort: control protocol: TCP - name: control + name: signaling - port: {{ $dataplane.endpoints.public.port }} targetPort: public protocol: TCP name: public - - port: {{ $dataplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - - port: {{ $dataplane.endpoints.proxy.port }} - targetPort: proxy - protocol: TCP - name: proxy - {{- if $dataplane.endpoints.callback }} - port: {{ $dataplane.endpoints.callback.port }} targetPort: callback protocol: TCP name: callback - {{- end }} selector: {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} \ No newline at end of file diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index f7133ce2..b3ac4f2a 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -23,6 +23,10 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +install: + postgresql: false + vault: false + fullnameOverride: "" nameOverride: "" # -- Image registry to use @@ -32,10 +36,37 @@ imagePullSecrets: [] # -- To add some custom labels customLabels: {} +postgresql: + jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" + primary: + persistence: + enabled: false + readReplicas: + persistence: + enabled: false + auth: + database: "edc" + username: "user" + password: "password" + participant: # -- BPN Number id: "" +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + # -- Configures the trusted issuers for this runtime + trustedIssuers: [] + sts: + dim: + url: + oauth: + token_url: + client: + id: + secret_alias: + # -- References to the control plane deployment controlplane: endpoints: @@ -59,6 +90,7 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + # -- the name of the dataplane name: "agentplane" # -- a comma-separated list of supported asset types @@ -114,18 +146,26 @@ endpoints: public: port: 8081 path: /api/public - control: + signaling: port: 8083 - path: /api/dataplane/control - proxy: - port: 8186 - path: /proxy + path: /api/signaling callback: port: 8087 path: /callback - metrics: - port: 9090 - path: /metrics + +token: + refresh: + expiry_seconds: 300 + expiry_tolerance_seconds: 10 + # optional URL that can be provided where clients go to refresh tokens. + refresh_endpoint: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: + # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries auth: # -- the default authentication service @@ -301,8 +341,8 @@ agent: - https://w3id.org/catenax/ontology.ttl # -- The synchronization interval in ms to update the federated data catalogue synchronization: -1 - # -- The list of remote connector IDS URLs to synchronize with - connectors: [] + # -- A map of partner ids to remote connector IDS URLs to synchronize with + connectors: {} # -- Names the visible contract under which new skills are published (if not otherwise specified) skillcontract: Contract?partner=Skill # -- Sets the maximal batch size when delegating to agents and services diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index 08e489ca..698184ae 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -57,5 +57,11 @@ dependencies: version: 0.20.0 repository: https://helm.releases.hashicorp.com condition: install.vault + # PostgreSQL + - name: postgresql + alias: postgresql + version: "15.2.1" + repository: https://charts.bitnami.com/bitnami + condition: install.postgresql maintainers: - name: 'Tractus-X Knowledge Agents Team' diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 94636562..12235b15 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -22,12 +22,35 @@ # install: + postgresql: true +image: + repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp + tag: 1.12.19-SNAPSHOT + controlplane: endpoints: management: authKey: "bla" +token: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: "key" + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: "cert" + +iatp: + sts: + oauth: + token_url: "http://keycloak/oauth/token" + client: + id: "dummy" + secret_alias: "dummy" + dim: + url: "http://sts.server" + vault: azure: name: "AZURE_NAME" diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index 55e2cf8f..55abab89 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -168,12 +168,12 @@ Data Control URL (Expects the Chart Root to be accessible via .root, the current Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} {{- define "txdc.dataplane.url.public" -}} -{{- $dataplane := .dataplane -}} -{{- $root := .root -}} -{{- if .dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- .dataplane.url.public }} +{{- $dataplane := .Values -}} +{{- $root := . -}} +{{- if $dataplane.url.public }}{{/* if public api url has been specified explicitly */}} +{{- $dataplane.url.public }} {{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index .dataplane.ingresses 0) }} +{{- with (index $dataplane.ingresses 0) }} {{- if .enabled }}{{/* if ingress enabled */}} {{- if .tls.enabled }}{{/* if TLS enabled */}} {{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} @@ -203,7 +203,7 @@ Create the name of the service account to use join a map */}} {{- define "txdc.remotes" -}} -{{- $res := := dict "servers" (list) -}} +{{- $res := dict "servers" (list) -}} {{- range $bpn, $connector := .Values.agent.connectors -}} {{- $noop := printf "$s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} {{- end -}} diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 2ccbc106..6f0434da 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -63,11 +63,9 @@ spec: securityContext: {{- toYaml $dataplane.securityContext | nindent 12 }} {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default "0.6.0" }}" - {{- else if $dataplane.agent }} - image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" {{- else }} - image: "tractusx/edc-dataplane-hashicorp-vault:{{ $dataplane.image.tag | default "0.6.0" }}" + image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ $dataplane.image.pullPolicy }} ports: @@ -112,24 +110,87 @@ spec: {{- end }} {{- end }} + ######################## + ## ID CONFIGURATION ## + ######################## + - name: EDC_PARTICIPANT_ID + value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} + - name: "EDC_IAM_ISSUER_ID" + value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} + ####### # API # ####### + - name: "EDC_API_AUTH_KEY" + value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} + - name: "WEB_HTTP_DEFAULT_PORT" value: {{ $dataplane.endpoints.default.port | quote }} - name: "WEB_HTTP_DEFAULT_PATH" value: {{ $dataplane.endpoints.default.path | quote }} - - name: "WEB_HTTP_CONTROL_PORT" - value: {{ $dataplane.endpoints.control.port | quote }} - - name: "WEB_HTTP_CONTROL_PATH" - value: {{ $dataplane.endpoints.control.path | quote }} - name: "WEB_HTTP_PUBLIC_PORT" value: {{ $dataplane.endpoints.public.port | quote }} - name: "WEB_HTTP_PUBLIC_PATH" value: {{ $dataplane.endpoints.public.path | quote }} + - name: "WEB_HTTP_SIGNALING_PORT" + value: {{ $dataplane.endpoints.signaling.port | quote }} + - name: "WEB_HTTP_SIGNALING_PATH" + value: {{ $dataplane.endpoints.signaling.path | quote }} + - name: "WEB_HTTP_CALLBACK_PORT" + value: {{ $dataplane.endpoints.callback.port | quote }} + - name: "WEB_HTTP_CALLBACK_PATH" + value: {{ $dataplane.endpoints.callback.path | quote }} + - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" value: {{ include "txdc.controlplane.url.validation" $root}} + ########### + ## VAULT ## + ########### + + # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault + - name: "EDC_VAULT_HASHICORP_URL" + value: {{ tpl $root.Values.vault.hashicorp.url $root | required ".Values.vault.hashicorp.url is required" | quote }} + - name: "EDC_VAULT_HASHICORP_TOKEN" + value: {{ $root.Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} + - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" + value: {{ $root.Values.vault.hashicorp.timeout | quote }} + - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" + value: {{ $root.Values.vault.hashicorp.healthCheck.enabled | quote }} + - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" + value: {{ $root.Values.vault.hashicorp.healthCheck.standbyOk | quote }} + - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" + value: {{ $root.Values.vault.hashicorp.paths.secret | quote }} + - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" + value: {{ $root.Values.vault.hashicorp.paths.health | quote }} + + ################## + ## TOKEN REFRESH + ################## + {{- if $dataplane.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ $dataplane.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if $dataplane.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if $dataplane.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ $dataplane.token.refresh.refresh_endpoint }} + {{- else}} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txdc.dataplane.url.public" . }}/token + {{- end}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" + value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" + value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }} + ################### # AUTH (JWT) # ################### @@ -166,50 +227,58 @@ spec: {{- end }} {{- end }} - {{- if $dataplane.endpoints.callback }} + ############################# + ## IATP / STS / DIM CONFIG ## + ############################# + - name: "EDC_IAM_STS_OAUTH_TOKEN_URL" + value: {{ .Values.iatp.sts.oauth.token_url | required ".Values.iatp.sts.oauth.token_url is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_ID" + value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} + - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" + value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} + - name: "EDC_IAM_STS_DIM_URL" + value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} + {{- range $key, $value := .Values.iatp.trustedIssuers }} + - name: {{- printf "EDC_IAM_TRUSTED-ISSUER_%s_ID" (upper $key) | quote }} + value: {{- $value | quote }} + {{- end }} + + ######################### + ## DATA PLANE PUBLIC API + ######################## + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" + value: {{ include "txdc.dataplane.url.public" . }} ################### # AGENT CALLBACK # ################### - - name: "WEB_HTTP_CALLBACK_PORT" - value: {{ $dataplane.endpoints.callback.port | quote }} - - name: "WEB_HTTP_CALLBACK_PATH" - value: {{ $dataplane.endpoints.callback.path | quote }} - name: "CX_AGENT_CALLBACK" value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - - name: "EDC_API_AUTH_KEY" - value: {{ $root.Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} - - name: "EDC_PARTICIPANT_ID" - value: {{ $root.Values.participant.id | quote }} - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} - {{- end }} - - {{- if $dataplane.agent }} - - name: "CX_AGENT_EDC_VERSION" - value: {{ $dataplane.agent.edcVersion | quote }} - {{- end }} {{- if $dataplane.agent.matchmaking }} - name: "CX_AGENT_MATCHMAKING" value: {{ $dataplane.agent.matchmaking | quote }} {{- end }} - {{- if $dataplane.agent.default }} + {{- if $dataplane.agent.skillcontract }} + - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" + value: {{ $dataplane.agent.skillcontract | quote }} + {{- end }} + {{- if $dataplane.agent.default }} ############### # AGENT INIT # ############### - name: "CX_AGENT_ASSET_FILE" value: {{ join "," $dataplane.agent.default | quote }} - - name: "CX_AGENT_SKILL_CONTRACT_DEFAULT" - value: {{ $dataplane.agent.skillcontract | quote }} {{- end }} - {{- if $dataplane.agent.services }} + {{- if $dataplane.agent.services }} ################### # AGENT SERVICES # ################### @@ -233,22 +302,15 @@ spec: {{- end }} {{- end }} - {{- if $dataplane.agent.connectors }} - ################### # AGENT SYNC # ################### - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{- range $key,$value := $dataplane.endpoints }} - - name: {{ $key }} - containerPort: {{ $value.port }} - protocol: TCP - {{- end }}{{ join "," $dataplane.agent.connectors | quote }} + value: {{- include "txdc.remotes" . }} - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - name: "CX_AGENT_FEDERATION_BATCH_MAX" value: {{ $dataplane.agent.maxbatchsize | quote }} - {{- end }} ####### # AWS # @@ -266,25 +328,39 @@ spec: value: {{ $dataplane.aws.accessKeyId | quote }} {{- end }} - ########### - ## VAULT ## - ########### + ################ + ## POSTGRESQL ## + ################ - # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault - - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl $root.Values.vault.hashicorp.url $root | required ".Values.vault.hashicorp.url is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ $root.Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ $root.Values.vault.hashicorp.timeout | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ $root.Values.vault.hashicorp.healthCheck.enabled | quote }} - - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ $root.Values.vault.hashicorp.healthCheck.standbyOk | quote }} - - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ $root.Values.vault.hashicorp.paths.secret | quote }} - - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ $root.Values.vault.hashicorp.paths.health | quote }} + # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/common/store/sql/edr-index-sql + - name: "EDC_DATASOURCE_EDR_NAME" + value: "edr" + - name: "EDC_DATASOURCE_EDR_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_EDR_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_EDR_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + + # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/data-plane-store-sql + - name: "EDC_DATASOURCE_DATAPLANE_NAME" + value: "edr" + - name: "EDC_DATASOURCE_DATAPLANE_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_DATAPLANE_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_DATAPLANE_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + + # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/data-plane/store/sql/accesstokendata-store-sql + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_NAME" + value: "edr" + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_USER" + value: {{ .Values.postgresql.auth.username | required ".Values.postgresql.auth.username is required" | quote }} + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_PASSWORD" + value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }} + - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL" + value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} ###################################### ## Additional environment variables ## diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml index a1d428b7..c543d252 100644 --- a/charts/agent-plane/templates/service-dataplane.yaml +++ b/charts/agent-plane/templates/service-dataplane.yaml @@ -35,27 +35,17 @@ spec: targetPort: default protocol: TCP name: default - - port: {{ $dataplane.endpoints.control.port }} + - port: {{ $dataplane.endpoints.signaling.port }} targetPort: control protocol: TCP - name: control + name: signaling - port: {{ $dataplane.endpoints.public.port }} targetPort: public protocol: TCP name: public - - port: {{ $dataplane.endpoints.metrics.port }} - targetPort: metrics - protocol: TCP - name: metrics - - port: {{ $dataplane.endpoints.proxy.port }} - targetPort: proxy - protocol: TCP - name: proxy - {{- if $dataplane.endpoints.callback }} - port: {{ $dataplane.endpoints.callback.port }} targetPort: callback protocol: TCP name: callback - {{- end }} selector: {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} \ No newline at end of file diff --git a/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml index dae9d468..5aa323d9 100644 --- a/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml +++ b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 202,2024 Contributors to the Eclipse Foundation +# Copyright (c) 2023,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index d22cc49d..f7e99251 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -24,7 +24,9 @@ # Declare variables to be passed into your templates. install: + postgresql: false vault: false + fullnameOverride: "" nameOverride: "" # -- Image registry to use @@ -34,10 +36,37 @@ imagePullSecrets: [] # -- To add some custom labels customLabels: {} +postgresql: + jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" + primary: + persistence: + enabled: false + readReplicas: + persistence: + enabled: false + auth: + database: "edc" + username: "user" + password: "password" + participant: # -- BPN Number id: "" +iatp: + # Decentralized IDentifier + id: "did:web:changeme" + # -- Configures the trusted issuers for this runtime + trustedIssuers: [] + sts: + dim: + url: + oauth: + token_url: + client: + id: + secret_alias: + # -- References to the control plane deployment controlplane: endpoints: @@ -61,6 +90,7 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + # -- the name of the dataplane name: "agentplane" # -- a comma-separated list of supported asset types @@ -116,18 +146,26 @@ endpoints: public: port: 8081 path: /api/public - control: + signaling: port: 8083 - path: /api/dataplane/control - proxy: - port: 8186 - path: /proxy + path: /api/signaling callback: port: 8087 path: /callback - metrics: - port: 9090 - path: /metrics + +token: + refresh: + expiry_seconds: 300 + expiry_tolerance_seconds: 10 + # optional URL that can be provided where clients go to refresh tokens. + refresh_endpoint: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: + # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries auth: # -- the default authentication service From 959fb32458ee1e8b378dae0007ca4826551de202 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 7 May 2024 17:03:15 +0200 Subject: [PATCH 34/62] fix: do not use temporary image names and tags in normal workflows. --- charts/agent-plane-azure-vault/ci/integration-values.yaml | 4 ++-- charts/agent-plane/ci/integration-values.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index d34c4cbc..6f1c766c 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -25,8 +25,8 @@ install: postgresql: true image: - repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault - tag: 1.12.19-SNAPSHOT +# repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault +# tag: 1.12.19-SNAPSHOT controlplane: endpoints: diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 12235b15..37a1d9e8 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -25,9 +25,9 @@ install: postgresql: true image: - repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp - tag: 1.12.19-SNAPSHOT - +# repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp +# tag: 1.12.19-SNAPSHOT + controlplane: endpoints: management: From ae6b3da92b43ee05b05b87a2ce3ee2a246ff3c3f Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 7 May 2024 18:14:13 +0200 Subject: [PATCH 35/62] fix: correct callback endpoint name. --- .../agent-plane-azure-vault/templates/deployment-dataplane.yaml | 2 +- charts/agent-plane/ci/integration-values.yaml | 2 +- charts/agent-plane/templates/deployment-dataplane.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index 34caf9a0..e9eaf243 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -254,7 +254,7 @@ spec: # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 37a1d9e8..1603f180 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023 T-Systems International GmbH +# Copyright (c) 2023, 2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 6f0434da..516466db 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -253,7 +253,7 @@ spec: # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/endpoint-data-reference" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" From 0aa1310b71b9920210a425fefe152328af16b232 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Tue, 7 May 2024 18:18:02 +0200 Subject: [PATCH 36/62] fix: helm lint errors. --- .../ci/integration-values.yaml | 18 +++++++++--------- charts/agent-plane/ci/integration-values.yaml | 16 ++++++++-------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 6f1c766c..c67c50bf 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -27,7 +27,7 @@ install: image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault # tag: 1.12.19-SNAPSHOT - + controlplane: endpoints: management: @@ -42,14 +42,14 @@ token: publickey_alias: "cert" iatp: - sts: - oauth: - token_url: "http://keycloak/oauth/token" - client: - id: "dummy" - secret_alias: "dummy" - dim: - url: "http://sts.server" + sts: + oauth: + token_url: "http://keycloak/oauth/token" + client: + id: "dummy" + secret_alias: "dummy" + dim: + url: "http://sts.server" vault: azure: diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 1603f180..a89a0b6d 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -42,14 +42,14 @@ token: publickey_alias: "cert" iatp: - sts: - oauth: - token_url: "http://keycloak/oauth/token" - client: - id: "dummy" - secret_alias: "dummy" - dim: - url: "http://sts.server" + sts: + oauth: + token_url: "http://keycloak/oauth/token" + client: + id: "dummy" + secret_alias: "dummy" + dim: + url: "http://sts.server" vault: azure: From 93f43b988371f4d7c48fcc98cebb49d567f0f3cc Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 11:11:14 +0200 Subject: [PATCH 37/62] fix: get the charts to run sideways with the tx-connector chart in umbrellas. --- .../templates/NOTES.txt | 8 +- .../templates/_helpers.tpl | 88 +++++++++---------- .../templates/configmap-dataplane.yaml | 7 +- .../templates/deployment-dataplane.yaml | 60 ++++++------- .../templates/hpa-dataplane.yaml | 6 +- .../templates/ingress-dataplane.yaml | 6 +- .../templates/service-dataplane.yaml | 21 ++--- .../templates/serviceaccount.yaml | 4 +- .../tests/test-dataplane-readiness.yaml | 7 +- charts/agent-plane/templates/NOTES.txt | 8 +- charts/agent-plane/templates/_helpers.tpl | 88 +++++++++---------- .../templates/configmap-dataplane.yaml | 7 +- .../templates/deployment-dataplane.yaml | 60 ++++++------- .../agent-plane/templates/hpa-dataplane.yaml | 6 +- .../templates/ingress-dataplane.yaml | 6 +- .../templates/service-dataplane.yaml | 21 ++--- .../agent-plane/templates/serviceaccount.yaml | 4 +- .../tests/test-dataplane-readiness.yaml | 7 +- 18 files changed, 196 insertions(+), 218 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/NOTES.txt b/charts/agent-plane-azure-vault/templates/NOTES.txt index c0d295a6..ddd034b6 100644 --- a/charts/agent-plane-azure-vault/templates/NOTES.txt +++ b/charts/agent-plane-azure-vault/templates/NOTES.txt @@ -24,16 +24,16 @@ http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} {{- end }} {{- else if contains "NodePort" $dataplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }}) + export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txap.fullname" $ }}-{{ $dataplane.name }}) export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" $dataplane.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txap.fullname" $ }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txap.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ $dataplane.service.port }} {{- else if contains "ClusterIP" $dataplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txap.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index 55abab89..31e2678f 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -23,7 +23,7 @@ {{/* Expand the name of the chart. */}} -{{- define "txdc.name" -}} +{{- define "txap.name" -}} {{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end }} @@ -32,7 +32,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "txdc.fullname" -}} +{{- define "txap.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -48,15 +48,15 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "txdc.chart" -}} +{{- define "txap.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Control Common labels */}} -{{- define "txdc.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} +{{- define "txap.labels" -}} +helm.sh/chart: {{ include "txap.chart" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -66,9 +66,9 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Control Common labels */}} -{{- define "txdc.controlplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.controlplane.selectorLabels" . }} +{{- define "txap.controlplane.labels" -}} +helm.sh/chart: {{ include "txap.chart" . }} +{{ include "txap.controlplane.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -80,13 +80,13 @@ app.kubernetes.io/part-of: edc {{/* Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txdc.dataplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" .root }} -{{ include "txdc.dataplane.selectorLabels" . }} -{{- if .root.Chart.AppVersion }} -app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }} +{{- define "txap.dataplane.labels" -}} +helm.sh/chart: {{ include "txap.chart" . }} +{{ include "txap.dataplane.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -app.kubernetes.io/managed-by: {{ .root.Release.Service }} +app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: edc-dataplane app.kubernetes.io/part-of: edc {{- end }} @@ -94,25 +94,25 @@ app.kubernetes.io/part-of: edc {{/* Control Selector labels */}} -{{- define "txdc.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane +{{- define "txap.controlplane.selectorLabels" -}} +app.kubernetes.io/name: {{ include "txap.name" . }}-controlplane app.kubernetes.io/instance: {{ .Release.Name }}-controlplane {{- end }} {{/* Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txdc.dataplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }} -app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }} +{{- define "txap.dataplane.selectorLabels" -}} +app.kubernetes.io/name: {{ include "txap.name" . }}-{{ .Values.name }} +app.kubernetes.io/instance: {{ .Release.Name }}-{{ .Values.name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "txdc.controlplane.serviceaccount.name" -}} +{{- define "txap.controlplane.serviceaccount.name" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} +{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -121,9 +121,9 @@ Create the name of the service account to use {{/* Create the name of the service account to use */}} -{{- define "txdc.dataplane.serviceaccount.name" -}} +{{- define "txap.dataplane.serviceaccount.name" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} +{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -132,7 +132,7 @@ Create the name of the service account to use {{/* Control DSP URL */}} -{{- define "txdc.controlplane.url.protocol" -}} +{{- define "txap.controlplane.url.protocol" -}} {{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} {{- .Values.controlplane.url.protocol }} {{- else }}{{/* else when dsp api url has not been specified explicitly */}} @@ -144,7 +144,7 @@ Control DSP URL {{- printf "http://%s" .hostname -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} +{{- printf "http://%s-controlplane:%v" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.controlplane.url.protocol */}} @@ -153,46 +153,44 @@ Control DSP URL {{/* Validation URL */}} -{{- define "txdc.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} +{{- define "txap.controlplane.url.validation" -}} +{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}} +{{- define "txap.dataplane.url.signaling" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} {{- end }} {{/* -Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +Data Public URL */}} -{{- define "txdc.dataplane.url.public" -}} -{{- $dataplane := .Values -}} -{{- $root := . -}} -{{- if $dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- $dataplane.url.public }} +{{- define "txap.agentplane.url.public" -}} +{{- if .Values.url.public }}{{/* if public api url has been specified explicitly */}} +{{- .Values.url.public }} {{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index $dataplane.ingresses 0) }} +{{- with (index .Values.ingresses 0) }} {{- if .enabled }}{{/* if ingress enabled */}} {{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} +{{- printf "https://%s%s" .hostname $.Values.endpoints.public.path -}} {{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}} +{{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}} +{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .url.public */}} +{{- end }}{{/* end if .Values.url.public */}} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "txdc.serviceAccountName" -}} +{{- define "txap.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} +{{- default (include "txap.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -202,10 +200,10 @@ Create the name of the service account to use {{/* join a map */}} -{{- define "txdc.remotes" -}} +{{- define "txap.remotes" -}} {{- $res := dict "servers" (list) -}} {{- range $bpn, $connector := .Values.agent.connectors -}} -{{- $noop := printf "$s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} +{{- $noop := printf "%s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} {{- end -}} -{{- join "," $res.servers -}} +{{- join "," $res.servers }} {{- end -}} diff --git a/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml b/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml index 18068775..e85ddbd8 100644 --- a/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/configmap-dataplane.yaml @@ -1,4 +1,3 @@ -{{ $root := . }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- @@ -25,10 +24,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} + name: {{ include "txap.fullname" . }}-{{- $dataplane_name }} + namespace: {{ .Release.Namespace | default "default" | quote }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} data: opentelemetry.properties: |- {{- $dataplane.opentelemetry | nindent 4 }} diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index e9eaf243..0b50c622 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -1,4 +1,3 @@ -{{ $root := . }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- @@ -27,16 +26,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + name: {{ include "txap.fullname" . }}-{{ $dataplane.name }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} spec: {{- if not $dataplane.autoscaling.enabled }} replicas: {{ $dataplane.replicaCount }} {{- end }} selector: matchLabels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }} + {{- include "txap.dataplane.selectorLabels" . | nindent 6 }} template: metadata: {{- with $dataplane.podAnnotations }} @@ -44,28 +43,28 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }} + {{- include "txap.dataplane.selectorLabels" . | nindent 8 }} {{- with $dataplane.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with $root.Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" $root }} + serviceAccountName: {{ include "txap.serviceAccountName" . }} securityContext: {{- toYaml $dataplane.podSecurityContext | nindent 8 }} initContainers: {{- toYaml $dataplane.initContainers | nindent 8 }} containers: - - name: {{ $root.Chart.Name }} + - name: {{ .Chart.Name }} securityContext: {{- toYaml $dataplane.securityContext | nindent 12 }} {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}" {{- else }} - image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ .Values.imageRegistry }}tractusx/agentplane-azure-vault:{{ $dataplane.image.tag | default .Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ $dataplane.image.pullPolicy }} ports: @@ -117,7 +116,7 @@ spec: value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - name: "EDC_IAM_ISSUER_ID" value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} - + ####### # API # ####### @@ -142,7 +141,7 @@ spec: value: {{ $dataplane.endpoints.callback.path | quote }} - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txdc.controlplane.url.validation" $root}} + value: {{ include "txap.controlplane.url.validation" .}} ########### ## VAULT ## @@ -183,7 +182,7 @@ spec: value: {{ $dataplane.token.refresh.refresh_endpoint }} {{- else}} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" . }}/token + value: {{ include "txap.agentplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" @@ -196,7 +195,7 @@ spec: # AUTH (JWT) # ################### {{- if $dataplane.auth }} - {{- range $auth, $authDef := $dataplane.auth }} + {{- range $auth, $authDef := $dataplane.auth }} - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }} value: {{ $authDef.type | required "Authentication Service needs a type" | quote }} - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }} @@ -209,19 +208,19 @@ spec: - name: {{ printf "TRACTUSX_AUTH_%s_REGISTER" (upper $auth) | quote }} value: {{ $authDef.register | quote }} {{- end }} - {{- if $authDef.apiCode }} + {{- if $authDef.apiCode }} - name: {{ printf "TRACTUSX_AUTH_%s_APICODE" (upper $auth) | quote }} value: {{ $authDef.apiCode | quote }} {{- end }} - {{- if $authDef.vaultKey }} + {{- if $authDef.vaultKey }} - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }} value: {{ $authDef.vaultKey | quote }} {{- end }} - {{- if $authDef.publicKey }} + {{- if $authDef.publicKey }} - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }} value: {{ $authDef.publicKey | quote }} {{- end }} - {{- if $authDef.checkExpiry }} + {{- if $authDef.checkExpiry }} - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }} value: {{ $authDef.checkExpiry | quote }} {{- end }} @@ -239,26 +238,26 @@ spec: value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} - name: "EDC_IAM_STS_DIM_URL" value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} - {{- range $key, $value := .Values.iatp.trustedIssuers }} - - name: {{- printf "EDC_IAM_TRUSTED-ISSUER_%s_ID" (upper $key) | quote }} - value: {{- $value | quote }} - {{- end }} + {{- range $index, $issuer := .Values.iatp.trustedIssuers }} + - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID" + value: {{ $issuer | quote }} + {{- end }} ######################### ## DATA PLANE PUBLIC API ######################## - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txdc.dataplane.url.public" . }} + value: {{ include "txap.agentplane.url.public" . }} ################### # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" - value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} + value: {{ printf "http://%s-controlplane:%v" ( include "txap.fullname" . ) .Values.controlplane.endpoints.protocol.port | quote }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" - value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} + value: {{ printf "http://%s-controlplane:%v%s" ( include "txap.fullname" . ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path | quote }} {{- if $dataplane.agent.matchmaking }} - name: "CX_AGENT_MATCHMAKING" @@ -278,7 +277,6 @@ spec: value: {{ join "," $dataplane.agent.default | quote }} {{- end }} - {{- if $dataplane.agent.services }} ################### # AGENT SERVICES # @@ -307,7 +305,7 @@ spec: # AGENT SYNC # ################### - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{- include "txdc.remotes" . }} + value: {{ include "txap.remotes" . }} - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - name: "CX_AGENT_FEDERATION_BATCH_MAX" @@ -367,7 +365,7 @@ spec: ## Additional environment variables ## ###################################### - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }} + value: {{ include "txap.fullname" .}}-{{ $dataplane.name }} {{- range $key, $value := $dataplane.envValueFrom }} - name: {{ $key | quote }} valueFrom: @@ -406,7 +404,7 @@ spec: volumes: - name: "configuration" configMap: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }} + name: {{ include "txap.fullname" . }}-{{ $dataplane_name }} items: - key: "opentelemetry.properties" path: "opentelemetry.properties" @@ -429,4 +427,4 @@ spec: {{- with $dataplane.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml index 5d74ae5c..bd8acaee 100644 --- a/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml @@ -28,14 +28,14 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }} minReplicas: {{ $dataplane.autoscaling.minReplicas }} maxReplicas: {{ $dataplane.autoscaling.maxReplicas }} metrics: diff --git a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml index 4965796b..cb7955af 100644 --- a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml @@ -1,12 +1,10 @@ -{{- $fullName := include "txdc.fullname" . }} +{{- $fullName := include "txap.fullname" . }} {{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} {{- $namespace := .Release.Namespace }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} -{{ $root := . }} {{- $dataEdcEndpoints := $dataplane.endpoints }} -{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} - +{{- $dataLabels := include "txap.dataplane.labels" . | nindent 4 }} {{- range $dataplane.ingresses }} {{- if and .enabled .endpoints }} {{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }} diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml index c543d252..7ddacef7 100644 --- a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml @@ -1,6 +1,3 @@ -{{ $root := . }} -{{ $dataplane_name := .Values.name }} -{{ $dataplane := .Values }} --- # # Copyright (c) 2024 T-Systems International GmbH @@ -24,28 +21,28 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} + name: {{ include "txap.fullname" . }}-{{ .Values.name }} + namespace: {{.Release.Namespace | default "default" | quote }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} spec: - type: {{ $dataplane.service.type }} + type: {{ .Values.service.type }} ports: - - port: {{ $dataplane.endpoints.default.port }} + - port: {{ .Values.endpoints.default.port }} targetPort: default protocol: TCP name: default - - port: {{ $dataplane.endpoints.signaling.port }} + - port: {{ .Values.endpoints.signaling.port }} targetPort: control protocol: TCP name: signaling - - port: {{ $dataplane.endpoints.public.port }} + - port: {{ .Values.endpoints.public.port }} targetPort: public protocol: TCP name: public - - port: {{ $dataplane.endpoints.callback.port }} + - port: {{ .Values.endpoints.callback.port }} targetPort: callback protocol: TCP name: callback selector: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} \ No newline at end of file + {{- include "txap.dataplane.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/agent-plane-azure-vault/templates/serviceaccount.yaml b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml index 6d21ddc3..f3c5fecf 100644 --- a/charts/agent-plane-azure-vault/templates/serviceaccount.yaml +++ b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml @@ -25,9 +25,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "txdc.serviceAccountName" . }} + name: {{ include "txap.serviceAccountName" . }} labels: - {{- include "txdc.labels" . | nindent 4 }} + {{- include "txap.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml b/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml index 5aa323d9..7fa5ba0d 100644 --- a/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml +++ b/charts/agent-plane-azure-vault/templates/tests/test-dataplane-readiness.yaml @@ -16,16 +16,15 @@ # # SPDX-License-Identifier: Apache-2.0 # -{{ $root := . }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- apiVersion: v1 kind: Pod metadata: - name: "{{include "txdc.fullname" .}}test-dataplane-readiness" + name: "{{include "txap.fullname" .}}test-dataplane-readiness" labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} @@ -34,5 +33,5 @@ spec: - name: wget image: curlimages/curl command: [ '/bin/sh','-c' ] - args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ] + args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ] restartPolicy: Never diff --git a/charts/agent-plane/templates/NOTES.txt b/charts/agent-plane/templates/NOTES.txt index c0d295a6..ddd034b6 100644 --- a/charts/agent-plane/templates/NOTES.txt +++ b/charts/agent-plane/templates/NOTES.txt @@ -24,16 +24,16 @@ http{{ if .tls }}s{{ end }}://{{ .hostname }}{{ .path }} {{- end }} {{- else if contains "NodePort" $dataplane.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txdc.fullname" $ }}-{{ $dataplane.name }}) + export NODE_PORT=$(kubectl get --namespace {{ $.Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "txap.fullname" $ }}-{{ $dataplane.name }}) export NODE_IP=$(kubectl get nodes --namespace {{ $.Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" $dataplane.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txdc.fullname" $ }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txdc.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ $.Release.Namespace }} svc -w {{ include "txap.fullname" $ }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "txap.fullname" $ }}-{{ $dataplane.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ $dataplane.service.port }} {{- else if contains "ClusterIP" $dataplane.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txdc.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ $.Release.Namespace }} -l "app.kubernetes.io/name={{ include "txap.name" $ }}-{{ $dataplane.name }},app.kubernetes.io/instance={{ $.Release.Name }}-{{ $dataplane.name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ $.Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") kubectl --namespace {{ $.Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT echo "Visit http://127.0.0.1:8080 to use your application" diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index 55abab89..31e2678f 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -23,7 +23,7 @@ {{/* Expand the name of the chart. */}} -{{- define "txdc.name" -}} +{{- define "txap.name" -}} {{- default .Chart.Name .Values.nameOverride | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end }} @@ -32,7 +32,7 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). If release name contains chart name it will be used as a full name. */}} -{{- define "txdc.fullname" -}} +{{- define "txap.fullname" -}} {{- if .Values.fullnameOverride }} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} {{- else }} @@ -48,15 +48,15 @@ If release name contains chart name it will be used as a full name. {{/* Create chart name and version as used by the chart label. */}} -{{- define "txdc.chart" -}} +{{- define "txap.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Control Common labels */}} -{{- define "txdc.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} +{{- define "txap.labels" -}} +helm.sh/chart: {{ include "txap.chart" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -66,9 +66,9 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{/* Control Common labels */}} -{{- define "txdc.controlplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" . }} -{{ include "txdc.controlplane.selectorLabels" . }} +{{- define "txap.controlplane.labels" -}} +helm.sh/chart: {{ include "txap.chart" . }} +{{ include "txap.controlplane.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} @@ -80,13 +80,13 @@ app.kubernetes.io/part-of: edc {{/* Data Common labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txdc.dataplane.labels" -}} -helm.sh/chart: {{ include "txdc.chart" .root }} -{{ include "txdc.dataplane.selectorLabels" . }} -{{- if .root.Chart.AppVersion }} -app.kubernetes.io/version: {{ .root.Chart.AppVersion | quote }} +{{- define "txap.dataplane.labels" -}} +helm.sh/chart: {{ include "txap.chart" . }} +{{ include "txap.dataplane.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -app.kubernetes.io/managed-by: {{ .root.Release.Service }} +app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: edc-dataplane app.kubernetes.io/part-of: edc {{- end }} @@ -94,25 +94,25 @@ app.kubernetes.io/part-of: edc {{/* Control Selector labels */}} -{{- define "txdc.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" . }}-controlplane +{{- define "txap.controlplane.selectorLabels" -}} +app.kubernetes.io/name: {{ include "txap.name" . }}-controlplane app.kubernetes.io/instance: {{ .Release.Name }}-controlplane {{- end }} {{/* Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txdc.dataplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txdc.name" .root }}-{{ .dataplane.name }} -app.kubernetes.io/instance: {{ .root.Release.Name }}-{{ .dataplane.name }} +{{- define "txap.dataplane.selectorLabels" -}} +app.kubernetes.io/name: {{ include "txap.name" . }}-{{ .Values.name }} +app.kubernetes.io/instance: {{ .Release.Name }}-{{ .Values.name }} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "txdc.controlplane.serviceaccount.name" -}} +{{- define "txap.controlplane.serviceaccount.name" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} +{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -121,9 +121,9 @@ Create the name of the service account to use {{/* Create the name of the service account to use */}} -{{- define "txdc.dataplane.serviceaccount.name" -}} +{{- define "txap.dataplane.serviceaccount.name" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" . ) .Values.serviceAccount.name }} +{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -132,7 +132,7 @@ Create the name of the service account to use {{/* Control DSP URL */}} -{{- define "txdc.controlplane.url.protocol" -}} +{{- define "txap.controlplane.url.protocol" -}} {{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} {{- .Values.controlplane.url.protocol }} {{- else }}{{/* else when dsp api url has not been specified explicitly */}} @@ -144,7 +144,7 @@ Control DSP URL {{- printf "http://%s" .hostname -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} +{{- printf "http://%s-controlplane:%v" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.controlplane.url.protocol */}} @@ -153,46 +153,44 @@ Control DSP URL {{/* Validation URL */}} -{{- define "txdc.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txdc.fullname" $ ) $.Values.controlplane.endpoints.control.port $.Values.controlplane.endpoints.control.path -}} +{{- define "txap.controlplane.url.validation" -}} +{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txdc.dataplane.url.control" -}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" .root ) .dataplane.name .dataplane.endpoints.control.port .dataplane.endpoints.control.path -}} +{{- define "txap.dataplane.url.signaling" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} {{- end }} {{/* -Data Public URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +Data Public URL */}} -{{- define "txdc.dataplane.url.public" -}} -{{- $dataplane := .Values -}} -{{- $root := . -}} -{{- if $dataplane.url.public }}{{/* if public api url has been specified explicitly */}} -{{- $dataplane.url.public }} +{{- define "txap.agentplane.url.public" -}} +{{- if .Values.url.public }}{{/* if public api url has been specified explicitly */}} +{{- .Values.url.public }} {{- else }}{{/* else when public api url has not been specified explicitly */}} -{{- with (index $dataplane.ingresses 0) }} +{{- with (index .Values.ingresses 0) }} {{- if .enabled }}{{/* if ingress enabled */}} {{- if .tls.enabled }}{{/* if TLS enabled */}} -{{- printf "https://%s%s" .hostname $dataplane.endpoints.public.path -}} +{{- printf "https://%s%s" .hostname $.Values.endpoints.public.path -}} {{- else }}{{/* else when TLS not enabled */}} -{{- printf "http://%s%s" .hostname $dataplane.endpoints.public.path -}} +{{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-%s:%v%s" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.public.port $dataplane.endpoints.public.path -}} +{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .url.public */}} +{{- end }}{{/* end if .Values.url.public */}} {{- end }} {{/* Create the name of the service account to use */}} -{{- define "txdc.serviceAccountName" -}} +{{- define "txap.serviceAccountName" -}} {{- if .Values.serviceAccount.create }} -{{- default (include "txdc.fullname" .) .Values.serviceAccount.name }} +{{- default (include "txap.fullname" .) .Values.serviceAccount.name }} {{- else }} {{- default "default" .Values.serviceAccount.name }} {{- end }} @@ -202,10 +200,10 @@ Create the name of the service account to use {{/* join a map */}} -{{- define "txdc.remotes" -}} +{{- define "txap.remotes" -}} {{- $res := dict "servers" (list) -}} {{- range $bpn, $connector := .Values.agent.connectors -}} -{{- $noop := printf "$s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} +{{- $noop := printf "%s=%s" $bpn $connector | append $res.servers | set $res "servers" -}} {{- end -}} -{{- join "," $res.servers -}} +{{- join "," $res.servers }} {{- end -}} diff --git a/charts/agent-plane/templates/configmap-dataplane.yaml b/charts/agent-plane/templates/configmap-dataplane.yaml index 18068775..e85ddbd8 100644 --- a/charts/agent-plane/templates/configmap-dataplane.yaml +++ b/charts/agent-plane/templates/configmap-dataplane.yaml @@ -1,4 +1,3 @@ -{{ $root := . }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- @@ -25,10 +24,10 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "txdc.fullname" $root }}-{{- $dataplane_name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} + name: {{ include "txap.fullname" . }}-{{- $dataplane_name }} + namespace: {{ .Release.Namespace | default "default" | quote }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} data: opentelemetry.properties: |- {{- $dataplane.opentelemetry | nindent 4 }} diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 516466db..97e9608a 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -1,4 +1,3 @@ -{{ $root := . }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- @@ -27,16 +26,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + name: {{ include "txap.fullname" . }}-{{ $dataplane.name }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} spec: {{- if not $dataplane.autoscaling.enabled }} replicas: {{ $dataplane.replicaCount }} {{- end }} selector: matchLabels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 6 }} + {{- include "txap.dataplane.selectorLabels" . | nindent 6 }} template: metadata: {{- with $dataplane.podAnnotations }} @@ -44,28 +43,28 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 8 }} + {{- include "txap.dataplane.selectorLabels" . | nindent 8 }} {{- with $dataplane.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with $root.Values.imagePullSecrets }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "txdc.serviceAccountName" $root }} + serviceAccountName: {{ include "txap.serviceAccountName" . }} securityContext: {{- toYaml $dataplane.podSecurityContext | nindent 8 }} initContainers: {{- toYaml $dataplane.initContainers | nindent 8 }} containers: - - name: {{ $root.Chart.Name }} + - name: {{ .Chart.Name }} securityContext: {{- toYaml $dataplane.securityContext | nindent 12 }} {{- if $dataplane.image.repository }} - image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}" {{- else }} - image: "{{ $root.Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ $dataplane.image.pullPolicy }} ports: @@ -117,7 +116,7 @@ spec: value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }} - name: "EDC_IAM_ISSUER_ID" value: {{ .Values.iatp.id | required ".Values.iatp.id is required" | quote}} - + ####### # API # ####### @@ -142,7 +141,7 @@ spec: value: {{ $dataplane.endpoints.callback.path | quote }} - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txdc.controlplane.url.validation" $root}} + value: {{ include "txap.controlplane.url.validation" .}} ########### ## VAULT ## @@ -182,7 +181,7 @@ spec: value: {{ $dataplane.token.refresh.refresh_endpoint }} {{- else}} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txdc.dataplane.url.public" . }}/token + value: {{ include "txap.agentplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" @@ -195,7 +194,7 @@ spec: # AUTH (JWT) # ################### {{- if $dataplane.auth }} - {{- range $auth, $authDef := $dataplane.auth }} + {{- range $auth, $authDef := $dataplane.auth }} - name: {{ printf "TRACTUSX_AUTH_%s_TYPE" (upper $auth) | quote }} value: {{ $authDef.type | required "Authentication Service needs a type" | quote }} - name: {{ printf "TRACTUSX_AUTH_%s_PATHS" (upper $auth) | quote }} @@ -208,19 +207,19 @@ spec: - name: {{ printf "TRACTUSX_AUTH_%s_REGISTER" (upper $auth) | quote }} value: {{ $authDef.register | quote }} {{- end }} - {{- if $authDef.apiCode }} + {{- if $authDef.apiCode }} - name: {{ printf "TRACTUSX_AUTH_%s_APICODE" (upper $auth) | quote }} value: {{ $authDef.apiCode | quote }} {{- end }} - {{- if $authDef.vaultKey }} + {{- if $authDef.vaultKey }} - name: {{ printf "TRACTUSX_AUTH_%s_VAULTKEY" (upper $auth) | quote }} value: {{ $authDef.vaultKey | quote }} {{- end }} - {{- if $authDef.publicKey }} + {{- if $authDef.publicKey }} - name: {{ printf "TRACTUSX_AUTH_%s_PUBLICKEY" (upper $auth) | quote }} value: {{ $authDef.publicKey | quote }} {{- end }} - {{- if $authDef.checkExpiry }} + {{- if $authDef.checkExpiry }} - name: {{ printf "TRACTUSX_AUTH_%s_CHECKEXPIRY" (upper $auth) | quote }} value: {{ $authDef.checkExpiry | quote }} {{- end }} @@ -238,26 +237,26 @@ spec: value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} - name: "EDC_IAM_STS_DIM_URL" value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} - {{- range $key, $value := .Values.iatp.trustedIssuers }} - - name: {{- printf "EDC_IAM_TRUSTED-ISSUER_%s_ID" (upper $key) | quote }} - value: {{- $value | quote }} - {{- end }} + {{- range $index, $issuer := .Values.iatp.trustedIssuers }} + - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID" + value: {{ $issuer | quote }} + {{- end }} ######################### ## DATA PLANE PUBLIC API ######################## - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txdc.dataplane.url.public" . }} + value: {{ include "txap.agentplane.url.public" . }} ################### # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" - value: {{ printf "http://%s-controlplane:%v" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.protocol.port | quote }} + value: {{ printf "http://%s-controlplane:%v" ( include "txap.fullname" . ) .Values.controlplane.endpoints.protocol.port | quote }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" - value: {{ printf "http://%s-controlplane:%v%s" ( include "txdc.fullname" $root ) $root.Values.controlplane.endpoints.management.port $root.Values.controlplane.endpoints.management.path | quote }} + value: {{ printf "http://%s-controlplane:%v%s" ( include "txap.fullname" . ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path | quote }} {{- if $dataplane.agent.matchmaking }} - name: "CX_AGENT_MATCHMAKING" @@ -277,7 +276,6 @@ spec: value: {{ join "," $dataplane.agent.default | quote }} {{- end }} - {{- if $dataplane.agent.services }} ################### # AGENT SERVICES # @@ -306,7 +304,7 @@ spec: # AGENT SYNC # ################### - name: "CX_AGENT_DATASPACE_REMOTES" - value: {{- include "txdc.remotes" . }} + value: {{ include "txap.remotes" . }} - name: "CX_AGENT_DATASPACE_SYNCHRONIZATION" value: {{ $dataplane.agent.synchronization | required (printf ".Values.dataplane.%s.agent.synchronization should be set if connectors are specified" $dataplane_name) | quote }} - name: "CX_AGENT_FEDERATION_BATCH_MAX" @@ -366,7 +364,7 @@ spec: ## Additional environment variables ## ###################################### - name: "EDC_CONNECTOR_NAME" - value: {{ include "txdc.fullname" $root}}-{{ $dataplane.name }} + value: {{ include "txap.fullname" .}}-{{ $dataplane.name }} {{- range $key, $value := $dataplane.envValueFrom }} - name: {{ $key | quote }} valueFrom: @@ -405,7 +403,7 @@ spec: volumes: - name: "configuration" configMap: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane_name }} + name: {{ include "txap.fullname" . }}-{{ $dataplane_name }} items: - key: "opentelemetry.properties" path: "opentelemetry.properties" @@ -428,4 +426,4 @@ spec: {{- with $dataplane.tolerations }} tolerations: {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/agent-plane/templates/hpa-dataplane.yaml b/charts/agent-plane/templates/hpa-dataplane.yaml index 5d74ae5c..bd8acaee 100644 --- a/charts/agent-plane/templates/hpa-dataplane.yaml +++ b/charts/agent-plane/templates/hpa-dataplane.yaml @@ -28,14 +28,14 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} + name: {{ include "txap.fullname" $root }}-{{ $dataplane.name }} minReplicas: {{ $dataplane.autoscaling.minReplicas }} maxReplicas: {{ $dataplane.autoscaling.maxReplicas }} metrics: diff --git a/charts/agent-plane/templates/ingress-dataplane.yaml b/charts/agent-plane/templates/ingress-dataplane.yaml index 4965796b..cb7955af 100644 --- a/charts/agent-plane/templates/ingress-dataplane.yaml +++ b/charts/agent-plane/templates/ingress-dataplane.yaml @@ -1,12 +1,10 @@ -{{- $fullName := include "txdc.fullname" . }} +{{- $fullName := include "txap.fullname" . }} {{- $gitVersion := .Capabilities.KubeVersion.GitVersion }} {{- $namespace := .Release.Namespace }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} -{{ $root := . }} {{- $dataEdcEndpoints := $dataplane.endpoints }} -{{- $dataLabels := include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} - +{{- $dataLabels := include "txap.dataplane.labels" . | nindent 4 }} {{- range $dataplane.ingresses }} {{- if and .enabled .endpoints }} {{- $dataIngressName := printf "%s-%s-%s" $fullName $dataplane.name .hostname }} diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml index c543d252..7ddacef7 100644 --- a/charts/agent-plane/templates/service-dataplane.yaml +++ b/charts/agent-plane/templates/service-dataplane.yaml @@ -1,6 +1,3 @@ -{{ $root := . }} -{{ $dataplane_name := .Values.name }} -{{ $dataplane := .Values }} --- # # Copyright (c) 2024 T-Systems International GmbH @@ -24,28 +21,28 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "txdc.fullname" $root }}-{{ $dataplane.name }} - namespace: {{ $root.Release.Namespace | default "default" | quote }} + name: {{ include "txap.fullname" . }}-{{ .Values.name }} + namespace: {{.Release.Namespace | default "default" | quote }} labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} spec: - type: {{ $dataplane.service.type }} + type: {{ .Values.service.type }} ports: - - port: {{ $dataplane.endpoints.default.port }} + - port: {{ .Values.endpoints.default.port }} targetPort: default protocol: TCP name: default - - port: {{ $dataplane.endpoints.signaling.port }} + - port: {{ .Values.endpoints.signaling.port }} targetPort: control protocol: TCP name: signaling - - port: {{ $dataplane.endpoints.public.port }} + - port: {{ .Values.endpoints.public.port }} targetPort: public protocol: TCP name: public - - port: {{ $dataplane.endpoints.callback.port }} + - port: {{ .Values.endpoints.callback.port }} targetPort: callback protocol: TCP name: callback selector: - {{- include "txdc.dataplane.selectorLabels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} \ No newline at end of file + {{- include "txap.dataplane.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/agent-plane/templates/serviceaccount.yaml b/charts/agent-plane/templates/serviceaccount.yaml index 6d21ddc3..f3c5fecf 100644 --- a/charts/agent-plane/templates/serviceaccount.yaml +++ b/charts/agent-plane/templates/serviceaccount.yaml @@ -25,9 +25,9 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "txdc.serviceAccountName" . }} + name: {{ include "txap.serviceAccountName" . }} labels: - {{- include "txdc.labels" . | nindent 4 }} + {{- include "txap.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml index 5aa323d9..7fa5ba0d 100644 --- a/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml +++ b/charts/agent-plane/templates/tests/test-dataplane-readiness.yaml @@ -16,16 +16,15 @@ # # SPDX-License-Identifier: Apache-2.0 # -{{ $root := . }} {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- apiVersion: v1 kind: Pod metadata: - name: "{{include "txdc.fullname" .}}test-dataplane-readiness" + name: "{{include "txap.fullname" .}}test-dataplane-readiness" labels: - {{- include "txdc.dataplane.labels" (dict "dataplane" $dataplane "root" $root) | nindent 4 }} + {{- include "txap.dataplane.labels" . | nindent 4 }} annotations: "helm.sh/hook": test "helm.sh/hook-delete-policy": {{ .Values.tests.hookDeletePolicy }} @@ -34,5 +33,5 @@ spec: - name: wget image: curlimages/curl command: [ '/bin/sh','-c' ] - args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ] + args: [ {{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path | quote }} ] restartPolicy: Never From dcee419ca9f7f0c38e83bde8abe2e6c8b8c1a2db Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 11:16:24 +0200 Subject: [PATCH 38/62] fix: helm linting --- charts/agent-plane/templates/_helpers.tpl | 2 +- .../templates/deployment-dataplane.yaml | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index 31e2678f..cc274969 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -179,7 +179,7 @@ Data Public URL {{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} +{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" $ ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.url.public */}} diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 97e9608a..7385dc42 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -64,7 +64,7 @@ spec: {{- if $dataplane.image.repository }} image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}" {{- else }} - image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default $root.Chart.AppVersion }}" + image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default .Chart.AppVersion }}" {{- end }} imagePullPolicy: {{ $dataplane.image.pullPolicy }} ports: @@ -149,19 +149,19 @@ spec: # see extension https://github.com/eclipse-tractusx/tractusx-edc/tree/main/edc-extensions/hashicorp-vault - name: "EDC_VAULT_HASHICORP_URL" - value: {{ tpl $root.Values.vault.hashicorp.url $root | required ".Values.vault.hashicorp.url is required" | quote }} + value: {{ tpl .Values.vault.hashicorp.url . | required ".Values.vault.hashicorp.url is required" | quote }} - name: "EDC_VAULT_HASHICORP_TOKEN" - value: {{ $root.Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} + value: {{ .Values.vault.hashicorp.token | required ".Values.vault.hashicorp.token is required" | quote }} - name: "EDC_VAULT_HASHICORP_TIMEOUT_SECONDS" - value: {{ $root.Values.vault.hashicorp.timeout | quote }} + value: {{ .Values.vault.hashicorp.timeout | quote }} - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_ENABLED" - value: {{ $root.Values.vault.hashicorp.healthCheck.enabled | quote }} + value: {{ .Values.vault.hashicorp.healthCheck.enabled | quote }} - name: "EDC_VAULT_HASHICORP_HEALTH_CHECK_STANDBY_OK" - value: {{ $root.Values.vault.hashicorp.healthCheck.standbyOk | quote }} + value: {{ .Values.vault.hashicorp.healthCheck.standbyOk | quote }} - name: "EDC_VAULT_HASHICORP_API_SECRET_PATH" - value: {{ $root.Values.vault.hashicorp.paths.secret | quote }} + value: {{ .Values.vault.hashicorp.paths.secret | quote }} - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" - value: {{ $root.Values.vault.hashicorp.paths.health | quote }} + value: {{ .Values.vault.hashicorp.paths.health | quote }} ################## ## TOKEN REFRESH From ecbb2b9d54c02ae30e98a18b8f24a7a469f9d61d Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 11:16:54 +0200 Subject: [PATCH 39/62] fix: helm linting --- charts/agent-plane-azure-vault/templates/_helpers.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index 31e2678f..cc274969 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -179,7 +179,7 @@ Data Public URL {{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-dataplane:%v%s" (include "txdc.fullname" . ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} +{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" $ ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.url.public */}} From 83c564c4d8b9bf0ccca7629ac03c5116aee89064 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 11:24:22 +0200 Subject: [PATCH 40/62] fix: chart testing values were inconsistent --- charts/agent-plane-azure-vault/ci/integration-values.yaml | 2 +- charts/agent-plane/ci/integration-values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index c67c50bf..e57e64cb 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -24,7 +24,7 @@ install: postgresql: true -image: +#image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault # tag: 1.12.19-SNAPSHOT diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index a89a0b6d..88225e5a 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -24,7 +24,7 @@ install: postgresql: true -image: +#image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp # tag: 1.12.19-SNAPSHOT From ff06a36ce2fbd2efa45c00c70232cf5a56addd0d Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 17:25:54 +0200 Subject: [PATCH 41/62] fix: address umbrella deployments with connector-side-by-side. --- .../templates/_helpers.tpl | 51 ++++++------------- charts/agent-plane-azure-vault/values.yaml | 3 ++ charts/agent-plane/templates/_helpers.tpl | 51 ++++++------------- charts/agent-plane/values.yaml | 3 ++ 4 files changed, 36 insertions(+), 72 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index cc274969..a4694098 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -46,35 +46,34 @@ If release name contains chart name it will be used as a full name. {{- end }} {{/* -Create chart name and version as used by the chart label. +Create a default fully qualified app name for the connector. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "txap.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- define "txap.connector.fullname" -}} +{{- if .Values.connector }} +{{- printf "%s-%s" .Release.Name .Values.connector | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} {{- end }} {{/* -Control Common labels +Create chart name and version as used by the chart label. */}} -{{- define "txap.labels" -}} -helm.sh/chart: {{ include "txap.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- define "txap.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Control Common labels */}} -{{- define "txap.controlplane.labels" -}} +{{- define "txap.labels" -}} helm.sh/chart: {{ include "txap.chart" . }} -{{ include "txap.controlplane.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-controlplane -app.kubernetes.io/part-of: edc {{- end }} {{/* @@ -91,14 +90,6 @@ app.kubernetes.io/component: edc-dataplane app.kubernetes.io/part-of: edc {{- end }} -{{/* -Control Selector labels -*/}} -{{- define "txap.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txap.name" . }}-controlplane -app.kubernetes.io/instance: {{ .Release.Name }}-controlplane -{{- end }} - {{/* Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} @@ -107,17 +98,6 @@ app.kubernetes.io/name: {{ include "txap.name" . }}-{{ .Values.name }} app.kubernetes.io/instance: {{ .Release.Name }}-{{ .Values.name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "txap.controlplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{/* Create the name of the service account to use */}} @@ -144,7 +124,7 @@ Control DSP URL {{- printf "http://%s" .hostname -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} +{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.controlplane.url.protocol */}} @@ -154,7 +134,7 @@ Control DSP URL Validation URL */}} {{- define "txap.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} +{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} {{/* @@ -196,7 +176,6 @@ Create the name of the service account to use {{- end }} {{- end }} - {{/* join a map */}} diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index b3ac4f2a..d30d8a16 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -67,6 +67,9 @@ iatp: id: secret_alias: +# -- Name of the connector deployment +connector: "" + # -- References to the control plane deployment controlplane: endpoints: diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index cc274969..a4694098 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -46,35 +46,34 @@ If release name contains chart name it will be used as a full name. {{- end }} {{/* -Create chart name and version as used by the chart label. +Create a default fully qualified app name for the connector. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} -{{- define "txap.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- define "txap.connector.fullname" -}} +{{- if .Values.connector }} +{{- printf "%s-%s" .Release.Name .Values.connector | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} +{{- end }} {{- end }} {{/* -Control Common labels +Create chart name and version as used by the chart label. */}} -{{- define "txap.labels" -}} -helm.sh/chart: {{ include "txap.chart" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- define "txap.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} {{/* Control Common labels */}} -{{- define "txap.controlplane.labels" -}} +{{- define "txap.labels" -}} helm.sh/chart: {{ include "txap.chart" . }} -{{ include "txap.controlplane.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} -app.kubernetes.io/component: edc-controlplane -app.kubernetes.io/part-of: edc {{- end }} {{/* @@ -91,14 +90,6 @@ app.kubernetes.io/component: edc-dataplane app.kubernetes.io/part-of: edc {{- end }} -{{/* -Control Selector labels -*/}} -{{- define "txap.controlplane.selectorLabels" -}} -app.kubernetes.io/name: {{ include "txap.name" . }}-controlplane -app.kubernetes.io/instance: {{ .Release.Name }}-controlplane -{{- end }} - {{/* Data Selector labels (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} @@ -107,17 +98,6 @@ app.kubernetes.io/name: {{ include "txap.name" . }}-{{ .Values.name }} app.kubernetes.io/instance: {{ .Release.Name }}-{{ .Values.name }} {{- end }} -{{/* -Create the name of the service account to use -*/}} -{{- define "txap.controlplane.serviceaccount.name" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "txap.fullname" . ) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - {{/* Create the name of the service account to use */}} @@ -144,7 +124,7 @@ Control DSP URL {{- printf "http://%s" .hostname -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} +{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.controlplane.url.protocol */}} @@ -154,7 +134,7 @@ Control DSP URL Validation URL */}} {{- define "txap.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} +{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} {{/* @@ -196,7 +176,6 @@ Create the name of the service account to use {{- end }} {{- end }} - {{/* join a map */}} diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index f7e99251..9be8f7ef 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -67,6 +67,9 @@ iatp: id: secret_alias: +# -- Name of the connector deployment +connector: "" + # -- References to the control plane deployment controlplane: endpoints: From 949beb3e411c88feff7332e846923624a467c031 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 18:03:23 +0200 Subject: [PATCH 42/62] fix: debug control plane references. --- .../templates/_helpers.tpl | 20 ++++++++++++++++--- .../templates/deployment-dataplane.yaml | 12 +++++------ charts/agent-plane-azure-vault/values.yaml | 2 ++ charts/agent-plane/templates/_helpers.tpl | 20 ++++++++++++++++--- .../templates/deployment-dataplane.yaml | 12 +++++------ charts/agent-plane/values.yaml | 2 ++ 6 files changed, 50 insertions(+), 18 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index a4694098..e62d36bc 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -113,7 +113,7 @@ Create the name of the service account to use Control DSP URL */}} {{- define "txap.controlplane.url.protocol" -}} -{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} +{{- if (and .Values.controlplane.url .Values.controlplane.url.protocol) }}{{/* if dsp api url has been specified explicitly */}} {{- .Values.controlplane.url.protocol }} {{- else }}{{/* else when dsp api url has not been specified explicitly */}} {{- with (index .Values.controlplane.ingresses 0) }} @@ -124,7 +124,7 @@ Control DSP URL {{- printf "http://%s" .hostname -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} +{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.controlplane.url.protocol */}} @@ -137,6 +137,13 @@ Validation URL {{- printf "http://%s-controlplane:%v%s/token" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} +{{/* +Validation URL +*/}} +{{- define "txap.controlplane.url.management" -}} +{{- printf "http://%s-controlplane:%v%s/management" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} +{{- end }} + {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} @@ -144,10 +151,17 @@ Data Control URL (Expects the Chart Root to be accessible via .root, the current {{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} {{- end }} +{{/* +Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +*/}} +{{- define "txap.dataplane.url.callback" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.callback.port .Values.endpoints.callback.path -}} +{{- end }} + {{/* Data Public URL */}} -{{- define "txap.agentplane.url.public" -}} +{{- define "txap.dataplane.url.public" -}} {{- if .Values.url.public }}{{/* if public api url has been specified explicitly */}} {{- .Values.url.public }} {{- else }}{{/* else when public api url has not been specified explicitly */}} diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index 0b50c622..4ed97ff3 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -182,7 +182,7 @@ spec: value: {{ $dataplane.token.refresh.refresh_endpoint }} {{- else}} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txap.agentplane.url.public" . }}/token + value: {{ include "txap.dataplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" @@ -247,18 +247,18 @@ spec: ## DATA PLANE PUBLIC API ######################## - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txap.agentplane.url.public" . }} + value: {{ include "txap.dataplane.url.public" . }} ################### # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started" - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" - value: {{ printf "http://%s-controlplane:%v" ( include "txap.fullname" . ) .Values.controlplane.endpoints.protocol.port | quote }} + value: {{ include "txap.controlplane.url.protocol" . }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" - value: {{ printf "http://%s-controlplane:%v%s" ( include "txap.fullname" . ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path | quote }} - + value: {{ include "txap.controlplane.url.management" . }} + {{- if $dataplane.agent.matchmaking }} - name: "CX_AGENT_MATCHMAKING" value: {{ $dataplane.agent.matchmaking | quote }} diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index d30d8a16..ec936a80 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -93,6 +93,8 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + ingresses: + - enabled: false # -- the name of the dataplane name: "agentplane" diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index a4694098..e62d36bc 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -113,7 +113,7 @@ Create the name of the service account to use Control DSP URL */}} {{- define "txap.controlplane.url.protocol" -}} -{{- if .Values.controlplane.url.protocol }}{{/* if dsp api url has been specified explicitly */}} +{{- if (and .Values.controlplane.url .Values.controlplane.url.protocol) }}{{/* if dsp api url has been specified explicitly */}} {{- .Values.controlplane.url.protocol }} {{- else }}{{/* else when dsp api url has not been specified explicitly */}} {{- with (index .Values.controlplane.ingresses 0) }} @@ -124,7 +124,7 @@ Control DSP URL {{- printf "http://%s" .hostname -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.protocol.port -}} +{{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.controlplane.url.protocol */}} @@ -137,6 +137,13 @@ Validation URL {{- printf "http://%s-controlplane:%v%s/token" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} +{{/* +Validation URL +*/}} +{{- define "txap.controlplane.url.management" -}} +{{- printf "http://%s-controlplane:%v%s/management" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} +{{- end }} + {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} @@ -144,10 +151,17 @@ Data Control URL (Expects the Chart Root to be accessible via .root, the current {{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} {{- end }} +{{/* +Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) +*/}} +{{- define "txap.dataplane.url.callback" -}} +{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.callback.port .Values.endpoints.callback.path -}} +{{- end }} + {{/* Data Public URL */}} -{{- define "txap.agentplane.url.public" -}} +{{- define "txap.dataplane.url.public" -}} {{- if .Values.url.public }}{{/* if public api url has been specified explicitly */}} {{- .Values.url.public }} {{- else }}{{/* else when public api url has not been specified explicitly */}} diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 7385dc42..a7a404f1 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -181,7 +181,7 @@ spec: value: {{ $dataplane.token.refresh.refresh_endpoint }} {{- else}} - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txap.agentplane.url.public" . }}/token + value: {{ include "txap.dataplane.url.public" . }}/token {{- end}} - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" @@ -246,18 +246,18 @@ spec: ## DATA PLANE PUBLIC API ######################## - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txap.agentplane.url.public" . }} + value: {{ include "txap.dataplane.url.public" . }} ################### # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ printf "http://%s-%s:%v%s/transfer-process-started" ( include "txap.fullname" . ) $dataplane.name $dataplane.endpoints.callback.port $dataplane.endpoints.callback.path | quote }} + value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started" - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" - value: {{ printf "http://%s-controlplane:%v" ( include "txap.fullname" . ) .Values.controlplane.endpoints.protocol.port | quote }} + value: {{ include "txap.controlplane.url.protocol" . }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" - value: {{ printf "http://%s-controlplane:%v%s" ( include "txap.fullname" . ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path | quote }} - + value: {{ include "txap.controlplane.url.management" . }} + {{- if $dataplane.agent.matchmaking }} - name: "CX_AGENT_MATCHMAKING" value: {{ $dataplane.agent.matchmaking | quote }} diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 9be8f7ef..4bf57932 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -93,6 +93,8 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + ingresses: + - enabled: false # -- the name of the dataplane name: "agentplane" From 29d51ae7085078646be848d8c6649d7a4c02f349 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 18:12:29 +0200 Subject: [PATCH 43/62] fix: control and management templates. --- charts/agent-plane-azure-vault/templates/_helpers.tpl | 6 +++--- .../templates/deployment-dataplane.yaml | 2 +- charts/agent-plane/templates/_helpers.tpl | 6 +++--- charts/agent-plane/templates/deployment-dataplane.yaml | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index e62d36bc..606ee94f 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -133,15 +133,15 @@ Control DSP URL {{/* Validation URL */}} -{{- define "txap.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} +{{- define "txap.controlplane.url.control" -}} +{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} {{/* Validation URL */}} {{- define "txap.controlplane.url.management" -}} -{{- printf "http://%s-controlplane:%v%s/management" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} +{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} {{- end }} {{/* diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index 4ed97ff3..d3da1191 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -141,7 +141,7 @@ spec: value: {{ $dataplane.endpoints.callback.path | quote }} - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txap.controlplane.url.validation" .}} + value: {{ include "txap.controlplane.url.control" .}}/token ########### ## VAULT ## diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index e62d36bc..8a78b974 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -133,15 +133,15 @@ Control DSP URL {{/* Validation URL */}} -{{- define "txap.controlplane.url.validation" -}} -{{- printf "http://%s-controlplane:%v%s/token" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} +{{- define "txap.controlplane.url.control" -}} +{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} {{- end }} {{/* Validation URL */}} {{- define "txap.controlplane.url.management" -}} -{{- printf "http://%s-controlplane:%v%s/management" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} +{{- printf "http://%s-controlplane:%v%" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} {{- end }} {{/* diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index a7a404f1..109068b2 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -141,7 +141,7 @@ spec: value: {{ $dataplane.endpoints.callback.path | quote }} - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txap.controlplane.url.validation" .}} + value: {{ include "txap.controlplane.url.control" .}}/token ########### ## VAULT ## From a23d00c84e04fc265a8c731cea789bcba7644f23 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 18:17:08 +0200 Subject: [PATCH 44/62] fix: lint errors. --- charts/agent-plane-azure-vault/values.yaml | 2 +- charts/agent-plane/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index ec936a80..67b0bb54 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -94,7 +94,7 @@ controlplane: # -- path for incoming api calls path: /api/v1/dsp ingresses: - - enabled: false + - enabled: false # -- the name of the dataplane name: "agentplane" diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 4bf57932..574b26bc 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -94,7 +94,7 @@ controlplane: # -- path for incoming api calls path: /api/v1/dsp ingresses: - - enabled: false + - enabled: false # -- the name of the dataplane name: "agentplane" From 6dd0bf90a4e82676b03e15c107624ae0411e5d80 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 18:29:28 +0200 Subject: [PATCH 45/62] fix: chart integration test values. --- .../ci/integration-values.yaml | 43 +++++++++--------- charts/agent-plane/ci/integration-values.yaml | 45 ++++++++++--------- 2 files changed, 47 insertions(+), 41 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index e57e64cb..881022a6 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -24,6 +24,9 @@ install: postgresql: true +participant: + id: "BPNL0000000DUMMY" + #image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault # tag: 1.12.19-SNAPSHOT @@ -33,24 +36,6 @@ controlplane: management: authKey: "bla" -token: - signer: - # alias under which the private key is stored in the vault (JWK or PEM format) - privatekey_alias: "key" - verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) - publickey_alias: "cert" - -iatp: - sts: - oauth: - token_url: "http://keycloak/oauth/token" - client: - id: "dummy" - secret_alias: "dummy" - dim: - url: "http://sts.server" - vault: azure: name: "AZURE_NAME" @@ -66,5 +51,23 @@ vault: transferProxyTokenSignerPrivateKey: "key" transferProxyTokenSignerPublicKey: "cert" transferProxyTokenEncryptionAesKey: "symmetric-key" -participant: - id: "BPNL0000000DUMMY" + +token: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: "key" + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: "cert" + +iatp: + sts: + oauth: + token_url: "http://keycloak/oauth/token" + client: + id: "dummy" + secret_alias: "dummy" + dim: + url: "http://sts.server" + + diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 88225e5a..37242afb 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -3,7 +3,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. @@ -24,6 +24,9 @@ install: postgresql: true +participant: + id: "BPNL0000000DUMMY" + #image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp # tag: 1.12.19-SNAPSHOT @@ -33,24 +36,6 @@ controlplane: management: authKey: "bla" -token: - signer: - # alias under which the private key is stored in the vault (JWK or PEM format) - privatekey_alias: "key" - verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) - publickey_alias: "cert" - -iatp: - sts: - oauth: - token_url: "http://keycloak/oauth/token" - client: - id: "dummy" - secret_alias: "dummy" - dim: - url: "http://sts.server" - vault: azure: name: "AZURE_NAME" @@ -66,5 +51,23 @@ vault: transferProxyTokenSignerPrivateKey: "key" transferProxyTokenSignerPublicKey: "cert" transferProxyTokenEncryptionAesKey: "symmetric-key" -participant: - id: "BPNL0000000DUMMY" + +token: + signer: + # alias under which the private key is stored in the vault (JWK or PEM format) + privatekey_alias: "key" + verifier: + # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + publickey_alias: "cert" + +iatp: + sts: + oauth: + token_url: "http://keycloak/oauth/token" + client: + id: "dummy" + secret_alias: "dummy" + dim: + url: "http://sts.server" + + From 3d2ad72bc6bf13fa4856203590a9fc2bdc676d66 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 18:33:52 +0200 Subject: [PATCH 46/62] fix: linting issues. --- charts/agent-plane-azure-vault/ci/integration-values.yaml | 4 +--- charts/agent-plane/ci/integration-values.yaml | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 881022a6..8cb774d6 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -27,7 +27,7 @@ install: participant: id: "BPNL0000000DUMMY" -#image: +# image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault # tag: 1.12.19-SNAPSHOT @@ -69,5 +69,3 @@ iatp: secret_alias: "dummy" dim: url: "http://sts.server" - - diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 37242afb..4d597892 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -27,7 +27,7 @@ install: participant: id: "BPNL0000000DUMMY" -#image: +# image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp # tag: 1.12.19-SNAPSHOT @@ -69,5 +69,3 @@ iatp: secret_alias: "dummy" dim: url: "http://sts.server" - - From cc1ce3bac7e11b14aacac58d129527c4c9849eb4 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 10 May 2024 18:46:06 +0200 Subject: [PATCH 47/62] chore: update DEPENDENCIES. --- DEPENDENCIES | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index bfbae920..2a0c4fa9 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -125,22 +125,22 @@ maven/mavencentral/org.apache.commons/commons-pool2/2.12.0, Apache-2.0 AND Licen maven/mavencentral/org.apache.httpcomponents/httpclient-cache/4.5.14, Apache-2.0, approved, CQ11714 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528 -maven/mavencentral/org.apache.jena/jena-arq/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-base/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-core/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-base/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-index/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-storage/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-trans-data/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-transaction/4.9.0, , restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-arq/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-base/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-core/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-dboe-base/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-dboe-index/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-dboe-storage/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-dboe-trans-data/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-dboe-transaction/4.9.0, Apache-2.0, restricted, clearlydefined maven/mavencentral/org.apache.jena/jena-fuseki-core/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-iri/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-rdfconnection/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-rdfpatch/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-shacl/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-shex/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, , restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, , restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-iri/4.9.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.apache.jena/jena-rdfconnection/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-rdfpatch/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-shacl/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-shex/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, Apache-2.0, restricted, clearlydefined maven/mavencentral/org.apache.thrift/libthrift/0.18.1, Apache-2.0, approved, #8911 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585 From 6551459d1fdf7e355818bb4f2ceffb644678df47 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 13 May 2024 08:51:21 +0200 Subject: [PATCH 48/62] fix: trailing quotes. --- .../agent-plane-azure-vault/templates/deployment-dataplane.yaml | 2 +- charts/agent-plane/templates/deployment-dataplane.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index d3da1191..2f8cd202 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -253,7 +253,7 @@ spec: # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started" + value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" value: {{ include "txap.controlplane.url.protocol" . }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 109068b2..9a51cb8c 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -252,7 +252,7 @@ spec: # AGENT CALLBACK # ################### - name: "CX_AGENT_CALLBACK" - value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started" + value: {{ include "txap.dataplane.url.callback" . }}/transfer-process-started - name: "CX_AGENT_CONTROLPLANE_PROTOCOL" value: {{ include "txap.controlplane.url.protocol" . }} - name: "CX_AGENT_CONTROLPLANE_MANAGEMENT" From 03ffb128518904703fe530b047161b9a6d7c93ae Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Mon, 13 May 2024 12:58:32 +0200 Subject: [PATCH 49/62] chore: make sure the dependent repositories are available when chart testing and that referrred components are up-to-date. --- .github/workflows/helm-chart-lint.yml | 5 ++++- charts/agent-plane/Chart.yaml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index d4dc8bcf..7e1a89cd 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -114,7 +114,10 @@ jobs: # install the chart to the kind cluster and run helm test # define charts to test with the --charts parameter - name: Run chart-testing (install) - run: ct install --charts charts/agent-plane,charts/agent-plane-azure-vault --config charts/config/chart-testing-config.yaml --helm-extra-set-args="--set=imageRegistry=kind-registry:5000/" + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo add hashicorp https://helm.releases.hashicorp.com + ct install --charts charts/agent-plane,charts/agent-plane-azure-vault --config charts/config/chart-testing-config.yaml --helm-extra-set-args="--set=imageRegistry=kind-registry:5000/" if: github.event_name != 'pull_request' || env.CHART_CHANGED == 'true' # Upgrade the released chart version with the locally available chart diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index 698184ae..6eea51a9 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -54,7 +54,7 @@ dependencies: # HashiCorp Vault - name: vault alias: vault - version: 0.20.0 + version: 0.27.0 repository: https://helm.releases.hashicorp.com condition: install.vault # PostgreSQL From baa7de10fd38d66ee662fcc3512e2d4bc19e74ca Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 15 May 2024 09:21:17 +0200 Subject: [PATCH 50/62] chore: update DEPENDENCIES after successful IP checks. --- DEPENDENCIES | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 2a0c4fa9..932603bc 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -125,22 +125,22 @@ maven/mavencentral/org.apache.commons/commons-pool2/2.12.0, Apache-2.0 AND Licen maven/mavencentral/org.apache.httpcomponents/httpclient-cache/4.5.14, Apache-2.0, approved, CQ11714 maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528 -maven/mavencentral/org.apache.jena/jena-arq/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-base/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-core/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-base/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-index/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-storage/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-trans-data/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-dboe-transaction/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-fuseki-core/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-arq/4.9.0, Apache-2.0 AND (Apache-2.0 AND EPL-2.0) AND (Apache-2.0 AND EPL-1.0), approved, #14711 +maven/mavencentral/org.apache.jena/jena-base/4.9.0, Apache-2.0, approved, #14713 +maven/mavencentral/org.apache.jena/jena-core/4.9.0, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #14700 +maven/mavencentral/org.apache.jena/jena-dboe-base/4.9.0, Apache-2.0, approved, #14705 +maven/mavencentral/org.apache.jena/jena-dboe-index/4.9.0, Apache-2.0, approved, #14710 +maven/mavencentral/org.apache.jena/jena-dboe-storage/4.9.0, Apache-2.0, approved, #14704 +maven/mavencentral/org.apache.jena/jena-dboe-trans-data/4.9.0, Apache-2.0, approved, #14707 +maven/mavencentral/org.apache.jena/jena-dboe-transaction/4.9.0, Apache-2.0, approved, #14712 +maven/mavencentral/org.apache.jena/jena-fuseki-core/4.9.0, Apache-2.0 AND (EPL-2.0 OR Apache-2.0), approved, #14702 maven/mavencentral/org.apache.jena/jena-iri/4.9.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.apache.jena/jena-rdfconnection/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-rdfpatch/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-shacl/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-shex/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, Apache-2.0, restricted, clearlydefined -maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, Apache-2.0, restricted, clearlydefined +maven/mavencentral/org.apache.jena/jena-rdfconnection/4.9.0, Apache-2.0, approved, #14703 +maven/mavencentral/org.apache.jena/jena-rdfpatch/4.9.0, Apache-2.0, approved, #14714 +maven/mavencentral/org.apache.jena/jena-shacl/4.9.0, Apache-2.0 AND W3C-20150513, approved, #14706 +maven/mavencentral/org.apache.jena/jena-shex/4.9.0, Apache-2.0, approved, #14709 +maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, Apache-2.0, approved, #14708 +maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, Apache-2.0, approved, #14701 maven/mavencentral/org.apache.thrift/libthrift/0.18.1, Apache-2.0, approved, #8911 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585 From 642ad6e034be1a0c9df6b92f141e08106dc44264 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 15 May 2024 09:35:32 +0200 Subject: [PATCH 51/62] fix: add resources to agent plane as borrowed from the tractusx charts --- charts/agent-plane-azure-vault/values.yaml | 12 ++++++------ charts/agent-plane/values.yaml | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index 67b0bb54..b9238d56 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -290,12 +290,12 @@ resources: {} # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi +limits: + cpu: 1.5 + memory: 1024Mi +requests: + cpu: 500m + memory: 128Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 574b26bc..ef388318 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -290,12 +290,12 @@ resources: {} # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi +limits: + cpu: 1.5 + memory: 1024Mi +requests: + cpu: 500m + memory: 128Mi replicaCount: 1 autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) From 94abcf5449b79dd236194443c07af73e105100ba Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 15 May 2024 09:40:21 +0200 Subject: [PATCH 52/62] docs: broken link because of style change. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8d854d6d..8895dce4 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ Above is a collaboration map of the main implementation classes found in this re It starts with an application performing a [SPARQL](https://www.w3.org/TR/sparql11-query/) call against the Consumer's [AgentController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java) of the [Agent Protocol Data Plane Extension](agent-plane/agent-plane-protocol/README.md). This call may be handled by a [AuthenticationService](https://github.com/eclipse-edc/Connector/blob/main/spi/common/auth-spi/src/main/java/org/eclipse/edc/api/auth/spi/AuthenticationService.java). Using the configuration facilities of the [JWT Auth Extension](common/auth-jwt/README.md) which sets up single [JwtAuthenticationService](common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/JwtAuthenticationService.java) or composed [CompositeAuthenticationService](common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeAuthenticationService.java) the handler stack may analyses diverse authorisation features of the incoming request, such as checking a JWT-based bearer token for validity against multiple OpenId servers by [CompositeJwsVerifier](common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/CompositeJwsVerifier.java). -The [AgentController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java) delegates the call upon preprocessing (e.g. by resolving local Skill Asset references using the [EdcSkillStore](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java)) to the actual [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) (an instance of an [Apache Jena Sparql Query Processor](https://github.com/apache/jena/blob/main/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java)). The [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) is backed by an [RDFStore](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RDFStore.java) which hosts the Federated Data Catalogue (and that is regularly synchronized by the [DataspaceSynchronizer](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java)). +The [AgentController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java) delegates the call upon preprocessing (e.g. by resolving local Skill Asset references using the [EdcSkillStore](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java)) to the actual [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) (an instance of an [Apache Jena Sparql Query Processor](https://github.com/apache/jena/blob/main/jena-fuseki2/jena-fuseki-core/src/main/java/org/apache/jena/fuseki/servlets/SPARQLQueryProcessor.java)). The [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) is backed by an [RdfStore](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/rdf/RdfStore.java) which hosts the Federated Data Catalogue (and that is regularly synchronized by the [DataspaceSynchronizer](gent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataspaceSynchronizer.java)). Whenever external SERVICE references in a SPARQL query are to be executed, the [SparqlQueryProcessor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/SparqlQueryProcessor.java) will ask the [DataspaceServiceExecutor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java) to execute the actual sub-operation. This operation could - depending on the actual query binding context - either point to multiple tenant-internal or public endpoints. The operation could also need to be batched in case that there are too many bindings to transfer in one go (see the maxBatchSize Parameter in the [Agent Protocol Data Plane Extension](agent-plane/agent-plane-protocol/README.md)). The operation could also hint to dataspace addresses (as indicated through URLs starting with the edc:// or edcs:// schemes). In this latter case, [DataspaceServiceExecutor](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/sparql/DataspaceServiceExecutor.java) will ask the [AgreementController](agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgreementController.java) for help. From d157a905d3881cc6fb1c167145f663cd801884f6 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 15 May 2024 13:47:21 +0200 Subject: [PATCH 53/62] fix: agent plane name was fixed in chart helpers. --- charts/agent-plane-azure-vault/templates/_helpers.tpl | 6 +++--- charts/agent-plane/templates/_helpers.tpl | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index 606ee94f..625d55c4 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -148,14 +148,14 @@ Validation URL Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} {{- define "txap.dataplane.url.signaling" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} {{- end }} {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} {{- define "txap.dataplane.url.callback" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.callback.port .Values.endpoints.callback.path -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.callback.port .Values.endpoints.callback.path -}} {{- end }} {{/* @@ -173,7 +173,7 @@ Data Public URL {{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" $ ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" $ ) $.Values.name $.Values.endpoints.public.port $.Values.endpoints.public.path -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.url.public */}} diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index 8a78b974..625d55c4 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -141,21 +141,21 @@ Validation URL Validation URL */}} {{- define "txap.controlplane.url.management" -}} -{{- printf "http://%s-controlplane:%v%" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} +{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.management.port .Values.controlplane.endpoints.management.path -}} {{- end }} {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} {{- define "txap.dataplane.url.signaling" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} {{- end }} {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} {{- define "txap.dataplane.url.callback" -}} -{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" . ) .Values.endpoints.callback.port .Values.endpoints.callback.path -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.callback.port .Values.endpoints.callback.path -}} {{- end }} {{/* @@ -173,7 +173,7 @@ Data Public URL {{- printf "http://%s%s" .hostname $.Values.endpoints.public.path -}} {{- end }}{{/* end if tls */}} {{- else }}{{/* else when ingress not enabled */}} -{{- printf "http://%s-dataplane:%v%s" (include "txap.fullname" $ ) $.Values.endpoints.public.port $.Values.endpoints.public.path -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" $ ) $.Values.name $.Values.endpoints.public.port $.Values.endpoints.public.path -}} {{- end }}{{/* end if ingress */}} {{- end }}{{/* end with ingress */}} {{- end }}{{/* end if .Values.url.public */}} From d49adbd74249f825648af31a080b491575bd5a88 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 16 May 2024 12:16:46 +0200 Subject: [PATCH 54/62] style: copyright license headers should use fixed period formatting. --- .github/dependabot.yml | 2 +- .github/workflows/dependencies.yml | 2 +- .github/workflows/helm-chart-release.yml | 2 +- .tractusx | 2 +- charts/agent-plane-azure-vault/Chart.yaml | 2 +- charts/agent-plane-azure-vault/ci/integration-values.yaml | 4 ++-- charts/agent-plane-azure-vault/templates/_helpers.tpl | 2 +- .../templates/deployment-dataplane.yaml | 2 +- charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml | 2 +- .../agent-plane-azure-vault/templates/ingress-dataplane.yaml | 2 +- charts/agent-plane-azure-vault/templates/serviceaccount.yaml | 2 +- charts/agent-plane/Chart.yaml | 2 +- charts/agent-plane/ci/integration-values.yaml | 4 ++-- charts/agent-plane/templates/_helpers.tpl | 2 +- charts/agent-plane/templates/deployment-dataplane.yaml | 2 +- charts/agent-plane/templates/hpa-dataplane.yaml | 2 +- charts/agent-plane/templates/ingress-dataplane.yaml | 2 +- charts/agent-plane/templates/serviceaccount.yaml | 2 +- 18 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 387d6709..b2da644c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,5 @@ # -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 3964bc82..dc436091 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/.github/workflows/helm-chart-release.yml b/.github/workflows/helm-chart-release.yml index f01e9f76..8ab748dc 100644 --- a/.github/workflows/helm-chart-release.yml +++ b/.github/workflows/helm-chart-release.yml @@ -1,6 +1,6 @@ --- # -# Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/.tractusx b/.tractusx index a6c21476..6efc7db9 100644 --- a/.tractusx +++ b/.tractusx @@ -1,5 +1,5 @@ ############################################################### -# Copyright (c) 2022, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2022,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml index 36c91683..b979c33a 100644 --- a/charts/agent-plane-azure-vault/Chart.yaml +++ b/charts/agent-plane-azure-vault/Chart.yaml @@ -3,7 +3,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 8cb774d6..88203c18 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -1,9 +1,9 @@ # -# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index 625d55c4..d809d091 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -3,7 +3,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index 2f8cd202..fa3d5bae 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -6,7 +6,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml index bd8acaee..322a6745 100644 --- a/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/hpa-dataplane.yaml @@ -8,7 +8,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml index cb7955af..4302a890 100644 --- a/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/ingress-dataplane.yaml @@ -15,7 +15,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane-azure-vault/templates/serviceaccount.yaml b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml index f3c5fecf..2daf1e45 100644 --- a/charts/agent-plane-azure-vault/templates/serviceaccount.yaml +++ b/charts/agent-plane-azure-vault/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index 6eea51a9..45d82bef 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -3,7 +3,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 4d597892..55de37fd 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -1,9 +1,9 @@ # -# Copyright (c) 2023, 2024 T-Systems International GmbH +# Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index 625d55c4..d809d091 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -3,7 +3,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 9a51cb8c..0d374aff 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -6,7 +6,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/hpa-dataplane.yaml b/charts/agent-plane/templates/hpa-dataplane.yaml index bd8acaee..322a6745 100644 --- a/charts/agent-plane/templates/hpa-dataplane.yaml +++ b/charts/agent-plane/templates/hpa-dataplane.yaml @@ -8,7 +8,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/ingress-dataplane.yaml b/charts/agent-plane/templates/ingress-dataplane.yaml index cb7955af..4302a890 100644 --- a/charts/agent-plane/templates/ingress-dataplane.yaml +++ b/charts/agent-plane/templates/ingress-dataplane.yaml @@ -15,7 +15,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. diff --git a/charts/agent-plane/templates/serviceaccount.yaml b/charts/agent-plane/templates/serviceaccount.yaml index f3c5fecf..2daf1e45 100644 --- a/charts/agent-plane/templates/serviceaccount.yaml +++ b/charts/agent-plane/templates/serviceaccount.yaml @@ -5,7 +5,7 @@ # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH # Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) -# Copyright (c) 2021, 2024 Contributors to the Eclipse Foundation +# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation # # See the NOTICE file(s) distributed with this work for additional # information regarding copyright ownership. From 9c0c4eb81c8a5433fd4383c4ca4e23199ac28eb9 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 16 May 2024 12:35:45 +0200 Subject: [PATCH 55/62] fix: important code smells/forgery threats as of codeql results 2024-05-16 --- .../tractusx/agents/edc/AgentConfig.java | 10 ++ .../tractusx/agents/edc/AgentExtension.java | 4 - .../tractusx/agents/edc/SkillStore.java | 31 ++--- .../agents/edc/http/AgentController.java | 33 +++-- .../agents/edc/http/transfer/AgentSource.java | 113 +++++++++--------- .../agents/edc/service/EdcSkillStore.java | 4 +- .../edc/service/InMemorySkillStore.java | 11 +- .../agents/edc/http/TestAgentController.java | 2 +- 8 files changed, 105 insertions(+), 103 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java index 33acd277..7842a4ef 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentConfig.java @@ -99,6 +99,7 @@ public class AgentConfig { protected final Pattern serviceDenyPattern; protected final Pattern serviceAssetAllowPattern; protected final Pattern serviceAssetDenyPattern; + protected static final Pattern ASSET_REFERENCE_PATTERN = Pattern.compile("((?[^#]+)#)?(?.+)"); /** * references to EDC services @@ -381,6 +382,15 @@ public Pattern getServiceAssetDenyPattern() { return serviceAssetDenyPattern; } + /** + * access + * + * @return regular expression for asset references + */ + public static Pattern getAssetReferencePattern() { + return ASSET_REFERENCE_PATTERN; + } + /** * access * diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java index bb2c8cd3..2a864051 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java @@ -52,7 +52,6 @@ import java.util.Map; import java.util.concurrent.Executors; import java.util.concurrent.ScheduledExecutorService; -import java.util.regex.Pattern; /** * EDC extension that initializes the Agent subsystem (Agent Sources, Agent Endpoint and Federation Callbacks @@ -65,9 +64,6 @@ public class AgentExtension implements ServiceExtension { */ protected static final String DEFAULT_CONTEXT_ALIAS = "default"; protected static final String CALLBACK_CONTEXT_ALIAS = "callback"; - public static final Pattern GRAPH_PATTERN = Pattern.compile("((?[^#]+)#)?(?.*Graph(Asset)?.*)"); - public static final Pattern SKILL_PATTERN = Pattern.compile("((?[^#]+)#)?(?.*Skill(Asset)?.*)"); - /** * dependency injection part diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java index aef5c27a..ba9a3191 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/SkillStore.java @@ -17,23 +17,12 @@ package org.eclipse.tractusx.agents.edc; import java.util.Optional; -import java.util.regex.Matcher; /** * interface to a skill store */ public interface SkillStore { - /** - * match a given asset - * - * @param key asset name - * @return matcher - */ - static Matcher matchSkill(String key) { - return AgentExtension.SKILL_PATTERN.matcher(key); - } - /** * check a given asset for being a skill * @@ -45,17 +34,17 @@ static Matcher matchSkill(String key) { /** * register a skill * - * @param key asset name required - * @param skill query text required - * @param name of skill optional - * @param description of skill optional - * @param version of skill optional - * @param contract of skill optional - * @param dist of skill required - * @param isFederated whether skill maybe synchronized in catalogue + * @param key asset name required + * @param skill query text required + * @param name of skill optional + * @param description of skill optional + * @param version of skill optional + * @param contract of skill optional + * @param dist of skill required + * @param isFederated whether skill maybe synchronized in catalogue * @param allowServicePattern regex for service to call in skill - * @param denyServicePattern regex for services denied in skill - * @param ontologies a set of ontologies + * @param denyServicePattern regex for services denied in skill + * @param ontologies a set of ontologies * @return skill id */ String put(String key, String skill, String name, String description, String version, String contract, SkillDistribution dist, boolean isFederated, String allowServicePattern, String denyServicePattern, String... ontologies); diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java index e88770b5..7b4d2c94 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/AgentController.java @@ -32,7 +32,6 @@ import org.apache.http.HttpStatus; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.tractusx.agents.edc.AgentConfig; -import org.eclipse.tractusx.agents.edc.AgentExtension; import org.eclipse.tractusx.agents.edc.AgreementController; import org.eclipse.tractusx.agents.edc.SkillDistribution; import org.eclipse.tractusx.agents.edc.SkillStore; @@ -63,6 +62,7 @@ public class AgentController { protected final SparqlQueryProcessor processor; protected final DelegationService delegationService; + /** * creates a new agent controller * @@ -378,17 +378,15 @@ public Response executeQuery(String asset, HttpHeaders headers, HttpServletReque String remoteUrl = null; if (asset != null) { - Matcher matcher = AgentExtension.GRAPH_PATTERN.matcher(asset); + Matcher matcher = config.getAssetReferencePattern().matcher(asset); if (matcher.matches()) { remoteUrl = matcher.group("url"); - graph = matcher.group("graph"); - } else { - matcher = SkillStore.matchSkill(asset); - if (!matcher.matches()) { - return Response.status(Response.Status.BAD_REQUEST).build(); + asset = matcher.group("asset"); + if (asset.contains("Graph")) { + graph = asset; + } else if (asset.contains("Skill")) { + skill = asset; } - remoteUrl = matcher.group("url"); - skill = matcher.group("skill"); } } @@ -406,15 +404,14 @@ public Response executeQuery(String asset, HttpHeaders headers, HttpServletReque } try { - // exchange skill against text - if (asset != null) { - if (skillStore.isSkill(asset)) { - Optional skillOption = skillStore.get(asset); - if (skillOption.isPresent()) { - skill = skillOption.get(); - } else { - return HttpUtils.respond(monitor, headers, HttpStatus.SC_NOT_FOUND, "The requested skill is not registered.", null); - } + // exchange skill against text locally + if (asset != null && skill != null) { + Optional skillOption = skillStore.get(skill); + if (skillOption.isPresent()) { + skill = skillOption.get(); + } else { + skill = null; + return HttpUtils.respond(monitor, headers, HttpStatus.SC_NOT_FOUND, "The requested skill is not registered.", null); } } diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java index 194dceaa..466ea6f2 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSource.java @@ -26,7 +26,7 @@ import org.eclipse.edc.connector.dataplane.spi.pipeline.StreamResult; import org.eclipse.edc.http.spi.EdcHttpClient; import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; -import org.eclipse.tractusx.agents.edc.AgentExtension; +import org.eclipse.tractusx.agents.edc.AgentConfig; import org.eclipse.tractusx.agents.edc.SkillDistribution; import org.eclipse.tractusx.agents.edc.SkillStore; import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor; @@ -70,7 +70,7 @@ public class AgentSource implements DataSource { protected SkillStore skillStore; protected DataFlowStartMessage request; - + protected String matchmakingAgentUrl; public static final String AGENT_BOUNDARY = "--"; @@ -102,35 +102,36 @@ protected StreamResult> openMatchmakingInternal() { String graph = null; String asset = String.valueOf(request.getSourceDataAddress().getProperties().get(AgentSourceHttpParamsDecorator.ASSET_PROP_ID)); if (asset != null && asset.length() > 0) { - Matcher graphMatcher = AgentExtension.GRAPH_PATTERN.matcher(asset); - if (graphMatcher.matches()) { - graph = asset; - } - Matcher skillMatcher = SkillStore.matchSkill(asset); - if (skillMatcher.matches()) { - var skillText = skillStore.get(asset); - if (skillText.isEmpty()) { - return StreamResult.error(format("Skill %s does not exist.", asset)); - } - SkillDistribution distribution = skillStore.getDistribution(asset); - String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS); - SkillDistribution runMode = SkillDistribution.ALL; - if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) { - runMode = SkillDistribution.PROVIDER; - } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) { - runMode = SkillDistribution.CONSUMER; - } - if (runMode == SkillDistribution.CONSUMER) { - if (distribution == SkillDistribution.PROVIDER) { - return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset)); + Matcher assetMatcher = AgentConfig.getAssetReferencePattern().matcher(asset); + if (assetMatcher.matches()) { + if (assetMatcher.group("asset").contains("Graph")) { + graph = asset; + } else if (assetMatcher.group("asset").contains("Skill")) { + var skillText = skillStore.get(asset); + if (skillText.isEmpty()) { + return StreamResult.error(format("Skill %s does not exist.", asset)); } - return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes()))); - } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) { - return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset)); + SkillDistribution distribution = skillStore.getDistribution(asset); + String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS); + SkillDistribution runMode = SkillDistribution.ALL; + if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) { + runMode = SkillDistribution.PROVIDER; + } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) { + runMode = SkillDistribution.CONSUMER; + } + if (runMode == SkillDistribution.CONSUMER) { + if (distribution == SkillDistribution.PROVIDER) { + return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset)); + } + return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes()))); + } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) { + return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset)); + } + skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider } - skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider } } + try (Response response = processor.execute(this.requestFactory.toRequest(params), skill, graph, request.getSourceDataAddress().getProperties())) { if (!response.isSuccessful()) { return StreamResult.error(format("Received code transferring HTTP data for request %s: %s - %s.", requestId, response.code(), response.message())); @@ -147,7 +148,7 @@ protected StreamResult> openMatchmakingInternal() { return StreamResult.error(e.getMessage()); } } - + /** * executes a KA-MATCHMAKING REST API call and pipes the results into KA-TRANSFER * @@ -165,33 +166,33 @@ protected StreamResult> openMatchmakingRest() { String url = baseUrl + "?asset=" + asset; if (asset != null && asset.length() > 0) { - Matcher graphMatcher = AgentExtension.GRAPH_PATTERN.matcher(asset); - if (graphMatcher.matches()) { - graph = asset; - } - Matcher skillMatcher = SkillStore.matchSkill(asset); - if (skillMatcher.matches()) { - var skillText = skillStore.get(asset); - if (skillText.isEmpty()) { - return StreamResult.error(format("Skill %s does not exist.", asset)); - } - SkillDistribution distribution = skillStore.getDistribution(asset); - String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS); - SkillDistribution runMode = SkillDistribution.ALL; - if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) { - runMode = SkillDistribution.PROVIDER; - } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) { - runMode = SkillDistribution.CONSUMER; - } - if (runMode == SkillDistribution.CONSUMER) { - if (distribution == SkillDistribution.PROVIDER) { - return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset)); + Matcher assetMatcher = AgentConfig.getAssetReferencePattern().matcher(asset); + if (assetMatcher.matches()) { + if (assetMatcher.group("asset").contains("Graph")) { + graph = asset; + } else if (assetMatcher.group("asset").contains("Skill")) { + var skillText = skillStore.get(asset); + if (skillText.isEmpty()) { + return StreamResult.error(format("Skill %s does not exist.", asset)); + } + SkillDistribution distribution = skillStore.getDistribution(asset); + String params = request.getProperties().get(AgentSourceHttpParamsDecorator.QUERY_PARAMS); + SkillDistribution runMode = SkillDistribution.ALL; + if (params.contains("runMode=provider") || params.contains("runMode=PROVIDER")) { + runMode = SkillDistribution.PROVIDER; + } else if (params.contains("runMode=consumer") || params.contains("runMode=CONSUMER")) { + runMode = SkillDistribution.CONSUMER; } - return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes()))); - } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) { - return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset)); + if (runMode == SkillDistribution.CONSUMER) { + if (distribution == SkillDistribution.PROVIDER) { + return StreamResult.error(String.format("Run distribution of skill %s should be consumer, but was set to provider only.", asset)); + } + return StreamResult.success(Stream.of(new AgentPart("application/sparql-query", skillText.get().getBytes()))); + } else if (runMode == SkillDistribution.PROVIDER && distribution == SkillDistribution.CONSUMER) { + return StreamResult.error(String.format("Run distribution of skill %s should be provider, but was set to consumer only.", asset)); + } + skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider } - skill = skillText.get(); // default execution for runMode=ALL or runMode=provider and DistributionMode is ALL or provider } } @@ -202,7 +203,7 @@ protected StreamResult> openMatchmakingRest() { } else { assetValue = skill; } - + HttpUrl.Builder urlBuilder = HttpUrl.parse(url).newBuilder(); urlBuilder.addQueryParameter("asset", assetValue); // Put parameters into request @@ -294,12 +295,12 @@ public AgentSource.Builder request(DataFlowStartMessage request) { dataSource.request = request; return this; } - + public AgentSource.Builder matchmakingAgentUrl(String matchmakingAgentUrl) { dataSource.matchmakingAgentUrl = matchmakingAgentUrl; return this; } - + public AgentSource build() { Objects.requireNonNull(dataSource.requestId, "requestId"); Objects.requireNonNull(dataSource.httpClient, "httpClient"); diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java index 43a48bde..e285160b 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/EdcSkillStore.java @@ -29,6 +29,7 @@ import java.io.IOException; import java.util.List; import java.util.Optional; +import java.util.regex.Matcher; /** * Implements a skill store based on EDC assets @@ -47,7 +48,8 @@ public EdcSkillStore(DataManagement management, TypeManager typeManager, AgentCo @Override public boolean isSkill(String key) { - return SkillStore.matchSkill(key).matches(); + Matcher matcher = config.getAssetReferencePattern().matcher(key); + return matcher.matches() && matcher.group("asset").contains("Skill"); } @Override diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java index cd7a4acf..ed5f7a36 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/InMemorySkillStore.java @@ -16,12 +16,14 @@ // SPDX-License-Identifier: Apache-2.0 package org.eclipse.tractusx.agents.edc.service; +import org.eclipse.tractusx.agents.edc.AgentConfig; import org.eclipse.tractusx.agents.edc.SkillDistribution; import org.eclipse.tractusx.agents.edc.SkillStore; import java.util.HashMap; import java.util.Map; import java.util.Optional; +import java.util.regex.Matcher; /** * An in-memory store for local skills @@ -31,15 +33,20 @@ public class InMemorySkillStore implements SkillStore { // temporary local skill store protected final Map skills = new HashMap<>(); + protected AgentConfig config; + /** * create the store */ - public InMemorySkillStore() { + public InMemorySkillStore(AgentConfig config) { + this.config = config; } + @Override public boolean isSkill(String key) { - return SkillStore.matchSkill(key).matches(); + Matcher matcher = config.getAssetReferencePattern().matcher(key); + return matcher.matches() && matcher.group("asset").contains("Skill"); } @Override diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java index 8e779151..9b0c5be5 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/http/TestAgentController.java @@ -80,7 +80,7 @@ public class TestAgentController extends RestControllerTestBase { SparqlQueryProcessor processor=new SparqlQueryProcessor(serviceExecutorReg,monitor,agentConfig,store, typeManager); - InMemorySkillStore skillStore=new InMemorySkillStore(); + InMemorySkillStore skillStore=new InMemorySkillStore(agentConfig); DelegationServiceImpl delegationService=new DelegationServiceImpl(mockController,monitor,client,typeManager,agentConfig); AgentController agentController=new AgentController(monitor,mockController,agentConfig,processor,skillStore,delegationService); From d417eb407067c3a8a59d15329b3a3ecea7a3c4ba Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 16 May 2024 13:32:03 +0200 Subject: [PATCH 56/62] fix: important code smells/forgery threats as of codeql results 2024-05-16 --- .../agents/edc/http/DelegationServiceImpl.java | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java index 16014979..65bc9277 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/DelegationServiceImpl.java @@ -46,6 +46,7 @@ import java.util.Map; import java.util.Objects; import java.util.Optional; +import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; @@ -183,8 +184,8 @@ public DelegationResponse sendPostRequest(EndpointDataReference dataReference, S return new DelegationResponse(sendRequest(newRequest, response), Response.status(response.getStatus()).build()); } - protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?!asset$)[^&?=]+$"); - protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^.+$"); + protected static final Pattern PARAMETER_KEY_ALLOW = Pattern.compile("^(?(?!asset$)[^&?=]+)$"); + protected static final Pattern PARAMETER_VALUE_ALLOW = Pattern.compile("^(?[^&]+)$"); /** * computes the url to target the given data plane @@ -209,11 +210,13 @@ protected HttpUrl getUrl(String connectorUrl, String subUrl, HttpHeaders headers HttpUrl.Builder httpBuilder = Objects.requireNonNull(okhttp3.HttpUrl.parse(url)).newBuilder(); for (Map.Entry> param : uri.getQueryParameters().entrySet()) { String key = param.getKey(); - if (PARAMETER_KEY_ALLOW.matcher(key).matches()) { + Matcher keyMatcher = PARAMETER_KEY_ALLOW.matcher(key); + if (keyMatcher.matches()) { + String recodeKey = HttpUtils.urlEncodeParameter(keyMatcher.group("param")); for (String value : param.getValue()) { - if (PARAMETER_VALUE_ALLOW.matcher(value).matches()) { - String recodeKey = HttpUtils.urlEncodeParameter(key); - String recodeValue = HttpUtils.urlEncodeParameter(value); + Matcher valueMatcher = PARAMETER_VALUE_ALLOW.matcher(value); + if (valueMatcher.matches()) { + String recodeValue = HttpUtils.urlEncodeParameter(valueMatcher.group("value")); httpBuilder = httpBuilder.addQueryParameter(recodeKey, recodeValue); } } From 5dd28690dd07293172eb264b024236142f8b94e6 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 17 May 2024 14:34:20 +0200 Subject: [PATCH 57/62] fix: incorrect signaling target port in agent service. --- charts/agent-plane-azure-vault/templates/service-dataplane.yaml | 2 +- charts/agent-plane/templates/service-dataplane.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml index 7ddacef7..34f5b3ec 100644 --- a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml @@ -33,7 +33,7 @@ spec: protocol: TCP name: default - port: {{ .Values.endpoints.signaling.port }} - targetPort: control + targetPort: signaling protocol: TCP name: signaling - port: {{ .Values.endpoints.public.port }} diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml index 7ddacef7..34f5b3ec 100644 --- a/charts/agent-plane/templates/service-dataplane.yaml +++ b/charts/agent-plane/templates/service-dataplane.yaml @@ -33,7 +33,7 @@ spec: protocol: TCP name: default - port: {{ .Values.endpoints.signaling.port }} - targetPort: control + targetPort: signaling protocol: TCP name: signaling - port: {{ .Values.endpoints.public.port }} From f6823249e5c357f94774c3afafb7d0fd4e0cc516 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 17 May 2024 14:47:59 +0200 Subject: [PATCH 58/62] fix: wrong azure environment vars. --- .../templates/deployment-dataplane.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index fa3d5bae..eab5500b 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -147,20 +147,20 @@ spec: ## VAULT ## ########### - - name: "EDC_VAULT_CLIENTID" + - name: "AZURE_CLIENT_ID" value: {{ .Values.vault.azure.client | quote }} - - name: "EDC_VAULT_TENANTID" + - name: "AZURE_TENANT_ID" value: {{ .Values.vault.azure.tenant | quote }} - name: "EDC_VAULT_NAME" value: {{ .Values.vault.azure.name | quote }} # only set the env var if config value not null {{- if .Values.vault.azure.secret }} - - name: "EDC_VAULT_CLIENTSECRET" + - name: "AZURE_CLIENT_SECRET" value: {{ .Values.vault.azure.secret | quote }} {{- end }} # only set the env var if config value not null {{- if .Values.vault.azure.certificate }} - - name: "EDC_VAULT_CERTIFICATE" + - name: "AZURE_CLIENT_CERTIFICATE" value: {{ .Values.vault.azure.certificate | quote }} {{- end }} From b9fb2960fedb7b7b43463e6effa3b2b9ae520b15 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 17 May 2024 18:03:33 +0200 Subject: [PATCH 59/62] docs: changelog for the upcoming release. --- CHANGELOG.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5c019e9b..8b5538da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,37 @@ All notable changes to this product will be documented in this file. # Released +## [1.12.19] - 2024-05-17 + +### Added + +- Federated Catalogue: Support for sh:shape in top-level graph for implementing goal-oriented skills, operate according to the CS 24.05 standard +- Matchmaking Agent: Possibility to use an external matchmaking agent (which can host actual graph data) + +### Changed + +- Adapted to Tractus-X EDC 0.7.0 +- Upgraded to the latest possible version of dependent libraries +- Improvements when interacting with EDC control plane + +### Removed + +- Support for Tractus-X EDC <0.6.x, compatibility modes + +## [1.11.16] - 2024-02-20 + +### Added + +- Federated Catalogue: More asset properties mapped, operate according CX 24.03 standards + +### Changed + +- Adapted to Tractus-X EDC 0.5.4 +- Upgraded to the latest possible version of dependent libraries +- Improvements when interacting with EDC control plane + +### Removed + ## [1.10.15] - 2023-11-22 ### Added From b89f17be62e4e82f7ae2860b242014517a9ae8bb Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 18 May 2024 08:29:13 +0200 Subject: [PATCH 60/62] docs|fix: chart test for azure-vault plane fixed. Document the charts. --- CHANGELOG.md | 2 + charts/agent-plane-azure-vault/README.md | 76 +++--- .../templates/deployment-dataplane.yaml | 4 + charts/agent-plane-azure-vault/values.yaml | 10 +- charts/agent-plane/README.md | 69 +++--- docs/README.md | 230 ++++++++++-------- 6 files changed, 211 insertions(+), 180 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8b5538da..dee0ffd5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -30,6 +30,7 @@ All notable changes to this product will be documented in this file. - Federated Catalogue: Support for sh:shape in top-level graph for implementing goal-oriented skills, operate according to the CS 24.05 standard - Matchmaking Agent: Possibility to use an external matchmaking agent (which can host actual graph data) +- Charts for Agent Plane Only Deployments (agent-plane, agent-plane-vault) in Umbrella with Tractus-X Connector (tractusx-connector, tractusx-connector-azure-vault) ### Changed @@ -40,6 +41,7 @@ All notable changes to this product will be documented in this file. ### Removed - Support for Tractus-X EDC <0.6.x, compatibility modes +- Charts for Complete Connector Deployments (agent-connector) ## [1.11.16] - 2024-02-20 diff --git a/charts/agent-plane-azure-vault/README.md b/charts/agent-plane-azure-vault/README.md index 35a3e4c8..085d6511 100644 --- a/charts/agent-plane-azure-vault/README.md +++ b/charts/agent-plane-azure-vault/README.md @@ -19,14 +19,14 @@ --> -# agent-plane +# agent-plane-azure-vault -![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. -This chart is intended for use with an _existing_ HashiCorp Vault. +This chart is intended for use with an _existing_ Azure Vault and Tractusx Connector. **Homepage:** @@ -76,15 +76,15 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | Repository | Name | Version | |------------|------|---------| -| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | +| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | -| agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | +| agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | +| agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with | | agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | | agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | | agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | @@ -115,30 +115,18 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | aws.secretAccessKey | string | `""` | | | configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | | configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | +| connector | string | `""` | Name of the connector deployment | +| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment | +| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | +| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | +| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | | controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | | controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | +| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | +| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | +| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | | customLabels | object | `{}` | To add some custom labels | | debug.enabled | bool | `false` | | | debug.port | int | `1044` | | @@ -146,21 +134,23 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | | endpoints.callback.path | string | `"/callback"` | | | endpoints.callback.port | int | `8087` | | -| endpoints.control.path | string | `"/api/dataplane/control"` | | -| endpoints.control.port | int | `8083` | | | endpoints.default.path | string | `"/api"` | | | endpoints.default.port | int | `8080` | | -| endpoints.metrics.path | string | `"/metrics"` | | -| endpoints.metrics.port | int | `9090` | | -| endpoints.proxy.path | string | `"/proxy"` | | -| endpoints.proxy.port | int | `8186` | | | endpoints.public.path | string | `"/api/public"` | | | endpoints.public.port | int | `8081` | | +| endpoints.signaling.path | string | `"/api/signaling"` | | +| endpoints.signaling.port | int | `8083` | | | env | object | `{}` | | | envConfigMapNames | list | `[]` | | | envSecretNames | list | `[]` | | | envValueFrom | object | `{}` | | | fullnameOverride | string | `""` | | +| iatp.id | string | `"did:web:changeme"` | | +| iatp.sts.dim.url | string | `nil` | | +| iatp.sts.oauth.client.id | string | `nil` | | +| iatp.sts.oauth.client.secret_alias | string | `nil` | | +| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | @@ -177,7 +167,10 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | | initContainers | list | `[]` | | +| install.postgresql | bool | `false` | | | install.vault | bool | `false` | | +| limits.cpu | float | `1.5` | | +| limits.memory | string | `"1024Mi"` | | | livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -197,6 +190,12 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | | podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | | podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | +| postgresql.auth.database | string | `"edc"` | | +| postgresql.auth.password | string | `"password"` | | +| postgresql.auth.username | string | `"user"` | | +| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | +| postgresql.primary.persistence.enabled | bool | `false` | | +| postgresql.readReplicas.persistence.enabled | bool | `false` | | | readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | @@ -204,6 +203,8 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | replicaCount | int | `1` | | +| requests.cpu | string | `"500m"` | | +| requests.memory | string | `"128Mi"` | | | resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | @@ -220,13 +221,14 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | +| token.refresh.expiry_seconds | int | `300` | | +| token.refresh.expiry_tolerance_seconds | int | `10` | | +| token.refresh.refresh_endpoint | string | `nil` | | +| token.signer.privatekey_alias | string | `nil` | | +| token.verifier.publickey_alias | string | `nil` | | | tolerations | list | `[]` | | | url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | -| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api | -| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false | -| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false | -| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false | +| vault | object | `{"azure":{"certificate":null,"client":null,"name":"","secret":null,"tenant":null},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null}}` | Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden | | vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | | vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | | vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index eab5500b..0f4d7833 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -147,10 +147,14 @@ spec: ## VAULT ## ########### + {{- if .Values.vault.azure.client }} - name: "AZURE_CLIENT_ID" value: {{ .Values.vault.azure.client | quote }} + {{- end }} + {{- if .Values.vault.azure.tenant }} - name: "AZURE_TENANT_ID" value: {{ .Values.vault.azure.tenant | quote }} + {{- end }} - name: "EDC_VAULT_NAME" value: {{ .Values.vault.azure.name | quote }} # only set the env var if config value not null diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index b9238d56..2ef27b31 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -365,14 +365,14 @@ agent: # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) deny: 'https?://.*' -# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden +# -- Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden vault: azure: name: "" - client: "" - tenant: "" - secret: - certificate: + client: + tenant: + secret: + certificate: secretNames: # -- sign handed out tokens with this key diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md index 35a3e4c8..69e0e566 100644 --- a/charts/agent-plane/README.md +++ b/charts/agent-plane/README.md @@ -21,12 +21,12 @@ # agent-plane -![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.18--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.18--SNAPSHOT-informational?style=flat-square) +![Version: 1.12.19-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.12.19-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. -This chart is intended for use with an _existing_ HashiCorp Vault. +This chart is intended for use with an _existing_ HashiCorp Vault and Tractusx Connector. **Homepage:** @@ -76,15 +76,16 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | Repository | Name | Version | |------------|------|---------| -| https://helm.releases.hashicorp.com | vault(vault) | 0.20.0 | +| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 15.2.1 | +| https://helm.releases.hashicorp.com | vault(vault) | 0.27.0 | ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | -| agent | object | `{"connectors":[],"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | -| agent.connectors | list | `[]` | The list of remote connector IDS URLs to synchronize with | +| agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | +| agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with | | agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | | agent.maxbatchsize | string | `"9223372036854775807"` | Sets the maximal batch size when delegating to agents and services | | agent.services | object | `{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"}` | A set of configs for regulating outgoing service calls | @@ -115,30 +116,18 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | aws.secretAccessKey | string | `""` | | | configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | | configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | +| connector | string | `""` | Name of the connector deployment | +| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment | +| controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | +| controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | +| controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | | controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | | controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | -| controlplane.ingresses[0].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[0].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[0].enabled | bool | `false` | | -| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | -| controlplane.ingresses[1].annotations | object | `{}` | Additional ingress annotations to add | -| controlplane.ingresses[1].certManager.clusterIssuer | string | `""` | If preset enables certificate generation via cert-manager cluster-wide issuer | -| controlplane.ingresses[1].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer | -| controlplane.ingresses[1].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class) to use | -| controlplane.ingresses[1].enabled | bool | `false` | | -| controlplane.ingresses[1].endpoints | list | `["management","control"]` | EDC endpoints exposed by this ingress resource | -| controlplane.ingresses[1].hostname | string | `"edc-control.intranet"` | The hostname to be used to precisely map incoming traffic onto the underlying network service | -| controlplane.ingresses[1].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource | -| controlplane.ingresses[1].tls.enabled | bool | `false` | Enables TLS on the ingress resource | -| controlplane.ingresses[1].tls.secretName | string | `""` | If present overwrites the default secret name | +| controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | +| controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | +| controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | | customLabels | object | `{}` | To add some custom labels | | debug.enabled | bool | `false` | | | debug.port | int | `1044` | | @@ -146,21 +135,23 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | | endpoints.callback.path | string | `"/callback"` | | | endpoints.callback.port | int | `8087` | | -| endpoints.control.path | string | `"/api/dataplane/control"` | | -| endpoints.control.port | int | `8083` | | | endpoints.default.path | string | `"/api"` | | | endpoints.default.port | int | `8080` | | -| endpoints.metrics.path | string | `"/metrics"` | | -| endpoints.metrics.port | int | `9090` | | -| endpoints.proxy.path | string | `"/proxy"` | | -| endpoints.proxy.port | int | `8186` | | | endpoints.public.path | string | `"/api/public"` | | | endpoints.public.port | int | `8081` | | +| endpoints.signaling.path | string | `"/api/signaling"` | | +| endpoints.signaling.port | int | `8083` | | | env | object | `{}` | | | envConfigMapNames | list | `[]` | | | envSecretNames | list | `[]` | | | envValueFrom | object | `{}` | | | fullnameOverride | string | `""` | | +| iatp.id | string | `"did:web:changeme"` | | +| iatp.sts.dim.url | string | `nil` | | +| iatp.sts.oauth.client.id | string | `nil` | | +| iatp.sts.oauth.client.secret_alias | string | `nil` | | +| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | | image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion | @@ -177,7 +168,10 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | | initContainers | list | `[]` | | +| install.postgresql | bool | `false` | | | install.vault | bool | `false` | | +| limits.cpu | float | `1.5` | | +| limits.memory | string | `"1024Mi"` | | | livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -197,6 +191,12 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | | podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | | podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | +| postgresql.auth.database | string | `"edc"` | | +| postgresql.auth.password | string | `"password"` | | +| postgresql.auth.username | string | `"user"` | | +| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | +| postgresql.primary.persistence.enabled | bool | `false` | | +| postgresql.readReplicas.persistence.enabled | bool | `false` | | | readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | @@ -204,6 +204,8 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | replicaCount | int | `1` | | +| requests.cpu | string | `"500m"` | | +| requests.memory | string | `"128Mi"` | | | resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | | securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | @@ -220,6 +222,11 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.12.19-SNAPSHOT | sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | +| token.refresh.expiry_seconds | int | `300` | | +| token.refresh.expiry_tolerance_seconds | int | `10` | | +| token.refresh.refresh_endpoint | string | `nil` | | +| token.signer.privatekey_alias | string | `nil` | | +| token.verifier.publickey_alias | string | `nil` | | | tolerations | list | `[]` | | | url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | | vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | diff --git a/docs/README.md b/docs/README.md index 71214543..bb42cdba 100644 --- a/docs/README.md +++ b/docs/README.md @@ -49,19 +49,14 @@ using different extensions for ## Connector Setup -The three supported setups are. - -- Setup 1: Pure in Memory & Hashicorp Vault **Not intended for production use!** - - [Control Plane](https://github.com/eclipse-tractusx/edc-controlplane/edc-controlplane-memory-hashicorp-vault/README.md) - - [Agent Plane](../agent-plane/agentplane-hashicorp/README.md) - - [Data Plane](https://github.com/eclipse-tractusx/edc-dataplane/edc-dataplane-hashicorp-vault/README.md) - - [JWT Auth Extension](../common/jwt-auth/README.md) -- Setup 2: PostgreSQL & Azure Vault +The two supported setups are. + +- Setup 1: PostgreSQL & Azure Vault - [Control Plane](https://github.com/eclipse-tractusx/edc-controlplane/edc-controlplane-postgresql-azure-vault/README.md) - [Agent Plane](../agent-plane/agentplane-azure-vault/README.md) - [Data Plane](https://github.com/eclipse-tractusx/edc-dataplane/edc-dataplane-azure-vault/README.md) - [JWT Auth Extension](../common/jwt-auth/README.md) -- Setup 3: PostgreSQL & HashiCorp Vault +- Setup 2: PostgreSQL & HashiCorp Vault - [Control Plane](https://github.com/eclipse-tractusx/edc-controlplane/README.md) - [Agent Plane](../agent-plane/agentplane-hashicorp/README.md) - [Data Plane](https://github.com/eclipse-tractusx/edc-dataplane/edc-dataplane-hashicorp-vault/README.md) @@ -69,126 +64,147 @@ The three supported setups are. ## Helm Deployment -To install a KA-enabled EDC (Setup 1 - Memory & Hashicorp Vault), add the following lines to the dependency section of your Charts.yaml +To install a KA-enabled EDC (Setup 1 - Postgresql & Hashicorp Vault), add the following lines to the dependency section of your Charts.yaml ```yaml dependencies: - - name: agent-connector-memory + - name: tractusx-connector repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.12.19-SNAPSHOT + version: 0.7.0 alias: my-connector -``` - -To install a KA-enabled EDC (Setup 2 -Postgresql & Azure Vault), add the following lines to the dependency section of your Charts.yaml - -```yaml -dependencies: - - - name: agent-connector-azure-vault + - name: agent-plane repository: https://eclipse-tractusx.github.io/charts/dev version: 1.12.19-SNAPSHOT - alias: my-connector + alias: my-agent ``` -To install a KA-enabled EDC (Setup 3 -Postgresql & Hashicorp Vault), add the following lines to the dependency section of your Charts.yaml +To install a KA-enabled EDC (Setup 2 - Postgresql & Azure Vault), add the following lines to the dependency section of your Charts.yaml ```yaml dependencies: - - name: agent-connector + - name: tractusx-connector repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.12.19-SNAPSHOT + version: 0.7.0 alias: my-connector + - name: agent-plane-azure-vault + repository: https://eclipse-tractusx.github.io/charts/dev + version: 1.12.19-SNAPSHOT + alias: my-agent ``` -The configuration in your values.yaml follows the [Tractux-X EDC Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/charts/tractusx-connector/README.md), but provides for several data planes with different source type profiles including special settings for an Agent Plane. -The agent-connector chart is documented [here](charts/agent-connector/README.md). +The configuration in your values.yaml follows the [Tractux-X EDC Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/blob/main/charts/tractusx-connector/README.md). +A few sections can be copied over 1-1 to the agent-plane which we demonstrate in the following. +The agent-plane chart is documented [here](charts/agent-plane/README.md). +The agent-plane-azure-vault chart is documented [here](charts/agent-plane-azure-vault/README.md). ```yaml my-connector: - participant: + fullnameOverride: my-connector + # -- Dataspace Settings + participant: &dataspacesettings id: BPNL0000000DUMMY - nameOverride: my-connector - fullnameOverride: "my-connector" # -- Self-Sovereign Identity Settings - ssi: - miw: - # -- MIW URL - url: *miwUrl - # -- The BPN of the issuer authority - authorityId: *issuerAuthority - oauth: - # -- The URL (of KeyCloak), where access tokens can be obtained - tokenurl: *keyCloakRealm - client: - # -- The client ID for KeyCloak - id: *keyCloakClient - # -- The alias under which the client secret is stored in the vault. - secretAlias: "client-secret": - # -- The Vault Settings can be Azure or Hashicorp - vault: *vaultSettings - # -- The Control plane - controlplane: - ## Ingress declaration to expose the control plane + iatp: &ssisettings + id: *customerDid + trustedIssuers: + - *operatingDid + sts: + dim: + url: *dimUrl + oauth: + token_url: *customerOauth + client: + id: *customerOauthClient + secret_alias: *customerOauthSecret + postgresql: &dbsettings + jdbcUrl: *customerDbUrl + auth: + database: *customerDbName + username: *customerDbUser + password: *customerDbPass + vault: &vaultsettings + azure: *azureVault + hashicorp: *hashicorpVault + controlplane: &consumerControlPlane + endpoints: + management: + authKey: *customerApiKey + bdrs: + server: + url: *bdrsUrl ingresses: - - enabled: true - # -- The hostname to be used to precisely map incoming traffic onto the underlying network service - hostname: "myconnector.public.ip" - # -- EDC endpoints exposed by this ingress resource - endpoints: - - protocol - - management - - control - # -- Enables TLS on the ingress resource - tls: - enabled: true - # -- If you do not have a default cluster issuer - certManager: - issuer: my-cluster-issuer - # -- The Data planes - dataplanes: - # -- Default data plane is already an agent plane (has the agent section non-empty) - dataplane: - # -- Additional or default resources - configs: - # -- Overides the default dataspace.ttl to include all important BPNs and connectors - dataspace.ttl: |- - ################################################ - # Agent Bootstrap Graph - ################################################ - @prefix cx-common: . - @prefix bpnl: . - @prefix : . - @base . - - bpnl:BPNL0000000DUMMY cx-common:hasConnector . - bpnl:BPNL0000000DUMM2 cx-common:hasConnector . - # -- Agent configuration (if non-zero its an agent plane) - agent: - # -- Maximal number of tuples processed in one sub-query - maxbatchsize: 8 - # -- Number of seconds between synchronization runs - synchronization: 60000 - # -- URLs of the remote connectors to synchronize the catalogue with - connectors: - - https://otherconnector.public.ip - ## Ingress declaration to expose data plane - ingresses: - - enabled: true - hostname: "myagent.public.ip" - # -- EDC endpoints exposed by this ingress resource - endpoints: - - public - - default - - control - - callback - # -- Enables TLS on the ingress resource - tls: - enabled: true - # -- If you do not have a default cluster issuer - certManager: - issuer: my-cluster-issuer + - enabled: true + hostname: my-connector-cp.domain + endpoints: + - protocol + - management + - api + tls: + enabled: true + certManager: + clusterIssuer: *clusterIssuer + env: + EDC_DATAPLANE_SELECTOR_AGENTPLANE_URL: http:/my-agent-agentplane:8083/api/signaling/v1/dataflows + EDC_DATAPLANE_SELECTOR_AGENTPLANE_SOURCETYPES: cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL + EDC_DATAPLANE_SELECTOR_AGENTPLANE_TRANSFERTYPES: HttpData-PULL + EDC_DATAPLANE_SELECTOR_AGENTPLANE_DESTINATIONTYPES: HttpProxy + EDC_DATAPLANE_SELECTOR_AGENTPLANE_PROPERTIES: '{ "publicApiUrl": "https://my-agent.domain/api/public/" }' + EDC_IAM_TRUSTED-ISSUER_0-ISSUER_ID: *operatorDid + dataplane: + token: &tokensettings + env: + EDC_IAM_TRUSTED-ISSUER_0-ISSUER_ID: *operatorDid + +my-agent: + fullnameOverride: my-agent + participant: *dataspacesettings + iatp: *ssisettings + postgresql: *dbsettings + vault: *vaultsettings + connector: my-connector + controlplane: *consumerControlPlane + token: *tokensettings + auth: {} + ingresses: + - enabled: true + hostname: my-agent.domain + endpoints: + - public + - default + tls: + enabled: true + certManager: + clusterIssuer: *clusterIssuer + configs: + # -- An example of an empty graph in ttl syntax + dataspace.ttl: | + ################################################################# + # Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT + ################################################################# + @prefix : . + @prefix cx-common: . + @prefix owl: . + @prefix rdf: . + @prefix xml: . + @prefix json: . + @prefix xsd: . + @prefix rdfs: . + @prefix bpnl: . + @prefix bpns: . + @base . + + bpnl:BPNL000000000OEM cx-common:id "BPNL000000000OEM"^^xsd:string; + cx-common:hasConnector . + agent: + synchronization: 360000 + connectors: + BPNL000000000OEM: https://partner-connector-cp.partner-domain + BPNL0000000DUMMY: https://my-connector-cp.domain + services: + # -- A regular expression which outgoing service URLs must match (unless overwritten by a specific asset property) + allow: '(https|(edcs?))://.*' ``` ## Recommended Documentation @@ -213,6 +229,6 @@ my-connector: This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0). - SPDX-License-Identifier: Apache-2.0 -- SPDX-FileCopyrightText: 2022,2023 T-Systems International GmbH -- SPDX-FileCopyrightText: 2022,2023 Contributors to the Eclipse Foundation +- SPDX-FileCopyrightText: 2022,2024 T-Systems International GmbH +- SPDX-FileCopyrightText: 2022,2024 Contributors to the Eclipse Foundation - Source URL: https://github.com/eclipse-tractusx/knowledge-agents-edc \ No newline at end of file From 2a3b7ace1b850d59ec83e1c577e47b93a9506ab8 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 18 May 2024 09:52:58 +0200 Subject: [PATCH 61/62] fix: make ct install use the default values --- charts/agent-plane-azure-vault/ci/integration-values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 88203c18..4e733ada 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -39,9 +39,9 @@ controlplane: vault: azure: name: "AZURE_NAME" - tenant: "AZURE_TENANT" - client: "AZURE_CLIENT" - secret: "AZURE_SECRET" + tenant: "" + client: "" + secret: "" hashicorp: url: "https://vault.demo" token: "VAULT_TOKEN" From b94e1d555275ed1b45c3f2928b939c3639408bea Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Sat, 18 May 2024 09:58:37 +0200 Subject: [PATCH 62/62] fix: yaml lint --- charts/agent-plane-azure-vault/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index 2ef27b31..40d297e1 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -369,10 +369,10 @@ agent: vault: azure: name: "" - client: - tenant: - secret: - certificate: + client: + tenant: + secret: + certificate: secretNames: # -- sign handed out tokens with this key