diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..62eb40843
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+ # maintain dependencies for GitHub actions
+ - package-ecosystem: "github-actions"
+ directory: "/"
+ schedule:
+ interval: "monday"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ - "github_actions"
+
+ # maintain dependencies for Gradle
+ - package-ecosystem: "gradle" # checks build.gradle(.kts) and settings.gradle(.kts)
+ directory: "/"
+ schedule:
+ interval: "daily"
+ open-pull-requests-limit: 5
+ labels:
+ - "dependencies"
+ - "java"
\ No newline at end of file
diff --git a/.github/workflows/chart-lint.yml b/.github/workflows/chart-lint.yml
index c79eb4d4b..231819947 100644
--- a/.github/workflows/chart-lint.yml
+++ b/.github/workflows/chart-lint.yml
@@ -1,57 +1,68 @@
-name: Lint and Test Charts
-
-# Run chart linting and tests on each pull request
-on:
- pull_request:
- paths:
- - 'charts/**'
-
-jobs:
- lint-test:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout
- uses: actions/checkout@v2
- with:
- fetch-depth: 0
-
- - name: Set up Helm
- uses: azure/setup-helm@v1
- with:
- version: v3.9.3
-
- - name: Add Helm repos
- run: |
- cd charts/managed-identity-wallet
- helm repo add bitnami https://charts.bitnami.com/bitnami
- helm dependency update
-
- # Setup python as a prerequisite for chart linting
- - uses: actions/setup-python@v2
- with:
- python-version: 3.7
-
- - name: Set up chart-testing
- uses: helm/chart-testing-action@v2.3.1
-
- - name: Run chart-testing (list-changed)
- id: list-changed
- run: |
- changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
- if [[ -n "$changed" ]]; then
- echo "::set-output name=changed::true"
- fi
- # run chart linting
- - name: Run chart-testing (lint)
- run: ct lint --target-branch ${{ github.event.repository.default_branch }} --config charts/chart-testing-config.yaml
-
- # Preparing a kind cluster to install and test charts on
- - name: Create kind cluster
- uses: helm/kind-action@v1.4.0
- if: steps.list-changed.outputs.changed == 'true'
-
- # install the chart to the kind cluster and run helm test
- # define charts to test with the --charts parameter
- - name: Run chart-testing (install)
- run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml
- if: steps.list-changed.outputs.changed == 'true'
+# name: Lint and Test Charts
+
+# # Run chart linting and tests on each pull request
+# on:
+# pull_request:
+# paths:
+# - 'charts/**'
+
+# jobs:
+# chart-lint:
+# runs-on: ubuntu-latest
+# steps:
+# - name: Checkout
+# uses: actions/checkout@v2
+# with:
+# fetch-depth: 0
+
+# - name: Set up Helm
+# uses: azure/setup-helm@v3
+# with:
+# version: v3.11.3
+
+# - name: Update Helm dependencies
+# run: |
+# cd charts/managed-identity-wallet
+# helm dependency update
+
+# - name: Install Helm unittest plugin
+# run: |
+# helm plugin install https://github.com/helm-unittest/helm-unittest.git
+
+# # Setup python as a prerequisite for chart linting
+# - uses: actions/setup-python@v2
+# with:
+# python-version: 3.7
+
+# - name: Set up chart-testing
+# uses: helm/chart-testing-action@v2.3.1
+
+# - name: Install Task
+# uses: arduino/setup-task@v1
+
+# - name: Run chart-testing (list-changed)
+# id: list-changed
+# run: |
+# changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+# if [[ -n "$changed" ]]; then
+# echo "::set-output name=changed::true"
+# fi
+
+# # run chart linting
+# - name: Run chart-testing (lint)
+# run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet
+
+# # run chart unittest
+# - name: Run Helm unittests
+# run: task helm:unittest
+
+# # Preparing a kind cluster to install and test charts on
+# - name: Create kind cluster
+# uses: helm/kind-action@v1.7.0
+# if: steps.list-changed.outputs.changed == 'true'
+
+# # install the chart to the kind cluster and run helm test
+# # define charts to test with the --charts parameter
+# - name: Run chart-testing (install)
+# run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml
+# if: steps.list-changed.outputs.changed == 'true'
diff --git a/.github/workflows/initdb.yml b/.github/workflows/initdb.yml
deleted file mode 100644
index e12cc9334..000000000
--- a/.github/workflows/initdb.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-name: MIW Init DB
-
-on:
- push:
- paths:
- # this workflow file
- - '.github/workflows/initdb.yml'
- # Docker files
- - 'docker/Dockerfile.import'
- # sqls
- - 'initdb/**'
- branches:
- - main
- workflow_dispatch:
-
-jobs:
- build:
- # name of the job starts with a "run-level" subordinate to the workflow such that we can
- # depend on them in order to implement workflow dependencies
- name: miw-initdb image built
- runs-on: ubuntu-latest
- # rely on the first job
- env:
- REGISTRY: ghcr.io
- IMAGE_NAME: ${{ github.repository }}_initdb
-
- steps:
- # Get the latest sources
- - name: Checkout
- uses: actions/checkout@v3
-
- - name: Login to GitHub Container Registry
- uses: docker/login-action@v1
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - uses: madhead/read-java-properties@latest
- id: version
- with:
- file: gradle.properties
- property: version
- default: 0.0.1
-
- - name: Set App Version
- run: echo "APP_VERSION=${{ steps.version.outputs.value }}" >> $GITHUB_ENV
-
- - name: Extract Metadata (tags, labels) for Docker
- id: meta
- uses: docker/metadata-action@v3
- with:
- images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
- - name: 'Build and push initdb Docker image'
- uses: docker/build-push-action@v2
- with:
- context: .
- file: docker/Dockerfile.import
- push: true
- tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}
- labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index 43a397671..666784aa9 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -20,13 +20,14 @@ name: "KICS"
on:
push:
- branches: [main, master, develop]
- # pull_request:
+ branches: [main, development]
+ pull_request:
# The branches below must be a subset of the branches above
- # branches: [main, master]
- # paths-ignore:
- # - "**/*.md"
- # - "**/*.txt"
+ branches: [main, development]
+ paths:
+ - "charts/managed-identity-wallet/**"
+ - "dev-assets/docker-environment/**"
+ - "docs/**"
schedule:
- cron: "0 0 * * *"
@@ -43,10 +44,10 @@ jobs:
- uses: actions/checkout@v3
- name: KICS scan
- uses: checkmarx/kics-github-action@master
+ uses: checkmarx/kics-github-action@v1.7.0
with:
# Scanning directory .
- path: "."
+ path: "charts/managed-identity-wallet,dev-assets/docker-environment,docs"
# Fail on HIGH severity results
fail_on: high
# Disable secrets detection - we use GitGuardian
@@ -63,7 +64,6 @@ jobs:
# GITHUB_TOKEN enables this github action to access github API and post comments in a pull request
# token: ${{ secrets.GITHUB_TOKEN }}
# enable_comments: true
- exclude_paths: "docs/openapi_v330.json"
# Upload findings to GitHub Advanced Security Dashboard
- name: Upload SARIF file for GitHub Advanced Security Dashboard
diff --git a/.github/workflows/service-build.yaml b/.github/workflows/service-build.yaml
deleted file mode 100644
index dbc30cda4..000000000
--- a/.github/workflows/service-build.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-name: Build images and push as GitHub Package
-
-on:
- push:
- branches: [ develop, main ]
- workflow_dispatch:
-
-env:
- REGISTRY: ghcr.io
- IMAGE_NAME: ${{ github.repository }}_miw_service
-
-jobs:
- build-and-push-image:
- runs-on: ubuntu-22.04
- permissions:
- contents: read
- packages: write
-
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- - uses: madhead/read-java-properties@latest
- id: version
- with:
- file: gradle.properties
- property: applicationVersion
- default: 0.0.1
-
- - name: Set App Version
- run: echo "APP_VERSION=${{ steps.version.outputs.value }}" >> $GITHUB_ENV
-
- - name: Set outputs
- id: vars
- run: |
- echo "::set-output name=sha_short::$(git rev-parse --short HEAD)"
- echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
-
- - name: Show version
- run: echo ${APP_VERSION}.${SHORT_SHA}
-
- - name: Set optional tag suffix
- if: github.ref != 'refs/heads/main'
- run: echo "TAG_SUFFIX=-${GITHUB_REF##*/}" >> $GITHUB_ENV
-
- - name: Show tag
- run: echo tag=latest${{ env.TAG_SUFFIX }}
-
- - name: Login to GitHub Container Registry
- if: ${{ !env.ACT }}
- uses: docker/login-action@v1
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Extract Metadata (tags, labels) for Docker
- if: ${{ !env.ACT }}
- id: meta
- uses: docker/metadata-action@v3
- with:
- images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
-
- - name: Set up JDK 17
- uses: actions/setup-java@v1
- with:
- java-version: 17
-
- - name: Build with Gradle
- uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
- with:
- arguments: build -PgithubToken=${{ secrets.GITHUB_TOKEN }}
-
-# - name: Create dist
-# uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
-# with:
-# arguments: installDist
-
- - name: Veracode Upload And Scan
- uses: veracode/veracode-uploadandscan-action@0.2.1
- continue-on-error: true
- with:
- appname: 'project-managed-identity-wallets'
- createprofile: false
- filepath: 'build/libs/*' # add filepath for upload
- vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret
- vkey: '${{ secrets.ORG_VERACODE_API_KEY }}' #reference to API Key in github, which is set as github or. secret
- include: 'build/libs/miw-latest.jar'
-
- - name: Build and push Docker image
- uses: docker/build-push-action@v2
- with:
- context: .
- push: true
- tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest${{ env.TAG_SUFFIX }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}.${{ env.SHORT_SHA }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.APP_VERSION }}${{ env.TAG_SUFFIX }}
- labels: ${{ steps.meta.outputs.labels }}
\ No newline at end of file
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index f4c19c311..620009aee 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -23,7 +23,7 @@ name: "Trivy"
on:
push:
- branches: [main, develop]
+ branches: [main, development]
# pull_request:
# The branches below must be a subset of the branches above
# branches: [ main, develop ]
@@ -49,7 +49,7 @@ jobs:
uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner in repo mode
- uses: aquasecurity/trivy-action@master
+ uses: aquasecurity/trivy-action@0.11.2
with:
scan-type: "config"
# ignore-unfixed: true
@@ -64,71 +64,71 @@ jobs:
if: always()
with:
sarif_file: "trivy-results1.sarif"
-
- analyze-managed-identity-wallets-service:
- runs-on: ubuntu-latest
- if: github.ref == 'refs/heads/main'
- permissions:
- actions: read
- contents: read
- security-events: write
-
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- # It's also possible to scan your private registry with Trivy's built-in image scan.
- # All you have to do is set ENV vars.
- # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
- # You don't need to set ENV vars when downloading from a public repository.
- # For public images, no ENV vars must be set.
- - name: Run Trivy vulnerability scanner
- if: always()
- uses: aquasecurity/trivy-action@master
- with:
- # Path to Docker image
- image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest"
- format: "sarif"
- output: "trivy-results3.sarif"
- exit-code: "1"
- severity: "CRITICAL,HIGH"
-
- - name: Upload Trivy scan results to GitHub Security tab
- if: always()
- uses: github/codeql-action/upload-sarif@v2
- with:
- sarif_file: "trivy-results3.sarif"
-
- analyze-managed-identity-wallets-service-develop:
- runs-on: ubuntu-latest
- if: github.ref == 'refs/heads/develop'
- permissions:
- actions: read
- contents: read
- security-events: write
-
- steps:
- - name: Checkout repository
- uses: actions/checkout@v3
-
- # It's also possible to scan your private registry with Trivy's built-in image scan.
- # All you have to do is set ENV vars.
- # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
- # You don't need to set ENV vars when downloading from a public repository.
- # For public images, no ENV vars must be set.
- - name: Run Trivy vulnerability scanner
- if: always()
- uses: aquasecurity/trivy-action@master
- with:
- # Path to Docker image
- image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest-develop"
- format: "sarif"
- output: "trivy-results3.sarif"
- exit-code: "1"
- severity: "CRITICAL,HIGH"
-
- - name: Upload Trivy scan results to GitHub Security tab
- if: always()
- uses: github/codeql-action/upload-sarif@v2
- with:
- sarif_file: "trivy-results3.sarif"
+#
+# analyze-managed-identity-wallet-service:
+# runs-on: ubuntu-latest
+# if: github.ref == 'refs/heads/main'
+# permissions:
+# actions: read
+# contents: read
+# security-events: write
+#
+# steps:
+# - name: Checkout repository
+# uses: actions/checkout@v3
+#
+# # It's also possible to scan your private registry with Trivy's built-in image scan.
+# # All you have to do is set ENV vars.
+# # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
+# # You don't need to set ENV vars when downloading from a public repository.
+# # For public images, no ENV vars must be set.
+# - name: Run Trivy vulnerability scanner
+# if: always()
+# uses: aquasecurity/trivy-action@0.11.2
+# with:
+# # Path to Docker image
+# image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest"
+# format: "sarif"
+# output: "trivy-results3.sarif"
+# exit-code: "1"
+# severity: "CRITICAL,HIGH"
+#
+# - name: Upload Trivy scan results to GitHub Security tab
+# if: always()
+# uses: github/codeql-action/upload-sarif@v2
+# with:
+# sarif_file: "trivy-results3.sarif"
+#
+# analyze-managed-identity-wallet-service-development:
+# runs-on: ubuntu-latest
+# if: github.ref == 'refs/heads/development'
+# permissions:
+# actions: read
+# contents: read
+# security-events: write
+#
+# steps:
+# - name: Checkout repository
+# uses: actions/checkout@v3
+#
+# # It's also possible to scan your private registry with Trivy's built-in image scan.
+# # All you have to do is set ENV vars.
+# # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD.
+# # You don't need to set ENV vars when downloading from a public repository.
+# # For public images, no ENV vars must be set.
+# - name: Run Trivy vulnerability scanner
+# if: always()
+# uses: aquasecurity/trivy-action@0.11.2
+# with:
+# # Path to Docker image
+# image-ref: "ghcr.io/catenax-ng/tx-managed-identity-wallets_service:latest-develop"
+# format: "sarif"
+# output: "trivy-results3.sarif"
+# exit-code: "1"
+# severity: "CRITICAL,HIGH"
+#
+# - name: Upload Trivy scan results to GitHub Security tab
+# if: always()
+# uses: github/codeql-action/upload-sarif@v2
+# with:
+# sarif_file: "trivy-results3.sarif"
diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml
index 80b22d649..431bccda2 100644
--- a/.github/workflows/veracode.yaml
+++ b/.github/workflows/veracode.yaml
@@ -62,20 +62,14 @@ jobs:
- name: Build with Gradle
uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
with:
- arguments: build
-
- - name: Create dist
- uses: gradle/gradle-build-action@4137be6a8bf7d7133955359dbd952c0ca73b1021
- with:
- arguments: installDist
+ arguments: build -PgithubToken=${{ secrets.GITHUB_TOKEN }}
- name: Veracode Upload And Scan
uses: veracode/veracode-uploadandscan-action@0.2.1
continue-on-error: true
with:
- appname: 'project-managed-identity-wallets'
+ appname: 'project-managed-identity-wallet'
createprofile: false
- filepath: 'build/install/org.eclipse.tractusx.managedidentitywallets/lib/*' # add filepath for upload
+ filepath: 'build/libs/miw-latest.jar' # add filepath for upload
vid: '${{ secrets.ORG_VERACODE_API_ID }}' # reference to API ID, which is set as github org. secret
vkey: '${{ secrets.ORG_VERACODE_API_KEY }}' #reference to API Key in github, which is set as github or. secret
- include: 'build/install/org.eclipse.tractusx.managedidentitywallets/lib/org.eclipse.tractusx.managedidentitywallets-*jar'
diff --git a/DEPENDENCIES b/DEPENDENCIES
index ab042bcdf..4f1080cc3 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -1,5 +1,5 @@
-maven/mavencentral/ch.qos.logback/logback-classic/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3435
-maven/mavencentral/ch.qos.logback/logback-core/1.4.7, EPL-1.0 OR LGPL-2.1-only, approved, #3373
+maven/mavencentral/ch.qos.logback/logback-classic/1.4.8, EPL-1.0 OR LGPL-2.1-only, approved, #3435
+maven/mavencentral/ch.qos.logback/logback-core/1.4.8, EPL-1.0 OR LGPL-2.1-only, approved, #3373
maven/mavencentral/com.apicatalog/titanium-json-ld/1.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.apicatalog/titanium-json-ld/1.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.danubetech/key-formats-java/1.2.0, Apache-2.0, approved, #3467
@@ -7,21 +7,25 @@ maven/mavencentral/com.danubetech/verifiable-credentials-java/1.0.0, Apache-2.0,
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.10.3, Apache-2.0, approved, CQ21280
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.12.6, Apache-2.0, approved, CQ23844
maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.14.2, Apache-2.0, approved, #5303
+maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.15.2, Apache-2.0, approved, #7947
maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.12.6, Apache-2.0, approved, CQ23845
-maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.14.2, Apache-2.0 AND MIT, approved, #4303
+maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.15.2, MIT AND Apache-2.0, approved, #7932
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.0, Apache-2.0, approved, CQ23093
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.11.1, Apache-2.0, approved, CQ23093
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.12.6.1, Apache-2.0, approved, CQ23725
maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.14.2, Apache-2.0, approved, #4105
+maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.15.2, Apache-2.0, approved, #7934
maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.14.2, Apache-2.0, approved, #5933
-maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.14.2, Apache-2.0, approved, #8597
+maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.15.2, Apache-2.0, approved, #8802
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jdk8/2.15.2, Apache-2.0, approved, #8808
maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.14.2, Apache-2.0, approved, #4699
-maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/2.14.2, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.15.2, Apache-2.0, approved, #7930
+maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base/2.15.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.12.6, Apache-2.0, approved, CQ23848
-maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.14.2, Apache-2.0, approved, #8371
-maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/2.14.2, Apache-2.0, approved, #8162
-maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.14.2, Apache-2.0, approved, #5938
-maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.14.2, Apache-2.0, approved, #7931
+maven/mavencentral/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider/2.15.2, Apache-2.0, approved, #9101
+maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jaxb-annotations/2.15.2, Apache-2.0, approved, #9100
+maven/mavencentral/com.fasterxml.jackson.module/jackson-module-parameter-names/2.15.2, Apache-2.0, approved, #8803
+maven/mavencentral/com.fasterxml.jackson/jackson-bom/2.15.2, Apache-2.0, approved, #7929
maven/mavencentral/com.fasterxml/classmate/1.5.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.github.dasniko/testcontainers-keycloak/2.5.0, Apache-2.0, approved, #9175
maven/mavencentral/com.github.docker-java/docker-java-api/3.3.0, Apache-2.0, approved, clearlydefined
@@ -50,16 +54,17 @@ maven/mavencentral/com.google.http-client/google-http-client/1.43.1, Apache-2.0,
maven/mavencentral/com.google.j2objc/j2objc-annotations/1.3, Apache-2.0, approved, CQ21195
maven/mavencentral/com.google.protobuf/protobuf-java/3.19.6, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/com.google.protobuf/protobuf-java/3.6.1, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/com.h2database/h2/2.2.220, (EPL-1.0 OR MPL-2.0) AND (LGPL-3.0-or-later OR EPL-1.0 OR MPL-2.0), approved, #9322
maven/mavencentral/com.ibm.async/asyncutil/0.1.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.jayway.jsonpath/json-path/2.7.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.24.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.jayway.jsonpath/json-path/2.8.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.31, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.9, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.opencsv/opencsv/5.7.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.smartsensesolutions/commons-dao/0.0.5, Apache-2.0, approved, #9176
maven/mavencentral/com.squareup.okhttp3/okhttp/3.12.8, Apache-2.0, approved, CQ19549
maven/mavencentral/com.squareup.okio/okio-jvm/3.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/com.sun.activation/jakarta.activation/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
-maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.1, BSD-3-Clause, approved, #2590
+maven/mavencentral/com.sun.istack/istack-commons-runtime/4.1.2, BSD-3-Clause, approved, #2590
maven/mavencentral/com.sun.mail/jakarta.mail/1.6.5, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, ee4j.mail
maven/mavencentral/com.vaadin.external.google/android-json/0.0.20131108.vaadin1, Apache-2.0, approved, CQ21310
maven/mavencentral/com.zaxxer/HikariCP/5.0.1, Apache-2.0, approved, clearlydefined
@@ -67,19 +72,23 @@ maven/mavencentral/commons-codec/commons-codec/1.11, Apache-2.0 AND BSD-3-Clause
maven/mavencentral/commons-codec/commons-codec/1.14, Apache-2.0, approved, clearlydefined
maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause AND LicenseRef-Public-Domain, approved, CQ22641
maven/mavencentral/commons-fileupload/commons-fileupload/1.4, Apache-2.0, approved, clearlydefined
+maven/mavencentral/commons-fileupload/commons-fileupload/1.5, Apache-2.0, approved, #7109
+maven/mavencentral/commons-io/commons-io/2.11.0, Apache-2.0, approved, CQ23745
maven/mavencentral/commons-io/commons-io/2.4, Apache-1.1, approved, CQ9218
maven/mavencentral/commons-io/commons-io/2.9.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/commons-logging/commons-logging/1.2, Apache-2.0, approved, CQ10162
maven/mavencentral/decentralized-identity/jsonld-common-java/1.0.0, Apache-2.0, approved, #3108
maven/mavencentral/info.weboftrust/ld-signatures-java/1.0.0, Apache-2.0, approved, #3463
maven/mavencentral/io.github.erdtman/java-json-canonicalization/1.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.github.openfeign.form/feign-form-spring/3.8.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.github.openfeign.form/feign-form/3.8.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.github.openfeign/feign-core/12.1, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.github.openfeign/feign-slf4j/12.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.github.openfeign/feign-core/12.3, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.github.openfeign/feign-slf4j/12.3, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.grpc/grpc-context/1.27.2, Apache-2.0, approved, clearlydefined
-maven/mavencentral/io.micrometer/micrometer-commons/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #7333
-maven/mavencentral/io.micrometer/micrometer-core/1.10.6, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #6977
-maven/mavencentral/io.micrometer/micrometer-observation/1.10.6, Apache-2.0, approved, #7331
+maven/mavencentral/io.micrometer/micrometer-commons/1.11.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9243
+maven/mavencentral/io.micrometer/micrometer-core/1.11.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #9238
+maven/mavencentral/io.micrometer/micrometer-observation/1.10.8, Apache-2.0, approved, #7331
+maven/mavencentral/io.micrometer/micrometer-observation/1.11.1, Apache-2.0, approved, #9242
maven/mavencentral/io.opencensus/opencensus-api/0.31.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.opencensus/opencensus-contrib-http-util/0.31.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.quarkus/quarkus-junit4-mock/2.13.7.Final, Apache-2.0, approved, clearlydefined
@@ -92,40 +101,41 @@ maven/mavencentral/io.smallrye.common/smallrye-common-function/1.6.0, Apache-2.0
maven/mavencentral/io.smallrye.config/smallrye-config-common/2.3.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.smallrye.config/smallrye-config-core/2.3.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.smallrye.config/smallrye-config/2.3.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/io.smallrye/jandex/3.0.5, Apache-2.0, approved, clearlydefined
maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.9, Apache-2.0, approved, #5947
maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.9, Apache-2.0, approved, #5929
maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.9, Apache-2.0, approved, #5919
maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.activation/jakarta.activation-api/1.2.2, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
-maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.1, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
+maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.2, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf
maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca
-maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/jakarta.persistence/jakarta.persistence-api/3.0.0, EPL-2.0 OR BSD-3-Clause AND (EPL-2.0 OR BSD-3-Clause AND BSD-3-Clause), approved, #9177
-maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7697
+maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/jakarta.persistence/jakarta.persistence-api/3.1.0, EPL-2.0 OR BSD-3-Clause AND (EPL-2.0 OR BSD-3-Clause AND BSD-3-Clause), approved, #7696
+maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.1, EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, #7697
maven/mavencentral/jakarta.validation/jakarta.validation-api/2.0.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.0, BSD-3-Clause, approved, ee4j.jaxb
-maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, approved, ee4j.jaxb
maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/4.0.0, BSD-3-Clause, approved, ee4j.jaxb
maven/mavencentral/javax.activation/javax.activation-api/1.2.0, (CDDL-1.1 OR GPL-2.0 WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ18740
maven/mavencentral/javax.xml.bind/jaxb-api/2.3.1, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ16911
maven/mavencentral/joda-time/joda-time/2.12.5, Apache-2.0, approved, clearlydefined
maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636
maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.12.16, Apache-2.0, approved, #1810
-maven/mavencentral/net.bytebuddy/byte-buddy/1.12.10, Apache-2.0 AND BSD-3-Clause, approved, #1811
maven/mavencentral/net.bytebuddy/byte-buddy/1.12.16, Apache-2.0 AND BSD-3-Clause, approved, #1811
maven/mavencentral/net.bytebuddy/byte-buddy/1.12.18, Apache-2.0 AND BSD-3-Clause, approved, #1811
+maven/mavencentral/net.bytebuddy/byte-buddy/1.12.21, Apache-2.0 AND BSD-3-Clause, approved, #1811
maven/mavencentral/net.i2p.crypto/eddsa/0.3.0, CC0-1.0, approved, CQ22537
maven/mavencentral/net.java.dev.jna/jna/5.12.1, Apache-2.0 OR LGPL-2.1-or-later, approved, #3217
maven/mavencentral/net.jcip/jcip-annotations/1.0, CC-BY-2.5, approved, clearlydefined
-maven/mavencentral/net.minidev/accessors-smart/2.4.9, Apache-2.0, approved, #7515
-maven/mavencentral/net.minidev/json-smart/2.4.7, Apache-2.0, approved, #3288
+maven/mavencentral/net.minidev/accessors-smart/2.4.11, Apache-2.0, approved, #7515
+maven/mavencentral/net.minidev/json-smart/2.4.10, Apache-2.0, approved, #3288
+maven/mavencentral/net.minidev/json-smart/2.4.11, Apache-2.0, approved, #3288
maven/mavencentral/org.abstractj.kalium/kalium/0.8.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.antlr/antlr4-runtime/4.10.1, BSD-3-Clause AND LicenseRef-Public-domain AND MIT AND LicenseRef-Unicode-TOU, approved, #7065
maven/mavencentral/org.apache.commons/commons-collections4/4.4, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.apache.commons/commons-compress/1.22, Apache-2.0 AND BSD-3-Clause, approved, #4299
+maven/mavencentral/org.apache.commons/commons-compress/1.23.0, Apache-2.0 AND BSD-3-Clause, approved, #7506
maven/mavencentral/org.apache.commons/commons-lang3/3.12.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.commons/commons-text/1.10.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.13, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527
@@ -134,14 +144,14 @@ maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approv
maven/mavencentral/org.apache.james/apache-mime4j-core/0.8.3, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.apache.james/apache-mime4j-dom/0.8.3, Apache-2.0, approved, #2340
maven/mavencentral/org.apache.james/apache-mime4j-storage/0.8.3, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.apache.logging.log4j/log4j-api/2.19.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.19.0, Apache-2.0, approved, #5941
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.8, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.8, Apache-2.0, approved, #6997
-maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.8, Apache-2.0, approved, #7920
+maven/mavencentral/org.apache.logging.log4j/log4j-api/2.20.0, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.apache.logging.log4j/log4j-to-slf4j/2.20.0, Apache-2.0, approved, #8799
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.10, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND (CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0) AND W3C AND CC0-1.0, approved, #5949
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.10, Apache-2.0, approved, #6997
+maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.10, Apache-2.0, approved, #7920
maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, EPL-1.0, approved, tools.aspectj
-maven/mavencentral/org.assertj/assertj-core/3.23.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161
maven/mavencentral/org.bitcoinj/bitcoinj-core/0.15.10, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlydefined
maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.69, MIT, approved, clearlydefined
@@ -149,25 +159,25 @@ maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712
maven/mavencentral/org.bouncycastle/bcprov-jdk15to18/1.68, MIT, approved, #3464
maven/mavencentral/org.bouncycastle/bcutil-jdk15on/1.69, MIT, approved, clearlydefined
maven/mavencentral/org.checkerframework/checker-compat-qual/2.5.5, MIT, approved, clearlydefined
-maven/mavencentral/org.checkerframework/checker-qual/3.5.0, MIT, approved, clearlydefined
-maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.2, BSD-3-Clause, approved, ee4j.jaxb
+maven/mavencentral/org.checkerframework/checker-qual/3.31.0, MIT, approved, clearlydefined
+maven/mavencentral/org.glassfish.jaxb/jaxb-core/4.0.3, BSD-3-Clause, approved, ee4j.jaxb
maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/2.3.3-b02, BSD-3-Clause, approved, ee4j.jaxb
-maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/3.0.2, BSD-3-Clause, approved, ee4j.jaxb
-maven/mavencentral/org.glassfish.jaxb/txw2/4.0.2, BSD-3-Clause, approved, ee4j.jaxb
+maven/mavencentral/org.glassfish.jaxb/jaxb-runtime/4.0.2, BSD-3-Clause, approved, ee4j.jaxb
+maven/mavencentral/org.glassfish.jaxb/txw2/4.0.3, BSD-3-Clause, approved, ee4j.jaxb
maven/mavencentral/org.glassfish/jakarta.json/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp
maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429
maven/mavencentral/org.hamcrest/hamcrest/2.2, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192
maven/mavencentral/org.hibernate.common/hibernate-commons-annotations/6.0.6.Final, LGPL-2.1-only, approved, #6962
-maven/mavencentral/org.hibernate.orm/hibernate-core/6.1.7.Final, LGPL-2.1-or-later AND (Apache-2.0 AND LGPL-2.1-only) AND (CC-PDDC AND LGPL-2.1-only) AND (EPL-2.0 OR BSD-3-Clause), approved, #5939
+maven/mavencentral/org.hibernate.orm/hibernate-core/6.2.5.Final, LGPL-2.1-only AND Apache-2.0 AND MIT AND CC-PDDC AND (EPL-2.0 OR BSD-3-Clause), approved, #9121
maven/mavencentral/org.hibernate.validator/hibernate-validator/8.0.0.Final, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.8, EPL-2.0, approved, CQ23285
-maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.8, EPL-2.0, approved, #1068
-maven/mavencentral/org.jacoco/org.jacoco.core/0.8.8, EPL-2.0, approved, CQ23283
-maven/mavencentral/org.jacoco/org.jacoco.report/0.8.8, EPL-2.0 AND Apache-2.0, approved, CQ23284
+maven/mavencentral/org.jacoco/org.jacoco.agent/0.8.9, EPL-2.0, approved, CQ23285
+maven/mavencentral/org.jacoco/org.jacoco.ant/0.8.9, EPL-2.0, approved, #1068
+maven/mavencentral/org.jacoco/org.jacoco.core/0.8.9, EPL-2.0, approved, CQ23283
+maven/mavencentral/org.jacoco/org.jacoco.report/0.8.9, EPL-2.0 AND Apache-2.0, approved, CQ23284
maven/mavencentral/org.jboss.logging/jboss-logging/3.4.1.Final, Apache-2.0, approved, CQ21255
maven/mavencentral/org.jboss.logging/jboss-logging/3.4.2.Final, Apache-2.0, approved, CQ21255
-maven/mavencentral/org.jboss.logging/jboss-logging/3.4.3.Final, Apache-2.0, approved, CQ21255
+maven/mavencentral/org.jboss.logging/jboss-logging/3.5.0.Final, Apache-2.0, approved, #9471
maven/mavencentral/org.jboss.resteasy/resteasy-client-api/4.7.7.Final, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jboss.resteasy/resteasy-client/4.7.7.Final, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jboss.resteasy/resteasy-core-spi/4.7.7.Final, Apache-2.0, approved, clearlydefined
@@ -181,44 +191,44 @@ maven/mavencentral/org.jboss.shrinkwrap/shrinkwrap-spi/1.2.6, Apache-2.0, approv
maven/mavencentral/org.jboss.spec.javax.annotation/jboss-annotations-api_1.3_spec/2.0.1.Final, EPL-2.0 or GPL-2.0-only WITH Classpath-exception-2.0, approved, #1805
maven/mavencentral/org.jboss.spec.javax.ws.rs/jboss-jaxrs-api_2.1_spec/2.0.1.Final, Apache-2.0 AND (EPL-2.0 OR GPL-2.0-only WITH Classpath-exception-2.0), approved, #2124
maven/mavencentral/org.jboss.spec.javax.xml.bind/jboss-jaxb-api_2.3_spec/2.0.0.Final, BSD-3-Clause, approved, #2122
-maven/mavencentral/org.jboss/jandex/2.4.2.Final, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.5.31, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.7.22, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.7.22, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.8.22, Apache-2.0, approved, #8910
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.22, Apache-2.0, approved, #8807
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk8/1.5.31, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.6.20, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.7.22, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib/1.8.22, Apache-2.0, approved, #8865
maven/mavencentral/org.jetbrains/annotations/13.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.jetbrains/annotations/17.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.json/json/20230227, LicenseRef-Public-domain, approved, #9174
maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.1, EPL-2.0, approved, #3133
-maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.2, EPL-2.0, approved, #3133
-maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.2, EPL-2.0, approved, #3125
-maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.2, EPL-2.0, approved, #3134
-maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.2, EPL-2.0, approved, #6972
-maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.2, EPL-2.0, approved, #3130
-maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.2, EPL-2.0, approved, #3128
+maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.9.3, EPL-2.0, approved, #3133
+maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.9.3, EPL-2.0, approved, #3125
+maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approved, #3134
+maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.3, EPL-2.0, approved, #6972
+maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130
+maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.3, EPL-2.0, approved, #3128
maven/mavencentral/org.keycloak/keycloak-admin-client/21.0.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.keycloak/keycloak-common/21.0.0, Apache-2.0 AND LicenseRef-scancode-public-domain-disclaimer, approved, #7287
maven/mavencentral/org.keycloak/keycloak-core/21.0.0, Apache-2.0, approved, #7293
maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, BSD-2-Clause, approved, CQ17408
maven/mavencentral/org.mockito/mockito-core/4.8.1, MIT, approved, clearlydefined
maven/mavencentral/org.mockito/mockito-core/5.2.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7401
+maven/mavencentral/org.mockito/mockito-core/5.3.1, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7925
maven/mavencentral/org.mockito/mockito-inline/5.2.0, MIT, approved, clearlydefined
-maven/mavencentral/org.mockito/mockito-junit-jupiter/4.8.1, MIT, approved, clearlydefined
+maven/mavencentral/org.mockito/mockito-junit-jupiter/5.3.1, MIT, approved, clearlydefined
maven/mavencentral/org.objenesis/objenesis/3.2, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.opentest4j/opentest4j/1.2.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.ow2.asm/asm-analysis/5.0.3, BSD-2-Clause, approved, CQ9714
-maven/mavencentral/org.ow2.asm/asm-analysis/9.2, BSD-3-Clause, approved, clearlydefined
maven/mavencentral/org.ow2.asm/asm-commons/5.0.3, BSD-2-Clause, approved, CQ9714
-maven/mavencentral/org.ow2.asm/asm-commons/9.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.ow2.asm/asm-commons/9.5, BSD-3-Clause, approved, #7553
maven/mavencentral/org.ow2.asm/asm-tree/5.0.3, BSD-2-Clause, approved, CQ9714
-maven/mavencentral/org.ow2.asm/asm-tree/9.2, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.ow2.asm/asm-tree/9.5, BSD-3-Clause, approved, #7555
maven/mavencentral/org.ow2.asm/asm-util/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.ow2.asm/asm/5.0.3, BSD-2-Clause, approved, CQ9714
maven/mavencentral/org.ow2.asm/asm/9.1, BSD-3-Clause, approved, CQ23029
-maven/mavencentral/org.ow2.asm/asm/9.2, BSD-3-Clause, approved, CQ23635
maven/mavencentral/org.ow2.asm/asm/9.3, BSD-3-Clause, approved, clearlydefined
+maven/mavencentral/org.ow2.asm/asm/9.5, BSD-3-Clause, approved, #7554
+maven/mavencentral/org.projectlombok/lombok/1.18.28, MIT AND LicenseRef-Public-Domain, approved, CQ23907
maven/mavencentral/org.reactivestreams/reactive-streams/1.0.3, CC0-1.0, approved, CQ16332
maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined
maven/mavencentral/org.skyscreamer/jsonassert/1.5.1, Apache-2.0, approved, clearlydefined
@@ -226,64 +236,61 @@ maven/mavencentral/org.slf4j/jul-to-slf4j/2.0.7, MIT, approved, #7698
maven/mavencentral/org.slf4j/slf4j-api/1.7.25, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/1.7.26, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/1.7.30, MIT, approved, CQ13368
-maven/mavencentral/org.slf4j/slf4j-api/1.7.33, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/1.7.35, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/1.7.36, MIT, approved, CQ13368
maven/mavencentral/org.slf4j/slf4j-api/2.0.1, MIT, approved, #5915
maven/mavencentral/org.slf4j/slf4j-api/2.0.2, MIT, approved, #5915
-maven/mavencentral/org.slf4j/slf4j-api/2.0.4, MIT, approved, #5915
maven/mavencentral/org.slf4j/slf4j-api/2.0.7, MIT, approved, #5915
maven/mavencentral/org.springdoc/springdoc-openapi-starter-common/2.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-api/2.1.0, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springdoc/springdoc-openapi-starter-webmvc-ui/2.1.0, Apache-2.0, approved, clearlydefined
-maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.0.6, Apache-2.0, approved, #7336
-maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.0.6, Apache-2.0, approved, #7334
+maven/mavencentral/org.springframework.boot/spring-boot-actuator-autoconfigure/3.1.1, Apache-2.0, approved, #9348
+maven/mavencentral/org.springframework.boot/spring-boot-actuator/3.1.1, Apache-2.0, approved, #9342
maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.5, Apache-2.0, approved, #6981
-maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.6, Apache-2.0, approved, #6981
-maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.5, Apache-2.0, approved, #6965
-maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.6, Apache-2.0, approved, #6965
-maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.0.6, Apache-2.0, approved, #6974
-maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.0.6, Apache-2.0, approved, #7006
-maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.0.6, Apache-2.0, approved, #6982
-maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.0.6, Apache-2.0, approved, #6987
-maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.5, Apache-2.0, approved, #7330
-maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.6, Apache-2.0, approved, #7330
-maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.0.6, Apache-2.0, approved, #6966
-maven/mavencentral/org.springframework.boot/spring-boot-test/3.0.6, Apache-2.0, approved, #6976
-maven/mavencentral/org.springframework.boot/spring-boot/3.0.6, Apache-2.0, approved, #7327
-maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.0.2, Apache-2.0, approved, #7292
-maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.0.2, Apache-2.0, approved, #7306
-maven/mavencentral/org.springframework.cloud/spring-cloud-openfeign-core/4.0.2, Apache-2.0, approved, #7305
-maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.2, Apache-2.0, approved, #7299
-maven/mavencentral/org.springframework.data/spring-data-commons/3.0.5, Apache-2.0, approved, #5943
-maven/mavencentral/org.springframework.data/spring-data-jpa/3.0.5, Apache-2.0, approved, #5935
-maven/mavencentral/org.springframework.security/spring-security-config/6.0.3, Apache-2.0, approved, #7338
-maven/mavencentral/org.springframework.security/spring-security-core/6.0.3, Apache-2.0, approved, #7325
-maven/mavencentral/org.springframework.security/spring-security-crypto/6.0.2, Apache-2.0 AND ISC, approved, #7326
+maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.0.7, Apache-2.0, approved, #6981
+maven/mavencentral/org.springframework.boot/spring-boot-autoconfigure/3.1.1, Apache-2.0, approved, #9341
+maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.0.7, Apache-2.0, approved, #6965
+maven/mavencentral/org.springframework.boot/spring-boot-starter-aop/3.1.1, Apache-2.0, approved, #9338
+maven/mavencentral/org.springframework.boot/spring-boot-starter-jdbc/3.1.1, Apache-2.0, approved, #9737
+maven/mavencentral/org.springframework.boot/spring-boot-starter-json/3.1.1, Apache-2.0, approved, #9336
+maven/mavencentral/org.springframework.boot/spring-boot-starter-logging/3.1.1, Apache-2.0, approved, #9343
+maven/mavencentral/org.springframework.boot/spring-boot-starter-tomcat/3.1.1, Apache-2.0, approved, #9351
+maven/mavencentral/org.springframework.boot/spring-boot-starter/3.0.7, Apache-2.0, approved, #7330
+maven/mavencentral/org.springframework.boot/spring-boot-starter/3.1.1, Apache-2.0, approved, #9349
+maven/mavencentral/org.springframework.boot/spring-boot-test-autoconfigure/3.1.1, Apache-2.0, approved, #9339
+maven/mavencentral/org.springframework.boot/spring-boot-test/3.1.1, Apache-2.0, approved, #9346
+maven/mavencentral/org.springframework.boot/spring-boot/3.1.1, Apache-2.0, approved, #9352
+maven/mavencentral/org.springframework.cloud/spring-cloud-commons/4.0.3, Apache-2.0, approved, #7292
+maven/mavencentral/org.springframework.cloud/spring-cloud-context/4.0.3, Apache-2.0, approved, #7306
+maven/mavencentral/org.springframework.cloud/spring-cloud-openfeign-core/4.0.3, Apache-2.0, approved, #7305
+maven/mavencentral/org.springframework.cloud/spring-cloud-starter/4.0.3, Apache-2.0, approved, #7299
+maven/mavencentral/org.springframework.data/spring-data-commons/3.1.1, Apache-2.0, approved, #8805
+maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.1, Apache-2.0, approved, #9120
+maven/mavencentral/org.springframework.security/spring-security-config/6.1.1, Apache-2.0, approved, #9736
+maven/mavencentral/org.springframework.security/spring-security-core/6.1.1, Apache-2.0, approved, clearlydefined
maven/mavencentral/org.springframework.security/spring-security-crypto/6.0.3, Apache-2.0 AND ISC, approved, #7326
-maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.0.3, Apache-2.0, approved, #7324
+maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.1, Apache-2.0 AND ISC, approved, #9735
+maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.1, Apache-2.0, approved, #9741
maven/mavencentral/org.springframework.security/spring-security-rsa/1.0.11.RELEASE, Apache-2.0, approved, CQ20647
-maven/mavencentral/org.springframework.security/spring-security-web/6.0.3, Apache-2.0, approved, #7328
-maven/mavencentral/org.springframework/spring-aop/6.0.8, Apache-2.0, approved, #5940
-maven/mavencentral/org.springframework/spring-aspects/6.0.8, Apache-2.0, approved, #5930
-maven/mavencentral/org.springframework/spring-beans/6.0.8, Apache-2.0, approved, #5937
-maven/mavencentral/org.springframework/spring-context/6.0.8, Apache-2.0, approved, #5936
-maven/mavencentral/org.springframework/spring-core/6.0.8, Apache-2.0 AND BSD-3-Clause, approved, #5948
-maven/mavencentral/org.springframework/spring-expression/6.0.8, Apache-2.0, approved, #3284
-maven/mavencentral/org.springframework/spring-jcl/6.0.8, Apache-2.0, approved, #3283
-maven/mavencentral/org.springframework/spring-jdbc/6.0.8, Apache-2.0, approved, #5924
-maven/mavencentral/org.springframework/spring-orm/6.0.8, Apache-2.0, approved, #5925
-maven/mavencentral/org.springframework/spring-test/6.0.8, Apache-2.0, approved, #7003
-maven/mavencentral/org.springframework/spring-tx/6.0.8, Apache-2.0, approved, #5926
+maven/mavencentral/org.springframework.security/spring-security-web/6.1.1, Apache-2.0, approved, clearlydefined
+maven/mavencentral/org.springframework/spring-aop/6.0.10, Apache-2.0, approved, #5940
+maven/mavencentral/org.springframework/spring-aspects/6.0.10, Apache-2.0, approved, #5930
+maven/mavencentral/org.springframework/spring-beans/6.0.10, Apache-2.0, approved, #5937
+maven/mavencentral/org.springframework/spring-context/6.0.10, Apache-2.0, approved, #5936
+maven/mavencentral/org.springframework/spring-core/6.0.10, Apache-2.0 AND BSD-3-Clause, approved, #5948
+maven/mavencentral/org.springframework/spring-expression/6.0.10, Apache-2.0, approved, #3284
+maven/mavencentral/org.springframework/spring-jcl/6.0.10, Apache-2.0, approved, #3283
+maven/mavencentral/org.springframework/spring-jdbc/6.0.10, Apache-2.0, approved, #5924
+maven/mavencentral/org.springframework/spring-orm/6.0.10, Apache-2.0, approved, #5925
+maven/mavencentral/org.springframework/spring-test/6.0.10, Apache-2.0, approved, #7003
+maven/mavencentral/org.springframework/spring-tx/6.0.10, Apache-2.0, approved, #5926
maven/mavencentral/org.springframework/spring-web/5.1.5.RELEASE, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ18367
-maven/mavencentral/org.springframework/spring-web/6.0.7, Apache-2.0, approved, #5942
-maven/mavencentral/org.springframework/spring-web/6.0.8, Apache-2.0, approved, #5942
+maven/mavencentral/org.springframework/spring-web/6.0.10, Apache-2.0, approved, #5942
+maven/mavencentral/org.springframework/spring-web/6.0.9, Apache-2.0, approved, #5942
+maven/mavencentral/org.springframework/spring-webmvc/6.0.10, Apache-2.0, approved, #5944
maven/mavencentral/org.springframework/spring-webmvc/6.0.7, Apache-2.0, approved, #5944
-maven/mavencentral/org.springframework/spring-webmvc/6.0.8, Apache-2.0, approved, #5944
-maven/mavencentral/org.testcontainers/database-commons/1.18.0, MIT, approved, clearlydefined
-maven/mavencentral/org.testcontainers/jdbc/1.18.0, MIT, approved, clearlydefined
maven/mavencentral/org.testcontainers/testcontainers/1.17.6, MIT, approved, #3074
-maven/mavencentral/org.testcontainers/testcontainers/1.18.0, MIT, approved, #7938
+maven/mavencentral/org.testcontainers/testcontainers/1.18.3, MIT, approved, #7938
maven/mavencentral/org.webjars/swagger-ui/4.18.2, Apache-2.0, approved, #7850
maven/mavencentral/org.xmlunit/xmlunit-core/2.9.1, Apache-2.0, approved, #6272
maven/mavencentral/org.yaml/snakeyaml/1.33, Apache-2.0, approved, clearlydefined
diff --git a/Dockerfile b/Dockerfile
index ecdf6123c..9ccf12ba9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -17,9 +17,7 @@
# * SPDX-License-Identifier: Apache-2.0
# ********************************************************************************/
-FROM eclipse-temurin:19-jre-alpine
-
-EXPOSE 8080:8080
+FROM eclipse-temurin:17-jre-alpine
# run as non-root user
RUN addgroup -g 11111 -S miw && adduser -u 11111 -S -s /bin/false -G miw miw
diff --git a/README.md b/README.md
index 2c059c397..0eb4b85af 100644
--- a/README.md
+++ b/README.md
@@ -4,8 +4,12 @@ The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identit
# Developer Documentation
-To run MIW locally, this section describes the tooling as well as
-the local development setup.
+To run MIW locally, this section describes the tooling as well as the local development setup.
+
+There are two possible flows, which can be used for development:
+
+1. **local**: Run the postgresql and keycloak server inside docker. Start MIW from within your IDE (recommended for actual development)
+2. **docker**: Run everything inside docker (use to test or check behavior inside a docker environment)
## Tooling
@@ -13,39 +17,156 @@ Following tools the MIW development team used successfully:
| Area | Tool | Download Link | Comment |
|----------|----------|-------------------------------------------------|---------------------------------------------------------------------------------------------------|
-| IDE | IntelliJ | https://www.jetbrains.com/idea/download/ | Additionally the [envfile plugin](https://plugins.jetbrains.com/plugin/7861-envfile) is suggested |
+| IDE | IntelliJ | https://www.jetbrains.com/idea/download/ | Use [envfile plugin](https://plugins.jetbrains.com/plugin/7861-envfile) to use the **local** flow |
| Build | Gradle | https://gradle.org/install/ |
| Runtime | Docker | https://www.docker.com/products/docker-desktop/ | |
| Database | DBeaver | https://dbeaver.io/ |
| IAM | Keycloak | https://www.keycloak.org/ | |
-## Local Development Setup
-
-1. Run keycloak and database server using [docker-compose.yaml](dev-assets%2Fdid-web%2Fdocker-compose.yaml)
-2. Create personal access token(classic) with `read:packages` access (ref: https://github.com/settings/tokens/new)
-3. set ORG_GRADLE_PROJECT_githubUserName and ORG_GRADLE_PROJECT_githubToken values
- in [dev.env](dev-assets%2Fdid-web%2Fdev.env)
-4. Setup [dev.env](dev-assets%2Fdid-web%2Fdev.env) values either in application.yaml or in IDE
-5. Run [ManagedIdentityWalletsApplication.java](src%2Fmain%2Fjava%2Forg%2Feclipse%2Ftractusx%2Fmanagedidentitywallets%2FManagedIdentityWalletsApplication.java) in IDE
-6. Open API doc on http://localhost:8080
-7. Click on Authorize on swagger UI and on the dialog click again on Authorize.
-8. Login with username=catena-x and password=password
-
-## Build application locally
-
-Build with test cases
-
-```
-./gradlew build
-```
+# Administrator Documentation
+
+## Manual Keycloak Configuration
+
+Within the development setup the Keycloak instance is initially prepared with the
+values in `./dev-assets/docker-environment/keycloak`. The realm could also be
+manually added and configured at http://localhost:8080 via the "Add realm"
+button. It can be for example named `localkeycloak`. Also add an additional client,
+e.g. named `miw_private_client` with *valid redirect url* set to
+`http://localhost:8080/*`. The roles
+
+* add_wallets
+* view_wallets
+* update_wallets
+* delete_wallets
+* view_wallet
+* update_wallet
+* manage_app
-Build without test cases
+Roles can be added under *Clients > miw_private_client > Roles* and then
+assigned to the client using *Clients > miw_private_client > Client Scopes*
+*> Service Account Roles > Client Roles > miw_private_client*.
+
+The available scopes/roles are:
+
+1. Role `add_wallets` to create a new wallet
+
+2. Role `view_wallets`:
+ * to get a list of all wallets
+ * to retrieve one wallet by its identifier
+ * to validate a Verifiable Credential
+ * to validate a Verifiable Presentation
+ * to get all stored Verifiable Credentials
+
+3. Role `update_wallets` for the following actions:
+ * to store Verifiable Credential
+ * to issue a Verifiable Credential
+ * to issue a Verifiable Presentation
+
+4. Role `update_wallet`:
+ * to remove a Verifiable Credential
+ * to store a Verifiable Credential
+ * to issue a Verifiable Credential
+ * to issue a Verifiable Presentation
+
+5. Role `view_wallet` requires the BPN of Caller and it can be used:
+ * to get the Wallet of the related BPN
+ * to get stored Verifiable Credentials of the related BPN
+ * to validate any Verifiable Credential
+ * to validate any Verifiable Presentation
+6. Role `manage_app` used to change the log level of the application at runtime. Check Logging in the application section for more
+ details
+
+Additionally a Token mapper can be created under *Clients* >
+*ManagedIdentityWallets* > *Mappers* > *create* with the following
+configuration (using as an example `BPNL000000001`):
+
+| Key | Value |
+|------------------------------------|-----------------|
+| Name | StaticBPN |
+| Mapper Type | Hardcoded claim |
+| Token Claim Name | BPN |
+| Claim value | BPNL000000001 |
+| Claim JSON Type | String |
+| Add to ID token | OFF |
+| Add to access token | ON |
+| Add to userinfo | OFF |
+| includeInAccessTokenResponse.label | ON |
+
+If you receive an error message, that the client secret is not valid, please go into
+keycloak admin and within *Clients > Credentials* recreate the secret.
+
+## Development Setup
+
+### Prerequisites
+
+To simplify the dev environment, [Taskfile](https://taskfile.dev) is used as a task executor. You have to install it first.
+
+> **IMPORTANT**: Before executing any of th tasks, you have to choose your flow (_local_ or _docker_). _local_ is
+> default.
+> To change that, you need to edit the variable **ENV** in the _Taskfile.yaml_. (see below)
+
+After that, run `task check-prereqs` to see, if any other required tool is installed or missing. If something is
+missing, a link to the install docs is provided.
+
+Now, you have to adjust the _env_ files (located in _dev-assets/env-files_). To do that, copy every file to the same
+directory, but without ".dist" at the end.
+
+Description of the env files:
+
+- **env.local**: Setup everything to get ready for flow "local". You need to fill in the passwords. Everything else can
+ remain as it is.
+- **env.docker**: Setup everything to get ready for flow "docker". You need to fill in the passwords. Everything else
+ can remain as it is.
+
+> **IMPORTANT**: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start
+> at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your Docker
+> settings (under "features in development"). This should fix the issue.
+
+In both env files (env.local and env.docker) you need to set _GITHUB_USERNAME_ and _GITHUB_TOKEN_ in order to be able to
+build the add,
+because the SSI lib is stored in a private repo (you also need the proper rights to access the repo).
+The access token need to have `read:packages` access. (ref: https://github.com/settings/tokens/new)
+
+And change the _COMPOSE_COMMAND_ variable to either _docker-compose_ or _docker compose_. It depends on docker compose
+version you are using: V1 or V2
+
+Note: _SKIP_GRADLE_TASKS_PARAM_ is used to pass parameters to the build process of the MIW jar. Currently, it skips the
+tests and code coverage, but speeds up the build time.
+If you want to activate it, just comment it out
+like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"`
+
+After every execution (either _local_ or _docker_ flow), run the matching "stop" task (
+e.g.: `task docker:start-app` -> `task docker:stop-app`)
+
+When you just run `task` without parameters, you will see all tasks available.
+
+### local
-```
-./gradlew build -i -x test
-```
+1. Run `task docker:start-middleware` and wait until it shows "(main) Running the server in development mode. DO NOT use this configuration in production." in the terminal
+2. Run `task app:build` to build the MIW application
+3. Run [ManagedIdentityWalletsApplication.java](src/main/java/org/eclipse/tractusx/managedidentitywallets/ManagedIdentityWalletsApplication.java) via IDE and use the local.env file to populate environment vars (e.g. EnvFile plugin for IntelliJ)
+4. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) )
+5. Open API doc on http://localhost:8000 (or what port you configured in the _env.local_ file)
+6. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input
+7. Click on "Authorize" and "close"
+8. MIW is up and running
+
+### docker
+
+1. Run `task docker:start-app` and wait until it shows " Started ManagedIdentityWalletsApplication in ... seconds"
+2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) )
+3. Open API doc on http://localhost:8000 (or what port you configured in the _env.local_ file)
+4. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input
+5. Click on "Authorize" and "close"
+6. MIW is up and running
+
+# End Users
+See OpenAPI documentation, which is automatically created from
+the source and available on each deployment at the `/docs/api-docs/docs` endpoint
+(e.g. locally at http://localhost:8087/docs/api-docs/docs). An export of the JSON
+document can be also found in [docs/openapi_v001.json](docs/openapi_v001.json).
-## Test Coverage
+# Test Coverage
Jacoco is used to generate the coverage report. The report generation
and the coverage verification are automatically executed after tests.
@@ -55,18 +176,18 @@ The generated HTML report can be found under `jacoco-report/html/`
To generate the report run the command
```
-./gradlew jacocoTestReport
+task app:test-report
```
To check the coverage run the command
```
-./gradlew jacocoTestCoverageVerification
+task app:coverage
```
-Currently the minimum is 80%
+Currently, the minimum is 80% coverage.
-## Common issues and solutions during local setup
+# Common issues and solutions during local setup
#### 1. Can not build with test cases
@@ -93,7 +214,7 @@ In case you encounter any database-related issues, you can resolve them by follo
This process ensures that any issues with the database schema are resolved by recreating it in a fresh state.
-## Environment Variables
+# Environment Variables
| name | description | default value |
|---------------------------------|----------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|
@@ -121,18 +242,55 @@ This process ensures that any issues with the database schema are resolved by re
| SUPPORTED_FRAMEWORK_VC_TYPES | Supported framework VC, provide values ie type1=value1,type2=value2 | cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace |
| ENFORCE_HTTPS_IN_DID_RESOLUTION | Enforce https during web did resolution | true |
| CONTRACT_TEMPLATES_URL | Contract templates URL used in summary VC | https://public.catena-x.org/contracts/ |
+| APP_LOG_LEVEL | Log level of application | INFO |
| | | |
-## Technical Debts and Known issue
+# Technical Debts and Known issue
1. Keys are stored in database in encrypted format, need to store keys in more secure place ie. Vault
2. Policies can be validated dynamically as per
request while validating VP and
VC. [Check this for more details](https://docs.walt.id/v/ssikit/concepts/verification-policies)
+# Logging in application
+
+Log level in application can be set using environment variable ``APP_LOG_LEVEL``. Possible values
+are ``OFF, ERROR, WARN, INFO, DEBUG, TRACE`` and default value set to ``INFO``
+
+### Change log level at runtime using Spring actuator
+
+We can use ``/actuator/loggers`` API endpoint of actuator for log related things. This end point can be accessible with
+role ``manage_app``. We can add this role to authority wallet client using keycloak as below:
+
+
+
+1. API to get current log settings
+
+```agsl
+curl --location 'http://localhost:8090/actuator/loggers' \
+--header 'Authorization: Bearer access_token'
+```
+
+2. Change log level at runtime
+
+```agsl
+
+curl --location 'http://localhost:8090/actuator/loggers/{java package name}' \
+--header 'Content-Type: application/json' \
+--header 'Authorization: Bearer access_token' \
+--data '{"configuredLevel":"INFO"}'
+
+i.e.
+
+curl --location 'http://localhost:8090/actuator/loggers/org.eclipse.tractusx.managedidentitywallets' \
+--header 'Content-Type: application/json' \
+--header 'Authorization: Bearer access_token' \
+--data '{"configuredLevel":"INFO"}'
+```
+
## Reference of external lib
1. https://www.testcontainers.org/modules/databases/postgres/
2. https://github.com/dasniko/testcontainers-keycloak
3. https://github.com/smartSenseSolutions/smartsense-java-commons
-4. https://github.com/catenax-ng/product-lab-ssi
\ No newline at end of file
+4. https://github.com/catenax-ng/product-lab-ssi
diff --git a/Taskfile.yaml b/Taskfile.yaml
index 644cfca46..ee94b7299 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -19,8 +19,10 @@
version: 3
+vars:
+ ENV: docker # local or docker
+
dotenv:
- - 'dev-assets/env-files/env.environment'
- 'dev-assets/env-files/env.{{.ENV}}'
includes:
diff --git a/build.gradle b/build.gradle
index 627a6f92a..bd114e96d 100644
--- a/build.gradle
+++ b/build.gradle
@@ -3,6 +3,8 @@ plugins {
id 'org.springframework.boot' version "${springBootVersion}"
id 'io.spring.dependency-management' version "${springDependencyVersion}"
id "jacoco"
+ id 'project-report'
+
}
group = "${groupName}"
@@ -48,14 +50,24 @@ dependencies {
implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:${openApiVersion}"
implementation group: 'com.smartsensesolutions', name: 'commons-dao', version: '0.0.5'
implementation 'org.liquibase:liquibase-core'
- implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.8'
+ implementation 'org.eclipse.tractusx.ssi:cx-ssi-lib:0.0.13'
+
+ //Added explicitly to mitigate CVE 2022-1471
+ implementation group: 'org.yaml', name: 'snakeyaml', version: '2.0'
+
+ //Added explicitly to mitigate CVE 2023-24998
+ implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.5'
+
+
+ testImplementation 'org.projectlombok:lombok:1.18.28'
runtimeOnly 'org.postgresql:postgresql'
compileOnly 'org.projectlombok:lombok'
developmentOnly 'org.springframework.boot:spring-boot-devtools'
annotationProcessor 'org.projectlombok:lombok'
+ testAnnotationProcessor 'org.projectlombok:lombok'
testImplementation 'org.springframework.boot:spring-boot-starter-test'
testImplementation "org.testcontainers:testcontainers"
- testImplementation "org.testcontainers:postgresql"
+ testImplementation 'com.h2database:h2:2.2.220'
testImplementation "org.testcontainers:junit-jupiter"
testImplementation group: 'com.github.dasniko', name: 'testcontainers-keycloak', version: '2.5.0'
testImplementation group: 'org.mockito', name: 'mockito-inline', version: '5.2.0'
@@ -82,6 +94,10 @@ test {
finalizedBy jacocoTestReport
}
+htmlDependencyReport {
+ projects = project.allprojects
+}
+
jacocoTestReport {
dependsOn test
diff --git a/charts/managed-identity-wallet/.helmignore b/charts/managed-identity-wallet/.helmignore
index 5642e80be..0886f15ef 100644
--- a/charts/managed-identity-wallet/.helmignore
+++ b/charts/managed-identity-wallet/.helmignore
@@ -22,4 +22,7 @@
*.tmproj
.vscode/
tests/
-values-*.yaml
\ No newline at end of file
+values-*.yaml
+README.md.gotmpl
+ci/
+argocd/
diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml
index d8bb30b1a..e726f719e 100644
--- a/charts/managed-identity-wallet/Chart.yaml
+++ b/charts/managed-identity-wallet/Chart.yaml
@@ -19,15 +19,30 @@
apiVersion: v2
name: managed-identity-wallet
-description: Managed Identity Wallets Service
+description: |
+ Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
+ And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains.
type: application
-version: 1.0.1-rc1
-appVersion: 0.0.1-SNAPSHOT.b75ebaf
+version: 1.0.1
+appVersion: 0.0.1
+
+home: https://github.com/eclipse-tractusx/managed-identity-wallet
+keywords:
+ - Managed Identity Wallet
+ - eclipse-tractusx
+
+sources:
+ - https://github.com/eclipse-tractusx/managed-identity-wallet
+
+maintainers:
+ - name: Peter Motzko
+ email: peter.motzko@volkswagen.de
+ url: https://github.com/pmoscode
dependencies:
- name: postgresql
version: 11.9.13
repository: https://charts.bitnami.com/bitnami
- condition: postgresql.enabled
\ No newline at end of file
+ condition: postgresql.enabled
diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md
index 165ca36cd..c1dde17a2 100644
--- a/charts/managed-identity-wallet/README.md
+++ b/charts/managed-identity-wallet/README.md
@@ -1,8 +1,40 @@
# managed-identity-wallet
-  
+  
-Managed Identity Wallets Service
+Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
+And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains.
+
+**Homepage:**
+
+## Get Repo Info
+
+ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+ helm repo update
+
+## Install chart
+
+ helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet
+
+The command deploys miw on the Kubernetes cluster in the default configuration.
+
+See configuration below.
+
+See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation.
+
+## Uninstall Chart
+
+ helm uninstall [RELEASE_NAME]
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation.
+
+## Upgrading Chart
+
+ helm upgrade [RELEASE_NAME] [CHART]
+
+See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation.
## Requirements
@@ -14,40 +46,40 @@ Managed Identity Wallets Service
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| affinity | object | `{}` | |
-| envs | string | `nil` | |
+| affinity | object | `{}` | Affinity configuration |
+| backup | object | `{"database":{"cron":"* */6 * * *","enabled":false,"storage":{"diskSize":"10G","keepStorage":true,"storageClassName":"-"}}}` | Simple Postgresql backup solution (Dump data to second PV) |
+| backup.database | object | `{"cron":"* */6 * * *","enabled":false,"storage":{"diskSize":"10G","keepStorage":true,"storageClassName":"-"}}` | Backup database |
+| backup.database.cron | string | `"* */6 * * *"` | Backup schedule (help: https://crontab.guru) |
+| backup.database.enabled | bool | `false` | Enable / Disable the backup |
+| backup.database.storage | object | `{"diskSize":"10G","keepStorage":true,"storageClassName":"-"}` | Storage configuration |
+| backup.database.storage.diskSize | string | `"10G"` | Disk size for backup content |
+| backup.database.storage.keepStorage | bool | `true` | Set to true, if the PV should stay even when the chart release is uninstalled |
+| backup.database.storage.storageClassName | string | `"-"` | storageClassName |
+| envs | object | `{}` | Parameters for the application (will be provided as plain environment variables) |
| fullnameOverride | string | `""` | |
-| image.pullPolicy | string | `"Always"` | |
-| image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | |
-| image.tag | string | `"latest"` | |
-| imagePullSecrets[0].name | string | `"acr-credential"` | |
-| ingress.annotations."kubernetes.io/ingress.class" | string | `"nginx"` | |
-| ingress.enabled | bool | `false` | |
-| ingress.hosts[0].host | string | `"chart-example.local"` | |
-| ingress.hosts[0].paths[0].path | string | `"/"` | |
-| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | |
-| ingress.tls | list | `[]` | |
+| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service","tag":""}` | Image of the main container |
+| image.pullPolicy | string | `"Always"` | PullPolicy |
+| image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | Image repository |
+| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) |
+| imagePullSecrets | list | `[{"name":"acr-credential"}]` | Credentials for a private repo |
+| ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration |
| nameOverride | string | `""` | |
-| nodeSelector."kubernetes.io/os" | string | `"linux"` | |
-| podAnnotations | object | `{}` | |
-| podSecurityContext | object | `{}` | |
-| postgresql.auth.password | string | `"postgres"` | |
-| postgresql.auth.postgresPassword | string | `"postgres"` | |
-| postgresql.auth.username | string | `"postgres"` | |
-| postgresql.primary.initdb.password | string | `"postgres"` | |
-| postgresql.primary.initdb.scripts."init_db_script.sh" | string | `"#!/bin/sh\ncreatedb -O postgres miw\n"` | |
-| postgresql.primary.initdb.user | string | `"postgres"` | |
-| replicaCount | int | `1` | |
-| resources.cpu | int | `250` | |
-| resources.memory | int | `256` | |
-| secrets | string | `nil` | |
-| securityContext | object | `{}` | |
-| service.port | int | `8080` | |
-| service.type | string | `"ClusterIP"` | |
-| serviceAccount.annotations | object | `{}` | |
-| serviceAccount.create | bool | `true` | |
-| serviceAccount.name | string | `""` | |
-| tolerations | list | `[]` | |
+| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration |
+| podAnnotations | object | `{}` | PodAnnotation configuration |
+| podSecurityContext | object | `{}` | PodSecurityContext |
+| replicaCount | int | `1` | The amount of replicas to run |
+| resources | object | `{"limits":{"cpu":4,"memory":"1Gi"},"requests":{"cpu":"250m","memory":"500Mi"}}` | Resource boundaries |
+| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) |
+| securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Preconfigured SecurityContext |
+| service | object | `{"port":8080,"type":"ClusterIP"}` | Service configuration |
+| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | ServiceAccount configuration |
+| tolerations | list | `[]` | Tolerations configuration |
+
+## Maintainers
+
+| Name | Email | Url |
+| ---- | ------ | --- |
+| Peter Motzko | | |
----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
+Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)
diff --git a/charts/managed-identity-wallet/README.md.gotmpl b/charts/managed-identity-wallet/README.md.gotmpl
new file mode 100644
index 000000000..f91aed974
--- /dev/null
+++ b/charts/managed-identity-wallet/README.md.gotmpl
@@ -0,0 +1,48 @@
+{{ template "chart.header" . }}
+
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+## Get Repo Info
+
+ helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev
+ helm repo update
+
+## Install chart
+
+ helm install [RELEASE_NAME] tractusx-dev/managed-identity-wallet
+
+The command deploys miw on the Kubernetes cluster in the default configuration.
+
+See configuration below.
+
+See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation.
+
+## Uninstall Chart
+
+ helm uninstall [RELEASE_NAME]
+
+This removes all the Kubernetes components associated with the chart and deletes the release.
+
+See [helm uninstall](https://helm.sh/docs/helm/helm_uninstall/) for command documentation.
+
+## Upgrading Chart
+
+ helm upgrade [RELEASE_NAME] [CHART]
+
+See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documentation.
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesHeader" . }}
+
+{{ template "chart.valuesTable" . }}
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "helm-docs.versionFooter" . }}
diff --git a/charts/managed-identity-wallet/ci/all-values.yaml b/charts/managed-identity-wallet/ci/all-values.yaml
new file mode 100644
index 000000000..30d859f43
--- /dev/null
+++ b/charts/managed-identity-wallet/ci/all-values.yaml
@@ -0,0 +1,57 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+image:
+ tag: "latest-java-did-web"
+
+secrets:
+ DB_USER_NAME: postgres
+ DB_PASSWORD: pg_test_ci
+ ENCRYPTION_KEY: d6aab34fb68e090c2789a9b1a67648d3
+ KEYCLOAK_CLIENT_ID: mit_ci_test
+
+envs:
+ DB_HOST: test-postgres
+ MIW_HOST_NAME: miw.local
+ KEYCLOAK_REALM: MIW
+ AUTH_SERVER_URL: https://localhost/auth
+ AUTHORITY_WALLET_DID: "did:web:miw.local:BPNL000000000000"
+ AUTHORITY_WALLET_BPN: "BPNL000000000000"
+
+ingress:
+ enabled: true
+ hosts:
+ - host: miw.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls:
+ - secretName: miw-secret
+ hosts:
+ - miw.local
+
+postgresql:
+ fullnameOverride: test-postgres
+ primary:
+ initdb:
+ password: pg_test_ci
+ auth:
+ password: pg_test_ci
+ postgresPassword: pg_test_ci
+ username: postgres
diff --git a/charts/managed-identity-wallet/templates/backup/cronjob.yaml b/charts/managed-identity-wallet/templates/backup/cronjob.yaml
new file mode 100644
index 000000000..9c6108fc5
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/backup/cronjob.yaml
@@ -0,0 +1,56 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+{{ if .Values.backup.database.enabled -}}
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+ name: {{ include "managed-identity-wallet.fullname" . }}-backup
+ labels:
+ {{- include "managed-identity-wallet.labels" . | nindent 4 }}
+spec:
+ schedule: {{ .Values.backup.database.cron | quote }}
+ jobTemplate:
+ spec:
+ backoffLimit: 0
+ template:
+ spec:
+ containers:
+ - name: dump
+ image: postgres:14.5-alpine
+ volumeMounts:
+ - name: data
+ mountPath: /backup
+ command:
+ - "/bin/sh"
+ args:
+ - "-c"
+ - 'pg_dump -v -Fc -U {{ .Values.secrets.DB_USER_NAME }} -h {{ .Values.envs.DB_HOST }} miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump'
+ env:
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "managed-identity-wallet.fullname" . }}
+ key: DB_PASSWORD
+ restartPolicy: Never
+ volumes:
+ - name: data
+ persistentVolumeClaim:
+ claimName: {{ include "managed-identity-wallet.fullname" . }}-backup
+{{- end }}
diff --git a/charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml b/charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml
new file mode 100644
index 000000000..a436d4e1f
--- /dev/null
+++ b/charts/managed-identity-wallet/templates/backup/persistentvolumeclaim.yaml
@@ -0,0 +1,38 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+{{ if .Values.backup.database.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ include "managed-identity-wallet.fullname" . }}-backup
+ labels:
+ {{- include "managed-identity-wallet.labels" . | nindent 4 }}
+ {{ if .Values.backup.database.storage.keepStorage -}}
+ annotations:
+ helm.sh/resource-policy: keep
+ {{- end }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ storageClassName: {{ .Values.backup.database.storage.storageClassName | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.backup.database.storage.diskSize }}
+{{- end }}
diff --git a/charts/managed-identity-wallet/templates/deployment.yaml b/charts/managed-identity-wallet/templates/deployment.yaml
index de0f715a3..a6e0d38d0 100644
--- a/charts/managed-identity-wallet/templates/deployment.yaml
+++ b/charts/managed-identity-wallet/templates/deployment.yaml
@@ -50,10 +50,10 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
- {{- if or .Values.envs .Values.secrets }}
env:
- name: APPLICATION_PORT
value: "8080"
+ {{- if or .Values.envs .Values.secrets }}
{{- range $key, $val := .Values.envs }}
- name: {{ $key }}
value: {{ $val }}
diff --git a/charts/managed-identity-wallet/templates/secret.yaml b/charts/managed-identity-wallet/templates/secret.yaml
index e8dadce33..9760d9d30 100644
--- a/charts/managed-identity-wallet/templates/secret.yaml
+++ b/charts/managed-identity-wallet/templates/secret.yaml
@@ -22,9 +22,11 @@ apiVersion: v1
kind: Secret
metadata:
name: {{ include "managed-identity-wallet.fullname" . }}
+ labels:
+ {{- include "managed-identity-wallet.labels" . | nindent 4 }}
type: Opaque
data:
{{- range $key, $val := .Values.secrets }}
{{ $key }}: {{ $val | b64enc }}
{{- end}}
-{{- end }}
\ No newline at end of file
+{{- end }}
diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml b/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml
new file mode 100644
index 000000000..5d23ee352
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/backup/cronjob_test.yaml
@@ -0,0 +1,93 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test custom-values cronjob for backup DB
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/backup/cronjob.yaml
+values:
+ - values-backup.yml
+tests:
+ - it: should have backup functionality enabled and valid metadata
+ asserts:
+ - hasDocuments:
+ count: 1
+ - containsDocument:
+ kind: CronJob
+ apiVersion: batch/v1
+ name: RELEASE-NAME-managed-identity-wallet-backup
+ - isSubset:
+ path: metadata.labels
+ content:
+ helm.sh/chart: managed-identity-wallet-9.9.9_test
+ app.kubernetes.io/name: managed-identity-wallet
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/version: "9.9.9"
+ app.kubernetes.io/managed-by: Helm
+
+ - it: should have schedule set
+ asserts:
+ - equal:
+ path: spec.schedule
+ value: "* */6 * * *"
+
+ - it: should have set "RestartPolicy" to "never"
+ asserts:
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.restartPolicy
+ value: Never
+
+ - it: should have a "volume" and a "volumeMount"
+ asserts:
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].volumeMounts
+ content:
+ name: data
+ mountPath: /backup
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.volumes
+ content:
+ name: data
+ persistentVolumeClaim:
+ claimName: RELEASE-NAME-managed-identity-wallet-backup
+
+ - it: should have "PGPASSWORD" set via Envs
+ asserts:
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].env
+ content:
+ name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: RELEASE-NAME-managed-identity-wallet
+ key: DB_PASSWORD
+
+ - it: should have default command and args
+ asserts:
+ - contains:
+ path: spec.jobTemplate.spec.template.spec.containers[0].command
+ content:
+ "/bin/sh"
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].args
+ value:
+ - "-c"
+ - 'pg_dump -v -Fc -U dbuser -h postgres-host miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump'
diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml b/charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml
new file mode 100644
index 000000000..ba91667f0
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/backup/persistentvolumeclaim_test.yaml
@@ -0,0 +1,70 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test custom-values PVC for backup DB
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/backup/persistentvolumeclaim.yaml
+values:
+ - values-backup.yml
+tests:
+ - it: should have storage functionality enabled and valid metadata
+ asserts:
+ - hasDocuments:
+ count: 1
+ - containsDocument:
+ kind: PersistentVolumeClaim
+ apiVersion: v1
+ name: RELEASE-NAME-managed-identity-wallet-backup
+ - isSubset:
+ path: metadata.labels
+ content:
+ helm.sh/chart: managed-identity-wallet-9.9.9_test
+ app.kubernetes.io/name: managed-identity-wallet
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/version: "9.9.9"
+ app.kubernetes.io/managed-by: Helm
+
+ - it: should not set Helm keep annotation when "keepStorage" is set to "false"
+ asserts:
+ - notExists:
+ path: metadata.annotations
+
+ - it: should set Helm keep annotation when "keepStorage" is set to "true"
+ set:
+ backup.database.storage.keepStorage: true
+ asserts:
+ - isSubset:
+ path: metadata.annotations
+ content:
+ helm.sh/resource-policy: keep
+
+ - it: should proper config storage
+ asserts:
+ - equal:
+ path: spec.storageClassName
+ value: storageClass
+ - equal:
+ path: spec.resources.requests.storage
+ value: 22G
+ - equal:
+ path: spec.accessModes
+ value: ["ReadWriteOnce"]
diff --git a/charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml b/charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml
new file mode 100644
index 000000000..341dd85f2
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/backup/values-backup.yml
@@ -0,0 +1,37 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+image:
+ tag: "latest"
+
+secrets:
+ DB_USER_NAME: dbuser
+ DB_PASSWORD: password
+
+envs:
+ DB_HOST: postgres-host
+
+backup:
+ database:
+ enabled: true
+ cron: "* */6 * * *"
+ storage:
+ keepStorage: false
+ diskSize: 22G
+ storageClassName: "storageClass"
diff --git a/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
new file mode 100644
index 000000000..7433cdf54
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/deployment_test.yaml
@@ -0,0 +1,130 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test custom-values deployment
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/deployment.yaml
+tests:
+ - it: should have latest image tag
+ values:
+ - values.yml
+ asserts:
+ - matchRegex:
+ path: spec.template.spec.containers[0].image
+ pattern: .:latest
+
+ - it: should have environment variables set (envs and secrets set)
+ values:
+ - values.yml
+ asserts:
+ - isNotEmpty:
+ path: spec.template.spec.containers[0].env
+ - lengthEqual:
+ path: spec.template.spec.containers[0].env
+ count: 5
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: APPLICATION_PORT
+ value: "8080"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_HOST
+ value: postgres-host
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MIW_HOST_NAME
+ value: miw
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: DB_PASSWORD
+ name: RELEASE-NAME-managed-identity-wallet
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_USER_NAME
+ valueFrom:
+ secretKeyRef:
+ key: DB_USER_NAME
+ name: RELEASE-NAME-managed-identity-wallet
+
+ - it: should have environment variables set (only envs set)
+ values:
+ - values-envs.yml
+ asserts:
+ - isNotEmpty:
+ path: spec.template.spec.containers[0].env
+ - lengthEqual:
+ path: spec.template.spec.containers[0].env
+ count: 3
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: APPLICATION_PORT
+ value: "8080"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_HOST
+ value: postgres-host
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: MIW_HOST_NAME
+ value: miw
+
+ - it: should have environment variables set (envs and secrets set)
+ values:
+ - values-secrets.yml
+ asserts:
+ - isNotEmpty:
+ path: spec.template.spec.containers[0].env
+ - lengthEqual:
+ path: spec.template.spec.containers[0].env
+ count: 3
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: APPLICATION_PORT
+ value: "8080"
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ key: DB_PASSWORD
+ name: RELEASE-NAME-managed-identity-wallet
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: DB_USER_NAME
+ valueFrom:
+ secretKeyRef:
+ key: DB_USER_NAME
+ name: RELEASE-NAME-managed-identity-wallet
diff --git a/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
new file mode 100644
index 000000000..ba240c6f4
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/ingress_test.yaml
@@ -0,0 +1,72 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test custom-values ingress
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/ingress.yaml
+values:
+ - values.yml
+tests:
+ - it: should have correct metadata
+ asserts:
+ - hasDocuments:
+ count: 1
+ - containsDocument:
+ kind: Ingress
+ apiVersion: networking.k8s.io/v1
+ name: RELEASE-NAME-managed-identity-wallet
+ - isSubset:
+ path: metadata.labels
+ content:
+ helm.sh/chart: managed-identity-wallet-9.9.9_test
+ app.kubernetes.io/name: managed-identity-wallet
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/version: "9.9.9"
+ app.kubernetes.io/managed-by: Helm
+
+ - it: must have rules set
+ asserts:
+ - isNotEmpty:
+ path: spec.rules
+ - lengthEqual:
+ path: spec.rules
+ count: 1
+ - isNotEmpty:
+ path: spec.rules[0].host
+ - lengthEqual:
+ path: spec.rules[0].http.paths
+ count: 1
+ - isNotEmpty:
+ path: spec.rules[0].http.paths[0].path
+
+ - it: must have tls set
+ asserts:
+ - isNotEmpty:
+ path: spec.tls
+ - lengthEqual:
+ path: spec.tls
+ count: 1
+ - isNotEmpty:
+ path: spec.tls[0].hosts
+ - lengthEqual:
+ path: spec.tls[0].hosts[0]
+ count: 1
diff --git a/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
new file mode 100644
index 000000000..3bc1560ca
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/secret_test.yaml
@@ -0,0 +1,66 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test custom-values secret
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/secret.yaml
+values:
+ - values.yml
+tests:
+ - it: should have correct metadata
+ asserts:
+ - hasDocuments:
+ count: 1
+ - containsDocument:
+ kind: Secret
+ apiVersion: v1
+ name: RELEASE-NAME-managed-identity-wallet
+ - isSubset:
+ path: metadata.labels
+ content:
+ helm.sh/chart: managed-identity-wallet-9.9.9_test
+ app.kubernetes.io/name: managed-identity-wallet
+ app.kubernetes.io/instance: RELEASE-NAME
+ app.kubernetes.io/version: "9.9.9"
+ app.kubernetes.io/managed-by: Helm
+
+ - it: must have type set to Opaque
+ asserts:
+ - equal:
+ path: type
+ value: Opaque
+
+ - it: must have data set
+ asserts:
+ - isNotEmpty:
+ path: data
+
+ - it: must have values in data
+ asserts:
+ - equal:
+ path: data.DB_USER_NAME
+ value: dbuser
+ decodeBase64: true
+ - equal:
+ path: data.DB_PASSWORD
+ value: password
+ decodeBase64: true
diff --git a/charts/managed-identity-wallet/tests/custom-values/values-envs.yml b/charts/managed-identity-wallet/tests/custom-values/values-envs.yml
new file mode 100644
index 000000000..782fcacb6
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/values-envs.yml
@@ -0,0 +1,22 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+envs:
+ DB_HOST: postgres-host
+ MIW_HOST_NAME: miw
diff --git a/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml b/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml
new file mode 100644
index 000000000..ca85427c3
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/values-secrets.yml
@@ -0,0 +1,22 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+secrets:
+ DB_USER_NAME: dbuser
+ DB_PASSWORD: password
diff --git a/charts/managed-identity-wallet/tests/custom-values/values.yml b/charts/managed-identity-wallet/tests/custom-values/values.yml
new file mode 100644
index 000000000..cf3cdb466
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/custom-values/values.yml
@@ -0,0 +1,43 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+image:
+ tag: "latest"
+
+secrets:
+ DB_USER_NAME: dbuser
+ DB_PASSWORD: password
+
+envs:
+ DB_HOST: postgres-host
+ MIW_HOST_NAME: miw
+
+ingress:
+ enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ hosts:
+ - host: localhost.local
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls:
+ - secretName: miw-secret
+ hosts:
+ - localhost.local
diff --git a/charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml b/charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml
new file mode 100644
index 000000000..34de9772e
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/default/backup/cronjob_test.yaml
@@ -0,0 +1,30 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test default cronjob for backup DB
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/backup/cronjob.yaml
+tests:
+ - it: should have backup functionality disabled
+ asserts:
+ - hasDocuments:
+ count: 0
diff --git a/charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml b/charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml
new file mode 100644
index 000000000..06f469fb7
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/default/backup/persistentvolumeclaim_test.yaml
@@ -0,0 +1,30 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test default PVC for backup DB
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/backup/persistentvolumeclaim.yaml
+tests:
+ - it: should have backup functionality disabled
+ asserts:
+ - hasDocuments:
+ count: 0
diff --git a/charts/managed-identity-wallet/tests/default_deployment_test.yaml b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
similarity index 81%
rename from charts/managed-identity-wallet/tests/default_deployment_test.yaml
rename to charts/managed-identity-wallet/tests/default/deployment_test.yaml
index b6b8a2efe..4a42a9fdd 100644
--- a/charts/managed-identity-wallet/tests/default_deployment_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/deployment_test.yaml
@@ -21,9 +21,10 @@ suite: test default deployment
chart:
version: 9.9.9+test
appVersion: 9.9.9
+templates:
+ - templates/deployment.yaml
tests:
- it: should have correct metadata
- template: templates/deployment.yaml
asserts:
- hasDocuments:
count: 1
@@ -41,7 +42,6 @@ tests:
app.kubernetes.io/managed-by: Helm
- it: must have important values set
- template: templates/deployment.yaml
asserts:
- equal:
path: spec.replicas
@@ -59,7 +59,6 @@ tests:
protocol: TCP
- it: must have probes set
- template: templates/deployment.yaml
asserts:
- isNotEmpty:
path: spec.template.spec.containers[0].livenessProbe
@@ -67,7 +66,6 @@ tests:
path: spec.template.spec.containers[0].readinessProbe
- it: must have resource limits set
- template: templates/deployment.yaml
asserts:
- isNotEmpty:
path: spec.template.spec.containers[0].resources
@@ -85,7 +83,6 @@ tests:
path: spec.template.spec.containers[0].resources.requests.memory
- it: must have a security context
- template: templates/deployment.yaml
asserts:
- isSubset:
path: spec.template.spec.containers[0].securityContext
@@ -94,4 +91,28 @@ tests:
privileged: false
runAsGroup: 11111
runAsNonRoot: true
- runAsUser: 11111
\ No newline at end of file
+ runAsUser: 11111
+
+ - it: should have environment variables set
+ asserts:
+ - isNotEmpty:
+ path: spec.template.spec.containers[0].env
+ - lengthEqual:
+ path: spec.template.spec.containers[0].env
+ count: 1
+
+ - it: should have empty values
+ asserts:
+ - notExists:
+ path: spec.template.spec.affinity
+ - notExists:
+ path: spec.template.spec.tolerations
+
+ - it: should have nodeSelector value set
+ asserts:
+ - exists:
+ path: spec.template.spec.nodeSelector
+ - isSubset:
+ path: spec.template.spec.nodeSelector
+ content:
+ "kubernetes.io/os": linux
diff --git a/charts/managed-identity-wallet/tests/default/ingress_test.yaml b/charts/managed-identity-wallet/tests/default/ingress_test.yaml
new file mode 100644
index 000000000..8217e084c
--- /dev/null
+++ b/charts/managed-identity-wallet/tests/default/ingress_test.yaml
@@ -0,0 +1,30 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+suite: test default ingress
+chart:
+ version: 9.9.9+test
+ appVersion: 9.9.9
+templates:
+ - templates/ingress.yaml
+tests:
+ - it: should not be available
+ asserts:
+ - hasDocuments:
+ count: 0
diff --git a/charts/managed-identity-wallet/tests/default_service_account_test.yaml b/charts/managed-identity-wallet/tests/default/service_account_test.yaml
similarity index 94%
rename from charts/managed-identity-wallet/tests/default_service_account_test.yaml
rename to charts/managed-identity-wallet/tests/default/service_account_test.yaml
index 01f127da5..bd5b95108 100644
--- a/charts/managed-identity-wallet/tests/default_service_account_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/service_account_test.yaml
@@ -21,9 +21,10 @@ suite: test default serviceaccount
chart:
version: 9.9.9+test
appVersion: 9.9.9
+templates:
+ - templates/serviceaccount.yaml
tests:
- it: should have correct metadata
- template: templates/serviceaccount.yaml
asserts:
- hasDocuments:
count: 1
@@ -38,4 +39,4 @@ tests:
app.kubernetes.io/name: managed-identity-wallet
app.kubernetes.io/instance: RELEASE-NAME
app.kubernetes.io/version: "9.9.9"
- app.kubernetes.io/managed-by: Helm
\ No newline at end of file
+ app.kubernetes.io/managed-by: Helm
diff --git a/charts/managed-identity-wallet/tests/default_service_test.yaml b/charts/managed-identity-wallet/tests/default/service_test.yaml
similarity index 93%
rename from charts/managed-identity-wallet/tests/default_service_test.yaml
rename to charts/managed-identity-wallet/tests/default/service_test.yaml
index 0681b52e4..89509c916 100644
--- a/charts/managed-identity-wallet/tests/default_service_test.yaml
+++ b/charts/managed-identity-wallet/tests/default/service_test.yaml
@@ -21,9 +21,10 @@ suite: test default service
chart:
version: 9.9.9+test
appVersion: 9.9.9
+templates:
+ - templates/service.yaml
tests:
- it: should have correct metadata
- template: templates/service.yaml
asserts:
- hasDocuments:
count: 1
@@ -41,14 +42,12 @@ tests:
app.kubernetes.io/managed-by: Helm
- it: must have type set to ClusterIP
- template: templates/service.yaml
asserts:
- equal:
path: spec.type
value: ClusterIP
- it: must have ports set
- template: templates/service.yaml
asserts:
- contains:
path: spec.ports
@@ -56,4 +55,4 @@ tests:
name: http
targetPort: http
port: 8080
- protocol: TCP
\ No newline at end of file
+ protocol: TCP
diff --git a/charts/managed-identity-wallet/values-dev.yaml b/charts/managed-identity-wallet/values-dev.yaml
index ac0381ce8..f0eb88beb 100644
--- a/charts/managed-identity-wallet/values-dev.yaml
+++ b/charts/managed-identity-wallet/values-dev.yaml
@@ -36,6 +36,8 @@ envs:
ingress:
enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
hosts:
- host: managed-identity-wallets-new.dev.demo.catena-x.net
paths:
@@ -53,4 +55,4 @@ postgresql:
auth:
password:
postgresPassword:
- username:
\ No newline at end of file
+ username:
diff --git a/charts/managed-identity-wallet/values-int.yaml b/charts/managed-identity-wallet/values-int.yaml
index 550695550..b8897a267 100644
--- a/charts/managed-identity-wallet/values-int.yaml
+++ b/charts/managed-identity-wallet/values-int.yaml
@@ -36,6 +36,8 @@ envs:
ingress:
enabled: true
+ annotations:
+ kubernetes.io/ingress.class: nginx
hosts:
- host: managed-identity-wallets-new.int.demo.catena-x.net
paths:
@@ -53,4 +55,4 @@ postgresql:
auth:
password:
postgresPassword:
- username:
\ No newline at end of file
+ username:
diff --git a/charts/managed-identity-wallet/values-local.yaml b/charts/managed-identity-wallet/values-local.yaml
new file mode 100644
index 000000000..2499f4efb
--- /dev/null
+++ b/charts/managed-identity-wallet/values-local.yaml
@@ -0,0 +1,66 @@
+# /********************************************************************************
+# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
+# *
+# * See the NOTICE file(s) distributed with this work for additional
+# * information regarding copyright ownership.
+# *
+# * This program and the accompanying materials are made available under the
+# * terms of the Apache License, Version 2.0 which is available at
+# * https://www.apache.org/licenses/LICENSE-2.0.
+# *
+# * Unless required by applicable law or agreed to in writing, software
+# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# * License for the specific language governing permissions and limitations
+# * under the License.
+# *
+# * SPDX-License-Identifier: Apache-2.0
+# ********************************************************************************/
+
+image:
+ tag: "latest-java-did-web"
+
+secrets:
+ DB_USER_NAME: postgres
+ DB_PASSWORD: xxx
+ ENCRYPTION_KEY: 76a7834fb37e090c2789a9b1a76748d3
+ KEYCLOAK_CLIENT_ID: z445srtzr5g
+
+envs:
+ DB_HOST: miw-postgresql
+ MIW_HOST_NAME: localhost
+ KEYCLOAK_REALM: miw_test
+ AUTH_SERVER_URL: http:///auth
+ AUTHORITY_WALLET_DID: "did:web:managed-identity-wallets-new.dev.demo.catena-x.net:BPNL000000000000"
+ AUTHORITY_WALLET_BPN: "BPNL000000000000"
+
+ingress:
+ enabled: false
+ annotations:
+ kubernetes.io/ingress.class: nginx
+ hosts:
+ - host: localhost
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ tls:
+ - secretName: miw-secret
+ hosts:
+ - localhost
+
+backup:
+ database:
+ enabled: true
+ cron: "*/2 * * * *"
+ storage:
+ diskSize: 10G
+ storageClassName: hostpath
+
+postgresql:
+ primary:
+ initdb:
+ password: xxx
+ auth:
+ password: xxx
+ postgresPassword: xxx
+ username: postgres
diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml
index 7787192eb..34d8f9061 100644
--- a/charts/managed-identity-wallet/values.yaml
+++ b/charts/managed-identity-wallet/values.yaml
@@ -17,27 +17,30 @@
# * SPDX-License-Identifier: Apache-2.0
# ********************************************************************************/
+# -- The amount of replicas to run
replicaCount: 1
+# -- Image of the main container
image:
- repository: ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service
+ # -- Image repository
+ repository: tractusx/managed-identity-wallet
+ # -- PullPolicy
pullPolicy: Always
- tag: ""
-
-imagePullSecrets:
- - name: acr-credential
+ # -- Image tag (empty one will use "appVersion" value from chart definition)
+ tag: ""
nameOverride: ""
fullnameOverride: ""
-secrets:
+# -- Parameters for the application (will be stored as secrets - so, for passwords, ...)
+secrets: {}
# DB_USER_NAME: xxx # Has to be the same as below in "postgresql" section
# DB_PASSWORD: xxx # Has to be the same as below in "postgresql" section
# KEYCLOAK_CLIENT_ID: xxx
# ENCRYPTION_KEY: xxx # 64 chars
-# APPLICATION_PORT is bound to 8080!!
-envs:
+# -- Parameters for the application (will be provided as plain environment variables)
+envs: {}
# APPLICATION_ENVIRONMENT: xxx
# DB_HOST: auto
# DB_PORT: xxx
@@ -55,34 +58,21 @@ envs:
# KEYCLOAK_REALM: xxx
# AUTH_SERVER_URL: xxx
+# -- ServiceAccount configuration
serviceAccount:
create: true
annotations: {}
name: ""
+# -- Service configuration
service:
type: ClusterIP
port: 8080
+# -- Ingress configuration
ingress:
enabled: false
-# className: nginx
- annotations:
- kubernetes.io/ingress.class: nginx
-# nginx.ingress.kubernetes.io/rewrite-target: /$1
-# nginx.ingress.kubernetes.io/use-regex: "true"
-# nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-# nginx.ingress.kubernetes.io/ssl-passthrough: "true"
-# nginx.ingress.kubernetes.io/server-snippet: |
-# location ~* /list-credential/ {
-# deny all;
-# return 403;
-# }
-#
-# location ~* /webhook/topic/ {
-# deny all;
-# return 403;
-# }
+ annotations: {}
hosts:
- host: chart-example.local
paths:
@@ -93,9 +83,10 @@ ingress:
# hosts:
# - chart-example.local
+# -- PodSecurityContext
podSecurityContext: {}
-# fsGroup: 2000
+# -- Preconfigured SecurityContext
securityContext:
privileged: false
allowPrivilegeEscalation: false
@@ -103,6 +94,7 @@ securityContext:
runAsGroup: 11111
runAsUser: 11111
+# -- Resource boundaries
resources:
requests:
cpu: 250m
@@ -111,15 +103,37 @@ resources:
cpu: 4
memory: 1Gi
+# -- NodeSelector configuration
nodeSelector:
"kubernetes.io/os": linux
+# -- Tolerations configuration
tolerations: []
+# -- Affinity configuration
affinity: {}
+# -- PodAnnotation configuration
podAnnotations: {}
+# -- Simple Postgresql backup solution (Dump data to second PV)
+backup:
+ # -- Backup database
+ database:
+ # -- Enable / Disable the backup
+ enabled: false
+ # -- Backup schedule (help: https://crontab.guru)
+ cron: "* */6 * * *"
+ # -- Storage configuration
+ storage:
+ # -- Set to true, if the PV should stay even when the chart release is uninstalled
+ keepStorage: true
+ # -- Disk size for backup content
+ diskSize: 10G
+ # -- storageClassName
+ storageClassName: "-"
+
+# @ignored
postgresql:
primary:
initdb:
@@ -132,4 +146,4 @@ postgresql:
auth:
password: postgres
username: postgres
- postgresPassword: postgres
\ No newline at end of file
+ postgresPassword: postgres
diff --git a/charts/managed-identity-wallets/.gitignore b/charts/managed-identity-wallets/.gitignore
deleted file mode 100644
index 2946e34f0..000000000
--- a/charts/managed-identity-wallets/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-Chart.lock
-charts/
diff --git a/charts/managed-identity-wallets/.helmignore b/charts/managed-identity-wallets/.helmignore
deleted file mode 100644
index 0e8a0eb36..000000000
--- a/charts/managed-identity-wallets/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/charts/managed-identity-wallets/Chart.yaml b/charts/managed-identity-wallets/Chart.yaml
deleted file mode 100644
index 1516f25dd..000000000
--- a/charts/managed-identity-wallets/Chart.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: v2
-name: managed-identity-wallets
-description: Managed Identity Wallets Service
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.5
-appVersion: 3.3.2
-
-dependencies:
- - name: postgresql
- version: 11.x.x
- repository: https://charts.bitnami.com/bitnami
- condition: acapypostgresql.enabled
- alias: acapypostgresql
- - name: postgresql
- version: 11.x.x
- repository: https://charts.bitnami.com/bitnami
- condition: postgresql.enabled
- alias: postgresql
diff --git a/charts/managed-identity-wallets/README.md b/charts/managed-identity-wallets/README.md
deleted file mode 100644
index 632c02399..000000000
--- a/charts/managed-identity-wallets/README.md
+++ /dev/null
@@ -1,135 +0,0 @@
-# managed-identity-wallets
-
-  
-
-Managed Identity Wallets Service
-
-## Requirements
-
-| Repository | Name | Version |
-|------------|------|---------|
-| https://charts.bitnami.com/bitnami | acapypostgresql(postgresql) | 11.x.x |
-| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 11.x.x |
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| acapy.endorser.adminPort | string | `"11000"` | The port at which the admin API is reachable |
-| acapy.endorser.adminUrl | string | `"http://localhost:11000"` | The url of the admin API |
-| acapy.endorser.databaseHost | string | `"acapypostgresql"` | The host of the used database |
-| acapy.endorser.endpointPort | string | `"8000"` | The port at which the wallet is reachable |
-| acapy.endorser.endpointUrl | string | `"https://localhost:8000"` | The endpoint url in the DID document |
-| acapy.endorser.genesisUrl | string | `"http://dev.greenlight.bcovrin.vonx.io/genesis"` | The url of the used Indy ledger |
-| acapy.endorser.label | string | `"BaseWalletIssuer"` | The label of the instance |
-| acapy.endorser.logLevel | string | `"INFO"` | |
-| acapy.endorser.networkIdentifier | string | `"greenlight:dev"` | The network identifier of the used Indy ledger |
-| acapy.endorser.secret.apikey | string | `"0"` | The API key of the admin endpoints. It must be a random and secure string |
-| acapy.endorser.secret.dbaccount | string | `"postgres"` | |
-| acapy.endorser.secret.dbadminpassword | string | `"postgres"` | |
-| acapy.endorser.secret.dbadminuser | string | `"postgres"` | |
-| acapy.endorser.secret.dbpassword | string | `"postgres"` | |
-| acapy.endorser.secret.jwtsecret | string | `"0"` | |
-| acapy.endorser.secret.walletkey | string | `"0"` | |
-| acapy.endorser.secret.walletseed | string | `"RandomSeedPlaceHolder0x135791113"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. |
-| acapy.imageName | string | `"bcgovimages/aries-cloudagent"` | |
-| acapy.mt.adminPort | string | `"11003"` | The port at which the admin API is reachable |
-| acapy.mt.adminUrl | string | `"http://localhost:11003"` | The url of the admin API |
-| acapy.mt.databaseHost | string | `"acapypostgresql"` | The host of the used database |
-| acapy.mt.endorserPublicDid | string | `"ShortDIDPlaceholderX"` | The short DID of the base wallet |
-| acapy.mt.endpointPort | string | `"8003"` | The port at which the sub-wallets are reachable |
-| acapy.mt.endpointUrl | string | `"https://localhost:8003"` | The endpoint url in the DID document |
-| acapy.mt.genesisUrl | string | `"http://dev.greenlight.bcovrin.vonx.io/genesis"` | The url of the used Indy ledger |
-| acapy.mt.label | string | `"ManagedWallet"` | The label of the instance |
-| acapy.mt.logLevel | string | `"INFO"` | |
-| acapy.mt.networkIdentifier | string | `"greenlight:dev"` | The network identifier of the used Indy ledger |
-| acapy.mt.secret.apikey | string | `"0"` | The API-Key of the admin endpoints. It must be a random and secure string |
-| acapy.mt.secret.dbaccount | string | `"postgres"` | |
-| acapy.mt.secret.dbadminpassword | string | `"postgres"` | |
-| acapy.mt.secret.dbadminuser | string | `"postgres"` | |
-| acapy.mt.secret.dbpassword | string | `"postgres"` | |
-| acapy.mt.secret.jwtsecret | string | `"0"` | |
-| acapy.mt.secret.walletkey | string | `"0"` | |
-| acapy.mt.secret.walletseed | string | `"RandomSeedPlaceHolder0x246810120"` | The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. |
-| acapy.mt.webhookUrl | string | `"http://localhost:8080/webhook"` | The url at which events are sent. It should be the webhook endpoint in MIW |
-| acapy.tag | string | `"py36-1.16-1_0.7.5"` | |
-| acapypostgresql.auth.existingSecret | string | `"product-managed-identity-wallets-acapypostgresql"` | |
-| acapypostgresql.enabled | bool | `true` | |
-| acapypostgresql.secret.password | string | `"postgres"` | |
-| acapypostgresql.secret.postgrespassword | string | `"postgres"` | |
-| acapypostgresql.secret.user | string | `"postgres"` | |
-| allowEmptyPassword | string | `"\"yes\""` | |
-| auth.issuerUrl | string | `"https://localhost:8081"` | IAM token issuer url |
-| auth.jwksUrl | string | `"https://localhost:8081"` | IAM certs url |
-| auth.realm | string | `"CX-Central"` | The realm name in Keycloak |
-| auth.redirectUrl | string | `"https:/localhost:8080/callback"` | IAM redirect url to the MIW |
-| auth.resourceId | string | `"Cl5-CX-Custodian"` | The resource Id in Keycloak |
-| auth.role | string | `"add_wallets"` | The main role in MIW |
-| auth.roleMappings | string | `"create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet"` | The role mapping in MIW |
-| certificate.host | string | `"localhost"` | |
-| datapool.authUrl | string | `""` | IAM url to get the access token for BPDM data pool endpoint |
-| datapool.grantType | string | `"client_credentials"` | |
-| datapool.refreshHour | string | `"23"` | At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool |
-| datapool.scope | string | `"openid"` | |
-| datapool.url | string | `""` | Url at which the API of BPDM is reachable |
-| db.jdbcDriver | string | `"org.postgresql.Driver"` | Database driver to use |
-| httpClientTimeout | object | `{"bpdServiceConnect":"25000","bpdServiceRequest":"25000","bpdServiceSocket":"25000","revocationServiceConnect":"25000","revocationServiceRequest":"25000","revocationServiceSocket":"25000","walletServiceConnect":"25000","walletServiceRequest":"25000","walletServiceSocket":"25000","webhookServiceConnect":"25000","webhookServiceRequest":"25000","webhookServiceSocket":"25000"}` | The timeout (milliseconds) configuration of http client in each service. |
-| image.name | string | `"catenax-ng/tx-managed-identity-wallets_service"` | |
-| image.registry | string | `"ghcr.io"` | |
-| image.secret | string | `"acr-credentials"` | |
-| image.tag | string | `""` | Overrides the image tag whose default is the chart appVersion |
-| ingress.enabled | bool | `false` | |
-| isLocal | bool | `false` | Deployment on Kubernetes on local device |
-| logging | object | `{"exposed":"INFO","jetty":"INFO","ktorRoot":"INFO","netty":"INFO","servicesCalls":"INFO"}` | The logging configurations |
-| logging.servicesCalls | string | `"INFO"` | Options: ALL, HEADERS, BODY, INFO, NONE |
-| managedIdentityWallets.secret.authclientid | string | `"clientid"` | It can be extracted from Keycloak |
-| managedIdentityWallets.secret.authclientsecret | string | `"client"` | It can be extracted from Keycloak |
-| managedIdentityWallets.secret.bpdmauthclientid | string | `"clientid"` | client id for accessing the BPDM data pool endpoint |
-| managedIdentityWallets.secret.bpdmauthclientsecret | string | `"client"` | client secret for accessing the BPDM data pool endpoint |
-| managedIdentityWallets.secret.jdbcurl | string | `"jdbc:postgresql://:/?user=&password="` | Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false |
-| namespace | string | `"managed-identity-wallets"` | |
-| openapi.contactEmail | string | `"tractusx-dev@eclipse.org"` | |
-| openapi.contactName | string | `"Eclipse Tractus-X"` | |
-| openapi.contactUrl | string | `"https://projects.eclipse.org/projects/automotive.tractusx"` | |
-| openapi.description | string | `"Managed Identity Wallets API"` | |
-| openapi.licenseName | string | `"Apache 2.0"` | |
-| openapi.licenseUrl | string | `"https://github.com/eclipse-tractusx/managed-identity-wallets/blob/main/LICENSE"` | |
-| openapi.termsOfServiceUrl | string | `"https://www.eclipse.org/legal/termsofuse.php"` | |
-| openapi.title | string | `"Managed Identity Wallets API"` | |
-| postgresql.auth.existingSecret | string | `"product-managed-identity-wallets-postgresql"` | |
-| postgresql.enabled | bool | `true` | |
-| postgresql.primary.extraVolumeMounts[0].mountPath | string | `"/docker-entrypoint-initdb.d"` | |
-| postgresql.primary.extraVolumeMounts[0].name | string | `"initdb"` | |
-| postgresql.primary.extraVolumes[0].emptyDir | object | `{}` | |
-| postgresql.primary.extraVolumes[0].name | string | `"initdb"` | |
-| postgresql.primary.initContainers[0].args[0] | string | `"-c"` | |
-| postgresql.primary.initContainers[0].args[1] | string | `"echo \"Copying initdb sqls...\"\ncp -R /initdb/* /docker-entrypoint-initdb.d\n"` | |
-| postgresql.primary.initContainers[0].command[0] | string | `"sh"` | |
-| postgresql.primary.initContainers[0].image | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_initdb:3.3.2"` | The image is built and used to initialize the database of MIW. The tag must equal the appVersion in Chart.yaml |
-| postgresql.primary.initContainers[0].imagePullPolicy | string | `"Always"` | |
-| postgresql.primary.initContainers[0].name | string | `"initdb"` | |
-| postgresql.primary.initContainers[0].volumeMounts[0].mountPath | string | `"/docker-entrypoint-initdb.d"` | |
-| postgresql.primary.initContainers[0].volumeMounts[0].name | string | `"initdb"` | |
-| postgresql.secret.password | string | `"postgres"` | |
-| postgresql.secret.postgrespassword | string | `"postgres"` | |
-| postgresql.secret.user | string | `"postgres"` | |
-| postgresql.useDefaultJdbcUrl | bool | `true` | use the default jdbc url `jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s` instead of the value in managedIdentityWallets.secrets.jdbcUrl |
-| resources | object | `{"endorserAcapy":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"managedIdentityWallets":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"mtAcapy":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"revocationService":{"limits":{"cpu":"250m","memory":"256Mi"},"requests":{"cpu":"100m","memory":"128Mi"}}}` | used resources for each componenet |
-| revocation.refreshHour | string | `"3"` | At which hour (24-hour clock) the cron job should issue/update status-list credentials |
-| revocation.revocationServiceUrl | string | `"http://localhost:8086"` | The url of the revocation service |
-| revocationService.baseUrlForCredentialList | string | `"https//localhost:8080/api/credentials/"` | The the endpoint in MIW at which status credentials can be issued |
-| revocationService.clientIssuanceApiUrl | string | `"http://localhost:8080"` | The url at which the MIW is reachable |
-| revocationService.httpAccessLog | bool | `true` | |
-| revocationService.imageName | string | `"registry.gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/revocation"` | |
-| revocationService.minIssueInterval | string | `"2"` | Issuance cache interval |
-| revocationService.port | string | `"8086"` | |
-| revocationService.tag | string | `"1.0.0-SNAPSHOT-quarkus-2.10.2.Final-java17"` | |
-| wallet.allowlistDids | string | `""` | A list of full DIDs seperated by comma ",". Those DIDs are allowed to send a connection request to managed wallets. Empty for public invitation allowance |
-| wallet.baseWalletBpn | string | `""` | The BPN of the base wallet |
-| wallet.baseWalletName | string | `""` | The name of the base wallet |
-| wallet.baseWalletShortDid | string | `""` | The short DID of the base wallet. It can be created with its verkey as described in https://github.com/eclipse-tractusx/managed-identity-wallets#Integrate-with-Indy-Ledger. It should be registered on the Indy ledger with role endorser. |
-| wallet.baseWalletVerkey | string | `""` | The verkey (public key) of the base wallet |
-| wallet.membershipOrganisation | string | `"Platform-A"` | The name used in the Membership credential |
-
-----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)
diff --git a/charts/managed-identity-wallets/argocd/appsetup-dev.yaml b/charts/managed-identity-wallets/argocd/appsetup-dev.yaml
deleted file mode 100644
index ddb155c6a..000000000
--- a/charts/managed-identity-wallets/argocd/appsetup-dev.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: managed-identity-wallets
-spec:
- destination:
- namespace: product-managed-identity-wallets
- server: 'https://kubernetes.default.svc'
- source:
- repoURL: 'https://github.com/catenax-ng/product-core-managed-identity-wallets.git'
- path: helm/managed-identity-wallets
- targetRevision: develop
- helm:
- valueFiles:
- - values.yaml
- - values-dev.yaml
- plugin:
- name: argocd-vault-plugin-helm
- env:
- - name: AVP_SECRET
- value: vault-secret
- project: project-managed-identity-wallets
diff --git a/charts/managed-identity-wallets/argocd/appsetup-int.yaml b/charts/managed-identity-wallets/argocd/appsetup-int.yaml
deleted file mode 100644
index 605867d20..000000000
--- a/charts/managed-identity-wallets/argocd/appsetup-int.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
- name: managed-identity-wallets
-spec:
- destination:
- namespace: product-managed-identity-wallets
- server: 'https://kubernetes.default.svc'
- source:
- repoURL: 'https://github.com/catenax-ng/product-core-managed-identity-wallets.git'
- path: helm/managed-identity-wallets
- targetRevision: main
- helm:
- valueFiles:
- - values.yaml
- - values-int.yaml
- plugin:
- name: argocd-vault-plugin-helm
- env:
- - name: AVP_SECRET
- value: vault-secret
- project: project-managed-identity-wallets
diff --git a/charts/managed-identity-wallets/templates/_helpers.tpl b/charts/managed-identity-wallets/templates/_helpers.tpl
deleted file mode 100644
index 1e91d554f..000000000
--- a/charts/managed-identity-wallets/templates/_helpers.tpl
+++ /dev/null
@@ -1,89 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "managed-identity-wallets.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "managed-identity-wallets.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "managed-identity-wallets.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "managed-identity-wallets.labels" -}}
-helm.sh/chart: {{ include "managed-identity-wallets.chart" . }}
-{{ include "managed-identity-wallets.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "managed-identity-wallets.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "managed-identity-wallets.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Invoke include on given definition with postgresql dependency context
-Usage: include "acapyPostgresContext" (list $ "your_include_function_here")
-*/}}
-{{- define "acapyPostgresContext" -}}
-{{- $ := index . 0 }}
-{{- $function := index . 1 }}
-{{- include $function (dict "Values" $.Values.acapypostgresql "Chart" (dict "Name" "acapypostgresql") "Release" $.Release) }}
-{{- end }}
-
-{{/*
-Invoke include on given definition with postgresql dependency context
-Usage: include "postgresContext" (list $ "your_include_function_here")
-*/}}
-{{- define "postgresContext" -}}
-{{- $ := index . 0 }}
-{{- $function := index . 1 }}
-{{- include $function (dict "Values" $.Values.postgresql "Chart" (dict "Name" "postgresql") "Release" $.Release) }}
-{{- end }}
-
-{{/*
-Create the default JDBC url
-*/}}
-{{- define "managed-identity-wallets.jdbcUrl" -}}
-{{- printf "jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s" .Release.Name .Values.postgresql.secret.user .Values.postgresql.secret.postgrespassword }}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "managed-identity-wallets.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "managed-identity-wallets.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}
diff --git a/charts/managed-identity-wallets/templates/deployment.yaml b/charts/managed-identity-wallets/templates/deployment.yaml
deleted file mode 100644
index 250a81612..000000000
--- a/charts/managed-identity-wallets/templates/deployment.yaml
+++ /dev/null
@@ -1,410 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "managed-identity-wallets.fullname" . }}
- namespace: {{ .Release.Namespace }}
-spec:
- replicas: 1
- selector:
- matchLabels:
- {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }}
- template:
- metadata:
- labels:
- {{- include "managed-identity-wallets.selectorLabels" . | nindent 8 }}
- spec:
- nodeSelector:
- "kubernetes.io/os": linux
- imagePullSecrets:
- - name: {{ .Values.image.secret }}
- containers:
- - name: managed-identity-wallets
- {{- if .Values.image.registry }}
- image: {{ .Values.image.registry }}/{{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
- {{- else }}
- image: {{ .Values.image.name }}:{{ default .Chart.AppVersion .Values.image.tag }}
- {{- end }}
- imagePullPolicy: Always
- env:
- - name: APP_VERSION
- value: {{ .Chart.AppVersion }}
- - name: ALLOW_EMPTY_PASSWORD
- value: {{ .Values.allowEmptyPassword | default "no" }}
- - name: MIW_DB_JDBC_URL
- {{- if .Values.postgresql.useDefaultJdbcUrl }}
- value: {{ include "managed-identity-wallets.jdbcUrl" . }}
- {{- else }}
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- key: miw-db-jdbc-url
- {{- end }}
- - name: MIW_DB_JDBC_DRIVER
- value: {{ .Values.db.jdbcDriver }}
- - name: MIW_AUTH_JWKS_URL
- value: {{ .Values.auth.jwksUrl }}
- - name: MIW_AUTH_ISSUER_URL
- value: {{ .Values.auth.issuerUrl }}
- - name: MIW_AUTH_REALM
- value: {{ .Values.auth.realm }}
- - name: MIW_AUTH_ROLE
- value: {{ .Values.auth.role }}
- - name: MIW_AUTH_ROLE_MAPPINGS
- value: {{ .Values.auth.roleMappings }}
- - name: MIW_AUTH_RESOURCE_ID
- value: {{ .Values.auth.resourceId }}
- - name: MIW_AUTH_CLIENT_ID
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- key: miw-auth-client-id
- - name: MIW_AUTH_CLIENT_SECRET
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- key: miw-auth-client-secret
- - name: MIW_AUTH_REDIRECT_URL
- value: {{ .Values.auth.redirectUrl }}
- - name: BPDM_DATAPOOL_URL
- value: {{ .Values.datapool.url }}
- - name: BPDM_AUTH_CLIENT_ID
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- key: bpdm-auth-client-id
- - name: BPDM_AUTH_CLIENT_SECRET
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- key: bpdm-auth-client-secret
- - name: BPDM_AUTH_GRANT_TYPE
- value: {{ .Values.datapool.grantType }}
- - name: BPDM_AUTH_SCOPE
- value: {{ .Values.datapool.scope }}
- - name: BPDM_AUTH_URL
- value: {{ .Values.datapool.authUrl }}
- - name: BPDM_PULL_DATA_AT_HOUR
- value: {{ .Values.datapool.refreshHour | quote }}
- - name: ACAPY_NETWORK_IDENTIFIER
- value: {{ .Values.acapy.networkIdentifier }}
- - name: ACAPY_API_ADMIN_URL
- value: {{ .Values.acapy.mt.adminUrl }}
- - name: ACAPY_ADMIN_API_KEY
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-admin-api-key
- - name: ACAPY_BASE_WALLET_API_ADMIN_URL
- value: {{ .Values.acapy.endorser.adminUrl }}
- - name: ACAPY_BASE_WALLET_ADMIN_API_KEY
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-admin-api-key
- - name: MIW_BPN
- value: {{ .Values.wallet.baseWalletBpn }}
- - name: MIW_SHORT_DID
- value: {{ .Values.wallet.baseWalletShortDid }}
- - name: MIW_VERKEY
- value: {{ .Values.wallet.baseWalletVerkey }}
- - name: MIW_NAME
- value: {{ .Values.wallet.baseWalletName }}
- - name: MIW_ALLOWLIST_DIDS
- value: {{ .Values.wallet.allowlistDids }}
- - name: MIW_MEMBERSHIP_ORG
- value: {{ .Values.wallet.membershipOrganisation }}
- - name: MIW_OPENAPI_TITLE
- value: {{ .Values.openapi.title }}
- - name: MIW_OPENAPI_DESCRIPTION
- value: {{ .Values.openapi.description }}
- - name: MIW_OPENAPI_TERM_OF_SERVICES_URL
- value: {{ .Values.openapi.termsOfServiceUrl }}
- - name: MIW_OPENAPI_CONTACT_NAME
- value: {{ .Values.openapi.contactName }}
- - name: MIW_OPENAPI_CONTACT_EMAIL
- value: {{ .Values.openapi.contactEmail }}
- - name: MIW_OPENAPI_CONTACT_URL
- value: {{ .Values.openapi.contactUrl }}
- - name: MIW_OPENAPI_LICENSE_NAME
- value: {{ .Values.openapi.licenseName }}
- - name: MIW_OPENAPI_LICENSE_URL
- value: {{ .Values.openapi.licenseUrl }}
- - name: REVOCATION_URL
- value: {{ .Values.revocation.revocationServiceUrl }}
- - name: REVOCATION_CREATE_STATUS_LIST_CREDENTIAL_AT_HOUR
- value: {{ .Values.revocation.refreshHour | quote }}
- - name: LOG_LEVEL_KTOR_ROOT
- value: {{ .Values.logging.ktorRoot }}
- - name: LOG_LEVEL_EXPOSED
- value: {{ .Values.logging.exposed }}
- - name: LOG_LEVEL_ECLIPSE_JETTY
- value: {{ .Values.logging.jetty }}
- - name: LOG_LEVEL_NETTY
- value: {{ .Values.logging.netty }}
- - name: LOG_LEVEL_SERVICES_CALLS
- value: {{ .Values.logging.servicesCalls }}
- - name: WALLET_SERVICE_REQUEST_TIMEOUT
- value: {{ .Values.httpClientTimeout.walletServiceRequest | quote }}
- - name: WALLET_SERVICE_CONNECT_TIMEOUT
- value: {{ .Values.httpClientTimeout.walletServiceConnect | quote }}
- - name: WALLET_SERVICE_SOCKET_TIMEOUT
- value: {{ .Values.httpClientTimeout.walletServiceSocket | quote }}
- - name: BPD_SERVICE_REQUEST_TIMEOUT
- value: {{ .Values.httpClientTimeout.bpdServiceRequest | quote }}
- - name: BPD_SERVICE_CONNECT_TIMEOUT
- value: {{ .Values.httpClientTimeout.bpdServiceConnect | quote }}
- - name: BPD_SERVICE_SOCKET_TIMEOUT
- value: {{ .Values.httpClientTimeout.bpdServiceSocket | quote }}
- - name: REVOCATION_SERVICE_REQUEST_TIMEOUT
- value: {{ .Values.httpClientTimeout.revocationServiceRequest | quote }}
- - name: REVOCATION_SERVICE_CONNECT_TIMEOUT
- value: {{ .Values.httpClientTimeout.revocationServiceConnect | quote }}
- - name: REVOCATION_SERVICE_SOCKET_TIMEOUT
- value: {{ .Values.httpClientTimeout.revocationServiceSocket | quote }}
- - name: WEBHOOK_SERVICE_REQUEST_TIMEOUT
- value: {{ .Values.httpClientTimeout.webhookServiceRequest | quote }}
- - name: WEBHOOK_SERVICE_CONNECT_TIMEOUT
- value: {{ .Values.httpClientTimeout.webhookServiceConnect | quote }}
- - name: WEBHOOK_SERVICE_SOCKET_TIMEOUT
- value: {{ .Values.httpClientTimeout.webhookServiceSocket | quote }}
- resources:
- requests:
- cpu: {{ .Values.resources.managedIdentityWallets.requests.cpu }}
- memory: {{ .Values.resources.managedIdentityWallets.requests.memory }}
- limits:
- cpu: {{ .Values.resources.managedIdentityWallets.limits.cpu }}
- memory: {{ .Values.resources.managedIdentityWallets.limits.memory }}
- ports:
- - containerPort: 8080
- - name: revocation-service
- image: {{ .Values.revocationService.imageName }}:{{ .Values.revocationService.tag }}
- imagePullPolicy: Always
- env:
- - name: QUARKUS_HTTP_PORT
- value: {{ .Values.revocationService.port | quote }}
- - name: QUARKUS_HTTP_ACCESS_LOG_ENABLED
- value: {{ .Values.revocationService.httpAccessLog | quote | default "false" }}
- - name: QUARKUS_DATASOURCE_JDBC_URL
- {{- if .Values.postgresql.useDefaultJdbcUrl }}
- value: {{ include "managed-identity-wallets.jdbcUrl" . }}
- {{- else }}
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- key: miw-db-jdbc-url
- {{- end }}
- - name: REVOCATION_BASE_URL
- value: {{ .Values.revocationService.baseUrlForCredentialList }}
- - name: REVOCATION_MIN_ISSUE_INTERVAL
- value: {{ .Values.revocationService.minIssueInterval | quote}}
- - name: QUARKUS_REST_CLIENT_SSI_ISSUANCE_API_URL
- value: {{ .Values.revocationService.clientIssuanceApiUrl }}
- resources:
- requests:
- cpu: {{ .Values.resources.revocationService.requests.cpu }}
- memory: {{ .Values.resources.revocationService.requests.memory }}
- limits:
- cpu: {{ .Values.resources.revocationService.limits.cpu }}
- memory: {{ .Values.resources.revocationService.limits.memory }}
- ports:
- - containerPort: 8086
- - name: endorser-acapy
- image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }}
- env:
- - name: WALLET_KEY
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-wallet-key
- - name: AGENT_WALLET_SEED
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-agent-wallet-seed
- - name: LEDGER_URL
- value: {{ .Values.acapy.endorser.genesisUrl }}
- - name: LABEL
- value: {{ .Values.acapy.endorser.label }}
- - name: JWT_SECRET
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-jwt-secret
- - name: ACAPY_ADMIN_API_KEY
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-admin-api-key
- - name: LOG_LEVEL
- value: {{ .Values.acapy.endorser.logLevel }}
- - name: ACAPY_ENDPOINT_PORT
- value: {{ .Values.acapy.endorser.endpointPort | quote }}
- - name: ACAPY_ENDPOINT_URL
- value: {{ .Values.acapy.endorser.endpointUrl }}
- - name: ACAPY_ADMIN_PORT
- value: {{ .Values.acapy.endorser.adminPort | quote }}
- - name: DB_HOST
- {{- if .Values.acapypostgresql.enabled }}
- value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }}
- {{- else }}
- value: {{ .Values.acapy.endorser.databaseHost }}
- {{- end }}
- - name: DB_ACCOUNT
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-db-account
- - name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-db-password
- - name: DB_ADMIN_USER
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-db-admin
- - name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-endorser-db-admin-password
- resources:
- requests:
- cpu: {{ .Values.resources.endorserAcapy.requests.cpu }}
- memory: {{ .Values.resources.endorserAcapy.requests.memory }}
- limits:
- cpu: {{ .Values.resources.endorserAcapy.limits.cpu }}
- memory: {{ .Values.resources.endorserAcapy.limits.memory }}
- ports:
- - containerPort: 8000
- command: ["/bin/bash"]
- args: ["-c", "aca-py start \
- -e $(ACAPY_ENDPOINT_URL) \
- --auto-provision \
- --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \
- --outbound-transport http \
- --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \
- --wallet-name AcapyBaseEndorserWallet \
- --wallet-type askar \
- --wallet-key $(WALLET_KEY) \
- --wallet-storage-type postgres_storage
- --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}'
- --wallet-storage-creds '{\"account\":\"$(DB_ACCOUNT)\",\"password\":\"$(DB_PASSWORD)\",\"admin_account\":\"$(DB_ADMIN_USER)\",\"admin_password\":\"$(DB_ADMIN_PASSWORD)\"}'
- --seed $(AGENT_WALLET_SEED) \
- --genesis-url $(LEDGER_URL) \
- --label $(LABEL) \
- --admin-api-key $(ACAPY_ADMIN_API_KEY) \
- --auto-ping-connection \
- --jwt-secret $(JWT_SECRET) \
- --public-invites \
- --endorser-protocol-role endorser \
- --auto-endorse-transactions \
- --log-level $(LOG_LEVEL)"
- ]
- - name: mt-acapy
- image: {{ .Values.acapy.imageName }}:{{ .Values.acapy.tag }}
- env:
- - name: WALLET_KEY
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-wallet-key
- - name: AGENT_WALLET_SEED
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-agent-wallet-seed
- - name: LEDGER_URL
- value: {{ .Values.acapy.mt.genesisUrl }}
- - name: LABEL
- value: {{ .Values.acapy.mt.label }}
- - name: JWT_SECRET
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-jwt-secret
- - name: ACAPY_ADMIN_API_KEY
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-admin-api-key
- - name: LOG_LEVEL
- value: {{ .Values.acapy.mt.logLevel }}
- - name: ACAPY_ENDPOINT_PORT
- value: {{ .Values.acapy.mt.endpointPort | quote }}
- - name: ACAPY_ENDPOINT_URL
- value: {{ .Values.acapy.mt.endpointUrl }}
- - name: ACAPY_ADMIN_PORT
- value: {{ .Values.acapy.mt.adminPort | quote }}
- - name: DB_HOST
- {{- if .Values.acapypostgresql.enabled }}
- value: {{ include "acapyPostgresContext" (list $ "postgresql.primary.fullname") }}
- {{- else }}
- value: {{ .Values.acapy.mt.databaseHost }}
- {{- end }}
- - name: DB_ACCOUNT
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-db-account
- - name: DB_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-db-password
- - name: DB_ADMIN_USER
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-db-admin
- - name: DB_ADMIN_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- key: acapy-mt-db-admin-password
- - name: ACAPY_ENDORSER_PUBLIC_DID
- value: {{ .Values.acapy.mt.endorserPublicDid }}
- - name: ACAPY_WEBHOOK_URL
- value: {{ .Values.acapy.mt.webhookUrl }}
- resources:
- requests:
- cpu: {{ .Values.resources.mtAcapy.requests.cpu }}
- memory: {{ .Values.resources.mtAcapy.requests.memory }}
- limits:
- cpu: {{ .Values.resources.mtAcapy.limits.cpu }}
- memory: {{ .Values.resources.mtAcapy.limits.memory }}
- ports:
- - containerPort: 8003
- command: ["/bin/bash"]
- args: ["-c", "aca-py start \
- -e $(ACAPY_ENDPOINT_URL) \
- --auto-provision \
- --inbound-transport http '0.0.0.0' $(ACAPY_ENDPOINT_PORT) \
- --outbound-transport http \
- --admin '0.0.0.0' $(ACAPY_ADMIN_PORT) \
- --wallet-name AcapyManagedWallet \
- --wallet-type askar \
- --wallet-key $(WALLET_KEY) \
- --wallet-storage-type postgres_storage
- --wallet-storage-config '{\"url\":\"$(DB_HOST):5432\",\"max_connections\":5}'
- --wallet-storage-creds '{\"account\":\"$(DB_ACCOUNT)\",\"password\":\"$(DB_PASSWORD)\",\"admin_account\":\"$(DB_ADMIN_USER)\",\"admin_password\":\"$(DB_ADMIN_PASSWORD)\"}'
- --seed $(AGENT_WALLET_SEED) \
- --genesis-url $(LEDGER_URL) \
- --label $(LABEL) \
- --admin-api-key $(ACAPY_ADMIN_API_KEY) \
- --auto-ping-connection \
- --jwt-secret $(JWT_SECRET) \
- --multitenant \
- --multitenant-admin \
- --public-invites \
- --webhook-url $(ACAPY_WEBHOOK_URL) \
- --endorser-protocol-role author \
- --endorser-alias endorser \
- --endorser-public-did $(ACAPY_ENDORSER_PUBLIC_DID) \
- --auto-request-endorsement \
- --auto-write-transactions \
- --auto-promote-author-did \
- --log-level $(LOG_LEVEL)"
- ]
diff --git a/charts/managed-identity-wallets/templates/ingress.yaml b/charts/managed-identity-wallets/templates/ingress.yaml
deleted file mode 100644
index 9089cf82d..000000000
--- a/charts/managed-identity-wallets/templates/ingress.yaml
+++ /dev/null
@@ -1,65 +0,0 @@
-{{- if .Values.ingress.enabled }}
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: managed-identity-wallets-ingress
- namespace: {{ .Values.Namespace }}
- annotations:
- kubernetes.io/ingress.class: nginx
- nginx.ingress.kubernetes.io/rewrite-target: /$1
- nginx.ingress.kubernetes.io/use-regex: "true"
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
- nginx.ingress.kubernetes.io/ssl-passthrough: "true"
- nginx.ingress.kubernetes.io/server-snippet: |
- location ~* /list-credential/ {
- deny all;
- return 403;
- }
-
- location ~* /webhook/topic/ {
- deny all;
- return 403;
- }
-
- # If you encounter a redirect loop or are getting a 307 response code
- # then you need to force the nginx ingress to connect to the backend using HTTPS.
- #
- # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-spec:
- rules:
- - host: {{ .Values.certificate.host }}
- http:
- paths:
- - path: /didcomm-base
- pathType: Exact
- backend:
- service:
- name: managed-identity-wallets-acapy-base
- port:
- number: 8000
- - host: {{ .Values.certificate.host }}
- http:
- paths:
- - path: /didcomm-managed-wallets
- pathType: Exact
- backend:
- service:
- name: managed-identity-wallets-acapy-mt
- port:
- number: 8003
- - host: {{ .Values.certificate.host }}
- http:
- paths:
- - path: /(.*)
- pathType: Prefix
- backend:
- service:
- name: managed-identity-wallets
- port:
- number: 8080
- tls:
- - hosts:
- - {{ .Values.certificate.host }}
- secretName: tls-secret
-{{- end}}
diff --git a/charts/managed-identity-wallets/templates/secrets.yaml b/charts/managed-identity-wallets/templates/secrets.yaml
deleted file mode 100644
index 676bc3f37..000000000
--- a/charts/managed-identity-wallets/templates/secrets.yaml
+++ /dev/null
@@ -1,66 +0,0 @@
-{{- if not .Values.isLocal }}
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "managed-identity-wallets.fullname" . }}-acapy
- namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
- acapy-endorser-admin-api-key: {{ .Values.acapy.endorser.secret.apikey | quote }}
- acapy-endorser-agent-wallet-seed: {{ .Values.acapy.endorser.secret.walletseed | quote }}
- acapy-endorser-db-account: {{ .Values.acapy.endorser.secret.dbaccount | quote }}
- acapy-endorser-db-admin: {{ .Values.acapy.endorser.secret.dbadminuser | quote }}
- acapy-endorser-db-admin-password: {{ .Values.acapy.endorser.secret.dbadminpassword | quote }}
- acapy-endorser-db-password: {{ .Values.acapy.endorser.secret.dbpassword | quote }}
- acapy-endorser-jwt-secret: {{ .Values.acapy.endorser.secret.jwtsecret | quote }}
- acapy-endorser-wallet-key: {{ .Values.acapy.endorser.secret.walletkey | quote }}
- acapy-mt-admin-api-key: {{ .Values.acapy.mt.secret.apikey | quote }}
- acapy-mt-agent-wallet-seed: {{ .Values.acapy.mt.secret.walletseed | quote }}
- acapy-mt-db-account: {{ .Values.acapy.mt.secret.dbaccount | quote }}
- acapy-mt-db-admin: {{ .Values.acapy.mt.secret.dbadminuser | quote }}
- acapy-mt-db-admin-password: {{ .Values.acapy.mt.secret.dbadminpassword | quote }}
- acapy-mt-db-password: {{ .Values.acapy.mt.secret.dbpassword | quote }}
- acapy-mt-jwt-secret: {{ .Values.acapy.mt.secret.jwtsecret | quote }}
- acapy-mt-wallet-key: {{ .Values.acapy.mt.secret.walletkey | quote }}
-{{- end}}
-{{- if not .Values.isLocal }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: product-managed-identity-wallets-acapypostgresql
- namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
- password: {{ .Values.acapypostgresql.secret.password | quote }}
- postgres-password: {{ .Values.acapypostgresql.secret.postgrespassword | quote }}
- user: {{ .Values.acapypostgresql.secret.user | quote }}
-{{- end}}
-{{- if not .Values.isLocal }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: product-managed-identity-wallets-postgresql
- namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
- password: {{ .Values.postgresql.secret.password | quote }}
- postgres-password: {{ .Values.postgresql.secret.postgrespassword | quote }}
- user: {{ .Values.postgresql.secret.user | quote }}
-{{- end}}
-{{- if not .Values.isLocal }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ include "managed-identity-wallets.fullname" . }}-secret
- namespace: {{ .Release.Namespace }}
-type: Opaque
-stringData:
- miw-db-jdbc-url: {{ .Values.managedIdentityWallets.secret.jdbcurl | quote }}
- miw-auth-client-id: {{ .Values.managedIdentityWallets.secret.authclientid | quote }}
- miw-auth-client-secret: {{ .Values.managedIdentityWallets.secret.authclientsecret | quote }}
- bpdm-auth-client-id: {{ .Values.managedIdentityWallets.secret.bpdmauthclientid | quote }}
- bpdm-auth-client-secret: {{ .Values.managedIdentityWallets.secret.bpdmauthclientsecret | quote }}
-{{- end}}
diff --git a/charts/managed-identity-wallets/templates/service.yaml b/charts/managed-identity-wallets/templates/service.yaml
deleted file mode 100644
index 59bcb3283..000000000
--- a/charts/managed-identity-wallets/templates/service.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
- name: managed-identity-wallets
- namespace: {{ .Release.Namespace }}
-spec:
- type: ClusterIP
- ports:
- - port: 8080
- selector:
- {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: managed-identity-wallets-acapy-base
-spec:
- type: ClusterIP
- ports:
- - port: 8000
- selector:
- {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: managed-identity-wallets-acapy-mt
-spec:
- type: ClusterIP
- ports:
- - port: 8003
- selector:
- {{- include "managed-identity-wallets.selectorLabels" . | nindent 6 }}
diff --git a/charts/managed-identity-wallets/values-beta.yaml b/charts/managed-identity-wallets/values-beta.yaml
deleted file mode 100644
index 7214165c0..000000000
--- a/charts/managed-identity-wallets/values-beta.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-###
-### DEPRECATED
-###
-auth:
- jwksUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs"
- issuerUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central"
- redirectUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/callback"
-wallet:
- baseWalletBpn: "BPNL00000003CRHK"
- baseWalletShortDid: "YPp94k3hzcedGE6JBBzd7k"
- baseWalletVerkey: "J7QUrkAtsWDGSsNeHKwQxr8aipWCBNvxxGZQ8SjVc5u5"
- baseWalletName: "Catena-X-BETA"
- membershipOrganisation: "Catena-X"
-datapool:
- url: "https://partners-pool.beta.demo.catena-x.net"
- authUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-revocationService:
- baseUrlForCredentialList: "https://managed-identity-wallets.beta.demo.catena-x.net/api/credentials/"
- clientIssuanceApiUrl: "http://localhost:8080"
-ingress:
- enabled: true
-certificate:
- host: "managed-identity-wallets.beta.demo.catena-x.net"
-acapy:
- endorser:
- genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"
- networkIdentifier: "idunion:test"
- endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-base"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
- mt:
- genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"
- networkIdentifier: "idunion:test"
- endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-managed-wallets"
- endorserPublicDid: "YPp94k3hzcedGE6JBBzd7k"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
-managedIdentityWallets:
- secret:
- jdbcurl:
- authclientid:
- authclientsecret:
- bpdmauthclientid:
- bpdmauthclientsecret:
-postgresql:
- useDefaultJdbcUrl: false
- secret:
- password:
- postgrespassword:
- user:
-acapypostgresql:
- secret:
- password:
- postgrespassword:
- user:
-resources:
- managedIdentityWallets:
- requests:
- cpu: "200m"
- memory: "512Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- revocationService:
- requests:
- cpu: "200m"
- memory: "512Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- endorserAcapy:
- requests:
- cpu: "200m"
- memory: "256Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- mtAcapy:
- requests:
- cpu: "200m"
- memory: "256Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
diff --git a/charts/managed-identity-wallets/values-dev.yaml b/charts/managed-identity-wallets/values-dev.yaml
deleted file mode 100644
index 64f632d79..000000000
--- a/charts/managed-identity-wallets/values-dev.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-###
-### DEPRECATED
-###
-auth:
- jwksUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs"
- issuerUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central"
- redirectUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/callback"
-wallet:
- baseWalletBpn: "BPNL000000000000"
- baseWalletShortDid: "MhLrwtKpZhNCzazMeofPQH"
- baseWalletVerkey: "CHEC4PRQmP73A9UD7vQ6tnLAm9aoXLPhEtnGSMiAyVZj"
- baseWalletName: "Catena-X-Dev"
- membershipOrganisation: "Catena-X"
-datapool:
- url: "https://partners-pool.dev.demo.catena-x.net"
- authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-revocationService:
- baseUrlForCredentialList: "https://managed-identity-wallets.dev.demo.catena-x.net/api/credentials/"
- clientIssuanceApiUrl: "http://localhost:8080"
-ingress:
- enabled: true
-certificate:
- host: "managed-identity-wallets.dev.demo.catena-x.net"
-acapy:
- endorser:
- logLevel: "DEBUG"
- endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-base"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
- mt:
- logLevel: "DEBUG"
- endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-managed-wallets"
- endorserPublicDid: "MhLrwtKpZhNCzazMeofPQH"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
-managedIdentityWallets:
- secret:
- jdbcurl:
- authclientid:
- authclientsecret:
- bpdmauthclientid:
- bpdmauthclientsecret:
-postgresql:
- useDefaultJdbcUrl: false
- secret:
- password:
- postgrespassword:
- user:
-acapypostgresql:
- secret:
- password:
- postgrespassword:
- user:
-resources:
- managedIdentityWallets:
- requests:
- cpu: "200m"
- memory: "512Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- revocationService:
- requests:
- cpu: "200m"
- memory: "512Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- endorserAcapy:
- requests:
- cpu: "200m"
- memory: "256Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- mtAcapy:
- requests:
- cpu: "200m"
- memory: "256Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
diff --git a/charts/managed-identity-wallets/values-int.yaml b/charts/managed-identity-wallets/values-int.yaml
deleted file mode 100644
index 75b8661ac..000000000
--- a/charts/managed-identity-wallets/values-int.yaml
+++ /dev/null
@@ -1,98 +0,0 @@
-###
-### DEPRECATED
-###
-auth:
- jwksUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs"
- issuerUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central"
- redirectUrl: "https://managed-identity-wallets.int.demo.catena-x.net/callback"
-wallet:
- baseWalletBpn: "BPNL000000000000"
- baseWalletShortDid: "2xcjN7LjnHGaPdZbbGqju5"
- baseWalletVerkey: "24vdNRCEY5Pswwv3XhbVSccbZA5r4ybxnYVGw3Q6WZjL"
- baseWalletName: "Catena-X-Int"
- membershipOrganisation: "Catena-X"
-datapool:
- url: "https://partners-pool.int.demo.catena-x.net"
- authUrl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-revocationService:
- baseUrlForCredentialList: "https://managed-identity-wallets.int.demo.catena-x.net/api/credentials/"
- clientIssuanceApiUrl: "http://localhost:8080"
-ingress:
- enabled: true
-certificate:
- host: "managed-identity-wallets.int.demo.catena-x.net"
-acapy:
- endorser:
- genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"
- endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-base"
- networkIdentifier: "idunion:test"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
- mt:
- genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis"
- endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-managed-wallets"
- endorserPublicDid: "2xcjN7LjnHGaPdZbbGqju5"
- networkIdentifier: "idunion:test"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
-managedIdentityWallets:
- secret:
- jdbcurl:
- authclientid:
- authclientsecret:
- bpdmauthclientid:
- bpdmauthclientsecret:
-postgresql:
- useDefaultJdbcUrl: false
- secret:
- password:
- postgrespassword:
- user:
-acapypostgresql:
- secret:
- password:
- postgrespassword:
- user:
-resources:
- managedIdentityWallets:
- requests:
- cpu: "200m"
- memory: "512Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- revocationService:
- requests:
- cpu: "200m"
- memory: "512Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- endorserAcapy:
- requests:
- cpu: "200m"
- memory: "256Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
- mtAcapy:
- requests:
- cpu: "200m"
- memory: "256Mi"
- limits:
- cpu: "250m"
- memory: "512Mi"
diff --git a/charts/managed-identity-wallets/values-local.yaml b/charts/managed-identity-wallets/values-local.yaml
deleted file mode 100644
index c29bbbfe9..000000000
--- a/charts/managed-identity-wallets/values-local.yaml
+++ /dev/null
@@ -1,34 +0,0 @@
-###
-### DEPRECATED
-###
-auth:
- jwksUrl: "http://192.168.205.1:8081/auth/realms/catenax/protocol/openid-connect/certs"
- issuerUrl: "http://192.168.205.1:8081/auth/realms/catenax"
- redirectUrl: "http://localhost:8080/callback"
- realm: "catenax"
- roleMappings: "create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet"
- resourceId: "ManagedIdentityWallets"
-datapool:
- url: "https://catenax-bpdm-dev.demo.catena-x.net"
- authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-revocationService:
- baseUrlForCredentialList: "https://managed-identity-wallets.dev.demo.catena-x.net/api/credentials/"
- clientIssuanceApiUrl: "${SSI_SERVICE_URL:-http://localhost:8080}"
-acapy:
- logLevel: "DEBUG"
- ledgerUrl: "https://indy-test.idu.network"
- endpointPort: "8000"
- endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net:8000/"
- adminPort: "11000"
- adminUrl: "http://localhost:11000"
- imageName: "bcgovimages/aries-cloudagent"
- tag: "py36-1.16-1_0.7.4"
-ingress:
- enabled: true
-certificate:
- host: "managed-identity-wallets.local.demo.catena-x.net"
-image:
- name: "catena-x/managed-identity-wallets"
-postgresql:
- enabled: false
-isLocal: true
diff --git a/charts/managed-identity-wallets/values-pen.yaml b/charts/managed-identity-wallets/values-pen.yaml
deleted file mode 100644
index 7ab3c9943..000000000
--- a/charts/managed-identity-wallets/values-pen.yaml
+++ /dev/null
@@ -1,50 +0,0 @@
-###
-### DEPRECATED
-###
-auth:
- jwksUrl: "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs"
- issuerUrl: "https://centralidp-pen.dev.demo.catena-x.net/auth/realms/CX-Central"
- redirectUrl: "https://managed-identity-wallets-pen.dev.demo.catena-x.net/callback"
-datapool:
- url: "https://catenax-bpdm-dev.demo.catena-x.net"
- authUrl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-image:
- tag: "latest-develop"
-revocationService:
- baseUrlForCredentialList: "https://managed-identity-wallets.pen.demo.catena-x.net/api/credentials/"
- clientIssuanceApiUrl: "http://localhost:8080"
-ingress:
- enabled: true
-certificate:
- host: "managed-identity-wallets-pen.dev.demo.catena-x.net"
-acapy:
- logLevel: "DEBUG"
- ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io"
- endpointUrl: "https://managed-identity-wallets-pen.dev.demo.catena-x.net:8000/"
- databaseHost: "product-managed-identity-wallets-pen-acapypostgresql"
- secret:
- apikey:
- walletseed:
- dbaccount:
- dbadminuser:
- dbadminpassword:
- dbpassword:
- jwtsecret:
- walletkey:
-managedIdentityWallets:
- secret:
- jdbcurl:
- authclientid:
- authclientsecret:
- bpdmauthclientid:
- bpdmauthclientsecret:
-postgresql:
- secret:
- password:
- postgrespassword:
- user:
-acapypostgresql:
- secret:
- password:
- postgrespassword:
- user:
diff --git a/charts/managed-identity-wallets/values.yaml b/charts/managed-identity-wallets/values.yaml
deleted file mode 100644
index 514cc83be..000000000
--- a/charts/managed-identity-wallets/values.yaml
+++ /dev/null
@@ -1,268 +0,0 @@
-###
-### DEPRECATED
-###
-# The IAM configuration
-auth:
- # -- The realm name in Keycloak
- realm: "CX-Central"
- # -- The main role in MIW
- role: "add_wallets"
- # -- The role mapping in MIW
- roleMappings: "create_wallets:add_wallets,view_wallets:view_wallets,update_wallets:update_wallets,delete_wallets:delete_wallets,view_wallet:view_wallet,update_wallet:update_wallet"
- # -- (string) The resource Id in Keycloak
- resourceId: "Cl5-CX-Custodian"
- # -- IAM certs url
- jwksUrl: "https://localhost:8081"
- # -- IAM token issuer url
- issuerUrl: "https://localhost:8081"
- # -- IAM redirect url to the MIW
- redirectUrl: "https:/localhost:8080/callback"
-# The image of the Managed Identity Wallets
-image:
- name: "catenax-ng/tx-managed-identity-wallets_service"
- registry: "ghcr.io"
- # -- Overrides the image tag whose default is the chart appVersion
- tag: ""
- secret: "acr-credentials"
-allowEmptyPassword: "\"yes\""
-db:
- # -- Database driver to use
- jdbcDriver: "org.postgresql.Driver"
-namespace: "managed-identity-wallets"
-# -- The logging configurations
-logging:
- exposed: "INFO"
- ktorRoot: "INFO"
- jetty: "INFO"
- netty: "INFO"
- # -- Options: ALL, HEADERS, BODY, INFO, NONE
- servicesCalls: "INFO"
-# -- The timeout (milliseconds) configuration of http client in each service.
-httpClientTimeout:
- walletServiceRequest: "25000"
- walletServiceConnect: "25000"
- walletServiceSocket: "25000"
- bpdServiceRequest: "25000"
- bpdServiceConnect: "25000"
- bpdServiceSocket: "25000"
- revocationServiceRequest: "25000"
- revocationServiceConnect: "25000"
- revocationServiceSocket: "25000"
- webhookServiceRequest: "25000"
- webhookServiceConnect: "25000"
- webhookServiceSocket: "25000"
-# The OpenAPI configuration in MIW
-openapi:
- title: "Managed Identity Wallets API"
- description: "Managed Identity Wallets API"
- termsOfServiceUrl: "https://www.eclipse.org/legal/termsofuse.php"
- contactName: "Eclipse Tractus-X"
- contactEmail: "tractusx-dev@eclipse.org"
- contactUrl: "https://projects.eclipse.org/projects/automotive.tractusx"
- licenseName: "Apache 2.0"
- licenseUrl: "https://github.com/eclipse-tractusx/managed-identity-wallets/blob/main/LICENSE"
-# The base wallet configuration in MIW
-wallet:
- # -- The BPN of the base wallet
- baseWalletBpn: ""
- # -- The short DID of the base wallet.
- # It can be created with its verkey as described in https://github.com/eclipse-tractusx/managed-identity-wallets#Integrate-with-Indy-Ledger.
- # It should be registered on the Indy ledger with role endorser.
- baseWalletShortDid: ""
- # -- The verkey (public key) of the base wallet
- baseWalletVerkey: ""
- # -- The name of the base wallet
- baseWalletName: ""
- # -- A list of full DIDs seperated by comma ",". Those DIDs are allowed to send a connection request to managed wallets. Empty for public invitation allowance
- allowlistDids: ""
- # -- The name used in the Membership credential
- membershipOrganisation: "Platform-A"
-# The configuration of revocation service in MIW
-revocation:
- # -- At which hour (24-hour clock) the cron job should issue/update status-list credentials
- refreshHour: "3"
- # -- The url of the revocation service
- revocationServiceUrl: http://localhost:8086
-# The main configuration of the revocation service
-revocationService:
- imageName: "registry.gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/revocation"
- tag: "1.0.0-SNAPSHOT-quarkus-2.10.2.Final-java17"
- port: "8086"
- httpAccessLog: true
- # -- Issuance cache interval
- minIssueInterval: "2"
- # -- The the endpoint in MIW at which status credentials can be issued
- baseUrlForCredentialList: "https//localhost:8080/api/credentials/"
- # -- The url at which the MIW is reachable
- clientIssuanceApiUrl: "http://localhost:8080"
-acapy:
- imageName: "bcgovimages/aries-cloudagent"
- tag: "py36-1.16-1_0.7.5"
- # The configuration of the AcaPy endorser instance
- endorser:
- # -- The url of the used Indy ledger
- genesisUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis"
- # -- The label of the instance
- label: "BaseWalletIssuer"
- logLevel: "INFO"
- # -- The network identifier of the used Indy ledger
- networkIdentifier: "greenlight:dev"
- # -- The endpoint url in the DID document
- endpointUrl: "https://localhost:8000"
- # -- The host of the used database
- databaseHost: "acapypostgresql"
- # -- The port at which the wallet is reachable
- endpointPort: "8000"
- # -- The port at which the admin API is reachable
- adminPort: "11000"
- # -- The url of the admin API
- adminUrl: "http://localhost:11000"
- secret:
- # -- The API key of the admin endpoints. It must be a random and secure string
- apikey: "0"
- # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser.
- walletseed: "RandomSeedPlaceHolder0x135791113"
- dbaccount: "postgres"
- dbadminuser: "postgres"
- dbadminpassword: "postgres"
- dbpassword: "postgres"
- ## -- It must be a random and secure string
- jwtsecret: "0"
- ## -- It must be a random and secure string
- walletkey: "0"
- # AcaPy multi-tenancy instance
- mt:
- # -- The url of the used Indy ledger
- genesisUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis"
- # -- The label of the instance
- label: "ManagedWallet"
- logLevel: "INFO"
- # -- The network identifier of the used Indy ledger
- networkIdentifier: "greenlight:dev"
- # -- The endpoint url in the DID document
- endpointUrl: "https://localhost:8003"
- # -- The host of the used database
- databaseHost: "acapypostgresql"
- # -- The port at which the sub-wallets are reachable
- endpointPort: "8003"
- # -- The port at which the admin API is reachable
- adminPort: "11003"
- # -- The url of the admin API
- adminUrl: "http://localhost:11003"
- # -- The short DID of the base wallet
- endorserPublicDid: "ShortDIDPlaceholderX"
- # -- The url at which events are sent. It should be the webhook endpoint in MIW
- webhookUrl: "http://localhost:8080/webhook"
- secret:
- # -- The API-Key of the admin endpoints. It must be a random and secure string
- apikey: "0"
- # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser.
- walletseed: "RandomSeedPlaceHolder0x246810120"
- dbaccount: "postgres"
- dbadminuser: "postgres"
- dbadminpassword: "postgres"
- dbpassword: "postgres"
- ## -- It must be a random and secure string
- jwtsecret: "0"
- ## -- It must be a random and secure string
- walletkey: "0"
-ingress:
- enabled: false
-# The configuration and secrets of the database that is used by AcaPy
-acapypostgresql:
- enabled: true
- auth:
- existingSecret: product-managed-identity-wallets-acapypostgresql
- secret:
- password: "postgres"
- postgrespassword: "postgres"
- user: "postgres"
-# The configuration and secrets of the database that is used by the MIW
-postgresql:
- # -- use the default jdbc url `jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s` instead of the value in managedIdentityWallets.secrets.jdbcUrl
- useDefaultJdbcUrl: true
- enabled: true
- auth:
- existingSecret: product-managed-identity-wallets-postgresql
- primary:
- extraVolumeMounts:
- - name: initdb
- mountPath: "/docker-entrypoint-initdb.d"
- extraVolumes:
- - name: initdb
- emptyDir: {}
- initContainers:
- - name: initdb
- # -- The image is built and used to initialize the database of MIW. The tag must equal the appVersion in Chart.yaml
- image: ghcr.io/catenax-ng/tx-managed-identity-wallets_initdb:3.3.2
- imagePullPolicy: Always
- command:
- - sh
- args:
- - -c
- - |
- echo "Copying initdb sqls..."
- cp -R /initdb/* /docker-entrypoint-initdb.d
- volumeMounts:
- - name: initdb
- mountPath: "/docker-entrypoint-initdb.d"
- secret:
- password: "postgres"
- postgrespassword: "postgres"
- user: "postgres"
-# The configuration to access the BPDM data pool (https://github.com/eclipse-tractusx/bpdm) from MIW
-datapool:
- grantType: "client_credentials"
- scope: "openid"
- # -- At which hour (24-hour clock) the cron job should pull the data from the BPDM data pool
- refreshHour: "23"
- # -- Url at which the API of BPDM is reachable
- url: ""
- # -- IAM url to get the access token for BPDM data pool endpoint
- authUrl: ""
-managedIdentityWallets:
- secret:
- # -- Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false
- jdbcurl: "jdbc:postgresql://:/?user=&password="
- # -- It can be extracted from Keycloak
- authclientid: "clientid"
- # -- It can be extracted from Keycloak
- authclientsecret: "client"
- # -- client id for accessing the BPDM data pool endpoint
- bpdmauthclientid: "clientid"
- # -- client secret for accessing the BPDM data pool endpoint
- bpdmauthclientsecret: "client"
-certificate:
- host: "localhost"
-# -- Deployment on Kubernetes on local device
-isLocal: false
-# -- used resources for each componenet
-resources:
- managedIdentityWallets:
- requests:
- cpu: "100m"
- memory: "128Mi"
- limits:
- cpu: "250m"
- memory: "256Mi"
- revocationService:
- requests:
- cpu: "100m"
- memory: "128Mi"
- limits:
- cpu: "250m"
- memory: "256Mi"
- endorserAcapy:
- requests:
- cpu: "100m"
- memory: "128Mi"
- limits:
- cpu: "250m"
- memory: "256Mi"
- mtAcapy:
- requests:
- cpu: "100m"
- memory: "128Mi"
- limits:
- cpu: "250m"
- memory: "256Mi"
diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist
index 1b21dafe0..c1779fe6b 100644
--- a/dev-assets/env-files/env.docker.dist
+++ b/dev-assets/env-files/env.docker.dist
@@ -19,7 +19,7 @@ KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public
DB_DATABASE=keycloak
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=
-KC_HOSTNAME: keycloak
+KC_HOSTNAME=keycloak
# Docker: App config
KEYCLOAK_CLIENT_ID=miw_private_client
@@ -32,9 +32,10 @@ VC_SCHEMA_LINK="https://www.w3.org/2018/credentials/v1, https://catenax-ng.githu
VC_EXPIRY_DATE=01-01-2025
SUPPORTED_FRAMEWORK_VC_TYPES="cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace"
MIW_HOST_NAME=miw
-AUTH_SERVER_URL=http://keycloak:8080
######### DON'T MODIFY ANYTHING BELOW THIS LINE !!! #########
+AUTH_SERVER_URL=http://keycloak:8080
+DEV_ENVIRONMENT=docker
APPLICATION_PORT=8000
MANAGEMENT_PORT=8090
APPLICATION_ENVIRONMENT=dev
@@ -46,4 +47,4 @@ DB_NAME=${POSTGRES_DB_NAME_MIW}
DB_USER_NAME=${POSTGRES_USERNAME_MIW}
DB_PASSWORD=${POSTGRES_PASSWORD_MIW}
ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME}
-ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN}
\ No newline at end of file
+ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN}
diff --git a/dev-assets/env-files/env.environment.dist b/dev-assets/env-files/env.environment.dist
deleted file mode 100644
index 9b19e9582..000000000
--- a/dev-assets/env-files/env.environment.dist
+++ /dev/null
@@ -1 +0,0 @@
-ENV=local # local or docker
\ No newline at end of file
diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist
index 19f430e00..714576baa 100644
--- a/dev-assets/env-files/env.local.dist
+++ b/dev-assets/env-files/env.local.dist
@@ -19,7 +19,7 @@ KEYCLOAK_MIW_PUBLIC_CLIENT=miw_public
DB_DATABASE=keycloak
KEYCLOAK_ADMIN=admin
KEYCLOAK_ADMIN_PASSWORD=
-KC_HOSTNAME: localhost
+KC_HOSTNAME=localhost
# Docker: App config
KEYCLOAK_CLIENT_ID=miw_private_client
@@ -32,9 +32,10 @@ VC_SCHEMA_LINK="https://www.w3.org/2018/credentials/v1, https://catenax-ng.githu
VC_EXPIRY_DATE=01-01-2025
SUPPORTED_FRAMEWORK_VC_TYPES="cx-behavior-twin=Behavior Twin,cx-pcf=PCF,cx-quality=Quality,cx-resiliency=Resiliency,cx-sustainability=Sustainability,cx-traceability=ID_3.0_Trace"
MIW_HOST_NAME=miw
-AUTH_SERVER_URL=http://localhost:8080
######### DON'T MODIFY ANYTHING BELOW THIS LINE !!! #########
+AUTH_SERVER_URL=http://localhost:8080
+DEV_ENVIRONMENT=local
APPLICATION_PORT=8000
MANAGEMENT_PORT=8090
APPLICATION_ENVIRONMENT=dev
@@ -46,4 +47,4 @@ DB_NAME=${POSTGRES_DB_NAME_MIW}
DB_USER_NAME=${POSTGRES_USERNAME_MIW}
DB_PASSWORD=${POSTGRES_PASSWORD_MIW}
ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME}
-ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN}
\ No newline at end of file
+ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN}
diff --git a/dev-assets/tasks/darwin/app.yaml b/dev-assets/tasks/darwin/app.yaml
index 917125d52..38d7ff285 100644
--- a/dev-assets/tasks/darwin/app.yaml
+++ b/dev-assets/tasks/darwin/app.yaml
@@ -36,6 +36,16 @@ tasks:
- echo "BEARER {{.TOKEN}}"
- echo "BEARER {{.TOKEN}}" | pbcopy
+ test-report:
+ desc: Generates the test report for MIW
+ cmds:
+ - ./gradlew jacocoTestReport
+
+ coverage:
+ desc: Runs the coverage check
+ cmds:
+ - ./gradlew jacocoTestCoverageVerification
+
clean:
desc: Cleans the build directory
cmds:
diff --git a/dev-assets/tasks/darwin/check-tools.yaml b/dev-assets/tasks/darwin/check-tools.yaml
index d8b6e9725..600e174ad 100644
--- a/dev-assets/tasks/darwin/check-tools.yaml
+++ b/dev-assets/tasks/darwin/check-tools.yaml
@@ -24,6 +24,7 @@ tasks:
cmds:
- task: check-helm
- task: check-helm-plugins
+ - task: check-helm-docs
- task: check-docker
- task: check-docker-compose
- task: check-java
@@ -31,31 +32,46 @@ tasks:
ignore_error: true
check-helm:
- dir: dev-assets/tasks/{{OS}}
+ dir: dev-assets/tasks/darwin
+ silent: true
cmds:
- ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm
+ check-helm-docs:
+ dir: dev-assets/tasks/darwin
+ silent: true
+ cmds:
+ - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs
+
check-helm-plugins:
dir: dev-assets/tasks/darwin
+ silent: true
cmds:
- - ./check_helm_plugin.sh unittest
+ - ./check_helm_plugin.sh unittest https://github.com/helm-unittest/helm-unittest#install
check-docker:
dir: dev-assets/tasks/darwin
+ silent: true
cmds:
- ./check_bin.sh docker https://www.docker.com
check-docker-compose:
dir: dev-assets/tasks/darwin
+ silent: true
cmds:
- - ./check_bin.sh docker-compose https://www.docker.com
+ - echo "If following command fails execute this, if you have Docker-Desktop installed (probably will fix it) ->"
+ - echo "sudo mkdir -p /usr/local/lib/docker"
+ - echo "sudo ln -s /Applications/Docker.app/Contents/Resources/cli-plugins /usr/local/lib/docker/cli-plugins"
+ - docker compose version
check-jq:
dir: dev-assets/tasks/darwin
+ silent: true
cmds:
- ./check_bin.sh jq https://jqlang.github.io/jq/
check-java:
dir: dev-assets/tasks/darwin
+ silent: true
cmds:
- ./check_bin.sh java https://www.codejava.net/java-core/install-openjdk-17-on-macos
diff --git a/dev-assets/tasks/darwin/check_helm_plugin.sh b/dev-assets/tasks/darwin/check_helm_plugin.sh
index 403de3a3f..dc5895fe2 100755
--- a/dev-assets/tasks/darwin/check_helm_plugin.sh
+++ b/dev-assets/tasks/darwin/check_helm_plugin.sh
@@ -25,6 +25,6 @@ if [[ $RESULT =~ $1 ]];
then
echo "Plugin found! Info: $RESULT"
else
- echo "Plugin not found"
+ echo "Plugin not found. Install it from here: $2"
exit 1
fi
\ No newline at end of file
diff --git a/dev-assets/tasks/darwin/docker.yaml b/dev-assets/tasks/darwin/docker.yaml
index 6a40c1a3a..cd3fa1fd5 100644
--- a/dev-assets/tasks/darwin/docker.yaml
+++ b/dev-assets/tasks/darwin/docker.yaml
@@ -36,13 +36,13 @@ tasks:
cmds:
- cat postgres/db.sh.tpl | envsubst > postgres/db.sh
- chmod +x postgres/db.sh
- - "docker-compose up {{.OPTIONS}} {{.CONTAINERS}}"
+ - "docker compose up {{.OPTIONS}} {{.CONTAINERS}}"
stop-middleware:
desc: Stop local Docker environment
dir: dev-assets/docker-environment
cmds:
- - docker-compose down
+ - docker compose down
- cmd: docker volume remove docker-environment_postgres_data
ignore_error: true
- rm -f postgres/db.sh
@@ -71,4 +71,4 @@ tasks:
desc: Cleans everything about docker...
cmds:
- cmd: docker rmi local-miw
- ignore_error: true
\ No newline at end of file
+ ignore_error: true
diff --git a/dev-assets/tasks/helm.yaml b/dev-assets/tasks/helm.yaml
index 3e08efacb..dce88ee83 100644
--- a/dev-assets/tasks/helm.yaml
+++ b/dev-assets/tasks/helm.yaml
@@ -24,4 +24,10 @@ tasks:
desc: Executes helm unittests
dir: charts/managed-identity-wallet
cmds:
- - helm unittest .
\ No newline at end of file
+ - helm unittest -f 'tests/**/*.yaml' -f 'tests/**/**/*.yaml' .
+
+ readme:
+ desc: Rebuilds the readme of the Helm chart
+ dir: charts/managed-identity-wallet
+ cmds:
+ - helm-docs .
diff --git a/dev-assets/tasks/linux/app.yaml b/dev-assets/tasks/linux/app.yaml
index 7ae5657fe..45eef3029 100644
--- a/dev-assets/tasks/linux/app.yaml
+++ b/dev-assets/tasks/linux/app.yaml
@@ -31,6 +31,16 @@ tasks:
cmds:
- echo "BAERER $(./get_Token.sh)"
+ test-report:
+ desc: Generates the test report for MIW
+ cmds:
+ - ./gradlew jacocoTestReport
+
+ coverage:
+ desc: Runs the coverage check
+ cmds:
+ - ./gradlew jacocoTestCoverageVerification
+
clean:
desc: Cleans the build directory
cmds:
diff --git a/dev-assets/tasks/linux/check-tools.yaml b/dev-assets/tasks/linux/check-tools.yaml
index 828403e58..decd5f077 100644
--- a/dev-assets/tasks/linux/check-tools.yaml
+++ b/dev-assets/tasks/linux/check-tools.yaml
@@ -24,37 +24,51 @@ tasks:
cmds:
- task: check-helm
- task: check-helm-plugins
+ - task: check-helm-docs
- task: check-docker
- task: check-docker-compose
- task: check-java
+ - task: check-jq
ignore_error: true
check-helm:
dir: dev-assets/tasks/linux
+ silent: true
cmds:
- ./check_bin.sh helm https://helm.sh/docs/intro/quickstart/#install-helm
+ check-helm-docs:
+ dir: dev-assets/tasks/linux
+ silent: true
+ cmds:
+ - ./check_bin.sh helm-docs https://github.com/norwoodj/helm-docs
+
check-helm-plugins:
dir: dev-assets/tasks/linux
+ silent: true
cmds:
- - ./check_helm_plugin.sh unittest
+ - ./check_helm_plugin.sh unittest https://github.com/helm-unittest/helm-unittest#install
check-docker:
dir: dev-assets/tasks/linux
+ silent: true
cmds:
- ./check_bin.sh docker https://www.docker.com
check-docker-compose:
dir: dev-assets/tasks/linux
+ silent: true
cmds:
- - ./check_bin.sh docker-compose https://www.docker.com
+ - docker compose version
check-jq:
dir: dev-assets/tasks/linux
+ silent: true
cmds:
- ./check_bin.sh jq https://jqlang.github.io/jq/
check-java:
dir: dev-assets/tasks/linux
+ silent: true
cmds:
- ./check_bin.sh java https://www.codejava.net/java-core/install-openjdk-17-on-macos
diff --git a/dev-assets/tasks/linux/check_helm_plugin.sh b/dev-assets/tasks/linux/check_helm_plugin.sh
index 403de3a3f..dc5895fe2 100755
--- a/dev-assets/tasks/linux/check_helm_plugin.sh
+++ b/dev-assets/tasks/linux/check_helm_plugin.sh
@@ -25,6 +25,6 @@ if [[ $RESULT =~ $1 ]];
then
echo "Plugin found! Info: $RESULT"
else
- echo "Plugin not found"
+ echo "Plugin not found. Install it from here: $2"
exit 1
fi
\ No newline at end of file
diff --git a/dev-assets/tasks/linux/docker.yaml b/dev-assets/tasks/linux/docker.yaml
index 6a40c1a3a..cd3fa1fd5 100644
--- a/dev-assets/tasks/linux/docker.yaml
+++ b/dev-assets/tasks/linux/docker.yaml
@@ -36,13 +36,13 @@ tasks:
cmds:
- cat postgres/db.sh.tpl | envsubst > postgres/db.sh
- chmod +x postgres/db.sh
- - "docker-compose up {{.OPTIONS}} {{.CONTAINERS}}"
+ - "docker compose up {{.OPTIONS}} {{.CONTAINERS}}"
stop-middleware:
desc: Stop local Docker environment
dir: dev-assets/docker-environment
cmds:
- - docker-compose down
+ - docker compose down
- cmd: docker volume remove docker-environment_postgres_data
ignore_error: true
- rm -f postgres/db.sh
@@ -71,4 +71,4 @@ tasks:
desc: Cleans everything about docker...
cmds:
- cmd: docker rmi local-miw
- ignore_error: true
\ No newline at end of file
+ ignore_error: true
diff --git a/dev-assets/tasks/windows/app.yaml b/dev-assets/tasks/windows/app.yaml
index d379f7979..0b48893c8 100644
--- a/dev-assets/tasks/windows/app.yaml
+++ b/dev-assets/tasks/windows/app.yaml
@@ -31,7 +31,17 @@ tasks:
cmds:
- echo "Not implemented for windows!"
+ test-report:
+ desc: Generates the test report for MIW
+ cmds:
+ - .\gradlew.bat jacocoTestReport
+
+ coverage:
+ desc: Runs the coverage check
+ cmds:
+ - .\gradlew.bat jacocoTestCoverageVerification
+
clean:
desc: Cleans the build directory
cmds:
- - gradlew.bat clean
\ No newline at end of file
+ - .\gradlew.bat clean
\ No newline at end of file
diff --git a/dev-assets/tasks/windows/check-tools.yaml b/dev-assets/tasks/windows/check-tools.yaml
index cb1378865..14b79386a 100644
--- a/dev-assets/tasks/windows/check-tools.yaml
+++ b/dev-assets/tasks/windows/check-tools.yaml
@@ -24,32 +24,51 @@ tasks:
cmds:
- task: check-helm
- task: check-helm-plugins
+ - task: check-helm-docs
- task: check-docker
- task: check-docker-compose
- task: check-java
+ - task: check-jq
ignore_error: true
check-helm:
- dir: .tasks
+ dir: dev-assets/tasks/windows
+ silent: true
cmds:
- - echo "Not implemented for windows!"
+ - echo "task 'check-prereq' not implemented for windows!"
+
+ check-helm-docs:
+ dir: dev-assets/tasks/windows
+ silent: true
+ cmds:
+ - echo "task 'check-prereq' not implemented for windows!"
check-helm-plugins:
- dir: .tasks
+ dir: dev-assets/tasks/windows
+ silent: true
cmds:
- - echo "Not implemented for windows!"
+ - echo "task 'check-prereq' not implemented for windows!"
check-docker:
- dir: .tasks
+ dir: dev-assets/tasks/windows
+ silent: true
cmds:
- - echo "Not implemented for windows!"
+ - echo "task 'check-prereq' not implemented for windows!"
check-docker-compose:
- dir: .tasks
+ dir: dev-assets/tasks/windows
+ silent: true
+ cmds:
+ - echo "task 'check-prereq' not implemented for windows!"
+
+ check-jq:
+ dir: dev-assets/tasks/windows
+ silent: true
cmds:
- - echo "Not implemented for windows!"
+ - echo "task 'check-prereq' not implemented for windows!"
check-java:
- dir: .tasks
+ dir: dev-assets/tasks/windows
+ silent: true
cmds:
- - echo "Not implemented for windows!"
+ - echo "task 'check-prereq' not implemented for windows!"
diff --git a/docs/Development.md b/docs/Development.md
new file mode 100644
index 000000000..a5fda98e1
--- /dev/null
+++ b/docs/Development.md
@@ -0,0 +1,108 @@
+# Development Process
+
+## Branching
+
+The **Managed Identity Wallets** project adheres to
+the [Gitflow Workflow](https://www.atlassian.com/git/tutorials/comparing-workflows/gitflow-workflow).
+
+Gitflow is a branching model and workflow for managing version control in software development projects using Git. It
+provides a structured approach to organizing branches, releases, and collaboration among team members.
+
+The Gitflow workflow consists of two main branches: "master" and "develop." The "master" branch represents the stable
+and production-ready state of the project, while the "develop" branch serves as the main integration branch for ongoing
+development.
+
+In addition to these two main branches, Gitflow introduces several supporting branches. Feature branches are created off
+the "develop" branch and used for implementing new features or changes. Once a feature is complete, it is merged back
+into the "develop" branch. Release branches are created from the "develop" branch to prepare for a new release. Bug
+fixes and hotfixes are typically made in separate branches derived from the "master" branch and merged back into both "
+master" and "develop" branches.
+
+The Gitflow model promotes a structured and controlled release process. When a stable and tested state is reached in
+the "develop" branch, a release branch is created. This branch allows for final testing, bug fixes, and the preparation
+of release-related documentation. Once the release is ready, it is merged into both the "master" and "develop" branches,
+with the "master" branch receiving a version tag.
+
+## Commits
+
+The **Managed Identity Wallets** project adheres to
+the [Conventional Commits](https://www.conventionalcommits.org/en/v1.0.0/).
+
+Conventional commits are a standardized way of formatting commit messages in software development projects. The
+Conventional Commits specification provides guidelines for writing commit messages that are human-readable, informative,
+and can be easily parsed by automated tools.
+
+The format of a conventional commit message typically consists of a type, an optional scope, and a subject. The type
+indicates the purpose or nature of the commit, such as "feat" for a new feature, "fix" for a bug fix, "docs" for
+documentation changes, and so on. The scope is optional and represents the module or component of the project being
+modified. The subject is a brief and descriptive summary of the changes made in the commit.
+
+The conventional commit structure is as follows:
+> `([optional scope]): `
+>
+> `[optional body]`
+>
+> `[optional footer(s)]`
+
+Commonly used types include:
+
+- `feat`
+- `fix`
+- `ci`
+- `chore`
+- `docs`
+- `refactor`
+- `test`
+
+For BREAKING CHANGES use the following _footer_:
+
+- `BREAKING CHANGE: `
+
+---
+
+Example of a commit that introduces breaking changes. To draw additional attention to the breaking changes, the commit
+scope is prefixed with an exclamation mark:
+> chore(ci)!: drop support for Java 11
+>
+> BREAKING CHANGE: Java 11 features not available in the new version.
+
+_Please note_: Putting a `!` next to the scope, without the breaking change footer, will not trigger a major release!
+
+---
+
+## Versioning
+
+The **Managed Identity Wallets** project adheres to [semantic versioning](https://semver.org/).
+
+Semantic versioning is a versioning scheme commonly used in software development to convey information about changes and
+compatibility between different versions of a software package. It consists of three numbers separated by periods,
+following the format MAJOR.MINOR.PATCH.
+
+The MAJOR version indicates significant changes that could potentially break backward compatibility. This means that
+when the MAJOR version is incremented, it implies that there are incompatible changes, and developers need to make
+updates to their code to ensure compatibility.
+
+The MINOR version represents added functionality or features in a backwards-compatible manner. It indicates that the
+software has been enhanced with new features, but existing functionality remains intact, allowing developers to update
+their code without any major modifications.
+
+The PATCH version signifies backward-compatible bug fixes or small updates, such as addressing security vulnerabilities
+or resolving minor issues. It indicates that changes have been made to improve the software's stability or security
+without introducing new features or breaking existing functionality.
+
+By adhering to semantic versioning, developers can communicate the nature of changes in their software releases
+effectively. This scheme helps users and developers understand the impact of an update on compatibility and
+functionality, making it easier to manage dependencies and ensure smooth integration within software ecosystems.
+
+This project uses the [Semantic Release GitHub Action](https://semantic-release.gitbook.io/semantic-release/) to
+automate the release process. This action analyzes commit messages to determine the type of changes and automatically
+sets the version number accordingly. It also generates a changelog based on commit messages and publishes the release to
+a repository.
+
+These are some commits with their corresponding semantic release types:
+
+| Commit Message | Release Type |
+|:----------------------------------------------------------------------------------------------------|:-------------|
+| fix(typo): correct minor typos in code | Patch |
+| feat: add new feature | Minor |
+| feat: add new feature that breaks backward compatibility
BREAKING CHANGE: \ | Major |
diff --git a/docs/manage_app.png b/docs/manage_app.png
new file mode 100644
index 000000000..2a60b6014
Binary files /dev/null and b/docs/manage_app.png differ
diff --git a/docs/openapi_v001.json b/docs/openapi_v001.json
index 00ddf1075..857db03b7 100644
--- a/docs/openapi_v001.json
+++ b/docs/openapi_v001.json
@@ -34,7 +34,8 @@
"items": {
"$ref": "#/components/schemas/WalletDto"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
}
}
@@ -676,7 +677,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"required": false,
"deprecated": false,
@@ -696,7 +698,8 @@
"items": {
"$ref": "#/components/schemas/VerifiableCredentialDto"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
}
}
@@ -1109,10 +1112,10 @@
"issuer": "did:web:miw.de/bpn0000000000",
"issuanceDate": "2021-06-16T18:56:59Z",
"credentialSubject": {
- "type":"MembershipCredential",
+ "type": "MembershipCredential",
"memberOf": "Catena-X",
- "status":"Active",
- "startTime":"2021-06-16T18:56:59Z"
+ "status": "Active",
+ "startTime": "2021-06-16T18:56:59Z"
},
"holderIdentifier": "bpn",
"proof": {
@@ -1894,7 +1897,8 @@
"items": {
"$ref": "#/components/schemas/VerifiableCredentialDto"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -1964,10 +1968,10 @@
"items": {
"type": "string"
},
- "type": "array"
- },
- "credentialStatus": {
+ "type": "array",
+ "maxItems": 100
},
+ "credentialStatus": {},
"credentialSubject": {
"additionalProperties": {
"$ref": "#/components/schemas/Any"
@@ -1995,13 +1999,15 @@
"items": {
"$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"type": {
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2121,10 +2127,10 @@
"items": {
"type": "string"
},
- "type": "array"
- },
- "CredentialStatus": {
+ "type": "array",
+ "maxItems": 100
},
+ "CredentialStatus": {},
"credentialSubject": {
"additionalProperties": {
"$ref": "#/components/schemas/Any"
@@ -2152,7 +2158,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2175,31 +2182,36 @@
"items": {
"$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"authenticationVerificationMethods": {
"items": {
"$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"capabilityDelegationVerificationMethods": {
"items": {
"$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"capabilityInvocationVerificationMethods": {
"items": {
"$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"context": {
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"controller": {
"$ref": "#/components/schemas/Short"
@@ -2211,18 +2223,22 @@
"items": {
"$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"services": {
"items": {
+ "$ref": "#/components/schemas/Any"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"verificationMethods": {
"items": {
"$ref": "#/components/schemas/DidVerificationMethodDto"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2294,7 +2310,8 @@
"type": "string",
"nullable": true
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"kid": {
"type": "string",
@@ -2327,7 +2344,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"credentialSubject": {
"additionalProperties": {
@@ -2361,7 +2379,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2379,7 +2398,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"credentialSubject": {
"additionalProperties": {
@@ -2409,7 +2429,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2430,7 +2451,8 @@
"items": {
"$ref": "#/components/schemas/VerifiableCredentialDto"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2445,7 +2467,8 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"holder": {
"type": "string",
@@ -2462,13 +2485,15 @@
"items": {
"type": "string"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
},
"verifiableCredential": {
"items": {
"$ref": "#/components/schemas/VerifiableCredentialDto"
},
- "type": "array"
+ "type": "array",
+ "maxItems": 100
}
},
"required": [
@@ -2504,6 +2529,8 @@
}
}
},
- "security": [],
+ "security": {
+ "auth-token": {}
+ },
"tags": []
}
\ No newline at end of file
diff --git a/gradle.properties b/gradle.properties
index bf847a0a1..c6c447ec3 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,7 +1,7 @@
-springCloudVersion=2022.0.2
-testContainerVersion=1.18.0
-jacocoVersion=0.8.8
-springBootVersion=3.0.6
+springCloudVersion=2022.0.3
+testContainerVersion=1.18.3
+jacocoVersion=0.8.9
+springBootVersion=3.1.1
springDependencyVersion=1.1.0
groupName=org.eclipse.tractusx
applicationVersion=0.0.1-SNAPSHOT
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
index 6f53eb811..3cc57dcda 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/ApplicationConfig.java
@@ -28,6 +28,7 @@
import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
import org.springdoc.core.properties.SwaggerUiConfigProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@@ -67,7 +68,7 @@ public SpecificationUtil specificationUtil() {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
String redirectUri = properties.getPath();
- log.info("Set landing page to path {}", redirectUri);
+ log.info("Set landing page to path {}", StringEscapeUtils.escapeJava(redirectUri));
registry.addRedirectViewController("/", redirectUri);
}
}
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
index 32ee74979..95c3bb747 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/MIWSettings.java
@@ -38,5 +38,6 @@ public record MIWSettings(String host, String encryptionKey, String authorityWal
List vcContexts, List summaryVcContexts,
@DateTimeFormat(pattern = "dd-MM-yyyy") Date vcExpiryDate,
Set supportedFrameworkVCTypes,
- boolean enforceHttps, String contractTemplatesUrl) {
+ boolean enforceHttps, String contractTemplatesUrl,
+ List didDocumentContextUrls) {
}
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
index 1b8e032ba..76dd3f645 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/openapi/OpenApiConfig.java
@@ -24,9 +24,9 @@
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Contact;
import io.swagger.v3.oas.models.info.Info;
-import io.swagger.v3.oas.models.security.OAuthFlow;
-import io.swagger.v3.oas.models.security.OAuthFlows;
+import io.swagger.v3.oas.models.info.License;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import lombok.AllArgsConstructor;
@@ -55,9 +55,22 @@ public class OpenApiConfig {
@Bean
public OpenAPI openAPI() {
Info info = new Info();
- info.setTitle("MIW API");
- info.setDescription("MIW API");
+ info.setTitle("Managed Identity Wallets API");
+ info.setDescription("Managed Identity Wallets API");
+ info.termsOfService("https://www.eclipse.org/legal/termsofuse.php");
info.setVersion("0.0.1");
+
+ Contact contact = new Contact();
+ contact.name("Eclipse Tractus-X");
+ contact.email("tractusx-dev@eclipse.org");
+ contact.url("https://projects.eclipse.org/projects/automotive.tractusx");
+ info.contact(contact);
+
+ License license = new License();
+ license.name("Apache 2.0");
+ license.url("https://github.com/eclipse-tractusx/managed-identity-wallets/blob/develop/LICENSE");
+ info.license(license);
+
OpenAPI openAPI = new OpenAPI();
if (Boolean.TRUE.equals(properties.enabled())) {
openAPI = enableSecurity(openAPI);
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
index d02c5ad2e..2630d4282 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/CustomAuthenticationConverter.java
@@ -20,6 +20,7 @@
*/
package org.eclipse.tractusx.managedidentitywallets.config.security;
+
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
@@ -27,9 +28,11 @@
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
-import org.springframework.util.CollectionUtils;
-import java.util.*;
+import java.util.Collection;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
import java.util.stream.Collectors;
/**
@@ -49,18 +52,14 @@ public CustomAuthenticationConverter(String resourceId) {
this.resourceId = resourceId;
grantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
}
-
@Override
public AbstractAuthenticationToken convert(Jwt source) {
- Collection convert = grantedAuthoritiesConverter.convert(source);
- if (!CollectionUtils.isEmpty(convert)) {
- Collection authorities = new HashSet<>(convert);
- authorities.addAll(extractResourceRoles(source, resourceId));
- extractResourceRoles(source, resourceId);
- return new JwtAuthenticationToken(source, authorities);
- } else {
- return new JwtAuthenticationToken(source, Collections.emptyList());
- }
+ Collection authorities = (grantedAuthoritiesConverter.convert(source))
+ .stream()
+ .collect(Collectors.toSet());
+ authorities.addAll(extractResourceRoles(source, resourceId));
+ extractResourceRoles(source, resourceId);
+ return new JwtAuthenticationToken(source, authorities);
}
private Collection extractResourceRoles(Jwt jwt, String resourceId) {
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
index d72a1d4cf..d8db323a2 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/config/security/SecurityConfig.java
@@ -28,10 +28,12 @@
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -60,51 +62,50 @@ public class SecurityConfig {
@Bean
@ConditionalOnProperty(value = "miw.security.enabled", havingValue = "true", matchIfMissing = true)
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
- http.cors().and()
- .csrf().and()
- .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
- .authorizeHttpRequests()
- .requestMatchers(new AntPathRequestMatcher("/")).permitAll() // forwards to swagger
- .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll()
- .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll()
- .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll()
+ http.cors(Customizer.withDefaults())
+ .csrf(AbstractHttpConfigurer::disable)
+ .sessionManagement(sessionManagement -> sessionManagement.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+ .authorizeHttpRequests(authorizeHttpRequests -> authorizeHttpRequests.requestMatchers(new AntPathRequestMatcher("/")).permitAll() // forwards to swagger
+ .requestMatchers(new AntPathRequestMatcher("/docs/api-docs/**")).permitAll()
+ .requestMatchers(new AntPathRequestMatcher("/ui/swagger-ui/**")).permitAll()
+ .requestMatchers(new AntPathRequestMatcher("/actuator/health/**")).permitAll()
+ .requestMatchers(new AntPathRequestMatcher("/actuator/loggers/**")).hasRole(ApplicationRole.ROLE_MANAGE_APP)
- //did document resolve APIs
- .requestMatchers(new AntPathRequestMatcher(RestURI.DID_RESOLVE, GET.name())).permitAll() //Get did document
- .requestMatchers(new AntPathRequestMatcher(RestURI.DID_DOCUMENTS, GET.name())).permitAll() //Get did document
+ //did document resolve APIs
+ .requestMatchers(new AntPathRequestMatcher(RestURI.DID_RESOLVE, GET.name())).permitAll() //Get did document
+ .requestMatchers(new AntPathRequestMatcher(RestURI.DID_DOCUMENTS, GET.name())).permitAll() //Get did document
- //wallet APIS
- .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, POST.name())).hasRole(ApplicationRole.ROLE_ADD_WALLETS) //Create wallet
- .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS) //Get all wallet
- .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get wallet by identifier
- .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET) //Store credential
+ //wallet APIS
+ .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, POST.name())).hasRole(ApplicationRole.ROLE_ADD_WALLETS) //Create wallet
+ .requestMatchers(new AntPathRequestMatcher(RestURI.WALLETS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS) //Get all wallet
+ .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get wallet by identifier
+ .requestMatchers(new AntPathRequestMatcher(RestURI.API_WALLETS_IDENTIFIER_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET) //Store credential
- //VP-Generation
- .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //Create VP
+ //VP-Generation
+ .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS, ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //Create VP
- //VP - Validation
- .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //validate VP
+ //VP - Validation
+ .requestMatchers(new AntPathRequestMatcher(RestURI.API_PRESENTATIONS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLETS, ApplicationRole.ROLE_VIEW_WALLET) //validate VP
- //VC - Holder
- .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get credentials
- .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_UPDATE_WALLETS) //issue credentials
- .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, DELETE.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET) //delete credentials
+ //VC - Holder
+ .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //get credentials
+ .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET, ApplicationRole.ROLE_UPDATE_WALLETS) //issue credentials
+ .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS, DELETE.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLET) //delete credentials
- //VC - validation
- .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //validate credentials
+ //VC - validation
+ .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_VALIDATION, POST.name())).hasAnyRole(ApplicationRole.ROLE_VIEW_WALLET, ApplicationRole.ROLE_VIEW_WALLETS) //validate credentials
- //VC - Issuer
- .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Lis of issuer VC
- .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Issue VC
- .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_MEMBERSHIP, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue Membership Credential
- .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_DISMANTLER, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential
- .requestMatchers(new AntPathRequestMatcher(RestURI.API_CREDENTIALS_ISSUER_FRAMEWORK, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential
+ //VC - Issuer
+ .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, GET.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Lis of issuer VC
+ .requestMatchers(new AntPathRequestMatcher(RestURI.ISSUERS_CREDENTIALS, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //Issue VC
+ .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_MEMBERSHIP, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue Membership Credential
+ .requestMatchers(new AntPathRequestMatcher(RestURI.CREDENTIALS_ISSUER_DISMANTLER, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential
+ .requestMatchers(new AntPathRequestMatcher(RestURI.API_CREDENTIALS_ISSUER_FRAMEWORK, POST.name())).hasAnyRole(ApplicationRole.ROLE_UPDATE_WALLETS) //issue dismantler Credential
- //error
- .requestMatchers(new AntPathRequestMatcher("/error")).permitAll()
- .and().oauth2ResourceServer()
- .jwt()
- .jwtAuthenticationConverter(new CustomAuthenticationConverter(securityConfigProperties.clientId()));
+ //error
+ .requestMatchers(new AntPathRequestMatcher("/error")).permitAll()
+ ).oauth2ResourceServer(resourceServer -> resourceServer.jwt(jwt ->
+ jwt.jwtAuthenticationConverter(new CustomAuthenticationConverter(securityConfigProperties.clientId()))));
return http.build();
}
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java
index d9485abac..a534ad42c 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/ApplicationRole.java
@@ -51,4 +51,6 @@ private ApplicationRole() {
*/
public static final String ROLE_UPDATE_WALLET = "update_wallet";
+ public static final String ROLE_MANAGE_APP = "manage_app";
+
}
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java
index dcdde15e6..d30d67700 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/constant/StringPool.java
@@ -36,6 +36,7 @@ public class StringPool {
public static final String VALID = "valid";
public static final String VALIDATE_AUDIENCE = "validateAudience";
public static final String VALIDATE_EXPIRY_DATE = "validateExpiryDate";
+ public static final String VALIDATE_JWT_EXPIRY_DATE = "validateJWTExpiryDate";
public static final String DID_DOCUMENT = "didDocument";
public static final String VEHICLE_DISMANTLE = "vehicleDismantle";
public static final String CREATED_AT = "createdAt";
@@ -48,7 +49,6 @@ private StringPool() {
public static final String HOLDER_DID = "holderDid";
public static final String HOLDER_IDENTIFIER = "holderIdentifier";
public static final String NAME = "name";
- public static final String CONTRACT_TEMPLATES = "contractTemplates";
public static final String CONTRACT_TEMPLATE = "contractTemplate";
public static final String TYPE = "type";
public static final String MEMBER_OF = "memberOf";
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
index 8b16fdaff..ace19aacd 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/HoldersCredentialController.java
@@ -97,9 +97,9 @@ public ResponseEntity> getCredentials(@RequestPar
"https://www.w3.org/2018/credentials/examples/v1"
],
"type": [
- "University-Degree-Credential","VerifiableCredential"
+ "VerifiableCredential", "University-Degree-Credential"
],
- "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f",
+ "issuer": "did:web:localhost:BPNL000000000000",
"issuanceDate": "2019-06-16T18:56:59Z",
"expirationDate": "2019-06-17T18:56:59Z",
"credentialSubject": [{
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
index 5294a104d..29c6f3012 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/IssuersCredentialController.java
@@ -53,9 +53,15 @@
@RequiredArgsConstructor
public class IssuersCredentialController extends BaseController {
+ /**
+ * The constant API_TAG_VERIFIABLE_CREDENTIAL_ISSUER.
+ */
public static final String API_TAG_VERIFIABLE_CREDENTIAL_ISSUER = "Verifiable Credential - Issuer";
+ /**
+ * The constant API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION.
+ */
public static final String API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION = "Verifiable Credential - Validation";
-
+
private final IssuersCredentialService issuersCredentialService;
@@ -65,13 +71,15 @@ public class IssuersCredentialController extends BaseController {
* @param credentialId the credential id
* @param holderIdentifier the holder identifier
* @param type the type
+ * @param pageNumber the page number
+ * @param size the size
* @param sortColumn the sort column
* @param sortTpe the sort tpe
* @param principal the principal
* @return the credentials
*/
@Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER)
- @Operation(description = "Permission: **view_wallets** OR **view_wallet** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", summary = "Query Verifiable Credentials")
+ @Operation(description = "Permission: **view_wallets** (The BPN of holderIdentifier must equal BPN of caller)\n\n Search verifiable credentials with filter criteria", summary = "Query Verifiable Credentials")
@GetMapping(path = RestURI.ISSUERS_CREDENTIALS, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity> getCredentials(@RequestParam(required = false) String credentialId,
@RequestParam(required = false) String holderIdentifier,
@@ -98,7 +106,7 @@ public ResponseEntity> getCredentials(@RequestPar
"""))
})
@Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER)
- @Operation(summary = "Issue a Membership Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet")
+ @Operation(summary = "Issue a Membership Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet")
@PostMapping(path = RestURI.CREDENTIALS_ISSUER_MEMBERSHIP, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity issueMembershipCredential(@Valid @RequestBody IssueMembershipCredentialRequest issueMembershipCredentialRequest, Principal principal) {
return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueMembershipCredential(issueMembershipCredentialRequest, getBPNFromToken(principal)));
@@ -123,7 +131,7 @@ public ResponseEntity issueMembershipCredential(@Valid @Re
"""))
})
@Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER)
- @Operation(summary = "Issue a Dismantler Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet")
+ @Operation(summary = "Issue a Dismantler Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet")
@PostMapping(path = RestURI.CREDENTIALS_ISSUER_DISMANTLER, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity issueDismantlerCredential(@Valid @RequestBody IssueDismantlerCredentialRequest request, Principal principal) {
return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueDismantlerCredential(request, getBPNFromToken(principal)));
@@ -147,7 +155,7 @@ public ResponseEntity issueDismantlerCredential(@Valid @Re
"""))
})
@Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER)
- @Operation(summary = "Issue a Use Case Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet")
+ @Operation(summary = "Issue a Use Case Verifiable Credential with base wallet issuer", description = "Permission: **update_wallets** (The BPN of base wallet must equal BPN of caller)\n\n Issue a verifiable credential by base wallet")
@PostMapping(path = RestURI.API_CREDENTIALS_ISSUER_FRAMEWORK, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity issueFrameworkCredential(@Valid @RequestBody IssueFrameworkCredentialRequest request, Principal principal) {
return ResponseEntity.status(HttpStatus.CREATED).body(issuersCredentialService.issueFrameworkCredential(request, getBPNFromToken(principal)));
@@ -156,7 +164,8 @@ public ResponseEntity issueFrameworkCredential(@Valid @Req
/**
* Credentials validation response entity.
*
- * @param data the data
+ * @param data the data
+ * @param withCredentialExpiryDate the with credential expiry date
* @return the response entity
*/
@Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_VALIDATION)
@@ -166,43 +175,55 @@ public ResponseEntity issueFrameworkCredential(@Valid @Req
@io.swagger.v3.oas.annotations.parameters.RequestBody(content = {
@Content(examples = @ExampleObject("""
{
- "id": "http://example.edu/credentials/333",
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://www.w3.org/2018/credentials/examples/v1"
- ],
- "type": [
- "University-Degree-Credential", "VerifiableCredential"
- ],
- "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f",
- "issuanceDate": "2019-06-16T18:56:59Z",
- "expirationDate": "2019-06-17T18:56:59Z",
- "credentialSubject": [{
- "college": "Test-University"
- }],
- "proof": {
- "type": "Ed25519Signature2018",
- "created": "2021-11-17T22:20:27Z",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1",
- "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg"
- }
- }
+ "credentialSubject":
+ [
+ {
+ "bpn": "BPNL000000000000",
+ "id": "did:web:localhost:BPNL000000000000",
+ "type": "BpnCredential"
+ }
+ ],
+ "issuanceDate": "2023-07-14T11:05:44Z",
+ "id": "did:web:localhost:BPNL000000000000#f177b3e9-bbf9-45db-bc3d-80152abcb419",
+ "proof":
+ {
+ "created": "2023-07-14T11:05:48Z",
+ "jws": "eyJhbGciOiJFZERTQSJ9..C4oYBfTh11OKG0yV0qoCQxF6zZWZLb9dPXJCP6oCtpyB_sSc8o6cPhByKwf-0o7ElsUr0mh6AGPwGxdoOijfDw",
+ "proofPurpose": "proofPurpose",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:localhost:BPNL000000000000#"
+ },
+ "type":
+ [
+ "VerifiableCredential",
+ "BpnCredential"
+ ],
+ "@context":
+ [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json",
+ "https://w3id.org/security/suites/jws-2020/v1"
+ ],
+ "issuer": "did:web:localhost:BPNL000000000000",
+ "expirationDate": "2023-09-30T18:30:00Z"
+ }
"""))
})
- public ResponseEntity> credentialsValidation(@RequestBody Map data) {
- return ResponseEntity.status(HttpStatus.OK).body(issuersCredentialService.credentialsValidation(data));
+ public ResponseEntity> credentialsValidation(@RequestBody Map data,
+ @Parameter(description = "Check expiry of VC") @RequestParam(name = "withCredentialExpiryDate", defaultValue = "false", required = false) boolean withCredentialExpiryDate) {
+ return ResponseEntity.status(HttpStatus.OK).body(issuersCredentialService.credentialsValidation(data, withCredentialExpiryDate));
}
/**
* Issue credential response entity.
*
+ * @param holderDid the holder did
* @param data the data
* @param principal the principal
* @return the response entity
*/
@Tag(name = API_TAG_VERIFIABLE_CREDENTIAL_ISSUER)
- @Operation(summary = "Issue Verifiable Credential", description = "Permission: **update_wallets** OR **update_wallet** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID")
+ @Operation(summary = "Issue Verifiable Credential", description = "Permission: **update_wallets** (The BPN of the base wallet must equal BPN of caller)\nIssue a verifiable credential with a given issuer DID")
@PostMapping(path = RestURI.ISSUERS_CREDENTIALS, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
@io.swagger.v3.oas.annotations.parameters.RequestBody(content = {
@@ -214,7 +235,7 @@ public ResponseEntity> credentialsValidation(@RequestBody Ma
"https://www.w3.org/2018/credentials/examples/v1"
],
"type": [
- "University-Degree-Credential","VerifiableCredential"
+ "VerifiableCredential", "University-Degree-Credential"
],
"issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f",
"issuanceDate": "2019-06-16T18:56:59Z",
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
index 92a725242..81ec135dc 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/controller/PresentationController.java
@@ -67,33 +67,44 @@ public class PresentationController extends BaseController {
@io.swagger.v3.oas.annotations.parameters.RequestBody(content = {
@Content(examples = @ExampleObject("""
{
- "holderIdentifier": "did:example:76e12ec712ebc6f1c221ebfeb1f",
- "verifiableCredentials": [
- {
- "id": "http://example.edu/credentials/333",
- "@context": [
- "https://www.w3.org/2018/credentials/v1",
- "https://www.w3.org/2018/credentials/examples/v1"
- ],
- "type": [
- "University-Degree-Credential", "VerifiableCredential"
- ],
- "issuer": "did:example:76e12ec712ebc6f1c221ebfeb1f",
- "issuanceDate": "2019-06-16T18:56:59Z",
- "expirationDate": "2019-06-17T18:56:59Z",
- "credentialSubject": [{
- "college": "Test-University"
- }],
- "proof": {
- "type": "Ed25519Signature2018",
- "created": "2021-11-17T22:20:27Z",
- "proofPurpose": "assertionMethod",
- "verificationMethod": "did:example:76e12ec712ebc6f1c221ebfeb1f#keys-1",
- "jws": "eyJiNjQiOmZhbHNlLCJjcml0IjpbImI2NCJdLCJhbGciOiJFZERTQSJ9..JNerzfrK46Mq4XxYZEnY9xOK80xsEaWCLAHuZsFie1-NTJD17wWWENn_DAlA_OwxGF5dhxUJ05P6Dm8lcmF5Cg"
- }
- }
- ]
- }
+ "holderIdentifier": "did:web:localhost:BPNL000000000000",
+ "verifiableCredentials":
+ [
+ {
+ "credentialSubject":
+ [
+ {
+ "bpn": "BPNL000000000000",
+ "id": "did:web:localhost:BPNL000000000000",
+ "type": "BpnCredential"
+ }
+ ],
+ "issuanceDate": "2023-07-14T11:05:44Z",
+ "id": "did:web:localhost:BPNL000000000000#f177b3e9-bbf9-45db-bc3d-80152abcb419",
+ "proof":
+ {
+ "created": "2023-07-14T11:05:48Z",
+ "jws": "eyJhbGciOiJFZERTQSJ9..C4oYBfTh11OKG0yV0qoCQxF6zZWZLb9dPXJCP6oCtpyB_sSc8o6cPhByKwf-0o7ElsUr0mh6AGPwGxdoOijfDw",
+ "proofPurpose": "proofPurpose",
+ "type": "JsonWebSignature2020",
+ "verificationMethod": "did:web:localhost:BPNL000000000000#"
+ },
+ "type":
+ [
+ "VerifiableCredential",
+ "BpnCredential"
+ ],
+ "@context":
+ [
+ "https://www.w3.org/2018/credentials/v1",
+ "https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json",
+ "https://w3id.org/security/suites/jws-2020/v1"
+ ],
+ "issuer": "did:web:localhost:BPNL000000000000",
+ "expirationDate": "2023-09-30T18:30:00Z"
+ }
+ ]
+ }
"""))
})
public ResponseEntity> createPresentation(@RequestBody Map data,
@@ -127,45 +138,54 @@ public ResponseEntity> createPresentation(@RequestBody Map> storeCredential(@RequestBody Map getWalletByIdentifier(@Parameter(description = "Did or BPN") @PathVariable(name = "identifier") String identifier,
@RequestParam(name = "withCredentials", defaultValue = "false") boolean withCredentials,
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java
index b5750e14f..5b64098e0 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/HoldersCredential.java
@@ -52,10 +52,10 @@ public class HoldersCredential extends MIWBaseEntity {
@Column(nullable = false)
private String issuerDid;
- @Column(nullable = false)
+ @Column(nullable = false, name = "credential_type")
private String type;
- @Column(nullable = false)
+ @Column(nullable = false, name="credential_data")
@Convert(converter = StringToCredentialConverter.class)
private VerifiableCredential data;
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java
index da3b2efdf..6e3ca0c99 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/dao/entity/IssuersCredential.java
@@ -52,10 +52,10 @@ public class IssuersCredential extends MIWBaseEntity {
@Column(nullable = false)
private String issuerDid;
- @Column(nullable = false)
+ @Column(nullable = false, name="credential_type")
private String type;
- @Column(nullable = false)
+ @Column(nullable = false, name="credential_data")
@Convert(converter = StringToCredentialConverter.class)
private VerifiableCredential data;
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
index e11928839..60d67c13f 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/CommonService.java
@@ -23,6 +23,7 @@
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
@@ -30,8 +31,12 @@
import org.eclipse.tractusx.managedidentitywallets.utils.CommonUtils;
import org.eclipse.tractusx.managedidentitywallets.utils.Validate;
import org.eclipse.tractusx.ssi.lib.exception.DidParseException;
+import org.eclipse.tractusx.ssi.lib.model.verifiable.credential.VerifiableCredential;
import org.springframework.stereotype.Service;
+import java.time.Instant;
+import java.util.Map;
+
@Service
@Slf4j
@RequiredArgsConstructor
@@ -53,7 +58,7 @@ public Wallet getWalletByIdentifier(String identifier) {
try {
wallet = walletRepository.getByDid(identifier);
} catch (DidParseException e) {
- log.error("Error while parsing did {}", identifier, e);
+ log.error("Error while parsing did {}", StringEscapeUtils.escapeJava(identifier), e);
throw new WalletNotFoundProblem("Error while parsing did " + identifier);
}
}
@@ -61,4 +66,19 @@ public Wallet getWalletByIdentifier(String identifier) {
return wallet;
}
+ public static boolean validateExpiry(boolean withCredentialExpiryDate, VerifiableCredential verifiableCredential, Map response) {
+ //validate expiry date
+ boolean dateValidation = true;
+ if (withCredentialExpiryDate) {
+ Instant expirationDate = verifiableCredential.getExpirationDate();
+ if (expirationDate.isBefore(Instant.now())) {
+ dateValidation = false;
+ response.put(StringPool.VALIDATE_EXPIRY_DATE, false);
+ } else {
+ response.put(StringPool.VALIDATE_EXPIRY_DATE, true);
+ }
+ }
+ return dateValidation;
+ }
+
}
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
index 78b04f8aa..356bcd1a1 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/HoldersCredentialService.java
@@ -31,6 +31,7 @@
import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
@@ -164,7 +165,7 @@ public VerifiableCredential issueCredential(Map data, String cal
//Store Credential in holder table
credential = create(credential);
- log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), callerBpn);
+ log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(callerBpn));
// Return VC
return credential.getData();
}
@@ -185,7 +186,7 @@ public void deleteCredential(String credentialId, String bpnFromToken) {
//remove credential
holdersCredentialRepository.deleteByCredentialId(credentialId);
- log.debug("VC deleted with id ->{} of bpn ->{}", credentialId, holderWallet.getBpn());
+ log.debug("VC deleted with id ->{} of bpn ->{}", StringEscapeUtils.escapeJava(credentialId), StringEscapeUtils.escapeJava(holderWallet.getBpn()));
}
private void isCredentialExistWithId(String holderDid, String credentialId) {
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
index 8618b00c8..3f2309c33 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java
@@ -30,6 +30,7 @@
import com.smartsensesolutions.java.commons.sort.SortType;
import com.smartsensesolutions.java.commons.specification.SpecificationUtil;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
import org.eclipse.tractusx.managedidentitywallets.constant.MIWVerifiableCredentialType;
import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
@@ -133,6 +134,8 @@ protected SpecificationUtil getSpecificationUtil() {
* @param type the type
* @param sortColumn the sort column
* @param sortType the sort type
+ * @param pageNumber the page number
+ * @param size the size
* @param callerBPN the caller bpn
* @return the credentials
*/
@@ -182,6 +185,7 @@ public PageImpl getCredentials(String credentialId, String
*
* @param baseWallet the base wallet
* @param holderWallet the holder wallet
+ * @param authority the authority
* @return the verifiable credential
*/
@Transactional(isolation = Isolation.READ_UNCOMMITTED, propagation = Propagation.REQUIRED)
@@ -204,7 +208,7 @@ public VerifiableCredential issueBpnCredential(Wallet baseWallet, Wallet holderW
//update summery VC
updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.BPN_CREDENTIAL);
- log.debug("BPN credential issued for bpn -{}", holderWallet.getBpn());
+ log.debug("BPN credential issued for bpn -{}", StringEscapeUtils.escapeJava(holderWallet.getBpn()));
return issuersCredential.getData();
}
@@ -253,7 +257,7 @@ public VerifiableCredential issueFrameworkCredential(IssueFrameworkCredentialReq
//update summery cred
updateSummeryCredentials(baseWallet.getDidDocument(), privateKeyBytes, baseWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), request.getType());
- log.debug("Framework VC of type ->{} issued to bpn ->{}", request.getType(), holderWallet.getBpn());
+ log.debug("Framework VC of type ->{} issued to bpn ->{}", StringEscapeUtils.escapeJava(request.getType()), StringEscapeUtils.escapeJava(holderWallet.getBpn()));
// Return VC
return issuersCredential.getData();
@@ -304,7 +308,7 @@ public VerifiableCredential issueDismantlerCredential(IssueDismantlerCredentialR
//update summery VC
updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), MIWVerifiableCredentialType.DISMANTLER_CREDENTIAL);
- log.debug("Dismantler VC issued to bpn -> {}", request.getBpn());
+ log.debug("Dismantler VC issued to bpn -> {}", StringEscapeUtils.escapeJava(request.getBpn()));
// Return VC
return issuersCredential.getData();
@@ -358,7 +362,7 @@ public VerifiableCredential issueMembershipCredential(IssueMembershipCredentialR
//update summery VC
updateSummeryCredentials(issuerWallet.getDidDocument(), privateKeyBytes, issuerWallet.getDid(), holderWallet.getBpn(), holderWallet.getDid(), VerifiableCredentialType.MEMBERSHIP_CREDENTIAL);
- log.debug("Membership VC issued to bpn ->{}", issueMembershipCredentialRequest.getBpn());
+ log.debug("Membership VC issued to bpn ->{}", StringEscapeUtils.escapeJava(issueMembershipCredentialRequest.getBpn()));
// Return VC
return issuersCredential.getData();
@@ -407,7 +411,7 @@ public VerifiableCredential issueCredentialUsingBaseWallet(String holderDid, Map
IssuersCredential issuersCredential = IssuersCredential.of(holdersCredential);
issuersCredential = create(issuersCredential);
- log.debug("VC type of {} issued to bpn ->{}", verifiableCredential.getTypes(), holderWallet.getBpn());
+ log.debug("VC type of {} issued to bpn ->{}", StringEscapeUtils.escapeJava(verifiableCredential.getTypes().toString()), StringEscapeUtils.escapeJava(holderWallet.getBpn()));
// Return VC
return issuersCredential.getData();
@@ -416,10 +420,11 @@ public VerifiableCredential issueCredentialUsingBaseWallet(String holderDid, Map
/**
* Credentials validation map.
*
- * @param data the data
+ * @param data the data
+ * @param withCredentialExpiryDate the with credential expiry date
* @return the map
*/
- public Map credentialsValidation(Map data) {
+ public Map credentialsValidation(Map data, boolean withCredentialExpiryDate) {
VerifiableCredential verifiableCredential = new VerifiableCredential(data);
// DID Resolver Constracture params
@@ -441,9 +446,14 @@ public Map credentialsValidation(Map data) {
throw new BadDataException(String.format("Invalid proof type: %s", proofTye));
}
- Boolean valid = proofValidation.verifiyProof(verifiableCredential);
+ boolean valid = proofValidation.verifiyProof(verifiableCredential);
+
Map response = new HashMap<>();
- response.put(StringPool.VALID, valid);
+
+ //check expiry
+ boolean dateValidation = commonService.validateExpiry(withCredentialExpiryDate, verifiableCredential, response);
+
+ response.put(StringPool.VALID, valid && dateValidation);
response.put("vc", verifiableCredential);
return response;
@@ -504,12 +514,12 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu
} else {
items = List.of(type);
}
- log.debug("Issuing summary VC with items ->{}", items);
+ log.debug("Issuing summary VC with items ->{}", StringEscapeUtils.escapeJava(items.toString()));
//get summery VC of holder
List vcs = holdersCredentialRepository.getByHolderDidAndIssuerDidAndTypeAndStored(holderDid, issuerDid, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL, false); //deleted only not stored VC
if (CollectionUtils.isEmpty(vcs)) {
- log.debug("No summery VC found for did ->{}, checking in issuer", holderDid);
+ log.debug("No summery VC found for did ->{}, checking in issuer", StringEscapeUtils.escapeJava(holderDid));
} else {
//delete old summery VC from holder table, delete only not stored VC
holdersCredentialRepository.deleteAll(vcs);
@@ -522,7 +532,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu
StringPool.HOLDER_IDENTIFIER, holderBpn,
StringPool.ITEMS, items,
StringPool.TYPE, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL,
- StringPool.CONTRACT_TEMPLATES, miwSettings.contractTemplatesUrl()));
+ StringPool.CONTRACT_TEMPLATE, miwSettings.contractTemplatesUrl()));
List types = List.of(VerifiableCredentialType.VERIFIABLE_CREDENTIAL, MIWVerifiableCredentialType.SUMMARY_CREDENTIAL);
HoldersCredential holdersCredential = CommonUtils.getHoldersCredential(subject, types,
@@ -537,7 +547,7 @@ private void updateSummeryCredentials(DidDocument issuerDidDocument, byte[] issu
//Store Credential in issuers table
issuersCredentialRepository.save(IssuersCredential.of(holdersCredential));
- log.info("Summery VC updated for holder did -> {}", holderDid);
+ log.info("Summery VC updated for holder did -> {}", StringEscapeUtils.escapeJava(holderDid));
}
private Page getLastIssuedSummaryCredential(String issuerDid, String holderDid) {
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
index abac08086..296b64fd0 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java
@@ -21,6 +21,7 @@
package org.eclipse.tractusx.managedidentitywallets.service;
+import com.fasterxml.jackson.databind.ObjectMapper;
import com.nimbusds.jwt.SignedJWT;
import com.smartsensesolutions.java.commons.base.repository.BaseRepository;
import com.smartsensesolutions.java.commons.base.service.BaseService;
@@ -42,7 +43,9 @@
import org.eclipse.tractusx.ssi.lib.did.resolver.DidDocumentResolverRegistryImpl;
import org.eclipse.tractusx.ssi.lib.did.web.DidWebDocumentResolver;
import org.eclipse.tractusx.ssi.lib.did.web.util.DidWebParser;
+import org.eclipse.tractusx.ssi.lib.exception.InvalidJsonLdException;
import org.eclipse.tractusx.ssi.lib.exception.InvalidePrivateKeyFormat;
+import org.eclipse.tractusx.ssi.lib.exception.UnsupportedSignatureTypeException;
import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtFactory;
import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtValidator;
import org.eclipse.tractusx.ssi.lib.jwt.SignedJwtVerifier;
@@ -52,9 +55,12 @@
import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentation;
import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationBuilder;
import org.eclipse.tractusx.ssi.lib.model.verifiable.presentation.VerifiablePresentationType;
+import org.eclipse.tractusx.ssi.lib.proof.LinkedDataProofValidation;
+import org.eclipse.tractusx.ssi.lib.proof.SignatureType;
import org.eclipse.tractusx.ssi.lib.serialization.jsonLd.JsonLdSerializerImpl;
import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedJwtPresentationFactory;
import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedJwtPresentationFactoryImpl;
+import org.eclipse.tractusx.ssi.lib.serialization.jwt.SerializedVerifiablePresentation;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
@@ -142,7 +148,7 @@ public Map createPresentation(Map data, boolean
// Build VP
VerifiablePresentation verifiablePresentation =
verifiablePresentationBuilder
- .id(URI.create(UUID.randomUUID().toString()))
+ .id(URI.create(miwSettings.authorityWalletDid() + "#" + UUID.randomUUID().toString()))
.type(List.of(VerifiablePresentationType.VERIFIABLE_PRESENTATION))
.verifiableCredentials(verifiableCredentials)
.build();
@@ -178,18 +184,36 @@ public Map validatePresentation(Map vp, boolean
//validate audience
boolean validateAudience = validateAudience(audience, signedJWT);
- //validate date
- boolean validateExpiryDate = validateExpiryDate(withCredentialExpiryDate, signedJWT);
+ //validate jwt date
+ boolean validateJWTExpiryDate = validateJWTExpiryDate(signedJWT);
+ response.put(StringPool.VALIDATE_JWT_EXPIRY_DATE, validateJWTExpiryDate);
- response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate));
+ boolean validCredential = true;
+ boolean validateExpiryDate = true;
+ try {
+ final ObjectMapper mapper = new ObjectMapper();
+ Map claims = mapper.readValue(signedJWT.getPayload().toBytes(), Map.class);
+ String vpClaim = mapper.writeValueAsString(claims.get("vp"));
+
+ JsonLdSerializerImpl jsonLdSerializer = new JsonLdSerializerImpl();
+ VerifiablePresentation presentation = jsonLdSerializer.deserializePresentation(new SerializedVerifiablePresentation(vpClaim));
+
+ for (VerifiableCredential credential : presentation.getVerifiableCredentials()) {
+ validateExpiryDate = commonService.validateExpiry(withCredentialExpiryDate, credential, response);
+ if (!validateCredential(credential)) {
+ validCredential = false;
+ }
+ }
+ } catch (InvalidJsonLdException e) {
+ throw new BadDataException(String.format("Validation of VP in form of JSON-LD is not supported. Invalid Json-LD: %s", e.getMessage()));
+ }
+
+ response.put(StringPool.VALID, (validateSignature && validateAudience && validateExpiryDate && validCredential && validateJWTExpiryDate));
if (StringUtils.hasText(audience)) {
response.put(StringPool.VALIDATE_AUDIENCE, validateAudience);
}
- if (withCredentialExpiryDate) {
- response.put(StringPool.VALIDATE_EXPIRY_DATE, validateExpiryDate);
- }
} else {
throw new BadDataException("Validation of VP in form of JSON-LD is not supported");
@@ -206,27 +230,21 @@ private boolean validateSignature(SignedJWT signedJWT) {
new DidWebDocumentResolver(HttpClient.newHttpClient(), new DidWebParser(), miwSettings.enforceHttps()));
SignedJwtVerifier jwtVerifier = new SignedJwtVerifier(didDocumentResolverRegistry);
- jwtVerifier.verify(signedJWT);
- return true;
+ return jwtVerifier.verify(signedJWT);
} catch (Exception e) {
log.error("Can not verify signature of jwt", e);
return false;
}
}
- private boolean validateExpiryDate(boolean withCredentialExpiryDate, SignedJWT signedJWT) {
- if (withCredentialExpiryDate) {
- try {
- SignedJwtValidator jwtValidator = new SignedJwtValidator();
- jwtValidator.validateDate(signedJWT);
- return true;
- } catch (Exception e) {
- log.error("Can not expiry date ", e);
- return false;
- }
-
- } else {
+ private boolean validateJWTExpiryDate(SignedJWT signedJWT) {
+ try {
+ SignedJwtValidator jwtValidator = new SignedJwtValidator();
+ jwtValidator.validateDate(signedJWT);
return true;
+ } catch (Exception e) {
+ log.error("Can not expiry date ", e);
+ return false;
}
}
@@ -244,4 +262,35 @@ private boolean validateAudience(String audience, SignedJWT signedJWT) {
return true;
}
}
+
+ private boolean validateCredential(VerifiableCredential credential)
+ throws UnsupportedSignatureTypeException {
+ final DidDocumentResolverRegistry didDocumentResolverRegistry = new DidDocumentResolverRegistryImpl();
+ didDocumentResolverRegistry.register(
+ new DidWebDocumentResolver(HttpClient.newHttpClient(), new DidWebParser(), miwSettings.enforceHttps()));
+
+ final String proofType = credential.getProof().getType();
+ final LinkedDataProofValidation linkedDataProofValidation;
+ if (SignatureType.ED21559.toString().equals(proofType)) {
+ linkedDataProofValidation = LinkedDataProofValidation.newInstance(
+ SignatureType.ED21559,
+ didDocumentResolverRegistry
+ );
+ } else if (SignatureType.JWS.toString().equals(proofType)) {
+ linkedDataProofValidation = LinkedDataProofValidation.newInstance(
+ SignatureType.JWS,
+ didDocumentResolverRegistry
+ );
+ } else {
+ throw new UnsupportedSignatureTypeException(proofType);
+ }
+
+ final boolean isValid = linkedDataProofValidation.verifiyProof(credential);
+ if (isValid) {
+ log.debug("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId());
+ } else {
+ log.info("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId());
+ }
+ return isValid;
+ }
}
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
index 9b546abe6..d073c781e 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/WalletService.java
@@ -31,6 +31,7 @@
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.text.StringEscapeUtils;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
@@ -61,6 +62,7 @@
import org.springframework.transaction.annotation.Transactional;
import java.io.StringWriter;
+import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -221,8 +223,18 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority) {
didDocumentBuilder.id(did.toUri());
didDocumentBuilder.verificationMethods(List.of(jwkVerificationMethod));
DidDocument didDocument = didDocumentBuilder.build();
+ //modify context URLs
+ List context = didDocument.getContext();
+ List mutableContext = new ArrayList<>();
+ mutableContext.addAll(context);
+ miwSettings.didDocumentContextUrls().forEach(uri -> {
+ if (!mutableContext.contains(uri)) {
+ mutableContext.add(uri);
+ }
+ });
+ didDocument.put("@context", mutableContext);
didDocument = DidDocument.fromJson(didDocument.toJson());
- log.debug("did document created for bpn ->{}", request.getBpn());
+ log.debug("did document created for bpn ->{}", StringEscapeUtils.escapeJava(request.getBpn()));
//Save wallet
Wallet wallet = create(Wallet.builder()
@@ -237,12 +249,12 @@ private Wallet createWallet(CreateWalletRequest request, boolean authority) {
//Save key
walletKeyService.getRepository().save(WalletKey.builder()
.walletId(wallet.getId())
- .referenceKey("dummy ref key") //TODO removed once vault setup is ready
- .vaultAccessToken("dummy vault access token") ////TODO removed once vault setup is ready
+ .referenceKey("dummy ref key, removed once vault setup is ready")
+ .vaultAccessToken("dummy vault access token, removed once vault setup is ready")
.privateKey(encryptionUtils.encrypt(getPrivateKeyString(keyPair.getPrivateKey().asByte())))
.publicKey(encryptionUtils.encrypt(getPublicKeyString(keyPair.getPublicKey().asByte())))
.build());
- log.debug("Wallet created for bpn ->{}", request.getBpn());
+ log.debug("Wallet created for bpn ->{}", StringEscapeUtils.escapeJava(request.getBpn()));
Wallet issuerWallet = walletRepository.getByBpn(miwSettings.authorityWalletBpn());
@@ -264,9 +276,9 @@ public void createAuthorityWallet() {
.bpn(miwSettings.authorityWalletBpn())
.build();
createWallet(request, true);
- log.info("Authority wallet created with bpn {}", miwSettings.authorityWalletBpn());
+ log.info("Authority wallet created with bpn {}", StringEscapeUtils.escapeJava(miwSettings.authorityWalletBpn()));
} else {
- log.info("Authority wallet exists with bpn {}", miwSettings.authorityWalletBpn());
+ log.info("Authority wallet exists with bpn {}", StringEscapeUtils.escapeJava(miwSettings.authorityWalletBpn()));
}
}
@@ -277,24 +289,6 @@ private void validateCreateWallet(CreateWalletRequest request) {
}
}
-/*
- @SneakyThrows
- private Ed25519KeySet createKeyPair() {
- KeyPairGeneratorSpi.Ed25519 ed25519 = new KeyPairGeneratorSpi.Ed25519();
- ed25519.initialize(256, new SecureRandom());
- KeyPair keyPair = ed25519.generateKeyPair();
- PublicKey PubKey = keyPair.getPublic();
- PrivateKey PivKey = keyPair.getPrivate();
- Ed25519PrivateKeyParameters ed25519PrivateKeyParameters =
- (Ed25519PrivateKeyParameters) PrivateKeyFactory.createKey(PivKey.getEncoded());
- Ed25519PublicKeyParameters publicKeyParameters =
- (Ed25519PublicKeyParameters) PublicKeyFactory.createKey(PubKey.getEncoded());
-
- byte[] privateKeyBytes = ed25519PrivateKeyParameters.getEncoded();
- byte[] publicKeyBytes = publicKeyParameters.getEncoded();
- return new Ed25519KeySet(privateKeyBytes, publicKeyBytes);
- }*/
-
@SneakyThrows
private String getPrivateKeyString(byte[] privateKeyBytes) {
StringWriter stringWriter = new StringWriter();
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java
index 8a723a491..13e47aa2d 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/CommonUtils.java
@@ -103,11 +103,17 @@ private static VerifiableCredential createVerifiableCredential(DidDocument issue
VerifiableCredentialSubject verifiableCredentialSubject,
byte[] privateKey, List contexts, Date expiryDate) {
//VC Builder
+
+ // if the credential does not contain the JWS proof-context add it
+ URI jwsUri = URI.create("https://w3id.org/security/suites/jws-2020/v1");
+ if (!contexts.contains(jwsUri))
+ contexts.add(jwsUri);
+
URI id = URI.create(UUID.randomUUID().toString());
VerifiableCredentialBuilder builder =
new VerifiableCredentialBuilder()
.context(contexts)
- .id(id)
+ .id(URI.create(issuerDoc.getId() + "#" + id))
.type(verifiableCredentialType)
.issuer(issuerDoc.getId())
.expirationDate(expiryDate.toInstant())
diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java
index 87ac6f807..5dd273291 100644
--- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java
+++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/utils/StringToDidDocumentConverter.java
@@ -25,9 +25,6 @@
import lombok.SneakyThrows;
import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
-import java.net.URLDecoder;
-import java.nio.charset.StandardCharsets;
-
/**
* The type String to did document converter.
*/
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 99fefc4e5..15bd84c9b 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -44,13 +44,15 @@ management:
server:
port: ${MANAGEMENT_PORT:8090}
endpoint:
+ loggers:
+ enabled: true
health:
probes:
enabled: true
endpoints:
web:
exposure:
- include: '*, pre-stop'
+ include: '*, pre-stop, loggers'
health:
db:
enabled: true
@@ -59,6 +61,14 @@ management:
readinessState:
enabled: true
+# log level
+logging:
+ level:
+ org:
+ eclipse:
+ tractusx:
+ managedidentitywallets: ${APP_LOG_LEVEL:INFO}
+
miw:
host: ${MIW_HOST_NAME:localhost}
encryptionKey: ${ENCRYPTION_KEY:Woh9waid4Ei5eez0aitieghoow9so4oe}
@@ -71,6 +81,7 @@ miw:
supportedFrameworkVCTypes: ${SUPPORTED_FRAMEWORK_VC_TYPES:PcfCredential, SustainabilityCredential, QualityCredential, TraceabilityCredential, BehaviorTwinCredential, ResiliencyCredential}
enforceHttps: ${ENFORCE_HTTPS_IN_DID_RESOLUTION:true}
contractTemplatesUrl: ${CONTRACT_TEMPLATES_URL:https://public.catena-x.org/contracts/}
+ didDocumentContextUrls: ${DID_DOCUMENT_CONTEXT_URL:https://www.w3.org/ns/did/v1,https://w3c.github.io/vc-jws-2020/contexts/v1}
security:
enabled: true
realm: ${KEYCLOAK_REALM:miw_test}
diff --git a/src/main/resources/db/changelog/changes/init.sql b/src/main/resources/db/changelog/changes/init.sql
index 5e2083406..ad7219d5b 100644
--- a/src/main/resources/db/changelog/changes/init.sql
+++ b/src/main/resources/db/changelog/changes/init.sql
@@ -1,74 +1,77 @@
--liquibase formatted sql
--changeset nitin:1
-CREATE TABLE public.wallet (
- id bigserial NOT NULL,
- name varchar(255) NOT NULL,
- did varchar(255) NOT NULL,
- bpn varchar(255) NOT NULL,
- algorithm varchar(255) NOT NULL DEFAULT 'ED25519'::character varying,
- did_document text NOT NULL,
- created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
- modified_at timestamp(6) NULL,
- modified_from varchar(255) NULL,
- CONSTRAINT uk_bpn UNIQUE (bpn),
- CONSTRAINT uk_did UNIQUE (did),
- CONSTRAINT wallet_pkey PRIMARY KEY (id),
- CONSTRAINT wallet_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn)
+CREATE TABLE IF NOT EXISTS public.wallet
+(
+ id bigserial NOT NULL,
+ name varchar(255) NOT NULL,
+ did varchar(255) NOT NULL,
+ bpn varchar(255) NOT NULL,
+ algorithm varchar(255) NOT NULL DEFAULT 'ED25519'::character varying,
+ did_document text NOT NULL,
+ created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ modified_at timestamp(6) NULL,
+ modified_from varchar(255) NULL,
+ CONSTRAINT uk_bpn UNIQUE (bpn),
+ CONSTRAINT uk_did UNIQUE (did),
+ CONSTRAINT wallet_pkey PRIMARY KEY (id),
+ CONSTRAINT wallet_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE SET NULL
);
COMMENT ON TABLE public.wallet IS 'This table will store wallets';
-
-CREATE TABLE public.wallet_key (
- id bigserial NOT NULL,
- wallet_id bigserial NOT NULL,
- vault_access_token varchar(1000) NOT NULL,
- reference_key varchar(255) NOT NULL,
- private_key text NOT NULL,
- public_key text NOT NULL,
- created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
- modified_at timestamp(6) NULL,
- modified_from varchar(255) NULL,
- CONSTRAINT wallet_key_pkey PRIMARY KEY (id),
- CONSTRAINT wallet_fk FOREIGN KEY (wallet_id) REFERENCES public.wallet(id),
- CONSTRAINT wallet_key_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn)
+CREATE TABLE IF NOT EXISTS public.wallet_key
+(
+ id bigserial NOT NULL,
+ wallet_id bigserial NOT NULL,
+ vault_access_token varchar(1000) NOT NULL,
+ reference_key varchar(255) NOT NULL,
+ private_key text NOT NULL,
+ public_key text NOT NULL,
+ created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ modified_at timestamp(6) NULL,
+ modified_from varchar(255) NULL,
+ CONSTRAINT wallet_key_pkey PRIMARY KEY (id),
+ CONSTRAINT wallet_fk_2 FOREIGN KEY (wallet_id) REFERENCES public.wallet (id) ON DELETE CASCADE,
+ CONSTRAINT wallet_key_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE CASCADE
);
COMMENT ON TABLE public.wallet_key IS 'This table will store key pair of wallets';
-CREATE TABLE public.issuers_credential (
- id bigserial NOT NULL,
- holder_did varchar(255) NOT NULL,
- issuer_did varchar(255) NOT NULL,
- credential_id varchar(255) NOT NULL,
- "data" text NOT NULL,
- "type" varchar(255) NULL,
- created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
- modified_at timestamp(6) NULL,
- modified_from varchar(255) NULL,
- CONSTRAINT issuers_credential_pkey PRIMARY KEY (id),
- CONSTRAINT issuers_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn),
- CONSTRAINT issuers_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet(did)
+CREATE TABLE IF NOT EXISTS public.issuers_credential
+(
+ id bigserial NOT NULL,
+ holder_did varchar(255) NOT NULL,
+ issuer_did varchar(255) NOT NULL,
+ credential_id varchar(255) NOT NULL,
+ credential_data text NOT NULL,
+ credential_type varchar(255) NULL,
+ created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ modified_at timestamp(6) NULL,
+ modified_from varchar(255) NULL,
+ CONSTRAINT issuers_credential_pkey PRIMARY KEY (id),
+ CONSTRAINT issuers_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE SET NULL,
+ CONSTRAINT issuers_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet (did) ON DELETE CASCADE
);
-COMMENT ON TABLE public.issuers_credential IS 'This table will store issuers credentials';
+COMMENT ON TABLE public.issuers_credential IS 'This table will store issuers credentials';
-CREATE TABLE public.holders_credential (
- id bigserial NOT NULL,
- holder_did varchar(255) NOT NULL,
- issuer_did varchar(255) NOT NULL,
- credential_id varchar(255) NOT NULL,
- "data" text NOT NULL,
- "type" varchar(255) NULL,
- is_self_issued bool NOT null default false,
- is_stored bool NOT null default false,
- created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
- modified_at timestamp(6) NULL,
- modified_from varchar(255) NULL,
- CONSTRAINT holders_credential_pkey PRIMARY KEY (id),
- CONSTRAINT holders_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet(bpn),
- CONSTRAINT holders_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet(did)
+CREATE TABLE IF NOT EXISTS public.holders_credential
+(
+ id bigserial NOT NULL,
+ holder_did varchar(255) NOT NULL,
+ issuer_did varchar(255) NOT NULL,
+ credential_id varchar(255) NOT NULL,
+ credential_data text NOT NULL,
+ credential_type varchar(255) NULL,
+ is_self_issued bool NOT null default false,
+ is_stored bool NOT null default false,
+ created_at timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ modified_at timestamp(6) NULL,
+ modified_from varchar(255) NULL,
+ CONSTRAINT holders_credential_pkey PRIMARY KEY (id),
+ CONSTRAINT holders_credential_fk FOREIGN KEY (modified_from) REFERENCES public.wallet (bpn) ON DELETE SET NULL,
+ CONSTRAINT holders_credential_holder_wallet_fk FOREIGN KEY (holder_did) REFERENCES public.wallet (did) ON DELETE CASCADE
);
-COMMENT ON TABLE public.holders_credential IS 'This table will store holders credentials';
+COMMENT ON TABLE public.holders_credential IS 'This table will store holders credentials';
-COMMENT ON COLUMN public.holders_credential.is_stored IS 'true is VC is stored using store VC api(Not issued by MIW)';
\ No newline at end of file
+COMMENT ON COLUMN public.holders_credential.is_stored IS 'true is VC is stored using store VC api(Not issued by MIW)';
\ No newline at end of file
diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java
index 640bccbd8..f4e72bfec 100644
--- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java
+++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/config/TestContextInitializer.java
@@ -22,27 +22,35 @@
package org.eclipse.tractusx.managedidentitywallets.config;
import dasniko.testcontainers.keycloak.KeycloakContainer;
+import lombok.SneakyThrows;
import org.springframework.boot.test.util.TestPropertyValues;
import org.springframework.context.ApplicationContextInitializer;
import org.springframework.context.ConfigurableApplicationContext;
-import org.testcontainers.containers.PostgreSQLContainer;
-public class TestContextInitializer implements ApplicationContextInitializer {
+import java.net.ServerSocket;
- private static final PostgreSQLContainer postgreSQLContainer = new PostgreSQLContainer("postgres:15.2");
+public class TestContextInitializer implements ApplicationContextInitializer {
+ private static final int port = findFreePort();
private static final KeycloakContainer KEYCLOAK_CONTAINER = new KeycloakContainer().withRealmImportFile("miw-test-realm.json");
@Override
public void initialize(ConfigurableApplicationContext applicationContext) {
- postgreSQLContainer.start();
KEYCLOAK_CONTAINER.start();
String authServerUrl = KEYCLOAK_CONTAINER.getAuthServerUrl();
TestPropertyValues.of(
- "spring.datasource.url=" + postgreSQLContainer.getJdbcUrl(),
- "spring.datasource.username=" + postgreSQLContainer.getUsername(),
- "spring.datasource.password=" + postgreSQLContainer.getPassword(),
+ "server.port=" + port,
+ "miw.host: localhost:${server.port}",
+ "miw.enforceHttps=false",
+ "miw.authorityWalletBpn: BPNL000000000000",
+ "miw.authorityWalletName: Test-X",
+ "miw.authorityWalletDid: did:web:localhost%3A${server.port}:BPNL000000000000",
+ "spring.datasource.url=jdbc:h2:mem:testdb",
+ "spring.datasource.driverClassName=org.h2.Driver",
+ "spring.jpa.database-platform=org.hibernate.dialect.H2Dialect",
+ "spring.datasource.username=sa",
+ "spring.datasource.password=password",
"miw.security.auth-server-url=" + authServerUrl,
"miw.security.auth-url=${miw.security.auth-server-url}realms/${miw.security.realm}/protocol/openid-connect/auth",
"miw.security.token-url=${miw.security.auth-server-url}realms/${miw.security.realm}/protocol/openid-connect/token",
@@ -55,4 +63,11 @@ public void initialize(ConfigurableApplicationContext applicationContext) {
public static String getAuthServerUrl() {
return KEYCLOAK_CONTAINER.getAuthServerUrl();
}
+
+ @SneakyThrows
+ public static int findFreePort() {
+ try (ServerSocket socket = new ServerSocket(0)) {
+ return socket.getLocalPort();
+ }
+ }
}
diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java
index d01ee985f..538e0c6b3 100644
--- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java
+++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/did/DidDocumentsTest.java
@@ -24,12 +24,9 @@
import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
-import org.eclipse.tractusx.managedidentitywallets.constant.StringPool;
import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
-import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository;
-import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletKeyRepository;
-import org.eclipse.tractusx.managedidentitywallets.dao.repository.WalletRepository;
-import org.eclipse.tractusx.ssi.lib.model.did.DidDocument;
+import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
+import org.eclipse.tractusx.managedidentitywallets.service.WalletService;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
@@ -41,22 +38,15 @@
import java.util.UUID;
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class})
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class})
@ContextConfiguration(initializers = {TestContextInitializer.class})
class DidDocumentsTest {
- @Autowired
- private WalletRepository walletRepository;
-
- @Autowired
- private WalletKeyRepository walletKeyRepository;
@Autowired
- private HoldersCredentialRepository holdersCredentialRepository;
-
+ private WalletService walletService;
@Autowired
private TestRestTemplate restTemplate;
-
@Test
void getDidDocumentInvalidBpn404() {
ResponseEntity response = restTemplate.getForEntity(RestURI.DID_DOCUMENTS, String.class, UUID.randomUUID().toString());
@@ -67,25 +57,13 @@ void getDidDocumentInvalidBpn404() {
void getDidDocumentWithBpn200() {
String bpn = UUID.randomUUID().toString();
- String did = "did:web:localhost:" + bpn;
+ createWallet(bpn);
- createWallet(bpn, did);
ResponseEntity response = restTemplate.getForEntity(RestURI.DID_DOCUMENTS, String.class, bpn);
Assertions.assertEquals(HttpStatus.OK.value(), response.getStatusCode().value());
Assertions.assertNotNull(response.getBody());
}
- @Test
- void getDidDocumentWithDid200() {
- String bpn = UUID.randomUUID().toString();
- String did = "did:web:localhost:" + bpn;
-
- createWallet(bpn, did);
- ResponseEntity response = restTemplate.getForEntity(RestURI.DID_DOCUMENTS, String.class, did);
- Assertions.assertEquals(HttpStatus.OK.value(), response.getStatusCode().value());
- Assertions.assertNotNull(response.getBody());
- }
-
@Test
void getDidResolveInvalidBpn404() {
ResponseEntity response = restTemplate.getForEntity(RestURI.DID_RESOLVE, String.class, UUID.randomUUID().toString());
@@ -96,37 +74,17 @@ void getDidResolveInvalidBpn404() {
void getDidResolveWithBpn200() {
String bpn = UUID.randomUUID().toString();
- String did = "did:web:localhost:" + bpn;
- createWallet(bpn, did);
+ createWallet(bpn);
ResponseEntity response = restTemplate.getForEntity(RestURI.DID_RESOLVE, String.class, bpn);
Assertions.assertEquals(HttpStatus.OK.value(), response.getStatusCode().value());
Assertions.assertNotNull(response.getBody());
}
- private Wallet createWallet(String bpn, String did) {
- String didDocument = """
- {
- "id": "did:web:localhost%3Abpn123124",
- "verificationMethod": [
- {
- "publicKeyMultibase": "z9mo3TUPvEntiBQtHYVXXy5DfxLGgaHa84ZT6Er2qWs4y",
- "controller": "did:web:localhost%3Abpn123124",
- "id": "did:web:localhost%3Abpn123124#key-1",
- "type": "Ed25519VerificationKey2020"
- }
- ],
- "@context": "https://www.w3.org/ns/did/v1"
- }
- """;
-
- Wallet wallet = Wallet.builder()
- .bpn(bpn)
- .did(did)
- .didDocument(DidDocument.fromJson(didDocument))
- .algorithm(StringPool.ED_25519)
- .name(bpn)
- .build();
- return walletRepository.save(wallet);
+ private Wallet createWallet(String bpn) {
+ CreateWalletRequest createWalletRequest = new CreateWalletRequest();
+ createWalletRequest.setBpn(bpn);
+ createWalletRequest.setName("wallet_" + bpn);
+ return walletService.createWallet(createWalletRequest);
}
}
diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
index 2d0a98200..dd99e720d 100644
--- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
+++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/AuthenticationUtils.java
@@ -85,7 +85,6 @@ private static String getJwtToken(String username, String bpn) {
List list = List.of("BPN", "bpn", "bPn"); //Do not add more field here, if you do make sure you change in keycloak realm file
Random randomizer = new Random();
String attributeName = list.get(randomizer.nextInt(list.size()));
- System.out.println("attributeName---------------------->" + attributeName);
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl(TestContextInitializer.getAuthServerUrl())
diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java
index bc70ab372..4aa44d39a 100644
--- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java
+++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/utils/EncryptionTest.java
@@ -29,7 +29,7 @@
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ContextConfiguration;
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class})
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class})
@ContextConfiguration(initializers = {TestContextInitializer.class})
class EncryptionTest {
diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java
index b24b5d3d3..3d5e7fc5b 100644
--- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java
+++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/DeleteHoldersCredentialTest.java
@@ -21,17 +21,24 @@
package org.eclipse.tractusx.managedidentitywallets.vc;
+import lombok.SneakyThrows;
import org.eclipse.tractusx.managedidentitywallets.ManagedIdentityWalletsApplication;
import org.eclipse.tractusx.managedidentitywallets.config.MIWSettings;
import org.eclipse.tractusx.managedidentitywallets.config.TestContextInitializer;
import org.eclipse.tractusx.managedidentitywallets.constant.RestURI;
import org.eclipse.tractusx.managedidentitywallets.dao.entity.HoldersCredential;
import org.eclipse.tractusx.managedidentitywallets.dao.entity.IssuersCredential;
+import org.eclipse.tractusx.managedidentitywallets.dao.entity.Wallet;
import org.eclipse.tractusx.managedidentitywallets.dao.repository.HoldersCredentialRepository;
import org.eclipse.tractusx.managedidentitywallets.dao.repository.IssuersCredentialRepository;
+import org.eclipse.tractusx.managedidentitywallets.dto.CreateWalletRequest;
+import org.eclipse.tractusx.managedidentitywallets.service.WalletService;
import org.eclipse.tractusx.managedidentitywallets.utils.AuthenticationUtils;
-import org.eclipse.tractusx.managedidentitywallets.utils.TestUtils;
+import org.eclipse.tractusx.ssi.lib.model.did.Did;
+import org.eclipse.tractusx.ssi.lib.model.did.DidParser;
+import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;
@@ -43,7 +50,7 @@
import java.util.Map;
import java.util.UUID;
-@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = {ManagedIdentityWalletsApplication.class})
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.DEFINED_PORT, classes = {ManagedIdentityWalletsApplication.class})
@ContextConfiguration(initializers = {TestContextInitializer.class})
class DeleteHoldersCredentialTest {
@Autowired
@@ -57,6 +64,33 @@ class DeleteHoldersCredentialTest {
@Autowired
private MIWSettings miwSettings;
+ @Autowired
+ private WalletService walletService;
+
+ private String tenantBpn;
+ private Did tenantDid;
+ private String bpnOperator;
+ private Did operatorDid;
+
+ @BeforeEach
+ @SneakyThrows
+ public void setup() {
+ tenantBpn = UUID.randomUUID().toString();
+ bpnOperator = miwSettings.authorityWalletBpn();
+ operatorDid = DidParser.parse(miwSettings.authorityWalletDid());
+
+ final CreateWalletRequest createWalletRequest = new CreateWalletRequest();
+ createWalletRequest.setBpn(tenantBpn);
+ createWalletRequest.setName("My Test Tenant Wallet");
+ final Wallet tenantWallet = walletService.createWallet(createWalletRequest);
+ tenantDid = DidParser.parse(tenantWallet.getDid());
+ }
+
+ @AfterEach
+ public void tearDown() {
+ Wallet tenantWallet = walletService.getWalletByIdentifier(tenantBpn, false, bpnOperator);
+ walletService.delete(tenantWallet.getId());
+ }
@Test
void deleteCredentialTestWithInvalidRole403() {
@@ -68,18 +102,13 @@ void deleteCredentialTestWithInvalidRole403() {
@Test
void deleteCredentialTest204() {
- String bpn = UUID.randomUUID().toString();
- String did = "did:web:localhost:" + bpn;
- //create new wallet
- TestUtils.createWallet(bpn, did, restTemplate);
-
//Fetch bpn credential which is auto generated while create wallet
- List credentials = holdersCredentialRepository.getByHolderDid(did);
+ List credentials = holdersCredentialRepository.getByHolderDid(tenantDid.toString());
String type = credentials.get(0).getType();
String idToDeleted = credentials.get(0).getCredentialId();
Assertions.assertFalse(credentials.isEmpty());
- HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(bpn);
+ HttpHeaders headers = AuthenticationUtils.getValidUserHttpHeaders(tenantBpn);
HttpEntity