Skip to content

Commit

Permalink
Merge pull request #52 from sic-applied-ai/merge-to-develop
Browse files Browse the repository at this point in the history
Merge main to develop branch
  • Loading branch information
SebastianBezold authored Aug 15, 2023
2 parents e56bd80 + 1716b81 commit ea2df7c
Show file tree
Hide file tree
Showing 20 changed files with 449 additions and 282 deletions.
146 changes: 73 additions & 73 deletions .github/workflows/chart-lint.yml
Original file line number Diff line number Diff line change
@@ -1,87 +1,87 @@
################################################################################
# Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License, Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0.
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
# /********************************************************************************
# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
# *
# * See the NOTICE file(s) distributed with this work for additional
# * information regarding copyright ownership.
# *
# * This program and the accompanying materials are made available under the
# * terms of the Apache License, Version 2.0 which is available at
# * https://www.apache.org/licenses/LICENSE-2.0.
# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# * License for the specific language governing permissions and limitations
# * under the License.
# *
# * SPDX-License-Identifier: Apache-2.0
# ********************************************************************************/

# name: Lint and Test Charts
name: Lint and Test Charts

# # Run chart linting and tests on each pull request
# on:
# pull_request:
# paths:
# - 'charts/**'
# Run chart linting and tests on each pull request
on:
pull_request:
paths:
- 'charts/**'

# jobs:
# chart-lint:
# runs-on: ubuntu-latest
# steps:
# - name: Checkout
# uses: actions/checkout@v2
# with:
# fetch-depth: 0
jobs:
chart-lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0

# - name: Set up Helm
# uses: azure/setup-helm@v3
# with:
# version: v3.11.3
- name: Set up Helm
uses: azure/setup-helm@v3
with:
version: v3.11.3

# - name: Update Helm dependencies
# run: |
# cd charts/managed-identity-wallet
# helm dependency update
- name: Update Helm dependencies
run: |
cd charts/managed-identity-wallet
helm dependency update
# - name: Install Helm unittest plugin
# run: |
# helm plugin install https://github.com/helm-unittest/helm-unittest.git
- name: Install Helm unittest plugin
run: |
helm plugin install https://github.com/helm-unittest/helm-unittest.git
# # Setup python as a prerequisite for chart linting
# - uses: actions/setup-python@v2
# with:
# python-version: 3.7
# Setup python as a prerequisite for chart linting
- uses: actions/setup-python@v2
with:
python-version: 3.9

# - name: Set up chart-testing
# uses: helm/chart-testing-action@v2.3.1
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.3.1

# - name: Install Task
# uses: arduino/setup-task@v1
- name: Install Task
uses: arduino/setup-task@v1

# - name: Run chart-testing (list-changed)
# id: list-changed
# run: |
# changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
# if [[ -n "$changed" ]]; then
# echo "::set-output name=changed::true"
# fi
- name: Run chart-testing (list-changed)
id: list-changed
run: |
changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
if [[ -n "$changed" ]]; then
echo "::set-output name=changed::true"
fi
# # run chart linting
# - name: Run chart-testing (lint)
# run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet
# run chart linting
- name: Run chart-testing (lint)
run: ct lint --config charts/chart-testing-config.yaml --charts ./charts/managed-identity-wallet

# # run chart unittest
# - name: Run Helm unittests
# run: task helm:unittest
# run chart unittest
- name: Run Helm unittests
run: task helm:unittest

# # Preparing a kind cluster to install and test charts on
# - name: Create kind cluster
# uses: helm/kind-action@v1.7.0
# if: steps.list-changed.outputs.changed == 'true'
# Preparing a kind cluster to install and test charts on
- name: Create kind cluster
uses: helm/kind-action@v1.7.0
if: steps.list-changed.outputs.changed == 'true'

# # install the chart to the kind cluster and run helm test
# # define charts to test with the --charts parameter
# - name: Run chart-testing (install)
# run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml
# if: steps.list-changed.outputs.changed == 'true'
# install the chart to the kind cluster and run helm test
# define charts to test with the --charts parameter
- name: Run chart-testing (install)
run: ct install --charts charts/managed-identity-wallet --config charts/chart-testing-config.yaml
if: steps.list-changed.outputs.changed == 'true'
4 changes: 2 additions & 2 deletions charts/managed-identity-wallet/Chart.lock
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@ dependencies:
- name: postgresql
repository: https://charts.bitnami.com/bitnami
version: 11.9.13
digest: sha256:051285066cef2799e39e2953c4abd405c36510a09e9e1bd1833a29224daffddb
generated: "2023-05-31T12:06:07.066291+02:00"
digest: sha256:09e3316dcc19431e38274d225f5749fe197f70e92209418bbe63c9df83a44df7
generated: "2023-08-02T09:02:48.457769+02:00"
4 changes: 2 additions & 2 deletions charts/managed-identity-wallet/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ description: |
type: application

version: 1.0.1
version: 1.1.0
appVersion: 0.0.1

home: https://github.com/eclipse-tractusx/managed-identity-wallet
Expand All @@ -45,4 +45,4 @@ dependencies:
- name: postgresql
version: 11.9.13
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
condition: postgresql.internal.enabled
42 changes: 36 additions & 6 deletions charts/managed-identity-wallet/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# managed-identity-wallet

![Version: 1.0.1](https://img.shields.io/badge/Version-1.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)

Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs.
And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g., within logistical supply chains.
Expand Down Expand Up @@ -55,21 +55,51 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document
| backup.database.storage.diskSize | string | `"10G"` | Disk size for backup content |
| backup.database.storage.keepStorage | bool | `true` | Set to true, if the PV should stay even when the chart release is uninstalled |
| backup.database.storage.storageClassName | string | `"-"` | storageClassName |
| envs | object | `{}` | Parameters for the application (will be provided as plain environment variables) |
| envs | object | `{"APPLICATION_ENVIRONMENT":"dev","AUTHORITY_WALLET_BPN":"","AUTHORITY_WALLET_DID":"","AUTHORITY_WALLET_NAME":"","AUTH_SERVER_URL":"","DB_POOL_SIZE":"","KEYCLOAK_MIW_PUBLIC_CLIENT":"","KEYCLOAK_REALM":"","MANAGEMENT_PORT":null,"MIW_HOST_NAME":"localhost","USE_SSL":false,"VC_EXPIRY_DATE":"","VC_SCHEMA_LINK":""}` | Parameters for the application (will be provided as plain environment variables) |
| envs.APPLICATION_ENVIRONMENT | string | `"dev"` | Application environments like dev, int, prod |
| envs.AUTHORITY_WALLET_BPN | string | `""` | Authority/base wallet/root wallet BPN |
| envs.AUTHORITY_WALLET_DID | string | `""` | Authority/base wallet/root wallet web did |
| envs.AUTHORITY_WALLET_NAME | string | `""` | Authority/base wallet/root wallet name |
| envs.AUTH_SERVER_URL | string | `""` | Keycloak server url |
| envs.DB_POOL_SIZE | string | `""` | Initial database connection pool size |
| envs.KEYCLOAK_MIW_PUBLIC_CLIENT | string | `""` | Keycloak public client id, used only if we want to enable login in swagger using keycloak |
| envs.KEYCLOAK_REALM | string | `""` | Keycloak realm name |
| envs.MANAGEMENT_PORT | string | `nil` | Spring actuator port |
| envs.MIW_HOST_NAME | string | `"localhost"` | Hostname of miw application |
| envs.USE_SSL | bool | `false` | Whether database connection with SSL, true if the database connection is done using SSL |
| envs.VC_EXPIRY_DATE | string | `""` | Default expiry date of issued VC |
| envs.VC_SCHEMA_LINK | string | `""` | Verifiable credential schema URL, which will be part of @context in VC |
| fullnameOverride | string | `""` | |
| image | object | `{"pullPolicy":"Always","repository":"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service","tag":""}` | Image of the main container |
| image | object | `{"pullPolicy":"Always","repository":"tractusx/managed-identity-wallet","tag":""}` | Image of the main container |
| image.pullPolicy | string | `"Always"` | PullPolicy |
| image.repository | string | `"ghcr.io/catenax-ng/tx-managed-identity-wallets_miw_service"` | Image repository |
| image.repository | string | `"tractusx/managed-identity-wallet"` | Image repository |
| image.tag | string | `""` | Image tag (empty one will use "appVersion" value from chart definition) |
| imagePullSecrets | list | `[{"name":"acr-credential"}]` | Credentials for a private repo |
| imagePullSecrets | list | `[]` | Credentials name for private repos |
| ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration |
| nameOverride | string | `""` | |
| nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration |
| podAnnotations | object | `{}` | PodAnnotation configuration |
| podSecurityContext | object | `{}` | PodSecurityContext |
| postgresql | object | `{"auth":{"database":"miw","username":"miw"},"external":{"auth":{"existingSecret":"","existingSecretKey":"password","password":"","username":""},"config":{"database":"","host":"","port":5432}},"internal":{"enabled":true}}` | Configuration of the Postgresql database (internal and external) |
| postgresql.auth | object | `{"database":"miw","username":"miw"}` | Default settings for the primary database and user |
| postgresql.auth.database | string | `"miw"` | MIW database name |
| postgresql.auth.username | string | `"miw"` | username for MIW database |
| postgresql.external | object | `{"auth":{"existingSecret":"","existingSecretKey":"password","password":"","username":""},"config":{"database":"","host":"","port":5432}}` | Configure own postgresql database |
| postgresql.external.auth.existingSecret | string | `""` | Existing secret with provided password |
| postgresql.external.auth.existingSecretKey | string | `"password"` | Key name of password in secret |
| postgresql.external.auth.password | string | `""` | DB password |
| postgresql.external.auth.username | string | `""` | DB username |
| postgresql.external.config | object | `{"database":"","host":"","port":5432}` | General config |
| postgresql.external.config.database | string | `""` | Existing database to use |
| postgresql.external.config.host | string | `""` | Instance host or IP |
| postgresql.external.config.port | int | `5432` | Instance port |
| postgresql.internal | object | `{"enabled":true}` | Configure bundled postgresql |
| postgresql.internal.enabled | bool | `true` | Enable bundled database |
| replicaCount | int | `1` | The amount of replicas to run |
| resources | object | `{"limits":{"cpu":4,"memory":"1Gi"},"requests":{"cpu":"250m","memory":"500Mi"}}` | Resource boundaries |
| secrets | object | `{}` | Parameters for the application (will be stored as secrets - so, for passwords, ...) |
| secrets | object | `{"ENCRYPTION_KEY":"","KEYCLOAK_CLIENT_ID":""}` | Parameters for the application (will be stored as secrets - so, for important values, ...) |
| secrets.ENCRYPTION_KEY | string | `""` | AES encryption key used to encrypt/decrypt private keys (random 32 chars) |
| secrets.KEYCLOAK_CLIENT_ID | string | `""` | Keycloak confidential client id for MIW application |
| securityContext | object | `{"allowPrivilegeEscalation":false,"privileged":false,"runAsGroup":11111,"runAsNonRoot":true,"runAsUser":11111}` | Preconfigured SecurityContext |
| service | object | `{"port":8080,"type":"ClusterIP"}` | Service configuration |
| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | ServiceAccount configuration |
Expand Down
8 changes: 4 additions & 4 deletions charts/managed-identity-wallet/templates/backup/cronjob.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
# * SPDX-License-Identifier: Apache-2.0
# ********************************************************************************/

{{ if .Values.backup.database.enabled -}}
{{ if and .Values.backup.database.enabled .Values.postgresql.internal.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
Expand All @@ -41,13 +41,13 @@ spec:
- "/bin/sh"
args:
- "-c"
- 'pg_dump -v -Fc -U {{ .Values.secrets.DB_USER_NAME }} -h {{ .Values.envs.DB_HOST }} miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump'
- 'pg_dump -v -Fc -U {{ .Values.postgresql.auth.username }} -h {{ .Release.Name }}-postgresql {{ .Values.postgresql.auth.database }} > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump'
env:
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: {{ include "managed-identity-wallet.fullname" . }}
key: DB_PASSWORD
name: {{ .Release.Name }}-postgresql
key: password
restartPolicy: Never
volumes:
- name: data
Expand Down
40 changes: 37 additions & 3 deletions charts/managed-identity-wallet/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,18 +53,52 @@ spec:
env:
- name: APPLICATION_PORT
value: "8080"
{{- if .Values.postgresql.internal.enabled }}
- name: DB_HOST
value: {{ .Release.Name }}-postgresql
- name: DB_USER_NAME
value: {{ .Values.postgresql.auth.username }}
- name: DB_NAME
value: {{ .Values.postgresql.auth.database }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Release.Name }}-postgresql
key: password
{{- else }}
- name: DB_HOST
value: {{ .Values.postgresql.external.config.host }}
- name: DB_PORT
value: {{ .Values.postgresql.external.config.port | quote }}
- name: DB_USER_NAME
value: {{ .Values.postgresql.external.auth.username }}
- name: DB_NAME
value: {{ .Values.postgresql.external.config.database }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
{{- if .Values.postgresql.external.auth.existingSecret }}
name: {{ .Values.postgresql.external.auth.existingSecret }}
key: {{ .Values.postgresql.external.auth.existingSecretKey }}
{{- else }}
name: {{ include "managed-identity-wallet.fullname" . }}-postgresql
key: password
{{- end }}
{{- end }}
{{- if or .Values.envs .Values.secrets }}
{{- range $key, $val := .Values.envs }}
{{- if $val }}
- name: {{ $key }}
value: {{ $val }}
{{- end}}
value: {{ $val | quote }}
{{- end }}
{{- end }}
{{- range $key, $val := .Values.secrets }}
- name: {{ $key }}
valueFrom:
secretKeyRef:
name: {{ include "managed-identity-wallet.fullname" $ }}
key: {{ $key }}
{{- end}}
{{- end }}
{{- end }}
ports:
- name: http
Expand Down
30 changes: 30 additions & 0 deletions charts/managed-identity-wallet/templates/secret-database.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
# /********************************************************************************
# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation
# *
# * See the NOTICE file(s) distributed with this work for additional
# * information regarding copyright ownership.
# *
# * This program and the accompanying materials are made available under the
# * terms of the Apache License, Version 2.0 which is available at
# * https://www.apache.org/licenses/LICENSE-2.0.
# *
# * Unless required by applicable law or agreed to in writing, software
# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# * License for the specific language governing permissions and limitations
# * under the License.
# *
# * SPDX-License-Identifier: Apache-2.0
# ********************************************************************************/

{{- if and (not .Values.postgresql.internal.enabled) ( not .Values.postgresql.external.auth.existingSecret ) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "managed-identity-wallet.fullname" . }}-postgresql
labels:
{{- include "managed-identity-wallet.labels" . | nindent 4 }}
type: Opaque
data:
password: {{ .Values.postgresql.external.auth.password | b64enc }}
{{- end -}}
Original file line number Diff line number Diff line change
Expand Up @@ -77,8 +77,8 @@ tests:
name: PGPASSWORD
valueFrom:
secretKeyRef:
name: RELEASE-NAME-managed-identity-wallet
key: DB_PASSWORD
name: RELEASE-NAME-postgresql
key: password

- it: should have default command and args
asserts:
Expand All @@ -90,4 +90,11 @@ tests:
path: spec.jobTemplate.spec.template.spec.containers[0].args
value:
- "-c"
- 'pg_dump -v -Fc -U dbuser -h postgres-host miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump'
- 'pg_dump -v -Fc -U miw -h RELEASE-NAME-postgresql miw > /backup/miw-postgres-$(date +"%m-%d-%Y-%H:%M:%S").pgdump'

- it: should not render, if external DB is used
set:
postgresql.internal.enabled: false
asserts:
- hasDocuments:
count: 0
Loading

0 comments on commit ea2df7c

Please sign in to comment.