From 3b8b93f816d42d8a2f3035d729441602f508790f Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 24 Nov 2023 10:08:08 +0100 Subject: [PATCH 01/16] feat(helm): add pgadmin4 as component to the chart (disabled by default) Changes: - update values.yaml doc strimg and README.md - use fixed version for helm-unittest in pipeline - add pgadmin4 helm chart to local charts (due to missing feature in upstream Helm chart) - Postgresql is preconfigured in pgadmin (password needed only) --- .github/workflows/chart-verification.yml | 2 +- charts/managed-identity-wallet/Chart.lock | 9 +- charts/managed-identity-wallet/Chart.yaml | 5 + charts/managed-identity-wallet/README.md | 12 +- .../charts/pgadmin4/Chart.yaml | 17 + .../charts/pgadmin4/README.md | 151 ++++++++ .../charts/pgadmin4/templates/NOTES.txt | 21 + .../charts/pgadmin4/templates/_helpers.tpl | 108 ++++++ .../pgadmin4/templates/auth-secret.yaml | 13 + .../charts/pgadmin4/templates/deployment.yaml | 248 ++++++++++++ .../charts/pgadmin4/templates/extra-list.yaml | 4 + .../charts/pgadmin4/templates/hpa.yaml | 40 ++ .../charts/pgadmin4/templates/ingress.yaml | 60 +++ .../pgadmin4/templates/networkpolicy.yaml | 20 + .../charts/pgadmin4/templates/pvc.yaml | 27 ++ .../server-definitions-configmap.yaml | 12 + .../templates/server-definitions-secret.yaml | 14 + .../charts/pgadmin4/templates/service.yaml | 29 ++ .../pgadmin4/templates/serviceaccount.yaml | 14 + .../templates/tests/test-connection.yaml | 35 ++ .../charts/pgadmin4/values.yaml | 361 ++++++++++++++++++ .../templates/_helpers.tpl | 6 + .../templates/pgAdmin-server-definitions.yaml | 11 + charts/managed-identity-wallet/values.yaml | 45 ++- 24 files changed, 1258 insertions(+), 6 deletions(-) create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/README.md create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml create mode 100644 charts/managed-identity-wallet/charts/pgadmin4/values.yaml create mode 100644 charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml index 5c70c1553..88e547d41 100644 --- a/.github/workflows/chart-verification.yml +++ b/.github/workflows/chart-verification.yml @@ -119,7 +119,7 @@ jobs: - name: Install Helm unittest plugin run: | - helm plugin install https://github.com/helm-unittest/helm-unittest.git + helm plugin install https://github.com/helm-unittest/helm-unittest.git --version 0.3.5 - name: Run Helm unittests run: task helm:unittest diff --git a/charts/managed-identity-wallet/Chart.lock b/charts/managed-identity-wallet/Chart.lock index 45fec3516..4bc218a11 100644 --- a/charts/managed-identity-wallet/Chart.lock +++ b/charts/managed-identity-wallet/Chart.lock @@ -4,9 +4,12 @@ dependencies: version: 15.1.6 - name: common repository: https://charts.bitnami.com/bitnami - version: 2.8.0 + version: 2.13.3 - name: postgresql repository: https://charts.bitnami.com/bitnami version: 11.9.13 -digest: sha256:4ec5952d86e68eb97bc393404e52e5a7371eed72d769440d1fa549c8db8b4a3b -generated: "2023-08-21T23:08:36.120845+02:00" +- name: pgadmin4 + repository: file://charts/pgadmin4 + version: 1.19.0 +digest: sha256:30c1e41f2c5f35829f68dd52ecc80005b4edf726d9e472801f6bfb834b8be512 +generated: "2023-11-22T12:12:48.461495+01:00" diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index 4e3ee48ea..c1b13dec5 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -58,3 +58,8 @@ dependencies: version: 11.9.13 repository: https://charts.bitnami.com/bitnami condition: postgresql.internal.enabled + - name: pgadmin4 + repository: file://charts/pgadmin4 # https://helm.runix.net + # License: https://github.com/rowanruseler/helm-charts/blob/main/LICENSE + version: 1.19.0 + condition: pgadmin4.enabled diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 25bd5ab60..26a28a07f 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -2,7 +2,7 @@ # managed-identity-wallet -![Version: 0.2.0-develop.4](https://img.shields.io/badge/Version-0.2.0--develop.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.4](https://img.shields.io/badge/AppVersion-0.2.0--develop.4-informational?style=flat-square) +![Version: 0.1.0-rc.2](https://img.shields.io/badge/Version-0.1.0--rc.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0-rc.2](https://img.shields.io/badge/AppVersion-0.1.0--rc.2-informational?style=flat-square) Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains. @@ -77,6 +77,7 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | Repository | Name | Version | |------------|------|---------| +| file://charts/pgadmin4 | pgadmin4 | 1.19.0 | | https://charts.bitnami.com/bitnami | common | 2.x.x | | https://charts.bitnami.com/bitnami | keycloak | 15.1.6 | | https://charts.bitnami.com/bitnami | postgresql | 11.9.13 | @@ -142,6 +143,15 @@ See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command document | miw.ssi.vcExpiryDate | string | `""` | Verifiable Credential expiry date. Format 'dd-MM-yyyy'. If empty it is set to 31-12- | | nameOverride | string | `""` | String to partially override common.names.fullname template (will maintain the release name) | | nodeSelector | object | `{"kubernetes.io/os":"linux"}` | NodeSelector configuration | +| pgadmin4.enabled | bool | `true` | Enable to deploy pgAdmin | +| pgadmin4.env.email | string | `"admin@miw.com"` | Preset the admin user email | +| pgadmin4.env.password | string | `"very-secret-password"` | preset password (there is no auto-generated password) | +| pgadmin4.extraServerDefinitions.enabled | bool | `true` | enable the predefined server for pgadmin | +| pgadmin4.extraServerDefinitions.servers | object | `{}` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers | +| pgadmin4.ingress.annotations | object | `{}` | | +| pgadmin4.ingress.enabled | bool | `false` | Enagle pgAdmin ingress | +| pgadmin4.ingress.hosts | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) | +| pgadmin4.ingress.tls | list | `[]` | See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) | | podAnnotations | object | `{}` | PodAnnotation configuration | | podSecurityContext | object | `{}` | PodSecurityContext | | postgresql.auth.database | string | `"miw_app"` | Postgresql database to create | diff --git a/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml b/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml new file mode 100644 index 000000000..0845449b1 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +description: pgAdmin4 is a web based administration tool for PostgreSQL database +name: pgadmin4 +version: 1.19.0 +appVersion: "7.8" +keywords: + - pgadmin + - postgres + - database + - sql +home: https://www.pgadmin.org/ +icon: https://wiki.postgresql.org/images/3/30/PostgreSQL_logo.3colors.120x120.png +sources: + - https://github.com/rowanruseler/helm-charts +maintainers: + - name: rowanruseler + email: rowanruseler@gmail.com diff --git a/charts/managed-identity-wallet/charts/pgadmin4/README.md b/charts/managed-identity-wallet/charts/pgadmin4/README.md new file mode 100644 index 000000000..ad7618f1f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/README.md @@ -0,0 +1,151 @@ +###### based on [dpage/pgadmin4] + +# pgAdmin 4 + +[pgAdmin4](https://www.pgadmin.org/) is the leading Open Source management tool for Postgres, the world’s most advanced Open Source database. pgAdmin4 is designed to meet the needs of both novice and experienced Postgres users alike, providing a powerful graphical interface that simplifies the creation, maintenance and use of database objects. + +## TL;DR; + +```console +helm repo add runix https://helm.runix.net +helm install runix/pgadmin4 +``` + +## Introduction + +This chart bootstraps a [pgAdmin4](https://www.pgadmin.org/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Install the Chart + +To install the chart with the release name `my-release`: + +```console +$ # Helm 2 +helm install --name my-release runix/pgadmin4 +$ # Helm 3 +helm install my-release runix/pgadmin4 +``` + +The command deploys pgAdmin4 on the Kubernetes cluster in the default configuration. The configuration section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstall the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete --purge my-release +``` + +The command removes nearly all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `replicaCount` | Number of pgadmin4 replicas | `1` | +| `image.registry` | Docker image registry | `docker.io` | +| `image.repository` | Docker image | `dpage/pgadmin4` | +| `image.tag` | Docker image tag | `""` | +| `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | +| `annotations` | Deployment Annotations | `{}` | +| `priorityClassName` | Deployment priorityClassName | `""` | +| `command` | Deployment command override | `""` | +| `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | +| `service.clusterIP` | Service type Cluster IP | `""` | +| `service.loadBalancerIP` | Service Load Balancer IP | `""` | +| `service.annotations` | Service Annotations | `{}` | +| `service.port` | Service port | `80` | +| `service.portName` | Name of the port on the service | `http` | +| `service.targetPort` | Internal service port | `http` | +| `service.nodePort` | Kubernetes service nodePort | `` | +| `serviceAccount.create` | Creates a ServiceAccount for the pod. | `false` | +| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | +| `serviceAccount.name` | The name of the service account. Otherwise uses the fullname. | `` | +| `serviceAccount.automountServiceAccountToken` | Opt out of API credential automounting. | `false` | +| `strategy` | Specifies the strategy used to replace old Pods by new ones | `{}` | +| `serverDefinitions.enabled` | Enables Server Definitions | `false` | +| `serverDefinitions.resourceType` | The type of resource to deploy server definitions (either `ConfigMap` or `Secret`) | `ConfigMap` | +| `serverDefinitions.servers` | Pre-configured server parameters | `{}` | +| `networkPolicy.enabled` | Enables Network Policy | `true` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.ingressClassName` | Ingress class name | `""` | +| `ingress.hosts.host` | Ingress accepted hostname | `nil` | +| `ingress.hosts.paths` | Ingress paths list | `[]` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `extraConfigmapMounts` | Additional configMap volume mounts for pgadmin4 pod | `[]` | +| `extraSecretMounts` | Additional secret volume mounts for pgadmin4 pod | `[]` | +| `extraContainers` | Sidecar containers to add to the pgadmin4 pod | `"[]"` | +| `existingSecret` | The name of an existing secret containing the pgadmin4 default password. | `""` | +| `secretKeys.pgadminPasswordKey` | Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. | `"password"` | +| `extraInitContainers` | Sidecar init containers to add to the pgadmin4 pod | `"[]"` | +| `env.email` | pgAdmin4 default email. Needed chart reinstall for apply changes | `chart@domain.com` | +| `env.password` | pgAdmin4 default password. Needed chart reinstall for apply changes | `SuperSecret` | +| `env.pgpassfile` | Path to pgpasssfile (optional). Needed chart reinstall for apply changes | `` | +| `env.enhanced_cookie_protection` | Allows pgAdmin4 to create session cookies based on IP address | `"False"` | +| `env.contextPath` | Context path for accessing pgadmin (optional) | `` | +| `envVarsFromConfigMaps` | Array of ConfigMap names to load as environment variables | `[]` | +| `envVarsFromSecrets` | Array of Secret names to load as environment variables | `[]` | +| `persistentVolume.enabled` | If true, pgAdmin4 will create a Persistent Volume Claim | `true` | +| `persistentVolume.accessMode` | Persistent Volume access Mode | `ReadWriteOnce` | +| `persistentVolume.size` | Persistent Volume size | `10Gi` | +| `persistentVolume.storageClass` | Persistent Volume Storage Class | `unset` | +| `persistentVolume.existingClaim` | Persistent Volume existing claim name | | `unset` | +| `persistentVolume.subPath` | Subdirectory of the volume to mount at | `unset` | +| `securityContext` | Custom [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 pod | `` | +| `containerSecurityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for pgAdmin4 container | `` | +| `livenessProbe` | [liveness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `startupProbe` | [startup probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `readinessProbe` | [readiness probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) initial delay and timeout | `` | +| `VolumePermissions.enabled` | Enables init container that changes volume permissions in the data directory | `false` | +| `extraDeploy` | list of extra manifests to deploy | `[]` | +| `extraInitContainers` | Init containers to launch alongside the app | `[]` | +| `containerPorts.http` | Sets http port inside pgadmin container | `80` | +| `resources` | CPU/memory resource requests/limits | `{}` | +| `autoscaling.enabled` | Enables Autoscaling | `false` | +| `autoscaling.minReplicas` | Minimum amount of Replicas | `1` | +| `autoscaling.maxReplicas` | Maximum amount of Replicas| `100` | +| `autoscaling.targetCPUUtilizationPercentage` | Target CPU Utilization in percentage | `80` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Node tolerations for pod assignment | `[]` | +| `affinity` | Node affinity for pod assignment | `{}` | +| `podAnnotations` | Annotations for pod | `{}` | +| `podLabels` | Labels for pod | `{}` | +| `namespace` | Namespace where to deploy resources | `null` | +| `init.resources` | Init container CPU/memory resource requests/limits | `{}` | +| `test.image.registry` | Docker image registry for test | `docker.io` | +| `test.image.repository` | Docker image for test | `busybox` | +| `test.image.tag` | Docker image tag for test| `latest` | +| `test.resources` | CPU/memory resource requests/limits for test | `{}` | +| `test.securityContext` | Custom [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) for test Pod | `` | + +> The values for "extraConfigmapMounts.[].configMap" and "extraSecretMounts.[].secret" can be either a simple string +> or a template string. +> Then it will be resolved for you. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```console +$ # Helm 2 +helm install runix/pgadmin4 --name my-release \ + --set env.password=SuperSecret +$ # Helm 3 +helm install my-release runix/pgadmin4 \ + --set env.password=SuperSecret +``` + +Alternatively, a YAML file that specifies the values for the parameters can be +provided while installing the chart. For example: + +```console +$ # Helm 2 +helm install runix/pgadmin4 --name my-release -f values.yaml +$ # Helm 3 +helm install my-release runix/pgadmin4 -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/values.yaml) and look on [examples](https://github.com/rowanruseler/helm-charts/blob/main/charts/pgadmin4/examples/). + +[dpage/pgadmin4]: https://hub.docker.com/r/dpage/pgadmin4 diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt b/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt new file mode 100644 index 000000000..67b0bdcb4 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "pgadmin.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "pgadmin.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "pgadmin.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "pgadmin.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl b/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl new file mode 100644 index 000000000..22129b2c7 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/_helpers.tpl @@ -0,0 +1,108 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "pgadmin.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "pgadmin.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "pgadmin.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "pgadmin.labels" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/name: {{ include "pgadmin.name" . }} +app.kubernetes.io/version: {{ .Values.image.tag | default .Chart.AppVersion | quote }} +helm.sh/chart: {{ include "pgadmin.chart" . }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "pgadmin.selectorLabels" -}} +app.kubernetes.io/name: {{ include "pgadmin.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Generate chart secret name +*/}} +{{- define "pgadmin.secretName" -}} +{{ default (include "pgadmin.fullname" .) .Values.existingSecret }} +{{- end -}} + +{{/* +Defines a JSON file containing server definitions. This allows connection information to be pre-loaded into the instance of pgAdmin in the container. Note that server definitions are only loaded on first launch, i.e. when the configuration database is created, and not on subsequent launches using the same configuration database. +*/}} +{{- define "pgadmin.serverDefinitions" -}} +{ + "Servers": {{ .Values.serverDefinitions.servers | toJson }} +} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- if semverCompare "<1.9.0-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1beta2" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for network policy. +*/}} +{{- define "networkPolicy.apiVersion" -}} +{{- if semverCompare "<1.8.0-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "networking.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Renders a value that contains template. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "common.tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Create the name of the namespace +*/}} +{{- define "pgadmin.namespaceName" -}} +{{- default .Release.Namespace .Values.namespace }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml new file mode 100644 index 000000000..aecd2efac --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/auth-secret.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.existingSecret }} +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +type: Opaque +data: + password: {{ default "SuperSecret" .Values.env.password | b64enc | quote }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml new file mode 100644 index 000000000..a343ee38f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/deployment.yaml @@ -0,0 +1,248 @@ +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: {{ template "deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +{{- if .Values.annotations }} + annotations: + {{- if .Values.annotations }} + {{- .Values.annotations | toYaml | nindent 4 }} + {{- end }} +{{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "pgadmin.selectorLabels" . | nindent 6 }} +{{- if .Values.strategy }} + strategy: + {{- .Values.strategy | toYaml | nindent 4 }} +{{- end }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "pgadmin.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or (not .Values.existingSecret) .Values.podAnnotations }} + annotations: + {{- if .Values.podAnnotations }} + {{- .Values.podAnnotations | toYaml | nindent 8 }} + {{- end }} + {{- if not .Values.existingSecret }} + checksum/secret: {{ include (print $.Template.BasePath "/auth-secret.yaml") . | sha256sum }} + {{- end }} + {{- end }} + + spec: + {{- if .Values.serviceAccount.create }} + serviceAccountName: {{ default $fullName .Values.serviceAccount.name }} + {{- end }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} + {{- if or (.Values.VolumePermissions.enabled) .Values.extraInitContainers }} + initContainers: + {{- if .Values.VolumePermissions.enabled }} + - name: init-chmod-data + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/bin/chown", "-R", "5050:5050", "/var/lib/pgadmin"] + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + subPath: {{ .Values.persistentVolume.subPath | default "" }} + securityContext: + runAsUser: 0 + resources: + {{- .Values.init.resources | toYaml | nindent 12 }} + {{- end }} + {{- with .Values.extraInitContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.command }} + command: + {{- toYaml .Values.command | nindent 12 }} + {{- end }} + {{- if .Values.args }} + args: + {{- toYaml .Values.args | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + protocol: TCP + {{- if .Values.livenessProbe }} + livenessProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.livenessProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.startupProbe }} + startupProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.startupProbe | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.readinessProbe }} + readinessProbe: + httpGet: + port: http + {{- if .Values.env.contextPath }} + path: "{{ .Values.env.contextPath }}/misc/ping" + {{- else }} + path: /misc/ping + {{- end }} + {{- .Values.readinessProbe | toYaml | nindent 12 }} + {{- end }} + env: + - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION + value: {{ .Values.env.enhanced_cookie_protection | quote }} + - name: PGADMIN_DEFAULT_EMAIL + value: {{ .Values.env.email }} + {{- if .Values.env.pgpassfile }} + - name: PGPASSFILE + value: {{ .Values.env.pgpassfile }} + {{- end }} + - name: PGADMIN_DEFAULT_PASSWORD + valueFrom: + secretKeyRef: + {{- if not .Values.existingSecret }} + name: {{ $fullName }} + key: password + {{- else }} + name: {{ .Values.existingSecret }} + key: {{ .Values.secretKeys.pgadminPasswordKey }} + {{- end }} + {{- if .Values.env.contextPath }} + - name: SCRIPT_NAME + value: {{ .Values.env.contextPath }} + {{- end }} + {{- if .Values.serverDefinitions.enabled }} + - name: PGADMIN_SERVER_JSON_FILE + value: /pgadmin4/servers.json + {{- end }} + {{- range .Values.env.variables }} + - name: {{ .name | quote }} + value: {{ .value | quote }} + {{- end }} + {{- if or .Values.envVarsFromConfigMaps .Values.envVarsFromSecrets }} + envFrom: + {{- range .Values.envVarsFromConfigMaps }} + - configMapRef: + name: {{ . | quote }} + {{- end }} + {{- range .Values.envVarsFromSecrets }} + - secretRef: + name: {{ . | quote }} + {{- end }} + {{- end }} + volumeMounts: + - name: pgadmin-data + mountPath: /var/lib/pgadmin + subPath: {{ .Values.persistentVolume.subPath | default "" }} + {{- if .Values.serverDefinitions.enabled }} + - name: definitions + mountPath: /pgadmin4/servers.json + subPath: servers.json + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- .Values.extraVolumeMounts | toYaml | nindent 12 }} + {{- end }} + resources: + {{- .Values.resources | toYaml | nindent 12 }} + {{- with .Values.extraContainers }} + {{ tpl . $ | nindent 8 }} + {{- end }} + volumes: + - name: pgadmin-data + {{- if .Values.persistentVolume.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistentVolume.existingClaim }}{{ .Values.persistentVolume.existingClaim }}{{- else }}{{ $fullName }}{{- end }} + {{- else }} + emptyDir: {} + {{- end }} + {{- range .Values.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ tpl (.configMap) $ }} + defaultMode: {{ .defaultMode | default 256 }} + {{- end }} + {{- range .Values.extraSecretMounts }} + - name: {{ .name }} + secret: + secretName: {{ tpl (.secret) $ }} + defaultMode: {{ .defaultMode | default 256 }} + {{- end }} + {{- if .Values.extraVolumes }} + {{- .Values.extraVolumes | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.serverDefinitions.enabled }} + - name: definitions + {{- if eq .Values.serverDefinitions.resourceType "Secret" }} + secret: + secretName: {{ $fullName }}-server-definitions + {{- else }} + configMap: + name: {{ $fullName }}-server-definitions + {{- end }} + items: + - key: servers.json + path: servers.json + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- .Values.imagePullSecrets | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.securityContext }} + securityContext: + {{- .Values.securityContext | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- .Values.affinity | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- .Values.tolerations | toYaml | nindent 8 }} + {{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml new file mode 100644 index 000000000..9ac65f9e1 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml new file mode 100644 index 000000000..1e063941f --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/hpa.yaml @@ -0,0 +1,40 @@ +{{- if .Values.autoscaling.enabled }} +{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.23-0" $kubeVersion -}} +apiVersion: autoscaling/v2 +{{- else if semverCompare ">=1.18-0" $kubeVersion -}} +apiVersion: autoscaling/v2beta2 +{{- else -}} +apiVersion: autoscaling/v2beta1 +{{- end }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "pgadmin.fullname" . }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "pgadmin.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml new file mode 100644 index 000000000..ca181fdea --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/ingress.yaml @@ -0,0 +1,60 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "pgadmin.fullname" . -}} +{{- $svcPort := .Values.service.port -}} +{{- $kubeVersion := .Capabilities.KubeVersion.Version -}} +{{- if semverCompare ">=1.19-0" $kubeVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare "<=1.13-0" $kubeVersion -}} +apiVersion: extensions/v1beta1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" $kubeVersion) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} +{{- end }} +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ tpl (.) $ | quote }} + {{- end }} + {{- if .secretName }} + secretName: {{ tpl (.secretName) $ }} + {{- end }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ tpl (.host) $ | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $kubeVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $kubeVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ $svcPort }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml new file mode 100644 index 000000000..8a12a9d36 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/networkpolicy.yaml @@ -0,0 +1,20 @@ +{{- if .Values.networkPolicy.enabled -}} +{{- $fullName := include "pgadmin.fullname" . -}} +apiVersion: {{ template "networkPolicy.apiVersion" . }} +kind: NetworkPolicy +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +spec: + policyTypes: + - Ingress + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "pgadmin.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - ports: + - port: {{ .Values.service.targetPort }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml new file mode 100644 index 000000000..c088652e9 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if and .Values.persistentVolume.enabled (not .Values.persistentVolume.existingClaim) }} +{{- $fullName := include "pgadmin.fullname" . -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ $fullName }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.persistentVolume.annotations }} + annotations: + {{- .Values.persistentVolume.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + accessModes: + {{- .Values.persistentVolume.accessModes | toYaml | nindent 4 }} +{{- if .Values.persistentVolume.storageClass }} +{{- if (eq "-" .Values.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistentVolume.storageClass }}" +{{- end }} +{{- end }} + resources: + requests: + storage: {{ .Values.persistentVolume.size }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml new file mode 100644 index 000000000..3245d1eea --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-configmap.yaml @@ -0,0 +1,12 @@ +{{- if and .Values.serverDefinitions.enabled ( ne .Values.serverDefinitions.resourceType "Secret" ) }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "pgadmin.fullname" . }}-server-definitions + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +data: + servers.json: |- +{{ include "pgadmin.serverDefinitions" . | indent 4 }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml new file mode 100644 index 000000000..13768e0f8 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/server-definitions-secret.yaml @@ -0,0 +1,14 @@ +{{- if not .Values.existingSecret }} +{{- if and .Values.serverDefinitions.enabled ( eq .Values.serverDefinitions.resourceType "Secret" ) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "pgadmin.fullname" . }}-server-definitions + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +type: Opaque +data: + servers.json: {{ include "pgadmin.serverDefinitions" . | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml new file mode 100644 index 000000000..f6399b1d8 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/service.yaml @@ -0,0 +1,29 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pgadmin.fullname" . }} + namespace: {{ include "pgadmin.namespaceName" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.service.annotations }} + annotations: + {{- .Values.service.annotations | toYaml | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") (not (empty .Values.service.clusterIP)) }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + protocol: TCP + name: {{ .Values.service.portName }} + selector: + {{- include "pgadmin.selectorLabels" . | nindent 4 }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml new file mode 100644 index 000000000..877dc9031 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/serviceaccount.yaml @@ -0,0 +1,14 @@ +{{- if and (.Values.serviceAccount.create) (not .Values.serviceAccount.name) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "pgadmin.fullname" . }} + labels: + {{- include "pgadmin.labels" . | nindent 4 }} + {{- if .Values.serviceAccount.annotations }} + annotations: + {{- .Values.serviceAccount.annotations | toYaml | nindent 4 }} + {{- end }} + namespace: {{ include "pgadmin.namespaceName" . }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml b/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml new file mode 100644 index 000000000..986cb7050 --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/templates/tests/test-connection.yaml @@ -0,0 +1,35 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "pgadmin.fullname" . }}-test-connection" + namespace: {{ include "pgadmin.namespaceName" . }} + labels: +{{ include "pgadmin.labels" . | indent 4 }} + annotations: + "helm.sh/hook": test + "helm.sh/hook-delete-policy": hook-succeeded +spec: + securityContext: + runAsNonRoot: true + {{- if .Values.test.securityContext }} + {{- .Values.test.securityContext | toYaml | nindent 4 }} + {{- end }} + containers: + - name: wget + image: "{{ .Values.test.image.registry }}/{{ .Values.test.image.repository }}:{{ .Values.test.image.tag }}" + env: + - name: PGADMIN_HOST + value: {{ include "pgadmin.fullname" . }} + - name: PGADMIN_PORT + value: "{{ .Values.service.port }}" + command: + - /bin/sh + - -ec + - | + response=$(wget -qSO - http://${PGADMIN_HOST}:${PGADMIN_PORT} 2>&1) + check=$(echo $response | grep -c '200 OK'); echo $check; if [[ $check -gt 0 ]]; then echo "Response OK"; else exit 1; fi + resources: + {{- .Values.test.resources | toYaml | nindent 8 }} + securityContext: + readOnlyRootFilesystem: true + restartPolicy: Never diff --git a/charts/managed-identity-wallet/charts/pgadmin4/values.yaml b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml new file mode 100644 index 000000000..4fceed5ac --- /dev/null +++ b/charts/managed-identity-wallet/charts/pgadmin4/values.yaml @@ -0,0 +1,361 @@ +# Default values for pgAdmin4. + +replicaCount: 1 + +## pgAdmin4 container image +## +image: + registry: docker.io + repository: dpage/pgadmin4 + # Overrides the image tag whose default is the chart appVersion. + tag: "" + pullPolicy: IfNotPresent + +## Deployment annotations +annotations: {} + +## priorityClassName +priorityClassName: "" + +## Deployment entrypoint override +## Useful when there's a requirement to modify container's default: +## https://www.vaultproject.io/docs/platform/k8s/injector/examples#environment-variable-example +## ref: https://github.com/postgres/pgadmin4/blob/master/Dockerfile#L206 +# command: "['/bin/sh', '-c', 'source /vault/secrets/config && ']" + +service: + type: ClusterIP + clusterIP: "" + loadBalancerIP: "" + port: 80 + targetPort: 80 + # targetPort: 4181 To be used with a proxy extraContainer + portName: http + + annotations: {} + ## Special annotations at the service level, e.g + ## this will set vnet internal IP's rather than public ip's + ## service.beta.kubernetes.io/azure-load-balancer-internal: "true" + + ## Specify the nodePort value for the service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + +## Pod Service Account +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + # Opt out of API credential automounting. + # If you don't want the kubelet to automatically mount a ServiceAccount's API credentials, + # you can opt out of the default behavior + automountServiceAccountToken: false + +## Strategy used to replace old Pods by new ones +## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy +## +strategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + +## Server definitions will be loaded at launch time. This allows connection +## information to be pre-loaded into the instance of pgAdmin4 in the container. +## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/import_export_servers.html +## +serverDefinitions: + ## If true, server definitions will be created + ## + enabled: false + + ## The resource type to use for deploying server definitions. + ## Can either be ConfigMap or Secret + resourceType: ConfigMap + + servers: + # firstServer: + # Name: "Minimally Defined Server" + # Group: "Servers" + # Port: 5432 + # Username: "postgres" + # Host: "localhost" + # SSLMode: "prefer" + # MaintenanceDB: "postgres" + +networkPolicy: + enabled: true + +## Ingress +## Ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # ingressClassName: "" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: Prefix + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +# Additional config maps to be mounted inside a container +# Can be used to map config maps for sidecar as well +extraConfigmapMounts: [] + # - name: certs-configmap + # mountPath: /etc/ssl/certs + # subPath: ca-certificates.crt # (optional) + # configMap: certs-configmap + # readOnly: true + +extraSecretMounts: [] + # - name: pgpassfile + # secret: pgpassfile + # subPath: pgpassfile + # mountPath: "/var/lib/pgadmin/storage/pgadmin/file.pgpass" + # readOnly: true + +## Additional volumes to be mounted inside a container +## +extraVolumeMounts: [] + +## Specify additional containers in extraContainers. +## For example, to add an authentication proxy to a pgadmin4 pod. +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + +## @param existingSecret Name of existing secret to use for default pgadmin credentials. `env.password` will be ignored and picked up from this secret. +## +existingSecret: "" +## @param secretKeys.pgadminPasswordKey Name of key in existing secret to use for default pgadmin credentials. Only used when `existingSecret` is set. +## +secretKeys: + pgadminPasswordKey: password + +## pgAdmin4 startup configuration +## Values in here get injected as environment variables +## Needed chart reinstall for apply changes +env: + # can be email or nickname + email: chart@domain.com + password: SuperSecret + # pgpassfile: /var/lib/pgadmin/storage/pgadmin/file.pgpass + + # set context path for application (e.g. /pgadmin4/*) + # contextPath: /pgadmin4 + + ## If True, allows pgAdmin4 to create session cookies based on IP address + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/config_py.html + ## + enhanced_cookie_protection: "False" + + ## Add custom environment variables that will be injected to deployment + ## Ref: https://www.pgadmin.org/docs/pgadmin4/latest/container_deployment.html + ## + variables: [] + # - name: PGADMIN_LISTEN_ADDRESS + # value: "0.0.0.0" + # - name: PGADMIN_LISTEN_PORT + # value: "8080" + +## Additional environment variables from ConfigMaps +envVarsFromConfigMaps: [] + # - array-of + # - config-map-names + +## Additional environment variables from Secrets +envVarsFromSecrets: [] + # - array-of + # - secret-names + +persistentVolume: + ## If true, pgAdmin4 will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: true + + ## pgAdmin4 Persistent Volume Claim annotations + ## + annotations: {} + + ## pgAdmin4 Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + accessModes: + - ReadWriteOnce + + ## pgAdmin4 Persistent Volume Size + ## + size: 10Gi + + ## pgAdmin4 Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + # existingClaim: "" + ## Sub-directory of the PV to mount + # subPath: "" + +## Additional volumes to be added to the deployment +## +extraVolumes: [] + +## Security context to be added to pgAdmin4 pods +## +securityContext: + runAsUser: 5050 + runAsGroup: 5050 + fsGroup: 5050 + +containerSecurityContext: + enabled: false + allowPrivilegeEscalation: false + +## pgAdmin4 readiness and liveness probe initial delay and timeout +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +## +livenessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +readinessProbe: + initialDelaySeconds: 30 + periodSeconds: 60 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + +## Required to be enabled pre pgAdmin4 4.16 release, to set the ACL on /var/lib/pgadmin. +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## +VolumePermissions: + ## If true, enables an InitContainer to set permissions on /var/lib/pgadmin. + ## + enabled: false + +## @param extraDeploy list of extra manifests to deploy +## +extraDeploy: [] + +## Additional InitContainers to initialize the pod +## +extraInitContainers: | +# - name: add-folder-for-pgpass +# image: "dpage/pgadmin4:latest" +# command: ["/bin/mkdir", "-p", "/var/lib/pgadmin/storage/pgadmin"] +# volumeMounts: +# - name: pgadmin-data +# mountPath: /var/lib/pgadmin +# securityContext: +# runAsUser: 5050 + +containerPorts: + http: 80 + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +## Horizontal Pod Autoscaling +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +# +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +## Node labels for pgAdmin4 pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Node tolerations for server scheduling to nodes with taints +## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +## +tolerations: [] + +## Pod affinity +## +affinity: {} + +## Pod annotations +## +podAnnotations: {} + +## Pod labels +## +podLabels: {} + # key1: value1 + # key2: value2 + +# -- The name of the Namespace to deploy +# If not set, `.Release.Namespace` is used +namespace: null + +init: + ## Init container resources + ## + resources: {} + +## Define values for chart tests +test: + ## Container image for test-connection.yaml + image: + registry: docker.io + repository: busybox + tag: latest + ## Resources request/limit for test-connection Pod + resources: {} + # limits: + # cpu: 50m + # memory: 32Mi + # requests: + # cpu: 25m + # memory: 16Mi + ## Security context for test-connection Pod + securityContext: + runAsUser: 5051 + runAsGroup: 5051 + fsGroup: 5051 diff --git a/charts/managed-identity-wallet/templates/_helpers.tpl b/charts/managed-identity-wallet/templates/_helpers.tpl index 0d78c77c0..cf153767c 100644 --- a/charts/managed-identity-wallet/templates/_helpers.tpl +++ b/charts/managed-identity-wallet/templates/_helpers.tpl @@ -79,3 +79,9 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{- define "managed-identity-wallet.pgadminServerDefinitions" -}} +{ + "Servers": {{ .Values.pgadmin4.extraServerDefinitions.servers | toJson }} +} +{{- end -}} diff --git a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml new file mode 100644 index 000000000..86cb4a17e --- /dev/null +++ b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.pgadmin4.enabled .Values.pgadmin4.extraServerDefinitions.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-pgadmin4-server-definitions + labels: + {{- include "pgadmin.labels" . | nindent 4 }} +data: + servers.json: |- +{{- include "common.tplvalues.render" (dict "value" (include "managed-identity-wallet.pgadminServerDefinitions" .) "context" $) | nindent 4 }} +{{- end }} diff --git a/charts/managed-identity-wallet/values.yaml b/charts/managed-identity-wallet/values.yaml index b627e1961..c78e9a65b 100644 --- a/charts/managed-identity-wallet/values.yaml +++ b/charts/managed-identity-wallet/values.yaml @@ -41,7 +41,7 @@ secrets: {} envs: {} serviceAccount: - # -- Enable creation of ServiceAccount + # -- Enable creation of ServiceAccount create: true # -- Annotations to add to the ServiceAccount annotations: {} @@ -259,3 +259,46 @@ postgresql: resourcePolicy: "keep" # -- PVC Storage Request for the backup data volume size: "8Gi" + +# For more information on how to configure the pgadmin chart see https://artifacthub.io/packages/helm/runix/pgadmin4. +pgadmin4: + # -- Enable to deploy pgAdmin + enabled: true + env: + # -- Preset the admin user email + email: admin@miw.com + # -- preset password (there is no auto-generated password) + password: very-secret-password + # @ignore + variables: + - name: PGADMIN_SERVER_JSON_FILE + value: /pgadmin4/servers.json + ingress: + # -- Enagle pgAdmin ingress + enabled: false + annotations: {} + # -- See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L104) how to configure the ingress host(s) + hosts: [] + # -- See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L109) how to configure tls for the ingress host(s) + tls: [] + extraServerDefinitions: + # -- enable the predefined server for pgadmin + enabled: true + # -- See [here](https://github.com/rowanruseler/helm-charts/blob/9b970b2e419c2300dfbb3f827a985157098a0287/charts/pgadmin4/values.yaml#L84) how to configure the predefined servers + servers: + # @ignore + miw-internal-postgresql: + Name: "MIW internal Postgresql DB" + Group: "Servers" + Port: 5432 + Username: "miw" + Host: "{{ .Release.Name }}-postgresql" + SSLMode: "prefer" + MaintenanceDB: "postgres" + # @ignore + extraConfigmapMounts: + - name: server-definitions + configMap: "{{ .Release.Name }}-pgadmin4-server-definitions" + subPath: servers.json + mountPath: "/pgadmin4/servers.json" + readOnly: true From fe7b7970d6301557a6bfa3605efbf1b69dd84a50 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 24 Nov 2023 11:03:39 +0100 Subject: [PATCH 02/16] feat(helm): restrict helm-docs to generate the top level README.md only and update README.md --- .github/workflows/chart-verification.yml | 2 +- charts/managed-identity-wallet/.helmdocsignore | 1 + charts/managed-identity-wallet/.helmignore | 2 +- charts/managed-identity-wallet/README.md | 2 +- dev-assets/tasks/helm.yaml | 2 +- 5 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 charts/managed-identity-wallet/.helmdocsignore diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml index 88e547d41..c05c9492c 100644 --- a/.github/workflows/chart-verification.yml +++ b/.github/workflows/chart-verification.yml @@ -74,7 +74,7 @@ jobs: with: image: jnorwood/helm-docs:v1.11.3 options: -v ${{ github.workspace }}/charts:/helm-docs - run: helm-docs + run: helm-docs -i managed-identity-wallet/.helmdocsignore - name: Verify that no changes are required run: | diff --git a/charts/managed-identity-wallet/.helmdocsignore b/charts/managed-identity-wallet/.helmdocsignore new file mode 100644 index 000000000..ee3892e87 --- /dev/null +++ b/charts/managed-identity-wallet/.helmdocsignore @@ -0,0 +1 @@ +charts/ diff --git a/charts/managed-identity-wallet/.helmignore b/charts/managed-identity-wallet/.helmignore index 0886f15ef..70181f49b 100644 --- a/charts/managed-identity-wallet/.helmignore +++ b/charts/managed-identity-wallet/.helmignore @@ -24,5 +24,5 @@ tests/ values-*.yaml README.md.gotmpl +.helmdocsignore ci/ -argocd/ diff --git a/charts/managed-identity-wallet/README.md b/charts/managed-identity-wallet/README.md index 26a28a07f..6d5de86d0 100644 --- a/charts/managed-identity-wallet/README.md +++ b/charts/managed-identity-wallet/README.md @@ -2,7 +2,7 @@ # managed-identity-wallet -![Version: 0.1.0-rc.2](https://img.shields.io/badge/Version-0.1.0--rc.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.1.0-rc.2](https://img.shields.io/badge/AppVersion-0.1.0--rc.2-informational?style=flat-square) +![Version: 0.2.0-develop.7](https://img.shields.io/badge/Version-0.2.0--develop.7-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.0-develop.7](https://img.shields.io/badge/AppVersion-0.2.0--develop.7-informational?style=flat-square) Managed Identity Wallet is supposed to supply a secure data source and data sink for Digital Identity Documents (DID), in order to enable Self-Sovereign Identity founding on those DIDs. And at the same it shall support an uninterrupted tracking and tracing and documenting the usage of those DIDs, e.g. within logistical supply chains. diff --git a/dev-assets/tasks/helm.yaml b/dev-assets/tasks/helm.yaml index dce88ee83..741515101 100644 --- a/dev-assets/tasks/helm.yaml +++ b/dev-assets/tasks/helm.yaml @@ -30,4 +30,4 @@ tasks: desc: Rebuilds the readme of the Helm chart dir: charts/managed-identity-wallet cmds: - - helm-docs . + - helm-docs -i charts/managed-identity-wallet/.helmdocsignore . From 7fd730f0afaeae2afbc12e5711c67d4077bed2fa Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Fri, 24 Nov 2023 11:24:57 +0100 Subject: [PATCH 03/16] chore(helm): add Copyright header --- .../templates/pgAdmin-server-definitions.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml index 86cb4a17e..53fd2be4f 100644 --- a/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml +++ b/charts/managed-identity-wallet/templates/pgAdmin-server-definitions.yaml @@ -1,3 +1,22 @@ +# /******************************************************************************** +# * Copyright (c) 2021,2023 Contributors to the Eclipse Foundation +# * +# * See the NOTICE file(s) distributed with this work for additional +# * information regarding copyright ownership. +# * +# * This program and the accompanying materials are made available under the +# * terms of the Apache License, Version 2.0 which is available at +# * https://www.apache.org/licenses/LICENSE-2.0. +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# * License for the specific language governing permissions and limitations +# * under the License. +# * +# * SPDX-License-Identifier: Apache-2.0 +# ********************************************************************************/ + {{- if and .Values.pgadmin4.enabled .Values.pgadmin4.extraServerDefinitions.enabled }} apiVersion: v1 kind: ConfigMap From fbaf1ef14e4e891b896b78bc483cc11f7a3e42ad Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 12 Oct 2023 12:03:20 +0200 Subject: [PATCH 04/16] feat(devel): make application port dynamic (parameter) --- dev-assets/docker-environment/docker-compose.yaml | 2 +- dev-assets/env-files/env.docker.dist | 3 ++- dev-assets/env-files/env.local.dist | 3 ++- dev-assets/scripts/get_Token.sh | 4 ++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/dev-assets/docker-environment/docker-compose.yaml b/dev-assets/docker-environment/docker-compose.yaml index a2873cf45..ba28cf286 100644 --- a/dev-assets/docker-environment/docker-compose.yaml +++ b/dev-assets/docker-environment/docker-compose.yaml @@ -28,7 +28,7 @@ services: env_file: - ../env-files/env.$DEV_ENVIRONMENT ports: - - "8000:8000" + - "$APPLICATION_PORT:$APPLICATION_PORT" - "8090:8090" networks: - miw-net diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index 12aed3d56..b4b3e8e6d 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -34,7 +34,8 @@ KEYCLOAK_REALM=miw_test VC_SCHEMA_LINK="https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json" VC_EXPIRY_DATE=01-01-2025 SUPPORTED_FRAMEWORK_VC_TYPES="PcfCredential, SustainabilityCredential, QualityCredential, TraceabilityCredential, BehaviorTwinCredential, ResiliencyCredential" -MIW_HOST_NAME=miw +MIW_HOST_NAME=localhost +ENFORCE_HTTPS_IN_DID_RESOLUTION=false ######### DON'T MODIFY ANYTHING BELOW THIS LINE !!! ######### AUTH_SERVER_URL=http://keycloak:8080 diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index 3f9459316..721bd9d32 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -34,7 +34,8 @@ KEYCLOAK_REALM=miw_test VC_SCHEMA_LINK="https://www.w3.org/2018/credentials/v1, https://catenax-ng.github.io/product-core-schemas/businessPartnerData.json" VC_EXPIRY_DATE=01-01-2025 SUPPORTED_FRAMEWORK_VC_TYPES="PcfCredential, SustainabilityCredential, QualityCredential, TraceabilityCredential, BehaviorTwinCredential, ResiliencyCredential" -MIW_HOST_NAME=miw +MIW_HOST_NAME=localhost +ENFORCE_HTTPS_IN_DID_RESOLUTION=false ######### DON'T MODIFY ANYTHING BELOW THIS LINE !!! ######### AUTH_SERVER_URL=http://localhost:8080 diff --git a/dev-assets/scripts/get_Token.sh b/dev-assets/scripts/get_Token.sh index de719990f..143d7a5a8 100755 --- a/dev-assets/scripts/get_Token.sh +++ b/dev-assets/scripts/get_Token.sh @@ -20,11 +20,11 @@ # ********************************************************************************/ # -curl --location 'http://localhost:8080/realms/miw_test/protocol/openid-connect/token' \ +curl --location 'http://localhost:$APPLICATION_PORT/realms/miw_test/protocol/openid-connect/token' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'client_id=miw_private_client' \ --data-urlencode 'client_secret=miw_private_client' \ --data-urlencode 'grant_type=password' \ --data-urlencode 'username=catena-x' \ --data-urlencode 'password=password' \ - | jq -r '.access_token' \ No newline at end of file + | jq -r '.access_token' From 586b73a6b90b71a246b61c80aa332a248e59a3ab Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Thu, 12 Oct 2023 12:04:27 +0200 Subject: [PATCH 05/16] feat(readme): add "usage" section [WIP] --- README.md | 48 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 85bd88f3c..be0fe3f0e 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,29 @@ The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) using `did:web`. +# Usage + +If you just want to try out MIW (without any developer setup), then you can find a quick start guide here: + +(It will only work on macOS or GNU/Linux - For Windows, +you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install)) + +- You need to install these tools: + - [Docker](https://docs.docker.com/desktop/) (or from your package manager) + -> Configure it to run without root permission + - Docker [compose plugin](https://docs.docker.com/compose/) + - [Taskfile](https://taskfile.dev) + - [jq](https://jqlang.github.io/jq/) +- Clone this repo +- (Optional) Checkout main, if not already checked out +- Follow the "docker" path of the "Development setup": + 1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds" + 2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) + 3. Open API doc on http://localhost:8000 (or what port you configured in the _env.local_ file) + 4. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input + 5. Click on "Authorize" and "close" + 6. MIW is up and running + # Developer Documentation To run MIW locally, this section describes the tooling as well as the local development setup. @@ -151,26 +174,27 @@ directory, but without ".dist" at the end. Description of the env files: -- **env.local**: Setup everything to get ready for flow "local". You need to fill in the passwords. -- **env.docker**: Setup everything to get ready for flow "docker". You need to fill in the passwords. +- **env.local**: Set up everything to get ready for flow "local". You need to fill in the passwords. +- **env.docker**: Set up everything to get ready for flow "docker". You need to fill in the passwords. -> **IMPORTANT**: ssi-lib is resolving DID documents over network. There are two endpoints that rely on this resolution: +> **IMPORTANT**: ssi-lib is resolving DID documents over the network. There are two endpoints that rely on this resolution: > - Verifiable Credentials - Validation > - Verifiable Presentations - Validation -> -> The following parameters must be added or changed in env.local or env.docker file to ensure that these endpoints work -> as intended in local development environment: -> Add: ENFORCE_HTTPS_IN_DID_RESOLUTION=false -> Change: MIW_HOST_NAME from miw to localhost -> Change: APPLICATION_PORT from 8000 to 80 - -> **IMPORTANT**: When you are using MacOS and the MIW docker container won't start up (stuck somewhere or doesn't start +> +> The following parameters are set in env.local or env.docker file per default: +> ENFORCE_HTTPS_IN_DID_RESOLUTION=false +> MIW_HOST_NAME=localhost +> APPLICATION_PORT=80 +> If you intend to change them, the DID resolving may not work properly anymore! + +> **IMPORTANT**: When you are using macOS and the MIW docker container won't start up (stuck somewhere or doesn't start > at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your > Docker settings (under "features in development"). This should fix the issue. In both env files (env.local and env.docker) you need to set *GITHUB_USERNAME* and *GITHUB_TOKEN* in order to be able to build the app, because the SSI lib is stored in a private repo (you also need the proper rights to access the repo). -The access token need to have `read:packages` access. (ref: https://github.com/settings/tokens/new) +The access token need to have `read:packages` access. +(Ref: https://github.com/settings/tokens/new) Note: *SKIP_GRADLE_TASKS_PARAM* is used to pass parameters to the build process of the MIW jar. Currently, it skips the tests and code coverage, but speeds up the build time. If you want to activate it, just comment it out From c4fabf69f5f1f6a398d36fc22dea387d6a7cf06c Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 27 Nov 2023 13:22:10 +0100 Subject: [PATCH 06/16] fix(dev): adjust port to request against keycloak --- dev-assets/scripts/get_Token.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/dev-assets/scripts/get_Token.sh b/dev-assets/scripts/get_Token.sh index 143d7a5a8..46c172d4f 100755 --- a/dev-assets/scripts/get_Token.sh +++ b/dev-assets/scripts/get_Token.sh @@ -20,11 +20,11 @@ # ********************************************************************************/ # -curl --location 'http://localhost:$APPLICATION_PORT/realms/miw_test/protocol/openid-connect/token' \ - --header 'Content-Type: application/x-www-form-urlencoded' \ - --data-urlencode 'client_id=miw_private_client' \ - --data-urlencode 'client_secret=miw_private_client' \ - --data-urlencode 'grant_type=password' \ - --data-urlencode 'username=catena-x' \ - --data-urlencode 'password=password' \ - | jq -r '.access_token' +curl --location "http://localhost:8080/realms/miw_test/protocol/openid-connect/token" \ + --header "Content-Type: application/x-www-form-urlencoded" \ + --data-urlencode "client_id=miw_private_client" \ + --data-urlencode "client_secret=miw_private_client" \ + --data-urlencode "grant_type=password" \ + --data-urlencode "username=catena-x" \ + --data-urlencode "password=password" \ + | jq -r ".access_token" From 77fb29301a5e39bee104ffdf3f166d2e67fc7a0c Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Mon, 27 Nov 2023 13:23:18 +0100 Subject: [PATCH 07/16] feat(dev): update README.md and introduce INSTALL.md for usage --- INSTALL.md | 40 ++++++++++++++++++++++++++++++++++++++++ README.md | 21 +-------------------- 2 files changed, 41 insertions(+), 20 deletions(-) create mode 100644 INSTALL.md diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 000000000..86cda97e2 --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,40 @@ +# Managed Identity Wallets + +If you just want to try out MIW (without any developer setup), then you can find a quick start guide here: + +(It will only work on macOS or GNU/Linux - For Windows, +you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install)) + +- You need to install these tools: + - [Docker](https://docs.docker.com/desktop/) (or from your package manager) + -> Configure it to run without root permission + - Docker [compose plugin](https://docs.docker.com/compose/) + - [Taskfile](https://taskfile.dev) + - [jq](https://jqlang.github.io/jq/) +- Clone this repo +- (Optional) Checkout main (stable) or develop (latest), if not already checked out +- Copy `dev-assets/env-files/env.docker.dist` to `dev-assets/env-files/env.docker` +- Set these variables in `env.docker` + - POSTGRES_PASSWORD + - POSTGRES_PASSWORD_MIW + - KEYCLOAK_ADMIN_PASSWORD + - ENCRYPTION_KEY (32 random alphanumeric characters) + - GITHUB_USERNAME + - GITHUB_TOKEN +- Follow the "docker" path of the "Development setup" to get it up and running: + 1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds" + 2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) + 3. Open API doc on http://localhost:8000 + 4. Click on Authorize on Swagger UI and on the dialog paste the token (incl. "Bearer") into the "value" input + 5. Click on "Authorize" and "close" + 6. MIW is up, running, and you are authorized to fire requests in the Swagger UI + +> [!IMPORTANT] +> To compile MIW, +> you need a PAT with the permission `read:packages` to +> access `https://maven.pkg.github.com/catenax-ng/product-lab-ssi`. +> +> That is, why you need to set `GITHUB_USERNAME` and `GITHUB_TOKEN`. Otherwise, you are not able to get the SSI-lib. + +> [!IMPORTANT] +> You need to use Java 17! diff --git a/README.md b/README.md index be0fe3f0e..ed34132b1 100644 --- a/README.md +++ b/README.md @@ -4,26 +4,7 @@ The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identit # Usage -If you just want to try out MIW (without any developer setup), then you can find a quick start guide here: - -(It will only work on macOS or GNU/Linux - For Windows, -you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install)) - -- You need to install these tools: - - [Docker](https://docs.docker.com/desktop/) (or from your package manager) - -> Configure it to run without root permission - - Docker [compose plugin](https://docs.docker.com/compose/) - - [Taskfile](https://taskfile.dev) - - [jq](https://jqlang.github.io/jq/) -- Clone this repo -- (Optional) Checkout main, if not already checked out -- Follow the "docker" path of the "Development setup": - 1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds" - 2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) - 3. Open API doc on http://localhost:8000 (or what port you configured in the _env.local_ file) - 4. Click on Authorize on swagger UI and on the dialog paste the token into the "value" input - 5. Click on "Authorize" and "close" - 6. MIW is up and running +See [INSTALL.md](INSTALL.md) # Developer Documentation From 257bb28f74a518f237173a9cf502b75662da5509 Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 28 Nov 2023 13:03:51 +0100 Subject: [PATCH 08/16] fix(dev): add important notes to INSTALL.md --- INSTALL.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/INSTALL.md b/INSTALL.md index 86cda97e2..274d36381 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -38,3 +38,11 @@ you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install) > [!IMPORTANT] > You need to use Java 17! + +> [!WARNING] +> If you encounter some kind of database connection errors, then execute `task docker:stop-app`. +> This will remove all existing Docker volumes, which may cause this error. + +> [!IMPORTANT] +> Ensure you have exactly 32 random alphanumeric characters set +> for `ENCRYPTION_KEY` in `dev-assets/env-files/env.docker` From 267f14dd8e1889ef75c156f6a7dcce1f693fe3ec Mon Sep 17 00:00:00 2001 From: Peter Motzko Date: Tue, 28 Nov 2023 13:09:50 +0100 Subject: [PATCH 09/16] fix(dev): small adjustment to INSTALL.md --- INSTALL.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/INSTALL.md b/INSTALL.md index 274d36381..d0e948a0d 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -23,11 +23,12 @@ you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install) - GITHUB_TOKEN - Follow the "docker" path of the "Development setup" to get it up and running: 1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds" - 2. Run `task app:get-token` and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) + 2. Run `task app:get-token` in another shell and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) 3. Open API doc on http://localhost:8000 4. Click on Authorize on Swagger UI and on the dialog paste the token (incl. "Bearer") into the "value" input 5. Click on "Authorize" and "close" 6. MIW is up, running, and you are authorized to fire requests in the Swagger UI + 7. If you're done, then run `task docker:stop-app` to clean up everything > [!IMPORTANT] > To compile MIW, From 59340020632bf22e2f87802cdca616326655a136 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Tue, 28 Nov 2023 19:39:13 +0000 Subject: [PATCH 10/16] chore(release): 0.2.0-develop.8 [skip ci] # [0.2.0-develop.8](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.7...v0.2.0-develop.8) (2023-11-28) ### Bug Fixes * **dev:** add important notes to INSTALL.md ([a7c1b71](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/a7c1b711ac402cbead4e10e5c79d6ba318eaacdb)) * **dev:** adjust port to request against keycloak ([4a3d317](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/4a3d317363690c78897c5db77a60fc716cd91b42)) * **dev:** small adjustment to INSTALL.md ([59b6df4](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/59b6df484bd31905f43d8bc9c83e44f0992839fb)) ### Features * **devel:** make application port dynamic (parameter) ([8816c89](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/8816c899e8aa2170e753f3250c74552d898520c2)) * **dev:** update README.md and introduce INSTALL.md for usage ([54b8d4a](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/54b8d4ae9c859db2216ac3f85cbc56ab3cf6b950)) * **readme:** add "usage" section [WIP] ([6919b71](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6919b71870e9265ae09a66e3354ec43bf7d1d088)) --- CHANGELOG.md | 16 ++++++++++++++++ charts/managed-identity-wallet/Chart.yaml | 4 ++-- gradle.properties | 2 +- 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 402683c8b..bd28d05ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,19 @@ +# [0.2.0-develop.8](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.7...v0.2.0-develop.8) (2023-11-28) + + +### Bug Fixes + +* **dev:** add important notes to INSTALL.md ([a7c1b71](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/a7c1b711ac402cbead4e10e5c79d6ba318eaacdb)) +* **dev:** adjust port to request against keycloak ([4a3d317](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/4a3d317363690c78897c5db77a60fc716cd91b42)) +* **dev:** small adjustment to INSTALL.md ([59b6df4](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/59b6df484bd31905f43d8bc9c83e44f0992839fb)) + + +### Features + +* **devel:** make application port dynamic (parameter) ([8816c89](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/8816c899e8aa2170e753f3250c74552d898520c2)) +* **dev:** update README.md and introduce INSTALL.md for usage ([54b8d4a](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/54b8d4ae9c859db2216ac3f85cbc56ab3cf6b950)) +* **readme:** add "usage" section [WIP] ([6919b71](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/6919b71870e9265ae09a66e3354ec43bf7d1d088)) + # [0.2.0-develop.7](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.6...v0.2.0-develop.7) (2023-11-23) diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index c1b13dec5..e29366cb5 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -25,8 +25,8 @@ description: | type: application -version: 0.2.0-develop.7 -appVersion: 0.2.0-develop.7 +version: 0.2.0-develop.8 +appVersion: 0.2.0-develop.8 home: https://github.com/eclipse-tractusx/managed-identity-wallet keywords: diff --git a/gradle.properties b/gradle.properties index 89bbf273c..feef6055c 100644 --- a/gradle.properties +++ b/gradle.properties @@ -4,7 +4,7 @@ jacocoVersion=0.8.9 springBootVersion=3.1.2 springDependencyVersion=1.1.0 groupName=org.eclipse.tractusx -applicationVersion=0.2.0-develop.7 +applicationVersion=0.2.0-develop.8 openApiVersion=2.1.0 githubUserName= githubToken= \ No newline at end of file From 05be5fb8d7aee9353c9a80a354da9dc058abd88d Mon Sep 17 00:00:00 2001 From: Boris Rizov Date: Wed, 29 Nov 2023 14:33:08 +0100 Subject: [PATCH 11/16] fix: method name from the cx-ssi-lib has been renamed --- .../service/IssuersCredentialService.java | 2 +- .../service/PresentationService.java | 2 +- .../managedidentitywallets/vc/HoldersCredentialTest.java | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java index c59a4569e..683605f99 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/IssuersCredentialService.java @@ -432,7 +432,7 @@ public Map credentialsValidation(Map data, boole LinkedDataProofValidation proofValidation = LinkedDataProofValidation.newInstance(didResolver); - boolean valid = proofValidation.verifiy(verifiableCredential); + boolean valid = proofValidation.verify(verifiableCredential); Map response = new TreeMap<>(); diff --git a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java index 2f5625595..75739bdaf 100644 --- a/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java +++ b/src/main/java/org/eclipse/tractusx/managedidentitywallets/service/PresentationService.java @@ -267,7 +267,7 @@ private boolean validateAudience(String audience, SignedJWT signedJWT) { private boolean validateCredential(VerifiableCredential credential) { final DidResolver resolver = didDocumentResolverService.getCompositeDidResolver(); final LinkedDataProofValidation linkedDataProofValidation = LinkedDataProofValidation.newInstance(resolver); - final boolean isValid = linkedDataProofValidation.verifiy(credential); + final boolean isValid = linkedDataProofValidation.verify(credential); if (isValid) { log.debug("Credential validation result: (valid: {}, credential-id: {})", isValid, credential.getId()); diff --git a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java index 58bf51c44..d7f586b16 100644 --- a/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java +++ b/src/test/java/org/eclipse/tractusx/managedidentitywallets/vc/HoldersCredentialTest.java @@ -215,7 +215,7 @@ void validateCredentialsWithInvalidVC() throws com.fasterxml.jackson.core.JsonPr utils.when(() -> { LinkedDataProofValidation.newInstance(Mockito.any(DidResolver.class)); }).thenReturn(mock); - Mockito.when(mock.verifiy(Mockito.any(VerifiableCredential.class))).thenReturn(false); + Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(false); Map stringObjectMap = credentialController.credentialsValidation(map, false).getBody(); Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); @@ -238,7 +238,7 @@ void validateCredentialsWithExpiryCheckTrue() throws com.fasterxml.jackson.core. utils.when(() -> { LinkedDataProofValidation.newInstance(Mockito.any(DidResolver.class)); }).thenReturn(mock); - Mockito.when(mock.verifiy(Mockito.any(VerifiableCredential.class))).thenReturn(true); + Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true); Map stringObjectMap = credentialController.credentialsValidation(map, true).getBody(); Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); @@ -265,7 +265,7 @@ void validateCredentialsWithExpiryCheckFalse() throws com.fasterxml.jackson.core utils.when(() -> { LinkedDataProofValidation.newInstance(Mockito.any(DidResolver.class)); }).thenReturn(mock); - Mockito.when(mock.verifiy(Mockito.any(VerifiableCredential.class))).thenReturn(true); + Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true); Map stringObjectMap = credentialController.credentialsValidation(map, false).getBody(); Assertions.assertTrue(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); @@ -291,7 +291,7 @@ void validateExpiredCredentialsWithExpiryCheckTrue() throws com.fasterxml.jackso utils.when(() -> { LinkedDataProofValidation.newInstance(Mockito.any(DidResolver.class)); }).thenReturn(mock); - Mockito.when(mock.verifiy(Mockito.any(VerifiableCredential.class))).thenReturn(true); + Mockito.when(mock.verify(Mockito.any(VerifiableCredential.class))).thenReturn(true); Map stringObjectMap = credentialController.credentialsValidation(map, true).getBody(); Assertions.assertFalse(Boolean.parseBoolean(stringObjectMap.get(StringPool.VALID).toString())); From ca9be0a6533fbc2fdf35b967dd38671bb4accace Mon Sep 17 00:00:00 2001 From: Boris Rizov Date: Wed, 29 Nov 2023 14:49:09 +0100 Subject: [PATCH 12/16] chore: remove unused maven repo from gradle config --- .github/workflows/veracode.yaml | 2 +- build.gradle | 19 ------------------- dev-assets/tasks/darwin/app.yaml | 2 +- dev-assets/tasks/linux/app.yaml | 2 +- dev-assets/tasks/windows/app.yaml | 4 ++-- gradle.properties | 2 -- 6 files changed, 5 insertions(+), 26 deletions(-) diff --git a/.github/workflows/veracode.yaml b/.github/workflows/veracode.yaml index 2b8d2a211..c6430dc0c 100644 --- a/.github/workflows/veracode.yaml +++ b/.github/workflows/veracode.yaml @@ -63,7 +63,7 @@ jobs: - name: Build with Gradle uses: gradle/gradle-build-action@v2 with: - arguments: build -PgithubToken=${{ secrets.GITHUB_TOKEN }} + arguments: build - name: Veracode Upload And Scan uses: veracode/veracode-uploadandscan-action@0.2.6 diff --git a/build.gradle b/build.gradle index b43297a3d..4b5ad29d8 100644 --- a/build.gradle +++ b/build.gradle @@ -8,24 +8,12 @@ plugins { // used to download the 'dash.jar' for license checks // docs: https://github.com/michel-kraemer/gradle-download-task id "de.undercouch.download" version "5.5.0" - - // used to convert .env variables to gradle env variables - // docs: https://github.com/uzzu/dotenv-gradle - id "co.uzzu.dotenv.gradle" version "2.0.0" } group = "${groupName}" version = "${applicationVersion}" sourceCompatibility = JavaVersion.VERSION_17 -// Fetch the environment variables GITHUB_USERNAME, GITHUB_TOKEN -// these can be set in /.env -// or export GITHUB_USERNAME=... -// export GITHUB_TOKEN=... -// When using `task ...` this is not necessary -def githubUserName = "${githubUserName}" ? "${githubUserName}" : env.fetch('GITHUB_USERNAME') -def githubToken = "${githubToken}" ? "${githubToken}" : env.fetch('GITHUB_TOKEN') - // alias for Project.getConfigurations() configurations { // add a custom config to avoid applying the dev-tools to a production app @@ -45,13 +33,6 @@ repositories { url = uri("https://repo.danubetech.com/repository/maven-public") } maven { url 'https://jitpack.io' } - maven { - url = uri("https://maven.pkg.github.com/catenax-ng/product-lab-ssi") - credentials { - username = "${githubUserName}" - password = "${githubToken}" - } - } maven { // Used to resolve Dash License Tool // Dash has a maven plugin, BUT is not resolvable through mavenCentral() diff --git a/dev-assets/tasks/darwin/app.yaml b/dev-assets/tasks/darwin/app.yaml index b5b621afa..8928b350f 100644 --- a/dev-assets/tasks/darwin/app.yaml +++ b/dev-assets/tasks/darwin/app.yaml @@ -23,7 +23,7 @@ tasks: build: desc: Build the whole app cmds: - - ./gradlew build -PgithubToken=$GITHUB_TOKEN $SKIP_GRADLE_TASKS_PARAM + - ./gradlew build $SKIP_GRADLE_TASKS_PARAM get-token: desc: Obtain a BEARER token from Keycloak to access the MIW API diff --git a/dev-assets/tasks/linux/app.yaml b/dev-assets/tasks/linux/app.yaml index f0159dcb6..690e0db66 100644 --- a/dev-assets/tasks/linux/app.yaml +++ b/dev-assets/tasks/linux/app.yaml @@ -23,7 +23,7 @@ tasks: build: desc: Build the whole app cmds: - - ./gradlew build -PgithubToken=$GITHUB_TOKEN $SKIP_GRADLE_TASKS_PARAM + - ./gradlew build $SKIP_GRADLE_TASKS_PARAM get-token: desc: Obtain a BEARER token from Keycloak to access the MIW API diff --git a/dev-assets/tasks/windows/app.yaml b/dev-assets/tasks/windows/app.yaml index 0b48893c8..fea255705 100644 --- a/dev-assets/tasks/windows/app.yaml +++ b/dev-assets/tasks/windows/app.yaml @@ -23,7 +23,7 @@ tasks: build: desc: Build the whole app cmds: - - ./gradlew build -PgithubToken=$GITHUB_TOKEN $SKIP_GRADLE_TASKS_PARAM + - ./gradlew build $SKIP_GRADLE_TASKS_PARAM get-token: desc: Obtain a BEARER token from Keycloak to access the MIW API @@ -44,4 +44,4 @@ tasks: clean: desc: Cleans the build directory cmds: - - .\gradlew.bat clean \ No newline at end of file + - .\gradlew.bat clean diff --git a/gradle.properties b/gradle.properties index feef6055c..93f9d40ff 100644 --- a/gradle.properties +++ b/gradle.properties @@ -6,5 +6,3 @@ springDependencyVersion=1.1.0 groupName=org.eclipse.tractusx applicationVersion=0.2.0-develop.8 openApiVersion=2.1.0 -githubUserName= -githubToken= \ No newline at end of file From 66b75f5e54b66b828bb9d30408a2f621418d2f84 Mon Sep 17 00:00:00 2001 From: Boris Rizov Date: Wed, 29 Nov 2023 15:30:00 +0100 Subject: [PATCH 13/16] chore: remove unused GITHUB_USERNAME/TOKEN env variables --- .github/workflows/app-test-coverage-pr.yml | 6 ------ .github/workflows/chart-verification.yml | 2 -- .github/workflows/dast-scan.yaml | 2 -- .github/workflows/release.yml | 7 ------- INSTALL.md | 9 --------- README.md | 5 ----- dev-assets/env-files/env.docker.dist | 6 ------ dev-assets/env-files/env.local.dist | 6 ------ 8 files changed, 43 deletions(-) diff --git a/.github/workflows/app-test-coverage-pr.yml b/.github/workflows/app-test-coverage-pr.yml index a5b12a0c8..f0e56fb9f 100644 --- a/.github/workflows/app-test-coverage-pr.yml +++ b/.github/workflows/app-test-coverage-pr.yml @@ -41,16 +41,10 @@ jobs: java-version: '17' - name: Test app - env: - GITHUB_USERNAME: ${{ vars.GITHUB_ACTOR }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: ./gradlew test - name: Get coverage if: always() - env: - GITHUB_USERNAME: ${{ vars.GITHUB_ACTOR }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: ./gradlew jacocoTestReport - name: Upload test results diff --git a/.github/workflows/chart-verification.yml b/.github/workflows/chart-verification.yml index c05c9492c..2f330ec4f 100644 --- a/.github/workflows/chart-verification.yml +++ b/.github/workflows/chart-verification.yml @@ -126,8 +126,6 @@ jobs: - name: Build app env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_USERNAME: ${{ github.actor }} SKIP_GRADLE_TASKS_PARAM: "-x jacocoTestCoverageVerification -x test" run: task app:build diff --git a/.github/workflows/dast-scan.yaml b/.github/workflows/dast-scan.yaml index c628f7af2..d94c66d8b 100644 --- a/.github/workflows/dast-scan.yaml +++ b/.github/workflows/dast-scan.yaml @@ -62,8 +62,6 @@ jobs: - name: Build app env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_USERNAME: ${{ github.actor }} SKIP_GRADLE_TASKS_PARAM: "-x jacocoTestCoverageVerification -x test" run: task app:build diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 071b5c825..5dd2573a5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -64,8 +64,6 @@ jobs: - name: Run semantic release if: github.event_name != 'pull_request' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_USERNAME: ${{ github.actor }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npx --yes -p @semantic-release/exec -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release @@ -73,16 +71,11 @@ jobs: - name: Run semantic release (dry run) if: github.event_name == 'pull_request' env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_USERNAME: ${{ github.actor }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | npx --yes -p @semantic-release/exec -p @semantic-release/github -p @semantic-release/changelog -p @semantic-release/git -p @semantic-release/commit-analyzer -p @semantic-release/release-notes-generator semantic-release --dry-run - name: Execute Gradle build - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GITHUB_USERNAME: ${{ github.actor }} run: ./gradlew build - name: Upload build artifact diff --git a/INSTALL.md b/INSTALL.md index d0e948a0d..0d3c96cbf 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -19,8 +19,6 @@ you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install) - POSTGRES_PASSWORD_MIW - KEYCLOAK_ADMIN_PASSWORD - ENCRYPTION_KEY (32 random alphanumeric characters) - - GITHUB_USERNAME - - GITHUB_TOKEN - Follow the "docker" path of the "Development setup" to get it up and running: 1. Run `task docker:start-app` and wait until it shows "Started ManagedIdentityWalletsApplication in ... seconds" 2. Run `task app:get-token` in another shell and copy the token (including "BEARER" prefix) (Mac users have the token already in their clipboard :) ) @@ -30,13 +28,6 @@ you need to use the [WSL](https://learn.microsoft.com/de-de/windows/wsl/install) 6. MIW is up, running, and you are authorized to fire requests in the Swagger UI 7. If you're done, then run `task docker:stop-app` to clean up everything -> [!IMPORTANT] -> To compile MIW, -> you need a PAT with the permission `read:packages` to -> access `https://maven.pkg.github.com/catenax-ng/product-lab-ssi`. -> -> That is, why you need to set `GITHUB_USERNAME` and `GITHUB_TOKEN`. Otherwise, you are not able to get the SSI-lib. - > [!IMPORTANT] > You need to use Java 17! diff --git a/README.md b/README.md index ed34132b1..396475d29 100644 --- a/README.md +++ b/README.md @@ -172,11 +172,6 @@ Description of the env files: > at all), you can enable the docker-desktop feature "Use Rosetta for x86/amd64 emulation on Apple Silicon" in your > Docker settings (under "features in development"). This should fix the issue. -In both env files (env.local and env.docker) you need to set *GITHUB_USERNAME* and *GITHUB_TOKEN* in order to be able to -build the app, because the SSI lib is stored in a private repo (you also need the proper rights to access the repo). -The access token need to have `read:packages` access. -(Ref: https://github.com/settings/tokens/new) - Note: *SKIP_GRADLE_TASKS_PARAM* is used to pass parameters to the build process of the MIW jar. Currently, it skips the tests and code coverage, but speeds up the build time. If you want to activate it, just comment it out like `SKIP_GRADLE_TASKS_PARAM="" #"-x jacocoTestCoverageVerification -x test"` diff --git a/dev-assets/env-files/env.docker.dist b/dev-assets/env-files/env.docker.dist index b4b3e8e6d..d6c8204c8 100644 --- a/dev-assets/env-files/env.docker.dist +++ b/dev-assets/env-files/env.docker.dist @@ -1,7 +1,3 @@ -# Personal development data -GITHUB_USERNAME= -GITHUB_TOKEN= - # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" DEV_ENVIRONMENT=docker @@ -50,5 +46,3 @@ DB_NAME=${POSTGRES_DB_NAME_MIW} DB_USER_NAME=${POSTGRES_USERNAME_MIW} DB_PASSWORD=${POSTGRES_PASSWORD_MIW} PGADMIN_DEFAULT_PASSWORD=${POSTGRES_PASSWORD} -ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME} -ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} diff --git a/dev-assets/env-files/env.local.dist b/dev-assets/env-files/env.local.dist index 721bd9d32..68ffa0547 100644 --- a/dev-assets/env-files/env.local.dist +++ b/dev-assets/env-files/env.local.dist @@ -1,7 +1,3 @@ -# Personal development data -GITHUB_USERNAME= -GITHUB_TOKEN= - # Build SKIP_GRADLE_TASKS_PARAM="-x jacocoTestCoverageVerification -x test" DEV_ENVIRONMENT=local @@ -50,5 +46,3 @@ DB_NAME=${POSTGRES_DB_NAME_MIW} DB_USER_NAME=${POSTGRES_USERNAME_MIW} DB_PASSWORD=${POSTGRES_PASSWORD_MIW} PGADMIN_DEFAULT_PASSWORD=${POSTGRES_PASSWORD} -ORG_GRADLE_PROJECT_githubUserName=${GITHUB_USERNAME} -ORG_GRADLE_PROJECT_githubToken=${GITHUB_TOKEN} From 33159c9f4d6a60945df9e34035d70902921b2746 Mon Sep 17 00:00:00 2001 From: Boris Rizov Date: Thu, 30 Nov 2023 07:33:57 +0100 Subject: [PATCH 14/16] chore: remove cx-ssi-lib from NOTICE --- NOTICE.md | 7 ------- 1 file changed, 7 deletions(-) diff --git a/NOTICE.md b/NOTICE.md index afa85bb03..b589e03db 100644 --- a/NOTICE.md +++ b/NOTICE.md @@ -36,13 +36,6 @@ This project leverages the following third party content. See DEPENDENCIES file. -cx-ssi-lib-0.0.16.jar (0.0.16) - - License:   Apache-2.0 - - Licence Path: - - Project URL:  - - Source URL:   - - Download URL:  - ## Cryptography Content may contain encryption software. The country in which you are currently From 8d9a5e89747bc5a66d4c86260d2827ff21876708 Mon Sep 17 00:00:00 2001 From: Boris Rizov Date: Thu, 30 Nov 2023 07:38:37 +0100 Subject: [PATCH 15/16] chore: update DEPENDENCIES scan --- DEPENDENCIES | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 897d2f8d5..b04c09485 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -118,7 +118,7 @@ maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-core/10.1.11, Apache-2.0 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-el/10.1.11, Apache-2.0, approved, #6997 maven/mavencentral/org.apache.tomcat.embed/tomcat-embed-websocket/10.1.11, Apache-2.0, approved, #7920 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, EPL-1.0, approved, tools.aspectj +maven/mavencentral/org.aspectj/aspectjweaver/1.9.19, Apache-2.0 AND BSD-3-Clause AND EPL-1.0 AND BSD-3-Clause AND Apache-1.1, approved, #7695 maven/mavencentral/org.assertj/assertj-core/3.24.2, Apache-2.0, approved, #6161 maven/mavencentral/org.bouncycastle/bcpkix-jdk15on/1.69, MIT, approved, clearlydefined maven/mavencentral/org.bouncycastle/bcprov-jdk15on/1.70, MIT, approved, #1712 @@ -166,7 +166,6 @@ maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approv maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.3, EPL-2.0, approved, #6972 maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130 maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.3, EPL-2.0, approved, #3128 -maven/mavencentral/org.junit/junit-bom/5.9.3, EPL-2.0, approved, #4711 maven/mavencentral/org.keycloak/keycloak-admin-client/21.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.keycloak/keycloak-common/21.0.0, Apache-2.0 AND LicenseRef-scancode-public-domain-disclaimer, approved, #7287 maven/mavencentral/org.keycloak/keycloak-core/21.0.0, Apache-2.0, approved, #7293 From 46ebd66b87b096dcbe1c5277dc7df9aaf156f5e1 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 30 Nov 2023 08:41:52 +0000 Subject: [PATCH 16/16] chore(release): 0.2.0-develop.9 [skip ci] # [0.2.0-develop.9](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.8...v0.2.0-develop.9) (2023-11-30) ### Bug Fixes * method name from the cx-ssi-lib has been renamed ([b46d084](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/b46d0846f6b9ccc6b439c82ffec783cd8b933e08)) --- CHANGELOG.md | 7 +++++++ DEPENDENCIES | 1 + charts/managed-identity-wallet/Chart.yaml | 4 ++-- gradle.properties | 2 +- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bd28d05ba..05b3e7e3e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# [0.2.0-develop.9](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.8...v0.2.0-develop.9) (2023-11-30) + + +### Bug Fixes + +* method name from the cx-ssi-lib has been renamed ([b46d084](https://github.com/eclipse-tractusx/managed-identity-wallet/commit/b46d0846f6b9ccc6b439c82ffec783cd8b933e08)) + # [0.2.0-develop.8](https://github.com/eclipse-tractusx/managed-identity-wallet/compare/v0.2.0-develop.7...v0.2.0-develop.8) (2023-11-28) diff --git a/DEPENDENCIES b/DEPENDENCIES index b04c09485..9195c8783 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -166,6 +166,7 @@ maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.9.3, EPL-2.0, approv maven/mavencentral/org.junit.jupiter/junit-jupiter/5.9.3, EPL-2.0, approved, #6972 maven/mavencentral/org.junit.platform/junit-platform-commons/1.9.3, EPL-2.0, approved, #3130 maven/mavencentral/org.junit.platform/junit-platform-engine/1.9.3, EPL-2.0, approved, #3128 +maven/mavencentral/org.junit/junit-bom/5.9.3, EPL-2.0, approved, #4711 maven/mavencentral/org.keycloak/keycloak-admin-client/21.0.0, Apache-2.0, approved, clearlydefined maven/mavencentral/org.keycloak/keycloak-common/21.0.0, Apache-2.0 AND LicenseRef-scancode-public-domain-disclaimer, approved, #7287 maven/mavencentral/org.keycloak/keycloak-core/21.0.0, Apache-2.0, approved, #7293 diff --git a/charts/managed-identity-wallet/Chart.yaml b/charts/managed-identity-wallet/Chart.yaml index e29366cb5..467caff70 100644 --- a/charts/managed-identity-wallet/Chart.yaml +++ b/charts/managed-identity-wallet/Chart.yaml @@ -25,8 +25,8 @@ description: | type: application -version: 0.2.0-develop.8 -appVersion: 0.2.0-develop.8 +version: 0.2.0-develop.9 +appVersion: 0.2.0-develop.9 home: https://github.com/eclipse-tractusx/managed-identity-wallet keywords: diff --git a/gradle.properties b/gradle.properties index 93f9d40ff..dd311b79f 100644 --- a/gradle.properties +++ b/gradle.properties @@ -4,5 +4,5 @@ jacocoVersion=0.8.9 springBootVersion=3.1.2 springDependencyVersion=1.1.0 groupName=org.eclipse.tractusx -applicationVersion=0.2.0-develop.8 +applicationVersion=0.2.0-develop.9 openApiVersion=2.1.0