Skip to content

Commit

Permalink
Merge branch 'epic/ATL-4095-revocation-for-jwt-creds' into ATL-6134-i…
Browse files Browse the repository at this point in the history
…ssue-revocable-cred
  • Loading branch information
shotexa authored Dec 14, 2023
2 parents 4d66203 + 45f3b70 commit 8809249
Show file tree
Hide file tree
Showing 41 changed files with 718 additions and 116 deletions.
33 changes: 33 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,36 @@
# [1.22.0](https://github.com/hyperledger-labs/open-enterprise-agent/compare/prism-agent-v1.21.1...prism-agent-v1.22.0) (2023-12-14)


### Bug Fixes

* correct OAS examples ([#810](https://github.com/hyperledger-labs/open-enterprise-agent/issues/810)) ([a0720dc](https://github.com/hyperledger-labs/open-enterprise-agent/commit/a0720dcbaf10370dcacc1b5102df13929b40dfdb))


### Features

* Consumer restricition parametarization ([#814](https://github.com/hyperledger-labs/open-enterprise-agent/issues/814)) ([e039576](https://github.com/hyperledger-labs/open-enterprise-agent/commit/e039576fc0e285b80b2966c032ed91b9a8f26f60))

## [1.21.1](https://github.com/hyperledger-labs/open-enterprise-agent/compare/prism-agent-v1.21.0...prism-agent-v1.21.1) (2023-12-12)


### Bug Fixes

* Option to disable apisix key auth ([#813](https://github.com/hyperledger-labs/open-enterprise-agent/issues/813)) ([f163682](https://github.com/hyperledger-labs/open-enterprise-agent/commit/f1636824047c0d03ce0790ede54e3a12d63dd787))

# [1.21.0](https://github.com/hyperledger-labs/open-enterprise-agent/compare/prism-agent-v1.20.1...prism-agent-v1.21.0) (2023-12-12)


### Features

* env vars support through values file ([#811](https://github.com/hyperledger-labs/open-enterprise-agent/issues/811)) ([2486dde](https://github.com/hyperledger-labs/open-enterprise-agent/commit/2486dde9b0682504a02ad031b3e7498b2fa2ce17))

## [1.20.1](https://github.com/hyperledger-labs/open-enterprise-agent/compare/prism-agent-v1.20.0...prism-agent-v1.20.1) (2023-12-06)


### Bug Fixes

* tolerations and nodeAffinity for k8s ([#808](https://github.com/hyperledger-labs/open-enterprise-agent/issues/808)) ([7934fa4](https://github.com/hyperledger-labs/open-enterprise-agent/commit/7934fa402ba86af6d8430208f1844fbd6ccda1bd))

# [1.20.0](https://github.com/hyperledger-labs/open-enterprise-agent/compare/prism-agent-v1.19.1...prism-agent-v1.20.0) (2023-12-05)


Expand Down
54 changes: 27 additions & 27 deletions DEPENDENCIES.md
Original file line number Diff line number Diff line change
Expand Up @@ -428,32 +428,32 @@ MIT | [The MIT License (MIT)](https://opensource.org/licenses/MIT) | [com.dimafe
MIT | [The MIT License (MIT)](https://opensource.org/licenses/MIT) | [com.dimafeng # testcontainers-scala-vault_3 # 0.41.0](https://github.com/testcontainers/testcontainers-scala) | <notextile></notextile>
Public Domain | [Public Domain, per Creative Commons CC0](http://creativecommons.org/publicdomain/zero/1.0/) | [org.hdrhistogram # HdrHistogram # 2.1.12](http://hdrhistogram.github.io/HdrHistogram/) | <notextile></notextile>
Public Domain | [Public Domain, per Creative Commons CC0](http://creativecommons.org/publicdomain/zero/1.0/) | [org.latencyutils # LatencyUtils # 2.0.3](http://latencyutils.github.io/LatencyUtils/) | <notextile></notextile>
none specified | []() | [io.iohk.atala # castor-core_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # connect-core_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # connect-sql-doobie_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # event-notification_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-agent-core_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-agent-didcommx_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-data-models_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-connection_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-coordinate-mediation_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-invitation_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-issue-credential_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-mailbox_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-outofband-login_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-present-proof_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-report-problem_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-routing-2-0_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-trust-ping_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-resolver_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-verifiable-credentials_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-anoncreds_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-core_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-sql-doobie_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-vc-jwt_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # prism-agent-wallet-api_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # prism-node-client_3 # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # shared # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # sharedtest # 1.19.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # castor-core_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # connect-core_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # connect-sql-doobie_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # event-notification_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-agent-core_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-agent-didcommx_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-data-models_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-connection_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-coordinate-mediation_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-invitation_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-issue-credential_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-mailbox_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-outofband-login_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-present-proof_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-report-problem_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-routing-2-0_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-protocol-trust-ping_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-resolver_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # mercury-verifiable-credentials_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-anoncreds_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-core_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-sql-doobie_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # pollux-vc-jwt_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # prism-agent-wallet-api_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # prism-node-client_3 # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # shared # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [io.iohk.atala # sharedtest # 1.21.1-SNAPSHOT](https://github.com/input-output-hk/atala-prism-building-blocks) | <notextile></notextile>
none specified | []() | [net.jcip # jcip-annotations # 1.0](http://jcip.net/) | <notextile></notextile>

4 changes: 2 additions & 2 deletions infrastructure/charts/agent/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.20.0
version: 1.22.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: 1.20.0
appVersion: 1.22.0
dependencies:
- name: vault
version: 0.24.1
Expand Down
6 changes: 3 additions & 3 deletions infrastructure/charts/agent/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@
{{- end -}}
{{- define "consumer-restriction" }}
- name: consumer-restriction
enable: true
enable: {{ .Values.ingress.auth.consumer_restriction }}
config:
whitelist:
{{- range .Values.ingress.consumers }}
{{- range .Values.ingress.auth.consumers }}
- {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
{{- end }}
{{- range .Values.ingress.externalConsumers }}
{{- range .Values.ingress.auth.externalConsumers }}
- {{ regexReplaceAll "-" $.Release.Name "_" }}_{{ regexReplaceAll "-" . "_" | lower }}
{{- end }}
{{- end -}}
Expand Down
6 changes: 3 additions & 3 deletions infrastructure/charts/agent/templates/apisixconsumer.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.ingress.enabled }}
{{- $root := . -}}
{{- range $consumer := .Values.ingress.consumers }}
{{- range $consumer := .Values.ingress.auth.consumers }}
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
Expand All @@ -18,7 +18,7 @@ spec:
{{- end }}

{{- $root := . -}}
{{- range $consumer := .Values.ingress.externalConsumers }}
{{- range $consumer := .Values.ingress.auth.externalConsumers }}
apiVersion: apisix.apache.org/v2
kind: ApisixConsumer
metadata:
Expand All @@ -30,6 +30,6 @@ spec:
authParameter:
keyAuth:
secretRef:
name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
name: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
---
{{- end }}
2 changes: 1 addition & 1 deletion infrastructure/charts/agent/templates/apisixroute.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ spec:
- serviceName: agent-server-tapir-service
servicePort: 8085
authentication:
enable: true
enable: {{ .Values.ingress.auth.enable }}
type: keyAuth
plugins:
- name: proxy-rewrite
Expand Down
3 changes: 2 additions & 1 deletion infrastructure/charts/agent/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -223,4 +223,5 @@ spec:
{{- end }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
tolerations: {{- toYaml .Values.tolerations | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
6 changes: 3 additions & 3 deletions infrastructure/charts/agent/templates/externalsecret.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,11 @@ spec:
---

{{- $root := . -}}
{{- range $consumer := .Values.ingress.externalConsumers }}
{{- range $consumer := .Values.ingress.auth.externalConsumers }}
apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret
metadata:
name: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
name: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
labels:
{{ template "labels.common" . }}
spec:
Expand All @@ -36,6 +36,6 @@ spec:
kind: ClusterSecretStore
dataFrom:
- extract:
key: "{{ $root.Values.ingress.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
key: "{{ $root.Values.ingress.auth.externalConsumerKeyPrefix }}-{{ $consumer | lower }}"
---
{{- end }}
2 changes: 1 addition & 1 deletion infrastructure/charts/agent/templates/stringsecret.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.ingress.enabled }}
{{- $root := . -}}
{{- range $consumer := .Values.ingress.consumers }}
{{- range $consumer := .Values.ingress.auth.consumers }}
apiVersion: "secretgenerator.mittwald.de/v1alpha1"
kind: StringSecret
metadata:
Expand Down
24 changes: 15 additions & 9 deletions infrastructure/charts/agent/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,14 @@ ingress:
cors:
enabled: false
allow_origins: ""
consumers: []
# External Consumers are ones where the secret keys/API tokens
# are pulled in using External Secrets [and therefore aren't generated by helm]
externalConsumerKeyPrefix: chart-base-key-prefix
externalConsumers: []
auth:
enable: true
consumer_restriction: true
consumers: []
# External Consumers are ones where the secret keys/API tokens
# are pulled in using External Secrets [and therefore aren't generated by helm]
externalConsumers: []
externalConsumerKeyPrefix: chart-base-key-prefix

secrets:
secretStore: chart-base-secretstore
Expand All @@ -28,7 +31,8 @@ server:
requests:
cpu: 250m
memory: 512Mi
additionalEnvVariables: []
# Additional environment variables to be added to the server container
additionalEnvVariables: {}
useVault: true
keycloak:
enabled: false
Expand Down Expand Up @@ -148,13 +152,15 @@ affinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: "performance"
# - key: "type"
# operator: In
# values:
# - "true"
# - "performance"

tolerations: {}
tolerations: []
# - key: "type"
# operator: "Equal"
# value: "performance"
# effect: "NoSchedule"


Loading

0 comments on commit 8809249

Please sign in to comment.