separate vault deployment in test

.github/actions/run-deployment-test/action.yml

@@ -89,6 +89,14 @@ runs:
           --selector=app.kubernetes.io/component=controller \
           --timeout=90s
 
+    - name: "Install Vault chart"
+      shell: bash
+      run: |
+        helm install vault hashicorp/vault \                                                                                                                                                                                                                              ─╯
+          -f system-tests/helm/values-vault-test.yaml \l
+          --wait -for-jobs --timeout=120s --dependency-update
+
+
     - name: Install Runtime
       shell: bash
       run: ${{ inputs.helm_command }}

.github/workflows/deployment-test.yaml

@@ -92,4 +92,4 @@ jobs:
             
             # verify management API is reachable as well. 
             # in production scenarios, the Managment API should NEVER be on the same ingress as the public API
-            curl -X GET --fail -k -L http://localhost/api/management/bpn-directory -H "content-type: application/json" -H "x-api-key: password" -o -
+            curl -X GET --fail -k -L https://localhost/api/management/bpn-directory -H "content-type: application/json" -H "x-api-key: password" -o -

system-tests/helm/values-test.yaml

@@ -18,6 +18,8 @@
 #################################################################################
 
 ---
+install:
+  vault: false
 server:
   ingresses:
     - enabled: true
@@ -30,19 +32,6 @@ server:
         enabled: true
         secretName: "tls-secret"
 
-# we use this to pre-populate the Hashicorp Vault with the database user and password
 vault:
-  server:
-    postStart:
-      - sh
-      - -c
-      - |-
-        {
-        sleep 5
-        
-        /bin/vault kv put secret/edc.datasource.didentry.user content=bdrs
-
-        /bin/vault kv put secret/edc.datasource.didentry.password content=password
-        
-        /bin/vault kv put secret/mgmt-api-key content=password
-        }
+  hashicorp:
+    url: "http://vault:8200"

system-tests/helm/values-vault-test.yaml

@@ -0,0 +1,49 @@
+#################################################################################
+#  Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0.
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#################################################################################
+
+# this file is intended to provide configuration for a standalone Hashicorp Vault deployment used in a BDRS CI test
+---
+injector:
+  enabled: false
+server:
+  dev:
+    enabled: true
+    devRootToken: "root"
+  postStart:
+    - sh
+    - -c
+    - |-
+      {
+      sleep 5
+      
+      /bin/vault kv put secret/edc.datasource.didentry.user content=bdrs
+      
+      /bin/vault kv put secret/edc.datasource.didentry.password content=password
+      
+      /bin/vault kv put secret/mgmt-api-key content=password
+      }
+hashicorp:
+  token: "root"
+  timeout: 30
+  healthCheck:
+    enabled: true
+    standbyOk: true
+  paths:
+    secret: /v1/secret
+    health: /v1/sys/health