diff --git a/README.md b/README.md index bc1d7ecf..650e4eb1 100644 --- a/README.md +++ b/README.md @@ -350,7 +350,7 @@ docker run --env-file .env.docker -p 8080:8080 managed-identity-wallets::/?user=&password="` | Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false | | managedIdentityWallets.secret.authclientid | string | `"clientid"` | It can be extracted from Keycloak | | managedIdentityWallets.secret.authclientsecret | string | `"client"` | It can be extracted from Keycloak | | managedIdentityWallets.secret.bpdmauthclientid | string | `"clientid"` | client id for accessing the BPDM data pool endpoint | diff --git a/charts/managed-identity-wallets/templates/_helpers.tpl b/charts/managed-identity-wallets/templates/_helpers.tpl index 777b1dcd..1e91d554 100644 --- a/charts/managed-identity-wallets/templates/_helpers.tpl +++ b/charts/managed-identity-wallets/templates/_helpers.tpl @@ -70,6 +70,13 @@ Usage: include "postgresContext" (list $ "your_include_function_here") {{- include $function (dict "Values" $.Values.postgresql "Chart" (dict "Name" "postgresql") "Release" $.Release) }} {{- end }} +{{/* +Create the default JDBC url +*/}} +{{- define "managed-identity-wallets.jdbcUrl" -}} +{{- printf "jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s" .Release.Name .Values.postgresql.secret.user .Values.postgresql.secret.postgrespassword }} +{{- end -}} + {{/* Create the name of the service account to use */}} diff --git a/charts/managed-identity-wallets/templates/deployment.yaml b/charts/managed-identity-wallets/templates/deployment.yaml index 94dca8c2..250a8161 100644 --- a/charts/managed-identity-wallets/templates/deployment.yaml +++ b/charts/managed-identity-wallets/templates/deployment.yaml @@ -32,10 +32,14 @@ spec: - name: ALLOW_EMPTY_PASSWORD value: {{ .Values.allowEmptyPassword | default "no" }} - name: MIW_DB_JDBC_URL + {{- if .Values.postgresql.useDefaultJdbcUrl }} + value: {{ include "managed-identity-wallets.jdbcUrl" . }} + {{- else }} valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-secret key: miw-db-jdbc-url + {{- end }} - name: MIW_DB_JDBC_DRIVER value: {{ .Values.db.jdbcDriver }} - name: MIW_AUTH_JWKS_URL @@ -182,10 +186,14 @@ spec: - name: QUARKUS_HTTP_ACCESS_LOG_ENABLED value: {{ .Values.revocationService.httpAccessLog | quote | default "false" }} - name: QUARKUS_DATASOURCE_JDBC_URL + {{- if .Values.postgresql.useDefaultJdbcUrl }} + value: {{ include "managed-identity-wallets.jdbcUrl" . }} + {{- else }} valueFrom: secretKeyRef: name: {{ include "managed-identity-wallets.fullname" . }}-secret key: miw-db-jdbc-url + {{- end }} - name: REVOCATION_BASE_URL value: {{ .Values.revocationService.baseUrlForCredentialList }} - name: REVOCATION_MIN_ISSUE_INTERVAL @@ -215,7 +223,7 @@ spec: name: {{ include "managed-identity-wallets.fullname" . }}-acapy key: acapy-endorser-agent-wallet-seed - name: LEDGER_URL - value: {{ .Values.acapy.endorser.ledgerUrl }} + value: {{ .Values.acapy.endorser.genesisUrl }} - name: LABEL value: {{ .Values.acapy.endorser.label }} - name: JWT_SECRET @@ -309,7 +317,7 @@ spec: name: {{ include "managed-identity-wallets.fullname" . }}-acapy key: acapy-mt-agent-wallet-seed - name: LEDGER_URL - value: {{ .Values.acapy.mt.ledgerUrl }} + value: {{ .Values.acapy.mt.genesisUrl }} - name: LABEL value: {{ .Values.acapy.mt.label }} - name: JWT_SECRET diff --git a/charts/managed-identity-wallets/values-beta.yaml b/charts/managed-identity-wallets/values-beta.yaml index 5c7b3028..07fbccd0 100644 --- a/charts/managed-identity-wallets/values-beta.yaml +++ b/charts/managed-identity-wallets/values-beta.yaml @@ -4,8 +4,12 @@ auth: redirectUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/callback" wallet: baseWalletBpn: "BPNL00000003CRHK" + baseWalletShortDid: "YPp94k3hzcedGE6JBBzd7k" + baseWalletVerkey: "J7QUrkAtsWDGSsNeHKwQxr8aipWCBNvxxGZQ8SjVc5u5" + baseWalletName: "Catena-X-BETA" + membershipOrganisation: "Catena-X" datapool: - url: "https://catenax-bpdm-beta.demo.catena-x.net" + url: "https://partners-pool.beta.demo.catena-x.net" authUrl: "https://centralidp.beta.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" revocationService: baseUrlForCredentialList: "https://managed-identity-wallets.beta.demo.catena-x.net/api/credentials/" @@ -15,30 +19,77 @@ ingress: certificate: host: "managed-identity-wallets.beta.demo.catena-x.net" acapy: - endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net:8000/" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: + endorser: + genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" + networkIdentifier: "idunion:test" + endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-base" + secret: + apikey: + walletseed: + dbaccount: + dbadminuser: + dbadminpassword: + dbpassword: + jwtsecret: + walletkey: + mt: + genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" + networkIdentifier: "idunion:test" + endpointUrl: "https://managed-identity-wallets.beta.demo.catena-x.net/didcomm-managed-wallets" + endorserPublicDid: "YPp94k3hzcedGE6JBBzd7k" + secret: + apikey: + walletseed: + dbaccount: + dbadminuser: + dbadminpassword: + dbpassword: + jwtsecret: + walletkey: managedIdentityWallets: secret: - jdbcurl: - authclientid: - authclientsecret: - bpdmauthclientid: - bpdmauthclientsecret: + jdbcurl: + authclientid: + authclientsecret: + bpdmauthclientid: + bpdmauthclientsecret: postgresql: + useDefaultJdbcUrl: false secret: - password: - postgrespassword: - user: + password: + postgrespassword: + user: acapypostgresql: secret: - password: - postgrespassword: - user: + password: + postgrespassword: + user: +resources: + managedIdentityWallets: + requests: + cpu: "200m" + memory: "512Mi" + limits: + cpu: "250m" + memory: "512Mi" + revocationService: + requests: + cpu: "200m" + memory: "512Mi" + limits: + cpu: "250m" + memory: "512Mi" + endorserAcapy: + requests: + cpu: "200m" + memory: "256Mi" + limits: + cpu: "250m" + memory: "512Mi" + mtAcapy: + requests: + cpu: "200m" + memory: "256Mi" + limits: + cpu: "250m" + memory: "512Mi" diff --git a/charts/managed-identity-wallets/values-dev.yaml b/charts/managed-identity-wallets/values-dev.yaml index 12fe70fa..4d8fbcee 100644 --- a/charts/managed-identity-wallets/values-dev.yaml +++ b/charts/managed-identity-wallets/values-dev.yaml @@ -21,7 +21,6 @@ certificate: acapy: endorser: logLevel: "DEBUG" - ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-base" secret: apikey: @@ -34,7 +33,6 @@ acapy: walletkey: mt: logLevel: "DEBUG" - ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" endpointUrl: "https://managed-identity-wallets.dev.demo.catena-x.net/didcomm-managed-wallets" endorserPublicDid: "MhLrwtKpZhNCzazMeofPQH" secret: @@ -54,6 +52,7 @@ managedIdentityWallets: bpdmauthclientid: bpdmauthclientsecret: postgresql: + useDefaultJdbcUrl: false secret: password: postgrespassword: diff --git a/charts/managed-identity-wallets/values-int.yaml b/charts/managed-identity-wallets/values-int.yaml index beaf3872..5ff9f922 100644 --- a/charts/managed-identity-wallets/values-int.yaml +++ b/charts/managed-identity-wallets/values-int.yaml @@ -20,7 +20,7 @@ certificate: host: "managed-identity-wallets.int.demo.catena-x.net" acapy: endorser: - ledgerUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" + genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-base" networkIdentifier: "idunion:test" secret: @@ -33,7 +33,7 @@ acapy: jwtsecret: walletkey: mt: - ledgerUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" + genesisUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" endpointUrl: "https://managed-identity-wallets.int.demo.catena-x.net/didcomm-managed-wallets" endorserPublicDid: "2xcjN7LjnHGaPdZbbGqju5" networkIdentifier: "idunion:test" @@ -54,6 +54,7 @@ managedIdentityWallets: bpdmauthclientid: bpdmauthclientsecret: postgresql: + useDefaultJdbcUrl: false secret: password: postgrespassword: diff --git a/charts/managed-identity-wallets/values-pre-prod.yaml b/charts/managed-identity-wallets/values-pre-prod.yaml deleted file mode 100644 index cde356ac..00000000 --- a/charts/managed-identity-wallets/values-pre-prod.yaml +++ /dev/null @@ -1,94 +0,0 @@ -auth: - jwksUrl: "https://centralidp.pre-prod.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/certs" - issuerUrl: "https://centralidp.pre-prod.demo.catena-x.net/auth/realms/CX-Central" - redirectUrl: "https://managed-identity-wallets.pre-prod.demo.catena-x.net/callback" -wallet: - baseWalletBpn: "BPNL00000003CRHK" - baseWalletShortDid: "YPp94k3hzcedGE6JBBzd7k" - baseWalletVerkey: "J7QUrkAtsWDGSsNeHKwQxr8aipWCBNvxxGZQ8SjVc5u5" - baseWalletName: "Catena-X-Pre-prod" - membershipOrganisation: "Catena-X" -datapool: - url: "https://partners-pool.pre-prod.demo.catena-x.net" - authUrl: "https://centralidp.pre-prod.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" -revocationService: - baseUrlForCredentialList: "https://managed-identity-wallets.pre-prod.demo.catena-x.net/api/credentials/" - clientIssuanceApiUrl: "http://localhost:8080" -ingress: - enabled: true -certificate: - host: "managed-identity-wallets.pre-prod.demo.catena-x.net" -acapy: - endorser: - ledgerUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" - networkIdentifier: "idunion:test" - endpointUrl: "https://managed-identity-wallets.pre-prod.demo.catena-x.net/didcomm-base" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: - mt: - ledgerUrl: "https://raw.githubusercontent.com/catenax-ng/product-core-schemas/main/genesis" - networkIdentifier: "idunion:test" - endpointUrl: "https://managed-identity-wallets.pre-prod.demo.catena-x.net/didcomm-managed-wallets" - endorserPublicDid: "YPp94k3hzcedGE6JBBzd7k" - secret: - apikey: - walletseed: - dbaccount: - dbadminuser: - dbadminpassword: - dbpassword: - jwtsecret: - walletkey: -managedIdentityWallets: - secret: - jdbcurl: - authclientid: - authclientsecret: - bpdmauthclientid: - bpdmauthclientsecret: -postgresql: - secret: - password: - postgrespassword: - user: -acapypostgresql: - secret: - password: - postgrespassword: - user: -resources: - managedIdentityWallets: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - revocationService: - requests: - cpu: "200m" - memory: "512Mi" - limits: - cpu: "250m" - memory: "512Mi" - endorserAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" - mtAcapy: - requests: - cpu: "200m" - memory: "256Mi" - limits: - cpu: "250m" - memory: "512Mi" diff --git a/charts/managed-identity-wallets/values.yaml b/charts/managed-identity-wallets/values.yaml index bc29026c..af4607b9 100644 --- a/charts/managed-identity-wallets/values.yaml +++ b/charts/managed-identity-wallets/values.yaml @@ -98,7 +98,7 @@ acapy: # The configuration of the AcaPy endorser instance endorser: # -- The url of the used Indy ledger - ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" + genesisUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" # -- The label of the instance label: "BaseWalletIssuer" logLevel: "INFO" @@ -117,8 +117,8 @@ acapy: secret: # -- The API key of the admin endpoints. It must be a random and secure string apikey: "0" - # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) - walletseed: "0" + # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. + walletseed: "RandomSeedPlaceHolder0x135791113" dbaccount: "postgres" dbadminuser: "postgres" dbadminpassword: "postgres" @@ -130,7 +130,7 @@ acapy: # AcaPy multi-tenancy instance mt: # -- The url of the used Indy ledger - ledgerUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" + genesisUrl: "http://dev.greenlight.bcovrin.vonx.io/genesis" # -- The label of the instance label: "ManagedWallet" logLevel: "INFO" @@ -153,8 +153,8 @@ acapy: secret: # -- The API-Key of the admin endpoints. It must be a random and secure string apikey: "0" - # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers) - walletseed: "0" + # -- The seed of the wallet. It must be random and secure (no patterns or use of dictionary words, the use of uppercase and lowercase letters - as well as numbers and allowed symbols, no personal preferences like names or phone numbers). It must be registired on the used ledger as endorser. + walletseed: "RandomSeedPlaceHolder0x246810120" dbaccount: "postgres" dbadminuser: "postgres" dbadminpassword: "postgres" @@ -176,6 +176,8 @@ acapypostgresql: user: "postgres" # The configuration and secrets of the database that is used by the MIW postgresql: + # -- use the default jdbc url `jdbc:postgresql://%s-postgresql:5432/postgres?user=%s&password=%s` instead of the value in managedIdentityWallets.secrets.jdbcUrl + useDefaultJdbcUrl: true enabled: true auth: existingSecret: product-managed-identity-wallets-postgresql @@ -217,8 +219,8 @@ datapool: authUrl: "" managedIdentityWallets: secret: - # -- Database connection string to the Postgres database of MIW - jdbcurl: "jdbc:postgresql://postgresql:5432/postgres?user=postgres&password=postgres" + # -- Database connection string to the Postgres database of MIW. Used when postgresql.useDefaultJdbcUrl is false + jdbcurl: "jdbc:postgresql://:/?user=&password=" # -- It can be extracted from Keycloak authclientid: "clientid" # -- It can be extracted from Keycloak