chore: remove MIW from code base (#1170)

* delete modules

* delete miw tests

* fix refresh token tests

* remove ssi mem runtime

* add IATP as default identity service

* exclude BDRS from tests

* update helm docs

* fix tests

* DEPENDENCIES

* fix tests

* DEPENDENCIES

* DEPENDENCIES

* DEPENDENCIES, removed printClassPAth

.github/workflows/verify.yaml

@@ -116,7 +116,6 @@ jobs:
                    { dir: edc-tests/edc-controlplane/edr-api-tests },
                    { dir: edc-tests/edc-controlplane/iatp-tests },
                    { dir: edc-tests/edc-controlplane/policy-tests },
-                   { dir: edc-tests/edc-controlplane/ssi-summarycred-tests },
                    { dir: edc-tests/edc-controlplane/transfer-tests }
         ]
     steps:
@@ -154,39 +153,3 @@ jobs:
 
       - name: Run Azure/S3 dataplane tests
         run: ./gradlew -p edc-tests/edc-dataplane test -DincludeTags="AzureCosmosDbIntegrationTest,AwsS3IntegrationTest"
-
-  miw-integration-tests:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/setup-java
-      - uses: actions/checkout@v4
-      - name: Starting MIW, Keycloak and Postgres Servers
-        run: |
-          cd edc-tests/miw-tests/src/test/resources/docker-environment
-          docker compose up --wait
-
-      - uses: nick-fields/retry@v3
-        name: Wait for MIW
-        with:
-          timeout_minutes: 5
-          max_attempts: 3
-          command: |
-            code=$(curl -IL -sw "%{http_code}" http://localhost:8000/api/actuator/health -o /dev/null)  
-            if [ "$code" -ne "401" ]; then
-              echo "MIW not ready yet, status = $code"
-              exit 1;
-            fi
-
-      - name: Seed test data
-        run: |
-          docker exec docker-environment-postgres-1 /opt/seed.sh
-
-      - name: Run MIW Integration tests
-        run: |
-          ./gradlew -p edc-tests/miw-tests test -DincludeTags="MiwIntegrationTest"
-      - name: Run SSI E2E tests
-        run: |
-          pwd
-          ./gradlew compileJava compileTestJava
-          ./gradlew -p edc-tests/e2e-tests test -DincludeTags="MiwIntegrationTest"

build.gradle.kts

@@ -138,13 +138,6 @@ allprojects {
         }
     }
 
-    // EdcRuntimeExtension uses this to determine the runtime classpath of the module to run.
-    tasks.register("printClasspath") {
-        doLast {
-            println(sourceSets["main"].runtimeClasspath.asPath)
-        }
-    }
-
 }
 
 // the "dockerize" task is added to all projects that use the `shadowJar` plugin

charts/tractusx-connector-azure-vault/README.md

@@ -160,11 +160,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version 0.
 | controlplane.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
 | controlplane.service.annotations | object | `{}` |  |
 | controlplane.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
-| controlplane.ssi.miw.url | string | `""` | MIW URL |
-| controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
-| controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
 | controlplane.tolerations | list | `[]` |  |
 | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
 | controlplane.volumeMounts | string | `nil` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |

charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml

@@ -147,22 +147,6 @@ spec:
             - name: EDC_PARTICIPANT_ID
               value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
 
-            ##########################
-            # SSI / MIW CONFIGURATION
-            ##########################
-            - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.controlplane.ssi.miw.url | quote }}
-            - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.controlplane.ssi.miw.authorityId | quote }}
-            - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.controlplane.ssi.oauth.client.id | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }}
-            - name: "TX_SSI_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-
             #######
             # API #
             #######

charts/tractusx-connector-azure-vault/values.yaml

@@ -119,21 +119,6 @@ controlplane:
       agreementValidation: true
   edr:
     transferProxyTokenValidity: "2592000"
-  # SSI configuration
-  ssi:
-    miw:
-      # -- MIW URL
-      url: ""
-      # -- The BPN of the issuer authority
-      authorityId: ""
-    oauth:
-      # -- The URL (of KeyCloak), where access tokens can be obtained
-      tokenurl: ""
-      client:
-        # -- The client ID for KeyCloak
-        id: ""
-        # -- The alias under which the client secret is stored in the vault.
-        secretAlias: "client-secret"
 
   service:
     # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.

charts/tractusx-connector-memory/README.md

@@ -147,11 +147,6 @@ helm install my-release tractusx-edc/tractusx-connector-memory --version 0.6.0 \
 | runtime.securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid |
 | runtime.service.annotations | object | `{}` |  |
 | runtime.service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
-| runtime.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
-| runtime.ssi.miw.url | string | `""` | MIW URL |
-| runtime.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| runtime.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
-| runtime.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
 | runtime.tolerations | list | `[]` |  |
 | runtime.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
 | runtime.url.public | string | `""` |  |

charts/tractusx-connector-memory/templates/deployment-runtime.yaml

@@ -147,23 +147,6 @@ spec:
             - name: EDC_PARTICIPANT_ID
               value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
 
-            ##########################
-            # SSI / MIW CONFIGURATION
-            ##########################
-            - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.runtime.ssi.miw.url | quote }}
-            - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.runtime.ssi.miw.authorityId | quote }}
-            - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.runtime.ssi.oauth.tokenurl | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.runtime.ssi.oauth.client.id | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.runtime.ssi.oauth.client.secretAlias | quote }}
-            - name: "TX_SSI_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.runtime.url.protocol" .) .Values.runtime.endpoints.protocol.path | quote }}
-
-
             #######
             # API #
             #######

charts/tractusx-connector-memory/values.yaml

@@ -114,21 +114,6 @@ runtime:
       agreementValidation: true
   edr:
     transferProxyTokenValidity: "2592000"
-  # SSI configuration
-  ssi:
-    miw:
-      # -- MIW URL
-      url: ""
-      # -- The BPN of the issuer authority
-      authorityId: ""
-    oauth:
-      # -- The URL (of KeyCloak), where access tokens can be obtained
-      tokenurl: ""
-      client:
-        # -- The client ID for KeyCloak
-        id: ""
-        # -- The alias under which the client secret is stored in the vault.
-        secretAlias: "client-secret"
 
   service:
     # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.

charts/tractusx-connector/templates/deployment-controlplane.yaml

@@ -147,22 +147,6 @@ spec:
             - name: EDC_PARTICIPANT_ID
               value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
 
-            ##########################
-            # SSI / MIW CONFIGURATION
-            ##########################
-            - name: "TX_SSI_MIW_URL"
-              value: {{ .Values.controlplane.ssi.miw.url | quote }}
-            - name: "TX_SSI_MIW_AUTHORITY_ID"
-              value: {{ .Values.controlplane.ssi.miw.authorityId | quote }}
-            - name: "TX_SSI_OAUTH_TOKEN_URL"
-              value: {{ .Values.controlplane.ssi.oauth.tokenurl | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_ID"
-              value: {{ .Values.controlplane.ssi.oauth.client.id | quote }}
-            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
-              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias | quote }}
-            - name: "TX_SSI_ENDPOINT_AUDIENCE"
-              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
-
             #######
             # API #
             #######
@@ -336,14 +320,6 @@ spec:
             - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH"
               value: {{ .Values.vault.hashicorp.paths.health | quote }}
 
-            ###########################
-            ## AAS WRAPPER EXTENSION ##
-            ###########################
-            - name: "EDC_CP_ADAPTER_CACHE_CATALOG_EXPIRE_AFTER"
-              value: "0"
-            - name: "EDC_CP_ADAPTER_REUSE_CONTRACT_AGREEMENT"
-              value: "0"
-
             ###########################
             ## BUSINESS PARTNER NUMBER VALIDATION EXTENSION ##
             ###########################

edc-controlplane/edc-controlplane-base/build.gradle.kts

@@ -35,17 +35,17 @@ dependencies {
     runtimeOnly(libs.edc.edr.store.receiver)
     runtimeOnly(libs.edc.dpf.transfer.signaling)
 
-    runtimeOnly(project(":edc-extensions:iatp:tx-iatp-sts-dim"))
 
     // needed for BPN validation
     runtimeOnly(project(":edc-extensions:bpn-validation"))
 
-    // needed for SSI integration
+    // needed for IATP integration
     runtimeOnly(project(":core:json-ld-core"))
-    runtimeOnly(project(":edc-extensions:ssi:ssi-identity-core"))
-    runtimeOnly(project(":edc-extensions:ssi:ssi-miw-credential-client"))
-    runtimeOnly(project(":edc-extensions:ssi:ssi-identity-extractor"))
-    runtimeOnly(project(":edc-extensions:cx-policy-legacy"))
+    runtimeOnly(libs.edc.core.did)
+    runtimeOnly(libs.edc.core.identitytrust)
+    runtimeOnly(project(":edc-extensions:iatp:tx-iatp-sts-dim"))
+    runtimeOnly(project(":edc-extensions:bdrs-client"))
+
 
     runtimeOnly(libs.edc.core.connector)
     runtimeOnly(libs.edc.core.controlplane)

edc-dataplane/edc-dataplane-base/build.gradle.kts

@@ -29,7 +29,7 @@ dependencies {
     runtimeOnly(project(":edc-extensions:dataplane:dataplane-token-refresh:token-refresh-api"))
 
     runtimeOnly(libs.edc.jsonld) // needed by the DataPlaneSignalingApi
-    runtimeOnly(libs.edc.identity.core.did) // for the DID Public Key Resolver
+    runtimeOnly(libs.edc.core.did) // for the DID Public Key Resolver
     runtimeOnly(libs.edc.config.filesystem)
     runtimeOnly(libs.edc.auth.tokenbased)
     runtimeOnly(libs.edc.dpf.awss3)

edc-extensions/bdrs-client/build.gradle.kts

@@ -23,6 +23,7 @@ plugins {
 }
 
 dependencies {
+    implementation(project(":core:core-utils"))
     implementation(libs.edc.spi.core)
     implementation(libs.edc.spi.http)
 

edc-extensions/bdrs-client/src/main/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientExtension.java

@@ -28,6 +28,7 @@
 import org.eclipse.edc.spi.system.ServiceExtension;
 import org.eclipse.edc.spi.system.ServiceExtensionContext;
 import org.eclipse.edc.spi.types.TypeManager;
+import org.eclipse.tractusx.edc.core.utils.RequiredConfigWarnings;
 
 import static org.eclipse.tractusx.edc.identity.mapper.BdrsClientExtension.NAME;
 
@@ -56,7 +57,7 @@ public String name() {
     public AudienceResolver getBdrsAudienceResolver(ServiceExtensionContext context) {
         var baseUrl = context.getConfig().getString(BDRS_SERVER_URL_PROPERTY, null);
         if (baseUrl == null) {
-            context.getMonitor().severe("The following property was expected but was not provided: '%s'. This runtime will not work correctly!".formatted(BDRS_SERVER_URL_PROPERTY));
+            RequiredConfigWarnings.warningNotPresent(context.getMonitor(), BDRS_SERVER_URL_PROPERTY);
         }
         var cacheValidity = context.getConfig().getInteger(BDRS_SERVER_CACHE_VALIDITY_PERIOD, DEFAULT_BDRS_CACHE_VALIDITY);
         return new BdrsClient(baseUrl, cacheValidity, httpClient, context.getMonitor(), typeManager.getMapper());

edc-extensions/bdrs-client/src/test/java/org/eclipse/tractusx/edc/identity/mapper/BdrsClientExtensionTest.java

@@ -30,7 +30,6 @@
 import static org.eclipse.tractusx.edc.identity.mapper.BdrsClientExtension.BDRS_SERVER_URL_PROPERTY;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.ArgumentMatchers.isNull;
-import static org.mockito.ArgumentMatchers.matches;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
@@ -52,6 +51,7 @@ void createClient_whenUrlMissing_expectLogError(ServiceExtensionContext context,
         when(cfg.getString(eq(BDRS_SERVER_URL_PROPERTY), isNull())).thenReturn(null);
 
         extension.getBdrsAudienceResolver(context);
-        verify(monitor).severe(matches("^The following property was expected but was not provided: '.*'. This runtime will not work correctly!$"));
+        verify(monitor).severe(eq("Mandatory config value missing: 'tx.iam.iatp.bdrs.server.url'. This runtime will not be fully operational! Starting with v0.7.x this will be a runtime error."));
+
     }
 }