fix(docs): update Helm documentation (#1220)

* fix(test): use DID as VP issuers

* wip

* updated helm documents

* regen doc

* add missing dep

* DEPENDENCIES

DEPENDENCIES

@@ -351,6 +351,7 @@ maven/mavencentral/org.eclipse.edc/boot-spi/0.6.1-SNAPSHOT, Apache-2.0, approved
 maven/mavencentral/org.eclipse.edc/boot/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/callback-event-dispatcher/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/callback-http-dispatcher/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc
+maven/mavencentral/org.eclipse.edc/callback-static-endpoint/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/catalog-api/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/catalog-spi/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc
 maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc

charts/tractusx-connector-azure-vault/README.md

@@ -9,33 +9,32 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
 
 **Homepage:** <https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector>
 
-## Setting up SSI
+## Setting up IATP
 
 ### Preconditions
 
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
+- You'll need an account with DIM, the wallet for VerifiableCredentials
+- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the
   Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
 - the client ID and client secret corresponding to that account must be known
 
 ### Preparatory work
 
-- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows:
- ```bash
- az keyvault secret set --vault-name <YOUR_VAULT_NAME> --name client-secret --value "$YOUR_CLIENT_SECRET"
- ```
- By default, Tractus-X EDC expects to find the secret under `client-secret`.
+- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and
+  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured
+  using the `iatp.sts.oauth.client.secret_alias` Helm value.
 
 ### Configure the chart
 
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
+- `iatp.sts.oauth.token_url`: the token endpoint of DIM
+- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM
+- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault
+- `iatp.sts.dim.url`: the base URL for DIM
+
+In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which
+must be configured:
+- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS")
 
 ### Launching the application
 

charts/tractusx-connector-azure-vault/README.md.gotmpl

@@ -8,35 +8,33 @@
 
 {{ template "chart.homepageLine" . }}
 
-## Setting up SSI
+## Setting up IATP
 
 ### Preconditions
 
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
+- You'll need an account with DIM, the wallet for VerifiableCredentials
+- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the
   Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
 - the client ID and client secret corresponding to that account must be known
 
 ### Preparatory work
 
-- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows:
- ```bash
- az keyvault secret set --vault-name <YOUR_VAULT_NAME> --name client-secret --value "$YOUR_CLIENT_SECRET"
- ```
- By default, Tractus-X EDC expects to find the secret under `client-secret`.
+- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and
+  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured
+  using the `iatp.sts.oauth.client.secret_alias` Helm value.
 
 
 ### Configure the chart
 
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
+- `iatp.sts.oauth.token_url`: the token endpoint of DIM
+- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM
+- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault
+- `iatp.sts.dim.url`: the base URL for DIM
 
+In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which
+must be configured:
+- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS")
 
 ### Launching the application
 
@@ -54,7 +52,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version {{
      --set vault.azure.tenant=$AZURE_TENANT_ID
 ```
 
-
 {{ template "chart.maintainersSection" . }}
 
 {{ template "chart.sourcesSection" . }}

charts/tractusx-connector-memory/README.md

@@ -6,30 +6,32 @@ A Helm chart for Tractus-X Eclipse Data Space Connector based on memory. Please
 
 **Homepage:** <https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory>
 
-## Setting up SSI
+## Setting up IATP
 
 ### Preconditions
 
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
+- You'll need an account with DIM, the wallet for VerifiableCredentials
+- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the
   Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
 - the client ID and client secret corresponding to that account must be known
 
 ### Preparatory work
 
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
+- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and
+  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured
+  using the `iatp.sts.oauth.client.secret_alias` Helm value.
 
 ### Configure the chart
 
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `runtime.ssi.miw.url`: the URL
-- `runtime.ssi.miw.authorityId`: the BPN of the issuer authority
-- `runtime.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `runtime.ssi.oauth.client.id`: client ID for KeyCloak
-- `runtime.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
+- `iatp.sts.oauth.token_url`: the token endpoint of DIM
+- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM
+- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault
+- `iatp.sts.dim.url`: the base URL for DIM
+
+In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which
+must be configured:
+- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS")
 
 ### Launching the application
 

charts/tractusx-connector-memory/README.md.gotmpl

@@ -8,32 +8,33 @@
 
 {{ template "chart.homepageLine" . }}
 
-## Setting up SSI
+## Setting up IATP
 
 ### Preconditions
 
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
+- You'll need an account with DIM, the wallet for VerifiableCredentials
+- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the
   Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
 - the client ID and client secret corresponding to that account must be known
 
 ### Preparatory work
 
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
+- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and
+  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured
+  using the `iatp.sts.oauth.client.secret_alias` Helm value.
 
 
 ### Configure the chart
 
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `runtime.ssi.miw.url`: the URL
-- `runtime.ssi.miw.authorityId`: the BPN of the issuer authority
-- `runtime.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `runtime.ssi.oauth.client.id`: client ID for KeyCloak
-- `runtime.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
+- `iatp.sts.oauth.token_url`: the token endpoint of DIM
+- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM
+- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault
+- `iatp.sts.dim.url`: the base URL for DIM
+
+In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which
+must be configured:
+- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS")
 
 ### Launching the application
 

charts/tractusx-connector/README.md

@@ -9,30 +9,32 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex
 
 **Homepage:** <https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector>
 
-## Setting up SSI
+## Setting up IATP
 
 ### Preconditions
 
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
+- You'll need an account with DIM, the wallet for VerifiableCredentials
+- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the
   Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
 - the client ID and client secret corresponding to that account must be known
 
 ### Preparatory work
 
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
+- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and
+  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured
+  using the `iatp.sts.oauth.client.secret_alias` Helm value.
 
 ### Configure the chart
 
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
+- `iatp.sts.oauth.token_url`: the token endpoint of DIM
+- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM
+- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault
+- `iatp.sts.dim.url`: the base URL for DIM
+
+In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which
+must be configured:
+- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS")
 
 ### Launching the application
 

charts/tractusx-connector/README.md.gotmpl

@@ -8,32 +8,33 @@
 
 {{ template "chart.homepageLine" . }}
 
-## Setting up SSI
+## Setting up IATP
 
 ### Preconditions
 
-- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network
-- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the
+- You'll need an account with DIM, the wallet for VerifiableCredentials
+- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the
   Portal during participant onboarding
-- KeyCloak must be running and reachable via network
-- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens
 - the client ID and client secret corresponding to that account must be known
 
 ### Preparatory work
 
-- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and
-  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`.
+- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and
+  is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured
+  using the `iatp.sts.oauth.client.secret_alias` Helm value.
 
 
 ### Configure the chart
 
 Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart:
-- `controlplane.ssi.miw.url`: the URL
-- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority
-- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained
-- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak
-- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`.
-
+- `iatp.sts.oauth.token_url`: the token endpoint of DIM
+- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM
+- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault
+- `iatp.sts.dim.url`: the base URL for DIM
+
+In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which
+must be configured:
+- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS")
 
 ### Launching the application
 

edc-controlplane/edc-controlplane-base/build.gradle.kts

@@ -33,7 +33,7 @@ dependencies {
     runtimeOnly(libs.edc.core.edrstore)
     runtimeOnly(libs.edc.edr.store.receiver)
     runtimeOnly(libs.edc.dpf.transfer.signaling)
-
+    runtimeOnly(libs.edc.controlplane.callback.staticendpoint)
 
     // needed for BPN validation
     runtimeOnly(project(":edc-extensions:bpn-validation"))

edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/harness/DataspaceIssuer.java

@@ -105,6 +105,7 @@ public VerifiableCredentialResource issueMembershipCredential(String did, String
 
     public VerifiableCredentialResource issueDismantlerCredential(String did, String bpn, JsonLd jsonLd) {
         return issueCredential(did, bpn, jsonLd, "DismantlerCredential", () -> CredentialSubject.Builder.newInstance()
+                        .id(did)
                         .claim("holderIdentifier", bpn)
                         .claim("activityType", "vehicleDismantle")
                         .claim("allowedVehicleBrands", List.of("Moskvich", "Lada"))

gradle/libs.versions.toml

@@ -65,6 +65,7 @@ edc-core-policy-monitor = { module = "org.eclipse.edc:policy-monitor-core", vers
 edc-core-sql = { module = "org.eclipse.edc:sql-core", version.ref = "edc" }
 edc-core-token = { module = "org.eclipse.edc:token-core", version.ref = "edc" }
 edc-core-edrstore = { module = "org.eclipse.edc:edr-store-core", version.ref = "edc" }
+edc-controlplane-callback-staticendpoint = { module = "org.eclipse.edc:callback-static-endpoint", version.ref = "edc" }
 edc-junit = { module = "org.eclipse.edc:junit", version.ref = "edc" }
 edc-api-management-config = { module = "org.eclipse.edc:management-api-configuration", version.ref = "edc" }
 edc-api-management = { module = "org.eclipse.edc:management-api", version.ref = "edc" }