From 73d221b9fab071854bd64c9911b95a59f4747cfa Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger <43503240+paullatzelsperger@users.noreply.github.com> Date: Mon, 15 Apr 2024 11:54:39 +0200 Subject: [PATCH] fix(docs): update Helm documentation (#1220) * fix(test): use DID as VP issuers * wip * updated helm documents * regen doc * add missing dep * DEPENDENCIES --- DEPENDENCIES | 1 + .../tractusx-connector-azure-vault/README.md | 29 +++++++++---------- .../README.md.gotmpl | 29 +++++++++---------- charts/tractusx-connector-memory/README.md | 26 +++++++++-------- .../README.md.gotmpl | 27 ++++++++--------- charts/tractusx-connector/README.md | 26 +++++++++-------- charts/tractusx-connector/README.md.gotmpl | 27 ++++++++--------- .../edc-controlplane-base/build.gradle.kts | 2 +- .../iatp/harness/DataspaceIssuer.java | 1 + gradle/libs.versions.toml | 1 + 10 files changed, 87 insertions(+), 82 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index d14d41ebc..a207535b8 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -351,6 +351,7 @@ maven/mavencentral/org.eclipse.edc/boot-spi/0.6.1-SNAPSHOT, Apache-2.0, approved maven/mavencentral/org.eclipse.edc/boot/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/callback-event-dispatcher/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/callback-http-dispatcher/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/callback-static-endpoint/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/catalog-api/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/catalog-spi/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.6.1-SNAPSHOT, Apache-2.0, approved, technology.edc diff --git a/charts/tractusx-connector-azure-vault/README.md b/charts/tractusx-connector-azure-vault/README.md index f4a42d029..38f4e93a1 100644 --- a/charts/tractusx-connector-azure-vault/README.md +++ b/charts/tractusx-connector-azure-vault/README.md @@ -9,33 +9,32 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex **Homepage:** -## Setting up SSI +## Setting up IATP ### Preconditions -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the +- You'll need an account with DIM, the wallet for VerifiableCredentials +- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens - the client ID and client secret corresponding to that account must be known ### Preparatory work -- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows: - ```bash - az keyvault secret set --vault-name --name client-secret --value "$YOUR_CLIENT_SECRET" - ``` - By default, Tractus-X EDC expects to find the secret under `client-secret`. +- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and + is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured + using the `iatp.sts.oauth.client.secret_alias` Helm value. ### Configure the chart Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. +- `iatp.sts.oauth.token_url`: the token endpoint of DIM +- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM +- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault +- `iatp.sts.dim.url`: the base URL for DIM + +In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which +must be configured: +- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") ### Launching the application diff --git a/charts/tractusx-connector-azure-vault/README.md.gotmpl b/charts/tractusx-connector-azure-vault/README.md.gotmpl index 4823545b3..cb5cc10e6 100644 --- a/charts/tractusx-connector-azure-vault/README.md.gotmpl +++ b/charts/tractusx-connector-azure-vault/README.md.gotmpl @@ -8,35 +8,33 @@ {{ template "chart.homepageLine" . }} -## Setting up SSI +## Setting up IATP ### Preconditions -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the +- You'll need an account with DIM, the wallet for VerifiableCredentials +- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens - the client ID and client secret corresponding to that account must be known ### Preparatory work -- store your KeyCloak client secret in the Azure KeyVault. The exact procedure is as follows: - ```bash - az keyvault secret set --vault-name --name client-secret --value "$YOUR_CLIENT_SECRET" - ``` - By default, Tractus-X EDC expects to find the secret under `client-secret`. +- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and + is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured + using the `iatp.sts.oauth.client.secret_alias` Helm value. ### Configure the chart Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. +- `iatp.sts.oauth.token_url`: the token endpoint of DIM +- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM +- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault +- `iatp.sts.dim.url`: the base URL for DIM +In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which +must be configured: +- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") ### Launching the application @@ -54,7 +52,6 @@ helm install my-release tractusx-edc/tractusx-connector-azure-vault --version {{ --set vault.azure.tenant=$AZURE_TENANT_ID ``` - {{ template "chart.maintainersSection" . }} {{ template "chart.sourcesSection" . }} diff --git a/charts/tractusx-connector-memory/README.md b/charts/tractusx-connector-memory/README.md index c01e61614..a8a45228f 100644 --- a/charts/tractusx-connector-memory/README.md +++ b/charts/tractusx-connector-memory/README.md @@ -6,30 +6,32 @@ A Helm chart for Tractus-X Eclipse Data Space Connector based on memory. Please **Homepage:** -## Setting up SSI +## Setting up IATP ### Preconditions -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the +- You'll need an account with DIM, the wallet for VerifiableCredentials +- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens - the client ID and client secret corresponding to that account must be known ### Preparatory work -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. +- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and + is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured + using the `iatp.sts.oauth.client.secret_alias` Helm value. ### Configure the chart Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `runtime.ssi.miw.url`: the URL -- `runtime.ssi.miw.authorityId`: the BPN of the issuer authority -- `runtime.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `runtime.ssi.oauth.client.id`: client ID for KeyCloak -- `runtime.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. +- `iatp.sts.oauth.token_url`: the token endpoint of DIM +- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM +- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault +- `iatp.sts.dim.url`: the base URL for DIM + +In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which +must be configured: +- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") ### Launching the application diff --git a/charts/tractusx-connector-memory/README.md.gotmpl b/charts/tractusx-connector-memory/README.md.gotmpl index a5d149876..fd4b05c2c 100644 --- a/charts/tractusx-connector-memory/README.md.gotmpl +++ b/charts/tractusx-connector-memory/README.md.gotmpl @@ -8,32 +8,33 @@ {{ template "chart.homepageLine" . }} -## Setting up SSI +## Setting up IATP ### Preconditions -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the +- You'll need an account with DIM, the wallet for VerifiableCredentials +- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens - the client ID and client secret corresponding to that account must be known ### Preparatory work -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. +- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and + is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured + using the `iatp.sts.oauth.client.secret_alias` Helm value. ### Configure the chart Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `runtime.ssi.miw.url`: the URL -- `runtime.ssi.miw.authorityId`: the BPN of the issuer authority -- `runtime.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `runtime.ssi.oauth.client.id`: client ID for KeyCloak -- `runtime.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - +- `iatp.sts.oauth.token_url`: the token endpoint of DIM +- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM +- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault +- `iatp.sts.dim.url`: the base URL for DIM + +In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which +must be configured: +- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") ### Launching the application diff --git a/charts/tractusx-connector/README.md b/charts/tractusx-connector/README.md index a734c214a..17cec9991 100644 --- a/charts/tractusx-connector/README.md +++ b/charts/tractusx-connector/README.md @@ -9,30 +9,32 @@ This chart is intended for use with an _existing_ PostgreSQL database and an _ex **Homepage:** -## Setting up SSI +## Setting up IATP ### Preconditions -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the +- You'll need an account with DIM, the wallet for VerifiableCredentials +- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens - the client ID and client secret corresponding to that account must be known ### Preparatory work -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. +- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and + is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured + using the `iatp.sts.oauth.client.secret_alias` Helm value. ### Configure the chart Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. +- `iatp.sts.oauth.token_url`: the token endpoint of DIM +- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM +- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault +- `iatp.sts.dim.url`: the base URL for DIM + +In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which +must be configured: +- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") ### Launching the application diff --git a/charts/tractusx-connector/README.md.gotmpl b/charts/tractusx-connector/README.md.gotmpl index 4b10c8adc..05b0f0f93 100644 --- a/charts/tractusx-connector/README.md.gotmpl +++ b/charts/tractusx-connector/README.md.gotmpl @@ -8,32 +8,33 @@ {{ template "chart.homepageLine" . }} -## Setting up SSI +## Setting up IATP ### Preconditions -- the [Managed Identity Walled (MIW)](https://github.com/eclipse-tractusx/managed-identity-wallet) must be running and reachable via network -- the necessary set of VerifiableCredentials for this participant must be pushed to MIW. This is typically done by the +- You'll need an account with DIM, the wallet for VerifiableCredentials +- the necessary set of VerifiableCredentials for this participant must already be issued to your DIM tenant. This is typically done by the Portal during participant onboarding -- KeyCloak must be running and reachable via network -- an account with KeyCloak must be created for this BPN and the connector must be able to obtain access tokens - the client ID and client secret corresponding to that account must be known ### Preparatory work -- store your KeyCloak client secret in the HashiCorp vault. The exact procedure will depend on your deployment of HashiCorp Vault and - is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. +- store client secret in the HashiCorp vault using an alias. The exact procedure will depend on your deployment of HashiCorp Vault and + is out of scope of this document. But by default, Tractus-X EDC expects to find the secret under `secret/client-secret`. The alias must be configured + using the `iatp.sts.oauth.client.secret_alias` Helm value. ### Configure the chart Be sure to provide the following configuration entries to your Tractus-X EDC Helm chart: -- `controlplane.ssi.miw.url`: the URL -- `controlplane.ssi.miw.authorityId`: the BPN of the issuer authority -- `controlplane.ssi.oauth.tokenurl`: the URL (of KeyCloak), where access tokens can be obtained -- `controlplane.ssi.oauth.client.id`: client ID for KeyCloak -- `controlplane.ssi.oauth.client.secretAlias`: the alias under which the client secret is stored in the vault. Defaults to `client-secret`. - +- `iatp.sts.oauth.token_url`: the token endpoint of DIM +- `iatp.sts.oauth.client.id`: the client ID of your tenant in DIM +- `iatp.sts.oauth.client.secret_alias`: alias under which you saved your DIM client secret in the vault +- `iatp.sts.dim.url`: the base URL for DIM + +In addition, in order to map BPNs to DIDs, a new service is required, called the BPN-DID Resolution Service, which +must be configured: +- `controlplane.bdrs.server.url`: base URL of the BPN-DID Resolution Service ("BDRS") ### Launching the application diff --git a/edc-controlplane/edc-controlplane-base/build.gradle.kts b/edc-controlplane/edc-controlplane-base/build.gradle.kts index 9c0326680..915f73928 100644 --- a/edc-controlplane/edc-controlplane-base/build.gradle.kts +++ b/edc-controlplane/edc-controlplane-base/build.gradle.kts @@ -33,7 +33,7 @@ dependencies { runtimeOnly(libs.edc.core.edrstore) runtimeOnly(libs.edc.edr.store.receiver) runtimeOnly(libs.edc.dpf.transfer.signaling) - + runtimeOnly(libs.edc.controlplane.callback.staticendpoint) // needed for BPN validation runtimeOnly(project(":edc-extensions:bpn-validation")) diff --git a/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/harness/DataspaceIssuer.java b/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/harness/DataspaceIssuer.java index 918fa59aa..d9e645529 100644 --- a/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/harness/DataspaceIssuer.java +++ b/edc-tests/edc-controlplane/iatp-tests/src/test/java/org/eclipse/tractusx/edc/tests/transfer/iatp/harness/DataspaceIssuer.java @@ -105,6 +105,7 @@ public VerifiableCredentialResource issueMembershipCredential(String did, String public VerifiableCredentialResource issueDismantlerCredential(String did, String bpn, JsonLd jsonLd) { return issueCredential(did, bpn, jsonLd, "DismantlerCredential", () -> CredentialSubject.Builder.newInstance() + .id(did) .claim("holderIdentifier", bpn) .claim("activityType", "vehicleDismantle") .claim("allowedVehicleBrands", List.of("Moskvich", "Lada")) diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index cf55c6ba7..ca3343802 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -65,6 +65,7 @@ edc-core-policy-monitor = { module = "org.eclipse.edc:policy-monitor-core", vers edc-core-sql = { module = "org.eclipse.edc:sql-core", version.ref = "edc" } edc-core-token = { module = "org.eclipse.edc:token-core", version.ref = "edc" } edc-core-edrstore = { module = "org.eclipse.edc:edr-store-core", version.ref = "edc" } +edc-controlplane-callback-staticendpoint = { module = "org.eclipse.edc:callback-static-endpoint", version.ref = "edc" } edc-junit = { module = "org.eclipse.edc:junit", version.ref = "edc" } edc-api-management-config = { module = "org.eclipse.edc:management-api-configuration", version.ref = "edc" } edc-api-management = { module = "org.eclipse.edc:management-api", version.ref = "edc" }