feat: replace DAPS with SSI in helm charts

.github/workflows/deployment-test.yaml

@@ -83,7 +83,7 @@ jobs:
           helm_command: |-
             helm install tx-inmem charts/tractusx-connector-memory \
             -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-memory-test.yaml \
-            --set vault.secrets="daps-crt:$(cat daps.cert);daps-key:$(cat daps.key)" \
+            --set vault.secrets="client-secret:$(cat client.secret)" \
             --wait-for-jobs --timeout=120s --dependency-update
             
             # wait for the pod to become ready
@@ -135,9 +135,8 @@ jobs:
           rootDir: "."
           values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml
           helm_command: |-
-            az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name daps-crt --value "$(cat daps.cert)" > /dev/null
-            az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name daps-key --value "$(cat daps.key)" > /dev/null
             az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name aes-keys --value "$(cat aes.key)" > /dev/null
+            az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name client-secret --value "$(cat client.secret)" > /dev/null
             
             helm install tx-prod charts/tractusx-connector-azure-vault \
              -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml \

charts/tractusx-connector-azure-vault/Chart.yaml

@@ -50,12 +50,6 @@ home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx
 sources:
   - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
 dependencies:
-  # IDS Dynamic Attribute Provisioning Service (IAM)
-  - name: daps
-    version: 0.0.1
-    repository: "file://./subcharts/omejdn"
-    alias: daps
-    condition: install.daps
   # PostgreSQL
   - name: postgresql
     alias: postgresql

charts/tractusx-connector-azure-vault/templates/deployment-controlplane.yaml

@@ -1,24 +1,24 @@
 #
-#  Copyright (c) 2023 ZF Friedrichshafen AG
-#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
-#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
-#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-#
-#  See the NOTICE file(s) distributed with this work for additional
-#  information regarding copyright ownership.
-#
-#  This program and the accompanying materials are made available under the
-#  terms of the Apache License, Version 2.0 which is available at
-#  https://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#  License for the specific language governing permissions and limitations
-#  under the License.
-#
-#  SPDX-License-Identifier: Apache-2.0
-#
+  #  Copyright (c) 2023 ZF Friedrichshafen AG
+  #  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
+  #  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+  #  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+  #
+  #  See the NOTICE file(s) distributed with this work for additional
+  #  information regarding copyright ownership.
+  #
+  #  This program and the accompanying materials are made available under the
+  #  terms of the Apache License, Version 2.0 which is available at
+  #  https://www.apache.org/licenses/LICENSE-2.0
+  #
+  #  Unless required by applicable law or agreed to in writing, software
+  #  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+  #  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+  #  License for the specific language governing permissions and limitations
+  #  under the License.
+  #
+  #  SPDX-License-Identifier: Apache-2.0
+  #
 
 ---
 apiVersion: apps/v1
@@ -115,21 +115,21 @@ spec:
             - name: EDC_PARTICIPANT_ID
               value: {{ .Values.participant.id | required ".Values.participant.id is required" | quote }}
 
-            ########################
-            ## DAPS CONFIGURATION ##
-            ########################
-
-            # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/iam/oauth2/oauth2-core
-            - name: EDC_OAUTH_CLIENT_ID
-              value: {{ .Values.daps.clientId | required ".Values.daps.clientId is required" | quote }}
-            - name: EDC_OAUTH_PROVIDER_JWKS_URL
-              value: {{ printf "%s%s" (tpl .Values.daps.url .) .Values.daps.paths.jwks }}
-            - name: EDC_OAUTH_TOKEN_URL
-              value: {{ printf "%s%s" (tpl .Values.daps.url .) .Values.daps.paths.token }}
-            - name: EDC_OAUTH_PRIVATE_KEY_ALIAS
-              value: {{ .Values.vault.secretNames.dapsPrivateKey | required ".Values.vault.secretNames.dapsPrivateKey is required" | quote }}
-            - name: EDC_OAUTH_CERTIFICATE_ALIAS
-              value: {{ .Values.vault.secretNames.dapsPublicKey | required ".Values.vault.secretNames.dapsPublicKey is required" | quote }}
+            ##########################
+            # SSI / MIW CONFIGURATION
+            ##########################
+            - name: "TX_SSI_MIW_URL"
+              value: {{ .Values.controlplane.ssi.miw.url }}
+            - name: "TX_SSI_MIW_AUTHORITY_ID"
+              value: {{ .Values.controlplane.ssi.miw.authorityId }}
+            - name: "TX_SSI_OAUTH_TOKEN_URL"
+              value: {{ .Values.controlplane.ssi.oauth.tokenurl }}
+            - name: "TX_SSI_OAUTH_CLIENT_ID"
+              value: {{ .Values.controlplane.ssi.oauth.client.id }}
+            - name: "TX_SSI_OAUTH_CLIENT_SECRET_ALIAS"
+              value: {{ .Values.controlplane.ssi.oauth.client.secretAlias }}
+            - name: "TX_SSI_ENDPOINT_AUDIENCE"
+              value: {{ printf "%s%s" (include "txdc.controlplane.url.protocol" .) .Values.controlplane.endpoints.protocol.path | quote }}
 
             #######
             # API #
@@ -252,10 +252,14 @@ spec:
             # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/data-plane-transfer
             - name: "EDC_TRANSFER_PROXY_ENDPOINT"
               value: {{ include "txdc.dataplane.url.public" . }}
+            {{- if .Values.vault.secretNames.transferProxyTokenSignerPrivateKey }}
             - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS"
               value: {{ .Values.vault.secretNames.transferProxyTokenSignerPrivateKey | quote }}
+            {{- end }}
+            {{- if .Values.vault.secretNames.transferProxyTokenSignerPublicKey }}
             - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS"
               value: {{ .Values.vault.secretNames.transferProxyTokenSignerPublicKey | quote }}
+            {{- end }}
 
             # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/transfer/transfer-pull-http-dynamic-receiver
 

charts/tractusx-connector-azure-vault/values.yaml

@@ -27,14 +27,12 @@
 # Declare variables to be passed into your templates.
 
 install:
-  daps: true
   postgresql: true
 fullnameOverride: ""
 nameOverride: ""
 
 # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
 imagePullSecrets: []
-
 customLabels: {}
 
 participant:
@@ -131,6 +129,18 @@ controlplane:
   businessPartnerValidation:
     log:
       agreementValidation: true
+  # SSI configuration
+  ssi:
+    miw:
+      url: ""
+      authorityId: ""
+    oauth:
+      tokenurl: ""
+      client:
+        id: ""
+        secretAlias: "client-secret"
+    endpoint:
+      audience: "http://this.audience"
   service:
     # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
     type: ClusterIP
@@ -515,25 +525,10 @@ vault:
     certificate:
 
   secretNames:
-    transferProxyTokenSignerPrivateKey: transfer-proxy-token-signer-private-key
-    transferProxyTokenSignerPublicKey: transfer-proxy-token-signer-public-key
+    transferProxyTokenSignerPrivateKey:
+    transferProxyTokenSignerPublicKey:
     transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key
-    dapsPrivateKey: daps-private-key
-    dapsPublicKey: daps-public-key
 
-daps:
-  url: "http://{{ .Release.Name }}-daps:4567"
-  clientId: ""
-  paths:
-    jwks: /jwks.json
-    token: /token
-  connectors:
-    - id: E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65:keyid:E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65
-      name: sokrates
-      attributes:
-        referringConnector: http://sokrates-controlplane/BPNSOKRATES
-      # Must be the same certificate that is stores in section 'sokrates-vault'
-      certificate: ""    # must be set externally!
 backendService:
   httpProxyTokenReceiverUrl: ""
 serviceAccount:
@@ -546,10 +541,6 @@ serviceAccount:
   name: ""
   # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
   imagePullSecrets: []
-idsdaps:
-  connectors:
-    - certificate: |-
-
 # -- Configurations for Helm tests
 tests:
   # -- Configure the hook-delete-policy for Helm tests

docs/samples/example-dataspace/daps/Chart.yaml → charts/tractusx-connector-legacy/Chart.yaml

@@ -1,4 +1,8 @@
-#  Copyright (c) 2023 Contributors to the Eclipse Foundation
+#
+#  Copyright (c) 2023 ZF Friedrichshafen AG
+#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
 #
 #  See the NOTICE file(s) distributed with this work for additional
 #  information regarding copyright ownership.
@@ -18,8 +22,16 @@
 
 ---
 apiVersion: v2
-name: daps
-description: A Helm chart for Kubernetes
+name: tractusx-connector-legacy
+deprecated: true
+description: |
+  A Helm chart for Tractus-X Eclipse Data Space Connector. The connector deployment consists of two runtime consists of a
+  Control Plane and a Data Plane. Note that _no_ external dependencies such as a PostgreSQL database and HashiCorp Vault are included.
+
+  This chart is intended for use with an _existing_ PostgreSQL database and an _existing_ HashiCorp Vault.
+
+  Deprecation notice: this chart uses DAPS, which was replaced with an SSI solution in v0.5.0 of Tractus-X EDC and is thus deprecated.
+  It will not be maintained, supported or tested anymore and it will be removed in future versions.
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -30,14 +42,34 @@ description: A Helm chart for Kubernetes
 # a dependency of application charts to inject those utilities and functions into the rendering
 # pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
-
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
-
+version: 0.4.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.0.1"
+appVersion: "0.4.1"
+home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-legacy
+sources:
+  - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-legacy
+dependencies:
+  # IDS Dynamic Attribute Provisioning Service (IAM)
+  - name: daps
+    version: 0.0.1
+    repository: "file://./subcharts/omejdn"
+    alias: daps
+    condition: install.daps
+  # HashiCorp Vault
+  - name: vault
+    alias: vault
+    version: 0.20.0
+    repository: https://helm.releases.hashicorp.com
+    condition: install.vault
+  # PostgreSQL
+  - name: postgresql
+    alias: postgresql
+    version: 12.1.6
+    repository: https://charts.bitnami.com/bitnami
+    condition: install.postgresql