feat(helm): remove test-infrastructure, move into application chart

.github/actions/run-deployment-test/action.yml

@@ -39,6 +39,10 @@ inputs:
     required: true
     description: "The directory that contains the docker file, e.g. edc-controlplane/edc-runtime-memory"
 
+  values_file:
+    required: true
+    description: "A yaml file that contains the values for the test installation. will be modified!"
+
 runs:
   using: "composite"
   steps:
@@ -73,12 +77,7 @@ runs:
       shell: bash
       run: |-
         sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \
-               edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml"
-    - name: Install Infrastructure
-      shell: bash
-      run: |-
-        helm install infra edc-tests/deployment/src/main/resources/helm/test-infrastructure \
-        --wait-for-jobs --timeout=30s --dependency-update
+               ${{ inputs.values_file }}"
 
     - name: Install Runtime
       shell: bash

.github/workflows/deployment-test.yaml

@@ -79,11 +79,12 @@ jobs:
         with:
           imagename: edc-runtime-memory
           rootDir: edc-controlplane/edc-runtime-memory
+          values_file: charts/tractusx-connector-memory/example.yaml
           helm_command: |-
             helm install tx-inmem charts/tractusx-connector-memory \
             -f charts/tractusx-connector-memory/example.yaml \
             --set vault.secrets="daps-crt:$(cat daps.cert);daps-key:$(cat daps.key)" \
-            --wait-for-jobs --timeout=120s
+            --wait-for-jobs --timeout=120s --dependency-update
 
             # wait for the pod to become ready
             kubectl rollout status deployment tx-inmem
@@ -102,6 +103,7 @@ jobs:
         with:
           imagename: "edc-controlplane-postgresql-hashicorp-vault edc-dataplane-hashicorp-vault"
           rootDir: "."
+          values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml
           helm_command: |-
             helm install tx-prod charts/tractusx-connector \
             -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-test.yaml \
@@ -131,6 +133,7 @@ jobs:
         with:
           imagename: "edc-controlplane-postgresql-azure-vault edc-dataplane-azure-vault"
           rootDir: "."
+          values_file: edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml
           helm_command: |-
             az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name daps-crt --value "$(cat daps.cert)" > /dev/null
             az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name daps-key --value "$(cat daps.key)" > /dev/null

charts/tractusx-connector-azure-vault/Chart.yaml

@@ -49,3 +49,18 @@ appVersion: "0.4.0"
 home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
 sources:
   - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
+
+dependencies:
+  # IDS Dynamic Attribute Provisioning Service (IAM)
+  - name: daps
+    version: 0.0.1
+    repository: "file://./subcharts/omejdn"
+    alias: daps
+    condition: install.daps
+
+  # PostgreSQL
+  - name: postgresql
+    alias: postgresql
+    version: 12.1.6
+    repository: https://charts.bitnami.com/bitnami
+    condition: install.postgresql

charts/tractusx-connector-azure-vault/README.md

@@ -52,6 +52,13 @@ Note that `DAPS_CERT` contains the x509 certificate, `DAPS_KEY` contains the pri
 
 * <https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector>
 
+## Requirements
+
+| Repository | Name | Version |
+|------------|------|---------|
+| file://./subcharts/omejdn | daps(daps) | 0.0.1 |
+| https://charts.bitnami.com/bitnami | postgresql(postgresql) | 12.1.6 |
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -100,7 +107,7 @@ Note that `DAPS_CERT` contains the x509 certificate, `DAPS_KEY` contains the pri
 | controlplane.ingresses[0].certManager.issuer | string | `""` | If preset enables certificate generation via cert-manager namespace scoped issuer |
 | controlplane.ingresses[0].className | string | `""` | Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use |
 | controlplane.ingresses[0].enabled | bool | `false` |  |
-| controlplane.ingresses[0].endpoints | list | `["ids"]` | EDC endpoints exposed by this ingress resource |
+| controlplane.ingresses[0].endpoints | list | `["protocol"]` | EDC endpoints exposed by this ingress resource |
 | controlplane.ingresses[0].hostname | string | `"edc-control.local"` | The hostname to be used to precisely map incoming traffic onto the underlying network service |
 | controlplane.ingresses[0].tls | object | `{"enabled":false,"secretName":""}` | TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource |
 | controlplane.ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource |
@@ -160,6 +167,11 @@ Note that `DAPS_CERT` contains the x509 certificate, `DAPS_KEY` contains the pri
 | controlplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
 | customLabels | object | `{}` |  |
 | daps.clientId | string | `""` |  |
+| daps.connectors[0].attributes.referringConnector | string | `"http://sokrates-controlplane/BPNSOKRATES"` |  |
+| daps.connectors[0].certificate | string | `""` |  |
+| daps.connectors[0].id | string | `"E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65:keyid:E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65"` |  |
+| daps.connectors[0].name | string | `"sokrates"` |  |
+| daps.fullnameOverride | string | `"daps"` |  |
 | daps.paths.jwks | string | `"/jwks.json"` |  |
 | daps.paths.token | string | `"/token"` |  |
 | daps.url | string | `""` |  |
@@ -241,12 +253,19 @@ Note that `DAPS_CERT` contains the x509 certificate, `DAPS_KEY` contains the pri
 | dataplane.volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container |
 | dataplane.volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories |
 | fullnameOverride | string | `""` |  |
+| idsdaps.connectors[0].certificate | string | `""` |  |
 | imagePullSecrets | list | `[]` | Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
+| install.daps | bool | `true` |  |
+| install.postgresql | bool | `true` |  |
 | nameOverride | string | `""` |  |
+| postgresql.auth.database | string | `"edc"` |  |
+| postgresql.auth.password | string | `"password"` |  |
+| postgresql.auth.username | string | `"user"` |  |
 | postgresql.enabled | bool | `false` |  |
+| postgresql.fullnameOverride | string | `"postgresql"` |  |
 | postgresql.jdbcUrl | string | `""` |  |
-| postgresql.password | string | `""` |  |
-| postgresql.username | string | `""` |  |
+| postgresql.primary.persistence | string | `nil` |  |
+| postgresql.readReplicas.persistence.enabled | bool | `false` |  |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |

edc-tests/deployment/src/main/resources/helm/omejdn/Chart.yaml → charts/tractusx-connector-azure-vault/subcharts/omejdn/Chart.yaml

@@ -18,7 +18,7 @@
 
 ---
 apiVersion: v2
-name: ids-daps
+name: daps
 description: A Helm chart for Kubernetes
 
 # A chart can be either an 'application' or a 'library' chart.

charts/tractusx-connector-azure-vault/subcharts/omejdn/README.md

@@ -0,0 +1,39 @@
+# daps
+
+![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.0.1](https://img.shields.io/badge/AppVersion-0.0.1-informational?style=flat-square)
+
+A Helm chart for Kubernetes
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` | [Affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) constrains which nodes the Pod can be scheduled on based on node labels. |
+| automountServiceAccountToken | bool | `false` | Whether to [automount kubernetes API credentials](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server) into the pod |
+| autoscaling.enabled | bool | `false` | Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) |
+| autoscaling.maxReplicas | int | `100` | Maximum replicas if resource consumption exceeds resource threshholds |
+| autoscaling.minReplicas | int | `1` | Minimal replicas if resource consumption falls below resource threshholds |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` | targetAverageUtilization of cpu provided to a pod |
+| autoscaling.targetMemoryUtilizationPercentage | int | `80` | targetAverageUtilization of memory provided to a pod |
+| connectors | list | `[]` |  |
+| fullnameOverride | string | `""` | Overrides the releases full name |
+| image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use |
+| image.repository | string | `"ghcr.io/fraunhofer-aisec/omejdn-server"` | Which omjedn container image to use |
+| image.tag | string | `"1.7.1"` | Overrides the image tag whose default is the chart appVersion |
+| imagePullSecret.dockerconfigjson | string | `""` | Image pull secret to create to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) Note: This value needs to adhere to the [(base64 encoded) .dockerconfigjson format](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials). Furthermore, if 'imagePullSecret.dockerconfigjson' is defined, it takes precedence over 'imagePullSecrets'. |
+| nameOverride | string | `""` | Overrides the charts name |
+| nodeSelector | object | `{}` | [Node-Selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain the Pod to nodes with specific labels. |
+| podAnnotations | object | `{}` | [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) added to deployed [pods](https://kubernetes.io/docs/concepts/workloads/pods/) |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` | Specifies how many replicas of a deployed pod shall be created during the deployment Note: If horizontal pod autoscaling is enabled this setting has no effect |
+| resources | object | `{}` | [Resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) applied to the deployed pod |
+| securityContext | object | `{}` |  |
+| service.port | int | `4567` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#defining-a-service) to expose the running application on a set of Pods as a network service. |
+| service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. |
+| serviceAccount.annotations | object | `{}` | [Annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) to add to the service account |
+| serviceAccount.create | bool | `true` | Specifies whether a [service account](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/) should be created per release |
+| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the release's fullname template |
+| tolerations | list | `[]` | [Tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) are applied to Pods to schedule onto nodes with matching taints. |
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)

edc-tests/deployment/src/main/resources/helm/omejdn/templates/configmap.yaml → charts/tractusx-connector-azure-vault/subcharts/omejdn/templates/configmap.yaml

@@ -31,7 +31,7 @@ data:
 
   omejdn.yml: |-
     ---
-    host: http://ids-daps:4567/
+    host: http://daps:4567/
     path_prefix: ''
     bind_to: 0.0.0.0
     allow_origin: "*"
@@ -41,7 +41,7 @@ data:
       - yaml
     user_backend_default: yaml
     accept_audience: idsc:IDS_CONNECTORS_ALL
-    issuer: http://ids-daps:4567/
+    issuer: http://daps:4567/
     environment: development
     default_audience:
       - idsc:IDS_CONNECTORS_ALL

charts/tractusx-connector-azure-vault/values.yaml

@@ -26,6 +26,9 @@
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
 
+install:
+  daps: true
+  postgresql: true
 fullnameOverride: ""
 nameOverride: ""
 
@@ -198,7 +201,7 @@ controlplane:
       annotations: {}
       # -- EDC endpoints exposed by this ingress resource
       endpoints:
-        - ids
+        - protocol
       # -- Defines the [ingress class](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)  to use
       className: ""
       # -- TLS [tls class](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) applied to the ingress resource
@@ -242,8 +245,7 @@ controlplane:
   # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
   volumes: []
   # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-  resources:
-    {}
+  resources: {}
     # We usually recommend not to specify default resources and to leave this as a conscious
     # choice for the user. This also increases chances charts run on environments with little
     # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -446,8 +448,7 @@ dataplane:
   # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories
   volumes: []
   # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container
-  resources:
-    {}
+  resources: {}
     # We usually recommend not to specify default resources and to leave this as a conscious
     # choice for the user. This also increases chances charts run on environments with little
     # resources, such as Minikube. If you do want to specify resources, uncomment the following
@@ -494,11 +495,18 @@ dataplane:
     public: ""
 
 postgresql:
-  enabled: false
   jdbcUrl: ""
-  username: ""
-  password: ""
-
+  fullnameOverride: "postgresql"
+  primary:
+    persistence:
+  enabled: false
+  readReplicas:
+    persistence:
+      enabled: false
+  auth:
+    database: "edc"
+    username: "user"
+    password: "password"
 vault:
   azure:
     name: ""
@@ -515,15 +523,21 @@ vault:
     dapsPublicKey: daps-public-key
 
 daps:
+  fullnameOverride: "daps"
   url: ""
   clientId: ""
   paths:
     jwks: /jwks.json
     token: /token
-
+  connectors:
+    - id: E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65:keyid:E7:07:2D:74:56:66:31:F0:7B:10:EA:B6:03:06:4C:23:7F:ED:A6:65
+      name: sokrates
+      attributes:
+        referringConnector: http://sokrates-controlplane/BPNSOKRATES
+      # Must be the same certificate that is stores in section 'sokrates-vault'
+      certificate: ""    # must be set externally!
 backendService:
   httpProxyTokenReceiverUrl: ""
-
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
@@ -534,3 +548,6 @@ serviceAccount:
   name: ""
   # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry)
   imagePullSecrets: []
+idsdaps:
+  connectors:
+    - certificate: |-

charts/tractusx-connector-memory/Chart.yaml

@@ -43,3 +43,11 @@ appVersion: "0.4.0"
 home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory
 sources:
   - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory
+
+dependencies:
+  # IDS Dynamic Attribute Provisioning Service (IAM)
+  - name: daps
+    version: 0.0.1
+    repository: "file://./subcharts/omejdn"
+    alias: daps
+    condition: install.daps