Merge pull request #327 from catenax-ng/chore/update-edc-0.7.0

Chore/update EDC and IRS versions
eclipse-tractusx · Jun 19, 2024 · 8a9745e · 8a9745e
2 parents 66c9fed + d409d55
commit 8a9745e
Show file tree

Hide file tree

Showing 6 changed files with 195 additions and 155 deletions.
diff --git a/deployment/infrastructure/data-consumer/edc-consumer/Chart.yaml b/deployment/infrastructure/data-consumer/edc-consumer/Chart.yaml
@@ -28,23 +28,23 @@ description: |
   A Helm chart for Tractus-X Eclipse Data Space Connector. This chart is a test mock that can be used as edc consumer for the DPP applicatiton.
 type: application
 version: 0.3.3
-appVersion: "0.6.0"
+appVersion: "0.7.0"
 home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
 sources:
   - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
 urls:
-  - https://github.com/eclipse-tractusx/tractusx-edc/releases/download/tractusx-connector-0.5.0/tractusx-connector-0.5.0.tgz
+  - https://github.com/eclipse-tractusx/tractusx-edc/releases/download/tractusx-connector-0.7.0/tractusx-connector-0.7.0.tgz
 dependencies:
   - name: tractusx-connector
-    version: "0.6.0"
+    version: "0.7.0"
     repository: https://eclipse-tractusx.github.io/charts/dev
     condition: enabled
   - name: postgresql
     alias: postgresql
     version: 12.1.6
     repository: https://charts.bitnami.com/bitnami
     condition: postgresql.enabled
-  - name: irs-helm
+  - name: item-relationship-service
     repository: https://eclipse-tractusx.github.io/item-relationship-service
-    version: 6.14.0
-    condition: irs-helm.enabled
+    version: 7.1.3
+    condition: item-relationship-service.enabled
diff --git a/deployment/infrastructure/data-consumer/edc-consumer/values-int.yaml b/deployment/infrastructure/data-consumer/edc-consumer/values-int.yaml
@@ -37,6 +37,20 @@ tractusx-connector:
   participant:
     id: "<path:material-pass/data/int/edc/participant#bpnNumber>"
 
+  iatp:
+    # Decentralized IDentifier
+    id: "did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0073928UJ879"
+    trustedIssuers: # array [] that needs to be expand but likely like (sorry unconfirmed on how this is done, as I also would need to check)
+      - "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp"
+    sts:
+      dim:
+        url: "https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal"
+      oauth:
+        token_url: "https://bpnl0073928uj879-dpp.authentication.eu10.hana.ondemand.com/oauth/token"
+        client:
+          id: "<path:material-pass/data/int/edc/ssi#clientId>"
+          secret_alias: "int-client-secret"
+
   controlplane:
     enabled: true
     endpoints:
@@ -72,33 +86,13 @@ tractusx-connector:
         port: 9090
         # -- path for incoming api calls
         path: /consumer/metrics
-      # -- observability api with unsecured access, must not be internet facing
-      observability:
-        # -- port for incoming API calls
-        port: 8099
-        # -- observability api, provides /health /readiness and /liveness endpoints
-        path: /consumer/observability
-        # -- allow or disallow insecure access, i.e. access without authentication
-        insecure: true
-
-    ssi:
-      miw:
-        url: "<path:material-pass/data/int/edc/ssi#miwUrl>"
-        authorityId: "<path:material-pass/data/int/edc/ssi#authorityId>"
-      oauth:
-        tokenurl: "https://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-        client:
-          id: "<path:material-pass/data/int/edc/ssi#clientId>"
-          secretAlias: "int-client-secret"
-      endpoint:
-        audience: https://materialpass.int.demo.catena-x.net/consumer
 
     ## Ingress declaration to expose the network service.
     ingresses:
       ## Public / Internet facing Ingress
       - enabled: true
         # -- The hostname to be used to precisely map incoming traffic onto the underlying network service
-        hostname: "materialpass.int.demo.catena-x.net"
+        hostname: "dpp.int.demo.catena-x.net"
        # -- Additional ingress annotations to add
         annotations: {}
         # -- EDC endpoints exposed by this ingress resource
@@ -126,23 +120,36 @@ tractusx-connector:
       public:
         port: 8081
         path: /consumer/api/public
+      signaling:
+        port: 8083
+        path: /api/signaling
       control:
         port: 8083
         path: /consumer/api/dataplane/control
       proxy:
         port: 8186
         path: /consumer/proxy
+        authKey: <path:material-pass/data/int/edc/oauth#api.key>
       observability:
         # -- port for incoming API calls
         port: 8085
-        # -- observability api, provides /health /readiness and /liveness endpoints
-        path: /consumer/observability
-        # -- allow or disallow insecure access, i.e. access without authentication
-        insecure: true
       metrics:
         port: 9090
         path: /consumer/metrics
 
+    token:
+      refresh:
+        expiry_seconds: 300
+        expiry_tolerance_seconds: 10
+        # optional URL that can be provided where clients go to refresh tokens.
+        refresh_endpoint:
+      signer:
+        # alias under which the private key is stored in the vault (JWK or PEM format)
+        privatekey_alias: ids-daps_key
+      verifier:
+        # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+        publickey_alias: ids-daps_crt
+
     ## Ingress declaration to expose the network service.
     ingresses:
       ## Public / Internet facing Ingress
@@ -193,11 +200,11 @@ postgresql:
     username: <path:material-pass/data/int/edc/database#user>
     password: <path:material-pass/data/int/edc/database#password>
 
-irs-helm:
+item-relationship-service:
   enabled: true
   bpn: <path:material-pass/data/int/edc/participant#bpnNumber>
 
-  irsUrl: "https://materialpass-irs.int.demo.catena-x.net"
+  irsUrl: "https://dpp-irs.int.demo.catena-x.net"
   apiKeyAdmin: <path:material-pass/data/int/irs/apiKey#apiKeyAdmin>
   apiKeyRegular: <path:material-pass/data/int/irs/apiKey#apiKeyRegular>
 
@@ -209,18 +216,18 @@ irs-helm:
       nginx.ingress.kubernetes.io/force-ssl-redirect: 'true'
       nginx.ingress.kubernetes.io/ssl-passthrough: 'false'
     hosts:
-      - host: "materialpass-irs.int.demo.catena-x.net"
+      - host: "dpp-irs.int.demo.catena-x.net"
         paths:
           - path: /
             pathType: Prefix
     tls:
       - hosts:
-          - "materialpass-irs.int.demo.catena-x.net"
+          - "dpp-irs.int.demo.catena-x.net"
         secretName: tls-secret
 
   digitalTwinRegistry:
     type: decentral
-    url: https://materialpass.int.demo.catena-x.net/semantics/registry/api/v3.0
+    url: https://dpp-registry.int.demo.catena-x.net/semantics/registry/api/v3.0
 
     discovery:
       oAuthClientId: discovery  # ID of the OAuth2 client registration to use, see config spring.security.oauth2.client
@@ -256,15 +263,21 @@ irs-helm:
   edc:
     catalog:
       acceptedPolicies:
-        - leftOperand: "FrameworkAgreement.sustainability"	
-          operator: "eq"	
-          rightOperand: "active"
-        - leftOperand: "Membership"
+        - leftOperand: "cx-policy:FrameworkAgreement"
+          operator: "eq"
+          rightOperand: "CircularEconomy:1.0"
+        - leftOperand: "cx-policy:Membership"
           operator: "eq"
           rightOperand: "active"
+        - leftOperand: "cx-policy:UsagePurpose"
+          operator: "eq"
+          rightOperand: "cx.circular.dpp:1"
+        - leftOperand: "cx-policy:UsagePurpose"
+          operator: "eq"
+          rightOperand: "cx.core.digitalTwinRegistry:1"
     controlplane:
       endpoint:
-        data: https://materialpass.int.demo.catena-x.net/consumer/management
+        data: https://dpp.int.demo.catena-x.net/consumer/management
       apikey:
         header: "X-Api-Key"
         secret: <path:material-pass/data/int/edc/oauth#api.key>

diff --git a/deployment/infrastructure/data-consumer/edc-consumer/values.yaml b/deployment/infrastructure/data-consumer/edc-consumer/values.yaml
@@ -47,6 +47,20 @@ tractusx-connector:
   participant:
     id: "<path:material-pass/data/dev/edc/participant#bpnNumber>"
 
+  iatp:
+    # Decentralized IDentifier
+    id: "did:web:portal-backend.int.demo.catena-x.net:api:administration:staticdata:did:BPNL0073928UJ879"
+    trustedIssuers: # array [] that needs to be expand but likely like (sorry unconfirmed on how this is done, as I also would need to check)
+      - "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp"
+    sts:
+      dim:
+        url: "https://dis-integration-service-prod.eu10.dim.cloud.sap/api/v2.0.0/iatp/catena-x-portal"
+      oauth:
+        token_url: "https://bpnl0073928uj879-dpp.authentication.eu10.hana.ondemand.com/oauth/token"
+        client:
+          id: "<path:material-pass/data/dev/edc/ssi#clientId>"
+          secret_alias: "dev-client-secret"
+
   controlplane:
     enabled: true
     image:
@@ -119,30 +133,17 @@ tractusx-connector:
         port: 9090
         # -- path for incoming api calls
         path: /consumer/metrics
-      # -- observability api with unsecured access, must not be internet facing
-      observability:
-        # -- port for incoming API calls
-        port: 8085
-        # -- observability api, provides /health /readiness and /liveness endpoints
-        path: /consumer/observability
-        # -- allow or disallow insecure access, i.e. access without authentication
-        insecure: true
+
     businessPartnerValidation:
       log:
         agreementValidation: true
-          # SSI configuration
-    ssi:
-      miw:
-        url: "<path:material-pass/data/dev/edc/ssi#miwUrl>"
-        authorityId: "<path:material-pass/data/dev/edc/ssi#authorityId>"
-      oauth:
-        tokenurl: "https://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token"
-        client:
-          id: "<path:material-pass/data/dev/edc/ssi#clientId>"
-          secretAlias: "dev-client-secret"
-      endpoint:
-        audience: https://materialpass.dev.demo.catena-x.net/consumer
-
+    bdrs:
+      # time that a cached BPN/DID resolution map is valid in seconds, default is 10 min
+      cache_validity_seconds: 600
+      server:
+        # URL of the BPN/DID Resolution Service - required:
+        url: "https://bpn-did-resolution-service.int.demo.catena-x.net/api/directory"
+
     service:
       # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
       type: ClusterIP
@@ -179,8 +180,11 @@ tractusx-connector:
       # -- The container's process will run with the specified uid
       runAsUser: 10001
     # Extra environment variables that will be pass onto deployment pods
-    env: {}
-    #  ENV_NAME: value
+    env:
+      #  ENV_NAME: value
+      # workaround till 0.7.1 chart
+      EDC_IAM_TRUSTED-ISSUER_ISSUER1_ID: did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp
+
 
     # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
     # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
@@ -305,7 +309,7 @@ tractusx-connector:
     affinity: {}
     url:
       # -- Explicitly declared url for reaching the ids api (e.g. if ingresses not used)
-      ids: ""
+      protocol: ""
   dataplane:
     enabled: true
     image:
@@ -355,22 +359,33 @@ tractusx-connector:
       public:
         port: 8081
         path: /consumer/api/public
+      signaling:
+        port: 8083
+        path: /api/signaling
       control:
         port: 8083
         path: /consumer/api/dataplane/control
       proxy:
         port: 8186
         path: /consumer/proxy
-      observability:
-        # -- port for incoming API calls
-        port: 8085
-        # -- observability api, provides /health /readiness and /liveness endpoints
-        path: /consumer/observability
-        # -- allow or disallow insecure access, i.e. access without authentication
-        insecure: true
+        authKey: <path:material-pass/data/dev/edc/oauth#api.key>
       metrics:
         port: 9090
         path: /consumer/metrics
+
+    token:
+      refresh:
+        expiry_seconds: 300
+        expiry_tolerance_seconds: 10
+        # optional URL that can be provided where clients go to refresh tokens.
+        refresh_endpoint:
+      signer:
+        # alias under which the private key is stored in the vault (JWK or PEM format)
+        privatekey_alias: daps-key-dev
+      verifier:
+        # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format)
+        publickey_alias: daps-crt-dev
+
     aws:
       endpointOverride: ""
       accessKeyId: ""
@@ -407,8 +422,11 @@ tractusx-connector:
       # -- The container's process will run with the specified uid
       runAsUser: 10001
     # Extra environment variables that will be pass onto deployment pods
-    env: {}
-    #  ENV_NAME: value
+    env:
+      #  ENV_NAME: value
+      # workaround till 0.7.1 chart
+      EDC_IAM_TRUSTED-ISSUER_ISSUER1_ID: did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp
+
 
     # "valueFrom" environment variable references that will be added to deployment pods. Name is templated.
     # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core
@@ -466,12 +484,12 @@ tractusx-connector:
     # choice for the user. This also increases chances charts run on environments with little
     # resources, such as Minikube. If you do want to specify resources, uncomment the following
     # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    # limits:
-    #   cpu: 100m
-    #   memory: 128Mi
-    # requests:
-    #   cpu: 100m
-    #   memory: 128Mi
+    limits:
+      cpu: 1.5
+      memory: 1024Mi
+    requests:
+      cpu: 500m
+      memory: 128Mi
     replicaCount: 1
     autoscaling:
       # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/)
@@ -590,7 +608,7 @@ postgresql:
     username: <path:material-pass/data/dev/edc/database#user>
     password: <path:material-pass/data/dev/edc/database#password>
 
-irs-helm:
+item-relationship-service:
   enabled: true
   bpn: <path:material-pass/data/dev/edc/participant#bpnNumber>
 

diff --git a/deployment/infrastructure/data-provider/edc-provider/Chart.yaml b/deployment/infrastructure/data-provider/edc-provider/Chart.yaml
@@ -29,13 +29,13 @@ description: |
   A Helm chart for Tractus-X Eclipse Data Space Connector. This chart is a test mock that can be used as edc provider for the DPP applicatiton.
 type: application
 version: 0.3.3
-appVersion: "0.6.0"
+appVersion: "0.7.0"
 home: https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
 sources:
   - https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector
 dependencies:
   - name: tractusx-connector
-    version: "0.6.0"
+    version: "0.7.0"
     repository: https://eclipse-tractusx.github.io/charts/dev
     condition: enabled
   - name: postgresql