chore(v2.1.0-RC1): update realm config, improve build and docs (#44)

- update cx-central realm config for generic/base and consortia init containers - fix image link for bpdm in right and roles concept - build of init containers - enable build of images for arm64, in addition to amd64 - add additional image tags of type semver #36 - update base image versions for init container in README - adjusted source url in license files for static content
eclipse-tractusx · Jan 16, 2024 · c1d2ec1 · c1d2ec1
1 parent 62ff556
commit c1d2ec1
Show file tree

Hide file tree

Showing 71 changed files with 1,440 additions and 705 deletions.
diff --git a/.github/workflows/cx-iam-consortia.yml b/.github/workflows/cx-iam-consortia.yml
@@ -49,20 +49,31 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+           # Automatically prepare image tags;
+           # semver patter will generate tags like these for example :v1 :v1.2
           tags: |
             type=raw,value=latest
             type=raw,value=${{ env.REF_NAME }}
+            type=semver,pattern=v{{major}}
+            type=semver,pattern=v{{major}}.{{minor}}
 
       - name: Build and push Keycloak init container
         uses: docker/build-push-action@v4
         with:
           context: .
           file: docker/Dockerfile.consortia.import
+          platforms: linux/amd64, linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

diff --git a/.github/workflows/cx-iam.yml b/.github/workflows/cx-iam.yml
@@ -49,20 +49,31 @@ jobs:
           username: ${{ secrets.DOCKER_HUB_USER }}
           password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Docker meta
         id: meta
         uses: docker/metadata-action@v4
         with:
           images: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}
+           # Automatically prepare image tags;
+           # semver patter will generate tags like these for example :v1 :v1.2
           tags: |
             type=raw,value=latest
             type=raw,value=${{ env.REF_NAME }}
+            type=semver,pattern=v{{major}}
+            type=semver,pattern=v{{major}}.{{minor}}
 
       - name: Build and push Keycloak init container
         uses: docker/build-push-action@v4
         with:
           context: .
           file: docker/Dockerfile.import
+          platforms: linux/amd64, linux/arm64
           push: ${{ github.event_name != 'pull_request' }}
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,61 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances.
 
+## 2.1.0-RC1
+
+### Change
+
+* realm configuration (centralidp) - updates to CX-Central realm:
+  * changed the username of initial CX Operator user to align with CX portal company_users ID
+  * created the composite role "BPDM Gate Read" in client technical_roles_management and associated client role "view_company_data" from Cl16-CX-BPDMGate
+  * created the composite role "BPDM Gate Read" in client technical_roles_management and associated client roles "view_company_data", "update_company_data" and "view_shared_data" from Cl16-CX-BPDMGate
+  * assigned the roles "view_wallet" and "view_certificates" from the Cl5-CX-Custodian client to all the composite role of the client Cl2-CX-Portal
+  * created the roles "upload_certificates" and "delete_certificates" inside the Cl2-CX-Portal client and assigned them to the composite roles "Business Admin", "IT Admin" and "Company Admin" and "Purchaser"
+  * removed tenant-mapper from the "catena" client scope
+
+### Bugfix
+
+* realm configuration (centralidp) - fixes to CX-Central realm:
+  * assigned the following roles from the Cl2-CX-Portal from the composite role "IT Admin":
+    * delete_user_account
+    * delete_own_user_account
+    * view_service_marketplace
+    * view_service_offering
+    * subscribe_service
+    * view_service_subscriptions
+    * view_membership
+    * delete_notifications
+  * assigned the following roles from the Cl2-CX-Portal from the composite role "Business Admin":
+    * delete_own_user_account
+    * view_user_management
+    * view_connectors
+    * view_apps
+    * view_subscription
+    * view_app_subscription
+    * view_autosetup_status
+    * view_service_marketplace
+    * view_service_offering
+    * view_service_subscriptions
+    * view_company_data
+    * view_use_case_participation
+    * view_certificates
+
+### Technical Support
+
+* build of init containers
+  * enabled build of images for arm64, in addition to amd64
+  * added additional image tags of type semver
+* updated base image versions for init container in README
+* updated generic-security documentation
+* adjusted source url in license files for static content
+
+### Known Knowns
+
+The following issues were recently discovered:
+
+* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan)
+* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name
+
 ## 2.0.0
 
 ### Change

diff --git a/README.md b/README.md
@@ -34,19 +34,19 @@ DockerHub:
 * https://hub.docker.com/r/tractusx/portal-iam
 * https://hub.docker.com/r/tractusx/portal-iam-consortia
 
-Base image: alpinelinux/docker-alpine:3.17
+Base image: alpinelinux/docker-alpine:3.18
 
-* Dockerfile: [alpinelinux/docker-alpine:3.17](https://github.com/alpinelinux/docker-alpine/blob/681b8c677aaed66e48a5ce721509647bd4dcd017/x86_64/Dockerfile)
-* GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine))
+* Dockerfile: [alpinelinux/docker-alpine:3.18](https://github.com/alpinelinux/docker-alpine/blob/v3.18/x86_64/Dockerfile)
+* GitHub project: [https://github.com/alpinelinux/docker-alpine](https://github.com/alpinelinux/docker-alpine)
 * DockerHub: [https://hub.docker.com/_/alpine](https://hub.docker.com/_/alpine)
 
 DockerHub:
 
 * https://hub.docker.com/r/tractusx/portal-iam-seeding
 
-Base image: mcr.microsoft.com/dotnet/runtime:6.0-alpine
+Base image: mcr.microsoft.com/dotnet/runtime:7.0-alpine
 
-* Dockerfile: [mcr.microsoft.com/dotnet/runtime:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/6.0/alpine3.17/amd64/Dockerfile)
+* Dockerfile: [mcr.microsoft.com/dotnet/runtime:7.0-alpine](https://github.com/dotnet/dotnet-docker/blob/main/src/runtime/7.0/alpine3.17/amd64/Dockerfile)
 * GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker)
 * DockerHub: [https://hub.docker.com/_/microsoft-dotnet-runtime](https://hub.docker.com/_/microsoft-dotnet-runtime)
 

diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml
@@ -48,7 +48,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v2.0.0
+      image: tractusx/portal-iam:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -178,7 +178,7 @@ seeding:
       mountPath: "app/realms"
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam:v2.0.0
+      image: tractusx/portal-iam:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml
@@ -52,7 +52,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v2.0.0
+      image: tractusx/portal-iam:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/centralidp/values-beta.yaml b/consortia/environments/centralidp/values-beta.yaml
@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -69,7 +69,7 @@ seeding:
   enabled: true
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/centralidp/values-int.yaml b/consortia/environments/centralidp/values-int.yaml
@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -69,7 +69,7 @@ seeding:
   enabled: false
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/centralidp/values-pen.yaml b/consortia/environments/centralidp/values-pen.yaml
@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -69,7 +69,7 @@ seeding:
   enabled: true
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/centralidp/values-rc.yaml b/consortia/environments/centralidp/values-rc.yaml
@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -69,7 +69,7 @@ seeding:
   enabled: true
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/centralidp/values-templateconsortia.yaml b/consortia/environments/centralidp/values-templateconsortia.yaml
@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -66,11 +66,11 @@ secrets:
         replicationPassword: "<path:portal/data/dev/iam/centralidp-postgres#replication-password>"
 
 seeding:
-  enabled: true
+  enabled: false
   image: "tractusx/portal-iam-seeding:dev"
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/centralidp/values-templategeneric.yaml b/consortia/environments/centralidp/values-templategeneric.yaml
@@ -22,7 +22,7 @@ keycloak:
   proxy: edge
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v2.0.0
+      image: tractusx/portal-iam:pr44
       imagePullPolicy: Always
       command:
         - sh
@@ -70,7 +70,7 @@ seeding:
   image: "tractusx/portal-iam-seeding:rc"
   initContainers:
     - name: init-cx-central
-      image: tractusx/portal-iam:v2.0.0
+      image: tractusx/portal-iam:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/sharedidp/values-beta.yaml b/consortia/environments/sharedidp/values-beta.yaml
@@ -41,7 +41,7 @@ keycloak:
       mountPath: "/secrets"
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/sharedidp/values-int.yaml b/consortia/environments/sharedidp/values-int.yaml
@@ -41,7 +41,7 @@ keycloak:
       mountPath: "/secrets"
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/sharedidp/values-pen.yaml b/consortia/environments/sharedidp/values-pen.yaml
@@ -41,7 +41,7 @@ keycloak:
       mountPath: "/secrets"
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/sharedidp/values-rc.yaml b/consortia/environments/sharedidp/values-rc.yaml
@@ -41,7 +41,7 @@ keycloak:
       mountPath: "/secrets"
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/sharedidp/values-templateconsortia.yaml b/consortia/environments/sharedidp/values-templateconsortia.yaml
@@ -41,7 +41,7 @@ keycloak:
       mountPath: "/secrets"
   initContainers:
     - name: import
-      image: tractusx/portal-iam-consortia:v2.0.0
+      image: tractusx/portal-iam-consortia:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/consortia/environments/sharedidp/values-templategeneric.yaml b/consortia/environments/sharedidp/values-templategeneric.yaml
@@ -36,7 +36,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: tractusx/portal-iam:v2.0.0
+      image: tractusx/portal-iam:pr44
       imagePullPolicy: Always
       command:
         - sh

diff --git a/docs/static/2-factor-auth.png.license b/docs/static/2-factor-auth.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
 
diff --git a/docs/static/add-idp.png.license b/docs/static/add-idp.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
 
diff --git a/docs/static/add-provider-menu.png.license b/docs/static/add-provider-menu.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
 
diff --git a/docs/static/auth-flow.png.license b/docs/static/auth-flow.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
 
diff --git a/docs/static/authentication-flow.png.license b/docs/static/authentication-flow.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
 
diff --git a/docs/static/authentication-protocol.png.license b/docs/static/authentication-protocol.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
 
diff --git a/docs/static/authenticationflow.png.license b/docs/static/authenticationflow.png.license
@@ -2,4 +2,4 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam
diff --git a/docs/static/bpdm-gate-overview.png.license b/docs/static/bpdm-gate-overview.png.license
@@ -2,5 +2,5 @@ This work is licensed under the [CC-BY-4.0](https://creativecommons.org/licenses
 
 - SPDX-License-Identifier: CC-BY-4.0
 - SPDX-FileCopyrightText: Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
-- Source URL: https://github.com/eclipse-tractusx/portal-assets
+- Source URL: https://github.com/eclipse-tractusx/portal-iam