build(3.0.1): bump version and update docs

CHANGELOG.md

@@ -2,6 +2,37 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances.
 
+## 3.0.1
+
+### Change
+
+* realm configuration (centralidp) - changes to CX-Central realm:
+  * added service account for BPDM communication #[#146](https://github.com/eclipse-tractusx/portal-iam/pull/146)
+* added documentation for seeded clients and service accounts [#158](https://github.com/eclipse-tractusx/portal-iam/pull/158)
+* changed in roles and rights concept to markdown tables [#160](https://github.com/eclipse-tractusx/portal-iam/pull/160)
+* changed licensing and legal docs [#144](https://github.com/eclipse-tractusx/portal-iam/pull/144)
+
+ ### Bugfix
+
+* realm configuration (centralidp) - fixes to CX-Central realm:
+  * renamed default role [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157), please see [upgrade note](/charts/centralidp/README.md#to-301) before using seeding job for upgrading the CX-Central configuration
+  * assigned the role `request_ssicredential` from the `Cl24-CX-SSI-CredentialIssuer` client to the composites roles `CX Admin`, `Company Admin`, `IT Admin` and `Business Admin` from the `Cl2-CX-Portal` client [#136](https://github.com/eclipse-tractusx/portal-iam/pull/136)
+  * assigned the role `decision_ssicredential` from the `Cl24-CX-SSI-CredentialIssuer` client to the composite role `CX Admin` from the `Cl2-CX-Portal` client [#143](https://github.com/eclipse-tractusx/portal-iam/pull/143)
+  * assigned the role `technical_roles_management` from the `Cl2-CX-Portal` client to the service account `sa-cl2-05` [#151](https://github.com/eclipse-tractusx/portal-iam/pull/151)
+
+### Technical Support
+
+* grouped version update pull request for dependabot [#133](https://github.com/eclipse-tractusx/portal-iam/pull/133)
+* upgraded GitHub actions and alpine version in dockerfiles [#153](https://github.com/eclipse-tractusx/portal-iam/pull/153), [#126](https://github.com/eclipse-tractusx/portal-iam/pull/126)
+
+### Known Knowns
+
+The following issues were discovered:
+
+* 403 error when accessing the Partner Network in the Portal Frontend [#132](https://github.com/eclipse-tractusx/portal-iam/pull/132)
+* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan)
+* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name
+
 ## 3.0.0
 
 ### Change
@@ -321,13 +352,6 @@ sharedidp:
 * changed portal-cd references to portal due to repository renaming
 * updated documentation
 
-### Known Knowns
-
-The following issues were recently discovered:
-
-* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan)
-* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name
-
 ## 2.0.0
 
 ### Change

charts/centralidp/Chart.yaml

@@ -20,7 +20,7 @@
 apiVersion: v2
 name: centralidp
 type: application
-version: 3.0.0
+version: 3.0.1
 appVersion: 23.0.7
 description: Helm chart for Central Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam

charts/centralidp/README.md

@@ -1,6 +1,6 @@
 # Helm chart for Central Keycloak Instance
 
-![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
+![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Central Keycloak Instance.
 
@@ -29,7 +29,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: centralidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 3.0.0
+    version: 3.0.1
 ```
 
 ## Requirements
@@ -59,7 +59,7 @@ dependencies:
 | keycloak.extraVolumeMounts[1].name | string | `"realms"` |  |
 | keycloak.extraVolumeMounts[1].mountPath | string | `"/realms"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -106,7 +106,7 @@ dependencies:
 | secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'kccentral'. Secret-key 'password'. |
 | secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. |
 | seeding.enabled | bool | `false` | Seeding job to upgrade CX_Central realm: enable to upgrade the configuration of the CX-Central realm from previous version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job |
-| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v3.0.0-iam"` |  |
+| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v3.0.1-iam"` |  |
 | seeding.imagePullPolicy | string | `"IfNotPresent"` |  |
 | seeding.portContainer | int | `8080` |  |
 | seeding.authRealm | string | `"master"` |  |
@@ -121,7 +121,7 @@ dependencies:
 | seeding.extraVolumeMounts[0].name | string | `"realms"` |  |
 | seeding.extraVolumeMounts[0].mountPath | string | `"app/realms"` |  |
 | seeding.initContainers[0].name | string | `"init-cx-central"` |  |
-| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` |  |
+| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` |  |
 | seeding.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | seeding.initContainers[0].command[0] | string | `"sh"` |  |
 | seeding.initContainers[0].args[0] | string | `"-c"` |  |
@@ -148,6 +148,23 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi
 
 Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm.
 
+### To 3.0.1
+
+The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157).
+If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand.
+
+By executing the following sql query:
+
+```sql
+UPDATE public.keycloak_role
+	SET name = 'default-roles-cx-central'
+	WHERE name = 'default-roles-catena-x realm';
+```
+
+And restarting the Keycloak services afterwards once.
+
+Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information.
+
 ### To 3.0.0
 
 This major changes from the Keycloak version from  22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15.

charts/centralidp/README.md.gotmpl

@@ -55,6 +55,23 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi
 
 Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm.
 
+### To 3.0.1
+
+The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157).
+If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand.
+
+By executing the following sql query:
+
+```sql
+UPDATE public.keycloak_role
+	SET name = 'default-roles-cx-central'
+	WHERE name = 'default-roles-catena-x realm';
+```
+
+And restarting the Keycloak services afterwards once.
+
+Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information.
+
 ### To 3.0.0
 
 This major changes from the Keycloak version from  22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15.
@@ -113,23 +130,6 @@ Or on the primary pod of the new/green PostgreSQL instance:
 
 Where '10-123-45-67' is the cluster IP of the old/blue PostgreSQL instance.
 
-### From 3.0.0 to 3.0.1
-
-The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157).
-If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand.
-
-By executing the following sql query:
-
-```sql
-UPDATE public.keycloak_role
-	SET name = 'default-roles-cx-central'
-	WHERE name = 'default-roles-catena-x realm';
-```
-
-And restarting the Keycloak service afterwards once.
-
-Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information.
-
 ## Post-Upgrade Configuration
 
 ### Upgrading from version 1.0.0 or 1.0.1 to 1.1.0

charts/centralidp/values.yaml

@@ -48,7 +48,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v3.0.0
+      image: docker.io/tractusx/portal-iam:v3.0.1
       imagePullPolicy: IfNotPresent
       command:
         - sh
@@ -156,7 +156,7 @@ seeding:
 # Please also refer to the 'Post-Upgrade Configuration' section in the README.md
 # for configuration possibly not covered by the seeding job
   enabled: false
-  image: "docker.io/tractusx/portal-iam-seeding:v3.0.0-iam"
+  image: "docker.io/tractusx/portal-iam-seeding:v3.0.1-iam"
   imagePullPolicy: "IfNotPresent"
   portContainer: 8080
   authRealm: "master"
@@ -183,7 +183,7 @@ seeding:
       mountPath: "app/realms"
   initContainers:
     - name: init-cx-central
-      image: docker.io/tractusx/portal-iam:v3.0.0
+      image: docker.io/tractusx/portal-iam:v3.0.1
       imagePullPolicy: IfNotPresent
       command:
         - sh

charts/sharedidp/Chart.yaml

@@ -20,7 +20,7 @@
 apiVersion: v2
 name: sharedidp
 type: application
-version: 3.0.0
+version: 3.0.1
 appVersion: 23.0.7
 description: Helm chart for Shared Keycloak Instance
 home: https://github.com/eclipse-tractusx/portal-iam

charts/sharedidp/README.md

@@ -1,6 +1,6 @@
 # Helm chart for Shared Keycloak Instance
 
-![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
+![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square)
 
 This helm chart installs the Helm chart for Shared Keycloak Instance.
 
@@ -29,7 +29,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: sharedidp
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 3.0.0
+    version: 3.0.1
 ```
 
 ## Requirements
@@ -63,7 +63,7 @@ dependencies:
 | keycloak.extraVolumeMounts[2].name | string | `"realms"` |  |
 | keycloak.extraVolumeMounts[2].mountPath | string | `"/realms"` |  |
 | keycloak.initContainers[0].name | string | `"import"` |  |
-| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` |  |
+| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` |  |
 | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` |  |
 | keycloak.initContainers[0].command[0] | string | `"sh"` |  |
 | keycloak.initContainers[0].args[0] | string | `"-c"` |  |
@@ -138,6 +138,10 @@ Generate client-secrets for the service account with access type 'confidential'.
 
 ## Upgrade
 
+### To 3.0.1
+
+No major issues are expected during the upgrade.
+
 ### To 3.0.0
 
 This major changes from the Keycloak version from  22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15.

charts/sharedidp/README.md.gotmpl

@@ -61,6 +61,10 @@ Generate client-secrets for the service account with access type 'confidential'.
 
 ## Upgrade
 
+### To 3.0.1
+
+No major issues are expected during the upgrade.
+
 ### To 3.0.0
 
 This major changes from the Keycloak version from  22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15.

charts/sharedidp/values.yaml

@@ -52,7 +52,7 @@ keycloak:
       mountPath: "/realms"
   initContainers:
     - name: import
-      image: docker.io/tractusx/portal-iam:v3.0.0
+      image: docker.io/tractusx/portal-iam:v3.0.1
       imagePullPolicy: IfNotPresent
       command:
         - sh