From cda40804c5a944d182ce2c2daa2d1fbb5d643f0b Mon Sep 17 00:00:00 2001 From: Evelyn Gurschler Date: Tue, 30 Jul 2024 14:56:52 +0200 Subject: [PATCH] build(3.0.1): bump version and update docs --- CHANGELOG.md | 38 ++++++++++++++++++++++++------ charts/centralidp/Chart.yaml | 2 +- charts/centralidp/README.md | 27 +++++++++++++++++---- charts/centralidp/README.md.gotmpl | 34 +++++++++++++------------- charts/centralidp/values.yaml | 6 ++--- charts/sharedidp/Chart.yaml | 2 +- charts/sharedidp/README.md | 10 +++++--- charts/sharedidp/README.md.gotmpl | 4 ++++ charts/sharedidp/values.yaml | 2 +- 9 files changed, 87 insertions(+), 38 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52fafcca..3e44c87c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,37 @@ New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances. +## 3.0.1 + +### Change + +* realm configuration (centralidp) - changes to CX-Central realm: + * added service account for BPDM communication #[#146](https://github.com/eclipse-tractusx/portal-iam/pull/146) +* added documentation for seeded clients and service accounts [#158](https://github.com/eclipse-tractusx/portal-iam/pull/158) +* changed in roles and rights concept to markdown tables [#160](https://github.com/eclipse-tractusx/portal-iam/pull/160) +* changed licensing and legal docs [#144](https://github.com/eclipse-tractusx/portal-iam/pull/144) + + ### Bugfix + +* realm configuration (centralidp) - fixes to CX-Central realm: + * renamed default role [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157), please see [upgrade note](/charts/centralidp/README.md#to-301) before using seeding job for upgrading the CX-Central configuration + * assigned the role `request_ssicredential` from the `Cl24-CX-SSI-CredentialIssuer` client to the composites roles `CX Admin`, `Company Admin`, `IT Admin` and `Business Admin` from the `Cl2-CX-Portal` client [#136](https://github.com/eclipse-tractusx/portal-iam/pull/136) + * assigned the role `decision_ssicredential` from the `Cl24-CX-SSI-CredentialIssuer` client to the composite role `CX Admin` from the `Cl2-CX-Portal` client [#143](https://github.com/eclipse-tractusx/portal-iam/pull/143) + * assigned the role `technical_roles_management` from the `Cl2-CX-Portal` client to the service account `sa-cl2-05` [#151](https://github.com/eclipse-tractusx/portal-iam/pull/151) + +### Technical Support + +* grouped version update pull request for dependabot [#133](https://github.com/eclipse-tractusx/portal-iam/pull/133) +* upgraded GitHub actions and alpine version in dockerfiles [#153](https://github.com/eclipse-tractusx/portal-iam/pull/153), [#126](https://github.com/eclipse-tractusx/portal-iam/pull/126) + +### Known Knowns + +The following issues were discovered: + +* 403 error when accessing the Partner Network in the Portal Frontend [#132](https://github.com/eclipse-tractusx/portal-iam/pull/132) +* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan) +* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name + ## 3.0.0 ### Change @@ -321,13 +352,6 @@ sharedidp: * changed portal-cd references to portal due to repository renaming * updated documentation -### Known Knowns - -The following issues were recently discovered: - -* Refresh token rotation causes page reload in frontend apps when using multiple tabs, see [User Token Lifespan](docs/consultation/workshop-20231005.md#user-token-lifespan) -* Custom login themes break when inserting HTML/CSS/JavaScript code in the IdP display name - ## 2.0.0 ### Change diff --git a/charts/centralidp/Chart.yaml b/charts/centralidp/Chart.yaml index 40f7deca..60cd4172 100644 --- a/charts/centralidp/Chart.yaml +++ b/charts/centralidp/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 name: centralidp type: application -version: 3.0.0 +version: 3.0.1 appVersion: 23.0.7 description: Helm chart for Central Keycloak Instance home: https://github.com/eclipse-tractusx/portal-iam diff --git a/charts/centralidp/README.md b/charts/centralidp/README.md index 21e8069a..f8fe854c 100644 --- a/charts/centralidp/README.md +++ b/charts/centralidp/README.md @@ -1,6 +1,6 @@ # Helm chart for Central Keycloak Instance -![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square) +![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square) This helm chart installs the Helm chart for Central Keycloak Instance. @@ -29,7 +29,7 @@ To use the helm chart as a dependency: dependencies: - name: centralidp repository: https://eclipse-tractusx.github.io/charts/dev - version: 3.0.0 + version: 3.0.1 ``` ## Requirements @@ -59,7 +59,7 @@ dependencies: | keycloak.extraVolumeMounts[1].name | string | `"realms"` | | | keycloak.extraVolumeMounts[1].mountPath | string | `"/realms"` | | | keycloak.initContainers[0].name | string | `"import"` | | -| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` | | +| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` | | | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | | | keycloak.initContainers[0].command[0] | string | `"sh"` | | | keycloak.initContainers[0].args[0] | string | `"-c"` | | @@ -106,7 +106,7 @@ dependencies: | secrets.postgresql.auth.existingSecret.password | string | `""` | Password for the non-root username 'kccentral'. Secret-key 'password'. | | secrets.postgresql.auth.existingSecret.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | | seeding.enabled | bool | `false` | Seeding job to upgrade CX_Central realm: enable to upgrade the configuration of the CX-Central realm from previous version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job | -| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v3.0.0-iam"` | | +| seeding.image | string | `"docker.io/tractusx/portal-iam-seeding:v3.0.1-iam"` | | | seeding.imagePullPolicy | string | `"IfNotPresent"` | | | seeding.portContainer | int | `8080` | | | seeding.authRealm | string | `"master"` | | @@ -121,7 +121,7 @@ dependencies: | seeding.extraVolumeMounts[0].name | string | `"realms"` | | | seeding.extraVolumeMounts[0].mountPath | string | `"app/realms"` | | | seeding.initContainers[0].name | string | `"init-cx-central"` | | -| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` | | +| seeding.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` | | | seeding.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | | | seeding.initContainers[0].command[0] | string | `"sh"` | | | seeding.initContainers[0].args[0] | string | `"-c"` | | @@ -148,6 +148,23 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm. +### To 3.0.1 + +The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157). +If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand. + +By executing the following sql query: + +```sql +UPDATE public.keycloak_role + SET name = 'default-roles-cx-central' + WHERE name = 'default-roles-catena-x realm'; +``` + +And restarting the Keycloak services afterwards once. + +Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information. + ### To 3.0.0 This major changes from the Keycloak version from 22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15. diff --git a/charts/centralidp/README.md.gotmpl b/charts/centralidp/README.md.gotmpl index dda3cdf3..34bbec40 100644 --- a/charts/centralidp/README.md.gotmpl +++ b/charts/centralidp/README.md.gotmpl @@ -55,6 +55,23 @@ This is done by setting the 'example.org' placeholder in the CX-Operator' Identi Please see notes at [Values.seeding](values.yaml#L146) for upgrading the configuration of the CX-Central realm. +### To 3.0.1 + +The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157). +If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand. + +By executing the following sql query: + +```sql +UPDATE public.keycloak_role + SET name = 'default-roles-cx-central' + WHERE name = 'default-roles-catena-x realm'; +``` + +And restarting the Keycloak services afterwards once. + +Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information. + ### To 3.0.0 This major changes from the Keycloak version from 22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15. @@ -113,23 +130,6 @@ Or on the primary pod of the new/green PostgreSQL instance: Where '10-123-45-67' is the cluster IP of the old/blue PostgreSQL instance. -### From 3.0.0 to 3.0.1 - -The name of the default role was corrected with [#157](https://github.com/eclipse-tractusx/portal-iam/pull/157). -If you want to use the seeding job (Values.seeding.enabled) to upgrade the CX-Central realm configuration, make sure to rename the default role on the running instance beforehand. - -By executing the following sql query: - -```sql -UPDATE public.keycloak_role - SET name = 'default-roles-cx-central' - WHERE name = 'default-roles-catena-x realm'; -``` - -And restarting the Keycloak service afterwards once. - -Otherwise you will encounter an error 400 at the seeding job, see [portal-backend/pull/800#issuecomment-2188207713](https://github.com/eclipse-tractusx/portal-backend/pull/800#issuecomment-2188207713) for more information. - ## Post-Upgrade Configuration ### Upgrading from version 1.0.0 or 1.0.1 to 1.1.0 diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml index 28c4f6d7..cbb71ffc 100644 --- a/charts/centralidp/values.yaml +++ b/charts/centralidp/values.yaml @@ -48,7 +48,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: docker.io/tractusx/portal-iam:v3.0.0 + image: docker.io/tractusx/portal-iam:v3.0.1 imagePullPolicy: IfNotPresent command: - sh @@ -156,7 +156,7 @@ seeding: # Please also refer to the 'Post-Upgrade Configuration' section in the README.md # for configuration possibly not covered by the seeding job enabled: false - image: "docker.io/tractusx/portal-iam-seeding:v3.0.0-iam" + image: "docker.io/tractusx/portal-iam-seeding:v3.0.1-iam" imagePullPolicy: "IfNotPresent" portContainer: 8080 authRealm: "master" @@ -183,7 +183,7 @@ seeding: mountPath: "app/realms" initContainers: - name: init-cx-central - image: docker.io/tractusx/portal-iam:v3.0.0 + image: docker.io/tractusx/portal-iam:v3.0.1 imagePullPolicy: IfNotPresent command: - sh diff --git a/charts/sharedidp/Chart.yaml b/charts/sharedidp/Chart.yaml index c0cf0cab..10f14b57 100644 --- a/charts/sharedidp/Chart.yaml +++ b/charts/sharedidp/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 name: sharedidp type: application -version: 3.0.0 +version: 3.0.1 appVersion: 23.0.7 description: Helm chart for Shared Keycloak Instance home: https://github.com/eclipse-tractusx/portal-iam diff --git a/charts/sharedidp/README.md b/charts/sharedidp/README.md index e06059ed..a4a04647 100644 --- a/charts/sharedidp/README.md +++ b/charts/sharedidp/README.md @@ -1,6 +1,6 @@ # Helm chart for Shared Keycloak Instance -![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square) +![Version: 3.0.1](https://img.shields.io/badge/Version-3.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 23.0.7](https://img.shields.io/badge/AppVersion-23.0.7-informational?style=flat-square) This helm chart installs the Helm chart for Shared Keycloak Instance. @@ -29,7 +29,7 @@ To use the helm chart as a dependency: dependencies: - name: sharedidp repository: https://eclipse-tractusx.github.io/charts/dev - version: 3.0.0 + version: 3.0.1 ``` ## Requirements @@ -63,7 +63,7 @@ dependencies: | keycloak.extraVolumeMounts[2].name | string | `"realms"` | | | keycloak.extraVolumeMounts[2].mountPath | string | `"/realms"` | | | keycloak.initContainers[0].name | string | `"import"` | | -| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.0"` | | +| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v3.0.1"` | | | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | | | keycloak.initContainers[0].command[0] | string | `"sh"` | | | keycloak.initContainers[0].args[0] | string | `"-c"` | | @@ -138,6 +138,10 @@ Generate client-secrets for the service account with access type 'confidential'. ## Upgrade +### To 3.0.1 + +No major issues are expected during the upgrade. + ### To 3.0.0 This major changes from the Keycloak version from 22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15. diff --git a/charts/sharedidp/README.md.gotmpl b/charts/sharedidp/README.md.gotmpl index bb64f9e9..bcb78584 100644 --- a/charts/sharedidp/README.md.gotmpl +++ b/charts/sharedidp/README.md.gotmpl @@ -61,6 +61,10 @@ Generate client-secrets for the service account with access type 'confidential'. ## Upgrade +### To 3.0.1 + +No major issues are expected during the upgrade. + ### To 3.0.0 This major changes from the Keycloak version from 22.0.3 to 23.0.7 and bumps the PostgresSQL version of the subchart from 15.4.0 to the latest available version of 15. diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml index c365bd7e..79270b3b 100644 --- a/charts/sharedidp/values.yaml +++ b/charts/sharedidp/values.yaml @@ -52,7 +52,7 @@ keycloak: mountPath: "/realms" initContainers: - name: import - image: docker.io/tractusx/portal-iam:v3.0.0 + image: docker.io/tractusx/portal-iam:v3.0.1 imagePullPolicy: IfNotPresent command: - sh