Skip to content

Commit

Permalink
Merge 31030ac into a5b3f84
Browse files Browse the repository at this point in the history
  • Loading branch information
@wistefan
wistefan authored Nov 18, 2024
2 parents a5b3f84 + 31030ac commit 0237242
Show file tree
Hide file tree
Showing 5 changed files with 38 additions and 121 deletions.
4 changes: 2 additions & 2 deletions charts/data-space-connector/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: data-space-connector
description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
type: application
version: 7.3.4
version: 7.11.0
dependencies:
- name: postgresql
condition: postgresql.enabled
Expand Down Expand Up @@ -48,7 +48,7 @@ dependencies:
# issuance
- name: keycloak
condition: keycloak.enabled
version: 21.1.1
version: 24.0.1
repository: https://charts.bitnami.com/bitnami
# contract management
- name: tm-forum-api
Expand Down
111 changes: 13 additions & 98 deletions charts/data-space-connector/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -194,12 +194,6 @@ apisix:
config_provider: yaml
apisix:
extra_lua_path: /extra/apisix/plugins/?.lua
# -- configuration in regard to the apisix dashboard
dashboard:
# -- should it be enabled
enabled: true
# -- resource preset to have sufficient memory
resourcesPreset: small
# -- extra volumes
# we need `routes` to declaratively configure the routes
# and the config for the opa sidecar
Expand Down Expand Up @@ -248,6 +242,13 @@ apisix:
volumeMounts:
- name: opa-config
mountPath: /config
# -- configuration in regard to the apisix dashboard
dashboard:
# -- should it be enabled
enabled: false
# -- resource preset to have sufficient memory
resourcesPreset: small

# -- configuration of a catchAll-route(e.g. /*)
catchAllRoute:
# -- should it be enabled
Expand Down Expand Up @@ -369,22 +370,7 @@ keycloak:
# -- disable the security context, required by the current quarkus container, will be solved in the future chart versions of keycloak
containerSecurityContext:
enabled: false
# -- keycloak image to be used - set to preview version of 25.0.0, since no other is available yet
image:
registry: quay.io
# until 25 is released, we have to use a snapshot version
repository: wi_stefan/keycloak
tag: 25.0.0-PRE
pullPolicy: Always
command:
- /bin/bash
# -- we need the did of the participant here. when its generated with the did-helper, we have to get it first and replace inside the realm.json through env-vars
args:
- -ec
- |
#!/bin/sh
export $(cat /did-material/did.env)
/opt/keycloak/bin/kc.sh start --features oid4vc-vci --import-realm

service:
ports:
http: 8080
Expand All @@ -400,41 +386,20 @@ keycloak:
externalDatabase:
host: postgresql

# -- the default init container is deactivated, since it conflicts with the non-bitnami image
enableDefaultInitContainers: false

# -- extra volumes to be mounted
extraVolumeMounts:
- name: empty-dir
mountPath: /opt/keycloak/lib/quarkus
subPath: app-quarkus-dir
- name: qtm-temp
mountPath: /qtm-tmp
- name: did-material
mountPath: /did-material
- name: did-material
mountPath: "/etc/env"
readOnly: true
- name: realms
mountPath: /opt/keycloak/data/import

extraVolumes:
- name: did-material
emptyDir: { }
- name: qtm-temp
emptyDir: { }
- name: realms
configMap:
name: test-realm-realm
mountPath: /opt/bitnami/keycloak/data/import

# -- extra env vars to be set. we require them at the moment, since some of the chart config mechanisms only work with the bitnami-image
extraEnvVars:
- name: KEYCLOAK_EXTRA_ARGS
value: "--import-realm"
- name: KC_FEATURES
value: "oid4vc-vci"
# indicates ssl is terminated at the edge
- name: KC_PROXY
value: "edge"
# point the transaction store to the (writeable!) empty volume
- name: QUARKUS_TRANSACTION_MANAGER_OBJECT_STORE_DIRECTORY
value: /qtm-tmp
# config for the db connection
- name: KC_DB_URL_HOST
value: postgresql
Expand All @@ -460,56 +425,6 @@ keycloak:
name: issuance-secret
key: keycloak-admin

# -- init containers to be run with keycloak
initContainers:
# workaround required by the current quarkus distribution, to make keycloak working
- name: read-only-workaround
image: quay.io/wi_stefan/keycloak:25.0.0-PRE
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
cp -r /opt/keycloak/lib/quarkus/* /quarkus
volumeMounts:
- name: empty-dir
mountPath: /quarkus
subPath: app-quarkus-dir

# retrieve all did material required for the realm and store it to a shared folder
- name: get-did
image: ubuntu
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
apt-get -y update; apt-get -y install wget
cd /did-material
wget http://did-helper:3000/did-material/cert.pfx
wget http://did-helper:3000/did-material/did.env
volumeMounts:
- name: did-material
mountPath: /did-material

# register the issuer at the trusted issuers registry - will only work if that one is publicly accessible
- name: register-at-tir
image: ubuntu
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
source /did-material/did.env
apt-get -y update; apt-get -y install curl
curl -X 'POST' 'http://tir.trust-anchor.svc.cluster.local:8080/issuer' -H 'Content-Type: application/json' -d "{\"did\": \"${DID}\", \"credentials\": []}"
volumeMounts:
- name: did-material
mountPath: /did-material

# -- configuration of the realm to be imported
realm:
# -- should the realm be imported
Expand Down
11 changes: 9 additions & 2 deletions it/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,20 @@
</dependency>
</dependencies>
</dependencyManagement>
<!-- workaround for https://github.com/java-json-tools/jackson-coreutils/issues/59 -->
<repositories>
<repository>
<id>central</id>
<name>Maven Central</name>
<layout>default</layout>
<url>https://repo1.maven.org/maven2</url>
</repository>
<repository>
<id>jitpack.io</id>
<url>https://jitpack.io</url>
</repository>
</repositories>

<dependencies>
<dependency>
<groupId>org.projectlombok</groupId>
Expand Down Expand Up @@ -397,4 +404,4 @@
</build>
</profile>
</profiles>
</project>
</project>
2 changes: 1 addition & 1 deletion it/src/test/java/org/fiware/dataspace/it/components/Wallet.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,7 +226,7 @@ private String requestOffer(String token, String credentialEndpoint, SupportedCo
public String getAccessToken(String tokenEndpoint, String preAuthorizedCode) throws Exception {
RequestBody requestBody = new FormEncodingBuilder()
.add("grant_type", PRE_AUTHORIZED_GRANT_TYPE)
.add("code", preAuthorizedCode)
.add("pre-authorized_code", preAuthorizedCode)
.build();
Request tokenRequest = new Request.Builder()
.url(tokenEndpoint)
Expand Down
31 changes: 13 additions & 18 deletions k3s/consumer.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,29 +31,17 @@ keycloak:
ingress:
enabled: true
hostname: keycloak-consumer.127.0.0.1.nip.io
command:
- /bin/bash
args:
- -ec
- |
#!/bin/sh
export $(cat /did-material/did.env)
export KC_HOSTNAME=keycloak-consumer.127.0.0.1.nip.io
env | grep DID
/opt/keycloak/bin/kc.sh start --features oid4vc-vci --import-realm
/opt/bitnami/scripts/keycloak/entrypoint.sh
/opt/bitnami/scripts/keycloak/run.sh
initContainers:
- name: read-only-workaround
image: quay.io/wi_stefan/keycloak:25.0.0-PRE
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
cp -r /opt/keycloak/lib/quarkus/* /quarkus
volumeMounts:
- name: empty-dir
mountPath: /quarkus
subPath: app-quarkus-dir

- name: get-did
image: ubuntu
command:
Expand Down Expand Up @@ -110,11 +98,18 @@ keycloak:
- name: did-material
mountPath: /did-material

extraVolumeMounts:
- name: did-material
mountPath: /did-material
- name: did-material
mountPath: "/etc/env"
readOnly: true
- name: realms
mountPath: /opt/bitnami/keycloak/data/import

extraVolumes:
- name: did-material
emptyDir: { }
- name: qtm-temp
emptyDir: { }
- name: realms
configMap:
name: test-realm-realm
Expand Down

0 comments on commit 0237242

Please sign in to comment.