build: merge v1.0.0-rc.2 into main eclipse-tractusx#81

.github/workflows/trivy-dev.yml

@@ -53,7 +53,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           scan-type: "config"
           hide-progress: false
@@ -86,7 +86,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-issuer-service:dev"
@@ -118,7 +118,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-issuer-migrations:dev"
@@ -151,7 +151,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-expiry-app:dev"
@@ -184,7 +184,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-issuer-processes-worker:dev"

.github/workflows/trivy.yml

@@ -53,7 +53,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           scan-type: "config"
           hide-progress: false
@@ -87,7 +87,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-issuer-service:latest"
@@ -119,7 +119,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-issuer-migrations:latest"
@@ -151,7 +151,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-expiry-app:latest"
@@ -183,7 +183,7 @@ jobs:
       # For public images, no ENV vars must be set.
       - name: Run Trivy vulnerability scanner
         if: always()
-        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # v0.18.0
+        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0
         with:
           # Path to Docker image
           image-ref: "${{ env.IMAGE_NAMESPACE }}/ssi-credential-issuer-processes-worker:latest"

charts/ssi-credential-issuer/Chart.yaml

@@ -20,8 +20,8 @@
 apiVersion: v2
 name: ssi-credential-issuer
 type: application
-version: 1.0.0-rc.1
-appVersion: 1.0.0-rc.1
+version: 1.0.0-rc.2
+appVersion: 1.0.0-rc.2
 description: Helm chart for SSI Credential Issuer
 home: https://github.com/eclipse-tractusx/ssi-credential-issuer
 dependencies:

charts/ssi-credential-issuer/README.md

@@ -1,4 +1,4 @@
-# Helm chart for Catena-X SSI Credential Issuer
+# Helm chart for SSI Credential Issuer
 
 This helm chart installs the Catena-X SSI Credential Issuer application.
 
@@ -27,7 +27,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: ssi-credential-issuer
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 1.0.0-rc.1
+    version: 1.0.0-rc.2
 ```
 
 ## Requirements
@@ -40,6 +40,9 @@ dependencies:
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| portalBackendAddress | string | `"https://portal-backend.example.org"` | Provide portal-backend base address. |
+| walletAddress | string | `"https://wallet.example.org"` |  |
+| walletTokenAddress | string | `"https://wallet.example.org/oauth/token"` |  |
 | issuer.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-service"` |  |
 | issuer.image.tag | string | `""` |  |
 | issuer.imagePullPolicy | string | `"IfNotPresent"` |  |
@@ -56,9 +59,9 @@ dependencies:
 | issuer.portal.grantType | string | `"client_credentials"` |  |
 | issuer.portal.clientId | string | `"portal-client-id"` | Provide portal client-id from CX IAM centralidp. |
 | issuer.portal.clientSecret | string | `""` | Client-secret for portal client-id. Secret-key 'portal-client-secret'. |
-| issuer.credential.issuerDid | string | `""` |  |
-| issuer.credential.issuerBpn | string | `""` |  |
-| issuer.credential.statusListUrl | string | `""` |  |
+| issuer.credential.issuerDid | string | `"did:web:example"` |  |
+| issuer.credential.issuerBpn | string | `"BPNL00000001TEST"` |  |
+| issuer.credential.statusListUrl | string | `"https://example.org/statuslist"` |  |
 | issuer.credential.encryptionConfigIndex | int | `0` |  |
 | issuer.credential.encryptionConfigs.index0.index | int | `0` |  |
 | issuer.credential.encryptionConfigs.index0.cipherMode | string | `"CBC"` |  |
@@ -68,7 +71,7 @@ dependencies:
 | issuermigrations.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-migrations"` |  |
 | issuermigrations.image.tag | string | `""` |  |
 | issuermigrations.imagePullPolicy | string | `"IfNotPresent"` |  |
-| issuermigrations.resources | object | `{"limits":{"cpu":"45m","memory":"105M"},"requests":{"cpu":"15m","memory":"105M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
+| issuermigrations.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 | issuermigrations.seeding.testDataEnvironments | string | `""` |  |
 | issuermigrations.seeding.testDataPaths | string | `"Seeder/Data"` |  |
 | issuermigrations.logging.default | string | `"Information"` |  |
@@ -77,7 +80,7 @@ dependencies:
 | processesworker.image.name | string | `"docker.io/tractusx/ssi-credential-issuer-processes-worker"` |  |
 | processesworker.image.tag | string | `""` |  |
 | processesworker.imagePullPolicy | string | `"IfNotPresent"` |  |
-| processesworker.resources | object | `{"limits":{"cpu":"45m","memory":"105M"},"requests":{"cpu":"15m","memory":"105M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
+| processesworker.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 | processesworker.logging.default | string | `"Information"` |  |
 | processesworker.portal.scope | string | `"openid"` |  |
 | processesworker.portal.grantType | string | `"client_credentials"` |  |
@@ -127,7 +130,6 @@ dependencies:
 | externalDatabase.database | string | `"issuer"` | Database name. |
 | externalDatabase.password | string | `""` | Password for the non-root username (default 'issuer'). Secret-key 'password'. |
 | externalDatabase.existingSecret | string | `"issuer-external-db"` | Secret containing the password non-root username, (default 'issuer'). |
-| externalDatabase.existingSecretPasswordKey | string | `"password"` | Name of an existing secret key containing the database credentials. |
 | centralidp | object | `{"address":"https://centralidp.example.org","authRealm":"CX-Central","jwtBearerOptions":{"metadataPath":"/auth/realms/CX-Central/.well-known/openid-configuration","refreshInterval":"00:00:30","requireHttpsMetadata":"true","tokenValidationParameters":{"validAudience":"Cl24-CX-SSI-CredentialIssuer","validIssuerPath":"/auth/realms/CX-Central"}},"tokenPath":"/auth/realms/CX-Central/protocol/openid-connect/token","useAuthTrail":true}` | Provide details about centralidp (CX IAM) Keycloak instance. |
 | centralidp.address | string | `"https://centralidp.example.org"` | Provide centralidp base address (CX IAM), without trailing '/auth'. |
 | centralidp.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path |

charts/ssi-credential-issuer/templates/cronjob-issuer-processes.yaml

@@ -66,6 +66,8 @@ spec:
             - name: "CONNECTIONSTRINGS__ISSUERDB"
               value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(ISSUER_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};"
             {{- end }}
+            - name: "PORTAL__CLIENTID"
+              value: "{{ .Values.issuer.portal.clientId }}"
             - name: "PORTAL__CLIENTSECRET"
               valueFrom:
                 secretKeyRef:
@@ -75,12 +77,33 @@ spec:
               value: "{{ .Values.processesworker.portal.grantType }}"
             - name: "PORTAL__TOKENADDRESS"
               value: "{{ .Values.centralidp.address }}{{ .Values.centralidp.tokenPath }}"
+            - name: "PORTAL__BASEADDRESS"
+              value: "{{ .Values.portalBackendAddress }}"
             - name: "PORTAL__PASSWORD"
               value: "empty"
             - name: "PORTAL__SCOPE"
               value: "{{ .Values.processesworker.portal.scope }}"
             - name: "PORTAL__USERNAME"
               value: "empty"
+            - name: "CALLBACK__CLIENTID"
+              value: "{{ .Values.issuer.portal.clientId }}"
+            - name: "CALLBACK__CLIENTSECRET"
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ template "issuer.secretName" . }}"
+                  key: "portal-client-secret"
+            - name: "CALLBACK__GRANTTYPE"
+              value: "{{ .Values.processesworker.portal.grantType }}"
+            - name: "CALLBACK__TOKENADDRESS"
+              value: "{{ .Values.centralidp.address }}{{ .Values.centralidp.tokenPath }}"
+            - name: "CALLBACK__BASEADDRESS"
+              value: "{{ .Values.portalBackendAddress }}"
+            - name: "CALLBACK__PASSWORD"
+              value: "empty"
+            - name: "CALLBACK__SCOPE"
+              value: "{{ .Values.processesworker.portal.scope }}"
+            - name: "CALLBACK__USERNAME"
+              value: "empty"
             - name: "WALLET__BASEADDRESS"
               value: "{{ .Values.walletAddress }}"
             - name: "WALLET__CLIENTID"

charts/ssi-credential-issuer/templates/deployment-issuer-service.yaml

@@ -93,6 +93,8 @@ spec:
           value: "{{ .Values.issuer.logging.businessLogic }}"
         - name: "SWAGGERENABLED"
           value: "{{ .Values.issuer.swaggerEnabled }}"
+        - name: "PORTAL__CLIENTID"
+          value: "{{ .Values.issuer.portal.clientId }}"
         - name: "PORTAL__CLIENTSECRET"
           valueFrom:
             secretKeyRef:
@@ -102,6 +104,8 @@ spec:
           value: "{{ .Values.issuer.portal.grantType }}"
         - name: "PORTAL__TOKENADDRESS"
           value: "{{ .Values.centralidp.address }}{{ .Values.centralidp.tokenPath }}"
+        - name: "PORTAL__BASEADDRESS"
+          value: "{{ .Values.portalBackendAddress }}"
         - name: "PORTAL__PASSWORD"
           value: "empty"
         - name: "PORTAL__SCOPE"

charts/ssi-credential-issuer/values.yaml

@@ -17,6 +17,11 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
+# -- Provide portal-backend base address.
+portalBackendAddress: "https://portal-backend.example.org"
+walletAddress: "https://wallet.example.org"
+walletTokenAddress: "https://wallet.example.org/oauth/token"
+
 issuer:
   image:
     name: "docker.io/tractusx/ssi-credential-issuer-service"
@@ -52,9 +57,9 @@ issuer:
     # -- Client-secret for portal client-id. Secret-key 'portal-client-secret'.
     clientSecret: ""
   credential:
-    issuerDid: ""
-    issuerBpn: ""
-    statusListUrl: ""
+    issuerDid: "did:web:example"
+    issuerBpn: "BPNL00000001TEST"
+    statusListUrl: "https://example.org/statuslist"
     encryptionConfigIndex: 0
     encryptionConfigs:
       index0:
@@ -75,10 +80,10 @@ issuermigrations:
   resources:
     requests:
       cpu: 15m
-      memory: 105M
+      memory: 200M
     limits:
       cpu: 45m
-      memory: 105M
+      memory: 200M
   seeding:
     testDataEnvironments: ""
     testDataPaths: "Seeder/Data"
@@ -97,10 +102,10 @@ processesworker:
   resources:
     requests:
       cpu: 15m
-      memory: 105M
+      memory: 200M
     limits:
       cpu: 45m
-      memory: 105M
+      memory: 200M
   logging:
     default: "Information"
   portal:

consortia/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/ssi-credential-issuer
     repoURL: 'https://github.com/eclipse-tractusx/ssi-credential-issuer.git'
-    targetRevision: ssi-credential-issuer-1.0.0-rc.1
+    targetRevision: ssi-credential-issuer-1.0.0-rc.2
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/appsetup-pen.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/ssi-credential-issuer
     repoURL: 'https://github.com/eclipse-tractusx/ssi-credential-issuer.git'
-    targetRevision: ssi-credential-issuer-1.0.0-rc.1
+    targetRevision: ssi-credential-issuer-1.0.0-2
     plugin:
       env:
         - name: AVP_SECRET

consortia/argocd-app-templates/appsetup-stable.yaml

@@ -29,7 +29,7 @@ spec:
   source:
     path: ''
     repoURL: 'https://eclipse-tractusx.github.io/charts/dev'
-    targetRevision: ssi-credential-issuer-1.0.0-rc.1
+    targetRevision: ssi-credential-issuer-1.0.0-rc.2
     plugin:
       env:
         - name: HELM_VALUES

consortia/environments/values-beta.yaml

@@ -17,6 +17,10 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
+portalBackendAddress: "https://portal-backend.beta.demo.catena-x.net"
+walletAddress: "https://dis-integration-service-prod.eu10.dim.cloud.sap"
+walletTokenAddress: "https://bpnl00000003crhk-catena-x.authentication.eu10.hana.ondemand.com/oauth/token"
+
 ingress:
   enabled: true
   className: "nginx"
@@ -39,8 +43,10 @@ ingress:
 
 issuer:
   swaggerEnabled: true
-  credential: 
+  credential:
+    issuerDid: "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp"
     issuerBpn: "BPNL00000003CRHK"
+    statusListUrl: "https://dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com/credentials/status/c5f1d9bb-42d5-42b7-a80a-ccbda6891df3/3e6f1f74-56e3-443a-a75e-320c301aca07"
     encryptionConfigs: 
       index0: 
         encryptionKey: "<path:portal/data/ssi-credential-issuer/beta/credential#encryptionKey0>"

consortia/environments/values-dev.yaml

@@ -17,6 +17,10 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
+portalBackendAddress: "https://portal-backend.dev.demo.catena-x.net"
+walletAddress: "https://dis-integration-service-prod.eu10.dim.cloud.sap"
+walletTokenAddress: "https://bpnl00000003crhk-catena-x.authentication.eu10.hana.ondemand.com/oauth/token"
+
 ingress:
   enabled: true
   className: "nginx"
@@ -43,6 +47,7 @@ issuer:
   imagePullPolicy: "Always"
   swaggerEnabled: true
   credential:
+    issuerDid: "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp"
     issuerBpn: "BPNL00000003CRHK"
     statusListUrl: "https://dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com/credentials/status/c5f1d9bb-42d5-42b7-a80a-ccbda6891df3/3e6f1f74-56e3-443a-a75e-320c301aca07"
     encryptionConfigs:

consortia/environments/values-int.yaml

@@ -17,6 +17,10 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
+portalBackendAddress: "https://portal-backend.int.demo.catena-x.net"
+walletAddress: "https://dis-integration-service-prod.eu10.dim.cloud.sap"
+walletTokenAddress: "https://bpnl00000003crhk-catena-x.authentication.eu10.hana.ondemand.com/oauth/token"
+
 ingress:
   enabled: true
   className: "nginx"
@@ -40,7 +44,9 @@ ingress:
 issuer:
   swaggerEnabled: true
   credential:
+    issuerDid: "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp"
     issuerBpn: "BPNL00000003CRHK"
+    statusListUrl: "https://dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com/credentials/status/c5f1d9bb-42d5-42b7-a80a-ccbda6891df3/3e6f1f74-56e3-443a-a75e-320c301aca07"
     encryptionConfigs:
       index0:
         encryptionKey: "<path:portal/data/ssi-credential-issuer/int/credential#encryptionKey0>"

consortia/environments/values-pen.yaml

@@ -17,6 +17,10 @@
 # SPDX-License-Identifier: Apache-2.0
 ###############################################################
 
+portalBackendAddress: "https://portal-backend-pen.dev.demo.catena-x.net"
+walletAddress: "https://dis-integration-service-prod.eu10.dim.cloud.sap"
+walletTokenAddress: "https://bpnl00000003crhk-catena-x.authentication.eu10.hana.ondemand.com/oauth/token"
+
 ingress:
   enabled: true
   className: "nginx"
@@ -28,9 +32,9 @@ ingress:
   tls:
     - secretName: "tls-secret"
       hosts:
-        - "ssi-credential-issuer-backend-pen.dev.demo.catena-x.net"
+        - "ssi-credential-issuer-pen.dev.demo.catena-x.net"
   hosts:
-    - host: "ssi-credential-issuer-backend-pen.dev.demo.catena-x.net"
+    - host: "ssi-credential-issuer-pen.dev.demo.catena-x.net"
       paths:
         - path: "/api/issuer"
           pathType: "Prefix"
@@ -40,7 +44,9 @@ ingress:
 issuer:
   swaggerEnabled: true
   credential:
+    issuerDid: "did:web:dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com:dim-hosted:2f45795c-d6cc-4038-96c9-63cedc0cd266:holder-iatp"
     issuerBpn: "BPNL00000003CRHK"
+    statusListUrl: "https://dim-static-prod.dis-cloud-prod.cfapps.eu10-004.hana.ondemand.com/credentials/status/c5f1d9bb-42d5-42b7-a80a-ccbda6891df3/3e6f1f74-56e3-443a-a75e-320c301aca07"
     encryptionConfigs:
       index0:
         encryptionKey: "<path:portal/data/ssi-credential-issuer/pen/credential#encryptionKey0>"