Merge pull request #255 from eclipse-tractusx/release/v2.0.0-RC2

build(portal-2.0.0-RC2): merge release into main

CHANGELOG.md

@@ -2,7 +2,24 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal helm chart.
 
-## 2.0.0-RC1
+## 2.0.0-RC2
+
+### Change
+
+* changed to new container images
+  * portal-frontend: v2.0.0-RC2
+  * portal-frontend-registration: v2.0.0-RC1
+* portal-frontend: changed bdpm pool api path and improve configuration
+* portal-backend:
+  * moved bpdm api paths into config / helm chart
+  * activated dim wallet creation
+  * increased resource limits for processes worker
+  * added configuration for did resolver
+  * adjusted configuration for issuerComponent
+
+### Bugfix
+
+* portal-backend: added serviceAccountClientPrefix for to processes worker
 
 ### Change
 
@@ -22,7 +39,7 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
 * db-dependency:
   * change setup to get latest minor updates
   * removed fullnameOverride
-* helm-test: 
+* helm-test:
   * was enabled for removal for fullnameOverride and renaming for postgres secret
   * updated version to upgrade (R24.03) from and k8s version
 * portal-backend:

charts/portal/Chart.yaml

@@ -20,8 +20,8 @@
 apiVersion: v2
 name: portal
 type: application
-version: 2.0.0-RC1
-appVersion: 2.0.0-RC1
+version: 2.0.0-RC2
+appVersion: 2.0.0-RC2
 description: Helm chart for Catena-X Portal
 home: https://github.com/eclipse-tractusx/portal
 sources:

charts/portal/README.md.gotmpl

@@ -5,14 +5,14 @@
 This helm chart installs the Catena-X Portal application which consists of
 
 * [portal-frontend (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.0.0-RC1),
-* [portal-frontend-registration (v1.7.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v1.7.0-RC1),
+* [portal-frontend-registration (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v2.0.0-RC1),
 * [portal-assets (v1.8.0)](https://github.com/eclipse-tractusx/portal-assets/tree/v1.8.0) and
-* [portal-backend (v2.0.0-RC1)](https://github.com/eclipse-tractusx/portal-backend/tree/v2.0.0-RC1).
+* [portal-backend (v2.0.0-RC2)](https://github.com/eclipse-tractusx/portal-backend/tree/v2.0.0-RC2).
 
 The Catena-X Portal is designed to work with the [Catena-X IAM](https://github.com/eclipse-tractusx/portal-iam).
-This version is compatible with the 3.0.0-rc.1 version of the IAM instances:
-* [Central Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-3.0.0-rc.1/charts/centralidp/README.md)
-* [Shared Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-3.0.0-rc.1/charts/sharedidp/README.md)
+This version is compatible with the 3.0.0-rc.2 version of the IAM instances:
+* [Central Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/centralidp-3.0.0-rc.2/charts/centralidp/README.md)
+* [Shared Keycloak Instance](https://github.com/eclipse-tractusx/portal-iam/blob/sharedidp-3.0.0-rc.2/charts/sharedidp/README.md)
 
 For information on how to upgrade from previous versions please refer to [Version Upgrade](https://github.com/eclipse-tractusx/portal-assets/tree/v1.8.0/docs/developer/Technical%20Documentation/Version%20Upgrade/portal-upgrade-details.md).
 

charts/portal/templates/cronjob-backend-processes.yaml

@@ -80,6 +80,8 @@ spec:
             - name: "CONNECTIONSTRINGS__PROVISIONINGDB"
               value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.provisioningUser }};Password=$(PROVISIONING_PASSWORD);Ssl Mode={{ .Values.backend.dbConnection.sslMode }};"
             {{- end }}
+            - name: "PROVISIONING__SERVICEACCOUNTCLIENTPREFIX"
+              value: "{{ .Values.backend.provisioning.serviceAccountClientPrefix }}"
             - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__0__CLIENTID"
               value: "{{ .Values.centralidp.clients.portal }}"
             - name: "APPLICATIONACTIVATION__APPLICATIONAPPROVALINITIALROLES__0__USERROLENAMES__0"
@@ -113,7 +115,7 @@ spec:
             - name: "APPLICATIONACTIVATION__DATASPACEADDRESS"
               value: "{{ .Values.portalAddress }}{{ .Values.backend.portalIntroductionDataspacePath }}"
             - name: "APPLICATIONCHECKLIST__BPDM__BASEADDRESS"
-              value: "{{ .Values.bpdmPortalGateAddress }}"
+              value: "{{ .Values.bpdm.portalGateAddress }}{{ .Values.bpdm.portalGateApiPath }}"
             - name: "APPLICATIONCHECKLIST__BPDM__CLIENTID"
               value: "{{ .Values.backend.processesworker.bpdm.clientId }}"
             - name: "APPLICATIONCHECKLIST__BPDM__CLIENTSECRET"
@@ -232,25 +234,25 @@ spec:
               value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
             - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__PADDINGMODE"
               value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
-            - name: "APPLICATIONCHECKLIST__DIM__USERNAME"
+            - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__USERNAME"
               value: "{{ .Values.backend.placeholder }}"
-            - name: "APPLICATIONCHECKLIST__DIM__PASSWORD"
+            - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__PASSWORD"
               value: "{{ .Values.backend.placeholder }}"
-            - name: "APPLICATIONCHECKLIST__DIM__CLIENTID"
-              value: "{{ .Values.backend.processesworker.dim.clientId }}"
-            - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE"
-              value: "{{ .Values.backend.processesworker.dim.grantType }}"
-            - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET"
+            - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CLIENTID"
+              value: "{{ .Values.backend.processesworker.issuerComponent.clientId }}"
+            - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__GRANTTYPE"
+              value: "{{ .Values.backend.processesworker.issuerComponent.grantType }}"
+            - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CLIENTSECRET"
               valueFrom:
                 secretKeyRef:
                   name: "{{ .Values.backend.interfaces.secret }}"
-                  key: "dim-client-secret"
+                  key: "issuercomponent-client-secret"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__SCOPE"
               value: "{{ .Values.backend.processesworker.issuerComponent.scope }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__TOKENADDRESS"
               value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__BASEADDRESS"
-              value: "{{ .Values.backend.processesworker.issuerComponent.baseAddress }}"
+              value: "{{ .Values.issuerComponentAddress }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL"
               value: "{{ .Values.portalBackendAddress }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX"
@@ -266,6 +268,13 @@ spec:
               value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE"
               value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}"
+            - name: "APPLICATIONCHECKLIST__BPNDIDRESOLVER__BASEADDRESS"
+              value: "{{ .Values.bpnDidResolverAddress }}"
+            - name: "APPLICATIONCHECKLIST__BPNDIDRESOLVER__APIKEY"
+              valueFrom:
+                secretKeyRef:
+                  name: "{{ .Values.backend.interfaces.secret }}"
+                  key: "bpndidresolver-api-key"
             - name: "KEYCLOAK__CENTRAL__AUTHREALM"
               value: "{{ .Values.centralidp.realm }}"
             - name: "KEYCLOAK__CENTRAL__CLIENTID"

charts/portal/templates/deployment-backend-administration.yaml

@@ -100,7 +100,7 @@ spec:
         - name: "DATABASEACCESS__KEYCLOAK__DATABASESCHEMA"
           value: "{{ .Values.backend.keycloak.central.dbConnection.schema }}"
         - name: "APPLICATIONCHECKLIST__BPDM__BASEADDRESS"
-          value: "{{ .Values.bpdmPortalGateAddress }}"
+          value: "{{ .Values.bpdm.portalGateAddress }}{{ .Values.bpdm.portalGateApiPath }}"
         - name: "APPLICATIONCHECKLIST__BPDM__CLIENTID"
           value: "{{ .Values.backend.processesworker.bpdm.clientId }}"
         - name: "APPLICATIONCHECKLIST__BPDM__CLIENTSECRET"
@@ -219,12 +219,25 @@ spec:
           value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
         - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGS__0__PADDINGMODE"
           value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
+        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__USERNAME"
+          value: "{{ .Values.backend.placeholder }}"
+        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__PASSWORD"
+          value: "{{ .Values.backend.placeholder }}"
+        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CLIENTID"
+          value: "{{ .Values.backend.processesworker.issuerComponent.clientId }}"
+        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__GRANTTYPE"
+          value: "{{ .Values.backend.processesworker.issuerComponent.grantType }}"
+        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CLIENTSECRET"
+          valueFrom:
+            secretKeyRef:
+              name: "{{ .Values.backend.interfaces.secret }}"
+              key: "issuercomponent-client-secret"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__SCOPE"
           value: "{{ .Values.backend.processesworker.issuerComponent.scope }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__TOKENADDRESS"
           value: "{{ .Values.centralidp.address }}{{ .Values.backend.keycloak.central.tokenPath }}"
-        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__BASEADDRESS"
-          value: "{{ .Values.backend.processesworker.issuerComponent.baseAddress }}"
+        - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__BASEADDRESS"              
+          value: "{{ .Values.issuerComponentAddress }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL"
           value: "{{ .Values.portalBackendAddress }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX"
@@ -413,6 +426,8 @@ spec:
           value: "{{ .Values.backend.administration.registration.documentTypeIds.type0 }}"
         - name: "REGISTRATION__HELPADDRESS"
           value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHelpPath }}"
+        - name: "REGISTRATION__USEDIMWALLET"
+          value: "{{ .Values.backend.useDimWallet }}"
         - name: "SERVICEACCOUNT__CLIENTID"
           value: "{{ .Values.backend.administration.serviceAccount.clientId }}"
         - name: "SWAGGERENABLED"

charts/portal/templates/deployment-backend-registration.yaml

@@ -89,7 +89,7 @@ spec:
         - name: "DATABASEACCESS__PORTAL__DATABASESCHEMA"
           value: "{{ .Values.backend.dbConnection.schema }}"
         - name: "BPN_ADDRESS"
-          value: "{{ .Values.bpdmPartnersPoolAddress }}"
+          value: "{{ .Values.bpdm.poolAddress }}{{ .Values.bpdm.poolApiPath }}"
         - name: "HEALTHCHECKS__0__PATH"
           value: "{{ .Values.backend.healthChecks.startup.path}}"
         {{- if .Values.backend.registration.healthChecks.startup.tags }}

charts/portal/templates/deployment-frontend-portal.yaml

@@ -57,7 +57,7 @@ spec:
           - name: CENTRALIDP_URL
             value: "{{ .Values.centralidp.address }}{{ .Values.frontend.centralidpAuthPath }}"
           - name: BPDM_API_URL
-            value: "{{ .Values.bpdmPartnersPoolAddress }}{{ .Values.frontend.bpdmPartnersPoolApiPath }}"
+            value: "{{ .Values.bpdm.poolAddress }}{{ .Values.bpdm.poolApiPath }}"
           - name: SEMANTICS_URL
             value: "{{ .Values.semanticsAddress }}"
           - name: MANAGED_IDENTITY_WALLETS_NEW_URL

charts/portal/templates/secret-backend-interfaces.yaml

@@ -45,6 +45,7 @@ data:
   mailing-encryption-key0: {{ coalesce ( .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "mailing-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-client-secret: {{ coalesce ( .Values.backend.processesworker.issuerComponent.clientSecret | b64enc ) ( index $secret.data "issuercomponent-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-encryption-key0: {{ coalesce ( .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "issuercomponent-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
+  bpndidresolver-api-key: {{ coalesce ( .Values.backend.processesworker.bpnDidResolver.apiKey | b64enc ) ( index $secret.data "bpndidresolver-api-kye" ) | default ( randAlphaNum 32 ) | quote }}
 {{ else -}}
 stringData:
   # if secret doesn't exist, use provided value from values file or generate a random one
@@ -61,4 +62,5 @@ stringData:
   mailing-encryption-key0: {{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-client-secret: {{ .Values.backend.processesworker.issuerComponent.clientSecret | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-encryption-key0: {{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
+  bpndidresolver-api-key: {{ .Values.backend.processesworker.bpnDidResolver.apiKey | default ( randAlphaNum 32 ) | quote }}
 {{ end }}

charts/portal/values.yaml

@@ -41,11 +41,16 @@ sharedidpAddress: "https://sharedidp.example.org"
 # -- Provide semantics base address.
 semanticsAddress: "https://semantics.example.org"
 
-# -- Provide bpdm partners pool base address.
-bpdmPartnersPoolAddress: "https://business-partners.example.org"
-
-# -- Provide bpdm portal gate base address.
-bpdmPortalGateAddress: "https://business-partners.example.org"
+# -- Provide details about business partner data management (BPDM).
+bpdm:
+  # -- Provide bpdm partners pool base address.
+  poolAddress: "https://business-partners.example.org"
+  # -- Provide bpdm pool api path.
+  poolApiPath: "/pool/v6"
+  # -- Provide bpdm portal gate base address.
+  portalGateAddress: "https://business-partners.example.org"
+  # -- Provide bpdm portal gate api path.
+  portalGateApiPath: "/companies/test-company/v6"
 
 # -- Provide custodian base address.
 custodianAddress: "https://managed-identity-wallets.example.org"
@@ -57,6 +62,10 @@ sdfactoryAddress: "https://sdfactory.example.org"
 clearinghouseAddress: "https://validation.example.org"
 # -- Provide clearinghouse token address.
 clearinghouseTokenAddress: "https://keycloak.example.org/realms/example/protocol/openid-connect/token"
+# -- Provide issuer component base address
+issuerComponentAddress: "https://issuercomponent.example.org"
+# -- Base address of the Bpn Did Resolver
+bpnDidResolverAddress: http://bpndidresolver.example.org/
 
 frontend:
   ingress:
@@ -115,7 +124,7 @@ frontend:
     name: "registration"
     image:
       name: "docker.io/tractusx/portal-frontend-registration"
-      registrationtag: v1.7.0-RC1
+      registrationtag: v2.0.0-RC1
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -129,7 +138,7 @@ frontend:
     name: "assets"
     image:
       name: "docker.io/tractusx/portal-assets"
-      assetstag: 2433ebaa4f53c82a8dd47b47747faaa990a8a393
+      assetstag: v1.8.0
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -141,7 +150,6 @@ frontend:
         memory: 100M
     path: "/assets"
   centralidpAuthPath: "/auth"
-  bpdmPartnersPoolApiPath: "/pool/api"
 
 backend:
   ingress:
@@ -272,7 +280,7 @@ backend:
     name: "registration-service"
     image:
       name: "docker.io/tractusx/portal-registration-service"
-      registrationservicetag: v2.0.0-RC1
+      registrationservicetag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -321,7 +329,7 @@ backend:
     name: "administration-service"
     image:
       name: "docker.io/tractusx/portal-administration-service"
-      administrationservicetag: v2.0.0-RC1
+      administrationservicetag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -427,7 +435,7 @@ backend:
     name: "marketplace-app-service"
     image:
       name: "docker.io/tractusx/portal-marketplace-app-service"
-      appmarketplaceservicetag: v2.0.0-RC1
+      appmarketplaceservicetag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -559,7 +567,7 @@ backend:
     name: "portal-migrations"
     image:
       name: "docker.io/tractusx/portal-portal-migrations"
-      portalmigrationstag: v2.0.0-RC1
+      portalmigrationstag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -582,7 +590,7 @@ backend:
     name: "portal-maintenance"
     image:
       name: "docker.io/tractusx/portal-maintenance-service"
-      portalmaintenancetag: v2.0.0-RC1
+      portalmaintenancetag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -600,7 +608,7 @@ backend:
     name: "notification-service"
     image:
       name: "docker.io/tractusx/portal-notification-service"
-      notificationservicetag: v2.0.0-RC1
+      notificationservicetag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -627,7 +635,7 @@ backend:
     name: "services-service"
     image:
       name: "docker.io/tractusx/portal-services-service"
-      servicesservicetag: v2.0.0-RC1
+      servicesservicetag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -707,7 +715,7 @@ backend:
     name: "provisioning-migrations"
     image:
       name: "docker.io/tractusx/portal-provisioning-migrations"
-      provisioningmigrationstag: v2.0.0-RC1
+      provisioningmigrationstag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
@@ -723,16 +731,16 @@ backend:
     name: "processes-worker"
     image:
       name: "docker.io/tractusx/portal-processes-worker"
-      processesworkertag: v2.0.0-RC1
+      processesworkertag: v2.0.0-RC2
       pullPolicy: "IfNotPresent"
     # -- We recommend to review the default resource limits as this should a conscious choice.
     resources:
       requests:
         cpu: 75m
-        memory: 500M
+        memory: 600M
       limits:
         cpu: 225m
-        memory: 500M
+        memory: 600M
     logging:
       default: "Information"
       processesLibrary: "Information"
@@ -861,8 +869,6 @@ backend:
       clientSecret: ""
       grantType: "client_credentials"
       scope: "openid"
-      # -- Base address of the SSI Credential Issuer
-      baseAddress: "https://issuercomponent.example.org"
       encryptionConfigIndex: 0
       encryptionConfigs:
         index0:
@@ -872,6 +878,9 @@ backend:
           # -- EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'.
           # Expected format is 256 bit (64 digits) hex.
           encryptionKey: ""
+    bpnDidResolver:
+      # -- ApiKey for bpnDidResolver. Secret-key 'bpndidresolver-api-key'.
+      apiKey: ""
     invitation:
       invitedUserInitialRoles:
         role0: "Company Admin"

consortia/argocd-app-templates/appsetup-beta.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/portal
     repoURL: 'https://github.com/eclipse-tractusx/portal.git'
-    targetRevision: portal-2.0.0-RC1
+    targetRevision: portal-2.0.0-RC2
     plugin:
       env:
         - name: AVP_SECRET