Merge branch 'develop' into feature/persistence-investigation

Author: M-Busk

.github/workflows/continious_integration.yml

@@ -7,17 +7,28 @@ env:
   REGISTRY: ghcr.io
   REGISTRY_NAMESPACE: possible-x
   K8S_NAMESPACE: ${{ github.ref == 'refs/heads/main' && 'mvd-001-demo' || 'edc-dev' }}
+  POSTGRES_USER: postgres
+  POSTGRES_PASSWORD: postgres
+  POSTGRES_DB: postgres
 jobs:
   build-and-push-image:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
-
+    services:
+      postgres:
+        image: postgres:16
+        env:
+          POSTGRES_USER: ${{ env.POSTGRES_USER }}
+          POSTGRES_PASSWORD: ${{ env.POSTGRES_PASSWORD }}
+          POSTGRES_DB: ${{ env.POSTGRES_DB }}
+        ports:
+          - 5432:5432
+        options: --health-cmd pg_isready --health-interval 10s --health-timeout 5s --health-retries 5
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-
       - name: Set up JDK 17
         uses: actions/setup-java@v4
         with:

connector/build.gradle.kts

@@ -43,50 +43,49 @@ val edcVersion: String by project
 
 
 dependencies {
-	implementation("${edcGroup}:boot:${edcVersion}")
-	implementation("${edcGroup}:connector-core:${edcVersion}")
 
+	implementation("${edcGroup}:boot:${edcVersion}")
+	implementation("${edcGroup}:control-plane-core:${edcVersion}")
+	implementation("${edcGroup}:control-plane-api:${edcVersion}")
+	implementation("${edcGroup}:control-plane-api-client:${edcVersion}")
 	implementation("${edcGroup}:api-observability:${edcVersion}")
 	implementation("${edcGroup}:configuration-filesystem:${edcVersion}")
 
-	implementation("${edcGroup}:iam-mock:${edcVersion}")
-	implementation("${edcGroup}:http:${edcVersion}")
-
-	implementation("${edcGroup}:control-plane-api-client:${edcVersion}")
-	implementation("${edcGroup}:control-plane-api:${edcVersion}")
-	implementation("${edcGroup}:control-plane-core:${edcVersion}")
-	implementation("${edcGroup}:dsp:${edcVersion}")
 	implementation("${edcGroup}:auth-tokenbased:${edcVersion}")
-    implementation("${edcGroup}:management-api:${edcVersion}")
-	implementation("${edcGroup}:data-plane-http:${edcVersion}")
+	implementation("${edcGroup}:management-api:${edcVersion}")
 
+	//implementation("${edcGroup}:iam-mock:${edcVersion}")
+
+	implementation("${edcGroup}:oauth2-service:${edcVersion}")
+	implementation("${edcGroup}:oauth2-daps:${edcVersion}")
+	implementation("${edcGroup}:vault-filesystem:${edcVersion}")
+
+	implementation("${edcGroup}:dsp:${edcVersion}")
+	//file-transfer
 	implementation("${edcGroup}:data-plane-core:${edcVersion}")
-	implementation("${edcGroup}:data-plane-api:${edcVersion}")
-	implementation("${edcGroup}:data-plane-http:${edcVersion}")
 	implementation("${edcGroup}:data-plane-client:${edcVersion}")
-	implementation("${edcGroup}:data-plane-selector-core:${edcVersion}")
 	implementation("${edcGroup}:data-plane-selector-client:${edcVersion}")
-	implementation("${edcGroup}:data-plane-selector-api:${edcVersion}")
-	implementation("${edcGroup}:data-plane-client:${edcVersion}")
-
+	implementation("${edcGroup}:data-plane-selector-core:${edcVersion}")
 	implementation("${edcGroup}:transfer-data-plane:${edcVersion}")
-	implementation("${edcGroup}:transfer-pull-http-dynamic-receiver:${edcVersion}")
-	implementation("${edcGroup}:validator-data-address-http-data:${edcVersion}")
-	
-	implementation("${edcGroup}:asset-index-sql:${edcVersion}")
-	implementation("${edcGroup}:contract-definition-store-sql:${edcVersion}")
-	implementation("${edcGroup}:contract-negotiation-store-sql:${edcVersion}")
-	implementation("${edcGroup}:policy-definition-store-sql:${edcVersion}")
-	implementation("${edcGroup}:policy-monitor-store-sql:${edcVersion}")
-	implementation("${edcGroup}:sql-lease:${edcVersion}")
-	implementation("${edcGroup}:sql-pool-apache-commons:${edcVersion}")
-	implementation("${edcGroup}:transaction-local:$edcVersion")
-	implementation("${edcGroup}:transaction-datasource-spi:$edcVersion")
+	implementation("${edcGroup}:data-plane-http:${edcVersion}")
+	implementation("${edcGroup}:http:${edcVersion}")
+
+	implementation(project(":policy-extension"))
 
+	//IONOS
 	implementation ("com.ionoscloud.edc:provision-ionos-s3:v2.2.0")
 	implementation ("com.ionoscloud.edc:data-plane-ionos-s3:v2.2.0")
 
-	implementation ("org.postgresql:postgresql:42.7.2")
+  implementation("${edcGroup}:asset-index-sql:${edcVersion}")
+  implementation("${edcGroup}:contract-definition-store-sql:${edcVersion}")
+  implementation("${edcGroup}:contract-negotiation-store-sql:${edcVersion}")
+  implementation("${edcGroup}:policy-definition-store-sql:${edcVersion}")
+  implementation("${edcGroup}:policy-monitor-store-sql:${edcVersion}")
+  implementation("${edcGroup}:sql-lease:${edcVersion}")
+  implementation("${edcGroup}:sql-pool-apache-commons:${edcVersion}")
+  implementation("${edcGroup}:transaction-local:$edcVersion")
+  implementation("${edcGroup}:transaction-datasource-spi:$edcVersion")
+  implementation ("org.postgresql:postgresql:42.7.2")
 }
 
 repositories {

connector/resources/consumer-configuration.properties

@@ -1,5 +1,3 @@
-edc.participant.id=consumer
-edc.dsp.callback.address=http://localhost:29194/protocol
 web.http.port=29191
 web.http.path=/api
 web.http.management.port=29193
@@ -10,17 +8,29 @@ web.http.public.port=29291
 web.http.public.path=/public
 web.http.control.port=29192
 web.http.control.path=/control
-web.http.data.port=9196
-web.http.data.path=/data
+
+edc.dsp.callback.address=http://localhost:29194/protocol
+edc.participant.id=20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3:keyid:20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3
 edc.api.auth.key=password
-possible.connector.edcVersion=0.4.1
+edc.vault=/app/vault.properties
+edc.dataplane.token.validation.endpoint=http://localhost:4567/token
+
 
 edc.ionos.endpoint =https://s3-eu-central-2.ionoscloud.com
-ids.webhook.address=http://localhost:8282
-edc.vault.hashicorp.url=http://localhost:8200
-edc.vault.hashicorp.token=test-token
-edc.vault.hashicorp.timeout.seconds=30
-edc.dataplane.token.validation.endpoint=http://localhost:8184/control/token
+
+#edc.mock.client.id="1234"
+
+#edc.mock.region=us
+
+edc.oauth.token.url=http://localhost:4567/token
+edc.oauth.certificate.alias=1
+edc.oauth.private.key.alias=1
+edc.oauth.client.id=20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3:keyid:20:1D:9C:04:0A:71:B9:E7:8C:28:9D:70:A6:84:43:59:2D:BA:E8:B3
+edc.oauth.provider.jwks.url=http://localhost:4567/jwks.json
+edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL
+edc.iam.token.scope=idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
+edc.keystore=/home/possible/workspace/localdeployment/initial_data/edc/consumer.pfx
+edc.keystore.password=zw9Eie7ztAqpl0Rbd/GEatmvzEREXEzL
 
 edc.datasource.default.url=jdbc:postgresql://localhost:5432/edcconsumer
 edc.datasource.default.user=postgres

connector/resources/provider-configuration.properties

@@ -1,5 +1,3 @@
-edc.participant.id=provider
-edc.dsp.callback.address=http://localhost:19194/protocol
 web.http.port=19191
 web.http.path=/api
 web.http.management.port=19193
@@ -10,18 +8,28 @@ web.http.public.port=19291
 web.http.public.path=/public
 web.http.control.port=19192
 web.http.control.path=/control
-edc.dataplane.api.public.baseurl=http://localhost:19291/public
-web.http.data.port=8186
-web.http.data.path=/data
+
+edc.dsp.callback.address=http://localhost:19194/protocol
+edc.participant.id=59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70:keyid:59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70
 edc.api.auth.key=password
-possible.connector.edcVersion=0.4.1
+edc.vault=/app/vault.properties
+edc.dataplane.token.validation.endpoint=http://localhost:4567/token
 
 edc.ionos.endpoint =https://s3-eu-central-2.ionoscloud.com
-ids.webhook.address=http://localhost:8282
-edc.vault.hashicorp.url=http://localhost:8200
-edc.vault.hashicorp.token=test-token
-edc.vault.hashicorp.timeout.seconds=30
-edc.dataplane.token.validation.endpoint=http://localhost:8184/control/token
+
+#edc.mock.client.id="5678"
+
+#edc.mock.region=eu
+
+edc.oauth.token.url=http://localhost:4567/token
+edc.oauth.certificate.alias=1
+edc.oauth.private.key.alias=1
+edc.oauth.client.id=59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70:keyid:59:0B:DD:26:41:AC:57:D7:ED:76:D5:84:F8:BC:AC:8E:4C:C7:56:70
+edc.oauth.provider.jwks.url=http://localhost:4567/jwks.json
+edc.oauth.provider.audience=idsc:IDS_CONNECTORS_ALL
+edc.iam.token.scope=idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
+edc.keystore=/home/possible/workspace/localdeployment/initial_data/edc/provider.pfx
+edc.keystore.password=F4HKbkgAORZWwzWasY10RhsxHt99LaoE
 
 edc.datasource.default.url=jdbc:postgresql://localhost:5432/edcprovider
 edc.datasource.default.user=postgres

deployment/helm/possible-x-edc/templates/configmap.yaml

@@ -29,4 +29,14 @@ data:
     edc.dsp.callback.address={{ .Values.edc.dsp.callback.address }}
     edc.receiver.http.endpoint={{ .Values.edc.receiver.http.endpoint }}/receiver/{{ .Values.edc.ids.id }}/callback
     edc.public.key.alias={{ .Values.edc.public.key.alias }}
-    edc.dataplane.token.validation.endpoint={{ .Values.edc.dataplane.token.validation.endpoint }}{{ .Values.web.http.control.path }}/token
+    edc.dataplane.token.validation.endpoint={{ .Values.edc.dataplane.token.validation.endpoint }}
+    edc.oauth.token.url={{ .Values.edc.oauth.token.url }}
+    edc.oauth.certificate.alias={{ .Values.edc.oauth.certificate.alias }}
+    edc.oauth.private.key.alias={{ .Values.edc.oauth.private.key.alias }}
+    edc.oauth.client.id={{ .Values.edc.oauth.client.id }}
+    edc.oauth.provider.jwks.url={{ .Values.edc.oauth.provider.jwks.url }}
+    edc.oauth.provider.audience={{ .Values.edc.oauth.provider.audience }}
+    edc.iam.token.scope={{ .Values.edc.iam.token.scope }}
+    edc.keystore={{ .Values.edc.keystore.path }}
+    edc.keystore.password={{ .Values.edc.keystore.password }}
+    edc.vault={{ .Values.edc.vault.path }}

deployment/helm/possible-x-edc/templates/db_service.yaml

@@ -0,0 +1,13 @@
+
+{{- if .Values.persistence.db.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "possible-x-edc.fullname" . }}-postgres
+spec:
+  ports:
+  - port: 5432
+    name: postgres
+  selector:
+    app: {{ include "possible-x-edc.fullname" . }}-postgres
+{{- end }}

deployment/helm/possible-x-edc/templates/db_stateful_set.yaml

@@ -0,0 +1,47 @@
+{{- if .Values.persistence.db.enabled -}}
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "possible-x-edc.fullname" . }}-postgres
+  labels:
+    app: {{ include "possible-x-edc.fullname" . }}-postgres
+spec:
+  serviceName: "{{ include "possible-x-edc.fullname" . }}-postgres"
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ include "possible-x-edc.fullname" . }}-postgres
+  template:
+    metadata:
+      labels:
+        app: {{ include "possible-x-edc.fullname" . }}-postgres
+    spec:
+      containers:
+      - name: postgres
+        image: "{{ .Values.persistence.db.image.repository }}:{{ .Values.persistence.db.image.tag }}"
+        imagePullPolicy: {{ .Values.persistence.db.image.pullPolicy }}
+        ports:
+        - containerPort: 5432
+          name: postgres
+        env:
+        - name: POSTGRES_DB
+          value: "{{ .Values.persistence.db.databaseName }}"
+        - name: POSTGRES_USER
+          value: "{{ .Values.persistence.db.databaseUser }}"
+        - name: POSTGRES_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.persistence.db.databasePasswordSecretName }}
+              key: POSTGRES_PASSWORD
+        volumeMounts:
+        - name: {{ include "possible-x-edc.fullname" . }}-postgres-storage
+          mountPath: /var/lib/postgresql
+  volumeClaimTemplates:
+  - metadata:
+      name: {{ include "possible-x-edc.fullname" . }}-postgres-storage
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 1Gi
+{{- end }}

deployment/helm/possible-x-edc/templates/deployment.yaml

@@ -27,6 +27,29 @@ spec:
       serviceAccountName: {{ include "possible-x-edc.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+        - name: daps-init-container
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              echo "path: $DAPS_KEY_PATH"
+              echo "store: $DAPS_KEY_STORE"
+              if ! [ -d $(dirname $DAPS_KEY_PATH) ] ; then mkdir -p $(dirname $DAPS_KEY_PATH) ; else echo "exists!"; fi
+              echo "$DAPS_KEY_STORE" | base64 -d > $DAPS_KEY_PATH
+              touch $VAULT_FILE
+          volumeMounts:
+            - name: keystore
+              mountPath: /resources/keystore
+            - name: vault
+              mountPath: /resources/vault
+          env:
+            - name: DAPS_KEY_PATH
+              value: {{ .Values.edc.keystore.path }}
+            - name: DAPS_KEY_STORE
+              value: {{ .Values.edc.keystore.content }}
+            - name: VAULT_FILE 
+              value: {{ .Values.edc.vault.path }}
       containers:
         - name: {{ .Chart.Name }}
           securityContext:
@@ -37,7 +60,7 @@ spec:
           - name: EDC_FS_CONFIG
             value: "/resources/config.properties"
           - name: EDC_VAULT
-            value: "/resources/config.properties"
+            value: {{ .Values.edc.vault.path | default "/resources/vault/vault.properties" }}
           ports:
             - name: api
               containerPort: {{ .Values.service.apiPort }}
@@ -72,6 +95,10 @@ spec:
             - name: config
               mountPath: /resources/config.properties
               subPath: config.properties
+            - name: keystore
+              mountPath: resources/keystore
+            - name: vault
+              mountPath: /resources/vault
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -88,3 +115,7 @@ spec:
         - name: config
           configMap:
             name: {{ include "possible-x-edc.fullname" . }}-config
+        - name: keystore
+          emptyDir: {}
+        - name: vault
+          emptyDir: {}

deployment/helm/possible-x-edc/values.yaml

@@ -179,3 +179,15 @@ possible:
       token: notnull
   connector:
     edcVersion: 0.1.2
+
+persistence:
+  db:
+    enabled: false
+    image:
+      repository: postgres
+      pullPolicy: IfNotPresent
+      tag: latest
+    databaseUser: "admin"
+    databaseName: "edc"
+    databasePasswordSecretName: ""
+    storageSize: 1Gi