NOTE Currently this orchestrator serves no purpose in the MERLOT MPO as previously it was only used to fetch users from keycloak from the same organization for displaying in the frontend. With the introduction of SSI this feature can no longer exist as the issuer agent is decentralized and (typically) not publicly available to fetch issued credentials (i.e. users) from. The AAAM functionality of the marketplace is performed by the following services regardless without this microservice:
- Keycloak (Machine to Machine authentication for XFSC Federated Catalogue)
- SSI (AAS, OCM, PCM for user authentication)
- DAPS (Machine to Machine authentication for EDC Connectors)
The Authentication-Authorization-Account-Manager (AAAM) Orchestrator used to be a microservice in the MERLOT marketplace which handled fetching account information from the authentication backend (e.g. Keycloak).
This included information such as the enrolled users in a particular organisation.
To start development for the MERLOT marketplace, please refer to this document to set up a local WSL development environment of all relevant services. This is by far the easiest way to get everything up and running locally.
├── src/main/java/eu/merloteducation/aaamorchestrator
│ ├── config # configuration-related components
│ ├── controller # external REST API controllers
│ ├── models # internal data models of user-related data
│ ├── security # configuration for route-based authentication
│ ├── service # internal services for processing data from the controller layer
│ ├── views # JSON views for DTO serialization
- A properly set-up keycloak instance (quay.io/keycloak/keycloak:20.0.5)
To build this microservice you need to provide a GitHub read-only token in order to be able to fetch maven packages from GitHub. You can create this token at https://github.com/settings/tokens with at least the scope "read:packages". Then set up your ~/.m2/settings.xml file as follows:
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0
http://maven.apache.org/xsd/settings-1.0.0.xsd">
<servers>
<server>
<id>github</id>
<username>REPLACEME_GITHUB_USER</username>
<!-- Public token with `read:packages` scope -->
<password>REPLACEME_GITHUB_TOKEN</password>
</server>
</servers>
</settings>
Afterward you can build the service with
mvn clean package
java -jar target/aaam-orchestrator-X.Y.Z.jar
Replace the X.Y.Z with the respective version of the service.
This microservice can be deployed as part of the full MERLOT docker stack at localdeployment.
Before you begin, ensure you have Helm installed and configured to the desired Kubernetes cluster.
If you don't have a Kubernetes cluster set up, you can use Minikube for local development. Follow these steps to set up Minikube:
-
Install Minikube: Follow the instructions here to install Minikube on your machine.
-
Start Minikube: Start Minikube using the following command:
minikube start -
Verify Minikube Status: Check the status of Minikube to ensure it's running:
minikube status
-
Clone the Repository: Clone the repository containing the Helm chart:
git clone https://github.com/merlot-education/gitops.git -
Navigate to the Helm Chart: Change into the directory of the Helm chart:
cd gitops/charts/orchestrator -
Customize Values (if needed): If you need to customize any values, modify the values.yaml file in this directory according to your requirements. This file contains configurable parameters such as image repository, tag, service ports, etc. An example containing the values used in Merlot dev environment is available in gitops/environments/dev/aaam-orchestrator.yaml
-
Install the Chart: Run the following command to install the chart from the local repository:
helm install [RELEASE_NAME] .Replace [RELEASE_NAME] with the name you want to give to this deployment. In this case it can be aaam-orchestrator.
-
Verify Deployment: Check the status of your deployment using the following commands:
kubectl get pods kubectl get services