From 7b8320388f44696bcc32af214b675f905531ba01 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 4 Jul 2024 15:18:45 +0200 Subject: [PATCH 01/12] feature: upgrade to TXEDC 0.7.3/ EDC 0.7.1 --- agent-plane/agent-plane-protocol/README.md | 68 ++++++------- agent-plane/agent-plane-protocol/pom.xml | 4 - .../tractusx/agents/edc/AgentExtension.java | 25 +++-- .../edc/http/transfer/AgentSourceFactory.java | 14 ++- .../agents/edc/service/DataManagement.java | 6 +- .../DataPlaneTokenValidationApi.java | 26 ----- ...hingDataPlaneTokenValidatorController.java | 98 ------------------- agent-plane/agentplane-azure-vault/pom.xml | 4 + .../ExcludingAuthenticationRequestFilter.java | 19 +++- pom.xml | 22 ++--- 10 files changed, 93 insertions(+), 193 deletions(-) delete mode 100644 agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java delete mode 100644 agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md index 767b243c..e0e70e3b 100644 --- a/agent-plane/agent-plane-protocol/README.md +++ b/agent-plane/agent-plane-protocol/README.md @@ -88,38 +88,38 @@ For a list of environment variables to configure the behaviour of the data plane See [this sample configuration file](resources/dataplane.properties) -| Property | Required | Default/Example | Description | List | -|-----------------------------------------------|----------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|------| -| cx.agent.matchmaking | | http://matchmaking-agent.internal | URL of the matchmaking agent (use internal one if null) | | -| cx.agent.asset.default | | urn:x-arq:DefaultGraph | IRI of the default graph (federated data catalogue) | | -| cx.agent.asset.file | | https://www.w3id.org/catenax/ontology,dataspace.ttl | Initial triples for the default graph (federated data catalogue) | L | -| cx.agent.accesspoint.name | | api | Matchmaking agent endpoint name (internal) | | -| cx.agent.controlplane.protocol | (X) | http://oem-control-plane:8182 | Protocol Endpoint of the providing control plane (needed if you want to access local graphs/skills without absolute address) | | -| cx.agent.controlplane.management | X | http://oem-control-plane2:8181/management | Data Management Endpoint of the consuming control plane | | -| cx.agent.controlplane.management.provider | (X) | http://oem-control-plane:8181/management | Data Management Endpoint of the providing control plane (only if different from the consuming control plane) | | -| edc.participant.id | X | BPNL00000DUMMY | business partner number under which the consuming control plane operates | | -| edc.api.auth.code | (X) | X-Api-Key | Authentication Header for consuming control plane (if any) | | -| edc.api.auth.key | (X) | **** | Authentication Secret for consuming control plane (if any) | | -| edc.dataplane.token.validation.endpoint | X | http://oem-control-plane2:9999/control/token / http://localhost:8082/api/validation/ | Token validation endpoint of single control plane or the address of the integrated switching validator in case of multiple control planes | | -| edc.dataplane.token.validation.endpoints. | (X) | http://oem-control-plane:9999/control/token | Additional token validation endpoints to switch between (if multiple control planes) | * | -| web.http.callback.port | X | 8187 | Callback endpoint port | | -| web.http.callback.path | X | /callback | Callback endpoint path prefix | | -| cx.agent.callback | X | http://oem-data-plane:8187/callback/transfer-process-started | Callback endpoint full address as seen from the consuming control plane | | -| cx.agent.skill.contract | | cx.agent.skill.contract.default=Contract?partner=Skill | Id/IRI of the default contract put in the cx-common:publishedUnderContract property for new skills | | -| cx.agent.dataspace.synchronization | | -1 / 60000 | If positive, number of seconds between each catalogue synchronization attempt | | -| cx.agent.service.allow | | (http|edc)s?://.* | Regular expression for determining which IRIs are allowed in SERVICE calls (on top level/federated data catalogue) | | -| cx.agent.service.deny | | ^$ | Regular expression for determining which IRIs are denied in SERVICE calls (on top level/federated data catalogue) | | | -| cx.agent.service.asset.allow | | (http|edc)s://.* | Regular expression for determining which IRIs are allowed in delegated SERVICE calls (if not overriden by the cx-common:allowServicePattern address property) | | -| cx.agent.service.asset.deny | | ^$ | Regular expression for determining which IRIs are denied in delegated SERVICE calls (it not overridden by the cx-common:denyServicePattern address property) | | | -| cx.agent.dataspace.remotes | | BPNL00000003COJN=http://oem-control-plane:8084,BPNL00000003CPIY=http://tiera-control-plane:8084 | business partner control plane protocol urls wkth associated partner ids to synchronize with (if using internal matchmaking) | L | -| cx.agent.sparql.verbose | | false | Controls the verbosity of the SparQL Engine | | -| cx.agent.threadpool.size | | 4 | Number of threads pooled for any concurrent batch calls and synchronisation actions | | -| cx.agent.federation.batch.max | | 9223372036854775807 / 8 | Maximal number of tuples to send in one query | | -| cx.agent.negotiation.poll | | 1000 | Number of milliseconds between negotiation status checks | | -| cx.agent.negotiation.timeout | | 30000 | Number of milliseconds after which a pending negotiation is regarded as stale | | -| cx.agent.connect.timeout | | | Number of milliseconds after which a connection attempt is regarded as stale | | -| cx.agent.read.timeout | | 1080000 | Number of milliseconds after which a reading attempt is regarded as stale | | -| cx.agent.call.timeout | | | Number of milliseconds after which a complete call is regarded as stale | | -| cx.agent.write.timeout | | | Number of milliseconds after which a write attempt is regarded as stale | | -| cx.agent.edc.version | | 0.7.0 | Version of the TX EDC that is used (in case that management/transfer API changes) | | +| Property | Required | Default/Example | Description | List | +|-------------------------------------------|----------|--------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|------| +| cx.agent.matchmaking | | http://matchmaking-agent.internal | URL of the matchmaking agent (use internal one if null) | | +| cx.agent.asset.default | | urn:x-arq:DefaultGraph | IRI of the default graph (federated data catalogue) | | +| cx.agent.asset.file | | https://www.w3id.org/catenax/ontology,dataspace.ttl | Initial triples for the default graph (federated data catalogue) | L | +| cx.agent.accesspoint.name | | api | Matchmaking agent endpoint name (internal) | | +| cx.agent.controlplane.protocol | (X) | http://oem-control-plane:8182 | Protocol Endpoint of the providing control plane (needed if you want to access local graphs/skills without absolute address) | | +| cx.agent.controlplane.management | X | http://oem-control-plane2:8181/management | Data Management Endpoint of the consuming control plane | | +| cx.agent.controlplane.management.provider | (X) | http://oem-control-plane:8181/management | Data Management Endpoint of the providing control plane (only if different from the consuming control plane) | | +| edc.participant.id | X | BPNL00000DUMMY | business partner number under which the consuming control plane operates | | +| edc.api.auth.code | (X) | X-Api-Key | Authentication Header for consuming control plane (if any) | | +| edc.api.auth.key | (X) | **** | Authentication Secret for consuming control plane (if any) | | +| web.http.callback.port | X | 8187 | Callback endpoint port | | +| web.http.callback.path | X | /callback | Callback endpoint path prefix | | +| cx.agent.callback | X | http://oem-data-plane:8187/callback/transfer-process-started | Callback endpoint full address as seen from the consuming control plane | | +| cx.agent.skill.contract | | cx.agent.skill.contract.default=Contract?partner=Skill | Id/IRI of the default contract put in the cx-common:publishedUnderContract property for new skills | | +| cx.agent.dataspace.synchronization | | -1 / 60000 | If positive, number of seconds between each catalogue synchronization attempt | | +| cx.agent.service.allow | | (http|edc)s?://.* | Regular expression for determining which IRIs are allowed in SERVICE calls (on top level/federated data catalogue) | | +| cx.agent.service.deny | | ^$ | Regular expression for determining which IRIs are denied in SERVICE calls (on top level/federated data catalogue) | | | +| cx.agent.service.asset.allow | | (http|edc)s://.* | Regular expression for determining which IRIs are allowed in delegated SERVICE calls (if not overriden by the cx-common:allowServicePattern address property) | | +| cx.agent.service.asset.deny | | ^$ | Regular expression for determining which IRIs are denied in delegated SERVICE calls (it not overridden by the cx-common:denyServicePattern address property) | | | +| cx.agent.service.connector.allow | | (http|edc)s://.* | Regular expression for determining which URLs are allowed in remote asset calls (if not overriden by the cx-common:allowServicePattern address property) | | +| cx.agent.service.connector.deny | | ^$ | Regular expression for determining which URLs are denied in remote asset calls (it not overridden by the cx-common:denyServicePattern address property) | | | +| cx.agent.dataspace.remotes | | BPNL00000003COJN=http://oem-control-plane:8084,BPNL00000003CPIY=http://tiera-control-plane:8084 | business partner control plane protocol urls wkth associated partner ids to synchronize with (if using internal matchmaking) | L | +| cx.agent.sparql.verbose | | false | Controls the verbosity of the SparQL Engine | | +| cx.agent.threadpool.size | | 4 | Number of threads pooled for any concurrent batch calls and synchronisation actions | | +| cx.agent.federation.batch.max | | 9223372036854775807 / 8 | Maximal number of tuples to send in one query | | +| cx.agent.negotiation.poll | | 1000 | Number of milliseconds between negotiation status checks | | +| cx.agent.negotiation.timeout | | 30000 | Number of milliseconds after which a pending negotiation is regarded as stale | | +| cx.agent.connect.timeout | | | Number of milliseconds after which a connection attempt is regarded as stale | | +| cx.agent.read.timeout | | 1080000 | Number of milliseconds after which a reading attempt is regarded as stale | | +| cx.agent.call.timeout | | | Number of milliseconds after which a complete call is regarded as stale | | +| cx.agent.write.timeout | | | Number of milliseconds after which a write attempt is regarded as stale | | +| cx.agent.edc.version | | 0.7.0 | Version of the TX EDC that is used (in case that management/transfer API changes) | | diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 6fba60c3..4916c468 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -478,10 +478,6 @@ mockito-core test - - net.bytebuddy - byte-buddy - diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java index 2a864051..df9900c3 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/AgentExtension.java @@ -47,7 +47,6 @@ import org.eclipse.tractusx.agents.edc.sparql.DataspaceServiceExecutor; import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor; import org.eclipse.tractusx.agents.edc.sparql.SparqlQuerySerializerFactory; -import org.eclipse.tractusx.agents.edc.validation.SwitchingDataPlaneTokenValidatorController; import java.util.Map; import java.util.concurrent.Executors; @@ -139,12 +138,6 @@ public void initialize(ServiceExtensionContext context) { executorService = Executors.newScheduledThreadPool(config.getThreadPoolSize()); synchronizer = new DataspaceSynchronizer(executorService, config, catalogService, rdfStore, monitor); - SwitchingDataPlaneTokenValidatorController validatorController = new SwitchingDataPlaneTokenValidatorController(httpClient, config, monitor); - if (validatorController.isEnabled()) { - monitor.debug(String.format("Registering switching validator controller %s", validatorController)); - webService.registerResource(DEFAULT_CONTEXT_ALIAS, validatorController); - } - // EDC Remoting Support ServiceExecutorRegistry reg = new ServiceExecutorRegistry(); reg.addBulkLink(new DataspaceServiceExecutor(monitor, agreementController, config, httpClient, executorService, typeManager)); @@ -170,8 +163,22 @@ public void initialize(ServiceExtensionContext context) { monitor.debug(String.format("Initialized %s", name())); HttpRequestFactory httpRequestFactory = new HttpRequestFactory(); - AgentSourceFactory sourceFactory = new AgentSourceFactory(edcHttpClient, new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor), monitor, httpRequestFactory, processor, skillStore); - pipelineService.registerFactory(sourceFactory); + AgentSourceFactory sparqlSourceFactory = new AgentSourceFactory(AgentProtocol.SPARQL_HTTP.getProtocolId(), + edcHttpClient, + new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor), + monitor, + httpRequestFactory, + processor, + skillStore); + AgentSourceFactory skillSourceFactory = new AgentSourceFactory(AgentProtocol.SKILL_HTTP.getProtocolId(), + edcHttpClient, + new AgentSourceRequestParamsSupplier(vault, typeManager, config, monitor), + monitor, + httpRequestFactory, + processor, + skillStore); + pipelineService.registerFactory(sparqlSourceFactory); + pipelineService.registerFactory(skillSourceFactory); var publicEndpoint = context.getSetting("edc.dataplane.api.public.baseurl", null); if (publicEndpoint == null) { diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java index 3dd4c368..b7cb953e 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/http/transfer/AgentSourceFactory.java @@ -22,7 +22,6 @@ import org.eclipse.edc.http.spi.EdcHttpClient; import org.eclipse.edc.spi.monitor.Monitor; import org.eclipse.edc.spi.types.domain.transfer.DataFlowStartMessage; -import org.eclipse.tractusx.agents.edc.AgentProtocol; import org.eclipse.tractusx.agents.edc.SkillStore; import org.eclipse.tractusx.agents.edc.sparql.SparqlQueryProcessor; @@ -37,7 +36,7 @@ public class AgentSourceFactory extends org.eclipse.edc.connector.dataplane.http final SparqlQueryProcessor processor; final SkillStore skillStore; final HttpRequestFactory requestFactory; - + final String protocol; /** * create a new agent source factory @@ -49,8 +48,9 @@ public class AgentSourceFactory extends org.eclipse.edc.connector.dataplane.http * @param processor the query processor/sparql engine * @param skillStore store for skills */ - public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupplier supplier, Monitor monitor, HttpRequestFactory requestFactory, SparqlQueryProcessor processor, SkillStore skillStore) { + public AgentSourceFactory(String protocol, EdcHttpClient httpClient, AgentSourceRequestParamsSupplier supplier, Monitor monitor, HttpRequestFactory requestFactory, SparqlQueryProcessor processor, SkillStore skillStore) { super(httpClient, supplier, monitor, requestFactory); + this.protocol = protocol; this.supplier = supplier; this.monitor = monitor; this.httpClient = httpClient; @@ -59,6 +59,11 @@ public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupp this.requestFactory = requestFactory; } + @Override + public String supportedType() { + return protocol; + } + /** * choose the agent protocol * @@ -67,8 +72,7 @@ public AgentSourceFactory(EdcHttpClient httpClient, AgentSourceRequestParamsSupp */ @Override public boolean canHandle(DataFlowStartMessage request) { - return AgentProtocol.SPARQL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType()) || - AgentProtocol.SKILL_HTTP.getProtocolId().equals(request.getSourceDataAddress().getType()); + return protocol.equals(request.getSourceDataAddress().getType()); } /** diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java index 24572250..a13b33df 100644 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java +++ b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/service/DataManagement.java @@ -115,15 +115,17 @@ public class DataManagement { public static final String ASSET_CALL = "%s%s/assets/request"; - // negotiation request 0.5.>=1 + // negotiation request 0.7.>=3 public static final String NEGOTIATION_REQUEST_BODY = "{\n" + " \"@context\": {\n" + - " \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" + + " \"@vocab\": \"https://w3id.org/edc/v0.0.1/ns/\",\n" + + " \"edc\": \"https://w3id.org/edc/v0.0.1/ns/\"\n" + " },\n" + " \"@type\": \"https://w3id.org/edc/v0.0.1/ns/ContractRequest\",\n" + " \"counterPartyAddress\": \"%1$s\",\n" + " \"protocol\": \"dataspace-protocol-http\",\n" + + " \"providerId\": \"%2$s\",\n" + " \"policy\": {\n" + " \"@context\": \"http://www.w3.org/ns/odrl.jsonld\",\n" + " \"@type\": \"odrl:Offer\",\n" + diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java deleted file mode 100644 index f0bbcd29..00000000 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/DataPlaneTokenValidationApi.java +++ /dev/null @@ -1,26 +0,0 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache License, Version 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0. -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -// License for the specific language governing permissions and limitations -// under the License. -// -// SPDX-License-Identifier: Apache-2.0 -package org.eclipse.tractusx.agents.edc.validation; - -import jakarta.ws.rs.core.Response; - -/** - * Rest interface to the token validator - */ -public interface DataPlaneTokenValidationApi { - Response validate(String token); -} diff --git a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java b/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java deleted file mode 100644 index f5e4db7b..00000000 --- a/agent-plane/agent-plane-protocol/src/main/java/org/eclipse/tractusx/agents/edc/validation/SwitchingDataPlaneTokenValidatorController.java +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright (c) 2022,2023 Contributors to the Eclipse Foundation -// -// See the NOTICE file(s) distributed with this work for additional -// information regarding copyright ownership. -// -// This program and the accompanying materials are made available under the -// terms of the Apache License, Version 2.0 which is available at -// https://www.apache.org/licenses/LICENSE-2.0. -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -// License for the specific language governing permissions and limitations -// under the License. -// -// SPDX-License-Identifier: Apache-2.0 -package org.eclipse.tractusx.agents.edc.validation; - -import jakarta.ws.rs.GET; -import jakarta.ws.rs.HeaderParam; -import jakarta.ws.rs.Path; -import jakarta.ws.rs.Produces; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.core.MediaType; -import jakarta.ws.rs.core.Response; -import okhttp3.OkHttpClient; -import okhttp3.Request; -import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.tractusx.agents.edc.AgentConfig; - -import java.io.IOException; - -/** - * a token validator that may delegate to several control plane validators - */ -@Path("/validation") -public class SwitchingDataPlaneTokenValidatorController implements DataPlaneTokenValidationApi { - - protected final OkHttpClient httpClient; - protected final Monitor monitor; - protected final AgentConfig config; - protected final String[] endpoints; - - /** - * creates a new controller - * - * @param httpClient to use - * @param config to obey - * @param monitor to log - */ - public SwitchingDataPlaneTokenValidatorController(OkHttpClient httpClient, AgentConfig config, Monitor monitor) { - this.httpClient = httpClient; - this.config = config; - this.monitor = monitor; - this.endpoints = config.getValidatorEndpoints(); - } - - /** - * access - * - * @return a flag indicating whether this endpoint is enabled - */ - public boolean isEnabled() { - return endpoints != null && endpoints.length > 0; - } - - /** - * Validate the token provided in input by delegating to the multiple endpoints - * - * @param token Input token. - * @return Decrypted DataAddress contained in the input token claims. - */ - @GET - @Produces({ MediaType.APPLICATION_JSON }) - @Override - public Response validate(@HeaderParam(HttpHeaders.AUTHORIZATION) String token) { - Response result = Response.status(400, "No validation endpoint could be found to switch to.").build(); - if (isEnabled()) { - for (String endpoint : endpoints) { - var request = new Request.Builder().url(endpoint).header(HttpHeaders.AUTHORIZATION, token).get().build(); - try (var response = httpClient.newCall(request).execute()) { - var body = response.body(); - var stringBody = body != null ? body.string() : null; - if (stringBody == null) { - result = Response.status(400, "Token validation server returned null body").build(); - } else if (response.isSuccessful()) { - return Response.ok(stringBody).build(); - } else { - result = Response.status(response.code(), String.format("Call to token validation sever failed: %s - %s. %s", response.code(), response.message(), stringBody)).build(); - } - } catch (IOException e) { - result = Response.status(500, "Unhandled exception occurred during call to token validation server: " + e.getMessage()).build(); - } - } - } - return result; - } -} diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index bf4c59cc..66878ad6 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -160,6 +160,10 @@ net.java.dev.jna jna-platform + + org.eclipse.edc + core-spi + diff --git a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java index 492932b6..ca3064f3 100644 --- a/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java +++ b/common/auth-jwt/src/main/java/org/eclipse/tractusx/edc/auth/ExcludingAuthenticationRequestFilter.java @@ -17,21 +17,26 @@ package org.eclipse.tractusx.edc.auth; import jakarta.ws.rs.container.ContainerRequestContext; -import org.eclipse.edc.api.auth.spi.AuthenticationRequestFilter; +import jakarta.ws.rs.container.ContainerRequestFilter; import org.eclipse.edc.api.auth.spi.AuthenticationService; +import org.eclipse.edc.web.spi.exception.AuthenticationFailedException; +import java.util.List; +import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; +import java.util.stream.Collectors; /** * An authentication request filter with optional paths excluded */ -public class ExcludingAuthenticationRequestFilter extends AuthenticationRequestFilter { +public class ExcludingAuthenticationRequestFilter implements ContainerRequestFilter { /** * the regex describing the excluded paths */ protected final Pattern excludePattern; + protected final AuthenticationService service; /** * creates a new authentication request filter @@ -40,8 +45,8 @@ public class ExcludingAuthenticationRequestFilter extends AuthenticationRequestF * @param excludePattern the parsed regular expression of excluded paths, null if none */ public ExcludingAuthenticationRequestFilter(AuthenticationService authenticationService, Pattern excludePattern) { - super(authenticationService); this.excludePattern = excludePattern; + this.service = authenticationService; } /** @@ -59,6 +64,12 @@ public void filter(ContainerRequestContext requestContext) { return; } } - super.filter(requestContext); + if (!"OPTIONS".equalsIgnoreCase(requestContext.getMethod())) { + Map> headers = (Map) requestContext.getHeaders().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)); + boolean isAuthenticated = service.isAuthenticated(headers); + if (!isAuthenticated) { + throw new AuthenticationFailedException(); + } + } } } diff --git a/pom.xml b/pom.xml index 81ddf7a8..61511684 100644 --- a/pom.xml +++ b/pom.xml @@ -39,31 +39,31 @@ 5.10.2 5.2.0 - 0.7.0 - 0.6.1 + 0.7.3 + 0.7.1 3.3.2 4.12.0 3.6.0 - 2.0.12 - 3.1.0 - 9.37.3 + 2.0.13 + 4.0.0 + 9.40 4.0.1 5.0.2 4.9.0 - 1.11.4 - 4.8.1 - 2.17.0 + 1.13.0 + 4.8.3 + 2.17.1 2.2 2.5.0 5.13.0 1.0.4 1.9.10 - 1.12.5 + 1.13.1 4.1.108.Final 1.26.0 - 11.0.20 + 11.0.21 1.0.44 - 2.24.10 + 2.26.7 UTF-8 From b6dc93c2627ae16208fe2bbcd5358c9e3ecbd399 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 4 Jul 2024 15:19:10 +0200 Subject: [PATCH 02/12] feature: align charts with TXEDC 0.7.3 --- .../templates/NOTES.txt | 2 +- .../templates/deployment-dataplane.yaml | 186 +++++++++++------ .../templates/networkpolicy.yaml | 42 ++++ .../templates/service-dataplane.yaml | 27 ++- charts/agent-plane-azure-vault/values.yaml | 146 +++++++++----- charts/agent-plane/templates/NOTES.txt | 2 +- .../templates/deployment-dataplane.yaml | 187 ++++++++++++------ .../agent-plane/templates/networkpolicy.yaml | 42 ++++ .../templates/service-dataplane.yaml | 27 ++- charts/agent-plane/values.yaml | 152 +++++++++----- 10 files changed, 582 insertions(+), 231 deletions(-) create mode 100644 charts/agent-plane-azure-vault/templates/networkpolicy.yaml create mode 100644 charts/agent-plane/templates/networkpolicy.yaml diff --git a/charts/agent-plane-azure-vault/templates/NOTES.txt b/charts/agent-plane-azure-vault/templates/NOTES.txt index ddd034b6..451c7144 100644 --- a/charts/agent-plane-azure-vault/templates/NOTES.txt +++ b/charts/agent-plane-azure-vault/templates/NOTES.txt @@ -15,7 +15,7 @@ # # SPDX-License-Identifier: Apache-2.0 -2. Get the data plane URL(s) by running these commands: +2. Get the data plane URL by running these commands: {{- $dataplane_name := .Values.name }} {{- $dataplane := .Values }} {{ with index $dataplane.ingresses 0}} diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index 0f4d7833..9a7c7575 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -1,7 +1,7 @@ {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- -# +################################################################################# # Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH @@ -13,7 +13,7 @@ # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0. # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -22,7 +22,7 @@ # under the License. # # SPDX-License-Identifier: Apache-2.0 -# +################################################################################# apiVersion: apps/v1 kind: Deployment metadata: @@ -55,8 +55,40 @@ spec: serviceAccountName: {{ include "txap.serviceAccountName" . }} securityContext: {{- toYaml $dataplane.podSecurityContext | nindent 8 }} + {{- if or $dataplane.initContainers .Values.customCaCerts }} initContainers: + {{- if $dataplane.initContainers }} {{- toYaml $dataplane.initContainers | nindent 8 }} + {{- end }} + {{- if .Values.customCaCerts }} + - name: custom-cacerts + # either use the specified image, or use the default one + {{- if $dataplane.image.repository }} + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ $dataplane.image.pullPolicy }} + command: + - /bin/sh + - -c + - | + cp /opt/java/openjdk/lib/security/cacerts /workdir/ + find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do + PEM_FILE=${PEM_FILE_PATH##*/} + ALIAS=${PEM_FILE%.*} + echo "adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..." + keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit + done + securityContext: + {{- toYaml $dataplane.securityContext | nindent 12 }} + volumeMounts: + - name: custom-cacertificates + mountPath: /cacerts + - name: custom-cacerts + mountPath: /workdir + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -122,26 +154,45 @@ spec: ####### - name: "EDC_API_AUTH_KEY" value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} + - name: "TX_EDC_DPF_CONSUMER_PROXY_AUTH_APIKEY" + value: {{ $dataplane.endpoints.proxy.authKey | required ".Values.dataplane.endpoints.proxy.authKey is required" | quote }} - name: "WEB_HTTP_DEFAULT_PORT" value: {{ $dataplane.endpoints.default.port | quote }} - name: "WEB_HTTP_DEFAULT_PATH" value: {{ $dataplane.endpoints.default.path | quote }} + - name: "WEB_HTTP_CONTROL_PORT" + value: {{ $dataplane.endpoints.control.port | quote }} + - name: "WEB_HTTP_CONTROL_PATH" + value: {{ $dataplane.endpoints.control.path | quote }} - name: "WEB_HTTP_PUBLIC_PORT" value: {{ $dataplane.endpoints.public.port | quote }} - name: "WEB_HTTP_PUBLIC_PATH" value: {{ $dataplane.endpoints.public.path | quote }} - - name: "WEB_HTTP_SIGNALING_PORT" - value: {{ $dataplane.endpoints.signaling.port | quote }} - - name: "WEB_HTTP_SIGNALING_PATH" - value: {{ $dataplane.endpoints.signaling.path | quote }} - name: "WEB_HTTP_CALLBACK_PORT" value: {{ $dataplane.endpoints.callback.port | quote }} - name: "WEB_HTTP_CALLBACK_PATH" value: {{ $dataplane.endpoints.callback.path | quote }} + - name: "EDC_CONTROL_ENDPOINT" + value: {{ include "txdc.dataplane.url.control" . }} + - name: "EDC_DPF_SELECTOR_URL" + value: {{ include "txap.controlplane.url.control" . }}/v1/dataplanes - - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txap.controlplane.url.control" .}}/token + ####### + # AWS # + ####### + {{- if $dataplane.aws.endpointOverride }} + - name: "EDC_AWS_ENDPOINT_OVERRIDE" + value: {{ $dataplane.aws.endpointOverride | quote }} + {{- end }} + {{- if $dataplane.aws.secretAccessKey }} + - name: "AWS_SECRET_ACCESS_KEY" + value: {{ $dataplane.aws.secretAccessKey | quote }} + {{- end }} + {{- if $dataplane.aws.accessKeyId }} + - name: "AWS_ACCESS_KEY_ID" + value: {{ $dataplane.aws.accessKeyId | quote }} + {{- end }} ########### ## VAULT ## @@ -168,32 +219,6 @@ spec: value: {{ .Values.vault.azure.certificate | quote }} {{- end }} - ################## - ## TOKEN REFRESH - ################## - {{- if $dataplane.token.refresh.expiry_seconds }} - - name: "EDC_DATAPLANE_TOKEN_EXPIRY" - value: {{ $dataplane.token.refresh.expiry_seconds | quote}} - {{- end}} - - {{- if $dataplane.token.refresh.expiry_tolerance_seconds }} - - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" - value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }} - {{- end}} - - {{- if $dataplane.token.refresh.refresh_endpoint }} - - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ $dataplane.token.refresh.refresh_endpoint }} - {{- else}} - - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txap.dataplane.url.public" . }}/token - {{- end}} - - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}} - - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }} ################### # AUTH (JWT) # @@ -240,19 +265,13 @@ spec: value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} - - name: "EDC_IAM_STS_DIM_URL" + - name: "TX_EDC_IAM_STS_DIM_URL" value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} {{- range $index, $issuer := .Values.iatp.trustedIssuers }} - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID" value: {{ $issuer | quote }} {{- end }} - ######################### - ## DATA PLANE PUBLIC API - ######################## - - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txap.dataplane.url.public" . }} - ################### # AGENT CALLBACK # ################### @@ -303,6 +322,16 @@ spec: value: {{ $dataplane.agent.services.asset.deny | quote }} {{- end }} {{- end }} + {{- if $dataplane.agent.services.connector }} + {{- if $dataplane.agent.services.connector.allow }} + - name: "CX_AGENT_SERVICE_CONNECTOR_ALLOW" + value: {{ $dataplane.agent.services.connector.allow | quote }} + {{- end }} + {{- if $dataplane.agent.services.connector.deny }} + - name: "CX_AGENT_SERVICE_CONNECTOR_DENY" + value: {{ $dataplane.agent.services.connector.deny | quote }} + {{- end }} + {{- end }} {{- end }} ################### @@ -315,22 +344,6 @@ spec: - name: "CX_AGENT_FEDERATION_BATCH_MAX" value: {{ $dataplane.agent.maxbatchsize | quote }} - ####### - # AWS # - ####### - {{- if $dataplane.aws.endpointOverride }} - - name: "EDC_AWS_ENDPOINT_OVERRIDE" - value: {{ $dataplane.aws.endpointOverride | quote }} - {{- end }} - {{- if $dataplane.aws.secretAccessKey }} - - name: "AWS_SECRET_ACCESS_KEY" - value: {{ $dataplane.aws.secretAccessKey | quote }} - {{- end }} - {{- if $dataplane.aws.accessKeyId }} - - name: "AWS_ACCESS_KEY_ID" - value: {{ $dataplane.aws.accessKeyId | quote }} - {{- end }} - ################ ## POSTGRESQL ## ################ @@ -365,10 +378,44 @@ spec: - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + ######################### + ## DATA PLANE PUBLIC API + ######################## + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" + value: {{ include "txap.dataplane.url.public" . }} + + + ################## + ## TOKEN REFRESH + ################## + {{- if $dataplane.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ $dataplane.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if $dataplane.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if $dataplane.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ $dataplane.token.refresh.refresh_endpoint }} + {{- else}} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txap.dataplane.url.public" . }}/token + {{- end}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" + value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" + value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }} + ###################################### ## Additional environment variables ## ###################################### - - name: "EDC_CONNECTOR_NAME" + - name: "EDC_RUNTIME_ID" value: {{ include "txap.fullname" .}}-{{ $dataplane.name }} {{- range $key, $value := $dataplane.envValueFrom }} - name: {{ $key | quote }} @@ -391,21 +438,31 @@ spec: {{- end }} {{- end }} volumeMounts: + {{- if $dataplane.volumeMounts }} + {{- toYaml $dataplane.volumeMounts | nindent 12 }} + {{- end}} - name: "configuration" mountPath: "/app/opentelemetry.properties" subPath: "opentelemetry.properties" - name: "configuration" mountPath: "/app/logging.properties" subPath: "logging.properties" + {{- if .Values.customCaCerts }} + - name: custom-cacerts + mountPath: /opt/java/openjdk/lib/security/cacerts + subPath: cacerts + {{- end }} - name: "tmp" mountPath: "/tmp" - {{- range $config_name, $config_value := $dataplane.configs }} - name: "configuration" mountPath: {{ printf "/app/%s" $config_name | quote }} subPath: {{ printf "%s" $config_name | quote }} {{- end }} volumes: + {{- if $dataplane.volumeMounts }} + {{- toYaml $dataplane.volumes | nindent 8 }} + {{- end}} - name: "configuration" configMap: name: {{ include "txap.fullname" . }}-{{ $dataplane_name }} @@ -418,6 +475,15 @@ spec: - key: {{ printf "%s" $config_name | quote }} path: {{ printf "%s" $config_name | quote }} {{- end }} + {{- if .Values.customCaCerts }} + - name: custom-cacertificates + configMap: + name: {{ include "txdc.fullname" . }}-custom-cacerts + defaultMode: 0400 + - name: custom-cacerts + emptyDir: + sizeLimit: 1Mi + {{- end }} - name: "tmp" emptyDir: { } {{- with $dataplane.nodeSelector }} diff --git a/charts/agent-plane-azure-vault/templates/networkpolicy.yaml b/charts/agent-plane-azure-vault/templates/networkpolicy.yaml new file mode 100644 index 00000000..4c72a93d --- /dev/null +++ b/charts/agent-plane-azure-vault/templates/networkpolicy.yaml @@ -0,0 +1,42 @@ +################################################################################# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# + +{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "txap.fullname" $ }}-{{ .Values.name }} + labels: + {{- include "txap.dataplane.labels" $ | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "txap.dataplane.selectorLabels" $ | nindent 6 }} + ingress: + - from: + {{- toYaml .Values.networkPolicy.from | nindent 6 }} + ports: + {{- range $key,$value := .Values.endpoints }} + - port: {{ $value.port }} + protocol: TCP + {{- end }} + policyTypes: + - Ingress +--- +{{- end }} diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml index 34f5b3ec..b6da35df 100644 --- a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml @@ -1,5 +1,5 @@ --- -# +################################################################################# # Copyright (c) 2024 T-Systems International GmbH # Copyright (c) 2024 Contributors to the Eclipse Foundation # @@ -8,7 +8,7 @@ # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0. # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -17,14 +17,21 @@ # under the License. # # SPDX-License-Identifier: Apache-2.0 -# +################################################################################# apiVersion: v1 kind: Service metadata: name: {{ include "txap.fullname" . }}-{{ .Values.name }} namespace: {{.Release.Namespace | default "default" | quote }} + {{- with .Values.dataplane.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txap.dataplane.labels" . | nindent 4 }} + {{- with .Values.dataplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} ports: @@ -32,14 +39,22 @@ spec: targetPort: default protocol: TCP name: default - - port: {{ .Values.endpoints.signaling.port }} - targetPort: signaling + - port: {{ .Values.endpoints.control.port }} + targetPort: control protocol: TCP - name: signaling + name: control - port: {{ .Values.endpoints.public.port }} targetPort: public protocol: TCP name: public + - port: {{ .Values.dataplane.endpoints.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics + - port: {{ .Values.dataplane.endpoints.proxy.port }} + targetPort: proxy + protocol: TCP + name: proxy - port: {{ .Values.endpoints.callback.port }} targetPort: callback protocol: TCP diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index 40d297e1..91e7d12e 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -1,4 +1,4 @@ -# +################################################################################# # Copyright (c) 2024 T-Systems International GmbH # Copyright (c) 2024 Contributors to the Eclipse Foundation # @@ -7,7 +7,7 @@ # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0. # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -16,7 +16,7 @@ # under the License. # # SPDX-License-Identifier: Apache-2.0 -# +################################################################################# --- # Default values for agent-plane. @@ -24,8 +24,8 @@ # Declare variables to be passed into your templates. install: + # -- Deploying a PostgreSQL instance postgresql: false - vault: false fullnameOverride: "" nameOverride: "" @@ -33,40 +33,34 @@ nameOverride: "" imageRegistry: docker.io/ # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] -# -- To add some custom labels +# -- Add some custom labels customLabels: {} -postgresql: - jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" - primary: - persistence: - enabled: false - readReplicas: - persistence: - enabled: false - auth: - database: "edc" - username: "user" - password: "password" - participant: # -- BPN Number id: "" iatp: - # Decentralized IDentifier + # -- Decentralized IDentifier (DID) of the connector id: "did:web:changeme" # -- Configures the trusted issuers for this runtime trustedIssuers: [] sts: dim: + # -- URL where connectors can request SI tokens url: oauth: + # -- URL where connectors can request OAuth2 access tokens for DIM access token_url: client: + # -- Client ID for requesting OAuth2 access token for DIM access id: + # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access secret_alias: +# -- Add custom ca certificates to the truststore +customCaCerts: {} + # -- Name of the connector deployment connector: "" @@ -79,8 +73,8 @@ controlplane: port: 8081 # -- path for incoming api calls path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header - authKey: "" + # -- authentication key, must be attached to each request as `X-Api-Key` header + authKey: "password" # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: # -- port for incoming api calls @@ -93,8 +87,6 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp - ingresses: - - enabled: false # -- the name of the dataplane name: "agentplane" @@ -111,8 +103,11 @@ image: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) @@ -140,35 +135,69 @@ readinessProbe: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 + service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP port: 80 + # -- additional labels for the service + labels: {} + # -- additional annotations for the service + annotations: {} + +# -- endpoints of the dataplane endpoints: + # -- default api for health checks, should not be added to any ingress default: + # -- port for incoming api calls port: 8080 + # -- path for incoming api calls path: /api + # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. public: + # -- port for incoming api calls port: 8081 + # -- path for incoming api calls path: /api/public - signaling: - port: 8083 - path: /api/signaling + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not + control: + # -- port for incoming api calls + port: 8084 + # -- path for incoming api calls + path: /api/control + proxy: + # -- port for incoming api calls + port: 8186 + # -- path for incoming api calls + path: /proxy + # -- authentication key, must be attached to each request as `X-Api-Key` header + authKey: "password" + # -- metrics api, used for application metrics, must not be internet facing + metrics: + # -- port for incoming api calls + port: 9090 + # -- path for incoming api calls + path: /metrics + # -- callback api, used for listening on control plane callbacks, must not be internet facing callback: + # -- port for incoming api calls port: 8087 + # -- path for incoming api calls path: /callback token: refresh: + # -- TTL in seconds for access tokens (also known as EDR token) expiry_seconds: 300 + # -- Tolerance for token expiry in seconds expiry_tolerance_seconds: 10 - # optional URL that can be provided where clients go to refresh tokens. + # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` refresh_endpoint: signer: - # alias under which the private key is stored in the vault (JWK or PEM format) + # -- Alias under which the private key (JWK or PEM format) is stored in the vault privatekey_alias: verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` publickey_alias: # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries @@ -191,6 +220,7 @@ auth: publicKey: # -- controls whether the expiry date of jwt tokens is checked when type=jwt checkExpiry: true + aws: endpointOverride: "" accessKeyId: "" @@ -210,7 +240,7 @@ podSecurityContext: runAsGroup: 10001 # -- The owner for volumes and any files created within volumes will belong to this guid fsGroup: 10001 -# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod +# -- The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod securityContext: capabilities: # -- Specifies which capabilities to drop to reduce syscall attack surface @@ -226,11 +256,11 @@ securityContext: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 -# Extra environment variables that will be pass onto deployment pods +# -- Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value -# "valueFrom" environment variable references that will be added to deployment pods. Name is templated. +# -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -241,12 +271,12 @@ envValueFrom: {} # name: secret-name # key: value_key -# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from +# -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret -# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from +# -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -280,10 +310,12 @@ ingresses: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: [] # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: [] + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -291,12 +323,18 @@ resources: {} # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 1024Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 128Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -308,6 +346,7 @@ autoscaling: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics opentelemetry: |- otel.javaagent.enabled=false @@ -320,15 +359,17 @@ logging: |- java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n -# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + +# -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} -# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes +# -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] -# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on +# -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} url: # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) public: "" + # -- A set of additional configuration files configs: # -- An example of an empty graph in ttl syntax @@ -338,6 +379,7 @@ configs: ################################################################# @prefix : . @base . + # -- Agent-Specific Settings agent: # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue @@ -365,7 +407,21 @@ agent: # -- A regular expression which outgoing service URLs must not match (unless overwritten by a specific asset property) deny: 'https?://.*' -# -- Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden +# -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden +postgresql: + jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" + primary: + persistence: + enabled: false + readReplicas: + persistence: + enabled: false + auth: + database: "edc" + username: "user" + password: "password" + +# -- Standard settings for vault vault: azure: name: "" @@ -374,20 +430,12 @@ vault: secret: certificate: - secretNames: - # -- sign handed out tokens with this key - transferProxyTokenSignerPrivateKey: - # -- sign handed out tokens with this certificate - transferProxyTokenSignerPublicKey: - # -- encrypt handed out tokens with this symmetric key - transferProxyTokenEncryptionAesKey: - serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) diff --git a/charts/agent-plane/templates/NOTES.txt b/charts/agent-plane/templates/NOTES.txt index ddd034b6..451c7144 100644 --- a/charts/agent-plane/templates/NOTES.txt +++ b/charts/agent-plane/templates/NOTES.txt @@ -15,7 +15,7 @@ # # SPDX-License-Identifier: Apache-2.0 -2. Get the data plane URL(s) by running these commands: +2. Get the data plane URL by running these commands: {{- $dataplane_name := .Values.name }} {{- $dataplane := .Values }} {{ with index $dataplane.ingresses 0}} diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index 0d374aff..df57d53e 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -1,7 +1,7 @@ {{ $dataplane_name := .Values.name }} {{ $dataplane := .Values }} --- -# +################################################################################# # Copyright (c) 2023,2024 T-Systems International GmbH # Copyright (c) 2023 ZF Friedrichshafen AG # Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH @@ -13,7 +13,7 @@ # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0. # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -22,7 +22,7 @@ # under the License. # # SPDX-License-Identifier: Apache-2.0 -# +################################################################################# apiVersion: apps/v1 kind: Deployment metadata: @@ -55,8 +55,40 @@ spec: serviceAccountName: {{ include "txap.serviceAccountName" . }} securityContext: {{- toYaml $dataplane.podSecurityContext | nindent 8 }} + {{- if or $dataplane.initContainers .Values.customCaCerts }} initContainers: + {{- if $dataplane.initContainers }} {{- toYaml $dataplane.initContainers | nindent 8 }} + {{- end }} + {{- if .Values.customCaCerts }} + - name: custom-cacerts + # either use the specified image, or use the default one + {{- if $dataplane.image.repository }} + image: "{{ $dataplane.image.repository }}:{{ $dataplane.image.tag | default .Chart.AppVersion }}" + {{- else }} + image: "{{ .Values.imageRegistry }}tractusx/agentplane-hashicorp:{{ $dataplane.image.tag | default .Chart.AppVersion }}" + {{- end }} + imagePullPolicy: {{ $dataplane.image.pullPolicy }} + command: + - /bin/sh + - -c + - | + cp /opt/java/openjdk/lib/security/cacerts /workdir/ + find /cacerts -type f \( -iname \*.crt -o -iname \*.pem \) -exec echo "{}" \; | while read PEM_FILE_PATH; do + PEM_FILE=${PEM_FILE_PATH##*/} + ALIAS=${PEM_FILE%.*} + echo "adding ${PEM_FILE} with alias ${ALIAS} to cacerts ..." + keytool -import -noprompt -trustcacerts -alias ${ALIAS} -file ${PEM_FILE_PATH} -keystore /workdir/cacerts -storepass changeit + done + securityContext: + {{- toYaml $dataplane.securityContext | nindent 12 }} + volumeMounts: + - name: custom-cacertificates + mountPath: /cacerts + - name: custom-cacerts + mountPath: /workdir + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} securityContext: @@ -122,26 +154,45 @@ spec: ####### - name: "EDC_API_AUTH_KEY" value: {{ .Values.controlplane.endpoints.management.authKey | required ".Values.controlplane.endpoints.mangement.authKey is required" | quote }} + - name: "TX_EDC_DPF_CONSUMER_PROXY_AUTH_APIKEY" + value: {{ $dataplane.endpoints.proxy.authKey | required ".Values.dataplane.endpoints.proxy.authKey is required" | quote }} - name: "WEB_HTTP_DEFAULT_PORT" value: {{ $dataplane.endpoints.default.port | quote }} - name: "WEB_HTTP_DEFAULT_PATH" value: {{ $dataplane.endpoints.default.path | quote }} + - name: "WEB_HTTP_CONTROL_PORT" + value: {{ $dataplane.endpoints.control.port | quote }} + - name: "WEB_HTTP_CONTROL_PATH" + value: {{ $dataplane.endpoints.control.path | quote }} - name: "WEB_HTTP_PUBLIC_PORT" value: {{ $dataplane.endpoints.public.port | quote }} - name: "WEB_HTTP_PUBLIC_PATH" value: {{ $dataplane.endpoints.public.path | quote }} - - name: "WEB_HTTP_SIGNALING_PORT" - value: {{ $dataplane.endpoints.signaling.port | quote }} - - name: "WEB_HTTP_SIGNALING_PATH" - value: {{ $dataplane.endpoints.signaling.path | quote }} - name: "WEB_HTTP_CALLBACK_PORT" value: {{ $dataplane.endpoints.callback.port | quote }} - name: "WEB_HTTP_CALLBACK_PATH" value: {{ $dataplane.endpoints.callback.path | quote }} + - name: "EDC_CONTROL_ENDPOINT" + value: {{ include "txdc.dataplane.url.control" . }} + - name: "EDC_DPF_SELECTOR_URL" + value: {{ include "txap.controlplane.url.control" . }}/v1/dataplanes - - name: "EDC_DATAPLANE_TOKEN_VALIDATION_ENDPOINT" - value: {{ include "txap.controlplane.url.control" .}}/token + ####### + # AWS # + ####### + {{- if $dataplane.aws.endpointOverride }} + - name: "EDC_AWS_ENDPOINT_OVERRIDE" + value: {{ $dataplane.aws.endpointOverride | quote }} + {{- end }} + {{- if $dataplane.aws.secretAccessKey }} + - name: "AWS_SECRET_ACCESS_KEY" + value: {{ $dataplane.aws.secretAccessKey | quote }} + {{- end }} + {{- if $dataplane.aws.accessKeyId }} + - name: "AWS_ACCESS_KEY_ID" + value: {{ $dataplane.aws.accessKeyId | quote }} + {{- end }} ########### ## VAULT ## @@ -163,33 +214,6 @@ spec: - name: "EDC_VAULT_HASHICORP_API_HEALTH_CHECK_PATH" value: {{ .Values.vault.hashicorp.paths.health | quote }} - ################## - ## TOKEN REFRESH - ################## - {{- if $dataplane.token.refresh.expiry_seconds }} - - name: "EDC_DATAPLANE_TOKEN_EXPIRY" - value: {{ $dataplane.token.refresh.expiry_seconds | quote}} - {{- end}} - - {{- if $dataplane.token.refresh.expiry_tolerance_seconds }} - - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" - value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }} - {{- end}} - - {{- if $dataplane.token.refresh.refresh_endpoint }} - - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ $dataplane.token.refresh.refresh_endpoint }} - {{- else}} - - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" - value: {{ include "txap.dataplane.url.public" . }}/token - {{- end}} - - - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" - value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}} - - - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" - value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }} - ################### # AUTH (JWT) # ################### @@ -235,19 +259,13 @@ spec: value: {{ .Values.iatp.sts.oauth.client.id | required ".Values.iatp.sts.oauth.client.id is required" | quote}} - name: "EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS" value: {{ .Values.iatp.sts.oauth.client.secret_alias | required ".Values.iatp.sts.oauth.client.secret_alias is required" | quote}} - - name: "EDC_IAM_STS_DIM_URL" + - name: "TX_EDC_IAM_STS_DIM_URL" value: {{ .Values.iatp.sts.dim.url | required ".Values.iatp.sts.dim.url is required" | quote}} {{- range $index, $issuer := .Values.iatp.trustedIssuers }} - name: "EDC_IAM_TRUSTED-ISSUER_{{$index}}-ISSUER_ID" value: {{ $issuer | quote }} {{- end }} - ######################### - ## DATA PLANE PUBLIC API - ######################## - - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" - value: {{ include "txap.dataplane.url.public" . }} - ################### # AGENT CALLBACK # ################### @@ -298,6 +316,16 @@ spec: value: {{ $dataplane.agent.services.asset.deny | quote }} {{- end }} {{- end }} + {{- if $dataplane.agent.services.connector }} + {{- if $dataplane.agent.services.connector.allow }} + - name: "CX_AGENT_SERVICE_CONNECTOR_ALLOW" + value: {{ $dataplane.agent.services.connector.allow | quote }} + {{- end }} + {{- if $dataplane.agent.services.connector.deny }} + - name: "CX_AGENT_SERVICE_CONNECTOR_DENY" + value: {{ $dataplane.agent.services.connector.deny | quote }} + {{- end }} + {{- end }} {{- end }} ################### @@ -310,22 +338,6 @@ spec: - name: "CX_AGENT_FEDERATION_BATCH_MAX" value: {{ $dataplane.agent.maxbatchsize | quote }} - ####### - # AWS # - ####### - {{- if $dataplane.aws.endpointOverride }} - - name: "EDC_AWS_ENDPOINT_OVERRIDE" - value: {{ $dataplane.aws.endpointOverride | quote }} - {{- end }} - {{- if $dataplane.aws.secretAccessKey }} - - name: "AWS_SECRET_ACCESS_KEY" - value: {{ $dataplane.aws.secretAccessKey | quote }} - {{- end }} - {{- if $dataplane.aws.accessKeyId }} - - name: "AWS_ACCESS_KEY_ID" - value: {{ $dataplane.aws.accessKeyId | quote }} - {{- end }} - ################ ## POSTGRESQL ## ################ @@ -360,10 +372,44 @@ spec: - name: "EDC_DATASOURCE_ACCESSTOKENDATA_URL" value: {{ tpl .Values.postgresql.jdbcUrl . | quote }} + ######################### + ## DATA PLANE PUBLIC API + ######################## + - name: "EDC_DATAPLANE_API_PUBLIC_BASEURL" + value: {{ include "txap.dataplane.url.public" . }} + + + ################## + ## TOKEN REFRESH + ################## + {{- if $dataplane.token.refresh.expiry_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY" + value: {{ $dataplane.token.refresh.expiry_seconds | quote}} + {{- end}} + + {{- if $dataplane.token.refresh.expiry_tolerance_seconds }} + - name: "EDC_DATAPLANE_TOKEN_EXPIRY_TOLERANCE" + value: {{ $dataplane.token.refresh.expiry_tolerance_seconds | quote }} + {{- end}} + + {{- if $dataplane.token.refresh.refresh_endpoint }} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ $dataplane.token.refresh.refresh_endpoint }} + {{- else}} + - name: "EDC_DATAPLANE_TOKEN_REFRESH_ENDPOINT" + value: {{ include "txap.dataplane.url.public" . }}/token + {{- end}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS" + value: {{ $dataplane.token.signer.privatekey_alias | required ".Values.token.signer.privatekey_alias is required" | quote}} + + - name: "EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS" + value: {{ $dataplane.token.verifier.publickey_alias | required ".Values.token.verifier.publickey_alias" | quote }} + ###################################### ## Additional environment variables ## ###################################### - - name: "EDC_CONNECTOR_NAME" + - name: "EDC_RUNTIME_ID" value: {{ include "txap.fullname" .}}-{{ $dataplane.name }} {{- range $key, $value := $dataplane.envValueFrom }} - name: {{ $key | quote }} @@ -386,21 +432,31 @@ spec: {{- end }} {{- end }} volumeMounts: + {{- if $dataplane.volumeMounts }} + {{- toYaml $dataplane.volumeMounts | nindent 12 }} + {{- end}} - name: "configuration" mountPath: "/app/opentelemetry.properties" subPath: "opentelemetry.properties" - name: "configuration" mountPath: "/app/logging.properties" subPath: "logging.properties" + {{- if .Values.customCaCerts }} + - name: custom-cacerts + mountPath: /opt/java/openjdk/lib/security/cacerts + subPath: cacerts + {{- end }} - name: "tmp" mountPath: "/tmp" - {{- range $config_name, $config_value := $dataplane.configs }} - name: "configuration" mountPath: {{ printf "/app/%s" $config_name | quote }} subPath: {{ printf "%s" $config_name | quote }} {{- end }} volumes: + {{- if $dataplane.volumeMounts }} + {{- toYaml $dataplane.volumes | nindent 8 }} + {{- end}} - name: "configuration" configMap: name: {{ include "txap.fullname" . }}-{{ $dataplane_name }} @@ -413,6 +469,15 @@ spec: - key: {{ printf "%s" $config_name | quote }} path: {{ printf "%s" $config_name | quote }} {{- end }} + {{- if .Values.customCaCerts }} + - name: custom-cacertificates + configMap: + name: {{ include "txdc.fullname" . }}-custom-cacerts + defaultMode: 0400 + - name: custom-cacerts + emptyDir: + sizeLimit: 1Mi + {{- end }} - name: "tmp" emptyDir: { } {{- with $dataplane.nodeSelector }} diff --git a/charts/agent-plane/templates/networkpolicy.yaml b/charts/agent-plane/templates/networkpolicy.yaml new file mode 100644 index 00000000..4c72a93d --- /dev/null +++ b/charts/agent-plane/templates/networkpolicy.yaml @@ -0,0 +1,42 @@ +################################################################################# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# + +{{- if eq (.Values.networkPolicy.enabled | toString) "true" }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ include "txap.fullname" $ }}-{{ .Values.name }} + labels: + {{- include "txap.dataplane.labels" $ | nindent 4 }} +spec: + podSelector: + matchLabels: + {{- include "txap.dataplane.selectorLabels" $ | nindent 6 }} + ingress: + - from: + {{- toYaml .Values.networkPolicy.from | nindent 6 }} + ports: + {{- range $key,$value := .Values.endpoints }} + - port: {{ $value.port }} + protocol: TCP + {{- end }} + policyTypes: + - Ingress +--- +{{- end }} diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml index 34f5b3ec..b6da35df 100644 --- a/charts/agent-plane/templates/service-dataplane.yaml +++ b/charts/agent-plane/templates/service-dataplane.yaml @@ -1,5 +1,5 @@ --- -# +################################################################################# # Copyright (c) 2024 T-Systems International GmbH # Copyright (c) 2024 Contributors to the Eclipse Foundation # @@ -8,7 +8,7 @@ # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0. # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -17,14 +17,21 @@ # under the License. # # SPDX-License-Identifier: Apache-2.0 -# +################################################################################# apiVersion: v1 kind: Service metadata: name: {{ include "txap.fullname" . }}-{{ .Values.name }} namespace: {{.Release.Namespace | default "default" | quote }} + {{- with .Values.dataplane.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} labels: {{- include "txap.dataplane.labels" . | nindent 4 }} + {{- with .Values.dataplane.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: type: {{ .Values.service.type }} ports: @@ -32,14 +39,22 @@ spec: targetPort: default protocol: TCP name: default - - port: {{ .Values.endpoints.signaling.port }} - targetPort: signaling + - port: {{ .Values.endpoints.control.port }} + targetPort: control protocol: TCP - name: signaling + name: control - port: {{ .Values.endpoints.public.port }} targetPort: public protocol: TCP name: public + - port: {{ .Values.dataplane.endpoints.metrics.port }} + targetPort: metrics + protocol: TCP + name: metrics + - port: {{ .Values.dataplane.endpoints.proxy.port }} + targetPort: proxy + protocol: TCP + name: proxy - port: {{ .Values.endpoints.callback.port }} targetPort: callback protocol: TCP diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index ef388318..956de244 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -1,4 +1,4 @@ -# +################################################################################# # Copyright (c) 2024 T-Systems International GmbH # Copyright (c) 2024 Contributors to the Eclipse Foundation # @@ -7,7 +7,7 @@ # # This program and the accompanying materials are made available under the # terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0. # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT @@ -16,7 +16,7 @@ # under the License. # # SPDX-License-Identifier: Apache-2.0 -# +################################################################################# --- # Default values for agent-plane. @@ -24,7 +24,9 @@ # Declare variables to be passed into your templates. install: + # -- Deploying a PostgreSQL instance postgresql: false + # -- Deploying a HashiCorp Vault instance vault: false fullnameOverride: "" @@ -33,40 +35,34 @@ nameOverride: "" imageRegistry: docker.io/ # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] -# -- To add some custom labels +# -- Add some custom labels customLabels: {} -postgresql: - jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" - primary: - persistence: - enabled: false - readReplicas: - persistence: - enabled: false - auth: - database: "edc" - username: "user" - password: "password" - participant: # -- BPN Number id: "" iatp: - # Decentralized IDentifier + # -- Decentralized IDentifier (DID) of the connector id: "did:web:changeme" # -- Configures the trusted issuers for this runtime trustedIssuers: [] sts: dim: + # -- URL where connectors can request SI tokens url: oauth: + # -- URL where connectors can request OAuth2 access tokens for DIM access token_url: client: + # -- Client ID for requesting OAuth2 access token for DIM access id: + # -- Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access secret_alias: +# -- Add custom ca certificates to the truststore +customCaCerts: {} + # -- Name of the connector deployment connector: "" @@ -79,8 +75,8 @@ controlplane: port: 8081 # -- path for incoming api calls path: /management - # -- authentication key, must be attached to each 'X-Api-Key' request header - authKey: "" + # -- authentication key, must be attached to each request as `X-Api-Key` header + authKey: "password" # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not control: # -- port for incoming api calls @@ -93,8 +89,6 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp - ingresses: - - enabled: false # -- the name of the dataplane name: "agentplane" @@ -111,8 +105,11 @@ image: tag: "" initContainers: [] debug: + # -- Enables java debugging mode. enabled: false + # -- Port where the debuggee can connect to. port: 1044 + # -- Defines if the JVM should wait with starting the application until someone connected to the debugging port. suspendOnStart: false livenessProbe: # -- Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) @@ -140,35 +137,69 @@ readinessProbe: failureThreshold: 6 # -- number of consecutive successes for the probe to be considered successful after having failed successThreshold: 1 + service: # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. type: ClusterIP port: 80 + # -- additional labels for the service + labels: {} + # -- additional annotations for the service + annotations: {} + +# -- endpoints of the dataplane endpoints: + # -- default api for health checks, should not be added to any ingress default: + # -- port for incoming api calls port: 8080 + # -- path for incoming api calls path: /api + # -- public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. public: + # -- port for incoming api calls port: 8081 + # -- path for incoming api calls path: /api/public - signaling: - port: 8083 - path: /api/signaling + # -- control api, used for internal control calls. can be added to the internal ingress, but should probably not + control: + # -- port for incoming api calls + port: 8084 + # -- path for incoming api calls + path: /api/control + proxy: + # -- port for incoming api calls + port: 8186 + # -- path for incoming api calls + path: /proxy + # -- authentication key, must be attached to each request as `X-Api-Key` header + authKey: "password" + # -- metrics api, used for application metrics, must not be internet facing + metrics: + # -- port for incoming api calls + port: 9090 + # -- path for incoming api calls + path: /metrics + # -- callback api, used for listening on control plane callbacks, must not be internet facing callback: + # -- port for incoming api calls port: 8087 + # -- path for incoming api calls path: /callback token: refresh: + # -- TTL in seconds for access tokens (also known as EDR token) expiry_seconds: 300 + # -- Tolerance for token expiry in seconds expiry_tolerance_seconds: 10 - # optional URL that can be provided where clients go to refresh tokens. + # -- Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` refresh_endpoint: signer: - # alias under which the private key is stored in the vault (JWK or PEM format) + # -- Alias under which the private key (JWK or PEM format) is stored in the vault privatekey_alias: verifier: - # alias under which the public key is stored in the vault, that belongs to the private key ("privatekey_alias", JWK or PEM format) + # -- Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` publickey_alias: # -- Data Plane Authentication using the KA-EDC-AUTH-JWT extension, any entry has a type (api-key, jwt or composite) and a (set of) path contexts (see endpoints) followed by type-specific entries @@ -191,6 +222,7 @@ auth: publicKey: # -- controls whether the expiry date of jwt tokens is checked when type=jwt checkExpiry: true + aws: endpointOverride: "" accessKeyId: "" @@ -210,7 +242,7 @@ podSecurityContext: runAsGroup: 10001 # -- The owner for volumes and any files created within volumes will belong to this guid fsGroup: 10001 -# The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod +# -- The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod securityContext: capabilities: # -- Specifies which capabilities to drop to reduce syscall attack surface @@ -226,11 +258,11 @@ securityContext: runAsNonRoot: true # -- The container's process will run with the specified uid runAsUser: 10001 -# Extra environment variables that will be pass onto deployment pods +# -- Extra environment variables that will be pass onto deployment pods env: {} # ENV_NAME: value -# "valueFrom" environment variable references that will be added to deployment pods. Name is templated. +# -- "valueFrom" environment variable references that will be added to deployment pods. Name is templated. # ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core envValueFrom: {} # ENV_NAME: @@ -241,12 +273,12 @@ envValueFrom: {} # name: secret-name # key: value_key -# [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from +# -- [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from envSecretNames: [] # - first-secret # - second-secret -# [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from +# -- [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from envConfigMapNames: [] # - first-config-map # - second-config-map @@ -280,10 +312,12 @@ ingresses: issuer: "" # -- If preset enables certificate generation via cert-manager cluster-wide issuer clusterIssuer: "" + # -- declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container volumeMounts: [] # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: [] + # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -291,12 +325,18 @@ resources: {} # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: + # -- Maximum CPU limit cpu: 1.5 + # -- Maximum memory limit memory: 1024Mi requests: + # -- Initial CPU request cpu: 500m + # -- Initial memory request memory: 128Mi + replicaCount: 1 + autoscaling: # -- Enables [horizontal pod autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) enabled: false @@ -308,6 +348,7 @@ autoscaling: targetCPUUtilizationPercentage: 80 # -- targetAverageUtilization of memory provided to a pod targetMemoryUtilizationPercentage: 80 + # -- configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics opentelemetry: |- otel.javaagent.enabled=false @@ -320,15 +361,17 @@ logging: |- java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n -# [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes + +# -- [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} -# [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes +# -- [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] -# [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on +# -- [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} url: # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) public: "" + # -- A set of additional configuration files configs: # -- An example of an empty graph in ttl syntax @@ -338,6 +381,7 @@ configs: ################################################################# @prefix : . @base . + # -- Agent-Specific Settings agent: # -- A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue @@ -366,6 +410,20 @@ agent: deny: 'https?://.*' # -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden +postgresql: + jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc" + primary: + persistence: + enabled: false + readReplicas: + persistence: + enabled: false + auth: + database: "edc" + username: "user" + password: "password" + +# -- Standard settings for vault vault: injector: enabled: false @@ -378,7 +436,7 @@ vault: # -- URL to the vault service, needs to be changed if install.vault=false url: "http://{{ .Release.Name }}-vault:8200" # -- Access token to the vault service needs to be changed if install.vault=false - token: "" + token: "root" timeout: 30 healthCheck: enabled: true @@ -388,20 +446,20 @@ vault: secret: /v1/secret # -- Default health api health: /v1/sys/health - secretNames: - # -- sign handed out tokens with this key - transferProxyTokenSignerPrivateKey: - # -- sign handed out tokens with this certificate - transferProxyTokenSignerPublicKey: - # -- encrypt handed out tokens with this symmetric key - transferProxyTokenEncryptionAesKey: + +networkPolicy: + # -- If `true` network policy will be created to restrict access to control- and dataplane + enabled: false + # -- Specify from rule network policy for dp (defaults to all namespaces) + from: + - namespaceSelector: {} serviceAccount: - # Specifies whether a service account should be created + # -- Specifies whether a service account should be created create: true - # Annotations to add to the service account + # -- Annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) From 44420a0a34b736a181ace87bcaa61e4f761c97c3 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 4 Jul 2024 15:20:30 +0200 Subject: [PATCH 03/12] chore: upgrade version. --- .github/workflows/build.yml | 4 ++-- README.md | 4 ++-- agent-plane/README.md | 4 ++-- agent-plane/agent-plane-protocol/README.md | 2 +- agent-plane/agent-plane-protocol/pom.xml | 2 +- .../agents/edc/service/TestDataspaceSynchronizer.java | 4 ++-- agent-plane/agentplane-azure-vault/README.md | 2 +- agent-plane/agentplane-azure-vault/pom.xml | 2 +- agent-plane/agentplane-hashicorp/README.md | 4 ++-- agent-plane/agentplane-hashicorp/pom.xml | 2 +- agent-plane/pom.xml | 2 +- charts/agent-plane-azure-vault/Chart.yaml | 4 ++-- charts/agent-plane-azure-vault/README.md | 4 ++-- charts/agent-plane-azure-vault/ci/integration-values.yaml | 2 +- charts/agent-plane/Chart.yaml | 4 ++-- charts/agent-plane/README.md | 4 ++-- charts/agent-plane/ci/integration-values.yaml | 2 +- common/README.md | 2 +- common/auth-jwt/README.md | 2 +- common/auth-jwt/pom.xml | 2 +- docs/README.md | 4 ++-- pom.xml | 2 +- upgrade_version.sh | 2 +- 23 files changed, 33 insertions(+), 33 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e20feacd..65ee837f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -142,7 +142,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.13.20-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.13.21-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Hashicorp Container Build and push @@ -180,7 +180,7 @@ jobs: type=semver,pattern={{version}} type=semver,pattern={{major}} type=semver,pattern={{major}}.{{minor}} - type=raw,value=1.13.20-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} + type=raw,value=1.13.21-SNAPSHOT,enable=${{ github.event.inputs.deploy_docker == 'true' || github.ref == format('refs/heads/{0}', 'main') }} type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} - name: Agent Plane Azure Vault Container Build and push diff --git a/README.md b/README.md index b5cfbb3c..0bcaa934 100644 --- a/README.md +++ b/README.md @@ -120,8 +120,8 @@ kubectl wait --namespace ingress-nginx \ --selector=app.kubernetes.io/component=controller \ --timeout=90s # transfer images -kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT --name ka -kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.13.20-SNAPSHOT --name ka +kind load docker-image docker.io/tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT --name ka +kind load docker-image docker.io/tractusx/agentplane-azure-vault:1.13.21-SNAPSHOT --name ka # run chart testing ct install --charts charts/agent-plane ct install --charts charts/agent-plane-azure-vault diff --git a/agent-plane/README.md b/agent-plane/README.md index 04eabdc0..a1e33981 100644 --- a/agent-plane/README.md +++ b/agent-plane/README.md @@ -66,10 +66,10 @@ mvn package -Pwith-docker-image Alternatively, after a successful build, you can invoke docker yourself ```console -docker build -t tractusx/agentplane-azure-vault:1.13.20-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-azure-vault:1.13.21-SNAPSHOT -f agentplane-azure-vault/src/main/docker/Dockerfile . ``` ```console -docker build -t tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT -f agentplane-hashicorp/src/main/docker/Dockerfile . ``` diff --git a/agent-plane/agent-plane-protocol/README.md b/agent-plane/agent-plane-protocol/README.md index e0e70e3b..71c67373 100644 --- a/agent-plane/agent-plane-protocol/README.md +++ b/agent-plane/agent-plane-protocol/README.md @@ -64,7 +64,7 @@ Add the following dependency to your data-plane artifact pom: org.eclipse.tractusx.agents.edc agent-plane-protocol - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ``` diff --git a/agent-plane/agent-plane-protocol/pom.xml b/agent-plane/agent-plane-protocol/pom.xml index 4916c468..0fd70e1c 100644 --- a/agent-plane/agent-plane-protocol/pom.xml +++ b/agent-plane/agent-plane-protocol/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ../pom.xml diff --git a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java index 4b8f57af..39029a28 100644 --- a/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java +++ b/agent-plane/agent-plane-protocol/src/test/java/org/eclipse/tractusx/agents/edc/service/TestDataspaceSynchronizer.java @@ -123,7 +123,7 @@ private static JsonObjectBuilder createOffer() { JsonObjectBuilder offerBuilder = Json.createObjectBuilder() .add("@id", "cx-taxo:GraphAsset?test=ExampleAsset") .add("https://w3id.org/edc/v0.0.1/ns/contenttype", "application/json, application/xml") - .add("https://w3id.org/catenax/ontology/common#version", "1.13.20-SNAPSHOT") + .add("https://w3id.org/catenax/ontology/common#version", "1.13.21-SNAPSHOT") .add("https://w3id.org/catenax/ontology/common#name", "Test Asset") .add("https://w3id.org/catenax/ontology/common#description", "Test Asset for RDF Representation") .add("https://w3id.org/catenax/ontology/common#description@de", "Beispiel Asset für RDF Darstellung") @@ -212,7 +212,7 @@ public void testCatalogDeserialization() { " },\n" + " \"dcat:accessService\": \"ddd4b79e-f785-4e71-9fe5-4a177b3ccf54\"\n" + " },\n" + - " \"edc:version\": \"1.13.20-SNAPSHOT\",\n" + + " \"edc:version\": \"1.13.21-SNAPSHOT\",\n" + " \"http://www.w3.org/2000/01/rdf-schema#isDefinedBy\": \"\",\n" + " \"edc:name\": \"Diagnostic Trouble Code Catalogue Version 2022\",\n" + " \"http://www.w3.org/ns/shacl#shapesGraph\": \"@prefix cx-common: . \\n@prefix : .\\n@prefix cx-diag: .\\n@prefix owl: .\\n@prefix rdf: .\\n@prefix xsd: .\\n@prefix sh: .\\n\\n:OemDTC rdf:type sh:NodeShape ;\\n sh:targetClass cx-diag:DTC ;\\n sh:property [\\n sh:path cx-diag:provisionedBy ;\\n sh:hasValue ;\\n ] ;\\n sh:property [\\n sh:path cx-diag:version ;\\n sh:hasValue \\\"0\\\"^^xsd:long ;\\n ] ;\\n sh:property [\\n sh:path cx-diag:affects ;\\n sh:class :OemDiagnosedParts ;\\n ].\\n\\n:OemDiagnosedParts rdf:type sh:NodeShape ;\\n sh:targetClass cx-diag:DiagnosedPart ;\\n sh:property [\\n sh:path cx-diag:provisionedBy ;\\n sh:hasValue ;\\n ] .\\n\",\n" + diff --git a/agent-plane/agentplane-azure-vault/README.md b/agent-plane/agentplane-azure-vault/README.md index 1b6c896e..de43b222 100644 --- a/agent-plane/agentplane-azure-vault/README.md +++ b/agent-plane/agentplane-azure-vault/README.md @@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using ```console -docker build -t tractusx//agentplane-azure-vault:1.13.20-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx//agentplane-azure-vault:1.13.21-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image, you could invoke this command diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 66878ad6..627aee65 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ../pom.xml diff --git a/agent-plane/agentplane-hashicorp/README.md b/agent-plane/agentplane-hashicorp/README.md index 2309845f..7b367a09 100644 --- a/agent-plane/agentplane-hashicorp/README.md +++ b/agent-plane/agentplane-hashicorp/README.md @@ -54,7 +54,7 @@ mvn -s ../../../settings.xml install -Pwith-docker-image Alternatively, after a sucessful [build](#building) the docker image of the Agent Plane is created using ```console -docker build -t tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT -f src/main/docker/Dockerfile . +docker build -t tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT -f src/main/docker/Dockerfile . ``` To run the docker image, you could invoke this command @@ -66,7 +66,7 @@ docker run -p 8082:8082 \ -v $(pwd)/resources/dataplane.properties:/app/configuration.properties \ -v $(pwd)/resources/opentelemetry.properties:/app/opentelemetry.properties \ -v $(pwd)/resources/logging.properties:/app/logging.properties \ - tractusx/agentplane-hashicorp:1.13.20-SNAPSHOT + tractusx/agentplane-hashicorp:1.13.21-SNAPSHOT ```` Afterwards, you should be able to access the [local SparQL endpoint](http://localhost:8082/api/agent) via diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index 217aca0f..fc86bae3 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -25,7 +25,7 @@ org.eclipse.tractusx.agents.edc agent-plane - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ../pom.xml diff --git a/agent-plane/pom.xml b/agent-plane/pom.xml index 694d3442..0fc7efa9 100644 --- a/agent-plane/pom.xml +++ b/agent-plane/pom.xml @@ -28,7 +28,7 @@ org.eclipse.tractusx.agents edc - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ../pom.xml Tractus-X EDC Agent Plane diff --git a/charts/agent-plane-azure-vault/Chart.yaml b/charts/agent-plane-azure-vault/Chart.yaml index aa7b184d..6fe0f1e7 100644 --- a/charts/agent-plane-azure-vault/Chart.yaml +++ b/charts/agent-plane-azure-vault/Chart.yaml @@ -41,12 +41,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.13.20-SNAPSHOT +version: 1.13.21-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.13.20-SNAPSHOT" +appVersion: "1.13.21-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-plane-azure-vault/README.md b/charts/agent-plane-azure-vault/README.md index b10508cb..9d72328c 100644 --- a/charts/agent-plane-azure-vault/README.md +++ b/charts/agent-plane-azure-vault/README.md @@ -21,7 +21,7 @@ # agent-plane-azure-vault -![Version: 1.13.20-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.20-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) +![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. @@ -59,7 +59,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT +helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT ``` ## Maintainers diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 1d59406f..75f15b1d 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -29,7 +29,7 @@ participant: # image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-azure-vault -# tag: 1.13.20-SNAPSHOT +# tag: 1.13.21-SNAPSHOT controlplane: endpoints: diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index d5548a13..76df78c1 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -41,12 +41,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.13.20-SNAPSHOT +version: 1.13.21-SNAPSHOT # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.13.20-SNAPSHOT" +appVersion: "1.13.21-SNAPSHOT" home: https://github.com/eclipse-tractusx/knowledge-agents-edc/ sources: - https://github.com/eclipse-tractusx/knowledge-agents-edc/tree/main/charts/agent-connector diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md index c71917d4..c8c828c2 100644 --- a/charts/agent-plane/README.md +++ b/charts/agent-plane/README.md @@ -21,7 +21,7 @@ # agent-plane -![Version: 1.13.20-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.20-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) +![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. @@ -59,7 +59,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime: ```shell helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev -helm install my-release eclipse-tractusx/agent-plane --version 1.13.20-SNAPSHOT +helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT ``` ## Maintainers diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 5533818a..5eb626c3 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -29,7 +29,7 @@ participant: # image: # repository: ghcr.io/catenax-ng/tx-knowledge-agents-edc/agentplane-hashicorp -# tag: 1.13.20-SNAPSHOT +# tag: 1.13.21-SNAPSHOT controlplane: endpoints: diff --git a/common/README.md b/common/README.md index e6a3e1ba..41a6a371 100644 --- a/common/README.md +++ b/common/README.md @@ -57,7 +57,7 @@ add the following dependency to your maven dependencies (gradle should work anal org.eclipse.tractusx.edc auth-jwt - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT diff --git a/common/auth-jwt/README.md b/common/auth-jwt/README.md index 55ef9b9a..ecf08e57 100644 --- a/common/auth-jwt/README.md +++ b/common/auth-jwt/README.md @@ -37,7 +37,7 @@ Add the following dependency to your EDC artifact pom: org.eclipse.tractusx.agents.edc auth-jwt - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ``` diff --git a/common/auth-jwt/pom.xml b/common/auth-jwt/pom.xml index 4dfc1c64..ac60ded1 100644 --- a/common/auth-jwt/pom.xml +++ b/common/auth-jwt/pom.xml @@ -27,7 +27,7 @@ org.eclipse.tractusx.agents edc - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT ../../pom.xml diff --git a/docs/README.md b/docs/README.md index d09bb0c8..8b0a8af5 100644 --- a/docs/README.md +++ b/docs/README.md @@ -75,7 +75,7 @@ dependencies: alias: my-connector - name: agent-plane repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.13.20-SNAPSHOT + version: 1.13.21-SNAPSHOT alias: my-agent ``` @@ -90,7 +90,7 @@ dependencies: alias: my-connector - name: agent-plane-azure-vault repository: https://eclipse-tractusx.github.io/charts/dev - version: 1.13.20-SNAPSHOT + version: 1.13.21-SNAPSHOT alias: my-agent ``` diff --git a/pom.xml b/pom.xml index 61511684..d93ff8e8 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ 4.0.0 org.eclipse.tractusx.agents edc - 1.13.20-SNAPSHOT + 1.13.21-SNAPSHOT pom Tractus-X Knowledge Agents EDC Extensions EDC-Related Artifacts for Federated Procedure Calls diff --git a/upgrade_version.sh b/upgrade_version.sh index 4bf54af9..44a98176 100755 --- a/upgrade_version.sh +++ b/upgrade_version.sh @@ -16,7 +16,7 @@ # # SPDX-License-Identifier: Apache-2.0 -OLD_VERSION=1.13.20-SNAPSHOT +OLD_VERSION=1.13.21-SNAPSHOT echo Upgrading from $OLD_VERSION to $1 PATTERN=s/$OLD_VERSION/$1/g LC_ALL=C From 9f2f6633f60a54a5058f28ec722a8cfb8e5a0572 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Thu, 4 Jul 2024 15:23:27 +0200 Subject: [PATCH 04/12] chore: upgrade DEPENDENCIES --- DEPENDENCIES | 471 ++++++++++++++++++++++++++------------------------- 1 file changed, 238 insertions(+), 233 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 4143f100..81fbab36 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -1,46 +1,49 @@ -maven/mavencentral/com.apicatalog/carbon-did/0.0.2, Apache-2.0, approved, #9239 -maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.8.1, Apache-2.0, approved, #9234 +maven/mavencentral/com.apicatalog/carbon-did/0.3.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/com.apicatalog/copper-multibase/0.5.0, Apache-2.0, approved, #14501 +maven/mavencentral/com.apicatalog/copper-multicodec/0.1.1, Apache-2.0, approved, #14500 +maven/mavencentral/com.apicatalog/iron-verifiable-credentials/0.14.0, Apache-2.0, approved, clearlydefined maven/mavencentral/com.apicatalog/titanium-json-ld/1.4.0, Apache-2.0, approved, #15200 -maven/mavencentral/com.azure/azure-core-http-netty/1.14.0, MIT AND Apache-2.0, approved, #13238 -maven/mavencentral/com.azure/azure-core-http-netty/1.14.1, MIT AND Apache-2.0, approved, #13238 -maven/mavencentral/com.azure/azure-core/1.46.0, MIT AND Apache-2.0, approved, #13234 -maven/mavencentral/com.azure/azure-core/1.47.0, MIT AND Apache-2.0, approved, #13678 -maven/mavencentral/com.azure/azure-identity/1.11.4, MIT AND Apache-2.0, approved, #13237 +maven/mavencentral/com.azure/azure-core-http-netty/1.15.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-core-http-netty/1.15.1, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-core/1.49.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-core/1.49.1, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-identity/1.13.0, MIT, approved, clearlydefined maven/mavencentral/com.azure/azure-json/1.1.0, MIT AND Apache-2.0, approved, #10547 -maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.8.1, MIT, approved, #13690 -maven/mavencentral/com.azure/azure-storage-blob/12.25.2, MIT, approved, #13400 -maven/mavencentral/com.azure/azure-storage-common/12.24.2, MIT, approved, #13402 -maven/mavencentral/com.azure/azure-storage-internal-avro/12.10.2, MIT, approved, #13399 -maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.0, Apache-2.0, approved, #13672 -maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.0, , approved, #13665 -maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.0, Apache-2.0, approved, #13671 -maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.0, Apache-2.0, approved, #14192 -maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.0, Apache-2.0, approved, #13666 -maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.0, Apache-2.0, approved, #13669 -maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.0, Apache-2.0, approved, #14161 +maven/mavencentral/com.azure/azure-security-keyvault-secrets/4.8.3, MIT, approved, #13690 +maven/mavencentral/com.azure/azure-storage-blob/12.26.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-storage-common/12.25.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-storage-internal-avro/12.11.0, MIT, approved, clearlydefined +maven/mavencentral/com.azure/azure-xml/1.0.0, MIT, approved, #14410 +maven/mavencentral/com.fasterxml.jackson.core/jackson-annotations/2.17.1, Apache-2.0, approved, #13672 +maven/mavencentral/com.fasterxml.jackson.core/jackson-core/2.17.1, , approved, #13665 +maven/mavencentral/com.fasterxml.jackson.core/jackson-databind/2.17.1, Apache-2.0, approved, #13671 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-toml/2.17.1, Apache-2.0, approved, #14192 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-xml/2.17.1, Apache-2.0, approved, #13666 +maven/mavencentral/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml/2.17.1, Apache-2.0, approved, #13669 +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jakarta-jsonp/2.17.1, Apache-2.0, approved, #14161 maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.13.5, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.0, Apache-2.0, approved, #14160 -maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.17.0, Apache-2.0, approved, #14194 -maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.17.0, Apache-2.0, approved, #14195 -maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.17.0, Apache-2.0, approved, #13668 -maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.6.1, Apache-2.0, approved, #12789 +maven/mavencentral/com.fasterxml.jackson.datatype/jackson-datatype-jsr310/2.17.1, Apache-2.0, approved, #14160 +maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-base/2.17.1, Apache-2.0, approved, #14194 +maven/mavencentral/com.fasterxml.jackson.jakarta.rs/jackson-jakarta-rs-json-provider/2.17.1, Apache-2.0, approved, #14195 +maven/mavencentral/com.fasterxml.jackson.module/jackson-module-jakarta-xmlbind-annotations/2.17.1, Apache-2.0, approved, #13668 +maven/mavencentral/com.fasterxml.woodstox/woodstox-core/6.6.2, Apache-2.0, approved, #12789 maven/mavencentral/com.github.andrewoma.dexx/collection/0.7, MIT, approved, CQ22160 maven/mavencentral/com.github.ben-manes.caffeine/caffeine/3.1.6, Apache-2.0, approved, clearlydefined maven/mavencentral/com.github.docker-java/docker-java-api/3.3.6, Apache-2.0, approved, #10346 -maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #7946 +maven/mavencentral/com.github.docker-java/docker-java-transport-zerodep/3.3.6, Apache-2.0 AND (Apache-2.0 AND BSD-3-Clause), approved, #15251 maven/mavencentral/com.github.docker-java/docker-java-transport/3.3.6, Apache-2.0, approved, #7942 maven/mavencentral/com.github.jsonld-java/jsonld-java/0.13.4, BSD-3-Clause, approved, CQ22136 maven/mavencentral/com.github.stephenc.jcip/jcip-annotations/1.0-1, Apache-2.0, approved, CQ21949 maven/mavencentral/com.google.code.findbugs/jsr305/3.0.2, CC-BY-2.5, approved, #15220 maven/mavencentral/com.google.code.gson/gson/2.10.1, Apache-2.0, approved, #6159 -maven/mavencentral/com.google.crypto.tink/tink/1.12.0, Apache-2.0, approved, #12041 +maven/mavencentral/com.google.crypto.tink/tink/1.13.0, Apache-2.0, approved, #14502 maven/mavencentral/com.google.errorprone/error_prone_annotations/2.22.0, Apache-2.0, approved, #10661 -maven/mavencentral/com.google.protobuf/protobuf-java/3.24.3, BSD-3-Clause, approved, clearlydefined -maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.2.0, MIT, approved, clearlydefined -maven/mavencentral/com.microsoft.azure/msal4j/1.14.3, MIT, approved, #14159 +maven/mavencentral/com.google.protobuf/protobuf-java/3.25.1, BSD-3-Clause, approved, clearlydefined +maven/mavencentral/com.microsoft.azure/msal4j-persistence-extension/1.3.0, MIT, approved, #14411 +maven/mavencentral/com.microsoft.azure/msal4j/1.15.1, MIT, approved, clearlydefined maven/mavencentral/com.nimbusds/content-type/2.3, Apache-2.0, approved, clearlydefined maven/mavencentral/com.nimbusds/lang-tag/1.7, Apache-2.0, approved, clearlydefined -maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.37.3, Apache-2.0, approved, #11701 +maven/mavencentral/com.nimbusds/nimbus-jose-jwt/9.40, Apache-2.0, approved, #15156 maven/mavencentral/com.nimbusds/oauth2-oidc-sdk/11.9.1, Apache-2.0, approved, #12667 maven/mavencentral/com.squareup.okhttp3/okhttp-dnsoverhttps/4.12.0, Apache-2.0, approved, #11159 maven/mavencentral/com.squareup.okhttp3/okhttp/4.12.0, Apache-2.0, approved, #15227 @@ -52,10 +55,10 @@ maven/mavencentral/commons-codec/commons-codec/1.15, Apache-2.0 AND BSD-3-Clause maven/mavencentral/commons-io/commons-io/2.15.1, Apache-2.0, approved, #11244 maven/mavencentral/dev.failsafe/failsafe-okhttp/3.3.2, Apache-2.0, approved, #15208 maven/mavencentral/dev.failsafe/failsafe/3.3.2, Apache-2.0, approved, #9268 -maven/mavencentral/io.github.classgraph/classgraph/4.8.154, MIT, approved, CQ22530 -maven/mavencentral/io.micrometer/micrometer-commons/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11679 -maven/mavencentral/io.micrometer/micrometer-core/1.12.5, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #11678 -maven/mavencentral/io.micrometer/micrometer-observation/1.12.5, Apache-2.0, approved, #11680 +maven/mavencentral/io.github.classgraph/classgraph/4.8.165, MIT, approved, CQ22530 +maven/mavencentral/io.micrometer/micrometer-commons/1.13.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14826 +maven/mavencentral/io.micrometer/micrometer-core/1.13.1, Apache-2.0 AND (Apache-2.0 AND MIT), approved, #14827 +maven/mavencentral/io.micrometer/micrometer-observation/1.13.1, Apache-2.0, approved, #14829 maven/mavencentral/io.micrometer/micrometer-registry-prometheus/1.11.1, Apache-2.0, approved, #9805 maven/mavencentral/io.netty/netty-buffer/4.1.108.Final, Apache-2.0, approved, CQ21842 maven/mavencentral/io.netty/netty-codec-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 @@ -70,11 +73,10 @@ maven/mavencentral/io.netty/netty-resolver-dns-classes-macos/4.1.108.Final, Apac maven/mavencentral/io.netty/netty-resolver-dns-native-macos/4.1.108.Final, Apache-2.0, approved, #7004 maven/mavencentral/io.netty/netty-resolver-dns/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-resolver/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 -maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.62.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 -maven/mavencentral/io.netty/netty-tcnative-classes/2.0.62.Final, Apache-2.0, approved, clearlydefined +maven/mavencentral/io.netty/netty-tcnative-boringssl-static/2.0.65.Final, Apache-2.0 OR LicenseRef-Public-Domain OR BSD-2-Clause OR MIT, approved, CQ15280 +maven/mavencentral/io.netty/netty-tcnative-classes/2.0.65.Final, Apache-2.0, approved, clearlydefined maven/mavencentral/io.netty/netty-transport-classes-epoll/4.1.108.Final, Apache-2.0, approved, #6366 maven/mavencentral/io.netty/netty-transport-classes-kqueue/4.1.108.Final, Apache-2.0, approved, #4107 -maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.101.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-epoll/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-kqueue/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 maven/mavencentral/io.netty/netty-transport-native-unix-common/4.1.108.Final, Apache-2.0 AND BSD-3-Clause AND MIT, approved, CQ20926 @@ -82,11 +84,11 @@ maven/mavencentral/io.netty/netty-transport/4.1.108.Final, Apache-2.0 AND BSD-3- maven/mavencentral/io.opentelemetry.instrumentation/opentelemetry-instrumentation-annotations/1.32.0, Apache-2.0, approved, #11684 maven/mavencentral/io.opentelemetry/opentelemetry-api/1.32.0, Apache-2.0, approved, #11682 maven/mavencentral/io.opentelemetry/opentelemetry-context/1.32.0, Apache-2.0, approved, #11683 -maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.40, Apache-2.0, approved, #9687 +maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.43, Apache-2.0, approved, #9687 maven/mavencentral/io.projectreactor.netty/reactor-netty-core/1.0.44, Apache-2.0, approved, #9687 -maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.40, Apache-2.0, approved, #11661 +maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.43, Apache-2.0, approved, #11661 maven/mavencentral/io.projectreactor.netty/reactor-netty-http/1.0.44, Apache-2.0, approved, #11661 -maven/mavencentral/io.projectreactor/reactor-core/3.4.34, Apache-2.0, approved, #7517 +maven/mavencentral/io.projectreactor/reactor-core/3.4.36, Apache-2.0, approved, #7517 maven/mavencentral/io.projectreactor/reactor-core/3.4.37, Apache-2.0, approved, #7517 maven/mavencentral/io.prometheus/simpleclient/0.16.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.prometheus/simpleclient_common/0.16.0, Apache-2.0, approved, clearlydefined @@ -94,24 +96,24 @@ maven/mavencentral/io.prometheus/simpleclient_tracer_common/0.16.0, Apache-2.0, maven/mavencentral/io.prometheus/simpleclient_tracer_otel/0.16.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.prometheus/simpleclient_tracer_otel_agent/0.16.0, Apache-2.0, approved, clearlydefined maven/mavencentral/io.setl/rdf-urdna/1.1, Apache-2.0, approved, clearlydefined -maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.15, Apache-2.0, approved, #5947 -maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.15, Apache-2.0, approved, #5929 -maven/mavencentral/io.swagger.core.v3/swagger-integration-jakarta/2.2.15, Apache-2.0, approved, #11475 -maven/mavencentral/io.swagger.core.v3/swagger-jaxrs2-jakarta/2.2.15, Apache-2.0, approved, #11477 -maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.15, Apache-2.0, approved, #5919 +maven/mavencentral/io.swagger.core.v3/swagger-annotations-jakarta/2.2.22, Apache-2.0, approved, #5947 +maven/mavencentral/io.swagger.core.v3/swagger-core-jakarta/2.2.21, Apache-2.0, approved, #5929 +maven/mavencentral/io.swagger.core.v3/swagger-integration-jakarta/2.2.21, Apache-2.0, approved, #11475 +maven/mavencentral/io.swagger.core.v3/swagger-jaxrs2-jakarta/2.2.21, Apache-2.0, approved, #11477 +maven/mavencentral/io.swagger.core.v3/swagger-models-jakarta/2.2.21, Apache-2.0, approved, #5919 maven/mavencentral/jakarta.activation/jakarta.activation-api/2.1.0, EPL-2.0 OR BSD-3-Clause OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jaf maven/mavencentral/jakarta.annotation/jakarta.annotation-api/2.1.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.ca maven/mavencentral/jakarta.inject/jakarta.inject-api/2.0.1, Apache-2.0, approved, ee4j.cdi maven/mavencentral/jakarta.json/jakarta.json-api/2.1.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp maven/mavencentral/jakarta.transaction/jakarta.transaction-api/2.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jta maven/mavencentral/jakarta.validation/jakarta.validation-api/3.0.2, Apache-2.0, approved, ee4j.validation -maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/3.1.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest +maven/mavencentral/jakarta.ws.rs/jakarta.ws.rs-api/4.0.0, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.rest maven/mavencentral/jakarta.xml.bind/jakarta.xml.bind-api/3.0.1, BSD-3-Clause, approved, ee4j.jaxb maven/mavencentral/javax.servlet/javax.servlet-api/4.0.1, (CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0) AND Apache-2.0, approved, CQ16125 maven/mavencentral/junit/junit/4.13.2, EPL-2.0, approved, CQ23636 maven/mavencentral/net.bytebuddy/byte-buddy-agent/1.14.1, Apache-2.0, approved, #7164 maven/mavencentral/net.bytebuddy/byte-buddy/1.14.1, Apache-2.0 AND BSD-3-Clause, approved, #7163 -maven/mavencentral/net.bytebuddy/byte-buddy/1.14.9, Apache-2.0 AND BSD-3-Clause, approved, #7163 +maven/mavencentral/net.bytebuddy/byte-buddy/1.14.16, Apache-2.0 AND BSD-3-Clause, approved, #7163 maven/mavencentral/net.java.dev.jna/jna-platform/5.13.0, Apache-2.0 OR LGPL-2.1-or-later, approved, #6707 maven/mavencentral/net.java.dev.jna/jna-platform/5.6.0, Apache-2.0 OR LGPL-2.1-or-later, approved, CQ22390 maven/mavencentral/net.java.dev.jna/jna/5.13.0, Apache-2.0 AND LGPL-2.1-or-later, approved, #15196 @@ -123,7 +125,7 @@ maven/mavencentral/org.apache.commons/commons-csv/1.10.0, Apache-2.0, approved, maven/mavencentral/org.apache.commons/commons-lang3/3.14.0, Apache-2.0, approved, #11677 maven/mavencentral/org.apache.commons/commons-pool2/2.12.0, Apache-2.0 AND LicenseRef-Public-Domain, approved, #10843 maven/mavencentral/org.apache.httpcomponents/httpclient-cache/4.5.14, Apache-2.0, approved, CQ11714 -maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0 AND LicenseRef-Public-Domain, approved, CQ23527 +maven/mavencentral/org.apache.httpcomponents/httpclient/4.5.14, Apache-2.0, approved, #15248 maven/mavencentral/org.apache.httpcomponents/httpcore/4.4.16, Apache-2.0, approved, CQ23528 maven/mavencentral/org.apache.jena/jena-arq/4.9.0, Apache-2.0 AND (Apache-2.0 AND EPL-2.0) AND (Apache-2.0 AND EPL-1.0), approved, #14711 maven/mavencentral/org.apache.jena/jena-base/4.9.0, Apache-2.0, approved, #14713 @@ -143,164 +145,167 @@ maven/mavencentral/org.apache.jena/jena-tdb/4.9.0, Apache-2.0, approved, #14708 maven/mavencentral/org.apache.jena/jena-tdb2/4.9.0, Apache-2.0, approved, #14701 maven/mavencentral/org.apache.thrift/libthrift/0.18.1, Apache-2.0, approved, #8911 maven/mavencentral/org.apiguardian/apiguardian-api/1.1.2, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.assertj/assertj-core/3.25.3, Apache-2.0, approved, #12585 -maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78, MIT, approved, #14434 -maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78, MIT AND CC0-1.0, approved, #14433 -maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78, MIT, approved, #14435 +maven/mavencentral/org.assertj/assertj-core/3.26.0, Apache-2.0, approved, #14886 +maven/mavencentral/org.bouncycastle/bcpkix-jdk18on/1.78.1, MIT, approved, #14434 +maven/mavencentral/org.bouncycastle/bcprov-jdk18on/1.78.1, MIT AND CC0-1.0, approved, #14433 +maven/mavencentral/org.bouncycastle/bcutil-jdk18on/1.78.1, MIT, approved, #14435 maven/mavencentral/org.checkerframework/checker-qual/3.33.0, MIT, approved, clearlydefined maven/mavencentral/org.checkerframework/checker-qual/3.42.0, MIT, approved, clearlydefined maven/mavencentral/org.codehaus.woodstox/stax2-api/4.2.2, BSD-2-Clause, approved, #2670 -maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/api-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/api-observability/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/asset-index-sql/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/asset-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/auth-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/auth-tokenbased/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/aws-s3-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/azure-blob-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/boot-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/boot-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/boot/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/catalog-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/connector-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/contract-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-api-configuration/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/core-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-aws-s3/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-azure-storage/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-http/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-public-api-v2/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-signaling-api-configuration/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-signaling-api/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-signaling-transform/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-store-sql/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/data-plane-util/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/edr-index-sql/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/edr-store-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/edr-store-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/http-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/http-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/http/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/identity-did-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/identity-did-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/identity-did-web/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jersey-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jersey-providers-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jetty-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/json-ld-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/json-ld-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/json-ld/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/json-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/junit-base/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/junit/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/jwt-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/keys-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/keys-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/micrometer-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/oauth2-client/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/oauth2-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-engine-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-evaluator-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-model/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/policy-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/query-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/sql-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/sql-lease/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/state-machine-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/store-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/token-core/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/token-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transaction-local/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transaction-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transfer-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transform-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/transform-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/util-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/validator-lib/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/validator-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/vault-azure/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.6.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/web-spi/0.6.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc.aws/aws-s3-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc.aws/aws-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc.aws/data-plane-aws-s3/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc.azure/azure-blob-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc.azure/data-plane-azure-storage/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc.azure/vault-azure/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/api-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/api-observability/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/asset-index-sql/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/asset-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/auth-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/boot-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/boot-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/boot/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/catalog-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/configuration-filesystem/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/connector-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/contract-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-api-configuration/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/control-plane-spi/0.7.1-SNAPSHOT, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/core-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-control-api/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http-oauth2/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-http/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-public-api-v2/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-selector-client/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-selector-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-self-registration/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-signaling-api/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-signaling-transform/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-store-sql/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/data-plane-util/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/edr-index-sql/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/edr-store-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/edr-store-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/http-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/http-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/http/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-did-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-did-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-did-web/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/identity-trust-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jersey-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jersey-micrometer/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jersey-providers-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jetty-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jetty-micrometer/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-ld-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-ld-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-ld/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/json-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/junit-base/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/junit/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/jwt-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/keys-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/keys-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/micrometer-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/oauth2-client/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/oauth2-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-engine-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-engine-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-evaluator-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-model/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/policy-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/query-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/runtime-metamodel/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/sql-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/sql-lease/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/sql-pool-apache-commons/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/state-machine-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/store-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/token-core/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/token-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transaction-datasource-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transaction-local/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transaction-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transfer-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transform-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/transform-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/util-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/validator-lib/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/validator-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/vault-hashicorp/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/verifiable-credentials-spi/0.7.1, Apache-2.0, approved, technology.edc +maven/mavencentral/org.eclipse.edc/web-spi/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-servlet-api/5.0.2, EPL-2.0 OR Apache-2.0, approved, rt.jetty maven/mavencentral/org.eclipse.jetty.toolchain/jetty-jakarta-websocket-api/2.0.0, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.20, EPL-2.0 OR Apache-2.0, approved, rt.jetty -maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.13.20-SNAPSHOT, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.13.20-SNAPSHOT, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/core-utils/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/data-plane-migration/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edr-core/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/postgresql-migration-lib/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-api/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-core/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-handler/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-spi/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.eclipse.tractusx.edc/tx-iatp-sts-dim/0.7.0, Apache-2.0, approved, automotive.tractusx -maven/mavencentral/org.flywaydb/flyway-core/10.11.0, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.11.0, Apache-2.0, approved, #14239 -maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish -maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish -maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish -maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-common/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-core-server/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-common/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-jakarta-server/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty.websocket/websocket-servlet/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-alpn-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-annotations/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-client/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-http/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-io/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-jndi/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-plus/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-security/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-server/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.21, EPL-2.0 OR Apache-2.0, approved, rt.jetty +maven/mavencentral/org.eclipse.parsson/parsson/1.1.6, EPL-2.0, approved, ee4j.parsson +maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.13.21-SNAPSHOT, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.13.21-SNAPSHOT, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/core-utils/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/data-plane-migration/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-hashicorp-vault/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-proxy-consumer-api/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edr-core/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/edr-spi/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/postgresql-migration-lib/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-api/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/token-refresh-core/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-handler/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/tokenrefresh-spi/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.eclipse.tractusx.edc/tx-iatp-sts-dim/0.7.3, Apache-2.0, approved, automotive.tractusx +maven/mavencentral/org.flywaydb/flyway-core/10.15.0, Apache-2.0, approved, clearlydefined +maven/mavencentral/org.flywaydb/flyway-database-postgresql/10.15.0, NOASSERTION, restricted, clearlydefined +maven/mavencentral/org.glassfish.hk2.external/aopalliance-repackaged/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2/hk2-api/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2/hk2-locator/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish +maven/mavencentral/org.glassfish.hk2/hk2-utils/3.0.6, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish maven/mavencentral/org.glassfish.hk2/osgi-resource-locator/1.0.3, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.glassfish -maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey -maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.5, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet-core/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.containers/jersey-container-servlet/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.core/jersey-client/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.core/jersey-common/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.core/jersey-server/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.ext/jersey-entity-filtering/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.inject/jersey-hk2/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.media/jersey-media-json-jackson/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey +maven/mavencentral/org.glassfish.jersey.media/jersey-media-multipart/3.1.7, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jersey maven/mavencentral/org.glassfish/jakarta.json/2.0.1, EPL-2.0 OR GPL-2.0-only with Classpath-exception-2.0, approved, ee4j.jsonp maven/mavencentral/org.hamcrest/hamcrest-core/1.3, BSD-2-Clause, approved, CQ11429 -maven/mavencentral/org.hdrhistogram/HdrHistogram/2.1.12, BSD-2-Clause OR LicenseRef-Public-Domain, approved, CQ13192 -maven/mavencentral/org.javassist/javassist/3.29.2-GA, Apache-2.0 AND LGPL-2.1-or-later AND MPL-1.1, approved, #6023 +maven/mavencentral/org.hdrhistogram/HdrHistogram/2.2.2, BSD-2-Clause AND CC0-1.0 AND CC0-1.0, approved, #14828 +maven/mavencentral/org.javassist/javassist/3.30.2-GA, Apache-2.0 AND LGPL-2.1-or-later AND MPL-1.1, approved, #12108 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-common/1.9.10, Apache-2.0, approved, #14186 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.8.21, Apache-2.0, approved, #8807 maven/mavencentral/org.jetbrains.kotlin/kotlin-stdlib-jdk7/1.9.10, Apache-2.0, approved, #14193 @@ -313,53 +318,53 @@ maven/mavencentral/org.jetbrains/annotations/24.1.0, Apache-2.0, approved, clear maven/mavencentral/org.junit-pioneer/junit-pioneer/2.2.0, EPL-2.0, approved, #11857 maven/mavencentral/org.junit.jupiter/junit-jupiter-api/5.10.2, EPL-2.0, approved, #9714 maven/mavencentral/org.junit.jupiter/junit-jupiter-engine/5.10.2, EPL-2.0, approved, #9711 -maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #9708 +maven/mavencentral/org.junit.jupiter/junit-jupiter-params/5.10.2, EPL-2.0, approved, #15250 maven/mavencentral/org.junit.platform/junit-platform-commons/1.10.2, EPL-2.0, approved, #9715 maven/mavencentral/org.junit.platform/junit-platform-engine/1.10.2, EPL-2.0, approved, #9709 maven/mavencentral/org.junit.platform/junit-platform-launcher/1.10.2, EPL-2.0, approved, #15216 maven/mavencentral/org.jvnet.mimepull/mimepull/1.9.15, CDDL-1.1 OR GPL-2.0-only WITH Classpath-exception-2.0, approved, CQ21484 -maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, BSD-2-Clause, approved, CQ17408 +maven/mavencentral/org.latencyutils/LatencyUtils/2.0.3, CC0-1.0, approved, #15280 maven/mavencentral/org.mockito/mockito-core/5.2.0, MIT AND (Apache-2.0 AND MIT) AND Apache-2.0, approved, #7401 maven/mavencentral/org.objenesis/objenesis/3.3, Apache-2.0, approved, clearlydefined maven/mavencentral/org.opentest4j/opentest4j/1.3.0, Apache-2.0, approved, #9713 -maven/mavencentral/org.ow2.asm/asm-commons/9.6, BSD-3-Clause, approved, #10775 -maven/mavencentral/org.ow2.asm/asm-tree/9.6, BSD-3-Clause, approved, #10773 -maven/mavencentral/org.ow2.asm/asm/9.6, BSD-3-Clause, approved, #10776 +maven/mavencentral/org.ow2.asm/asm-commons/9.7, BSD-3-Clause, approved, #14075 +maven/mavencentral/org.ow2.asm/asm-tree/9.7, BSD-3-Clause, approved, #14073 +maven/mavencentral/org.ow2.asm/asm/9.7, BSD-3-Clause, approved, #14076 maven/mavencentral/org.postgresql/postgresql/42.7.3, BSD-2-Clause AND Apache-2.0, approved, #11681 maven/mavencentral/org.reactivestreams/reactive-streams/1.0.4, CC0-1.0, approved, CQ16332 maven/mavencentral/org.rnorth.duct-tape/duct-tape/1.0.8, MIT, approved, clearlydefined maven/mavencentral/org.roaringbitmap/RoaringBitmap/0.9.45, Apache-2.0, approved, clearlydefined maven/mavencentral/org.roaringbitmap/shims/0.9.45, Apache-2.0, approved, clearlydefined -maven/mavencentral/org.slf4j/slf4j-api/2.0.12, MIT, approved, #5915 -maven/mavencentral/org.testcontainers/junit-jupiter/1.19.7, MIT, approved, #10344 -maven/mavencentral/org.testcontainers/testcontainers/1.19.7, Apache-2.0 AND MIT, approved, #10347 +maven/mavencentral/org.slf4j/slf4j-api/2.0.13, MIT, approved, #5915 +maven/mavencentral/org.testcontainers/junit-jupiter/1.19.8, MIT, approved, #10344 +maven/mavencentral/org.testcontainers/testcontainers/1.19.8, MIT, approved, #15203 maven/mavencentral/org.yaml/snakeyaml/2.2, Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause OR EPL-1.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later), approved, #10232 -maven/mavencentral/software.amazon.awssdk/annotations/2.24.10, Apache-2.0, approved, #13251 -maven/mavencentral/software.amazon.awssdk/apache-client/2.24.10, Apache-2.0, approved, #13257 -maven/mavencentral/software.amazon.awssdk/arns/2.24.10, Apache-2.0, approved, #13243 -maven/mavencentral/software.amazon.awssdk/auth/2.24.10, Apache-2.0, approved, #13256 -maven/mavencentral/software.amazon.awssdk/aws-core/2.24.10, Apache-2.0, approved, #13240 -maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.24.10, Apache-2.0, approved, #13262 -maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.24.10, Apache-2.0, approved, #13247 -maven/mavencentral/software.amazon.awssdk/checksums-spi/2.24.10, Apache-2.0, approved, #13245 -maven/mavencentral/software.amazon.awssdk/checksums/2.24.10, Apache-2.0, approved, #13242 -maven/mavencentral/software.amazon.awssdk/crt-core/2.24.10, Apache-2.0, approved, #13252 -maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.24.10, Apache-2.0, approved, #13246 -maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.24.10, Apache-2.0, approved, #13253 -maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.24.10, Apache-2.0, approved, #13264 -maven/mavencentral/software.amazon.awssdk/http-auth/2.24.10, Apache-2.0, approved, #13248 -maven/mavencentral/software.amazon.awssdk/http-client-spi/2.24.10, Apache-2.0, approved, #13259 -maven/mavencentral/software.amazon.awssdk/iam/2.24.10, Apache-2.0, approved, #13444 -maven/mavencentral/software.amazon.awssdk/identity-spi/2.24.10, Apache-2.0, approved, #13244 -maven/mavencentral/software.amazon.awssdk/json-utils/2.24.10, Apache-2.0, approved, #13261 -maven/mavencentral/software.amazon.awssdk/metrics-spi/2.24.10, Apache-2.0, approved, #13239 -maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.24.10, Apache-2.0, approved, #13260 -maven/mavencentral/software.amazon.awssdk/profiles/2.24.10, Apache-2.0, approved, #13258 -maven/mavencentral/software.amazon.awssdk/protocol-core/2.24.10, Apache-2.0, approved, #13241 -maven/mavencentral/software.amazon.awssdk/regions/2.24.10, Apache-2.0, approved, #13255 -maven/mavencentral/software.amazon.awssdk/s3/2.24.10, Apache-2.0, approved, #13254 -maven/mavencentral/software.amazon.awssdk/sdk-core/2.24.10, Apache-2.0, approved, #13265 -maven/mavencentral/software.amazon.awssdk/sts/2.24.10, Apache-2.0, approved, #13442 -maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.24.10, Apache-2.0, approved, #13249 -maven/mavencentral/software.amazon.awssdk/utils/2.24.10, Apache-2.0, approved, #13250 +maven/mavencentral/software.amazon.awssdk/annotations/2.26.7, Apache-2.0, approved, clearlydefined +maven/mavencentral/software.amazon.awssdk/apache-client/2.25.66, Apache-2.0, approved, #13687 +maven/mavencentral/software.amazon.awssdk/arns/2.25.66, Apache-2.0, approved, #13695 +maven/mavencentral/software.amazon.awssdk/auth/2.25.66, Apache-2.0, approved, #13692 +maven/mavencentral/software.amazon.awssdk/aws-core/2.25.66, Apache-2.0, approved, #13702 +maven/mavencentral/software.amazon.awssdk/aws-query-protocol/2.25.66, Apache-2.0, approved, #13701 +maven/mavencentral/software.amazon.awssdk/aws-xml-protocol/2.25.66, Apache-2.0, approved, #13684 +maven/mavencentral/software.amazon.awssdk/checksums-spi/2.25.66, Apache-2.0, approved, #13686 +maven/mavencentral/software.amazon.awssdk/checksums/2.25.66, Apache-2.0, approved, #13677 +maven/mavencentral/software.amazon.awssdk/crt-core/2.25.66, Apache-2.0, approved, #13705 +maven/mavencentral/software.amazon.awssdk/endpoints-spi/2.25.66, Apache-2.0, approved, #13681 +maven/mavencentral/software.amazon.awssdk/http-auth-aws/2.25.66, Apache-2.0, approved, #13696 +maven/mavencentral/software.amazon.awssdk/http-auth-spi/2.25.66, Apache-2.0, approved, #13704 +maven/mavencentral/software.amazon.awssdk/http-auth/2.25.66, Apache-2.0, approved, #13682 +maven/mavencentral/software.amazon.awssdk/http-client-spi/2.26.7, Apache-2.0, approved, clearlydefined +maven/mavencentral/software.amazon.awssdk/iam/2.25.66, Apache-2.0, approved, clearlydefined +maven/mavencentral/software.amazon.awssdk/identity-spi/2.25.66, Apache-2.0, approved, #13685 +maven/mavencentral/software.amazon.awssdk/json-utils/2.25.66, Apache-2.0, approved, #13698 +maven/mavencentral/software.amazon.awssdk/metrics-spi/2.26.7, Apache-2.0, approved, clearlydefined +maven/mavencentral/software.amazon.awssdk/netty-nio-client/2.26.7, Apache-2.0, approved, clearlydefined +maven/mavencentral/software.amazon.awssdk/profiles/2.25.66, Apache-2.0, approved, #13697 +maven/mavencentral/software.amazon.awssdk/protocol-core/2.25.66, Apache-2.0, approved, #13679 +maven/mavencentral/software.amazon.awssdk/regions/2.25.66, Apache-2.0, approved, #13694 +maven/mavencentral/software.amazon.awssdk/s3/2.25.66, Apache-2.0, approved, #13688 +maven/mavencentral/software.amazon.awssdk/sdk-core/2.25.66, Apache-2.0, approved, #13700 +maven/mavencentral/software.amazon.awssdk/sts/2.25.66, Apache-2.0, approved, clearlydefined +maven/mavencentral/software.amazon.awssdk/third-party-jackson-core/2.25.66, Apache-2.0, approved, #13703 +maven/mavencentral/software.amazon.awssdk/utils/2.26.7, Apache-2.0, approved, clearlydefined maven/mavencentral/software.amazon.eventstream/eventstream/1.0.1, Apache-2.0, approved, clearlydefined From ede09d05dcaf482135c4ae6026e33a20eb87a787 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 5 Jul 2024 09:58:37 +0200 Subject: [PATCH 05/12] fix: chart test deployments against mocked control plane manager. --- charts/agent-plane-azure-vault/README.md | 112 +++++++++-------- .../ci/integration-values.yaml | 12 +- .../templates/_helpers.tpl | 24 ++-- .../templates/deployment-dataplane.yaml | 2 +- .../templates/service-dataplane.yaml | 8 +- charts/agent-plane-azure-vault/values.yaml | 9 ++ charts/agent-plane/Chart.yaml | 1 + charts/agent-plane/README.md | 117 ++++++++++-------- charts/agent-plane/ci/integration-values.yaml | 20 +-- charts/agent-plane/templates/_helpers.tpl | 24 ++-- .../templates/deployment-dataplane.yaml | 2 +- .../templates/service-dataplane.yaml | 8 +- charts/agent-plane/values.yaml | 5 + 13 files changed, 202 insertions(+), 142 deletions(-) diff --git a/charts/agent-plane-azure-vault/README.md b/charts/agent-plane-azure-vault/README.md index 9d72328c..0c842055 100644 --- a/charts/agent-plane-azure-vault/README.md +++ b/charts/agent-plane-azure-vault/README.md @@ -21,7 +21,7 @@ # agent-plane-azure-vault -![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) +![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.13.21--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.13.21--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. @@ -82,7 +82,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | +| affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | | agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with | | agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | @@ -116,40 +116,52 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | | configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | | connector | string | `""` | Name of the connector deployment | -| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment | +| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment | | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | | controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | +| controlplane.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | +| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | | controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | | controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| customLabels | object | `{}` | To add some custom labels | -| debug.enabled | bool | `false` | | -| debug.port | int | `1044` | | -| debug.suspendOnStart | bool | `false` | | +| customCaCerts | object | `{}` | Add custom ca certificates to the truststore | +| customLabels | object | `{}` | Add some custom labels | +| debug.enabled | bool | `false` | Enables java debugging mode. | +| debug.port | int | `1044` | Port where the debuggee can connect to. | +| debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | | destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | -| endpoints.callback.path | string | `"/callback"` | | -| endpoints.callback.port | int | `8087` | | -| endpoints.default.path | string | `"/api"` | | -| endpoints.default.port | int | `8080` | | -| endpoints.public.path | string | `"/api/public"` | | -| endpoints.public.port | int | `8081` | | -| endpoints.signaling.path | string | `"/api/signaling"` | | -| endpoints.signaling.port | int | `8083` | | -| env | object | `{}` | | -| envConfigMapNames | list | `[]` | | -| envSecretNames | list | `[]` | | -| envValueFrom | object | `{}` | | +| endpoints | object | `{"callback":{"path":"/callback","port":8087},"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | +| endpoints.callback | object | `{"path":"/callback","port":8087}` | callback api, used for listening on control plane callbacks, must not be internet facing | +| endpoints.callback.path | string | `"/callback"` | path for incoming api calls | +| endpoints.callback.port | int | `8087` | port for incoming api calls | +| endpoints.control | object | `{"path":"/api/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | +| endpoints.control.path | string | `"/api/control"` | path for incoming api calls | +| endpoints.control.port | int | `8084` | port for incoming api calls | +| endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | +| endpoints.default.path | string | `"/api"` | path for incoming api calls | +| endpoints.default.port | int | `8080` | port for incoming api calls | +| endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | +| endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | +| endpoints.metrics.port | int | `9090` | port for incoming api calls | +| endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | +| endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | +| endpoints.proxy.port | int | `8186` | port for incoming api calls | +| endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | +| endpoints.public.path | string | `"/api/public"` | path for incoming api calls | +| endpoints.public.port | int | `8081` | port for incoming api calls | +| env | object | `{}` | Extra environment variables that will be pass onto deployment pods | +| envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | fullnameOverride | string | `""` | | -| iatp.id | string | `"did:web:changeme"` | | -| iatp.sts.dim.url | string | `nil` | | -| iatp.sts.oauth.client.id | string | `nil` | | -| iatp.sts.oauth.client.secret_alias | string | `nil` | | -| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector | +| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens | +| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access | | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | @@ -167,10 +179,9 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | | initContainers | list | `[]` | | -| install.postgresql | bool | `false` | | -| install.vault | bool | `false` | | -| limits.cpu | float | `1.5` | | -| limits.memory | string | `"1024Mi"` | | +| install.postgresql | bool | `false` | Deploying a PostgreSQL instance | +| limits.cpu | float | `1.5` | Maximum CPU limit | +| limits.memory | string | `"1024Mi"` | Maximum memory limit | | livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -180,7 +191,9 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | | name | string | `"agentplane"` | the name of the dataplane | | nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | +| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | +| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | +| nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | | participant.id | string | `""` | BPN Number | | podAnnotations | object | `{}` | additional annotations for the pod | @@ -190,12 +203,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | | podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | | podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| postgresql.auth.database | string | `"edc"` | | -| postgresql.auth.password | string | `"password"` | | -| postgresql.auth.username | string | `"user"` | | -| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | -| postgresql.primary.persistence.enabled | bool | `false` | | -| postgresql.readReplicas.persistence.enabled | bool | `false` | | +| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | | readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | @@ -203,35 +211,35 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | replicaCount | int | `1` | | -| requests.cpu | string | `"500m"` | | -| requests.memory | string | `"128Mi"` | | +| requests.cpu | string | `"500m"` | Initial CPU request | +| requests.memory | string | `"128Mi"` | Initial memory request | | resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10001}` | The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod | | securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | | securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | +| service.annotations | object | `{}` | additional annotations for the service | +| service.labels | object | `{}` | additional labels for the service | | service.port | int | `80` | | | service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| token.refresh.expiry_seconds | int | `300` | | -| token.refresh.expiry_tolerance_seconds | int | `10` | | -| token.refresh.refresh_endpoint | string | `nil` | | -| token.signer.privatekey_alias | string | `nil` | | -| token.verifier.publickey_alias | string | `nil` | | -| tolerations | list | `[]` | | +| token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) | +| token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds | +| token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` | +| token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault | +| token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` | +| tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| vault | object | `{"azure":{"certificate":null,"client":null,"name":"","secret":null,"tenant":null},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null}}` | Standard settings for vault, "client", "tenant", "secret" or "certificate", "transferProxyTokenSignerPrivateKey" and "transferProxyTokenSignerPublicKey" need to be overridden | -| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | +| vault | object | `{"azure":{"certificate":null,"client":null,"name":"","secret":null,"tenant":null}}` | Standard settings for vault | | volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 75f15b1d..53afdf03 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -35,7 +35,12 @@ controlplane: endpoints: management: authKey: "bla" - + ingresses: + - enabled: true + hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io + tls: + enabled: true + vault: azure: name: "AZURE_NAME" @@ -69,3 +74,8 @@ iatp: secret_alias: "dummy" dim: url: "http://sts.server" + +#debug: +# enabled: true +# port: 4046 +# suspendOnStart: true diff --git a/charts/agent-plane-azure-vault/templates/_helpers.tpl b/charts/agent-plane-azure-vault/templates/_helpers.tpl index d809d091..a6df4f64 100644 --- a/charts/agent-plane-azure-vault/templates/_helpers.tpl +++ b/charts/agent-plane-azure-vault/templates/_helpers.tpl @@ -117,7 +117,7 @@ Control DSP URL {{- .Values.controlplane.url.protocol }} {{- else }}{{/* else when dsp api url has not been specified explicitly */}} {{- with (index .Values.controlplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} +{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}} {{- if .tls.enabled }}{{/* if TLS enabled */}} {{- printf "https://%s" .hostname -}} {{- else }}{{/* else when TLS not enabled */}} @@ -126,16 +126,24 @@ Control DSP URL {{- else }}{{/* else when ingress not enabled */}} {{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.controlplane.url.protocol */}} +{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}} {{- end }} {{/* -Validation URL +Control URL */}} {{- define "txap.controlplane.url.control" -}} -{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} -{{- end }} +{{- with (index .Values.controlplane.ingresses 0) }} +{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}} +{{- if .tls.enabled }}{{/* if TLS enabled */}} +{{- printf "https://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}} +{{- else }}{{/* else when TLS not enabled */}} +{{- printf "http://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}} +{{- end }}{{/* end if tls */}} +{{- else }}{{/* else when ingress not enabled */}} +{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} +{{- end }}{{/* end if ingress */}} +{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}} {{/* Validation URL @@ -147,8 +155,8 @@ Validation URL {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txap.dataplane.url.signaling" -}} -{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} +{{- define "txap.dataplane.url.control" -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.control.port .Values.endpoints.control.path -}} {{- end }} {{/* diff --git a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml index 9a7c7575..1c51e56b 100644 --- a/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/deployment-dataplane.yaml @@ -174,7 +174,7 @@ spec: - name: "WEB_HTTP_CALLBACK_PATH" value: {{ $dataplane.endpoints.callback.path | quote }} - name: "EDC_CONTROL_ENDPOINT" - value: {{ include "txdc.dataplane.url.control" . }} + value: {{ include "txap.dataplane.url.control" . }} - name: "EDC_DPF_SELECTOR_URL" value: {{ include "txap.controlplane.url.control" . }}/v1/dataplanes diff --git a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml index b6da35df..cd3bcd5e 100644 --- a/charts/agent-plane-azure-vault/templates/service-dataplane.yaml +++ b/charts/agent-plane-azure-vault/templates/service-dataplane.yaml @@ -23,13 +23,13 @@ kind: Service metadata: name: {{ include "txap.fullname" . }}-{{ .Values.name }} namespace: {{.Release.Namespace | default "default" | quote }} - {{- with .Values.dataplane.service.annotations }} + {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "txap.dataplane.labels" . | nindent 4 }} - {{- with .Values.dataplane.service.labels }} + {{- with .Values.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: @@ -47,11 +47,11 @@ spec: targetPort: public protocol: TCP name: public - - port: {{ .Values.dataplane.endpoints.metrics.port }} + - port: {{ .Values.endpoints.metrics.port }} targetPort: metrics protocol: TCP name: metrics - - port: {{ .Values.dataplane.endpoints.proxy.port }} + - port: {{ .Values.endpoints.proxy.port }} targetPort: proxy protocol: TCP name: proxy diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index 91e7d12e..91b6739c 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -87,6 +87,8 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + ingresses: + - enabled: false # -- the name of the dataplane name: "agentplane" @@ -430,6 +432,13 @@ vault: secret: certificate: +networkPolicy: + # -- If `true` network policy will be created to restrict access to control- and dataplane + enabled: false + # -- Specify from rule network policy for dp (defaults to all namespaces) + from: + - namespaceSelector: {} + serviceAccount: # -- Specifies whether a service account should be created create: true diff --git a/charts/agent-plane/Chart.yaml b/charts/agent-plane/Chart.yaml index 76df78c1..19c8282d 100644 --- a/charts/agent-plane/Chart.yaml +++ b/charts/agent-plane/Chart.yaml @@ -65,3 +65,4 @@ dependencies: condition: install.postgresql maintainers: - name: 'Tractus-X Knowledge Agents Team' + url: https://github.com/eclipse-tractusx diff --git a/charts/agent-plane/README.md b/charts/agent-plane/README.md index c8c828c2..0a0cac59 100644 --- a/charts/agent-plane/README.md +++ b/charts/agent-plane/README.md @@ -21,7 +21,7 @@ # agent-plane -![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.12.19--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.12.19--SNAPSHOT-informational?style=flat-square) +![Version: 1.13.21-SNAPSHOT](https://img.shields.io/badge/Version-1.13.21--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.13.21-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.13.21--SNAPSHOT-informational?style=flat-square) A Helm chart for an Agent-Enabled Tractus-X Data Plane which registers at a running Control Plane. @@ -66,7 +66,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | Name | Email | Url | | ---- | ------ | --- | -| Tractus-X Knowledge Agents Team | | | +| Tractus-X Knowledge Agents Team | | | ## Source Code @@ -83,7 +83,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | Key | Type | Default | Description | |-----|------|---------|-------------| -| affinity | object | `{}` | | +| affinity | object | `{}` | [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on | | agent | object | `{"connectors":{},"default":["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"],"maxbatchsize":"9223372036854775807","services":{"allow":"(edcs?://.*)|(https://query\\\\.wikidata\\\\.org/sparql)","asset":{"allow":"(edcs?://.*)","deny":"https?://.*"},"deny":"http://.*"},"skillcontract":"Contract?partner=Skill","synchronization":-1}` | Agent-Specific Settings | | agent.connectors | object | `{}` | A map of partner ids to remote connector IDS URLs to synchronize with | | agent.default | list | `["dataspace.ttl","https://w3id.org/catenax/ontology.ttl"]` | A list of local or remote graph descriptions to build the default meta-graph/federated data catalogue | @@ -117,40 +117,52 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | configs | object | `{"dataspace.ttl":"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"}` | A set of additional configuration files | | configs."dataspace.ttl" | string | `"#################################################################\n# Catena-X Agent Bootstrap Graph in TTL/RDF/OWL FORMAT\n#################################################################\n@prefix : .\n@base .\n"` | An example of an empty graph in ttl syntax | | connector | string | `""` | Name of the connector deployment | -| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":false}]}` | References to the control plane deployment | +| controlplane | object | `{"endpoints":{"control":{"path":"/control","port":8083},"management":{"authKey":"password","path":"/management","port":8081},"protocol":{"path":"/api/v1/dsp","port":8084}},"ingresses":[{"enabled":true,"hostname":"67dd349198194b508a8fd5e2dd24c173.api.mockbin.io","tls":{"enabled":true}}]}` | References to the control plane deployment | | controlplane.endpoints.control | object | `{"path":"/control","port":8083}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | | controlplane.endpoints.control.path | string | `"/control"` | path for incoming api calls | | controlplane.endpoints.control.port | int | `8083` | port for incoming api calls | -| controlplane.endpoints.management | object | `{"authKey":"","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | -| controlplane.endpoints.management.authKey | string | `""` | authentication key, must be attached to each 'X-Api-Key' request header | +| controlplane.endpoints.management | object | `{"authKey":"password","path":"/management","port":8081}` | data management api, used by internal users, can be added to an ingress and must not be internet facing | +| controlplane.endpoints.management.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | | controlplane.endpoints.management.path | string | `"/management"` | path for incoming api calls | | controlplane.endpoints.management.port | int | `8081` | port for incoming api calls | | controlplane.endpoints.protocol | object | `{"path":"/api/v1/dsp","port":8084}` | dsp api, used for inter connector communication and must be internet facing | | controlplane.endpoints.protocol.path | string | `"/api/v1/dsp"` | path for incoming api calls | | controlplane.endpoints.protocol.port | int | `8084` | port for incoming api calls | -| customLabels | object | `{}` | To add some custom labels | -| debug.enabled | bool | `false` | | -| debug.port | int | `1044` | | -| debug.suspendOnStart | bool | `false` | | +| customCaCerts | object | `{}` | Add custom ca certificates to the truststore | +| customLabels | object | `{}` | Add some custom labels | +| debug.enabled | bool | `false` | Enables java debugging mode. | +| debug.port | int | `1044` | Port where the debuggee can connect to. | +| debug.suspendOnStart | bool | `false` | Defines if the JVM should wait with starting the application until someone connected to the debugging port. | | destinationTypes | string | `"HttpProxy,AmazonS3"` | a comma-separated list of supported transfer types | -| endpoints.callback.path | string | `"/callback"` | | -| endpoints.callback.port | int | `8087` | | -| endpoints.default.path | string | `"/api"` | | -| endpoints.default.port | int | `8080` | | -| endpoints.public.path | string | `"/api/public"` | | -| endpoints.public.port | int | `8081` | | -| endpoints.signaling.path | string | `"/api/signaling"` | | -| endpoints.signaling.port | int | `8083` | | -| env | object | `{}` | | -| envConfigMapNames | list | `[]` | | -| envSecretNames | list | `[]` | | -| envValueFrom | object | `{}` | | +| endpoints | object | `{"callback":{"path":"/callback","port":8087},"control":{"path":"/api/control","port":8084},"default":{"path":"/api","port":8080},"metrics":{"path":"/metrics","port":9090},"proxy":{"authKey":"password","path":"/proxy","port":8186},"public":{"path":"/api/public","port":8081}}` | endpoints of the dataplane | +| endpoints.callback | object | `{"path":"/callback","port":8087}` | callback api, used for listening on control plane callbacks, must not be internet facing | +| endpoints.callback.path | string | `"/callback"` | path for incoming api calls | +| endpoints.callback.port | int | `8087` | port for incoming api calls | +| endpoints.control | object | `{"path":"/api/control","port":8084}` | control api, used for internal control calls. can be added to the internal ingress, but should probably not | +| endpoints.control.path | string | `"/api/control"` | path for incoming api calls | +| endpoints.control.port | int | `8084` | port for incoming api calls | +| endpoints.default | object | `{"path":"/api","port":8080}` | default api for health checks, should not be added to any ingress | +| endpoints.default.path | string | `"/api"` | path for incoming api calls | +| endpoints.default.port | int | `8080` | port for incoming api calls | +| endpoints.metrics | object | `{"path":"/metrics","port":9090}` | metrics api, used for application metrics, must not be internet facing | +| endpoints.metrics.path | string | `"/metrics"` | path for incoming api calls | +| endpoints.metrics.port | int | `9090` | port for incoming api calls | +| endpoints.proxy.authKey | string | `"password"` | authentication key, must be attached to each request as `X-Api-Key` header | +| endpoints.proxy.path | string | `"/proxy"` | path for incoming api calls | +| endpoints.proxy.port | int | `8186` | port for incoming api calls | +| endpoints.public | object | `{"path":"/api/public","port":8081}` | public endpoint where the data can be fetched from if HttpPull was used. Must be internet facing. | +| endpoints.public.path | string | `"/api/public"` | path for incoming api calls | +| endpoints.public.port | int | `8081` | port for incoming api calls | +| env | object | `{}` | Extra environment variables that will be pass onto deployment pods | +| envConfigMapNames | list | `[]` | [Kubernetes ConfigMap Resource](https://kubernetes.io/docs/concepts/configuration/configmap/) names to load environment variables from | +| envSecretNames | list | `[]` | [Kubernetes Secret Resource](https://kubernetes.io/docs/concepts/configuration/secret/) names to load environment variables from | +| envValueFrom | object | `{}` | "valueFrom" environment variable references that will be added to deployment pods. Name is templated. ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#envvarsource-v1-core | | fullnameOverride | string | `""` | | -| iatp.id | string | `"did:web:changeme"` | | -| iatp.sts.dim.url | string | `nil` | | -| iatp.sts.oauth.client.id | string | `nil` | | -| iatp.sts.oauth.client.secret_alias | string | `nil` | | -| iatp.sts.oauth.token_url | string | `nil` | | +| iatp.id | string | `"did:web:changeme"` | Decentralized IDentifier (DID) of the connector | +| iatp.sts.dim.url | string | `nil` | URL where connectors can request SI tokens | +| iatp.sts.oauth.client.id | string | `nil` | Client ID for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.client.secret_alias | string | `nil` | Alias under which the client secret is stored in the vault for requesting OAuth2 access token for DIM access | +| iatp.sts.oauth.token_url | string | `nil` | URL where connectors can request OAuth2 access tokens for DIM access | | iatp.trustedIssuers | list | `[]` | Configures the trusted issuers for this runtime | | image.pullPolicy | string | `"IfNotPresent"` | [Kubernetes image pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) to use | | image.repository | string | `""` | Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically | @@ -168,10 +180,10 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | ingresses[0].tls.enabled | bool | `false` | Enables TLS on the ingress resource | | ingresses[0].tls.secretName | string | `""` | If present overwrites the default secret name | | initContainers | list | `[]` | | -| install.postgresql | bool | `false` | | -| install.vault | bool | `false` | | -| limits.cpu | float | `1.5` | | -| limits.memory | string | `"1024Mi"` | | +| install.postgresql | bool | `false` | Deploying a PostgreSQL instance | +| install.vault | bool | `false` | Deploying a HashiCorp Vault instance | +| limits.cpu | float | `1.5` | Maximum CPU limit | +| limits.memory | string | `"1024Mi"` | Maximum memory limit | | livenessProbe.enabled | bool | `true` | Whether to enable kubernetes [liveness-probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | livenessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | livenessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first liveness check | @@ -181,7 +193,9 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | logging | string | `".level=INFO\norg.eclipse.edc.level=ALL\nhandlers=java.util.logging.ConsoleHandler\njava.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter\njava.util.logging.ConsoleHandler.level=ALL\njava.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n"` | configuration of the [Java Util Logging Facade](https://docs.oracle.com/javase/7/docs/technotes/guides/logging/overview.html) | | name | string | `"agentplane"` | the name of the dataplane | | nameOverride | string | `""` | | -| nodeSelector | object | `{}` | | +| networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane | +| networkPolicy.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) | +| nodeSelector | object | `{}` | [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes | | opentelemetry | string | `"otel.javaagent.enabled=false\notel.javaagent.debug=false"` | configuration of the [Open Telemetry Agent](https://opentelemetry.io/docs/instrumentation/java/automatic/agent-config/) to collect and expose metrics | | participant.id | string | `""` | BPN Number | | podAnnotations | object | `{}` | additional annotations for the pod | @@ -191,12 +205,7 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | podSecurityContext.runAsGroup | int | `10001` | Processes within a pod will belong to this guid | | podSecurityContext.runAsUser | int | `10001` | Runs all processes within a pod with a special uid | | podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | Restrict a Container's Syscalls with seccomp | -| postgresql.auth.database | string | `"edc"` | | -| postgresql.auth.password | string | `"password"` | | -| postgresql.auth.username | string | `"user"` | | -| postgresql.jdbcUrl | string | `"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"` | | -| postgresql.primary.persistence.enabled | bool | `false` | | -| postgresql.readReplicas.persistence.enabled | bool | `false` | | +| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | | readinessProbe.enabled | bool | `true` | Whether to enable kubernetes [readiness-probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/) | | readinessProbe.failureThreshold | int | `6` | when a probe fails kubernetes will try 6 times before giving up | | readinessProbe.initialDelaySeconds | int | `30` | seconds to wait before performing the first readiness check | @@ -204,39 +213,39 @@ helm install my-release eclipse-tractusx/agent-plane --version 1.13.21-SNAPSHOT | readinessProbe.successThreshold | int | `1` | number of consecutive successes for the probe to be considered successful after having failed | | readinessProbe.timeoutSeconds | int | `5` | number of seconds after which the probe times out | | replicaCount | int | `1` | | -| requests.cpu | string | `"500m"` | | -| requests.memory | string | `"128Mi"` | | +| requests.cpu | string | `"500m"` | Initial CPU request | +| requests.memory | string | `"128Mi"` | Initial memory request | | resources | object | `{}` | [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"add":[],"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":10001}` | The [container security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) defines privilege and access control settings for a Container within a pod | | securityContext.allowPrivilegeEscalation | bool | `false` | Controls [Privilege Escalation](https://kubernetes.io/docs/concepts/security/pod-security-policy/#privilege-escalation) enabling setuid binaries changing the effective user ID | | securityContext.capabilities.add | list | `[]` | Specifies which capabilities to add to issue specialized syscalls | | securityContext.capabilities.drop | list | `["ALL"]` | Specifies which capabilities to drop to reduce syscall attack surface | | securityContext.readOnlyRootFilesystem | bool | `true` | Whether the root filesystem is mounted in read-only mode | | securityContext.runAsNonRoot | bool | `true` | Requires the container to run without root privileges | | securityContext.runAsUser | int | `10001` | The container's process will run with the specified uid | +| service.annotations | object | `{}` | additional annotations for the service | +| service.labels | object | `{}` | additional labels for the service | | service.port | int | `80` | | | service.type | string | `"ClusterIP"` | [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service. | -| serviceAccount.annotations | object | `{}` | | -| serviceAccount.create | bool | `true` | | +| serviceAccount.annotations | object | `{}` | Annotations to add to the service account | +| serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) | -| serviceAccount.name | string | `""` | | +| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | sourceTypes | string | `"cx-common:Protocol?w3c:http:SPARQL,cx-common:Protocol?w3c:http:SKILL,HttpData,AmazonS3"` | a comma-separated list of supported asset types | | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests | | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests | -| token.refresh.expiry_seconds | int | `300` | | -| token.refresh.expiry_tolerance_seconds | int | `10` | | -| token.refresh.refresh_endpoint | string | `nil` | | -| token.signer.privatekey_alias | string | `nil` | | -| token.verifier.publickey_alias | string | `nil` | | -| tolerations | list | `[]` | | +| token.refresh.expiry_seconds | int | `300` | TTL in seconds for access tokens (also known as EDR token) | +| token.refresh.expiry_tolerance_seconds | int | `10` | Tolerance for token expiry in seconds | +| token.refresh.refresh_endpoint | string | `nil` | Optional endpoint for an OAuth2 token refresh. Default endpoint is `/token` | +| token.signer.privatekey_alias | string | `nil` | Alias under which the private key (JWK or PEM format) is stored in the vault | +| token.verifier.publickey_alias | string | `nil` | Alias under which the public key (JWK or PEM format) is stored in the vault, that belongs to the private key which was referred to at `dataplane.token.signer.privatekey_alias` | +| tolerations | list | `[]` | [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes | | url.public | string | `""` | Explicitly declared url for reaching the public api (e.g. if ingresses not used) | -| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden | +| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"root","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for vault | | vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api | | vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false | -| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false | +| vault.hashicorp.token | string | `"root"` | Access token to the vault service needs to be changed if install.vault=false | | vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false | -| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key | -| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key | -| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate | | volumeMounts | list | `[]` | declare where to mount [volumes](https://kubernetes.io/docs/concepts/storage/volumes/) into the container | | volumes | list | `[]` | [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories | diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 5eb626c3..0f2c0081 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -23,6 +23,7 @@ install: postgresql: true + vault: true participant: id: "BPNL0000000DUMMY" @@ -35,6 +36,11 @@ controlplane: endpoints: management: authKey: "bla" + ingresses: + - enabled: true + hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io + tls: + enabled: true vault: azure: @@ -42,15 +48,6 @@ vault: tenant: "AZURE_TENANT" client: "AZURE_CLIENT" secret: "AZURE_SECRET" - hashicorp: - url: "https://vault.demo" - token: "VAULT_TOKEN" - paths: - secret: "/v1/secrets" - secretNames: - transferProxyTokenSignerPrivateKey: "key" - transferProxyTokenSignerPublicKey: "cert" - transferProxyTokenEncryptionAesKey: "symmetric-key" token: signer: @@ -69,3 +66,8 @@ iatp: secret_alias: "dummy" dim: url: "http://sts.server" + +#debug: +# enabled: true +# port: 4046 +# suspendOnStart: true diff --git a/charts/agent-plane/templates/_helpers.tpl b/charts/agent-plane/templates/_helpers.tpl index d809d091..a6df4f64 100644 --- a/charts/agent-plane/templates/_helpers.tpl +++ b/charts/agent-plane/templates/_helpers.tpl @@ -117,7 +117,7 @@ Control DSP URL {{- .Values.controlplane.url.protocol }} {{- else }}{{/* else when dsp api url has not been specified explicitly */}} {{- with (index .Values.controlplane.ingresses 0) }} -{{- if .enabled }}{{/* if ingress enabled */}} +{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}} {{- if .tls.enabled }}{{/* if TLS enabled */}} {{- printf "https://%s" .hostname -}} {{- else }}{{/* else when TLS not enabled */}} @@ -126,16 +126,24 @@ Control DSP URL {{- else }}{{/* else when ingress not enabled */}} {{- printf "http://%s-controlplane:%v" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.protocol.port -}} {{- end }}{{/* end if ingress */}} -{{- end }}{{/* end with ingress */}} -{{- end }}{{/* end if .Values.controlplane.url.protocol */}} +{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}} {{- end }} {{/* -Validation URL +Control URL */}} {{- define "txap.controlplane.url.control" -}} -{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) .Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} -{{- end }} +{{- with (index .Values.controlplane.ingresses 0) }} +{{- if or .enabled (not .enabled) }}{{/* if ingress enabled */}} +{{- if .tls.enabled }}{{/* if TLS enabled */}} +{{- printf "https://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}} +{{- else }}{{/* else when TLS not enabled */}} +{{- printf "http://%s%s" .hostname $.Values.controlplane.endpoints.control.path -}} +{{- end }}{{/* end if tls */}} +{{- else }}{{/* else when ingress not enabled */}} +{{- printf "http://%s-controlplane:%v%s" ( include "txap.connector.fullname" $ ) $.Values.controlplane.endpoints.control.port .Values.controlplane.endpoints.control.path -}} +{{- end }}{{/* end if ingress */}} +{{- end }}{{/* end with ingress */}}{{- end }}{{/* end if .Values.controlplane.url.protocol */}} {{/* Validation URL @@ -147,8 +155,8 @@ Validation URL {{/* Data Control URL (Expects the Chart Root to be accessible via .root, the current dataplane via .dataplane) */}} -{{- define "txap.dataplane.url.signaling" -}} -{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.signaling.port .Values.endpoints.signaling.path -}} +{{- define "txap.dataplane.url.control" -}} +{{- printf "http://%s-%s:%v%s" (include "txap.fullname" . ) .Values.name .Values.endpoints.control.port .Values.endpoints.control.path -}} {{- end }} {{/* diff --git a/charts/agent-plane/templates/deployment-dataplane.yaml b/charts/agent-plane/templates/deployment-dataplane.yaml index df57d53e..a1209016 100644 --- a/charts/agent-plane/templates/deployment-dataplane.yaml +++ b/charts/agent-plane/templates/deployment-dataplane.yaml @@ -174,7 +174,7 @@ spec: - name: "WEB_HTTP_CALLBACK_PATH" value: {{ $dataplane.endpoints.callback.path | quote }} - name: "EDC_CONTROL_ENDPOINT" - value: {{ include "txdc.dataplane.url.control" . }} + value: {{ include "txap.dataplane.url.control" . }} - name: "EDC_DPF_SELECTOR_URL" value: {{ include "txap.controlplane.url.control" . }}/v1/dataplanes diff --git a/charts/agent-plane/templates/service-dataplane.yaml b/charts/agent-plane/templates/service-dataplane.yaml index b6da35df..cd3bcd5e 100644 --- a/charts/agent-plane/templates/service-dataplane.yaml +++ b/charts/agent-plane/templates/service-dataplane.yaml @@ -23,13 +23,13 @@ kind: Service metadata: name: {{ include "txap.fullname" . }}-{{ .Values.name }} namespace: {{.Release.Namespace | default "default" | quote }} - {{- with .Values.dataplane.service.annotations }} + {{- with .Values.service.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "txap.dataplane.labels" . | nindent 4 }} - {{- with .Values.dataplane.service.labels }} + {{- with .Values.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: @@ -47,11 +47,11 @@ spec: targetPort: public protocol: TCP name: public - - port: {{ .Values.dataplane.endpoints.metrics.port }} + - port: {{ .Values.endpoints.metrics.port }} targetPort: metrics protocol: TCP name: metrics - - port: {{ .Values.dataplane.endpoints.proxy.port }} + - port: {{ .Values.endpoints.proxy.port }} targetPort: proxy protocol: TCP name: proxy diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 956de244..2874c52b 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -89,6 +89,11 @@ controlplane: port: 8084 # -- path for incoming api calls path: /api/v1/dsp + ingresses: + - enabled: true + tls: + enabled: true + hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io # -- the name of the dataplane name: "agentplane" From b90b0deca338b3cd0deb05d6602f1b44916a5689 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 5 Jul 2024 09:59:46 +0200 Subject: [PATCH 06/12] fix: unnecessars and buggy dependencies in txedc data plane bases. --- agent-plane/agentplane-azure-vault/pom.xml | 12 ++++++++++++ agent-plane/agentplane-hashicorp/pom.xml | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index 627aee65..fc1fa5bb 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -164,6 +164,18 @@ org.eclipse.edc core-spi + + org.eclipse.edc + contract-spi + + + org.eclipse.edc + catalog-spi + + + org.eclipse.edc + asset-index-sql + diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index fc86bae3..45f70e0d 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -157,6 +157,18 @@ io.netty netty-transport-classes-epoll + + org.eclipse.edc + contract-spi + + + org.eclipse.edc + catalog-spi + + + org.eclipse.edc + asset-index-sql + From e4203010fcf785f889d3f2e9cc119612e39ba602 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 5 Jul 2024 10:27:36 +0200 Subject: [PATCH 07/12] fix: ignore wrecked azure EDC dependencies. make ct more tolerant for startup times because of lacking vault. --- agent-plane/agentplane-azure-vault/pom.xml | 4 ++++ agent-plane/agentplane-hashicorp/pom.xml | 4 ++++ charts/agent-plane-azure-vault/ci/integration-values.yaml | 7 ++++++- charts/agent-plane/ci/integration-values.yaml | 5 +++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/agent-plane/agentplane-azure-vault/pom.xml b/agent-plane/agentplane-azure-vault/pom.xml index fc1fa5bb..10174bc8 100644 --- a/agent-plane/agentplane-azure-vault/pom.xml +++ b/agent-plane/agentplane-azure-vault/pom.xml @@ -176,6 +176,10 @@ org.eclipse.edc asset-index-sql + + org.eclipse.edc + control-plane-spi + diff --git a/agent-plane/agentplane-hashicorp/pom.xml b/agent-plane/agentplane-hashicorp/pom.xml index 45f70e0d..b545d1dc 100644 --- a/agent-plane/agentplane-hashicorp/pom.xml +++ b/agent-plane/agentplane-hashicorp/pom.xml @@ -169,6 +169,10 @@ org.eclipse.edc asset-index-sql + + org.eclipse.edc + control-plane-spi + diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 53afdf03..4081fa2d 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -40,7 +40,12 @@ controlplane: hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io tls: enabled: true - + +livenessProbe: + initialDelaySeconds: 60 +readinessProbe: + initialDelaySeconds: 60 + vault: azure: name: "AZURE_NAME" diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 0f2c0081..92bf2ca7 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -42,6 +42,11 @@ controlplane: tls: enabled: true +livenessProbe: + initialDelaySeconds: 60 +readinessProbe: + initialDelaySeconds: 60 + vault: azure: name: "AZURE_NAME" From f2a4aa6e3ed33d07de52dcd7e8f8c95b1bee80f9 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Fri, 5 Jul 2024 10:37:00 +0200 Subject: [PATCH 08/12] fix: linting errors. --- charts/agent-plane-azure-vault/ci/integration-values.yaml | 2 +- charts/agent-plane-azure-vault/values.yaml | 2 +- charts/agent-plane/ci/integration-values.yaml | 2 +- charts/agent-plane/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/agent-plane-azure-vault/ci/integration-values.yaml b/charts/agent-plane-azure-vault/ci/integration-values.yaml index 4081fa2d..f0e2db9e 100644 --- a/charts/agent-plane-azure-vault/ci/integration-values.yaml +++ b/charts/agent-plane-azure-vault/ci/integration-values.yaml @@ -80,7 +80,7 @@ iatp: dim: url: "http://sts.server" -#debug: +# debug: # enabled: true # port: 4046 # suspendOnStart: true diff --git a/charts/agent-plane-azure-vault/values.yaml b/charts/agent-plane-azure-vault/values.yaml index 91b6739c..99e178d9 100644 --- a/charts/agent-plane-azure-vault/values.yaml +++ b/charts/agent-plane-azure-vault/values.yaml @@ -88,7 +88,7 @@ controlplane: # -- path for incoming api calls path: /api/v1/dsp ingresses: - - enabled: false + - enabled: false # -- the name of the dataplane name: "agentplane" diff --git a/charts/agent-plane/ci/integration-values.yaml b/charts/agent-plane/ci/integration-values.yaml index 92bf2ca7..8a2168da 100644 --- a/charts/agent-plane/ci/integration-values.yaml +++ b/charts/agent-plane/ci/integration-values.yaml @@ -72,7 +72,7 @@ iatp: dim: url: "http://sts.server" -#debug: +# debug: # enabled: true # port: 4046 # suspendOnStart: true diff --git a/charts/agent-plane/values.yaml b/charts/agent-plane/values.yaml index 2874c52b..cf8aa910 100644 --- a/charts/agent-plane/values.yaml +++ b/charts/agent-plane/values.yaml @@ -91,7 +91,7 @@ controlplane: path: /api/v1/dsp ingresses: - enabled: true - tls: + tls: enabled: true hostname: 67dd349198194b508a8fd5e2dd24c173.api.mockbin.io From c998b25a9b72732daa4b1bcd416756b9df903d22 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 10 Jul 2024 08:09:44 +0200 Subject: [PATCH 09/12] chore: update some base image and github action versions. --- .github/workflows/build.yml | 8 +- .github/workflows/helm-chart-lint.yml | 2 +- .github/workflows/trivy.yml | 8 +- .github/workflows/veracode.yml | 100 ------------------ agent-plane/agentplane-azure-vault/README.md | 2 +- .../src/main/docker/Dockerfile | 2 +- agent-plane/agentplane-hashicorp/README.md | 2 +- .../src/main/docker/Dockerfile | 2 +- 8 files changed, 13 insertions(+), 113 deletions(-) delete mode 100644 .github/workflows/veracode.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 65ee837f..ef43a07b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -130,7 +130,7 @@ jobs: # Create SemVer or ref tags dependent of trigger event - name: Docker Meta Agent Plane Hashicorp id: meta-hash - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | ${{ steps.set-docker-repo.outputs.REPO }}/agentplane-hashicorp @@ -158,7 +158,7 @@ jobs: # Important step to push image description to DockerHub - since this is version independent, we always take it from main - name: Update Docker Hub description for Agent Plane Hashicorp if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }} - uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2 + uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 with: readme-filepath: agent-plane/agentplane-hashicorp/README.md username: ${{ secrets.DOCKER_HUB_USER }} @@ -168,7 +168,7 @@ jobs: # Create SemVer or ref tags dependent of trigger event - name: Docker Meta Agent Plane Azure Vault id: meta-azr - uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0 + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 with: images: | ${{ steps.set-docker-repo.outputs.REPO }}/agentplane-azure-vault @@ -196,7 +196,7 @@ jobs: # Important step to push image description to DockerHub - since this is version independent, we always take it from main - name: Update Docker Hub description for Agent Plane Azure Vault if: ${{ steps.set-docker-repo.outputs.REPO == 'docker.io' && github.ref == 'refs/heads/main' }} - uses: peter-evans/dockerhub-description@dc67fad7001ef9e8e3c124cb7a64e16d0a63d864 # v3.4.2 + uses: peter-evans/dockerhub-description@e98e4d1628a5f3be2be7c231e50981aee98723ae # v4.0.0 with: readme-filepath: agent-plane/agentplane-azure-vault/README.md username: ${{ secrets.DOCKER_HUB_USER || github.actor }} diff --git a/.github/workflows/helm-chart-lint.yml b/.github/workflows/helm-chart-lint.yml index 7e1a89cd..cf658ca6 100644 --- a/.github/workflows/helm-chart-lint.yml +++ b/.github/workflows/helm-chart-lint.yml @@ -77,7 +77,7 @@ jobs: cache: 'maven' # Set-Up Python - - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 with: python-version: 3.9 diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml index 23690d53..be55601e 100644 --- a/.github/workflows/trivy.yml +++ b/.github/workflows/trivy.yml @@ -55,7 +55,7 @@ jobs: steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run Trivy vulnerability scanner in repo mode - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: scan-type: "config" # ignore-unfixed: true @@ -65,7 +65,7 @@ jobs: output: "trivy-results-config.sarif" severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 if: always() with: sarif_file: "trivy-results-config.sarif" @@ -121,7 +121,7 @@ jobs: # the next two steps will only execute if the image exists check was successful - name: Run Trivy vulnerability scanner if: success() && steps.imageCheck.outcome != 'failure' - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # v0.16.1 + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0 with: image-ref: "${{ steps.set-docker-repo.outputs.REPO }}/${{ matrix.image }}:${{ needs.git-sha7.outputs.value }}" format: "sarif" @@ -132,6 +132,6 @@ jobs: - name: Upload Trivy scan results to GitHub Security tab if: success() && steps.imageCheck.outcome != 'failure' - uses: github/codeql-action/upload-sarif@689fdc5193eeb735ecb2e52e819e3382876f93f4 # v2.22.6 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: "trivy-results-${{ matrix.image }}.sarif" diff --git a/.github/workflows/veracode.yml b/.github/workflows/veracode.yml deleted file mode 100644 index 42f4fbde..00000000 --- a/.github/workflows/veracode.yml +++ /dev/null @@ -1,100 +0,0 @@ ---- -# -# Copyright (c) 2021,2024 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - -name: "Veracode" - -on: - schedule: - - cron: '0 2 * * *' - workflow_dispatch: - -jobs: - secret-presence: - runs-on: ubuntu-latest - outputs: - ORG_VERACODE_API_ID: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_ID }} - ORG_VERACODE_API_KEY: ${{ steps.secret-presence.outputs.ORG_VERACODE_API_KEY }} - steps: - - name: Check whether secrets exist - id: secret-presence - run: | - [ ! -z "${{ secrets.ORG_VERACODE_API_ID }}" ] && echo "ORG_VERACODE_API_ID=true" >> $GITHUB_OUTPUT - [ ! -z "${{ secrets.ORG_VERACODE_API_KEY }}" ] && echo "ORG_VERACODE_API_KEY=true" >> $GITHUB_OUTPUT - exit 0 - - verify-formatting: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - fetch-depth: 0 - # Set-Up - - name: Setup JDK 17 - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 - with: - java-version: '17' - distribution: 'temurin' - cache: 'maven' - - - name: Verify proper formatting - run: ./mvnw spotless:check - - build: - runs-on: ubuntu-latest - needs: [secret-presence, verify-formatting] - permissions: - contents: read - strategy: - fail-fast: false - matrix: - variant: [ { dir: agent-plane, name: agentplane-azure-vault }, - { dir: agent-plane, name: agentplane-hashicorp } ] - steps: - # Get Code - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - # Set-Up - - name: Setup JDK 17 - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 - with: - java-version: '17' - distribution: 'temurin' - cache: 'maven' - # Build - - name: Build ${{ matrix.variant.name }} - run: |- - ./mvnw -s settings.xml -pl ${{ matrix.variant.dir }}/${{ matrix.variant.name }} -am install - env: - GITHUB_ACTOR: ${{ github.actor }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - name: Tar gzip files for veracode upload - run: |- - tar -czvf ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/${{ matrix.variant.name }}.tar.gz ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/${{ matrix.variant.name }}.jar ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/lib/*.jar - - name: Veracode Upload And Scan - uses: veracode/veracode-uploadandscan-action@c3c0b78bddb42d5f6b10d70562f692215a410d7b #v1.0 - if: | - needs.secret-presence.outputs.ORG_VERACODE_API_ID && needs.secret-presence.outputs.ORG_VERACODE_API_KEY - continue-on-error: true - with: - appname: knowledge-agents-edc/${{ matrix.variant.name }} - createprofile: true - version: ${{ matrix.variant.name }}-${{ github.sha }} - filepath: ${{ matrix.variant.dir }}/${{ matrix.variant.name }}/target/${{ matrix.variant.name }}.tar.gz - vid: ${{ secrets.ORG_VERACODE_API_ID }} - vkey: ${{ secrets.ORG_VERACODE_API_KEY }} diff --git a/agent-plane/agentplane-azure-vault/README.md b/agent-plane/agentplane-azure-vault/README.md index de43b222..c22baa67 100644 --- a/agent-plane/agentplane-azure-vault/README.md +++ b/agent-plane/agentplane-azure-vault/README.md @@ -90,7 +90,7 @@ Project license: Apache License, Version 2.0 **Used base image** -- [eclipse-temurin:17-jre-alpine](https://github.com/adoptium/containers) +- [eclipse-temurin:22-jre-alpine](https://github.com/adoptium/containers) - Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin - Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin - Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin diff --git a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile index 43210948..5ca2d89d 100644 --- a/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile +++ b/agent-plane/agentplane-azure-vault/src/main/docker/Dockerfile @@ -25,7 +25,7 @@ HEALTHCHECK NONE RUN apk update && apk add curl=8.5.0-r0 --no-cache RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar -FROM eclipse-temurin:22_36-jre-alpine +FROM eclipse-temurin:22-jre-alpine ARG APP_USER=docker ARG APP_UID=10100 diff --git a/agent-plane/agentplane-hashicorp/README.md b/agent-plane/agentplane-hashicorp/README.md index 7b367a09..6c076ab4 100644 --- a/agent-plane/agentplane-hashicorp/README.md +++ b/agent-plane/agentplane-hashicorp/README.md @@ -90,7 +90,7 @@ Project license: Apache License, Version 2.0 **Used base image** -- [eclipse-temurin:17-jre-alpine](https://github.com/adoptium/containers) +- [eclipse-temurin:22-jre-alpine](https://github.com/adoptium/containers) - Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin - Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin - Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin diff --git a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile index e36a378a..b9f63f06 100644 --- a/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile +++ b/agent-plane/agentplane-hashicorp/src/main/docker/Dockerfile @@ -24,7 +24,7 @@ HEALTHCHECK NONE RUN apk update && apk add curl=8.5.0-r0 --no-cache RUN curl -L --proto "=https" -sSf ${OTEL_AGENT_LOCATION} --output /tmp/opentelemetry-javaagent.jar -FROM eclipse-temurin:22_36-jre-alpine +FROM eclipse-temurin:22-jre-alpine ARG APP_USER=docker ARG APP_UID=10100 From 11f4220db6f912fc9ff4474a57d8ebf1fa49b703 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 10 Jul 2024 08:12:25 +0200 Subject: [PATCH 10/12] chore: update deps after excluding some glitches from upstream. --- DEPENDENCIES | 2 -- 1 file changed, 2 deletions(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 81fbab36..96426863 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -161,7 +161,6 @@ maven/mavencentral/org.eclipse.edc.azure/vault-azure/0.7.1, Apache-2.0, approved maven/mavencentral/org.eclipse.edc/accesstokendata-store-sql/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/api-core/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/api-observability/0.7.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/asset-index-sql/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/asset-spi/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/auth-spi/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/boot-lib/0.7.1, Apache-2.0, approved, technology.edc @@ -174,7 +173,6 @@ maven/mavencentral/org.eclipse.edc/contract-spi/0.7.1, Apache-2.0, approved, tec maven/mavencentral/org.eclipse.edc/control-api-configuration/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/control-plane-api-client-spi/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/control-plane-api-client/0.7.1, Apache-2.0, approved, technology.edc -maven/mavencentral/org.eclipse.edc/control-plane-spi/0.7.1-SNAPSHOT, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/core-spi/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/crypto-common-lib/0.7.1, Apache-2.0, approved, technology.edc maven/mavencentral/org.eclipse.edc/data-address-http-data-spi/0.7.1, Apache-2.0, approved, technology.edc From 03a648e796b23e486651faa0847224a31f465c84 Mon Sep 17 00:00:00 2001 From: "Dr. Christoph \"Schorsch\" Jung" Date: Wed, 10 Jul 2024 08:31:38 +0200 Subject: [PATCH 11/12] chore: update copyright period, changelog and regenerate helm doc. --- CHANGELOG.md | 10 +++++++++- charts/agent-plane-azure-vault/Chart.yaml | 2 +- charts/agent-plane/Chart.yaml | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index dee0ffd5..bf6cc3cb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,5 @@