diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..9fac115 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,57 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +--- +version: 2 +updates: + # NuGet + - + package-ecosystem: "nuget" + directory: / + labels: + - "dependabot" + - "dependencies" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] + + # Github Actions + - + package-ecosystem: "github-actions" + directory: / + labels: + - "dependabot" + - "github-actions" + schedule: + interval: "weekly" + + # Docker + - + package-ecosystem: "docker" + directory: ./docker/ + labels: + - "dependabot" + - "docker" + schedule: + interval: "weekly" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major"] diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000..459f9b7 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,22 @@ +## Description + +Please include a summary of the change. + +## Why + +Please include an explanation of why this change is necessary as well as relevant motivation and context. List any dependencies that are required for this change. + +## Issue + +Link to Github issue. + +## Checklist + +Please delete options that are not relevant. + +- [ ] I have performed a self-review of my own code +- [ ] I have successfully tested my changes locally +- [ ] I have added tests that prove my changes work +- [ ] I have checked that new and existing tests pass locally with my changes +- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have added copyright and license headers, footers (for .md files) or files (for images) diff --git a/.github/workflows/chart-test.yml b/.github/workflows/chart-test.yml new file mode 100644 index 0000000..ba1a46c --- /dev/null +++ b/.github/workflows/chart-test.yml @@ -0,0 +1,128 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Lint and Test Chart + +on: + push: + paths: + - 'charts/dim/**' + branches: [main] + pull_request: + paths: + - 'charts/dim/**' + workflow_dispatch: + inputs: + node_image: + description: 'kindest/node image for k8s kind cluster' + # k8s version + default: 'kindest/node:v1.27.3' + required: false + type: string + upgrade_from: + description: 'dim chart version to upgrade from' + # tbd + default: 'tbd' + required: false + type: string + +jobs: + + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Kubernetes KinD Cluster + uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2.0.4 + with: + # upgrade version, default (v0.17.0) uses node image v1.21.1 and doesn't work with more recent node image versions + version: v0.20.0 + # default value for event_name != workflow_dispatch + node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }} + + - name: Build migration image + id: build-migration-image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-migrations + push: true + tags: kind-registry:5000/dim-migrations:testing + + - name: Build service image + id: build-service-image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-service + push: true + tags: kind-registry:5000/dim-service:testing + + - name: Build processes worker + id: build-processes-worker-image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-processes-worker + push: true + tags: kind-registry:5000/dim-processes-worker:testing + + - name: Set up Helm + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 + with: + version: v3.9.3 + + - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + with: + python-version: '3.9' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> $GITHUB_OUTPUT + fi + + - name: Run chart-testing (lint) + run: ct lint --validate-maintainers=false --check-version-increment=false --target-branch ${{ github.event.repository.default_branch }} + + - name: Run chart-testing (install) + run: ct install --charts charts/dim --config charts/chart-testing-config.yaml --helm-extra-set-args "--set dim.image.name=kind-registry:5000/dim-service --set dim.image.tag=testing --set migrations.image.name=kind-registry:5000/dim-migrations --set migrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/dim-processes-worker --set processesworker.image.tag=testing" + if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' + + # TODO: re-add the step after the first version release + # Upgrade the released chart version with the locally available chart + # default value for event_name != workflow_dispatch + # - name: Run helm upgrade + # run: | + # helm repo add bitnami https://charts.bitnami.com/bitnami + # helm repo add tractusx-dev https://eclipse-tractusx.github.io/charts/dev + # helm install dim tractusx-dev/dim --version ${{ github.event.inputs.upgrade_from || 'tbd' }} --namespace upgrade --create-namespace + # helm dependency update charts/dim + # helm upgrade dim charts/dim --set dim.image.name=kind-registry:5000/dim-service --set dim.image.tag=testing --set migrations.image.name=kind-registry:5000/dim-migrations --set migrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/dim-processes-worker --set processesworker.image.tag=testing --namespace upgrade + # if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..ed3abf4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,105 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# + +name: "CodeQL" + +on: + push: + branches: [main] + paths: + - 'src/**' + pull_request: + paths: + - 'src/**' + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +jobs: + analyze: + name: Analyze + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners + # Consider using larger runners for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["csharp"] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift' ] + # Use only 'java' to analyze code written in Java, Kotlin or both + # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@1b1aada464948af03b950897e5eb522f92603cc2 # v2.227 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: +security-extended,security-and-quality + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). + # Automates dependency installation for Python, Ruby, and JavaScript, optimizing the CodeQL analysis setup. + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@1b1aada464948af03b950897e5eb522f92603cc2 # v2.227 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@1b1aada464948af03b950897e5eb522f92603cc2 # v2.227 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml new file mode 100644 index 0000000..9f0d9b6 --- /dev/null +++ b/.github/workflows/kics.yml @@ -0,0 +1,75 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: "KICS" + +on: + push: + branches: [main] + # pull_request: + # The branches below must be a subset of the branches above + # branches: [main, dev] + # paths-ignore: + # - "**/*.md" + # - "**/*.txt" + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: KICS scan + uses: checkmarx/kics-github-action@8a44970e3d2eca668be41abe9d4e06709c3b3609 # v1.7.0 + with: + # Scanning directory . + path: "." + # Fail on HIGH severity results + fail_on: high + # Disable secrets detection - we use GitGuardian + disable_secrets: true + # when provided with a directory on output_path + # it will generate the specified reports file named 'results.{extension}' + # in this example it will generate: + # - results-dir/results.json + # - results-dir/results.sarif + output_path: kicsResults/ + output_formats: "json,sarif" + # If you want KICS to ignore the results and return exit status code 0 unless a KICS engine error happens + # ignore_on_exit: results + # GITHUB_TOKEN enables this github action to access github API and post comments in a pull request + # token: ${{ secrets.GITHUB_TOKEN }} + # enable_comments: true + + # Upload findings to GitHub Advanced Security Dashboard + - name: Upload SARIF file for GitHub Advanced Security Dashboard + if: always() + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: kicsResults/results.sarif + diff --git a/.github/workflows/lint-pull-request.yml b/.github/workflows/lint-pull-request.yml new file mode 100644 index 0000000..698f4c6 --- /dev/null +++ b/.github/workflows/lint-pull-request.yml @@ -0,0 +1,61 @@ +# ############################################################################# +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# ############################################################################# + +name: "Lint PullRequest" + +on: + pull_request_target: + types: + - opened + - edited + - synchronize + +jobs: + main: + name: Validate PR title + runs-on: ubuntu-latest + steps: + - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0 + id: lint_pr_title + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + # When the previous steps fail, the workflow would stop. By adding this + # condition you can continue the execution with the populated error message. + if: always() && (steps.lint_pr_title.outputs.error_message != null) + with: + header: pr-title-lint-error + message: | + Hey there and thank you for opening this pull request! 👋🏼 + + We require pull request titles to follow the [Conventional Commits specification](https://www.conventionalcommits.org/en/v1.0.0/) and it looks like your proposed title needs to be adjusted. + + Details: + + ``` + ${{ steps.lint_pr_title.outputs.error_message }} + ``` + + # Delete a previous comment when the issue has been resolved + - if: ${{ steps.lint_pr_title.outputs.error_message == null }} + uses: marocchino/sticky-pull-request-comment@331f8f5b4215f0445d3c07b4967662a32a2d3e31 # v2.9.0 + with: + header: pr-title-lint-error + delete: true diff --git a/.github/workflows/migrations-docker.yml b/.github/workflows/migrations-docker.yml new file mode 100644 index 0000000..75030a8 --- /dev/null +++ b/.github/workflows/migrations-docker.yml @@ -0,0 +1,84 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Build Migrations Image + +on: + push: + paths: + # service and transitive paths + - 'src/database/Dim.Migrations/**' + - 'src/database/Dim.Entities/**' + # workflow file + - '.github/workflows/migrations-docker.yml' + # dockerfile + - 'docker/Dockerfile-dim-migrations' + + branches: + - 'main' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}_dim-migrations + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=main + type=raw,value=${{ github.sha }} + + - name: Build and push Docker image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-migrations + platforms: linux/amd64, linux/arm64 + pull: true + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/owasp-zap.yml b/.github/workflows/owasp-zap.yml new file mode 100644 index 0000000..a624859 --- /dev/null +++ b/.github/workflows/owasp-zap.yml @@ -0,0 +1,142 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: "OWASP ZAP (DAST Scan)" + +on: + push: + branches: [main] + paths: + - 'src/**' + pull_request: + paths: + - 'src/**' + schedule: + # Once a day + - cron: "0 0 * * *" + workflow_dispatch: + # Trigger manually + inputs: + node_image: + description: 'kindest/node image for k8s kind cluster' + # k8s version + default: 'kindest/node:v1.27.3' + required: false + type: string + +jobs: + owasp-zap-scan: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Kubernetes KinD Cluster + uses: container-tools/kind-action@0ad70e2299366b0e1552c7240f4e4567148f723e # v2.0.4 + with: + node_image: ${{ github.event.inputs.node_image || 'kindest/node:v1.27.3' }} + version: v0.20.0 + + - name: Set up Helm + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5 + with: + version: v3.5.0 + + - name: Build migration image + id: build-migration-image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-migrations + push: true + tags: kind-registry:5000/dim-migrations:testing + + - name: Build service image + id: build-service-image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-service + push: true + tags: kind-registry:5000/dim-service:testing + + - name: Build Worker image + id: build-worker-image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-processes-worker + push: true + tags: kind-registry:5000/dim-processes-worker:testing + + - name: Add bitnami repo + run: | + helm repo add bitnami https://charts.bitnami.com/bitnami + helm repo update + + - name: Update Helm dependencies + run: | + cd charts/dim + helm dependency build + + - name: Install the chart on KinD cluster + run: helm install testing -n apps --create-namespace --wait --set dim.image.name=kind-registry:5000/dim-service --set dim.image.tag=testing --set migrations.image.name=kind-registry:5000/dim-migrations --set migrations.image.tag=testing --set processesworker.image.name=kind-registry:5000/dim-processes-worker --set processesworker.image.tag=testing --set dim.swaggerEnabled=true charts/dim + + - name: Configure port forward to app in KinD + run: | + echo "Getting Agent IP..." + IP_ADDR=$(hostname -i) + echo "-> IP: $IP_ADDR" + echo "IP_ADDR=$IP_ADDR" >> $GITHUB_ENV + + POD_NAME=$(kubectl get pods --namespace apps -l "app.kubernetes.io/name=dim,app.kubernetes.io/instance=testing" -o jsonpath="{.items[0].metadata.name}") + CONTAINER_PORT=$(kubectl get pod --namespace apps $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + + echo "Port-forwarding 0.0.0.0:8080 to $POD_NAME:$CONTAINER_PORT..." + + kubectl --namespace apps port-forward $POD_NAME 8080:$CONTAINER_PORT --address 0.0.0.0 & + + - name: Generating report skeletons + if: success() || failure() + run: | + touch report_md.md report_html.html + chmod a+w report_md.md report_html.html + ls -lrt + + - name: Run ZAP scan + run: | + set +e + + echo "Pulling ZAP image..." + docker pull ghcr.io/zaproxy/zaproxy:stable -q + + echo "Starting ZAP Docker container..." + docker run -v ${GITHUB_WORKSPACE}:/zap/wrk/:rw ghcr.io/zaproxy/zaproxy:stable zap-api-scan.py -t http://$IP_ADDR:8080/api/swagger/v1/swagger.json -f openapi -w report_md.md -r report_html.html -T 1 + + echo "... done." + + - name: Upload HTML report + if: success() || failure() + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 + with: + name: ZAP scan report + path: ./report_html.html + retention-days: 1 diff --git a/.github/workflows/processes-worker-docker.yml b/.github/workflows/processes-worker-docker.yml new file mode 100644 index 0000000..5f2ad11 --- /dev/null +++ b/.github/workflows/processes-worker-docker.yml @@ -0,0 +1,83 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Build Processes Worker Image + +on: + push: + paths: + # service and transitive paths + - 'src/**' + # workflow file + - '.github/workflows/processes-worker-docker.yml' + # dockerfile + - 'docker/Dockerfile-dim-processes-worker' + + branches: + - 'main' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}_dim-processes-worker + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ env.REGISTRY}}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=main + type=raw,value=${{ github.sha }} + + - name: Build and push Docker image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-processes-worker + platforms: linux/amd64, linux/arm64 + pull: true + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml new file mode 100644 index 0000000..64ea5c7 --- /dev/null +++ b/.github/workflows/release-please.yml @@ -0,0 +1,41 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Release Please + +on: + push: + branches: + - 'changelog/v*.*.*' + workflow_dispatch: + +permissions: + contents: write + pull-requests: write + +jobs: + prepare-release: + runs-on: ubuntu-latest + steps: + - uses: google-github-actions/release-please-action@v4 + name: Prepare release + with: + target-branch: ${{ github.ref_name }} + release-type: simple + skip-github-release: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..6b6326f --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,159 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Release + +on: + workflow_dispatch: + push: + paths: + - 'charts/**' + branches: + - main + +jobs: + release-helm-chart: + # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions + # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token + permissions: + contents: write + runs-on: ubuntu-latest + outputs: + app-version: ${{ steps.app-version.outputs.current }} + version-check: ${{ steps.version-check.outputs.exists }} + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Configure Git + run: | + git config user.name "$GITHUB_ACTOR" + git config user.email "$GITHUB_ACTOR@users.noreply.github.com" + + - name: Install Helm + uses: azure/setup-helm@b7246b12e77f7134dc2d460a3d5bad15bbe29390 # v4 + + - name: Update helm dependencies for dim + run: | + cd charts/dim + helm repo add bitnami https://charts.bitnami.com/bitnami + helm dependency update + + - name: Run chart-releaser + uses: helm/chart-releaser-action@v1.6.0 + env: + CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + CR_SKIP_EXISTING: "true" + + - name: Get current appVersion + id: app-version + run: | + current=$(cat ./charts/dim/Chart.yaml | grep "appVersion:" | head -1 | cut -d ":" -d " " -f2) + echo "current=$current" >> $GITHUB_OUTPUT + echo "Exported $current appVersion" + + - name: Check for previous version + id: version-check + run: | + exists=$(git tag -l "v${{ steps.app-version.outputs.current }}") + if [[ -n "$exists" ]]; then + echo "exists=true" >> $GITHUB_OUTPUT + else + echo "exists=false" >> $GITHUB_OUTPUT + fi + + release-images: + needs: release-helm-chart + if: needs.release-helm-chart.outputs.version-check == 'false' + permissions: + packages: write + runs-on: ubuntu-latest + strategy: + matrix: + include: + - image: ghcr.io/${{ github.repository }}_dim-service + dockerfile: ./docker/Dockerfile-dim-service + - image: ghcr.io/${{ github.repository }}_dim-migrations + dockerfile: ./docker/Dockerfile-dim-migrations + - image: ghcr.io/${{ github.repository }}_dim-processes-worker + dockerfile: ./docker/Dockerfile-dim-processes-worker + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Login to GitHub Container Registry + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + # Create SemVer or ref tags dependent of trigger event + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ matrix.image }} + # Automatically prepare image tags; See action docs for more examples. + # semver patter will generate tags like these for example :1 :1.2 :1.2.3 + tags: | + type=ref,event=branch + type=ref,event=pr + type=raw,value=latest + type=semver,pattern={{version}},value=${{ needs.release-helm-chart.outputs.app-version }} + type=semver,pattern={{major}},value=${{ needs.release-helm-chart.outputs.app-version }} + type=semver,pattern={{major}}.{{minor}},value=${{ needs.release-helm-chart.outputs.app-version }} + + - name: Build and push Docker images + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ${{ matrix.dockerfile }} + platforms: linux/amd64, linux/arm64 + pull: true + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + create-tag: + needs: [release-helm-chart, release-images] + if: needs.release-helm-chart.outputs.version-check == 'false' + permissions: + contents: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Create and push git tag + run: | + git tag v${{ needs.release-helm-chart.outputs.app-version }} + git push origin v${{ needs.release-helm-chart.outputs.app-version }} diff --git a/.github/workflows/service-docker.yml b/.github/workflows/service-docker.yml new file mode 100644 index 0000000..4deeb3f --- /dev/null +++ b/.github/workflows/service-docker.yml @@ -0,0 +1,83 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Build Service Image + +on: + push: + paths: + # service and transitive paths + - 'src/**' + # workflow file + - '.github/workflows/service-docker.yml' + # dockerfile + - 'docker/Dockerfile-dim-service' + + branches: + - 'main' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }}_dim-service + +jobs: + build-and-push-image: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Login to GitHub Container Registry + if: github.event_name != 'pull_request' + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 + + - name: Set up QEMU + uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + + - name: Docker meta + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1 + with: + images: ${{ env.REGISTRY}}/${{ env.IMAGE_NAME }} + tags: | + type=raw,value=main + type=raw,value=${{ github.sha }} + + - name: Build and push Docker image + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0 + with: + context: . + file: ./docker/Dockerfile-dim-service + platforms: linux/amd64, linux/arm64 + pull: true + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 0000000..53d2528 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,79 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Sonarcloud +on: + push: + branches: [main] + paths: + - 'src/**' + pull_request: + types: [opened, synchronize, reopened] + paths: + - 'src/**' + workflow_dispatch: + +jobs: + build: + name: Build + if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository + runs-on: ubuntu-latest + strategy: + matrix: + dotnet-version: ['8.0'] + + steps: + - name: Set up JDK 17 + uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1 + with: + distribution: 'temurin' + java-version: '17' + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + - name: Cache SonarCloud packages + uses: actions/cache@v4 + with: + path: ~/sonar/cache + key: ${{ runner.os }}-sonar + restore-keys: ${{ runner.os }}-sonar + - name: Cache SonarCloud scanner + id: cache-sonar-scanner + uses: actions/cache@v4 + with: + path: ./.sonar/scanner + key: ${{ runner.os }}-sonar-scanner + restore-keys: ${{ runner.os }}-sonar-scanner + - name: Install SonarCloud scanner + if: steps.cache-sonar-scanner.outputs.cache-hit != 'true' + run: | + mkdir -p ./.sonar/scanner + dotnet tool update dotnet-sonarscanner --tool-path ./.sonar/scanner + - name: Build and analyze + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + dotnet tool install --global dotnet-coverage + ./.sonar/scanner/dotnet-sonarscanner begin /k:"${{ vars.SONAR_PROJECT_KEY }}" /o:"${{ vars.SONAR_ORGANIZATION }}" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io" /d:sonar.cs.vscoveragexml.reportsPaths=src/coverage.xml + dotnet build src + cd src + dotnet-coverage collect 'dotnet test --no-restore --verbosity normal' -s 'settings-coverage.xml' -f xml -o 'coverage.xml' + cd .. + ./.sonar/scanner/dotnet-sonarscanner end /d:sonar.login="${{ secrets.SONAR_TOKEN }}" diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml new file mode 100644 index 0000000..11a5ba1 --- /dev/null +++ b/.github/workflows/trivy.yml @@ -0,0 +1,170 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +# Depending on the location of your Docker container +# you need to change the path to the specific Docker registry. +# +name: "Trivy" + +on: + push: + branches: [main] + # pull_request: + # The branches below must be a subset of the branches above + # branches: [ main, master ] + # paths-ignore: + # - "**/*.md" + # - "**/*.txt" + schedule: + # Once a day + - cron: "0 0 * * *" + workflow_dispatch: + # Trigger manually + +env: + REGISTRY: ghcr.io + IMAGE_NAME_SERVICE: ${{ github.repository }}_dim-service + IMAGE_NAME_MIGRATIONS: ${{ github.repository }}_dim-migrations + IMAGE_NAME_WORKER: ${{ github.repository }}_dim-processes-worker + +jobs: + analyze-config: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Run Trivy vulnerability scanner in repo mode + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + with: + scan-type: "config" + hide-progress: false + format: "sarif" + output: "trivy-results1.sarif" + vuln-type: "os,library" + skip-dirs: "docs/" + timeout: "3600s" + + - name: Upload Trivy scan results to GitHub Security tab + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + if: always() + with: + sarif_file: "trivy-results1.sarif" + + analyze-service: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # It's also possible to scan your private registry with Trivy's built-in image scan. + # All you have to do is set ENV vars. + # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. + # You don't need to set ENV vars when downloading from a public repository. + # For public images, no ENV vars must be set. + - name: Run Trivy vulnerability scanner + if: always() + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + with: + # Path to Docker image + image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_SERVICE}}:main" + format: "sarif" + output: "trivy-results2.sarif" + vuln-type: "os,library" + + - name: Upload Trivy scan results to GitHub Security tab + if: always() + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: "trivy-results2.sarif" + + analyze-migrations: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # It's also possible to scan your private registry with Trivy's built-in image scan. + # All you have to do is set ENV vars. + # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. + # You don't need to set ENV vars when downloading from a public repository. + # For public images, no ENV vars must be set. + - name: Run Trivy vulnerability scanner + if: always() + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + with: + # Path to Docker image + image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_MIGRATIONS}}:main" + format: "sarif" + output: "trivy-results3.sarif" + vuln-type: "os,library" + + - name: Upload Trivy scan results to GitHub Security tab + if: always() + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: "trivy-results4.sarif" + + analyze-processes-worker: + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + # It's also possible to scan your private registry with Trivy's built-in image scan. + # All you have to do is set ENV vars. + # Docker Hub needs TRIVY_USERNAME and TRIVY_PASSWORD. + # You don't need to set ENV vars when downloading from a public repository. + # For public images, no ENV vars must be set. + - name: Run Trivy vulnerability scanner + if: always() + uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # v0.19.0 + with: + # Path to Docker image + image-ref: "${{ env.REGISTRY}}/${{ env.IMAGE_NAME_WORKER}}:main" + format: "sarif" + output: "trivy-results4.sarif" + vuln-type: "os,library" + + - name: Upload Trivy scan results to GitHub Security tab + if: always() + uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9 + with: + sarif_file: "trivy-results4.sarif" + \ No newline at end of file diff --git a/.github/workflows/unit.tests-formatting.yml b/.github/workflows/unit.tests-formatting.yml new file mode 100644 index 0000000..2b61b8b --- /dev/null +++ b/.github/workflows/unit.tests-formatting.yml @@ -0,0 +1,56 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +name: Unit-Tests and Formatting + +on: + push: + branches: [main] + paths: + - 'src/**' + pull_request: + types: [opened, synchronize, reopened] + paths: + - 'src/**' + workflow_dispatch: + +jobs: + build: + + runs-on: ubuntu-latest + strategy: + matrix: + dotnet-version: ['8.0'] + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - name: Setup .NET Core SDK ${{ matrix.dotnet-version }} + uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0 + with: + dotnet-version: ${{ matrix.dotnet-version }} + - name: Install dotnet-format + run: dotnet tool install -g dotnet-format + - name: Install dependencies + run: dotnet restore src + - name: Build + run: dotnet build src --configuration Release --no-restore + - name: Check Format + run: dotnet format src --verify-no-changes --no-restore + - name: Test + run: dotnet test src --no-restore --verbosity normal diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..294c2d9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,16 @@ +# Changelog + +## 1.0.0 (2024-04-09) + + +### Features + +* **authorization:** add role authorization ([#19](https://github.com/SAP/ssi-dim-middle-layer/issues/19)) ([221a435](https://github.com/SAP/ssi-dim-middle-layer/commit/221a435c629149e5fadb0514be6a595fe968594a)) +* **client:** add dim client ([266e807](https://github.com/SAP/ssi-dim-middle-layer/commit/266e80764e0009be8cdad53781194f837140e151)) +* **net8:** upgrade to .net8 ([#23](https://github.com/SAP/ssi-dim-middle-layer/issues/23)) ([d3494de](https://github.com/SAP/ssi-dim-middle-layer/commit/d3494dedf046b05ffe7b346298abbfb2286f452f)) +* **statusList:** add statuslist endpoints ([#22](https://github.com/SAP/ssi-dim-middle-layer/issues/22)) ([167ff48](https://github.com/SAP/ssi-dim-middle-layer/commit/167ff48a404b17b226addac5695df02463cd5002)) + + +### Bug Fixes + +* **bindings:** adjust errorhandling for service instances ([#29](https://github.com/SAP/ssi-dim-middle-layer/issues/29)) ([5b8f6cc](https://github.com/SAP/ssi-dim-middle-layer/commit/5b8f6cc65a60e42d6791e8e3d5a85bbd2e2dffb3)) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index faa735b..0000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,93 +0,0 @@ -# Community Code of Conduct - -**Version 2.0 -January 1, 2023** - -## Our Pledge - -In the interest of fostering an open and welcoming environment, we as community members, contributors, Committers[^1], and Project Leads (collectively "Contributors") pledge to make participation in our projects and our community a harassment-free and inclusive experience for everyone. - -This Community Code of Conduct ("Code") outlines our behavior expectations as members of our community in all Eclipse Foundation activities, both offline and online. It is not intended to govern scenarios or behaviors outside of the scope of Eclipse Foundation activities. Nor is it intended to replace or supersede the protections offered to all our community members under the law. Please follow both the spirit and letter of this Code and encourage other Contributors to follow these principles into our work. Failure to read or acknowledge this Code does not excuse a Contributor from compliance with the Code. - -## Our Standards - -Examples of behavior that contribute to creating a positive and professional environment include: - -- Using welcoming and inclusive language; -- Actively encouraging all voices; -- Helping others bring their perspectives and listening actively. If you find yourself dominating a discussion, it is especially important to encourage other voices to join in; -- Being respectful of differing viewpoints and experiences; -- Gracefully accepting constructive criticism; -- Focusing on what is best for the community; -- Showing empathy towards other community members; -- Being direct but professional; and -- Leading by example by holding yourself and others accountable - -Examples of unacceptable behavior by Contributors include: - -- The use of sexualized language or imagery; -- Unwelcome sexual attention or advances; -- Trolling, insulting/derogatory comments, and personal or political attacks; -- Public or private harassment, repeated harassment; -- Publishing others' private information, such as a physical or electronic address, without explicit permission; -- Violent threats or language directed against another person; -- Sexist, racist, or otherwise discriminatory jokes and language; -- Posting sexually explicit or violent material; -- Sharing private content, such as emails sent privately or non-publicly, or unlogged forums such as IRC channel history; -- Personal insults, especially those using racist or sexist terms; -- Excessive or unnecessary profanity; -- Advocating for, or encouraging, any of the above behavior; and -- Other conduct which could reasonably be considered inappropriate in a professional setting - -## Our Responsibilities - -With the support of the Eclipse Foundation employees, consultants, officers, and directors (collectively, the "Staff"), Committers, and Project Leads, the Eclipse Foundation Conduct Committee (the "Conduct Committee") is responsible for clarifying the standards of acceptable behavior. The Conduct Committee takes appropriate and fair corrective action in response to any instances of unacceptable behavior. - -## Scope - -This Code applies within all Project, Working Group, and Interest Group spaces and communication channels of the Eclipse Foundation (collectively, "Eclipse spaces"), within any Eclipse-organized event or meeting, and in public spaces when an individual is representing an Eclipse Foundation Project, Working Group, Interest Group, or their communities. Examples of representing a Project or community include posting via an official social media account, personal accounts, or acting as an appointed representative at an online or offline event. Representation of Projects, Working Groups, and Interest Groups may be further defined and clarified by Committers, Project Leads, or the Staff. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Conduct Committee via conduct@eclipse-foundation.org. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. Without the explicit consent of the reporter, the Conduct Committee is obligated to maintain confidentiality with regard to the reporter of an incident. The Conduct Committee is further obligated to ensure that the respondent is provided with sufficient information about the complaint to reply. If such details cannot be provided while maintaining confidentiality, the Conduct Committee will take the respondent‘s inability to provide a defense into account in its deliberations and decisions. Further details of enforcement guidelines may be posted separately. - -Staff, Committers and Project Leads have the right to report, remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code, or to block temporarily or permanently any Contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. Any such actions will be reported to the Conduct Committee for transparency and record keeping. - -Any Staff (including officers and directors of the Eclipse Foundation), Committers, Project Leads, or Conduct Committee members who are the subject of a complaint to the Conduct Committee will be recused from the process of resolving any such complaint. - -## Responsibility - -The responsibility for administering this Code rests with the Conduct Committee, with oversight by the Executive Director and the Board of Directors. For additional information on the Conduct Committee and its process, please write to . - -## Investigation of Potential Code Violations - -All conflict is not bad as a healthy debate may sometimes be necessary to push us to do our best. It is, however, unacceptable to be disrespectful or offensive, or violate this Code. If you see someone engaging in objectionable behavior violating this Code, we encourage you to address the behavior directly with those involved. If for some reason, you are unable to resolve the matter or feel uncomfortable doing so, or if the behavior is threatening or harassing, please report it following the procedure laid out below. - -Reports should be directed to . It is the Conduct Committee’s role to receive and address reported violations of this Code and to ensure a fair and speedy resolution. - -The Eclipse Foundation takes all reports of potential Code violations seriously and is committed to confidentiality and a full investigation of all allegations. The identity of the reporter will be omitted from the details of the report supplied to the accused. Contributors who are being investigated for a potential Code violation will have an opportunity to be heard prior to any final determination. Those found to have violated the Code can seek reconsideration of the violation and disciplinary action decisions. Every effort will be made to have all matters disposed of within 60 days of the receipt of the complaint. - -## Actions -Contributors who do not follow this Code in good faith may face temporary or permanent repercussions as determined by the Conduct Committee. - -This Code does not address all conduct. It works in conjunction with our [Communication Channel Guidelines](https://www.eclipse.org/org/documents/communication-channel-guidelines/), [Social Media Guidelines](https://www.eclipse.org/org/documents/social_media_guidelines.php), [Bylaws](https://www.eclipse.org/org/documents/eclipse-foundation-be-bylaws-en.pdf), and [Internal Rules](https://www.eclipse.org/org/documents/ef-be-internal-rules.pdf) which set out additional protections for, and obligations of, all contributors. The Foundation has additional policies that provide further guidance on other matters. - -It’s impossible to spell out every possible scenario that might be deemed a violation of this Code. Instead, we rely on one another’s good judgment to uphold a high standard of integrity within all Eclipse Spaces. Sometimes, identifying the right thing to do isn’t an easy call. In such a scenario, raise the issue as early as possible. - -## No Retaliation - -The Eclipse community relies upon and values the help of Contributors who identify potential problems that may need to be addressed within an Eclipse Space. Any retaliation against a Contributor who raises an issue honestly is a violation of this Code. That a Contributor has raised a concern honestly or participated in an investigation, cannot be the basis for any adverse action, including threats, harassment, or discrimination. If you work with someone who has raised a concern or provided information in an investigation, you should continue to treat the person with courtesy and respect. If you believe someone has retaliated against you, report the matter as described by this Code. Honest reporting does not mean that you have to be right when you raise a concern; you just have to believe that the information you are providing is accurate. - -False reporting, especially when intended to retaliate or exclude, is itself a violation of this Code and will not be accepted or tolerated. - -Everyone is encouraged to ask questions about this Code. Your feedback is welcome, and you will get a response within three business days. Write to . - -## Amendments - -The Eclipse Foundation Board of Directors may amend this Code from time to time and may vary the procedures it sets out where appropriate in a particular case. - -### Attribution - -This Code was inspired by the [Contributor Covenant](https://www.contributor-covenant.org/), version 1.4, available [here](https://www.contributor-covenant.org/version/1/4/code-of-conduct/). - -[^1]: Capitalized terms used herein without definition shall have the meanings assigned to them in the Bylaws. \ No newline at end of file diff --git a/DEPENDENCIES b/DEPENDENCIES new file mode 100644 index 0000000..184bf13 --- /dev/null +++ b/DEPENDENCIES @@ -0,0 +1,47 @@ +nuget/nuget/-/AutoFixture.AutoFakeItEasy/4.18.1, MIT, approved, #10064 +nuget/nuget/-/AutoFixture/4.18.1, MIT, approved, #10057 +nuget/nuget/-/Castle.Core/5.1.1, Apache-2.0, approved, #13966 +nuget/nuget/-/EFCore.NamingConventions/8.0.3, Apache-2.0, approved, #13983 +nuget/nuget/-/FakeItEasy/8.1.0, MIT, approved, #13970 +nuget/nuget/-/Fare/2.1.1, MIT, approved, clearlydefined +nuget/nuget/-/FluentAssertions/6.12.0, MIT AND Apache-2.0 AND BSD-3-Clause AND CC-BY-3.0-US AND (GPL-2.0-only OR MIT) AND OFL-1.1 AND WTFPL, approved, #13976 +nuget/nuget/-/Flurl.Http.Signed/3.2.4, MIT, approved, #3503 +nuget/nuget/-/Flurl.Signed/3.0.6, MIT, approved, #3501 +nuget/nuget/-/Humanizer.Core/2.14.1, MIT, approved, #10060 +nuget/nuget/-/Mono.TextTemplating/2.2.1, MIT, approved, clearlydefined +nuget/nuget/-/Newtonsoft.Json/13.0.1, MIT AND BSD-3-Clause, approved, #3266 +nuget/nuget/-/Newtonsoft.Json/13.0.3, MIT AND BSD-3-Clause, approved, #3266 +nuget/nuget/-/Npgsql.EntityFrameworkCore.PostgreSQL/8.0.2, PostgreSQL AND MIT, approved, #13972 +nuget/nuget/-/Npgsql/8.0.2, PostgreSQL, approved, #13963 +nuget/nuget/-/SSH.NET/2023.0.0, MIT AND (MIT AND MS-PL) AND ISC, approved, #13965 +nuget/nuget/-/Serilog.AspNetCore/8.0.1, Apache-2.0 AND MIT, approved, #13967 +nuget/nuget/-/Serilog.Enrichers.CorrelationId/3.0.1, MIT, approved, clearlydefined +nuget/nuget/-/Serilog.Enrichers.Environment/2.3.0, Apache-2.0, approved, #13959 +nuget/nuget/-/Serilog.Enrichers.Process/2.0.2, Apache-2.0, approved, clearlydefined +nuget/nuget/-/Serilog.Enrichers.Sensitive/1.7.3, MIT, approved, clearlydefined +nuget/nuget/-/Serilog.Enrichers.Thread/3.1.0, Apache-2.0, approved, clearlydefined +nuget/nuget/-/Serilog.Extensions.Hosting/8.0.0, Apache-2.0, approved, #13962 +nuget/nuget/-/Serilog.Extensions.Logging/8.0.0, Apache-2.0, approved, #13985 +nuget/nuget/-/Serilog.Formatting.Compact/2.0.0, Apache-2.0, approved, #13981 +nuget/nuget/-/Serilog.Settings.Configuration/8.0.0, Apache-2.0, approved, #13988 +nuget/nuget/-/Serilog.Sinks.Console/5.0.1, Apache-2.0, approved, #13980 +nuget/nuget/-/Serilog.Sinks.Debug/2.0.0, Apache-2.0, approved, clearlydefined +nuget/nuget/-/Serilog.Sinks.File/5.0.0, Apache-2.0, approved, #11116 +nuget/nuget/-/Serilog/3.1.1, Apache-2.0, approved, #13978 +nuget/nuget/-/SharpZipLib/1.4.2, MIT AND GFDL-1.3-or-later AND (Apache-2.0 AND MIT) AND WTFPL AND bzip2-1.0.6 AND LicenseRef-Permissive-license-with-conditions AND LicenseRef-Permission-Notice, approved, #10058 +nuget/nuget/-/SshNet.Security.Cryptography/1.3.0, MIT, approved, clearlydefined +nuget/nuget/-/Swashbuckle.AspNetCore.Swagger/6.5.0, MIT AND Apache-2.0, approved, #7160 +nuget/nuget/-/Swashbuckle.AspNetCore.SwaggerGen/6.5.0, MIT AND Apache-2.0, approved, #7156 +nuget/nuget/-/Swashbuckle.AspNetCore.SwaggerUI/6.5.0, MIT AND Apache-2.0, approved, #7158 +nuget/nuget/-/Swashbuckle.AspNetCore/6.5.0, MIT AND Apache-2.0, approved, #7159 +nuget/nuget/-/Testcontainers.PostgreSql/3.7.0, MIT, approved, #13960 +nuget/nuget/-/Testcontainers/3.7.0, MIT, approved, #13982 +nuget/nuget/-/coverlet.collector/6.0.2, MIT, approved, #10075 +nuget/nuget/-/xunit.abstractions/2.0.3, Apache-2.0, approved, clearlydefined +nuget/nuget/-/xunit.analyzers/1.11.0, Apache-2.0 AND MIT, approved, #14197 +nuget/nuget/-/xunit.assert/2.7.0, Apache-2.0 AND MIT, approved, #13971 +nuget/nuget/-/xunit.core/2.7.0, Apache-2.0, approved, #13979 +nuget/nuget/-/xunit.extensibility.core/2.7.0, Apache-2.0 AND MIT, approved, #13974 +nuget/nuget/-/xunit.extensibility.execution/2.7.0, Apache-2.0, approved, #13977 +nuget/nuget/-/xunit.runner.visualstudio/2.5.7, Apache-2.0 AND MIT, approved, #10065 +nuget/nuget/-/xunit/2.7.0, Apache-2.0 AND MIT, approved, #13969 diff --git a/README.md b/README.md index 6561c26..58989c9 100644 --- a/README.md +++ b/README.md @@ -4,11 +4,26 @@ ## About this project -Integration layer between DIM solution and Tractus-X Portal. +This repository contains the code for the Integration layer between Digital Identity Management (DIM) solution and Tractus-X Portal written in C#. It's used to create a wallet and configure all needed information. + +For **installation** details and further information, please refer to the chart specific [README](./charts/dim/README.md). ## Requirements and Setup -*Insert a short description what is required to get your project running...* +Install the [.NET 8.0 SDK](https://www.microsoft.com/net/download). + +Run the following command from the CLI: + +```console +dotnet build src +``` + +Make sure the necessary config is added to the settings of the service you want to run. +Run the following command from the CLI in the directory of the service you want to run: + +```console +dotnet run +``` ## Support, Feedback, Contributing diff --git a/charts/chart-testing-config.yaml b/charts/chart-testing-config.yaml new file mode 100644 index 0000000..dd8de8d --- /dev/null +++ b/charts/chart-testing-config.yaml @@ -0,0 +1,22 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +validate-maintainers: false +chart-repos: + - bitnami=https://charts.bitnami.com/bitnami diff --git a/charts/dim/.helmignore b/charts/dim/.helmignore new file mode 100644 index 0000000..0bffc69 --- /dev/null +++ b/charts/dim/.helmignore @@ -0,0 +1,27 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +# Custom dirs and files +argocd/ +*.gotmpl diff --git a/charts/dim/Chart.yaml b/charts/dim/Chart.yaml new file mode 100644 index 0000000..666fa95 --- /dev/null +++ b/charts/dim/Chart.yaml @@ -0,0 +1,31 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: v2 +name: dim +type: application +version: 1.0.0 +appVersion: 1.0.0 +description: Helm chart for DIM Middle Layer +home: https://github.com/catenax-ng/dim-repo +dependencies: + - condition: postgresql.enabled + name: postgresql + repository: https://charts.bitnami.com/bitnami + version: 12.12.x diff --git a/charts/dim/LICENSE b/charts/dim/LICENSE new file mode 100644 index 0000000..f49a4e1 --- /dev/null +++ b/charts/dim/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/charts/dim/README.md b/charts/dim/README.md new file mode 100644 index 0000000..3c0c278 --- /dev/null +++ b/charts/dim/README.md @@ -0,0 +1,138 @@ +# Helm chart for DIM Middle Layer + +This helm chart installs the DIM Middle Layer. + +For further information please refer to [Technical Documentation](./docs/technical-documentation). + +The referenced container images are for demonstration purposes only. + +## Installation + +To install the chart with the release name `dim`: + +```shell +$ helm repo add ssi-dim-middle-layer https://sap.github.io/ssi-dim-middle-layer +$ helm install dim ssi-dim-middle-layer/dim +``` + +To install the helm chart into your cluster with your values: + +```shell +$ helm install -f your-values.yaml dim ssi-dim-middle-layer/dim +``` + +To use the helm chart as a dependency: + +```yaml +dependencies: + - name: dim + repository: https://sap.github.io/ssi-dim-middle-layer + version: 1.0.0 +``` + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://charts.bitnami.com/bitnami | postgresql | 12.12.x | + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| dim.image.name | string | `"ghcr.io/sap/dim-client_dim-service"` | | +| dim.image.tag | string | `""` | | +| dim.imagePullPolicy | string | `"IfNotPresent"` | | +| dim.resources | object | `{"limits":{"cpu":"45m","memory":"300M"},"requests":{"cpu":"15m","memory":"300M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| dim.healthChecks.startup.path | string | `"/health/startup"` | | +| dim.healthChecks.startup.tags[0].name | string | `"HEALTHCHECKS__0__TAGS__1"` | | +| dim.healthChecks.startup.tags[0].value | string | `"dimdb"` | | +| dim.healthChecks.liveness.path | string | `"/healthz"` | | +| dim.healthChecks.readyness.path | string | `"/ready"` | | +| dim.swaggerEnabled | bool | `false` | | +| dim.rootDirectoryId | string | `"00000000-0000-0000-0000-000000000000"` | | +| dim.operatorId | string | `"00000000-0000-0000-0000-000000000000"` | | +| migrations.name | string | `"migrations"` | | +| migrations.image.name | string | `"ghcr.io/sap/dim-client_dim-migrations"` | | +| migrations.image.tag | string | `""` | | +| migrations.imagePullPolicy | string | `"IfNotPresent"` | | +| migrations.resources | object | `{"limits":{"cpu":"45m","memory":"200M"},"requests":{"cpu":"15m","memory":"200M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| migrations.seeding.testDataEnvironments | string | `""` | | +| migrations.seeding.testDataPaths | string | `"Seeder/Data"` | | +| migrations.logging.default | string | `"Information"` | | +| processesworker.name | string | `"processesworker"` | | +| processesworker.image.name | string | `"ghcr.io/sap/dim-client_dim-processes-worker"` | | +| processesworker.image.tag | string | `""` | | +| processesworker.imagePullPolicy | string | `"IfNotPresent"` | | +| processesworker.resources | object | `{"limits":{"cpu":"45m","memory":"300M"},"requests":{"cpu":"15m","memory":"300M"}}` | We recommend to review the default resource limits as this should a conscious choice. | +| processesworker.dim.adminMail | string | `"mail@example.org"` | | +| processesworker.dim.clientIdCisCentral | string | `""` | | +| processesworker.dim.clientSecretCisCentral | string | `""` | | +| processesworker.dim.authUrl | string | `""` | | +| processesworker.subaccount.baseUrl | string | `""` | Url to the subaccount service api | +| processesworker.entitlement.baseUrl | string | `""` | Url to the entitlement service api | +| processesworker.cf.clientId | string | `""` | | +| processesworker.cf.clientSecret | string | `""` | | +| processesworker.cf.tokenAddress | string | `""` | | +| processesworker.cf.baseUrl | string | `""` | Url to the cf service api | +| processesworker.cf.grantType | string | `"client_credentials"` | | +| processesworker.callback.scope | string | `"openid"` | | +| processesworker.callback.grantType | string | `"client_credentials"` | | +| processesworker.callback.clientId | string | `""` | Provide client-id for callback. | +| processesworker.callback.clientSecret | string | `""` | Client-secret for callback client-id. Secret-key 'callback-client-secret'. | +| processesworker.callback.tokenAddress | string | `""` | | +| processesworker.callback.baseAddress | string | `""` | Url to the cf service api | +| existingSecret | string | `""` | Secret containing "client-secret-cis-central", "client-secret-cf" and "client-secret-callback" | +| dotnetEnvironment | string | `"Production"` | | +| dbConnection.schema | string | `"dim"` | | +| dbConnection.sslMode | string | `"Disable"` | | +| postgresql.enabled | bool | `true` | PostgreSQL chart configuration; default configurations: host: "dim-postgresql-primary", port: 5432; Switch to enable or disable the PostgreSQL helm chart. | +| postgresql.image | object | `{"tag":"15-debian-12"}` | Setting image tag to major to get latest minor updates | +| postgresql.commonLabels."app.kubernetes.io/version" | string | `"15"` | | +| postgresql.auth.username | string | `"dim"` | Non-root username. | +| postgresql.auth.database | string | `"dim"` | Database name. | +| postgresql.auth.existingSecret | string | `"{{ .Release.Name }}-dim-postgres"` | Secret containing the passwords for root usernames postgres and non-root username dim. Should not be changed without changing the "dim-postgresSecretName" template as well. | +| postgresql.auth.postgrespassword | string | `""` | Password for the root username 'postgres'. Secret-key 'postgres-password'. | +| postgresql.auth.password | string | `""` | Password for the non-root username 'dim'. Secret-key 'password'. | +| postgresql.auth.replicationPassword | string | `""` | Password for the non-root username 'repl_user'. Secret-key 'replication-password'. | +| postgresql.architecture | string | `"replication"` | | +| postgresql.audit.pgAuditLog | string | `"write, ddl"` | | +| postgresql.audit.logLinePrefix | string | `"%m %u %d "` | | +| postgresql.primary.extendedConfiguration | string | `""` | Extended PostgreSQL Primary configuration (increase of max_connections recommended - default is 100) | +| postgresql.primary.initdb.scriptsConfigMap | string | `"{{ .Release.Name }}-dim-cm-postgres"` | | +| postgresql.readReplicas.extendedConfiguration | string | `""` | Extended PostgreSQL read only replicas configuration (increase of max_connections recommended - default is 100) | +| externalDatabase.host | string | `"dim-postgres-ext"` | External PostgreSQL configuration IMPORTANT: non-root db user needs to be created beforehand on external database. And the init script (02-init-db.sql) available in templates/configmap-postgres-init.yaml needs to be executed beforehand. Database host ('-primary' is added as postfix). | +| externalDatabase.port | int | `5432` | Database port number. | +| externalDatabase.username | string | `"dim"` | Non-root username for dim. | +| externalDatabase.database | string | `"dim"` | Database name. | +| externalDatabase.password | string | `""` | Password for the non-root username (default 'dim'). Secret-key 'password'. | +| externalDatabase.existingSecret | string | `"dim-external-db"` | Secret containing the password non-root username, (default 'dim'). | +| idp | object | `{"address":"https://centralidp.example.org","authRealm":"CX-Central","jwtBearerOptions":{"metadataPath":"/auth/realms/CX-Central/.well-known/openid-configuration","refreshInterval":"00:00:30","requireHttpsMetadata":"true","tokenValidationParameters":{"validAudience":"DIM-Middle-Layer","validIssuerPath":"/auth/realms/CX-Central"}},"tokenPath":"/auth/realms/CX-Central/protocol/openid-connect/token","useAuthTrail":true}` | Provide details about idp instance. | +| idp.address | string | `"https://centralidp.example.org"` | Provide idp base address, without trailing '/auth'. | +| idp.useAuthTrail | bool | `true` | Flag if the api should be used with an leading /auth path | +| ingress.enabled | bool | `false` | DIM ingress parameters, enable ingress record generation for dim. | +| ingress.tls[0] | object | `{"hosts":[""],"secretName":""}` | Provide tls secret. | +| ingress.tls[0].hosts | list | `[""]` | Provide host for tls secret. | +| ingress.hosts[0] | object | `{"host":"","paths":[{"backend":{"port":8080},"path":"/api/dim","pathType":"Prefix"}]}` | Provide default path for the ingress record. | +| portContainer | int | `8080` | | +| portService | int | `8080` | | +| replicaCount | int | `3` | | +| nodeSelector | object | `{}` | Node labels for pod assignment | +| tolerations | list | `[]` | Tolerations for pod assignment | +| affinity.podAntiAffinity | object | `{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"DoesNotExist"}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}` | Following Catena-X Helm Best Practices, [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). | +| updateStrategy.type | string | `"RollingUpdate"` | Update strategy type, rolling update configuration parameters, [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). | +| updateStrategy.rollingUpdate.maxSurge | int | `1` | | +| updateStrategy.rollingUpdate.maxUnavailable | int | `0` | | +| startupProbe | object | `{"failureThreshold":30,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Following Catena-X Helm Best Practices, [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). | +| livenessProbe.failureThreshold | int | `3` | | +| livenessProbe.initialDelaySeconds | int | `10` | | +| livenessProbe.periodSeconds | int | `10` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `10` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.initialDelaySeconds | int | `10` | | +| readinessProbe.periodSeconds | int | `10` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `1` | | + +Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/dim/README.md.gotmpl b/charts/dim/README.md.gotmpl new file mode 100644 index 0000000..5daa8a4 --- /dev/null +++ b/charts/dim/README.md.gotmpl @@ -0,0 +1,37 @@ +# {{ template "chart.description" . }} + +This helm chart installs the DIM Middle Layer. + +For further information please refer to [Technical Documentation](./docs/technical-documentation). + +The referenced container images are for demonstration purposes only. + +## Installation + +To install the chart with the release name `{{ template "chart.name" . }}`: + +```shell +$ helm repo add ssi-dim-middle-layer https://sap.github.io/ssi-dim-middle-layer +$ helm install {{ template "chart.name" . }} ssi-dim-middle-layer/{{ template "chart.name" . }} +``` + +To install the helm chart into your cluster with your values: + +```shell +$ helm install -f your-values.yaml {{ template "chart.name" . }} ssi-dim-middle-layer/{{ template "chart.name" . }} +``` + +To use the helm chart as a dependency: + +```yaml +dependencies: + - name: {{ template "chart.name" . }} + repository: https://sap.github.io/ssi-dim-middle-layer + version: {{ template "chart.version" . }} +``` + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +Autogenerated with [helm docs](https://github.com/norwoodj/helm-docs) diff --git a/charts/dim/templates/_helpers.tpl b/charts/dim/templates/_helpers.tpl new file mode 100644 index 0000000..b5d5f75 --- /dev/null +++ b/charts/dim/templates/_helpers.tpl @@ -0,0 +1,128 @@ +{{- /* +* Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "dim.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "dim.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dim.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Determine secret name. +*/}} +{{- define "dim.secretName" -}} +{{- if .Values.existingSecret -}} +{{- .Values.existingSecret }} +{{- else -}} +{{- include "dim.fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Define secret name of postgres dependency. +*/}} +{{- define "dim.postgresSecretName" -}} +{{- printf "%s-%s" .Release.Name "dim-postgres" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "dim.labels" -}} +helm.sh/chart: {{ include "dim.chart" . }} +{{ include "dim.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dim.selectorLabels" -}} +app.kubernetes.io/name: {{ include "dim.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "dim.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "dim.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Determine database hostname for subchart +*/}} + +{{- define "dim.postgresql.primary.fullname" -}} +{{- if eq .Values.postgresql.architecture "replication" }} +{{- printf "%s-primary" (include "dim.chart.name.postgresql.dependency" .) | trunc 63 | trimSuffix "-" -}} +{{- else -}} + {{- include "dim.chart.name.postgresql.dependency" . -}} +{{- end -}} +{{- end -}} + +{{- define "dim.postgresql.readReplica.fullname" -}} +{{- printf "%s-read" (include "dim.chart.name.postgresql.dependency" .) | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "dim.chart.name.postgresql.dependency" -}} +{{- if .Values.postgresql.fullnameOverride -}} +{{- .Values.postgresql.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "postgresql" .Values.postgresql.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/dim/templates/configmap-postgres-init.yaml b/charts/dim/templates/configmap-postgres-init.yaml new file mode 100644 index 0000000..4ddda95 --- /dev/null +++ b/charts/dim/templates/configmap-postgres-init.yaml @@ -0,0 +1,35 @@ +{{- /* +* Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.postgresql.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-dim-cm-postgres + namespace: {{ .Release.Namespace }} +data: + 02-init-db.sql: | + CREATE SCHEMA dim; + ALTER SCHEMA dim OWNER TO dim; + CREATE TABLE public.__efmigrations_history_dim ( + migration_id character varying(150) NOT NULL, + product_version character varying(32) NOT NULL + ); + ALTER TABLE public.__efmigrations_history_dim OWNER TO dim; +{{- end -}} diff --git a/charts/dim/templates/cronjob-processes.yaml b/charts/dim/templates/cronjob-processes.yaml new file mode 100644 index 0000000..bb01dd7 --- /dev/null +++ b/charts/dim/templates/cronjob-processes.yaml @@ -0,0 +1,136 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ include "dim.fullname" . }}-{{ .Values.processesworker.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dim.labels" . | nindent 4 }} +spec: + schedule: "*/5 * * * *" + concurrencyPolicy: Forbid + jobTemplate: + metadata: + name: {{ include "dim.fullname" . }}-{{ .Values.processesworker.name }} + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - name: {{ include "dim.fullname" . }}-{{ .Values.processesworker.name }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + image: "{{ .Values.processesworker.image.name }}:{{ .Values.processesworker.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.processesworker.imagePullPolicy }}" + env: + - name: DOTNET_ENVIRONMENT + value: "{{ .Values.dotnetEnvironment }}" + {{- if .Values.postgresql.enabled }} + - name: "DIM_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ template "dim.postgresSecretName" . }}" + key: "password" + - name: "CONNECTIONSTRINGS__DIMDB" + value: "Server={{ template "dim.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "DIM_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.secret }}" + key: "password" + - name: "CONNECTIONSTRINGS__DIMDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};" + {{- end }} + - name: "DIM__ADMINMAIL" + value: "{{ .Values.processesworker.dim.adminMail }}" + - name: "DIM__ROOTDIRECTORYID" + value: "{{ .Values.dim.rootDirectoryId }}" + - name: "DIM__CLIENTIDCISCENTRAL" + value: "{{ .Values.processesworker.dim.clientIdCisCentral }}" + - name: "DIM__CLIENTSECRETCISCENTRAL" + valueFrom: + secretKeyRef: + name: "{{ template "dim.secretName" . }}" + key: "client-secret-cis-central" + - name: "DIM__AUTHURL" + value: "{{ .Values.processesworker.dim.authUrl }}" + - name: "SUBACCOUNT__BASEURL" + value: "{{ .Values.processesworker.subaccount.baseUrl }}" + - name: "ENTITLEMENT__BASEURL" + value: "{{ .Values.processesworker.entitlement.baseUrl }}" + - name: "CF__CLIENTID" + value: "{{ .Values.processesworker.cf.clientId }}" + - name: "CF__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ template "dim.secretName" . }}" + key: "client-secret-cf" + - name: "CF__TOKENADDRESS" + value: "{{ .Values.processesworker.cf.tokenAddress }}" + - name: "CF__BASEURL" + value: "{{ .Values.processesworker.cf.baseUrl }}" + - name: "CF__GRANTTYPE" + value: "{{ .Values.processesworker.cf.grantType }}" + - name: "CALLBACK__USERNAME" + value: "empty" + - name: "CALLBACK__PASSWORD" + value: "empty" + - name: "CALLBACK__CLIENTID" + value: "{{ .Values.processesworker.callback.clientId }}" + - name: "CALLBACK__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ template "dim.secretName" . }}" + key: "client-secret-callback" + - name: "CALLBACK__GRANTTYPE" + value: "{{ .Values.processesworker.callback.grantType }}" + - name: "CALLBACK__SCOPE" + value: "{{ .Values.processesworker.callback.scope }}" + - name: "CALLBACK__TOKENADDRESS" + value: "{{ .Values.processesworker.callback.tokenAddress }}" + - name: "CALLBACK__BASEADDRESS" + value: "{{ .Values.processesworker.callback.baseAddress }}" + - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigIndex }}" + - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__INDEX" + value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.index }}" + - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ template "dim.secretName" . }}" + key: "technicalusercreation-encryption-key0" + - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__CIPHERMODE" + value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.cipherMode }}" + - name: "TECHNICALUSERCREATION__ENCRYPTIONCONFIGS__0__PADDINGMODE" + value: "{{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.paddingMode }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.processesworker.resources | nindent 14 }} diff --git a/charts/dim/templates/deployment.yaml b/charts/dim/templates/deployment.yaml new file mode 100644 index 0000000..aa7792d --- /dev/null +++ b/charts/dim/templates/deployment.yaml @@ -0,0 +1,156 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "dim.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dim.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + {{- toYaml .Values.updateStrategy | nindent 4 }} + selector: + matchLabels: + {{- include "dim.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "dim.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ include "dim.fullname" . }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + image: "{{ .Values.dim.image.name }}:{{ .Values.dim.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.dim.imagePullPolicy }}" + env: + - name: DOTNET_ENVIRONMENT + value: "{{ .Values.dotnetEnvironment }}" + {{- if .Values.postgresql.enabled }} + - name: "DIM_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ template "dim.postgresSecretName" . }}" + key: "password" + - name: "CONNECTIONSTRINGS__DIMDB" + value: "Server={{ template "dim.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "DIM_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.existingSecret }}" + key: "password" + - name: "CONNECTIONSTRINGS__DIMDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};" + {{- end }} + - name: "HEALTHCHECKS__0__PATH" + value: "{{ .Values.dim.healthChecks.startup.path}}" + {{- if .Values.dim.healthChecks.startup.tags }} + {{- toYaml .Values.dim.healthChecks.startup.tags | nindent 8 }} + {{- end }} + - name: "HEALTHCHECKS__1__PATH" + value: "{{ .Values.dim.healthChecks.readyness.path}}" + - name: "HEALTHCHECKS__2__PATH" + value: "{{ .Values.dim.healthChecks.liveness.path}}" + - name: "SWAGGERENABLED" + value: "{{ .Values.dim.swaggerEnabled }}" + - name: "DIM__ROOTDIRECTORYID" + value: "{{ .Values.dim.rootDirectoryId }}" + - name: "DIM__OPERATORID" + value: "{{ .Values.dim.operatorId }}" + - name: "JWTBEAREROPTIONS__METADATAADDRESS" + value: "{{ .Values.idp.address }}{{ .Values.idp.jwtBearerOptions.metadataPath }}" + - name: "JWTBEAREROPTIONS__REQUIREHTTPSMETADATA" + value: "{{ .Values.idp.jwtBearerOptions.requireHttpsMetadata }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDAUDIENCE" + value: "{{ .Values.idp.jwtBearerOptions.tokenValidationParameters.validAudience }}" + - name: "JWTBEAREROPTIONS__TOKENVALIDATIONPARAMETERS__VALIDISSUER" + value: "{{ .Values.idp.address }}{{ .Values.idp.jwtBearerOptions.tokenValidationParameters.validIssuerPath }}" + - name: "JWTBEAREROPTIONS__REFRESHINTERVAL" + value: "{{ .Values.idp.jwtBearerOptions.refreshInterval }}" + - name: "CF__CLIENTID" + value: "{{ .Values.processesworker.cf.clientId }}" + - name: "CF__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ template "dim.secretName" . }}" + key: "client-secret-cf" + - name: "CF__TOKENADDRESS" + value: "{{ .Values.processesworker.cf.tokenAddress }}" + - name: "CF__BASEURL" + value: "{{ .Values.processesworker.cf.baseUrl }}" + - name: "CF__GRANTTYPE" + value: "{{ .Values.processesworker.cf.grantType }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + startupProbe: + httpGet: + path: {{ .Values.dim.healthChecks.startup.path }} + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + livenessProbe: + httpGet: + path: {{ .Values.dim.healthChecks.liveness.path }} + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.dim.healthChecks.readyness.path }} + port: {{ .Values.portContainer }} + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + resources: + {{- toYaml .Values.dim.resources | nindent 10 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/dim/templates/ingress.yaml b/charts/dim/templates/ingress.yaml new file mode 100644 index 0000000..488b27a --- /dev/null +++ b/charts/dim/templates/ingress.yaml @@ -0,0 +1,80 @@ +{{- /* +* Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "dim.fullname" . -}} +{{- $svcPort := .Values.portService -}} +{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} + {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} + {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} + {{- end }} +{{- end }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1beta1 +{{- else -}} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "dim.labels" . | nindent 4 }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.className }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: {{ .pathType }} + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- else }} + serviceName: {{ $fullName }} + servicePort: {{ .backend.port }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/dim/templates/job-migrations.yaml b/charts/dim/templates/job-migrations.yaml new file mode 100644 index 0000000..f8ed646 --- /dev/null +++ b/charts/dim/templates/job-migrations.yaml @@ -0,0 +1,77 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "dim.fullname" . }}-{{ .Values.migrations.name }} + annotations: + "batch.kubernetes.io/job-tracking": "true" + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + name: {{ include "dim.fullname" . }}-{{ .Values.migrations.name }} + spec: + restartPolicy: Never + containers: + - name: {{ include "dim.fullname" . }}-{{ .Values.migrations.name }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + image: "{{ .Values.migrations.image.name }}:{{ .Values.migrations.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.migrations.imagePullPolicy }}" + env: + - name: DOTNET_ENVIRONMENT + value: "{{ .Values.dotnetEnvironment }}" + {{- if .Values.postgresql.enabled }} + - name: "DIM_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ template "dim.postgresSecretName" . }}" + key: "password" + - name: "CONNECTIONSTRINGS__DIMDB" + value: "Server={{ template "dim.postgresql.primary.fullname" . }};Database={{ .Values.postgresql.auth.database }};Port={{ .Values.postgresql.auth.port }};User Id={{ .Values.postgresql.auth.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};" + {{- end }} + {{- if not .Values.postgresql.enabled }} + - name: "DIM_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Values.externalDatabase.existingSecret }}" + key: "password" + - name: "CONNECTIONSTRINGS__DIMDB" + value: "Server={{ .Values.externalDatabase.host }};Database={{ .Values.externalDatabase.database }};Port={{ .Values.externalDatabase.port }};User Id={{ .Values.externalDatabase.username }};Password=$(DIM_PASSWORD);Ssl Mode={{ .Values.dbConnection.sslMode }};" + {{- end }} + - name: "SEEDING__TESTDATAENVIRONMENTS__0" + value: "{{ .Values.migrations.seeding.testDataEnvironments }}" + - name: "SEEDING__DATAPATHS__0" + value: "{{ .Values.migrations.seeding.testDataPaths }}" + - name: "SERILOG__MINIMUMLEVEL__Default" + value: "{{ .Values.migrations.logging.default }}" + ports: + - name: http + containerPort: {{ .Values.portContainer }} + protocol: TCP + resources: + {{- toYaml .Values.migrations.resources | nindent 10 }} diff --git a/charts/dim/templates/secret-external-db.yaml b/charts/dim/templates/secret-external-db.yaml new file mode 100644 index 0000000..5795e2c --- /dev/null +++ b/charts/dim/templates/secret-external-db.yaml @@ -0,0 +1,39 @@ +{{- /* +* Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if not .Values.postgresql.enabled -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.externalDatabase.existingSecret }} + namespace: {{ .Release.Namespace }} +type: Opaque +# use lookup function to check if secret exists +{{- $secret := (lookup "v1" "Secret" .Release.Namespace .Values.externalDatabase.existingSecret) }} +{{ if $secret -}} +data: + # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret + # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret + password: {{ ( .Values.externalDatabase.password | b64enc ) | default $secret.data.password | quote }} +{{ else -}} +stringData: + # if secret doesn't exist, use provided value from values file or generate a random one + password: {{ .Values.externalDatabase.password | default ( randAlphaNum 32 ) | quote }} +{{ end }} +{{- end -}} diff --git a/charts/dim/templates/secret-postgres.yaml b/charts/dim/templates/secret-postgres.yaml new file mode 100644 index 0000000..cd8b00d --- /dev/null +++ b/charts/dim/templates/secret-postgres.yaml @@ -0,0 +1,45 @@ +{{- /* +* Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if .Values.postgresql.enabled -}} +{{- $secretName := include "dim.postgresSecretName" . -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ $secretName }} + namespace: {{ .Release.Namespace }} +type: Opaque +# use lookup function to check if secret exists +{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{ if $secret -}} +data: + # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret + # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret + # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too + postgres-password: {{ ( .Values.postgresql.auth.postgrespassword | b64enc ) | default ( index $secret.data "postgres-password" ) | quote }} + password: {{ ( .Values.postgresql.auth.password | b64enc ) | default $secret.data.password | quote }} + replication-password: {{ ( .Values.postgresql.auth.replicationPassword | b64enc ) | default ( index $secret.data "replication-password" ) | quote}} +{{ else -}} +stringData: + # if secret doesn't exist, use provided value from values file or generate a random one + postgres-password: {{ .Values.postgresql.auth.postgrespassword | default ( randAlphaNum 32 ) | quote }} + password: {{ .Values.postgresql.auth.password | default ( randAlphaNum 32 ) | quote }} + replication-password: {{ .Values.postgresql.auth.replicationPassword | default ( randAlphaNum 32 ) | quote }} +{{ end }} +{{- end -}} diff --git a/charts/dim/templates/secret.yaml b/charts/dim/templates/secret.yaml new file mode 100644 index 0000000..6b51653 --- /dev/null +++ b/charts/dim/templates/secret.yaml @@ -0,0 +1,49 @@ +{{- /* +* Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +* +* See the NOTICE file(s) distributed with this work for additional +* information regarding copyright ownership. +* +* This program and the accompanying materials are made available under the +* terms of the Apache License, Version 2.0 which is available at +* https://www.apache.org/licenses/LICENSE-2.0. +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +* License for the specific language governing permissions and limitations +* under the License. +* +* SPDX-License-Identifier: Apache-2.0 +*/}} + +{{- if not .Values.existingSecret }} +{{- $secretName := include "dim.secretName" . -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "dim.secretName" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dim.labels" . | nindent 4 }} +type: Opaque +# use lookup function to check if secret exists +{{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }} +{{ if $secret -}} +data: + # if secret exists, use value provided from values file (to cover update scenario) or existing value from secret or generate a random one (if keys are added later on) + # use data map instead of stringData to prevent base64 encoding of already base64-encoded existing value from secret + # use index function for secret keys with hyphen otherwise '$secret.data.secretKey' works too + client-secret-cis-central: {{ coalesce ( .Values.processesworker.dim.clientSecretCisCentral | b64enc ) ( index $secret.data "client-secret-cis-central" ) | default ( randAlphaNum 32 ) | quote }} + client-secret-cf: {{ coalesce ( .Values.processesworker.cf.clientSecret | b64enc ) ( index $secret.data "client-secret-cf" ) | default ( randAlphaNum 32 ) | quote }} + client-secret-callback: {{ coalesce ( .Values.processesworker.callback.clientSecret | b64enc ) ( index $secret.data "client-secret-callback" ) | default ( randAlphaNum 32 ) | quote }} + technicalusercreation-encryption-key0: {{ coalesce ( .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "technicalusercreation-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} +{{ else -}} +stringData: + # if secret doesn't exist, use provided value from values file or generate a random one + client-secret-cis-central: {{ .Values.processesworker.dim.clientSecretCisCentral | default ( randAlphaNum 32 ) | quote }} + client-secret-cf: {{ .Values.processesworker.cf.clientSecret | default ( randAlphaNum 32 ) | quote }} + client-secret-callback: {{ .Values.processesworker.callback.clientSecret | default ( randAlphaNum 32 ) | quote }} + technicalusercreation-encryption-key0: {{ .Values.processesworker.technicalUserCreation.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} +{{ end }} +{{- end -}} diff --git a/charts/dim/templates/service.yaml b/charts/dim/templates/service.yaml new file mode 100644 index 0000000..2eca167 --- /dev/null +++ b/charts/dim/templates/service.yaml @@ -0,0 +1,34 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "dim.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dim.labels" . | nindent 4 }} +spec: + type: ClusterIP + ports: + - port: {{ .Values.portService }} + targetPort: {{ .Values.portContainer }} + selector: + {{- include "dim.selectorLabels" . | nindent 4 }} + diff --git a/charts/dim/values.yaml b/charts/dim/values.yaml new file mode 100644 index 0000000..b085b63 --- /dev/null +++ b/charts/dim/values.yaml @@ -0,0 +1,282 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +dim: + image: + name: "ghcr.io/sap/dim-client_dim-service" + tag: "" + imagePullPolicy: "IfNotPresent" + # -- We recommend to review the default resource limits as this should a conscious choice. + resources: + requests: + cpu: 15m + memory: 300M + limits: + cpu: 45m + memory: 300M + healthChecks: + startup: + path: "/health/startup" + tags: + - name: "HEALTHCHECKS__0__TAGS__1" + value: "dimdb" + liveness: + path: "/healthz" + readyness: + path: "/ready" + swaggerEnabled: false + rootDirectoryId: "00000000-0000-0000-0000-000000000000" + operatorId: "00000000-0000-0000-0000-000000000000" + +migrations: + name: "migrations" + image: + name: "ghcr.io/sap/dim-client_dim-migrations" + tag: "" + imagePullPolicy: "IfNotPresent" + # -- We recommend to review the default resource limits as this should a conscious choice. + resources: + requests: + cpu: 15m + memory: 200M + limits: + cpu: 45m + memory: 200M + seeding: + testDataEnvironments: "" + testDataPaths: "Seeder/Data" + logging: + default: "Information" + +processesworker: + name: "processesworker" + image: + name: "ghcr.io/sap/dim-client_dim-processes-worker" + tag: "" + imagePullPolicy: "IfNotPresent" + # -- We recommend to review the default resource limits as this should a conscious choice. + resources: + requests: + cpu: 15m + memory: 300M + limits: + cpu: 45m + memory: 300M + dim: + adminMail: "mail@example.org" + clientIdCisCentral: "" + clientSecretCisCentral: "" + authUrl: "" + subaccount: + # -- Url to the subaccount service api + baseUrl: "" + entitlement: + # -- Url to the entitlement service api + baseUrl: "" + cf: + clientId: "" + clientSecret: "" + tokenAddress: "" + # -- Url to the cf service api + baseUrl: "" + grantType: "client_credentials" + callback: + scope: "openid" + grantType: "client_credentials" + # -- Provide client-id for callback. + clientId: "" + # -- Client-secret for callback client-id. Secret-key 'callback-client-secret'. + clientSecret: "" + tokenAddress: "" + # -- Url to the cf service api + baseAddress: "" + technicalUserCreation: + encryptionConfigIndex: 0 + encryptionConfigs: + index0: + index: 0 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey to encrypt the technical user client-secret. Secret-key 'technicalusercreation-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. + encryptionKey: "" + +# -- Secret containing "client-secret-cis-central", "client-secret-cf" and "client-secret-callback" +existingSecret: "" + +dotnetEnvironment: "Production" + +dbConnection: + schema: "dim" + sslMode: "Disable" + +postgresql: + # -- PostgreSQL chart configuration; + # default configurations: + # host: "dim-postgresql-primary", + # port: 5432; + # Switch to enable or disable the PostgreSQL helm chart. + enabled: true + # -- Setting image tag to major to get latest minor updates + image: + tag: "15-debian-12" + commonLabels: + app.kubernetes.io/version: "15" + auth: + # -- Non-root username. + username: dim + # -- Database name. + database: dim + # -- Secret containing the passwords for root usernames postgres and non-root username dim. + # Should not be changed without changing the "dim-postgresSecretName" template as well. + existingSecret: "{{ .Release.Name }}-dim-postgres" + # -- Password for the root username 'postgres'. Secret-key 'postgres-password'. + postgrespassword: "" + # -- Password for the non-root username 'dim'. Secret-key 'password'. + password: "" + # -- Password for the non-root username 'repl_user'. Secret-key 'replication-password'. + replicationPassword: "" + architecture: replication + audit: + pgAuditLog: "write, ddl" + logLinePrefix: "%m %u %d " + primary: + # -- Extended PostgreSQL Primary configuration (increase of max_connections recommended - default is 100) + extendedConfiguration: "" + initdb: + scriptsConfigMap: "{{ .Release.Name }}-dim-cm-postgres" + readReplicas: + # -- Extended PostgreSQL read only replicas configuration (increase of max_connections recommended - default is 100) + extendedConfiguration: "" + +externalDatabase: + # -- External PostgreSQL configuration + # IMPORTANT: non-root db user needs to be created beforehand on external database. + # And the init script (02-init-db.sql) available in templates/configmap-postgres-init.yaml + # needs to be executed beforehand. + # Database host ('-primary' is added as postfix). + host: "dim-postgres-ext" + # -- Database port number. + port: 5432 + # -- Non-root username for dim. + username: "dim" + # -- Database name. + database: "dim" + # -- Password for the non-root username (default 'dim'). Secret-key 'password'. + password: "" + # -- Secret containing the password non-root username, (default 'dim'). + existingSecret: "dim-external-db" + +# -- Provide details about idp instance. +idp: + # -- Provide idp base address, without trailing '/auth'. + address: "https://centralidp.example.org" + authRealm: "CX-Central" + jwtBearerOptions: + requireHttpsMetadata: "true" + metadataPath: "/auth/realms/CX-Central/.well-known/openid-configuration" + tokenValidationParameters: + validIssuerPath: "/auth/realms/CX-Central" + validAudience: "DIM-Middle-Layer" + refreshInterval: "00:00:30" + tokenPath: "/auth/realms/CX-Central/protocol/openid-connect/token" + # -- Flag if the api should be used with an leading /auth path + useAuthTrail: true + +ingress: + # -- DIM ingress parameters, + # enable ingress record generation for dim. + enabled: false + # className: "nginx" + ## Optional annotations when using the nginx ingress class + # annotations: + # nginx.ingress.kubernetes.io/use-regex: "true" + # nginx.ingress.kubernetes.io/enable-cors: "true" + # nginx.ingress.kubernetes.io/proxy-body-size: "8m" + # # -- Provide CORS allowed origin. + # nginx.ingress.kubernetes.io/cors-allow-origin: "https://*.example.org" + tls: + # -- Provide tls secret. + - secretName: "" + # -- Provide host for tls secret. + hosts: + - "" + hosts: + # -- Provide default path for the ingress record. + - host: "" + paths: + - path: "/api/dim" + pathType: "Prefix" + backend: + port: 8080 + +portContainer: 8080 + +portService: 8080 + +replicaCount: 3 + +# -- Node labels for pod assignment +nodeSelector: {} + +# -- Tolerations for pod assignment +tolerations: [] + +affinity: +# -- Following Catena-X Helm Best Practices, +# [reference](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity). + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: DoesNotExist + topologyKey: kubernetes.io/hostname + +updateStrategy: +# -- Update strategy type, +# rolling update configuration parameters, +# [reference](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies). + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + +# -- Following Catena-X Helm Best Practices, +# [reference](https://github.com/helm/charts/blob/master/stable/nginx-ingress/values.yaml#L210). +startupProbe: + failureThreshold: 30 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 +livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 10 +readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 diff --git a/consortia/argocd-app-templates/appsetup-dev.yaml b/consortia/argocd-app-templates/appsetup-dev.yaml new file mode 100644 index 0000000..24996e3 --- /dev/null +++ b/consortia/argocd-app-templates/appsetup-dev.yaml @@ -0,0 +1,41 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dim +spec: + destination: + namespace: product-iam + server: 'https://kubernetes.default.svc' + source: + path: charts/dim + repoURL: 'https://github.com/sap/dim-client.git' + targetRevision: main + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../consortia/environments/values-dev.yaml' + project: project-portal + syncPolicy: + automated: + prune: true diff --git a/consortia/argocd-app-templates/appsetup-int.yaml b/consortia/argocd-app-templates/appsetup-int.yaml new file mode 100644 index 0000000..a22bc56 --- /dev/null +++ b/consortia/argocd-app-templates/appsetup-int.yaml @@ -0,0 +1,38 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: dim +spec: + destination: + namespace: product-iam + server: 'https://kubernetes.default.svc' + source: + path: charts/dim + repoURL: 'https://github.com/sap/dim-client.git' + targetRevision: dim-1.0.0 + plugin: + env: + - name: AVP_SECRET + value: vault-secret + - name: helm_args + value: '-f values.yaml -f ../../consortia/environments/values-int.yaml' + project: project-portal diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml new file mode 100644 index 0000000..e314eb2 --- /dev/null +++ b/consortia/environments/values-dev.yaml @@ -0,0 +1,104 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "8m" + nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.dev.demo.catena-x.net" + tls: + - secretName: "tls-secret" + hosts: + - "dim.dev.demo.catena-x.net" + hosts: + - host: "dim.dev.demo.catena-x.net" + paths: + - path: "/api/dim" + pathType: "Prefix" + backend: + port: 8080 + +dim: + image: + tag: "main" + imagePullPolicy: "Always" + swaggerEnabled: true + rootDirectoryId: "27fee02a-e265-4cfc-af70-4f217a33840b" + operatorId: "27fee02a-e265-4cfc-af70-4f217a33840b" + +migrations: + image: + tag: "main" + imagePullPolicy: "Always" + logging: + default: "Debug" + +processesworker: + image: + tag: "main" + imagePullPolicy: "Always" + logging: + default: "Debug" + dim: + adminMail: "phil.schneider@digitalnativesolutions.de" + clientIdCisCentral: "" + clientSecretCisCentral: "" + authUrl: "https://catena-x-int-dim.authentication.eu10.hana.ondemand.com" + subaccount: + # -- Url to the subaccount service api + baseUrl: "https://accounts-service.cfapps.eu10.hana.ondemand.com" + entitlement: + # -- Url to the entitlement service api + baseUrl: "https://entitlements-service.cfapps.eu10.hana.ondemand.com" + cf: + clientId: "" + clientSecret: "" + tokenAddress: "https://login.cf.eu10.hana.ondemand.com/oauth/token" + # -- Url to the cf service api + baseUrl: "https://api.cf.eu10.hana.ondemand.com" + grantType: "client_credentials" + callback: + scope: "openid" + grantType: "client_credentials" + # -- Provide client-id for callback. + clientId: "" + # -- Client-secret for callback client-id. Secret-key 'callback-client-secret'. + clientSecret: "" + tokenAddress: "http://centralidp.dev.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" + # -- Url to the cf service api + baseAddress: "https://portal-backend.dev.demo.catena-x.net" + technicalUserCreation: + encryptionConfigs: + index0: + encryptionKey: "<" + +idp: + address: "https://centralidp.dev.demo.catena-x.net" + jwtBearerOptions: + tokenValidationParameters: + validAudience: "DIM-Middle-Layer" + +postgresql: + auth: + postgrespassword: "" + password: "" + replicationPassword: "" diff --git a/consortia/environments/values-int.yaml b/consortia/environments/values-int.yaml new file mode 100644 index 0000000..0c7249b --- /dev/null +++ b/consortia/environments/values-int.yaml @@ -0,0 +1,95 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +ingress: + enabled: true + className: "nginx" + annotations: + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/enable-cors: "true" + nginx.ingress.kubernetes.io/proxy-body-size: "8m" + nginx.ingress.kubernetes.io/cors-allow-origin: "http://localhost:3000, https://*.int.demo.catena-x.net" + tls: + - secretName: "tls-secret" + hosts: + - "dim.int.demo.catena-x.net" + hosts: + - host: "dim.int.demo.catena-x.net" + paths: + - path: "/api/dim" + pathType: "Prefix" + backend: + port: 8080 + +dim: + swaggerEnabled: true + rootDirectoryId: "27fee02a-e265-4cfc-af70-4f217a33840b" + operatorId: "27fee02a-e265-4cfc-af70-4f217a33840b" + +migrations: + logging: + default: "Debug" + +processesworker: + logging: + default: "Debug" + dim: + adminMail: "phil.schneider@digitalnativesolutions.de" + clientIdCisCentral: "" + clientSecretCisCentral: "" + authUrl: "https://catena-x-int-dim.authentication.eu10.hana.ondemand.com" + subaccount: + # -- Url to the subaccount service api + baseUrl: "https://accounts-service.cfapps.eu10.hana.ondemand.com" + entitlement: + # -- Url to the entitlement service api + baseUrl: "https://entitlements-service.cfapps.eu10.hana.ondemand.com" + cf: + clientId: "" + clientSecret: "" + tokenAddress: "https://login.cf.eu10.hana.ondemand.com/oauth/token" + # -- Url to the cf service api + baseUrl: "https://api.cf.eu10.hana.ondemand.com" + grantType: "client_credentials" + callback: + scope: "openid" + grantType: "client_credentials" + # -- Provide client-id for callback. + clientId: "" + # -- Client-secret for callback client-id. Secret-key 'callback-client-secret'. + clientSecret: "" + tokenAddress: "http://centralidp.int.demo.catena-x.net/auth/realms/CX-Central/protocol/openid-connect/token" + # -- Url to the cf service api + baseAddress: "https://portal-backend.dev.demo.catena-x.net" + technicalUserCreation: + encryptionConfigs: + index0: + encryptionKey: "<" + +idp: + address: "https://centralidp.int.demo.catena-x.net" + jwtBearerOptions: + tokenValidationParameters: + validAudience: "DIM-Middle-Layer" + +postgresql: + auth: + postgrespassword: "" + password: "" + replicationPassword: "" diff --git a/docker/Dockerfile-dim-migrations b/docker/Dockerfile-dim-migrations new file mode 100644 index 0000000..7d3b68a --- /dev/null +++ b/docker/Dockerfile-dim-migrations @@ -0,0 +1,36 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +FROM mcr.microsoft.com/dotnet/runtime:8.0-alpine AS base + +FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS publish +WORKDIR / +COPY LICENSE / +COPY /src/database /src/database +COPY /src/processes/Processes.Worker.Library /src/processes/Processes.Worker.Library +WORKDIR /src/database/Dim.Migrations +RUN dotnet publish "Dim.Migrations.csproj" -c Release -o /migrations/publish + +FROM base AS final +ENV COMPlus_EnableDiagnostics=0 +WORKDIR /migrations +COPY --from=publish /migrations/publish . +RUN chown -R 1000:3000 /migrations +USER 1000:3000 +ENTRYPOINT ["dotnet", "Dim.Migrations.dll"] diff --git a/docker/Dockerfile-dim-processes-worker b/docker/Dockerfile-dim-processes-worker new file mode 100644 index 0000000..30db907 --- /dev/null +++ b/docker/Dockerfile-dim-processes-worker @@ -0,0 +1,36 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +FROM mcr.microsoft.com/dotnet/runtime:8.0-alpine AS base + +FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS publish +WORKDIR / +COPY LICENSE / +COPY src/ src/ +RUN dotnet restore "src/processes/Processes.Worker/Processes.Worker.csproj" +WORKDIR /src/processes/Processes.Worker +RUN dotnet publish "Processes.Worker.csproj" -c Release -o /app/publish + +FROM base AS final +ENV COMPlus_EnableDiagnostics=0 +WORKDIR /app +COPY --from=publish /app/publish . +RUN chown -R 1000:3000 /app +USER 1000:3000 +ENTRYPOINT ["dotnet", "Processes.Worker.dll"] diff --git a/docker/Dockerfile-dim-service b/docker/Dockerfile-dim-service new file mode 100644 index 0000000..bd0bb37 --- /dev/null +++ b/docker/Dockerfile-dim-service @@ -0,0 +1,37 @@ +############################################################### +# Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +############################################################### + +FROM mcr.microsoft.com/dotnet/aspnet:8.0-alpine AS base + +FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS publish +WORKDIR / +COPY LICENSE / +COPY src/ src/ +WORKDIR /src/web/Dim.Web +RUN dotnet publish "Dim.Web.csproj" -c Release -o /app/publish + +FROM base AS final +ENV COMPlus_EnableDiagnostics=0 +WORKDIR /app +COPY --from=publish /app/publish . +ENV ASPNETCORE_URLS http://+:8080 +EXPOSE 8080 +RUN chown -R 1000:3000 /app +USER 1000:3000 +ENTRYPOINT ["dotnet", "Dim.Web.dll"] diff --git a/src/Directory.Build.props b/src/Directory.Build.props new file mode 100644 index 0000000..0ad9c13 --- /dev/null +++ b/src/Directory.Build.props @@ -0,0 +1,25 @@ + + + + + 1.0.0 + + + diff --git a/src/clients/Dim.Clients/Api/Cf/AddSpaceRoleToUserRequest.cs b/src/clients/Dim.Clients/Api/Cf/AddSpaceRoleToUserRequest.cs index 168f9fd..251a6e6 100644 --- a/src/clients/Dim.Clients/Api/Cf/AddSpaceRoleToUserRequest.cs +++ b/src/clients/Dim.Clients/Api/Cf/AddSpaceRoleToUserRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Cf/CfClient.cs b/src/clients/Dim.Clients/Api/Cf/CfClient.cs index 140f84a..0659cbb 100644 --- a/src/clients/Dim.Clients/Api/Cf/CfClient.cs +++ b/src/clients/Dim.Clients/Api/Cf/CfClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -119,9 +119,9 @@ public async Task GetServicePlan(string servicePlanName, string servicePla var servicePlans = response.Resources.Where(x => x.Name == servicePlanType && x.BrokerCatalog?.BrokerCatalogMetadata?.AutoSubscription?.AppName == servicePlanName); - if (response == null || servicePlans.Count() != 1) + if (servicePlans.Count() != 1) { - throw new ServiceException($"There must be exactly one service plan with name {servicePlanName} and type {servicePlanType}"); + throw new ServiceException($"There must be exactly one service plan with name {servicePlanName} and type {servicePlanType}", isRecoverable: !servicePlans.Any()); } return servicePlans.Single().Id; @@ -132,6 +132,37 @@ public async Task GetServicePlan(string servicePlanName, string servicePla } } + public async Task GetSpace(string tenantName, CancellationToken cancellationToken) + { + var spaceName = $"{tenantName}-space"; + var client = await _basicAuthTokenService.GetBasicAuthorizedLegacyClient(_settings, cancellationToken).ConfigureAwait(false); + var result = await client.GetAsync("/v3/spaces", cancellationToken) + .CatchingIntoServiceExceptionFor("get-space", HttpAsyncResponseMessageExtension.RecoverOptions.ALLWAYS).ConfigureAwait(false); + try + { + var response = await result.Content + .ReadFromJsonAsync(JsonSerializerExtensions.Options, cancellationToken) + .ConfigureAwait(false); + + if (response == null) + { + throw new ServiceException("response should never be null here"); + } + + var spaces = response.Resources.Where(x => x.Name == spaceName); + if (spaces.Count() != 1) + { + throw new ServiceException($"There must be exactly one space with name {spaceName}", isRecoverable: !spaces.Any()); + } + + return spaces.Single().Id; + } + catch (JsonException je) + { + throw new ServiceException(je.Message); + } + } + public async Task CreateDimServiceInstance(string tenantName, Guid spaceId, Guid servicePlanId, CancellationToken cancellationToken) { var client = await _basicAuthTokenService.GetBasicAuthorizedLegacyClient(_settings, cancellationToken).ConfigureAwait(false); @@ -163,10 +194,10 @@ private async Task GetServiceInstances(string tenantName, Guid? spaceId, C } var name = $"{tenantName}-dim-instance"; - var resources = response.Resources.Where(x => x.Name == name && x.Type == "managed" && (spaceId == null || x.Relationships.Space.Data.Id == spaceId.Value)); + var resources = response.Resources.Where(x => x.Name == name && x.Type == "managed" && (spaceId == null || x.Relationships.Space.Data.Id == spaceId.Value) && x.LastOperation.State == "succeeded"); if (resources.Count() != 1) { - throw new ServiceException($"There must be exactly one service instance"); + throw new ServiceException("There must be exactly one service instance", isRecoverable: !resources.Any()); } return resources.Single().Id; @@ -177,13 +208,13 @@ private async Task GetServiceInstances(string tenantName, Guid? spaceId, C } } - public async Task CreateServiceInstanceBindings(string tenantName, Guid spaceId, CancellationToken cancellationToken) + public async Task CreateServiceInstanceBindings(string tenantName, string? keyName, Guid spaceId, CancellationToken cancellationToken) { var serviceInstanceId = await GetServiceInstances(tenantName, spaceId, cancellationToken).ConfigureAwait(false); var client = await _basicAuthTokenService.GetBasicAuthorizedLegacyClient(_settings, cancellationToken).ConfigureAwait(false); var data = new CreateServiceCredentialBindingRequest( "key", - $"{tenantName}-dim-key01", + $"{keyName ?? tenantName}-dim-key01", new ServiceCredentialRelationships( new DimServiceInstance(new DimData(serviceInstanceId))) ); @@ -210,7 +241,7 @@ public async Task GetServiceBinding(string tenantName, Guid spaceId, strin var resources = response.Resources.Where(x => x.Relationships.ServiceInstance.Data.Id == serviceInstanceId); if (resources.Count() != 1) { - throw new ServiceException($"There must be exactly one service credential binding"); + throw new ServiceException("There must be exactly one service credential binding", isRecoverable: !resources.Any()); } return resources.Single().Id; @@ -234,7 +265,7 @@ public async Task GetServiceBindingDetai if (response == null) { - throw new ServiceException($"There must be exactly one service instance"); + throw new ServiceException("There must be exactly one service instance", isRecoverable: true); } return response; diff --git a/src/clients/Dim.Clients/Api/Cf/CreateCfeRequest.cs b/src/clients/Dim.Clients/Api/Cf/CreateCfeRequest.cs index 46c5f26..fc09c52 100644 --- a/src/clients/Dim.Clients/Api/Cf/CreateCfeRequest.cs +++ b/src/clients/Dim.Clients/Api/Cf/CreateCfeRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfClientServiceExtensions.cs index 544c9f0..b7fb130 100644 --- a/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfSettings.cs b/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfSettings.cs index df0560e..3f80d30 100644 --- a/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfSettings.cs +++ b/src/clients/Dim.Clients/Api/Cf/DependencyInjection/CfSettings.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Cf/ICfClient.cs b/src/clients/Dim.Clients/Api/Cf/ICfClient.cs index 603392b..f3315fc 100644 --- a/src/clients/Dim.Clients/Api/Cf/ICfClient.cs +++ b/src/clients/Dim.Clients/Api/Cf/ICfClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -24,8 +24,9 @@ public interface ICfClient Task CreateCloudFoundrySpace(string tenantName, CancellationToken cancellationToken); Task AddSpaceRoleToUser(string type, string user, Guid spaceId, CancellationToken cancellationToken); Task GetServicePlan(string servicePlanName, string servicePlanType, CancellationToken cancellationToken); + Task GetSpace(string tenantName, CancellationToken cancellationToken); Task CreateDimServiceInstance(string tenantName, Guid spaceId, Guid servicePlanId, CancellationToken cancellationToken); - Task CreateServiceInstanceBindings(string tenantName, Guid spaceId, CancellationToken cancellationToken); + Task CreateServiceInstanceBindings(string tenantName, string? keyName, Guid spaceId, CancellationToken cancellationToken); Task GetServiceBinding(string tenantName, Guid spaceId, string bindingName, CancellationToken cancellationToken); Task GetServiceBindingDetails(Guid id, CancellationToken cancellationToken); } diff --git a/src/clients/Dim.Clients/Api/Cf/ServicePlanResponse.cs b/src/clients/Dim.Clients/Api/Cf/ServicePlanResponse.cs index 248a339..8a6d80d 100644 --- a/src/clients/Dim.Clients/Api/Cf/ServicePlanResponse.cs +++ b/src/clients/Dim.Clients/Api/Cf/ServicePlanResponse.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -52,13 +52,18 @@ public record ServiceInstanceResource( [property: JsonPropertyName("guid")] Guid Id, [property: JsonPropertyName("name")] string Name, [property: JsonPropertyName("type")] string Type, - [property: JsonPropertyName("relationships")] ServiceInstanceRelationship Relationships + [property: JsonPropertyName("relationships")] ServiceInstanceRelationship Relationships, + [property: JsonPropertyName("last_operation")] LastOperation LastOperation ); public record ServiceInstanceRelationship( [property: JsonPropertyName("space")] ServiceInstanceRelationshipSpace Space ); +public record LastOperation( + [property: JsonPropertyName("state")] string State +); + public record ServiceInstanceRelationshipSpace( [property: JsonPropertyName("data")] DimData Data ); diff --git a/src/clients/Dim.Clients/Api/Cf/SpaceResponse.cs b/src/clients/Dim.Clients/Api/Cf/SpaceResponse.cs new file mode 100644 index 0000000..21f9234 --- /dev/null +++ b/src/clients/Dim.Clients/Api/Cf/SpaceResponse.cs @@ -0,0 +1,31 @@ +/******************************************************************************** + * Copyright (c) 2024 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +using System.Text.Json.Serialization; + +namespace Dim.Clients.Api.Cf; + +public record SpaceResponse( + [property: JsonPropertyName("resources")] IEnumerable Resources +); + +public record Space( + [property: JsonPropertyName("guid")] Guid Id, + [property: JsonPropertyName("name")] string Name +); diff --git a/src/clients/Dim.Clients/Api/Dim/ApplicationResponse.cs b/src/clients/Dim.Clients/Api/Dim/ApplicationResponse.cs index 0525faf..62aa249 100644 --- a/src/clients/Dim.Clients/Api/Dim/ApplicationResponse.cs +++ b/src/clients/Dim.Clients/Api/Dim/ApplicationResponse.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Dim/CompanyIdentityPatch.cs b/src/clients/Dim.Clients/Api/Dim/CompanyIdentityPatch.cs index 91fb437..a00fe47 100644 --- a/src/clients/Dim.Clients/Api/Dim/CompanyIdentityPatch.cs +++ b/src/clients/Dim.Clients/Api/Dim/CompanyIdentityPatch.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Dim/CreateApplicationRequest.cs b/src/clients/Dim.Clients/Api/Dim/CreateApplicationRequest.cs index e2bf29b..251d193 100644 --- a/src/clients/Dim.Clients/Api/Dim/CreateApplicationRequest.cs +++ b/src/clients/Dim.Clients/Api/Dim/CreateApplicationRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Dim/CreateCompanyIdentityRequest.cs b/src/clients/Dim.Clients/Api/Dim/CreateCompanyIdentityRequest.cs index d27a7dc..d9defbc 100644 --- a/src/clients/Dim.Clients/Api/Dim/CreateCompanyIdentityRequest.cs +++ b/src/clients/Dim.Clients/Api/Dim/CreateCompanyIdentityRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Dim/DependencyInjection/DimClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Dim/DependencyInjection/DimClientServiceExtensions.cs index a938f15..2b15295 100644 --- a/src/clients/Dim.Clients/Api/Dim/DependencyInjection/DimClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Dim/DependencyInjection/DimClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Dim/DimClient.cs b/src/clients/Dim.Clients/Api/Dim/DimClient.cs index 810a169..50bacac 100644 --- a/src/clients/Dim.Clients/Api/Dim/DimClient.cs +++ b/src/clients/Dim.Clients/Api/Dim/DimClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -155,4 +155,60 @@ await client.PatchAsJsonAsync($"{dimBaseUrl}/api/v2.0.0/companyIdentities/{compa return (false, message); }).ConfigureAwait(false); } + + public async Task GetStatusList(BasicAuthSettings dimAuth, string dimBaseUrl, Guid companyId, CancellationToken cancellationToken) + { + var client = await _basicAuthTokenService.GetBasicAuthorizedClient(dimAuth, cancellationToken).ConfigureAwait(false); + var result = await client.GetAsync($"{dimBaseUrl}/api/v2.0.0/companyIdentities/{companyId}/revocationLists", cancellationToken); + try + { + var response = await result.Content + .ReadFromJsonAsync(JsonSerializerExtensions.Options, cancellationToken) + .ConfigureAwait(false); + if (response == null) + { + throw new ServiceException("Response must not be null"); + } + + if (!response.Data.Any(x => x.RemainingSpace > 0)) + { + throw new ConflictException("There is no status list with remaining space, please create a new one."); + } + + return response.Data.First(x => x.RemainingSpace > 0).StatusListCredential; + } + catch (JsonException je) + { + throw new ServiceException(je.Message); + } + } + + public async Task CreateStatusList(BasicAuthSettings dimAuth, string dimBaseUrl, Guid companyId, CancellationToken cancellationToken) + { + var client = await _basicAuthTokenService.GetBasicAuthorizedClient(dimAuth, cancellationToken).ConfigureAwait(false); + var data = new CreateStatusListRequest(new CreateStatusListPaypload(new CreateStatusList("StatusList2021", DateTimeOffset.UtcNow.ToString("yyyyMMdd"), "New revocation list", 2097152))); + var result = await client.PostAsJsonAsync($"{dimBaseUrl}/api/v2.0.0/companyIdentities/{companyId}/revocationLists", data, JsonSerializerExtensions.Options, cancellationToken) + .CatchingIntoServiceExceptionFor("assign-application", HttpAsyncResponseMessageExtension.RecoverOptions.INFRASTRUCTURE, + async m => + { + var message = await m.Content.ReadAsStringAsync().ConfigureAwait(false); + return (false, message); + }).ConfigureAwait(false); + try + { + var response = await result.Content + .ReadFromJsonAsync(JsonSerializerExtensions.Options, cancellationToken) + .ConfigureAwait(false); + if (response == null) + { + throw new ServiceException("Response must not be null"); + } + + return response.RevocationVc.Id; + } + catch (JsonException je) + { + throw new ServiceException(je.Message); + } + } } diff --git a/src/clients/Dim.Clients/Api/Dim/IDimClient.cs b/src/clients/Dim.Clients/Api/Dim/IDimClient.cs index aef6ba2..32d2b00 100644 --- a/src/clients/Dim.Clients/Api/Dim/IDimClient.cs +++ b/src/clients/Dim.Clients/Api/Dim/IDimClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. @@ -30,4 +30,6 @@ public interface IDimClient Task GetApplication(BasicAuthSettings dimAuth, string dimBaseUrl, string applicationId, CancellationToken cancellationToken); Task AssignApplicationToCompany(BasicAuthSettings dimAuth, string dimBaseUrl, string applicationKey, Guid companyId, CancellationToken cancellationToken); + Task GetStatusList(BasicAuthSettings dimAuth, string dimBaseUrl, Guid companyId, CancellationToken cancellationToken); + Task CreateStatusList(BasicAuthSettings dimAuth, string dimBaseUrl, Guid companyId, CancellationToken cancellationToken); } diff --git a/src/clients/Dim.Clients/Api/Dim/StatusListResponse.cs b/src/clients/Dim.Clients/Api/Dim/StatusListResponse.cs new file mode 100644 index 0000000..187c922 --- /dev/null +++ b/src/clients/Dim.Clients/Api/Dim/StatusListResponse.cs @@ -0,0 +1,60 @@ +/******************************************************************************** + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0. + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the + * License for the specific language governing permissions and limitations + * under the License. + * + * SPDX-License-Identifier: Apache-2.0 + ********************************************************************************/ + +using System.Text.Json.Serialization; + +namespace Dim.Clients.Api.Dim; + +public record CreateStatusListRequest( + [property: JsonPropertyName("payload")] CreateStatusListPaypload Payload +); + +public record CreateStatusListPaypload( + [property: JsonPropertyName("create")] CreateStatusList Create +); + +public record CreateStatusList( + [property: JsonPropertyName("type")] string Type, + [property: JsonPropertyName("name")] string Name, + [property: JsonPropertyName("description")] string Description, + [property: JsonPropertyName("length")] int Length +); + +public record CreateStatusListResponse( + [property: JsonPropertyName("id")] Guid Id, + [property: JsonPropertyName("revocationVc")] RevocationVc RevocationVc +); + +public record RevocationVc( + [property: JsonPropertyName("id")] string Id +); + +public record StatusListListResponse( + [property: JsonPropertyName("count")] int Count, + [property: JsonPropertyName("data")] IEnumerable Data +); + +public record StatusListResponse( + [property: JsonPropertyName("id")] string Id, + [property: JsonPropertyName("name")] string Name, + [property: JsonPropertyName("statusListCredential")] string StatusListCredential, + [property: JsonPropertyName("type")] string Type, + [property: JsonPropertyName("length")] int Length, + [property: JsonPropertyName("remainingSpace")] int RemainingSpace +); diff --git a/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectoryClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectoryClientServiceExtensions.cs index 8046c45..a28c420 100644 --- a/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectoryClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectoryClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectorySettings.cs b/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectorySettings.cs index f009a26..b9300d0 100644 --- a/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectorySettings.cs +++ b/src/clients/Dim.Clients/Api/Directories/DependencyInjection/DirectorySettings.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Directories/DirectoryClient.cs b/src/clients/Dim.Clients/Api/Directories/DirectoryClient.cs index ccb8823..f541126 100644 --- a/src/clients/Dim.Clients/Api/Directories/DirectoryClient.cs +++ b/src/clients/Dim.Clients/Api/Directories/DirectoryClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Directories/DirectoryRequest.cs b/src/clients/Dim.Clients/Api/Directories/DirectoryRequest.cs index 7d1b860..710fd66 100644 --- a/src/clients/Dim.Clients/Api/Directories/DirectoryRequest.cs +++ b/src/clients/Dim.Clients/Api/Directories/DirectoryRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Directories/IDirectoryClient.cs b/src/clients/Dim.Clients/Api/Directories/IDirectoryClient.cs index 9c25577..9d3bf51 100644 --- a/src/clients/Dim.Clients/Api/Directories/IDirectoryClient.cs +++ b/src/clients/Dim.Clients/Api/Directories/IDirectoryClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Entitlements/CreateSubAccountRequest.cs b/src/clients/Dim.Clients/Api/Entitlements/CreateSubAccountRequest.cs index aa5622a..e37315c 100644 --- a/src/clients/Dim.Clients/Api/Entitlements/CreateSubAccountRequest.cs +++ b/src/clients/Dim.Clients/Api/Entitlements/CreateSubAccountRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementClientServiceExtensions.cs index 768e672..c9caeb6 100644 --- a/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementSettings.cs b/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementSettings.cs index 394967a..86e809a 100644 --- a/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementSettings.cs +++ b/src/clients/Dim.Clients/Api/Entitlements/DependencyInjection/EntitlementSettings.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Entitlements/EntitlementClient.cs b/src/clients/Dim.Clients/Api/Entitlements/EntitlementClient.cs index 4f80830..419b3b0 100644 --- a/src/clients/Dim.Clients/Api/Entitlements/EntitlementClient.cs +++ b/src/clients/Dim.Clients/Api/Entitlements/EntitlementClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Entitlements/IEntitlementClient.cs b/src/clients/Dim.Clients/Api/Entitlements/IEntitlementClient.cs index 8c37af8..abb1571 100644 --- a/src/clients/Dim.Clients/Api/Entitlements/IEntitlementClient.cs +++ b/src/clients/Dim.Clients/Api/Entitlements/IEntitlementClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Provisioning/CreateCfeRequest.cs b/src/clients/Dim.Clients/Api/Provisioning/CreateCfeRequest.cs index cafca13..de437dc 100644 --- a/src/clients/Dim.Clients/Api/Provisioning/CreateCfeRequest.cs +++ b/src/clients/Dim.Clients/Api/Provisioning/CreateCfeRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningClientServiceExtensions.cs index 1682055..8150e4f 100644 --- a/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningSettings.cs b/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningSettings.cs index d3d3070..495c737 100644 --- a/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningSettings.cs +++ b/src/clients/Dim.Clients/Api/Provisioning/DependencyInjection/ProvisioningSettings.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Provisioning/IProvisioningClient.cs b/src/clients/Dim.Clients/Api/Provisioning/IProvisioningClient.cs index 0c3a111..f5c5571 100644 --- a/src/clients/Dim.Clients/Api/Provisioning/IProvisioningClient.cs +++ b/src/clients/Dim.Clients/Api/Provisioning/IProvisioningClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Provisioning/ProvisioningClient.cs b/src/clients/Dim.Clients/Api/Provisioning/ProvisioningClient.cs index 1c090e8..a19f895 100644 --- a/src/clients/Dim.Clients/Api/Provisioning/ProvisioningClient.cs +++ b/src/clients/Dim.Clients/Api/Provisioning/ProvisioningClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Services/CreateServiceInstanceRequest.cs b/src/clients/Dim.Clients/Api/Services/CreateServiceInstanceRequest.cs index 86c7ee7..93e8e2e 100644 --- a/src/clients/Dim.Clients/Api/Services/CreateServiceInstanceRequest.cs +++ b/src/clients/Dim.Clients/Api/Services/CreateServiceInstanceRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Services/DependencyInjection/ServiceClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Services/DependencyInjection/ServiceClientServiceExtensions.cs index 3b0164e..7b288a6 100644 --- a/src/clients/Dim.Clients/Api/Services/DependencyInjection/ServiceClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Services/DependencyInjection/ServiceClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Services/IServiceClient.cs b/src/clients/Dim.Clients/Api/Services/IServiceClient.cs index 124aa63..5228cb8 100644 --- a/src/clients/Dim.Clients/Api/Services/IServiceClient.cs +++ b/src/clients/Dim.Clients/Api/Services/IServiceClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Services/ServiceClient.cs b/src/clients/Dim.Clients/Api/Services/ServiceClient.cs index 98d8060..12355e0 100644 --- a/src/clients/Dim.Clients/Api/Services/ServiceClient.cs +++ b/src/clients/Dim.Clients/Api/Services/ServiceClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/SubAccounts/CreateSubAccountRequest.cs b/src/clients/Dim.Clients/Api/SubAccounts/CreateSubAccountRequest.cs index 42e799e..46543df 100644 --- a/src/clients/Dim.Clients/Api/SubAccounts/CreateSubAccountRequest.cs +++ b/src/clients/Dim.Clients/Api/SubAccounts/CreateSubAccountRequest.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountClientServiceExtensions.cs index 321ddbe..d4d6450 100644 --- a/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountSettings.cs b/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountSettings.cs index 4712e81..e10db04 100644 --- a/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountSettings.cs +++ b/src/clients/Dim.Clients/Api/SubAccounts/DependencyInjection/SubAccountSettings.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/SubAccounts/ISubAccountClient.cs b/src/clients/Dim.Clients/Api/SubAccounts/ISubAccountClient.cs index e325ab2..629a63c 100644 --- a/src/clients/Dim.Clients/Api/SubAccounts/ISubAccountClient.cs +++ b/src/clients/Dim.Clients/Api/SubAccounts/ISubAccountClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/SubAccounts/SubAccountClient.cs b/src/clients/Dim.Clients/Api/SubAccounts/SubAccountClient.cs index fdcfbf5..050d59b 100644 --- a/src/clients/Dim.Clients/Api/SubAccounts/SubAccountClient.cs +++ b/src/clients/Dim.Clients/Api/SubAccounts/SubAccountClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/SubAccounts/UsedForProduction.cs b/src/clients/Dim.Clients/Api/SubAccounts/UsedForProduction.cs index 3bcdbd5..2d9a5cd 100644 --- a/src/clients/Dim.Clients/Api/SubAccounts/UsedForProduction.cs +++ b/src/clients/Dim.Clients/Api/SubAccounts/UsedForProduction.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Subscriptions/DependencyInjection/SubscriptionClientServiceExtensions.cs b/src/clients/Dim.Clients/Api/Subscriptions/DependencyInjection/SubscriptionClientServiceExtensions.cs index 6d91fd5..d7a272f 100644 --- a/src/clients/Dim.Clients/Api/Subscriptions/DependencyInjection/SubscriptionClientServiceExtensions.cs +++ b/src/clients/Dim.Clients/Api/Subscriptions/DependencyInjection/SubscriptionClientServiceExtensions.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Subscriptions/ISubscriptionClient.cs b/src/clients/Dim.Clients/Api/Subscriptions/ISubscriptionClient.cs index ff59545..9dc4b2f 100644 --- a/src/clients/Dim.Clients/Api/Subscriptions/ISubscriptionClient.cs +++ b/src/clients/Dim.Clients/Api/Subscriptions/ISubscriptionClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Api/Subscriptions/SubscriptionClient.cs b/src/clients/Dim.Clients/Api/Subscriptions/SubscriptionClient.cs index e153f35..a0d0ecb 100644 --- a/src/clients/Dim.Clients/Api/Subscriptions/SubscriptionClient.cs +++ b/src/clients/Dim.Clients/Api/Subscriptions/SubscriptionClient.cs @@ -1,5 +1,5 @@ /******************************************************************************** - * Copyright (c) 2024 Contributors to the Eclipse Foundation + * Copyright 2024 SAP SE or an SAP affiliate company and ssi-dim-middle-layer contributors. * * See the NOTICE file(s) distributed with this work for additional * information regarding copyright ownership. diff --git a/src/clients/Dim.Clients/Dim.Clients.csproj b/src/clients/Dim.Clients/Dim.Clients.csproj index 35d6649..804ccac 100644 --- a/src/clients/Dim.Clients/Dim.Clients.csproj +++ b/src/clients/Dim.Clients/Dim.Clients.csproj @@ -1,5 +1,5 @@