Merge pull request #288 from catenax-ng/main

Replace keycloak config with ouath2
eclipse-tractusx · Nov 15, 2023 · 9f39b0d · 9f39b0d
2 parents a870869 + 048849a
commit 9f39b0d
Show file tree

Hide file tree

Showing 56 changed files with 485 additions and 303 deletions.
diff --git a/.github/workflows/BETA-xray-cucumber-integration.yaml b/.github/workflows/BETA-xray-cucumber-integration.yaml
@@ -38,7 +38,7 @@ jobs:
       - name: Build with Maven
         if: ${{ steps.download.outputs.http_response == '200' }}
         env:
-          KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET_BETA }}
+          OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET_BETA }}
         run: |
           unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features
           mvn --batch-mode clean install -pl irs-cucumber-tests,irs-models -D"cucumber.filter.tags"="not @Ignore and @INTEGRATION_TEST"

diff --git a/.github/workflows/irs-load-test.yaml b/.github/workflows/irs-load-test.yaml
@@ -39,9 +39,9 @@ jobs:
 
       - name: Run Gatling tests
         env:
-          KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }}
-          KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }}
-          KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }}
+          OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }}
+          OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }}
+          OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }}
           IRS_HOST: ${{ github.event.inputs.irs-host || 'https://irs-full.dev.demo.catena-x.net' }}
           TEST_CYCLES: ${{ github.event.inputs.test-cycles || '20' }}
         run: |

diff --git a/.github/workflows/publish-documentation.yaml b/.github/workflows/publish-documentation.yaml
@@ -1,15 +1,18 @@
-name: Publish documentation
+name: Lint and Publish documentation
 
 on:
   workflow_dispatch: # Trigger manually
+  pull_request:
+    paths:
+      - 'docs/**'
   push:
     branches:
       - main
     paths:
       - 'docs/**'
 
 jobs:
-  publish:
+  lint-and-publish:
     # depending on default permission settings for your org (contents being read-only or read-write for workloads), you will have to add permissions
     # see: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
     permissions:
@@ -64,6 +67,12 @@ jobs:
             asciidoctor-reducer -o docs/target/adminguide.adoc docs/src/docs/administration/administration-guide.adoc
             asciidoctor-reducer -o docs/target/arc42.adoc docs/src/docs/arc42/full.adoc
 
+      - name: Cache plantuml jar
+        uses: actions/cache@v3
+        with:
+          path: plantuml.jar
+          key: ${{ runner.os }}-file-${{ hashFiles('plantuml.jar') }}
+
       - name: Download PlantUML jar
         run: |
           wget -O plantuml.jar https://sourceforge.net/projects/plantuml/files/plantuml.jar/download
@@ -103,7 +112,8 @@ jobs:
         run: |
           mv docs/src/diagram-replacer/assets/ docs/target/generated-docs/assets/
 
-      - name: GitHub Pages action
+      - name: Update documentation on GitHub Pages
+        if: github.ref == 'refs/heads/main'
         uses: peaceiris/actions-gh-pages@v3.9.3
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

diff --git a/.github/workflows/tavern-integration.yml b/.github/workflows/tavern-integration.yml
@@ -61,9 +61,9 @@ jobs:
         env:
           IRS_HOST: ${{ 'https://irs.int.demo.catena-x.net' }}
           IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }}
-          KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }}
-          KEYCLOAK_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }}
-          KEYCLOAK_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }}
+          OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }}
+          OAUTH2_CLIENT_ID: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_ID_INT }}
+          OAUTH2_CLIENT_SECRET: ${{ secrets.ORG_IRS_OAUTH2_CLIENT_SECRET_INT }}
           GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }}
           BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }}
           GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:1b17682e-5e2a-4913-aa1b-7d59a072a3cb' }}

diff --git a/.github/workflows/tavern.yml b/.github/workflows/tavern.yml
@@ -63,9 +63,9 @@ jobs:
         env:
           IRS_HOST: ${{ 'https://irs.dev.demo.catena-x.net' }}
           IRS_ESS_HOST: ${{ github.event.inputs.irs-ess-host || 'https://irs-ess.int.demo.catena-x.net' }}
-          KEYCLOAK_HOST: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_TOKEN_URI }}
-          KEYCLOAK_CLIENT_ID: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_ID }}
-          KEYCLOAK_CLIENT_SECRET: ${{ secrets.KEYCLOAK_OAUTH2_CLIENT_SECRET }}
+          OAUTH2_HOST: ${{ secrets.OAUTH2_CLIENT_TOKEN_URI }}
+          OAUTH2_CLIENT_ID: ${{ secrets.OAUTH2_CLIENT_ID }}
+          OAUTH2_CLIENT_SECRET: ${{ secrets.OAUTH2_CLIENT_SECRET }}
           GLOBAL_ASSET_ID_AS_PLANNED: ${{ github.event.inputs.global-asset-id-asPlanned || 'urn:uuid:0733946c-59c6-41ae-9570-cb43a6e4c79e' }}
           BPN_AS_PLANNED: ${{ github.event.inputs.bpn-asPlanned || 'BPNL00000003AYRE' }}
           GLOBAL_ASSET_ID_AS_BUILT: ${{ github.event.inputs.global-asset-id-asBuilt || 'urn:uuid:6d505432-8b31-4966-9514-4b753372683f' }}

diff --git a/.github/workflows/xray-cucumber-integration.yaml b/.github/workflows/xray-cucumber-integration.yaml
@@ -3,7 +3,7 @@ name: IRS Cucumber Integration test Xray execution
 on:
   workflow_call: # Trigger by another workflow
     secrets:
-      keycloakTokenUrl:
+      oauth2TokenUrl:
         required: true
       clientId:
         required: true
@@ -57,9 +57,9 @@ jobs:
       - name: Build with Maven
         if: ${{ steps.download.outputs.http_response == '200' }}
         env:
-          KEYCLOAK_HOST: ${{ secrets.keycloakTokenUrl }}
-          KEYCLOAK_CLIENT_ID: ${{ secrets.clientId }}
-          KEYCLOAK_CLIENT_SECRET: ${{ secrets.clientSecret }}
+          OAUTH2_HOST: ${{ secrets.oauth2TokenUrl }}
+          OAUTH2_CLIENT_ID: ${{ secrets.clientId }}
+          OAUTH2_CLIENT_SECRET: ${{ secrets.clientSecret }}
           ISSUE_FILTER: ${{ inputs.executionFilter }}
         run: |
           unzip -o features.zip -d irs-cucumber-tests/src/test/resources/features

diff --git a/AUTHORS.md b/AUTHORS.md
@@ -15,4 +15,6 @@ The following people have contributed to this repository:
 - Michael Schlacher, doubleSlash Net-Business GmbH, https://github.com/michaelschlacher2
 - Sebastian Bezold, Mercedes Benz AG, https://github.com/SebastianBezold
 - Zied Belkhiria, MHP, https://github.com/Zied-Belkhiria-Mhp
-- Adam Bugajewski, doubleSlash Net-Business GmbH, https://github.com/ds-ext-abugajewski
+- Adam Bugajewski, doubleSlash Net-Business GmbH, https://github.com/ds-ext-abugajewski
+- Matthias Fischer, doubleSlash Net-Business GmbH, https://github.com/dsmf
+
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,9 +5,44 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+## [4.1.0] - 2023-11-15
 ### Added
 - IRS can now check the readiness of external services. Use the new ``management.health.dependencies.enabled`` config entry to determine if external dependencies health checks should be checked (false by default).
   - The map of external services healthcheck endpoints can be configured with ``management.health.dependencies.urls`` property, eg. ``service_name: http://service_name_host/health``
+
+### Changed
+- Changed name of spring's OAuth2 client registration from 'keycloak' to 'common' like below:
+  ```
+  spring:
+    security:
+      oauth2:
+        client:
+          registration:
+            keycloak:
+              authorization-grant-type: client_credentials
+              client-id: 
+              client-secret: 
+          provider:
+            keycloak:
+              token-uri:
+  ```
+  to:
+  ```
+  spring:
+    security:
+      oauth2:
+        client:
+          registration:
+            common:
+              authorization-grant-type: client_credentials
+              client-id: 
+              client-secret: 
+          provider:
+            common:
+              token-uri:
+  ```
+- Update IRS API Swagger documentation to match AAS 3.0.0
 
 ## [4.0.1] - 2023-11-10
 ### Changed
@@ -408,7 +443,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Unresolved
 - **Select Aspects you need**  You are able to select the needed aspects for which you want to collect the correct endpoint information.
 
-[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.1...HEAD
+[Unreleased]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.1.0...HEAD
+[4.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.1...4.1.0
 [4.0.1]: https://github.com/eclipse-tractusx/item-relationship-service/compare/4.0.0...4.0.1
 [4.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.4...4.0.0
 [3.5.4]: https://github.com/eclipse-tractusx/item-relationship-service/compare/3.5.3...3.5.4
@@ -450,4 +486,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.1.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v1.0.0...v1.1.0
 [1.0.0]: https://github.com/eclipse-tractusx/item-relationship-service/compare/v0.9.1...v1.0.0
 [0.9.1]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.1
-[0.9.0]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.0
+[0.9.0]: https://github.com/eclipse-tractusx/item-relationship-service/commits/v0.9.0
diff --git a/charts/irs-helm/CHANGELOG.md b/charts/irs-helm/CHANGELOG.md
@@ -6,6 +6,27 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [6.10.0]
+### Changed
+- Update IRS version to 4.1.0
+- Changed configuration for OAuth2 client from:
+  ```
+  keycloak:
+    oauth2:
+      clientId: 
+      clientSecret:  
+      clientTokenUri: 
+      jwkSetUri:  
+  ```
+  to:
+  ```
+  oauth2:
+    clientId: 
+    clientSecret:  
+    clientTokenUri: 
+    jwkSetUri:  
+  ```
+
 ## [6.9.1]
 ### Changed
 - Update IRS version to 4.0.1

diff --git a/charts/irs-helm/Chart.yaml b/charts/irs-helm/Chart.yaml
@@ -35,12 +35,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 6.9.1
+version: 6.10.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "4.0.1"
+appVersion: "4.1.0"
 dependencies:
   - name: common
     repository: https://charts.bitnami.com/bitnami

diff --git a/charts/irs-helm/templates/configmap-spring-app-config.yaml b/charts/irs-helm/templates/configmap-spring-app-config.yaml
@@ -51,20 +51,20 @@ data:
         oauth2:
           client:
             registration:
-              keycloak:
-                client-id: "${KEYCLOAK_OAUTH2_CLIENT_ID}" # taken from secret ENV
-                client-secret: "${KEYCLOAK_OAUTH2_CLIENT_SECRET}" # taken from secret ENV
+              common:
+                client-id: "${OAUTH2_CLIENT_ID}" # taken from secret ENV
+                client-secret: "${OAUTH2_CLIENT_SECRET}" # taken from secret ENV
               portal:
                 client-id: ${PORTAL_OAUTH2_CLIENT_ID} # taken from secret ENV
                 client-secret: ${PORTAL_OAUTH2_CLIENT_SECRET} # taken from secret ENV
             provider:
-              keycloak:
-                token-uri: {{ tpl (.Values.keycloak.oauth2.clientTokenUri | default "http://localhost") . | quote }}
+              common:
+                token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }}
               portal:
-                token-uri: {{ tpl (.Values.keycloak.oauth2.clientTokenUri | default "http://localhost") . | quote }}
+                token-uri: {{ tpl (.Values.oauth2.clientTokenUri | default "http://localhost") . | quote }}
           resourceserver:
             jwt:
-              jwk-set-uri: {{ tpl (.Values.keycloak.oauth2.jwkSetUri | default "http://localhost") . | quote }}
+              jwk-set-uri: {{ tpl (.Values.oauth2.jwkSetUri | default "http://localhost") . | quote }}
 
     digitalTwinRegistry:
       descriptorEndpoint: {{ tpl (.Values.digitalTwinRegistry.descriptorEndpoint | default "") . | quote }}

diff --git a/charts/irs-helm/templates/deployment.yaml b/charts/irs-helm/templates/deployment.yaml
@@ -81,16 +81,16 @@ spec:
                 secretKeyRef:
                   name: {{ template "irs.secretName" . }}
                   key: minioPassword
-            - name: KEYCLOAK_OAUTH2_CLIENT_ID
+            - name: OAUTH2_CLIENT_ID
               valueFrom:
                 secretKeyRef:
                   name: {{ template "irs.secretName" . }}
-                  key: keycloakClientId
-            - name: KEYCLOAK_OAUTH2_CLIENT_SECRET
+                  key: clientId
+            - name: OAUTH2_CLIENT_SECRET
               valueFrom:
                 secretKeyRef:
                   name: {{ template "irs.secretName" . }}
-                  key: keycloakClientSecret
+                  key: clientSecret
             - name: PORTAL_OAUTH2_CLIENT_ID
               valueFrom:
                 secretKeyRef:

diff --git a/charts/irs-helm/templates/secrets.yaml b/charts/irs-helm/templates/secrets.yaml
@@ -35,8 +35,8 @@ type: Opaque
 data:
   minioUser: {{ .Values.minioUser | default "minio" | b64enc | quote }}
   minioPassword: {{ .Values.minioPassword | default "minioPass" | b64enc | quote }}
-  keycloakClientId: {{ .Values.keycloak.oauth2.clientId | default "keycloakClientId" | b64enc | quote }}
-  keycloakClientSecret: {{ .Values.keycloak.oauth2.clientSecret | default "keycloakClientSecret" | b64enc | quote }}
+  clientId: {{ .Values.oauth2.clientId | default "clientId" | b64enc | quote }}
+  clientSecret: {{ .Values.oauth2.clientSecret | default "clientSecret" | b64enc | quote }}
   portalClientId: {{ .Values.portal.oauth2.clientId | default "portalClientId" | b64enc | quote }}
   portalClientSecret: {{ .Values.portal.oauth2.clientSecret | default "portalClientSecret" | b64enc | quote }}
   edcApiSecret: {{ .Values.edc.controlplane.apikey.secret | toString | default "" | b64enc | quote }}

diff --git a/charts/irs-helm/values.yaml b/charts/irs-helm/values.yaml
@@ -148,12 +148,11 @@ bpdm:
 minioUser: "minio"  # <minio-username>
 minioPassword:  # <minio-password>
 minioUrl: "http://{{ .Release.Name }}-minio:9000"
-keycloak:
-  oauth2:
-    clientId:  # <keycloak-client-id>
-    clientSecret:  # <keycloak-client-secret>
-    clientTokenUri:  # <keycloak-token-uri>
-    jwkSetUri:  # <keycloak-jwkset-uri>
+oauth2:
+  clientId:  # <oauth2-client-id>
+  clientSecret:  # <oauth2-client-secret>
+  clientTokenUri:  # <oauth2-token-uri>
+  jwkSetUri:  # <oauth2-jwkset-uri>
 portal:
   oauth2:
     clientId:  # <portal-client-id>