diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index e4c7e17..8e50af2 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -69,7 +69,7 @@ jobs: - name: Add repositories run: | for dir in $(ls -d charts/*/); do - helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '$3 !~ /^file:/ { print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done + helm dependency list $dir 2> /dev/null | tail +2 | head -n -1 | awk '$3 !~ /^file:/ && $3 !~ /^oci:/ { print "helm repo add " $1 " " $3 }' | while read cmd; do $cmd; done done - name: Run chart-testing (install) diff --git a/charts/basyx/Chart.yaml b/charts/basyx/Chart.yaml index 82a9b14..25c8004 100644 --- a/charts/basyx/Chart.yaml +++ b/charts/basyx/Chart.yaml @@ -28,7 +28,7 @@ apiVersion: v2 name: aas-basyx-v2-full description: Umbrella chart for the AAS Basyx v2 Environment type: application -version: 2.1.13 +version: 2.2.0 appVersion: 2.0.0-milestone-06 dependencies: @@ -66,28 +66,7 @@ dependencies: repository: https://charts.bitnami.com/bitnami alias: mongodb condition: mongodb.enabled -- repository: https://charts.bitnami.com/bitnami - name: keycloak - version: 24.4.11 +- name: keycloak + version: "0.20.0" + repository: oci://registry-1.docker.io/cloudpirates condition: keycloak.enabled - -# MongoDB has an issue with charts not sitting well in an umbrella chart. -# This is a bug with some common variables being defined externally. -# Check README.md or install.sh for commands to deploy this separately. -# - name: mongodb -# version: "14.5.0" -# repository: https://charts.bitnami.com/bitnami - -# External images from open-source helm charts -# - name: mosquitto -# version: 2.4.1 -# repository: https://storage.googleapis.com/t3n-helm-charts -# - name: kafka -# version: 22.1.3 -# repository: https://charts.bitnami.com/bitnami -# - name: influxdb -# version: 5.6.1 -# repository: https://charts.bitnami.com/bitnami -# - name: grafana -# version: "9.6.6" -# repository: https://charts.bitnami.com/bitnami diff --git a/charts/basyx/config/BaSyx-realm.json b/charts/basyx/config/BaSyx-realm.json index 32221d0..e9d1316 100644 --- a/charts/basyx/config/BaSyx-realm.json +++ b/charts/basyx/config/BaSyx-realm.json @@ -1,1953 +1,184 @@ { "id": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", "realm": "BaSyx", - "notBefore": 0, - "defaultSignatureAlgorithm": "RS256", - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "oauth2DeviceCodeLifespan": 600, - "oauth2DevicePollingInterval": 5, "enabled": true, "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxTemporaryLockouts": 0, - "bruteForceStrategy": "MULTIPLE", - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, "roles": { "realm": [ { - "id": "efe8c80d-bcd5-4a3c-91a0-a397a80d1d52", - "name": "basyx-updater-two", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "9b70ce9b-1b39-4f5a-893d-9f8956cf5dad", - "name": "basyx-reader-serialization-two", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "4bbc59ce-901e-49b9-adeb-0511469595df", - "name": "basyx-aas-discoverer", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "52e7db01-dd27-4589-a530-ec8491bd2026", - "name": "basyx-assetid-deleter", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "22c362b3-d0cf-4334-aa09-c713c63f309b", - "name": "manage-users", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "20c8f106-d2fb-422d-9045-22b28151f792", - "name": "basyx-sme-reader-two", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "14dd6864-bcbd-46c3-b9b6-269ce036badc", - "name": "basyx-uploader-three", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "502bc902-9de6-4552-98b0-55187b847272", - "name": "user", - "description": "", + "id": "ebf827ce-862a-413b-afb3-5ad410ddf4ac", + "name": "admin", "composite": true, "composites": { "client": { "basyx-client-api": [ - "basyx-user" + "basyx-admin" ] } }, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "d3323aef-0e1f-4ec0-ba54-e0b3f9a897eb", - "name": "basyx-assetid-discoverer", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "43a09e41-bcfb-429b-8675-eaf116ad4f1f", - "name": "basyx-updater", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "4028f02d-3ee1-4c18-9b6a-a22c8bda51de", - "name": "basyx-sme-updater", - "description": "", + "id": "4bbc59ce-901e-49b9-adeb-0511469595df", + "name": "basyx-aas-discoverer", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "6ce3248b-7c14-42b4-9cbc-e1237851d778", - "name": "basyx-creator", - "description": "", + "id": "b007c30e-c4bc-46ad-b72f-8ce67ec129fd", + "name": "basyx-assetid-creator", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "5702a4dd-4ccb-44b1-805d-fd9b1c333492", - "name": "basyx-sme-updater-two", - "description": "", + "id": "52e7db01-dd27-4589-a530-ec8491bd2026", + "name": "basyx-assetid-deleter", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "5ad9c765-2075-4cc4-b41e-c1b11cd544c4", - "name": "uma_authorization", - "description": "${role_uma_authorization}", + "id": "d3323aef-0e1f-4ec0-ba54-e0b3f9a897eb", + "name": "basyx-assetid-discoverer", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "797d2956-a895-4171-ab44-2fc9dbcf7f4c", - "name": "default-roles-basyx", - "description": "${role_default-roles}", - "composite": true, - "composites": { - "realm": [ - "offline_access", - "uma_authorization" - ], - "client": { - "account": [ - "view-profile", - "manage-account" - ] - } - }, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { "id": "94394113-64a8-4cd1-9212-5a0cd955187b", "name": "basyx-asset-updater", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "f9df352e-269d-4a5d-a263-105d8ab3ae52", - "name": "basyx-reader", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "469ec431-9a4f-4d87-80fe-cf2c7bbd5d37", - "name": "basyx-reader-serialization", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "b70c22a9-e17e-4914-ae43-2752bafe356a", - "name": "basyx-asset-updater-two", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "ebf827ce-862a-413b-afb3-5ad410ddf4ac", - "name": "admin", - "description": "", - "composite": true, - "composites": { - "client": { - "basyx-client-api": [ - "basyx-admin" - ] - } - }, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "32b591a9-55ed-4940-a7ad-efb3c40c3d38", - "name": "basyx-executor-two", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "7b698a18-f272-4178-a6a2-d09e714c488e", - "name": "basyx-uploader-two", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "09fa63ab-86ae-40bb-9497-56ee46070200", - "name": "basyx-sme-reader", - "description": "", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "7065a5d2-3ab5-471a-be8c-cda64b6ce319", - "name": "basyx-uploader", - "description": "", + "id": "6ce3248b-7c14-42b4-9cbc-e1237851d778", + "name": "basyx-creator", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { "id": "012af7ea-5eb7-4156-929a-acbae548e105", "name": "basyx-deleter", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "53212b19-655b-4e13-ad31-ec8c7d43d35d", - "name": "basyx-deleter-two", - "description": "", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { "id": "2d2873a1-e636-46b2-bc89-5d8ca3fcde9e", "name": "basyx-executor", - "description": "", - "composite": false, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - }, - { - "id": "7a2111c1-7d1f-4b41-a0de-bfe314b73b72", - "name": "offline_access", - "description": "${role_offline-access}", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { "id": "05885c8f-e81f-47fa-bf47-c07153fc7b1b", "name": "basyx-file-sme-reader", - "description": "", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "5b5d0f1e-777f-4342-8128-b9eff69aed17", - "name": "maintainer", - "description": "", + "id": "50fb06f4-fe2d-46d8-b02c-5f5c409e4ce5", + "name": "basyx-file-sme-updater", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "afb72d5e-0841-452d-b3e0-5268dcba4c2a", - "name": "visitor", - "description": "", + "id": "f9df352e-269d-4a5d-a263-105d8ab3ae52", + "name": "basyx-reader", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "b007c30e-c4bc-46ad-b72f-8ce67ec129fd", - "name": "basyx-assetid-creator", - "description": "", + "id": "09fa63ab-86ae-40bb-9497-56ee46070200", + "name": "basyx-sme-reader", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "50fb06f4-fe2d-46d8-b02c-5f5c409e4ce5", - "name": "basyx-file-sme-updater", - "description": "", + "id": "4028f02d-3ee1-4c18-9b6a-a22c8bda51de", + "name": "basyx-sme-updater", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "905eadf9-8b63-4503-9022-2f33daaa3372", - "name": "basyx-reader-two", - "description": "", + "id": "43a09e41-bcfb-429b-8675-eaf116ad4f1f", + "name": "basyx-updater", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" }, { - "id": "a0dfe40a-8ec0-492c-a2c4-fa0ff9275918", - "name": "basyx-sme-updater-three", - "description": "", + "id": "7065a5d2-3ab5-471a-be8c-cda64b6ce319", + "name": "basyx-uploader", "composite": false, "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570", - "attributes": {} - } - ] - }, - "groups": [ - { - "id": "606a14f2-6114-4fd3-9ca6-4a53514fffb9", - "name": "BaSyxGroup", - "path": "/BaSyxGroup", - "subGroups": [], - "attributes": {}, - "realmRoles": [ - "basyx-deleter", - "basyx-creator", - "basyx-asset-updater" - ], - "clientRoles": {} - } - ], - "defaultRole": { - "id": "797d2956-a895-4171-ab44-2fc9dbcf7f4c", - "name": "default-roles-basyx", - "description": "${role_default-roles}", - "composite": true, - "clientRole": false, - "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" - }, - "requiredCredentials": [ - "password" - ], - "otpPolicyType": "totp", - "otpPolicyAlgorithm": "HmacSHA1", - "otpPolicyInitialCounter": 0, - "otpPolicyDigits": 6, - "otpPolicyLookAheadWindow": 1, - "otpPolicyPeriod": 30, - "otpPolicyCodeReusable": false, - "otpSupportedApplications": [ - "totpAppFreeOTPName", - "totpAppGoogleName", - "totpAppMicrosoftAuthenticatorName" - ], - "localizationTexts": {}, - "webAuthnPolicyRpEntityName": "keycloak", - "webAuthnPolicySignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyRpId": "", - "webAuthnPolicyAttestationConveyancePreference": "not specified", - "webAuthnPolicyAuthenticatorAttachment": "not specified", - "webAuthnPolicyRequireResidentKey": "not specified", - "webAuthnPolicyUserVerificationRequirement": "not specified", - "webAuthnPolicyCreateTimeout": 0, - "webAuthnPolicyAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyAcceptableAaguids": [], - "webAuthnPolicyExtraOrigins": [], - "webAuthnPolicyPasswordlessRpEntityName": "keycloak", - "webAuthnPolicyPasswordlessSignatureAlgorithms": [ - "ES256" - ], - "webAuthnPolicyPasswordlessRpId": "", - "webAuthnPolicyPasswordlessAttestationConveyancePreference": "not specified", - "webAuthnPolicyPasswordlessAuthenticatorAttachment": "not specified", - "webAuthnPolicyPasswordlessRequireResidentKey": "not specified", - "webAuthnPolicyPasswordlessUserVerificationRequirement": "not specified", - "webAuthnPolicyPasswordlessCreateTimeout": 0, - "webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister": false, - "webAuthnPolicyPasswordlessAcceptableAaguids": [], - "webAuthnPolicyPasswordlessExtraOrigins": [], - "scopeMappings": [ - { - "clientScope": "offline_access", - "roles": [ - "offline_access" - ] - } - ], - "clientScopes": [ - { - "id": "e0f355da-f9ff-4104-b305-043b0188747b", - "name": "offline_access", - "description": "OpenID Connect built-in scope: offline_access", - "protocol": "openid-connect", - "attributes": { - "consent.screen.text": "${offlineAccessScopeConsentText}", - "display.on.consent.screen": "true" + "containerId": "bcb69552-bf11-4249-a3eb-d0c3ab54a570" } - }, - { - "id": "a194eeae-0c0b-4300-b613-9c7b5a281ba0", - "name": "web-origins", - "description": "OpenID Connect scope for add allowed web origins to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "consent.screen.text": "", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "c3c7617c-2d46-4cf7-893c-776b7a14797a", - "name": "allowed web origins", - "protocol": "openid-connect", - "protocolMapper": "oidc-allowed-origins-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "69675a1a-f2a5-4316-915b-e1a0cc02e0fe", - "name": "role_list", - "description": "SAML role list", - "protocol": "saml", - "attributes": { - "consent.screen.text": "${samlRoleListScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "e9883191-5f1c-4eed-90da-51806ba954cc", - "name": "role list", - "protocol": "saml", - "protocolMapper": "saml-role-list-mapper", - "consentRequired": false, - "config": { - "single": "false", - "attribute.nameformat": "Basic", - "attribute.name": "Role" - } - } - ] - }, - { - "id": "95a35d30-fb91-4a8c-a208-5c7b1644b7fa", - "name": "acr", - "description": "OpenID Connect scope for add acr (authentication context class reference) to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "51873e8d-85db-4c1f-be02-bef88d435e89", - "name": "acr loa level", - "protocol": "openid-connect", - "protocolMapper": "oidc-acr-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "d937e76f-71f3-4260-bbc6-1feffc3a655e", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "gui.order": "", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "7dfd8525-9c12-49a1-a6ec-4d4d1bb74471", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "false", - "user.attribute": "foo", - "id.token.claim": "false", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String" - } - }, - { - "id": "2fe9cc2c-3f61-446e-9cf4-f34fe1964a1d", - "name": "client roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-client-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "false", - "user.attribute": "foo", - "id.token.claim": "false", - "access.token.claim": "true", - "claim.name": "resource_access.${client_id}.roles", - "jsonType.label": "String" - } - }, - { - "id": "4071dcc6-b7d3-42b1-93c7-e14d0a17d103", - "name": "audience resolve", - "protocol": "openid-connect", - "protocolMapper": "oidc-audience-resolve-mapper", - "consentRequired": false, - "config": {} - } - ] - }, - { - "id": "5ab5fe9c-b236-4f09-8eb8-248cafa1a8c1", - "name": "service_account", - "description": "Specific scope for a client enabled for service accounts", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "6acf6141-b984-4e43-8caa-bb9c66c8aa70", - "name": "Client IP Address", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientAddress", - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientAddress", - "jsonType.label": "String" - } - }, - { - "id": "371193e9-cae5-48bf-943f-360b9fce7c1b", - "name": "Client ID", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "client_id", - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "claim.name": "client_id", - "jsonType.label": "String" - } - }, - { - "id": "13bf0c7b-bf17-436e-848c-b7c63df4b50a", - "name": "Client Host", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "clientHost", - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "claim.name": "clientHost", - "jsonType.label": "String" - } - } - ] - }, - { - "id": "c22bdca5-b67a-4249-a8c7-9bbe8fc16559", - "name": "phone", - "description": "OpenID Connect built-in scope: phone", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${phoneScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "d62a405a-d99e-4d6a-bed4-48c052abc559", - "name": "phone number", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "phoneNumber", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, + ], + "client": { + "basyx-client-api": [ { - "id": "531eab62-3750-4ed9-b101-9f1c2e709c51", - "name": "phone number verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "phoneNumberVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "phone_number_verified", - "jsonType.label": "boolean", - "userinfo.token.claim": "true" - } + "id": "d2e3f4a5-b6c7-8901-defa-123456789013", + "name": "basyx-admin", + "clientRole": true, + "composite": false, + "containerId": "b0c1d2e3-f4a5-6789-bcde-f01234567891" } ] - }, + } + }, + "clients": [ { - "id": "9ddb9d40-7d9e-48de-8069-dd4e49e781dd", - "name": "email", - "description": "OpenID Connect built-in scope: email", + "id": "b0c1d2e3-f4a5-6789-bcde-f01234567891", + "clientId": "basyx-client-api", + "name": "BaSyx Client API", + "enabled": true, + "clientAuthenticatorType": "client-secret", + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": false, + "publicClient": true, + "protocol": "openid-connect" + }, + { + "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890", + "clientId": "basyx-technical-user", + "name": "BaSyx Technical User", + "description": "Technical service account client for machine-to-machine access with admin role", + "enabled": true, + "clientAuthenticatorType": "client-secret", + "secret": "placeholder-to-be-replaced-by-realm-configmap", + "standardFlowEnabled": false, + "implicitFlowEnabled": false, + "directAccessGrantsEnabled": false, + "serviceAccountsEnabled": true, + "publicClient": false, "protocol": "openid-connect", "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${emailScopeConsentText}", - "display.on.consent.screen": "true" + "access.token.lifespan": "300" }, - "protocolMappers": [ - { - "id": "ae918ce8-12e6-4cb3-be0d-243cbf083fcb", - "name": "email verified", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "emailVerified", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email_verified", - "jsonType.label": "boolean", - "userinfo.token.claim": "true" - } - }, - { - "id": "59542d0c-b9b4-4913-ba99-416cf5c4a725", - "name": "email", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "email", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "email", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ] - }, + "fullScopeAllowed": true + } + ], + "users": [ { - "id": "2359cb5f-9de5-410c-9e87-38f1a4db0eee", - "name": "microprofile-jwt", - "description": "Microprofile - JWT built-in scope", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "dc0f74c2-135c-4e61-b74e-22836524b496", - "name": "groups", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "userinfo.token.claim": "true", - "user.attribute": "foo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "groups", - "jsonType.label": "String" - } - }, - { - "id": "a715f65e-3a94-4bca-94df-49e1e53e5aae", - "name": "upn", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "upn", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "11a8d21b-ed5d-4567-af88-91101e132553", - "name": "profile", - "description": "OpenID Connect built-in scope: profile", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${profileScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "c6ae1222-2561-491e-8c33-2e2eef183f6a", - "name": "nickname", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "nickname", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "nickname", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "aba683c1-ee38-4f0a-980b-9c7c31a189ad", - "name": "family name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "lastName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "family_name", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "b5d111f6-91be-4735-9dbf-848bcf86c1d3", - "name": "birthdate", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "birthdate", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "birthdate", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "8e0ca67f-030e-4ea9-af3c-8e7815442957", - "name": "updated at", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "updatedAt", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "updated_at", - "jsonType.label": "long", - "userinfo.token.claim": "true" - } - }, - { - "id": "3d9431ca-a590-457b-a0e3-412f63f07923", - "name": "zoneinfo", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "zoneinfo", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "zoneinfo", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "b54a324a-b8ee-4c66-b780-50f9b8e3e275", - "name": "locale", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "locale", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "locale", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "6ffd147e-fac7-4299-ab9f-b7bef677d0ae", - "name": "middle name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "middleName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "middle_name", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "9637b112-a2e8-4787-be6d-45f8d0804555", - "name": "profile", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "profile", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "profile", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "36e9530e-da81-477e-907e-a335efff8df8", - "name": "given name", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "firstName", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "given_name", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "119fb217-5662-40db-a33c-442846a58b71", - "name": "full name", - "protocol": "openid-connect", - "protocolMapper": "oidc-full-name-mapper", - "consentRequired": false, - "config": { - "id.token.claim": "true", - "access.token.claim": "true", - "userinfo.token.claim": "true" - } - }, - { - "id": "b607712e-db7c-42d3-ab9c-99acf62bac40", - "name": "username", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-property-mapper", - "consentRequired": false, - "config": { - "user.attribute": "username", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "preferred_username", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "c73bc111-8b12-46ac-866f-1e690c8fa21a", - "name": "website", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "website", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "website", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "8de0aa23-d84c-4f77-9ada-52d6bcd71593", - "name": "picture", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "picture", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "picture", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - }, - { - "id": "85b4a69b-2b52-44e0-b4f7-4ff75feba1b4", - "name": "gender", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-attribute-mapper", - "consentRequired": false, - "config": { - "user.attribute": "gender", - "id.token.claim": "true", - "access.token.claim": "true", - "claim.name": "gender", - "jsonType.label": "String", - "userinfo.token.claim": "true" - } - } - ] - }, - { - "id": "691dbb7d-ed16-4283-b737-f02676e56e82", - "name": "address", - "description": "OpenID Connect built-in scope: address", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "consent.screen.text": "${addressScopeConsentText}", - "display.on.consent.screen": "true" - }, - "protocolMappers": [ - { - "id": "46d9b7a5-0776-496d-9a50-e5584709677b", - "name": "address", - "protocol": "openid-connect", - "protocolMapper": "oidc-address-mapper", - "consentRequired": false, - "config": { - "user.attribute.formatted": "formatted", - "user.attribute.country": "country", - "user.attribute.postal_code": "postal_code", - "userinfo.token.claim": "true", - "user.attribute.street": "street", - "id.token.claim": "true", - "user.attribute.region": "region", - "access.token.claim": "true", - "user.attribute.locality": "locality" - } - } - ] - }, - { - "id": "69d9947b-ab80-4287-9700-c9c6c96f379b", - "name": "basic", - "description": "OpenID Connect scope for add all basic claims to the token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "false", - "display.on.consent.screen": "false" - }, - "protocolMappers": [ - { - "id": "2abe9cfb-9118-40a6-8cad-128672e30081", - "name": "sub", - "protocol": "openid-connect", - "protocolMapper": "oidc-sub-mapper", - "consentRequired": false, - "config": { - "introspection.token.claim": "true", - "access.token.claim": "true" - } - }, - { - "id": "b12aadf9-1fb8-4de9-943d-e9615f98890d", - "name": "auth_time", - "protocol": "openid-connect", - "protocolMapper": "oidc-usersessionmodel-note-mapper", - "consentRequired": false, - "config": { - "user.session.note": "AUTH_TIME", - "id.token.claim": "true", - "introspection.token.claim": "true", - "access.token.claim": "true", - "claim.name": "auth_time", - "jsonType.label": "long" - } - } + "username": "service-account-basyx-technical-user", + "enabled": true, + "serviceAccountClientId": "basyx-technical-user", + "realmRoles": [ + "admin" ] } - ], - "defaultDefaultClientScopes": [ - "role_list", - "profile", - "email", - "web-origins", - "acr", - "roles", - "basic" - ], - "defaultOptionalClientScopes": [ - "offline_access", - "address", - "phone", - "microprofile-jwt" - ], - "browserSecurityHeaders": { - "contentSecurityPolicyReportOnly": "", - "xContentTypeOptions": "nosniff", - "referrerPolicy": "no-referrer", - "xRobotsTag": "none", - "xFrameOptions": "SAMEORIGIN", - "contentSecurityPolicy": "frame-src 'self'; frame-ancestors 'self'; object-src 'none';", - "xXSSProtection": "1; mode=block", - "strictTransportSecurity": "max-age=31536000; includeSubDomains" - }, - "smtpServer": {}, - "eventsEnabled": false, - "eventsListeners": [ - "jboss-logging" - ], - "enabledEventTypes": [], - "adminEventsEnabled": false, - "adminEventsDetailsEnabled": false, - "identityProviders": [], - "identityProviderMappers": [], - "components": { - "org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy": [ - { - "id": "f44d4d8f-cc39-4467-bb75-889f8d4c9b90", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-usermodel-property-mapper", - "saml-role-list-mapper", - "saml-user-attribute-mapper", - "saml-user-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-sha256-pairwise-sub-mapper", - "oidc-address-mapper", - "oidc-full-name-mapper" - ] - } - }, - { - "id": "7256d195-1e91-4f63-a9c4-6bef95243a92", - "name": "Max Clients Limit", - "providerId": "max-clients", - "subType": "anonymous", - "subComponents": {}, - "config": { - "max-clients": [ - "200" - ] - } - }, - { - "id": "f3d9ee71-6796-41bb-b89f-c4b2ad108b3a", - "name": "Trusted Hosts", - "providerId": "trusted-hosts", - "subType": "anonymous", - "subComponents": {}, - "config": { - "host-sending-registration-request-must-match": [ - "true" - ], - "client-uris-must-match": [ - "true" - ] - } - }, - { - "id": "340f74d5-41a0-45cc-8ccb-65a0a4c49ed4", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "anonymous", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - }, - { - "id": "fb2bea0a-dca5-4784-822d-cf10518f41c6", - "name": "Allowed Protocol Mapper Types", - "providerId": "allowed-protocol-mappers", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allowed-protocol-mapper-types": [ - "oidc-full-name-mapper", - "oidc-usermodel-property-mapper", - "oidc-usermodel-attribute-mapper", - "oidc-address-mapper", - "saml-user-property-mapper", - "saml-user-attribute-mapper", - "saml-role-list-mapper", - "oidc-sha256-pairwise-sub-mapper" - ] - } - }, - { - "id": "face2c9e-4d23-44e2-9a09-74e1d8448bd3", - "name": "Consent Required", - "providerId": "consent-required", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "6d38ba87-78ee-4ca3-aecd-0164922a08e2", - "name": "Full Scope Disabled", - "providerId": "scope", - "subType": "anonymous", - "subComponents": {}, - "config": {} - }, - { - "id": "d9bdd722-325e-41ff-bb88-df8772c9415b", - "name": "Allowed Client Scopes", - "providerId": "allowed-client-templates", - "subType": "authenticated", - "subComponents": {}, - "config": { - "allow-default-scopes": [ - "true" - ] - } - } - ], - "org.keycloak.userprofile.UserProfileProvider": [ - { - "id": "2997d5f7-8adc-453d-b672-3d4f01f833ba", - "providerId": "declarative-user-profile", - "subComponents": {}, - "config": { - "kc.user.profile.config": [ - "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{},\"up-username-not-idn-homograph\":{}},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"required\":{\"roles\":[\"user\"]},\"permissions\":{\"view\":[\"admin\",\"user\"],\"edit\":[\"admin\",\"user\"]},\"multivalued\":false}],\"groups\":[{\"name\":\"user-metadata\",\"displayHeader\":\"User metadata\",\"displayDescription\":\"Attributes, which refer to user metadata\"}],\"unmanagedAttributePolicy\":\"ENABLED\"}" - ] - } - } - ], - "org.keycloak.keys.KeyProvider": [ - { - "id": "9948a63f-b171-4137-bb81-beabd0c049f0", - "name": "aes-generated", - "providerId": "aes-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "f594170e-f886-4653-9d9c-a70d87f66ae5", - "name": "hmac-generated-hs512", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS512" - ] - } - }, - { - "id": "4a3be057-744a-44c4-9211-9a98d7c6303c", - "name": "rsa-enc-generated", - "providerId": "rsa-enc-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "RSA-OAEP" - ] - } - }, - { - "id": "f7fcd439-e566-4b8d-8078-f300b494f90a", - "name": "rsa-generated", - "providerId": "rsa-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ] - } - }, - { - "id": "c6b34d4a-f4f6-4864-8c39-86b0b6762bb7", - "name": "hmac-generated", - "providerId": "hmac-generated", - "subComponents": {}, - "config": { - "priority": [ - "100" - ], - "algorithm": [ - "HS256" - ] - } - } - ] - }, - "internationalizationEnabled": false, - "supportedLocales": [], - "authenticationFlows": [ - { - "id": "76ff1526-2405-40a7-9051-977dfba08add", - "alias": "Account verification options", - "description": "Method with which to verity the existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-email-verification", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Verify Existing Account by Re-authentication", - "userSetupAllowed": false - } - ] - }, - { - "id": "64d21769-b1ff-4012-8021-b724df8e759f", - "alias": "Browser - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "e07a9d36-3a69-431d-ae89-3ac51675ea16", - "alias": "Direct Grant - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "db117f4e-e2f2-40b0-9d74-c3be8f6aacaf", - "alias": "First broker login - Conditional OTP", - "description": "Flow to determine if the OTP is required for the authentication", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-otp-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "7a3723a1-f43f-44b4-aa75-d6d7f3c60fac", - "alias": "Handle Existing Account", - "description": "Handle what to do if there is existing account with same email/username like authenticated identity provider", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-confirm-link", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Account verification options", - "userSetupAllowed": false - } - ] - }, - { - "id": "04b87ec9-fbc0-434d-ae6c-3b144d4c4fb3", - "alias": "Reset - Conditional OTP", - "description": "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "conditional-user-configured", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-otp", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "12d1fb6a-2691-4616-921f-537b2930763a", - "alias": "User creation or linking", - "description": "Flow for the existing/non-existing user alternatives", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "create unique user config", - "authenticator": "idp-create-user-if-unique", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Handle Existing Account", - "userSetupAllowed": false - } - ] - }, - { - "id": "72dd5217-9d7a-4b9a-8e81-c98390a05938", - "alias": "Verify Existing Account by Re-authentication", - "description": "Reauthentication of existing account", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "idp-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "First broker login - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "652e9b64-0250-41aa-ab19-b6742aa2ee4f", - "alias": "browser", - "description": "browser based authentication", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-cookie", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "auth-spnego", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "identity-provider-redirector", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 25, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "forms", - "userSetupAllowed": false - } - ] - }, - { - "id": "2707b9b1-9a49-44b9-bbd3-4333d6b16a98", - "alias": "clients", - "description": "Base authentication for clients", - "providerId": "client-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "client-secret", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-secret-jwt", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "client-x509", - "authenticatorFlow": false, - "requirement": "ALTERNATIVE", - "priority": 40, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "1aee26cc-cca5-4eef-8fb9-afa36240b518", - "alias": "direct grant", - "description": "OpenID Connect Resource Owner Grant", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "direct-grant-validate-username", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "direct-grant-validate-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 30, - "autheticatorFlow": true, - "flowAlias": "Direct Grant - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "09bb06f3-ff4d-4b65-b609-fea90f93044f", - "alias": "docker auth", - "description": "Used by Docker clients to authenticate against the IDP", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "docker-http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "10fe11ec-61e9-49a6-85a8-2cd4c24da4bf", - "alias": "first broker login", - "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticatorConfig": "review profile config", - "authenticator": "idp-review-profile", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "User creation or linking", - "userSetupAllowed": false - } - ] - }, - { - "id": "67281328-09bb-4140-9cdb-5ea1bfcf827b", - "alias": "forms", - "description": "Username, password, otp and other auth forms.", - "providerId": "basic-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "auth-username-password-form", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 20, - "autheticatorFlow": true, - "flowAlias": "Browser - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "e4d8833f-6b90-47a1-9d73-4fbf3c41e910", - "alias": "registration", - "description": "registration flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-page-form", - "authenticatorFlow": true, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": true, - "flowAlias": "registration form", - "userSetupAllowed": false - } - ] - }, - { - "id": "41e56e9f-589e-4857-b28e-f6b8754ae400", - "alias": "registration form", - "description": "registration form", - "providerId": "form-flow", - "topLevel": false, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "registration-user-creation", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-password-action", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 50, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "registration-recaptcha-action", - "authenticatorFlow": false, - "requirement": "DISABLED", - "priority": 60, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - }, - { - "id": "412c0d35-ba19-4ee0-92de-4b00fd52e3fa", - "alias": "reset credentials", - "description": "Reset credentials for a user if they forgot their password or something", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "reset-credentials-choose-user", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-credential-email", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 20, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticator": "reset-password", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 30, - "autheticatorFlow": false, - "userSetupAllowed": false - }, - { - "authenticatorFlow": true, - "requirement": "CONDITIONAL", - "priority": 40, - "autheticatorFlow": true, - "flowAlias": "Reset - Conditional OTP", - "userSetupAllowed": false - } - ] - }, - { - "id": "eede5156-ace5-41f3-b86d-441278f5b337", - "alias": "saml ecp", - "description": "SAML ECP Profile Authentication Flow", - "providerId": "basic-flow", - "topLevel": true, - "builtIn": true, - "authenticationExecutions": [ - { - "authenticator": "http-basic-authenticator", - "authenticatorFlow": false, - "requirement": "REQUIRED", - "priority": 10, - "autheticatorFlow": false, - "userSetupAllowed": false - } - ] - } - ], - "authenticatorConfig": [ - { - "id": "2caebb6c-1b1b-42ec-ac41-1f1dabd609ad", - "alias": "create unique user config", - "config": { - "require.password.update.after.registration": "false" - } - }, - { - "id": "8ef60759-3395-4d42-ba53-390f72df09d5", - "alias": "review profile config", - "config": { - "update.profile.on.first.login": "missing" - } - } - ], - "requiredActions": [ - { - "alias": "CONFIGURE_TOTP", - "name": "Configure OTP", - "providerId": "CONFIGURE_TOTP", - "enabled": true, - "defaultAction": false, - "priority": 10, - "config": {} - }, - { - "alias": "TERMS_AND_CONDITIONS", - "name": "Terms and Conditions", - "providerId": "TERMS_AND_CONDITIONS", - "enabled": false, - "defaultAction": false, - "priority": 20, - "config": {} - }, - { - "alias": "UPDATE_PASSWORD", - "name": "Update Password", - "providerId": "UPDATE_PASSWORD", - "enabled": true, - "defaultAction": false, - "priority": 30, - "config": {} - }, - { - "alias": "UPDATE_PROFILE", - "name": "Update Profile", - "providerId": "UPDATE_PROFILE", - "enabled": true, - "defaultAction": false, - "priority": 40, - "config": {} - }, - { - "alias": "VERIFY_EMAIL", - "name": "Verify Email", - "providerId": "VERIFY_EMAIL", - "enabled": true, - "defaultAction": false, - "priority": 50, - "config": {} - }, - { - "alias": "delete_account", - "name": "Delete Account", - "providerId": "delete_account", - "enabled": false, - "defaultAction": false, - "priority": 60, - "config": {} - }, - { - "alias": "webauthn-register", - "name": "Webauthn Register", - "providerId": "webauthn-register", - "enabled": true, - "defaultAction": false, - "priority": 70, - "config": {} - }, - { - "alias": "webauthn-register-passwordless", - "name": "Webauthn Register Passwordless", - "providerId": "webauthn-register-passwordless", - "enabled": true, - "defaultAction": false, - "priority": 80, - "config": {} - }, - { - "alias": "delete_credential", - "name": "Delete Credential", - "providerId": "delete_credential", - "enabled": true, - "defaultAction": false, - "priority": 100, - "config": {} - }, - { - "alias": "update_user_locale", - "name": "Update User Locale", - "providerId": "update_user_locale", - "enabled": true, - "defaultAction": false, - "priority": 1000, - "config": {} - } - ], - "browserFlow": "browser", - "registrationFlow": "registration", - "directGrantFlow": "direct grant", - "resetCredentialsFlow": "reset credentials", - "clientAuthenticationFlow": "clients", - "dockerAuthenticationFlow": "docker auth", - "firstBrokerLoginFlow": "first broker login", - "attributes": { - "cibaBackchannelTokenDeliveryMode": "poll", - "cibaExpiresIn": "120", - "cibaAuthRequestedUserHint": "login_hint", - "oauth2DeviceCodeLifespan": "600", - "clientOfflineSessionMaxLifespan": "0", - "oauth2DevicePollingInterval": "5", - "clientSessionIdleTimeout": "0", - "parRequestUriLifespan": "60", - "clientSessionMaxLifespan": "0", - "clientOfflineSessionIdleTimeout": "0", - "cibaInterval": "5", - "realmReusableOtpCode": "false" - }, - "keycloakVersion": "26.1.3", - "userManagedAccessAllowed": false, - "organizationsEnabled": false, - "verifiableCredentialsEnabled": false, - "adminPermissionsEnabled": false, - "clientProfiles": { - "profiles": [] - }, - "clientPolicies": { - "policies": [] - } -} \ No newline at end of file + ] +} diff --git a/charts/basyx/templates/keycloak/basyx-keycloak-apirule.yaml b/charts/basyx/templates/keycloak/basyx-keycloak-apirule.yaml index 494a491..85e4830 100644 --- a/charts/basyx/templates/keycloak/basyx-keycloak-apirule.yaml +++ b/charts/basyx/templates/keycloak/basyx-keycloak-apirule.yaml @@ -36,7 +36,7 @@ spec: - {{ .Values.keycloak.apirule.host }} service: name: {{ .Values.keycloak.fullnameOverride }} - port: 80 + port: {{ .Values.keycloak.service.httpPort | default 8080 }} timeout: 360 rules: - path: /* diff --git a/charts/basyx/templates/keycloak/basyx-keycloak-realm.yaml b/charts/basyx/templates/keycloak/basyx-keycloak-realm.yaml index d87f968..ae025da 100644 --- a/charts/basyx/templates/keycloak/basyx-keycloak-realm.yaml +++ b/charts/basyx/templates/keycloak/basyx-keycloak-realm.yaml @@ -31,5 +31,5 @@ metadata: name: {{ .Values.keycloak.fullnameOverride }}-realm data: BaSyx-realm.json: |- -{{ .Files.Get "config/BaSyx-realm.json" | indent 4 }} +{{ .Files.Get "config/BaSyx-realm.json" | replace "placeholder-to-be-replaced-by-realm-configmap" .Values.keycloak.technicalUser.clientSecret | indent 4 }} {{ end -}} diff --git a/charts/basyx/templates/keycloak/basyx-keycloak-technical-user-secret.yaml b/charts/basyx/templates/keycloak/basyx-keycloak-technical-user-secret.yaml new file mode 100644 index 0000000..b19f757 --- /dev/null +++ b/charts/basyx/templates/keycloak/basyx-keycloak-technical-user-secret.yaml @@ -0,0 +1,35 @@ +################################################################################ + # Copyright (C) 2025 SAP SE + # + # Permission is hereby granted, free of charge, to any person obtaining + # a copy of this software and associated documentation files (the + # "Software"), to deal in the Software without restriction, including + # without limitation the rights to use, copy, modify, merge, publish, + # distribute, sublicense, and/or sell copies of the Software, and to + # permit persons to whom the Software is furnished to do so, subject to + # the following conditions: + # + # The above copyright notice and this permission notice shall be + # included in all copies or substantial portions of the Software. + # + # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + # + # SPDX-License-Identifier: MIT +################################################################################ + +--- +{{- if .Values.keycloak.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.keycloak.fullnameOverride }}-technical-user +type: Opaque +stringData: + client-secret: {{ .Values.keycloak.technicalUser.clientSecret | quote }} +{{- end }} diff --git a/charts/basyx/values.yaml b/charts/basyx/values.yaml index cda0898..a658cd6 100644 --- a/charts/basyx/values.yaml +++ b/charts/basyx/values.yaml @@ -73,28 +73,67 @@ keycloak: ## @param keycloak.enabled Enable Keycloak ## enabled: false + ## @param keycloak.fullnameOverride Overrides the release name for Keycloak + ## + fullnameOverride: basyx-keycloak ## Keycloak image version image: + ## @param image.registry Keycloak image registry + registry: docker.io ## @param image.repository [default: REPOSITORY_NAME/keycloak] Keycloak image repository - repository: bitnamilegacy/keycloak + repository: keycloak/keycloak ## @skip image.tag Keycloak image tag (immutable tags are recommended) - tag: 26.3.3-debian-12-r0 - ## Keycloak PostgreSQL parameters + tag: "26.5.6@sha256:8d44614c74798322c4e07fbe0ecb15cfbb5879d69b484628555f58ade06f0d8c" + ## Keycloak admin and server parameters + ## + keycloak: + ## @param keycloak.keycloak.adminUser Keycloak administrator user + ## + adminUser: user + ## @param keycloak.keycloak.adminPassword Keycloak administrator password + ## + adminPassword: password + ## @param keycloak.keycloak.hostname Public hostname for Keycloak + ## Depends on: @param keycloak.apirule.host or keycloak.ingress.hosts[0].host + ## + hostname: https://keycloak.basyx.local + ## @param keycloak.keycloak.hostnameStrict Enforce hostname matching + ## + hostnameStrict: false + ## @param keycloak.keycloak.httpEnabled Enable HTTP + ## + httpEnabled: true + ## @param keycloak.keycloak.production false = start-dev mode, true = production start + ## + production: false + ## @param keycloak.keycloak.proxyHeaders Set to "xforwarded" when behind nginx ingress + ## + proxyHeaders: "xforwarded" + ## Keycloak realm import parameters + ## + realm: + ## @param keycloak.realm.import Enable --import-realm startup flag + ## + import: true + ## @param keycloak.realm.configFile Inline realm JSON (leave empty when using extraVolumes) + ## + configFile: "" + ## Keycloak PostgreSQL parameters (sub-chart key is "postgres", not "postgresql") ## - postgresql: - ## @param keycloak.postgresql.enabled Enable PostgreSQL + postgres: + ## @param keycloak.postgres.enabled Enable embedded PostgreSQL ## enabled: true ## PostgreSQL Auth parameters ## auth: - ## @param keycloak.postgresql.auth.username PostgreSQL user + ## @param keycloak.postgres.auth.username PostgreSQL user ## username: keycloak - ## @param keycloak.postgresql.auth.password PostgreSQL password + ## @param keycloak.postgres.auth.password PostgreSQL password ## password: password - ## @param keycloak.postgresql.auth.database PostgreSQL database + ## @param keycloak.postgres.auth.database PostgreSQL database ## database: keycloak ## Keycloak ingress parameters @@ -104,15 +143,19 @@ keycloak: ## @param keycloak.ingress.enabled Enable ingress for Keycloak ## enabled: false - ## @param keycloak.ingress.ingressClassName IngressClass for the ingress + ## @param keycloak.ingress.className IngressClass for the ingress ## - ingressClassName: "" - ## @param keycloak.ingress.hostname Ingress hostname for Keycloak + className: nginx + ## @param keycloak.ingress.hosts Ingress hosts configuration ## - hostname: keycloak.basyx.local - ## @param keycloak.ingress.tls Enable tls + hosts: + - host: keycloak.basyx.local + paths: + - path: / + pathType: Prefix + ## @param keycloak.ingress.tls Ingress TLS configuration ## - tls: false + tls: [] ## Keycloak apirule parameters ## ref: https://kyma-project.io/#/api-gateway/user/custom-resources/apirule/04-10-apirule-custom-resource ## @@ -135,43 +178,34 @@ keycloak: - "OPTIONS" - "TRACE" - "PATCH" - ## Keycloak auth parameters - ## ref: https://github.com/bitnami/containers/tree/main/bitnami/keycloak#admin-credentials - ## - auth: - ## @param keycloak.auth.adminUser Keycloak administrator user - ## - adminUser: user - ## @param keycloak.auth.adminPassword Keycloak administrator password for the new user - ## - adminPassword: password ## Keycloak service parameters ## service: ## @param keycloak.service.type Kubernetes service type ## type: ClusterIP - ## @param keycloak.fullnameOverride Overrides the release name for Keycloak - ## - fullnameOverride: basyx-keycloak - ## @param keycloak.extraVolumes Adds volumes to the Keycloak deployment + ## @param keycloak.service.httpPort Service HTTP port + ## + httpPort: 8080 + ## @param keycloak.extraVolumes Adds volumes to the Keycloak StatefulSet\n ## NOTE: The configMap name must match "{{ keycloak.fullnameOverride }}-realm" (default: basyx-keycloak-realm) ## extraVolumes: - name: basyx-keycloak-realm configMap: name: basyx-keycloak-realm - ## @param keycloak.extraVolumes Mounts volumes to the Keycloak pod + ## @param keycloak.extraVolumeMounts Mounts volumes to the Keycloak container ## extraVolumeMounts: - mountPath: /opt/keycloak/data/import/BaSyx-realm.json subPath: BaSyx-realm.json name: basyx-keycloak-realm - ## @param keycloak.command Overrides container command - command: ["/bin/sh", "-c"] - ## @param keycloak.args Overrides container command args - ## Depends on: @param keycloak.apirule.hostname or keycloak.ingress.hostname (see flag hostname) + + ## Technical User parameters + ## + ## @param keycloak.technicalUser.clientSecret Client secret for the basyx-technical-user service account ## - args: ["kc.sh import --file /opt/keycloak/data/import/BaSyx-realm.json; kc.sh start-dev --hostname=https://keycloak.basyx.local --hostname-strict=false --hostname-debug=true"] + technicalUser: + clientSecret: "changeme" ## MQTT parameters ## @@ -482,14 +516,6 @@ aas-registry: "aasIds": "*" } }, - { - "role": "basyx-reader-two", - "action": "READ", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "dummyShellId_3" - } - }, { "role": "basyx-creator", "action": "CREATE", @@ -506,14 +532,6 @@ aas-registry: "aasIds": "*" } }, - { - "role": "basyx-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "dummyShellId_3" - } - }, { "role": "basyx-asset-updater", "action": "UPDATE", @@ -522,14 +540,6 @@ aas-registry: "aasIds": "*" } }, - { - "role": "basyx-asset-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "specificAasId-2" - } - }, { "role": "basyx-deleter", "action": "DELETE", @@ -537,14 +547,6 @@ aas-registry: "@type": "aas-registry", "aasIds": "*" } - }, - { - "role": "basyx-deleter-two", - "action": "DELETE", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "specificAasId-2" - } } ] @@ -684,14 +686,6 @@ sm-registry: "submodelIds": "*" } }, - { - "role": "basyx-reader-two", - "action": "READ", - "targetInformation": { - "@type": "submodel-registry", - "submodelIds": "dummySubmodelId_3" - } - }, { "role": "basyx-creator", "action": "CREATE", @@ -708,14 +702,6 @@ sm-registry: "submodelIds": "*" } }, - { - "role": "basyx-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "submodel-registry", - "submodelIds": "dummySubmodelId_3" - } - }, { "role": "basyx-asset-updater", "action": "UPDATE", @@ -724,14 +710,6 @@ sm-registry: "submodelIds": "*" } }, - { - "role": "basyx-asset-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "submodel-registry", - "submodelIds": "specificSubmodelId-2" - } - }, { "role": "basyx-deleter", "action": "DELETE", @@ -739,14 +717,6 @@ sm-registry: "@type": "submodel-registry", "submodelIds": "*" } - }, - { - "role": "basyx-deleter-two", - "action": "DELETE", - "targetInformation": { - "@type": "submodel-registry", - "submodelIds": "specificSubmodelId-2" - } } ] @@ -1083,15 +1053,6 @@ aas-environment: "submodelElementIdShortPaths": "*" } }, - { - "role": "basyx-reader-two", - "action": "READ", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId", - "submodelElementIdShortPaths": "*" - } - }, { "role": "basyx-sme-reader", "action": "READ", @@ -1101,15 +1062,6 @@ aas-environment: "submodelElementIdShortPaths": ["testSMEIdShortPath1","smc2.specificSubmodelElementIdShort","testSMEIdShortPath2"] } }, - { - "role": "basyx-sme-reader-two", - "action": "READ", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId", - "submodelElementIdShortPaths": "smc2.specificFileSubmodelElementIdShort" - } - }, { "role": "basyx-creator", "action": "CREATE", @@ -1128,15 +1080,6 @@ aas-environment: "submodelElementIdShortPaths": "*" } }, - { - "role": "basyx-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId", - "submodelElementIdShortPaths": "*" - } - }, { "role": "basyx-sme-updater", "action": "UPDATE", @@ -1146,24 +1089,6 @@ aas-environment: "submodelElementIdShortPaths": "smc2.specificFileSubmodelElementIdShort" } }, - { - "role": "basyx-sme-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId", - "submodelElementIdShortPaths": "smc2" - } - }, - { - "role": "basyx-sme-updater-three", - "action": "UPDATE", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId-2", - "submodelElementIdShortPaths": "smc1.specificSubmodelElementIdShort-2" - } - }, { "role": "basyx-file-sme-updater", "action": "UPDATE", @@ -1182,15 +1107,6 @@ aas-environment: "submodelElementIdShortPaths": "*" } }, - { - "role": "basyx-deleter-two", - "action": "DELETE", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId-2", - "submodelElementIdShortPaths": "*" - } - }, { "role": "basyx-executor", "action": "EXECUTE", @@ -1200,15 +1116,6 @@ aas-environment: "submodelElementIdShortPaths": "*" } }, - { - "role": "basyx-executor-two", - "action": "EXECUTE", - "targetInformation": { - "@type": "submodel", - "submodelIds": "specificSubmodelId", - "submodelElementIdShortPaths": "square" - } - }, { "role": "basyx-file-sme-reader", "action": "READ", @@ -1471,14 +1378,6 @@ aas-digitaltwinregistry: "aasIds": "*" } }, - { - "role": "basyx-reader-two", - "action": "READ", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "dummyShellId_3" - } - }, { "role": "basyx-creator", "action": "CREATE", @@ -1495,14 +1394,6 @@ aas-digitaltwinregistry: "aasIds": "*" } }, - { - "role": "basyx-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "dummyShellId_3" - } - }, { "role": "basyx-asset-updater", "action": "UPDATE", @@ -1511,14 +1402,6 @@ aas-digitaltwinregistry: "aasIds": "*" } }, - { - "role": "basyx-asset-updater-two", - "action": "UPDATE", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "specificAasId-2" - } - }, { "role": "basyx-deleter", "action": "DELETE", @@ -1527,14 +1410,6 @@ aas-digitaltwinregistry: "aasIds": "*" } }, - { - "role": "basyx-deleter-two", - "action": "DELETE", - "targetInformation": { - "@type": "aas-registry", - "aasIds": "specificAasId-2" - } - }, { "role": "basyx-uploader", "action": "READ",