From 34d088ac23420d689df89bb707925db7465072bb Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Mon, 24 Nov 2025 17:16:13 +0100 Subject: [PATCH 01/72] Deploy mvd --- deployment/consumer.tf | 10 +++++----- deployment/issuer.tf | 8 ++++---- deployment/issuer_nginx.tf | 6 +++--- deployment/main.tf | 12 +++++++++-- .../modules/catalog-server/catalog-server.tf | 4 ++-- deployment/modules/connector/controlplane.tf | 4 ++-- deployment/modules/connector/dataplane.tf | 4 ++-- deployment/modules/identity-hub/main.tf | 4 ++-- deployment/modules/issuer/main.tf | 4 ++-- deployment/modules/postgres/main.tf | 2 +- deployment/provider.tf | 20 +++++++++---------- seed-k8s.sh | 14 ++++++------- 12 files changed, 50 insertions(+), 42 deletions(-) diff --git a/deployment/consumer.tf b/deployment/consumer.tf index 2e194b89d..33e21b104 100644 --- a/deployment/consumer.tf +++ b/deployment/consumer.tf @@ -25,7 +25,7 @@ module "consumer-connector" { url = "jdbc:postgresql://${module.consumer-postgres.database-url}/consumer" } vault-url = "http://consumer-vault:8200" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "consumer" #kubernetes_namespace.ns.metadata.0.name sts-token-url = "${module.consumer-identityhub.sts-token-url}/token" useSVE = var.useSVE } @@ -44,7 +44,7 @@ module "consumer-identityhub" { password = "consumer" url = "jdbc:postgresql://${module.consumer-postgres.database-url}/consumer" } - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "consumer" #kubernetes_namespace.ns.metadata.0.name useSVE = var.useSVE } @@ -53,7 +53,7 @@ module "consumer-identityhub" { module "consumer-vault" { source = "./modules/vault" humanReadableName = "consumer-vault" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "consumer" #kubernetes_namespace.ns.metadata.0.name } # Postgres database for the consumer @@ -62,14 +62,14 @@ module "consumer-postgres" { source = "./modules/postgres" instance-name = "consumer" init-sql-configs = ["consumer-initdb-config"] - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "consumer" #kubernetes_namespace.ns.metadata.0.name } # DB initialization for the EDC database resource "kubernetes_config_map" "postgres-initdb-config-consumer" { metadata { name = "consumer-initdb-config" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "consumer" #kubernetes_namespace.ns.metadata.0.name } data = { "consumer-initdb-config.sql" = <<-EOT diff --git a/deployment/issuer.tf b/deployment/issuer.tf index c49f658f3..7420a1ab0 100644 --- a/deployment/issuer.tf +++ b/deployment/issuer.tf @@ -20,8 +20,8 @@ module "dataspace-issuer" { password = "issuer" url = "jdbc:postgresql://${module.dataspace-issuer-postgres.database-url}/issuer" } - vault-url = "http://consumer-vault:8200" - namespace = kubernetes_namespace.ns.metadata.0.name + vault-url = "http://consumer-vault.consumer.svc.cluster.local:8200" + namespace = "kordat" #kubernetes_namespace.ns.metadata.0.name useSVE = var.useSVE } @@ -31,14 +31,14 @@ module "dataspace-issuer-postgres" { source = "./modules/postgres" instance-name = "issuer" init-sql-configs = ["issuer-initdb-config"] - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "kordat" #kubernetes_namespace.ns.metadata.0.name } # DB initialization for the EDC database resource "kubernetes_config_map" "issuer-initdb-config" { metadata { name = "issuer-initdb-config" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "kordat" #kubernetes_namespace.ns.metadata.0.name } data = { "issuer-initdb-config.sql" = <<-EOT diff --git a/deployment/issuer_nginx.tf b/deployment/issuer_nginx.tf index 3d6070a69..2ad00e466 100644 --- a/deployment/issuer_nginx.tf +++ b/deployment/issuer_nginx.tf @@ -21,7 +21,7 @@ resource "kubernetes_deployment" "dataspace-issuer-did-server" { metadata { name = "dataspace-issuer-server" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "kordat" #kubernetes_namespace.ns.metadata.0.name labels = { App = "dataspace-issuer-server" } @@ -82,7 +82,7 @@ resource "kubernetes_deployment" "dataspace-issuer-did-server" { resource "kubernetes_service" "dataspace-issuer-did-server-service" { metadata { name = "dataspace-issuer" # this must correlate with the Issuer's DID: did:web:dataspace-issuer -> http://dataspace-issuer/.well-known/did.json - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "kordat" #kubernetes_namespace.ns.metadata.0.name } spec { type = "NodePort" @@ -100,7 +100,7 @@ resource "kubernetes_service" "dataspace-issuer-did-server-service" { resource "kubernetes_config_map" "nginx-map" { metadata { name = "nginx-conf" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "kordat" #kubernetes_namespace.ns.metadata.0.name } data = { diff --git a/deployment/main.tf b/deployment/main.tf index 2a96bac99..388c11f9a 100644 --- a/deployment/main.tf +++ b/deployment/main.tf @@ -32,6 +32,7 @@ terraform { source = "hashicorp/helm" } } + required_version = ">= 1.13.0" } provider "kubernetes" { @@ -44,8 +45,15 @@ provider "helm" { } } -resource "kubernetes_namespace" "ns" { +resource "kubernetes_namespace" "ns_consumer" { metadata { - name = "mvd" + name = "consumer" } } + +resource "kubernetes_namespace" "ns_provider" { + metadata { + name = "provider" + } +} + diff --git a/deployment/modules/catalog-server/catalog-server.tf b/deployment/modules/catalog-server/catalog-server.tf index aad588755..cdd18a4f2 100644 --- a/deployment/modules/catalog-server/catalog-server.tf +++ b/deployment/modules/catalog-server/catalog-server.tf @@ -44,8 +44,8 @@ resource "kubernetes_deployment" "connector" { spec { container { name = lower(var.humanReadableName) - image = "catalog-server:latest" - image_pull_policy = "Never" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-catalog-server:latest" + image_pull_policy = "IfNotPresent" env_from { config_map_ref { diff --git a/deployment/modules/connector/controlplane.tf b/deployment/modules/connector/controlplane.tf index 86b7722b2..68ed49597 100644 --- a/deployment/modules/connector/controlplane.tf +++ b/deployment/modules/connector/controlplane.tf @@ -44,8 +44,8 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "controlplane:latest" - image_pull_policy = "Never" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:latest" + image_pull_policy = "IfNotPresent" env_from { config_map_ref { diff --git a/deployment/modules/connector/dataplane.tf b/deployment/modules/connector/dataplane.tf index 6a7d56e37..cfeadabd2 100644 --- a/deployment/modules/connector/dataplane.tf +++ b/deployment/modules/connector/dataplane.tf @@ -46,8 +46,8 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "dataplane:latest" - image_pull_policy = "Never" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:latest" + image_pull_policy = "IfNotPresent" env_from { config_map_ref { diff --git a/deployment/modules/identity-hub/main.tf b/deployment/modules/identity-hub/main.tf index e8aacd8f9..d909d3300 100644 --- a/deployment/modules/identity-hub/main.tf +++ b/deployment/modules/identity-hub/main.tf @@ -37,8 +37,8 @@ resource "kubernetes_deployment" "identityhub" { spec { container { - image_pull_policy = "Never" - image = "identity-hub:latest" + image_pull_policy = "IfNotPresent" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:latest" name = "identity-hub" env_from { diff --git a/deployment/modules/issuer/main.tf b/deployment/modules/issuer/main.tf index c19adf7e0..9a2e4efb7 100644 --- a/deployment/modules/issuer/main.tf +++ b/deployment/modules/issuer/main.tf @@ -37,8 +37,8 @@ resource "kubernetes_deployment" "issuerservice" { spec { container { - image_pull_policy = "Never" - image = "issuerservice:latest" + image_pull_policy = "IfNotPresent" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-issuerservice:latest" name = "issuerservice" env_from { diff --git a/deployment/modules/postgres/main.tf b/deployment/modules/postgres/main.tf index 31571f954..4653df163 100644 --- a/deployment/modules/postgres/main.tf +++ b/deployment/modules/postgres/main.tf @@ -125,7 +125,7 @@ resource "kubernetes_service" "pg-service" { locals { app-name = "${var.instance-name}-postgres" - pg-image = "postgres:16.3-alpine3.20" + pg-image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-postgres:16.3-alpine3.20" db-ip = kubernetes_service.pg-service.spec.0.cluster_ip db-url = "${kubernetes_service.pg-service.metadata[0].name}:${var.database-port}" } diff --git a/deployment/provider.tf b/deployment/provider.tf index 454fa76ff..70744ced1 100644 --- a/deployment/provider.tf +++ b/deployment/provider.tf @@ -25,7 +25,7 @@ module "provider-qna-connector" { password = "provider-qna" url = "jdbc:postgresql://${module.provider-postgres.database-url}/provider_qna" } - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name vault-url = "http://provider-vault:8200" sts-token-url = "${module.provider-identityhub.sts-token-url}/token" useSVE = var.useSVE @@ -41,7 +41,7 @@ module "provider-manufacturing-connector" { password = "provider-manufacturing" url = "jdbc:postgresql://${module.provider-postgres.database-url}/provider_manufacturing" } - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name vault-url = "http://provider-vault:8200" sts-token-url = "${module.provider-identityhub.sts-token-url}/token" useSVE = var.useSVE @@ -56,7 +56,7 @@ module "provider-identityhub" { participantId = var.provider-did vault-url = "http://provider-vault:8200" service-name = "provider" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name database = { user = "identity" @@ -71,7 +71,7 @@ module "provider-catalog-server" { source = "./modules/catalog-server" humanReadableName = "provider-catalog-server" participantId = var.provider-did - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name vault-url = "http://provider-vault:8200" sts-token-url = "${module.provider-identityhub.sts-token-url}/token" @@ -86,7 +86,7 @@ module "provider-catalog-server" { module "provider-vault" { source = "./modules/vault" humanReadableName = "provider-vault" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name } # Postgres database for the consumer @@ -100,13 +100,13 @@ module "provider-postgres" { kubernetes_config_map.postgres-initdb-config-pm.metadata[0].name, kubernetes_config_map.postgres-initdb-config-ih.metadata[0].name, ] - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name } resource "kubernetes_config_map" "postgres-initdb-config-cs" { metadata { name = "cs-initdb-config" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name } data = { "cs-initdb-config.sql" = <<-EOT @@ -121,7 +121,7 @@ resource "kubernetes_config_map" "postgres-initdb-config-cs" { resource "kubernetes_config_map" "postgres-initdb-config-pqna" { metadata { name = "provider-qna-initdb-config" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name } data = { "provider-qna-initdb-config.sql" = <<-EOT @@ -136,7 +136,7 @@ resource "kubernetes_config_map" "postgres-initdb-config-pqna" { resource "kubernetes_config_map" "postgres-initdb-config-pm" { metadata { name = "provider-manufacturing-initdb-config" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name } data = { "provider-manufacturing-initdb-config.sql" = <<-EOT @@ -151,7 +151,7 @@ resource "kubernetes_config_map" "postgres-initdb-config-pm" { resource "kubernetes_config_map" "postgres-initdb-config-ih" { metadata { name = "ih-initdb-config" - namespace = kubernetes_namespace.ns.metadata.0.name + namespace = "provider" #kubernetes_namespace.ns.metadata.0.name } data = { "ih-initdb-config.sql" = <<-EOT diff --git a/seed-k8s.sh b/seed-k8s.sh index 56f1e7b2a..3eb0f063f 100755 --- a/seed-k8s.sh +++ b/seed-k8s.sh @@ -21,7 +21,7 @@ echo echo echo "Seed data to 'provider-qna' and 'provider-manufacturing'" -for url in 'http://127.0.0.1/provider-manufacturing/cp' 'http://127.0.0.1/provider-qna/cp' +for url in 'http://127.0.0.1:8088/provider-manufacturing/cp' 'http://127.0.0.1:8088/provider-qna/cp' do newman run \ --folder "Seed" \ @@ -35,7 +35,7 @@ echo echo "Create linked assets on the Catalog Server" newman run \ --folder "Seed Catalog Server" \ - --env-var "HOST=http://127.0.0.1/provider-catalog-server/cp" \ + --env-var "HOST=http://127.0.0.1:8088/provider-catalog-server/cp" \ --env-var "PROVIDER_QNA_DSP_URL=http://provider-qna-controlplane:8082" \ --env-var "PROVIDER_MF_DSP_URL=http://provider-manufacturing-controlplane:8082" \ ./deployment/postman/MVD.postman_collection.json @@ -75,7 +75,7 @@ DATA_CONSUMER=$(jq -n --arg url "$CONSUMER_CONTROLPLANE_SERVICE_URL" --arg ihurl } }') -curl --location "http://127.0.0.1/consumer/cs/api/identity/v1alpha/participants/" \ +curl --location "http://127.0.0.1:8088/consumer/cs/api/identity/v1alpha/participants/" \ --header 'Content-Type: application/json' \ --header "x-api-key: $API_KEY" \ --data "$DATA_CONSUMER" @@ -105,7 +105,7 @@ DATA_PROVIDER=$(jq -n --arg url "$PROVIDER_CONTROLPLANE_SERVICE_URL" --arg ihurl ], "active": true, "participantId": "did:web:provider-identityhub%3A7083:provider", - "did": "did:web:provider-identityhub%3A7083:provider", + "did": "did:web:provider-identityhub%3A7083:provide/seed-k8s.shr", "key":{ "keyId": "did:web:provider-identityhub%3A7083:provider#key-1", "privateKeyAlias": "did:web:provider-identityhub%3A7083:provider#key-1", @@ -115,7 +115,7 @@ DATA_PROVIDER=$(jq -n --arg url "$PROVIDER_CONTROLPLANE_SERVICE_URL" --arg ihurl } }') -curl --location "http://127.0.0.1/provider/cs/api/identity/v1alpha/participants/" \ +curl --location "http://127.0.0.1:8088/provider/cs/api/identity/v1alpha/participants/" \ --header 'Content-Type: application/json' \ --header "x-api-key: $API_KEY" \ --data "$DATA_PROVIDER" @@ -148,14 +148,14 @@ DATA_ISSUER=$(jq -n --arg pem "$PEM_ISSUER" '{ } }') -curl -s --location 'http://127.0.0.1/issuer/cs/api/identity/v1alpha/participants/' \ +curl -s --location 'http://127.0.0.1:8088/issuer/cs/api/identity/v1alpha/participants/' \ --header 'Content-Type: application/json' \ --data "$DATA_ISSUER" ## Seed participant data to the issuer service newman run \ --folder "Seed Issuer SQL" \ - --env-var "ISSUER_ADMIN_URL=http://127.0.0.1/issuer/ad" \ + --env-var "ISSUER_ADMIN_URL=http://127.0.0.1:8088/issuer/ad" \ --env-var "CONSUMER_ID=did:web:consumer-identityhub%3A7083:consumer" \ --env-var "CONSUMER_NAME=MVD Consumer Participant" \ --env-var "PROVIDER_ID=did:web:provider-identityhub%3A7083:provider" \ From 751edf5e0f45c7f9faa1df90e324b29771f64b82 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 27 Nov 2025 17:02:03 +0100 Subject: [PATCH 02/72] Connector deployment refactor --- .../assets/consumer_private.pem | 5 + .../assets/consumer_public.pem | 4 + .../consumer/dataprocessor-credential.json | 39 ++++ .../k8s/consumer/dataprocessor_vc.json | 24 +++ .../k8s/consumer/membership-credential.json | 41 ++++ .../k8s/consumer/membership_vc.json | 31 +++ .../provider/dataprocessor-credential.json | 39 ++++ .../k8s/provider/dataprocessor_vc.json | 24 +++ .../k8s/provider/membership-credential.json | 43 ++++ .../k8s/provider/membership_vc.json | 31 +++ .../consumer/dataprocessor-credential.json | 39 ++++ .../local/consumer/membership-credential.json | 41 ++++ .../consumer/unsigned/dataprocessor_vc.json | 24 +++ .../consumer/unsigned/membership_vc.json | 31 +++ .../provider/dataprocessor-credential.json | 39 ++++ .../local/provider/membership-credential.json | 43 ++++ .../provider/unsigned/dataprocessor_vc.json | 24 +++ .../provider/unsigned/membership_vc.json | 31 +++ .../assets/env/consumer_connector.env | 38 ++++ .../assets/env/consumer_identityhub.env | 19 ++ .../assets/env/issuerservice.env | 15 ++ .../assets/env/provider_catalogserver.env | 20 ++ .../env/provider_connector_manufacturing.env | 38 ++++ .../assets/env/provider_connector_qna.env | 38 ++++ .../assets/env/provider_identityhub.env | 19 ++ .../assets/issuer/did.docker.json | 26 +++ .../assets/issuer/did.k8s.json | 26 +++ connector_deployment/assets/issuer/nginx.conf | 9 + .../assets/issuer_private.pem | 3 + connector_deployment/assets/issuer_public.pem | 3 + .../assets/participants/participants.k8s.json | 4 + .../participants/participants.local.json | 4 + .../assets/provider_private.pem | 5 + .../assets/provider_public.pem | 4 + connector_deployment/connector.tf | 63 ++++++ connector_deployment/database.tf | 38 ++++ connector_deployment/kms.tf | 7 + connector_deployment/locals.tf | 5 + .../modules/connector/controlplane.tf | 185 ++++++++++++++++++ .../modules/connector/dataplane.tf | 137 +++++++++++++ .../modules/connector/ingress.tf | 99 ++++++++++ .../modules/connector/outputs.tf | 38 ++++ .../modules/connector/services.tf | 76 +++++++ .../modules/connector/variables.tf | 115 +++++++++++ .../modules/identity-hub/ingress.tf | 81 ++++++++ .../modules/identity-hub/main.tf | 171 ++++++++++++++++ .../modules/identity-hub/outputs.tf | 42 ++++ .../modules/identity-hub/services.tf | 46 +++++ .../modules/identity-hub/variables.tf | 115 +++++++++++ connector_deployment/modules/kms/README.md | 44 +++++ connector_deployment/modules/kms/input.tf | 31 +++ connector_deployment/modules/kms/kms.tf | 22 +++ connector_deployment/modules/kms/output.tf | 6 + .../modules/random_string_generator/README.md | 54 +++++ .../modules/random_string_generator/input.tf | 16 ++ .../modules/random_string_generator/output.tf | 4 + .../random_string_generator.tf | 5 + .../modules/s3_bucket/README.md | 79 ++++++++ .../modules/s3_bucket/bucket.tf | 92 +++++++++ .../modules/s3_bucket/input.tf | 70 +++++++ .../modules/s3_bucket/output.tf | 11 ++ .../modules/vault/variables.tf | 44 +++++ .../modules/vault/vault-values.yaml | 22 +++ connector_deployment/modules/vault/vault.tf | 70 +++++++ connector_deployment/outputs.tf | 31 +++ connector_deployment/providers.tf | 50 +++++ connector_deployment/s3.tf | 8 + connector_deployment/variables.tf | 46 +++++ 68 files changed, 2747 insertions(+) create mode 100644 connector_deployment/assets/consumer_private.pem create mode 100644 connector_deployment/assets/consumer_public.pem create mode 100644 connector_deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json create mode 100644 connector_deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json create mode 100644 connector_deployment/assets/credentials/k8s/consumer/membership-credential.json create mode 100644 connector_deployment/assets/credentials/k8s/consumer/membership_vc.json create mode 100644 connector_deployment/assets/credentials/k8s/provider/dataprocessor-credential.json create mode 100644 connector_deployment/assets/credentials/k8s/provider/dataprocessor_vc.json create mode 100644 connector_deployment/assets/credentials/k8s/provider/membership-credential.json create mode 100644 connector_deployment/assets/credentials/k8s/provider/membership_vc.json create mode 100644 connector_deployment/assets/credentials/local/consumer/dataprocessor-credential.json create mode 100644 connector_deployment/assets/credentials/local/consumer/membership-credential.json create mode 100644 connector_deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json create mode 100644 connector_deployment/assets/credentials/local/consumer/unsigned/membership_vc.json create mode 100644 connector_deployment/assets/credentials/local/provider/dataprocessor-credential.json create mode 100644 connector_deployment/assets/credentials/local/provider/membership-credential.json create mode 100644 connector_deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json create mode 100644 connector_deployment/assets/credentials/local/provider/unsigned/membership_vc.json create mode 100644 connector_deployment/assets/env/consumer_connector.env create mode 100644 connector_deployment/assets/env/consumer_identityhub.env create mode 100644 connector_deployment/assets/env/issuerservice.env create mode 100644 connector_deployment/assets/env/provider_catalogserver.env create mode 100644 connector_deployment/assets/env/provider_connector_manufacturing.env create mode 100644 connector_deployment/assets/env/provider_connector_qna.env create mode 100644 connector_deployment/assets/env/provider_identityhub.env create mode 100644 connector_deployment/assets/issuer/did.docker.json create mode 100644 connector_deployment/assets/issuer/did.k8s.json create mode 100644 connector_deployment/assets/issuer/nginx.conf create mode 100644 connector_deployment/assets/issuer_private.pem create mode 100644 connector_deployment/assets/issuer_public.pem create mode 100644 connector_deployment/assets/participants/participants.k8s.json create mode 100644 connector_deployment/assets/participants/participants.local.json create mode 100644 connector_deployment/assets/provider_private.pem create mode 100644 connector_deployment/assets/provider_public.pem create mode 100644 connector_deployment/connector.tf create mode 100644 connector_deployment/database.tf create mode 100644 connector_deployment/kms.tf create mode 100644 connector_deployment/locals.tf create mode 100644 connector_deployment/modules/connector/controlplane.tf create mode 100644 connector_deployment/modules/connector/dataplane.tf create mode 100644 connector_deployment/modules/connector/ingress.tf create mode 100644 connector_deployment/modules/connector/outputs.tf create mode 100644 connector_deployment/modules/connector/services.tf create mode 100644 connector_deployment/modules/connector/variables.tf create mode 100644 connector_deployment/modules/identity-hub/ingress.tf create mode 100644 connector_deployment/modules/identity-hub/main.tf create mode 100644 connector_deployment/modules/identity-hub/outputs.tf create mode 100644 connector_deployment/modules/identity-hub/services.tf create mode 100644 connector_deployment/modules/identity-hub/variables.tf create mode 100644 connector_deployment/modules/kms/README.md create mode 100644 connector_deployment/modules/kms/input.tf create mode 100644 connector_deployment/modules/kms/kms.tf create mode 100644 connector_deployment/modules/kms/output.tf create mode 100644 connector_deployment/modules/random_string_generator/README.md create mode 100644 connector_deployment/modules/random_string_generator/input.tf create mode 100644 connector_deployment/modules/random_string_generator/output.tf create mode 100644 connector_deployment/modules/random_string_generator/random_string_generator.tf create mode 100644 connector_deployment/modules/s3_bucket/README.md create mode 100644 connector_deployment/modules/s3_bucket/bucket.tf create mode 100644 connector_deployment/modules/s3_bucket/input.tf create mode 100644 connector_deployment/modules/s3_bucket/output.tf create mode 100644 connector_deployment/modules/vault/variables.tf create mode 100644 connector_deployment/modules/vault/vault-values.yaml create mode 100644 connector_deployment/modules/vault/vault.tf create mode 100644 connector_deployment/outputs.tf create mode 100644 connector_deployment/providers.tf create mode 100644 connector_deployment/s3.tf create mode 100644 connector_deployment/variables.tf diff --git a/connector_deployment/assets/consumer_private.pem b/connector_deployment/assets/consumer_private.pem new file mode 100644 index 000000000..81c28bac2 --- /dev/null +++ b/connector_deployment/assets/consumer_private.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIARDUGJgKy1yzxkueIJ1k3MPUWQ/tbQWQNqW6TjyHpdcoAoGCCqGSM49 +AwEHoUQDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5roYnkAXuqCYfNK3ex+hMWFuiX +GUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/connector_deployment/assets/consumer_public.pem b/connector_deployment/assets/consumer_public.pem new file mode 100644 index 000000000..977a19576 --- /dev/null +++ b/connector_deployment/assets/consumer_public.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5r +oYnkAXuqCYfNK3ex+hMWFuiXGUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/connector_deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/connector_deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json new file mode 100644 index 000000000..f7c8f50dc --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", + "participantContextId": "did:web:consumer-identityhub%3A7083:consumer", + "timestamp": 1700659822500, + "issuerId": "did:web:dataspace-issuer", + "holderId": "did:web:consumer-identityhub%3A7083:consumer", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "VC1_0_JWT", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6Y29uc3VtZXIiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzQ4ODQ0OTE5fQ.Asd_5HEu-UaV3bSZ3DlkIlI5yiAik18JcAtKwK6HVx3MAW5uR907lEJfgdO29eHfTR9_qiHG5OitXYCpL_sxBQ", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:consumer-identityhub%3A7083:consumer", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1235", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:web:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json b/connector_deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json new file mode 100644 index 000000000..fb5154731 --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json @@ -0,0 +1,24 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": "did:web:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:consumer-identityhub%3A7083:consumer", + "contractVersion": "1.0.0", + "level": "processing" + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/k8s/consumer/membership-credential.json b/connector_deployment/assets/credentials/k8s/consumer/membership-credential.json new file mode 100644 index 000000000..c8d45368d --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/consumer/membership-credential.json @@ -0,0 +1,41 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantContextId": "did:web:consumer-identityhub%3A7083:consumer", + "timestamp": 1700659822500, + "issuerId": "did:web:dataspace-issuer", + "holderId": "did:web:consumer-identityhub%3A7083:consumer", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJmaXp6LmJ1enpAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc0ODg0NDkxOX0.xcb9qKJ_BGGj_KvSM9lZIdJW01FSdDjALXxhmH8CehkOPy2nXGnWKIbjHJZmW60NtU7kqRC23THU7OWFs28EDw", + "format": "VC1_0_JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membershipType": "FullMember", + "website": "www.some-other-website.com", + "contact": "bar.baz@company.com", + "since": "2023-01-01T00:00:00Z" + }, + "id": "did:web:consumer-identityhub%3A7083:consumer" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:web:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/k8s/consumer/membership_vc.json b/connector_deployment/assets/credentials/k8s/consumer/membership_vc.json new file mode 100644 index 000000000..d3f4ae745 --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/consumer/membership_vc.json @@ -0,0 +1,31 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": "did:web:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:consumer-identityhub%3A7083:consumer", + "membership": { + "membershipType": "FullMember", + "website": "www.whatever.com", + "contact": "fizz.buzz@whatever.com", + "since": "2023-01-01T00:00:00Z" + } + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/connector_deployment/assets/credentials/k8s/provider/dataprocessor-credential.json new file mode 100644 index 000000000..7ed5bee2c --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/provider/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1ca7", + "participantContextId": "did:web:provider-identityhub%3A7083:provider", + "timestamp": 1700659822500, + "issuerId": "did:web:dataspace-issuer", + "holderId": "did:web:provider-identityhub%3A7083:provider", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "VC1_0_JWT", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkRhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIn19LCJpYXQiOjE3NDg4NDQ5MTl9.lgSIzaPA9mm1LTEssDlfG2bcKUyhjWfjl85yEMHcKxAjl3kyFw1lBSokCR85f2bm-ZBHiAfCh9M9W1jixjPTCg", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:provider-identityhub%3A7083:provider", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1265", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:web:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/k8s/provider/dataprocessor_vc.json b/connector_deployment/assets/credentials/k8s/provider/dataprocessor_vc.json new file mode 100644 index 000000000..ff3160ebb --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/provider/dataprocessor_vc.json @@ -0,0 +1,24 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": "did:web:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:provider-identityhub%3A7083:provider", + "level": "processing", + "contractVersion": "1.0.0" + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/k8s/provider/membership-credential.json b/connector_deployment/assets/credentials/k8s/provider/membership-credential.json new file mode 100644 index 000000000..076ef60e0 --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/provider/membership-credential.json @@ -0,0 +1,43 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantContextId": "did:web:provider-identityhub%3A7083:provider", + "timestamp": 1700659822500, + "issuerId": "did:web:dataspace-issuer", + "holderId": "did:web:provider-identityhub%3A7083:provider", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc0ODg0NDkxOH0.iX84wIF6unwmOWPtyRHAYv-YaoDSTzHl1ioZcfa-Y6aMGzbgD4EDhjKY9syR5mdYYIvqs__cAN-d3MOKbMgjDA", + "format": "VC1_0_JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membership": { + "membershipType": "FullMember", + "website": "www.company-website.com", + "contact": "max.mustermann@company.com", + "since": "2023-05-08T00:00:00Z" + } + }, + "id": "did:web:provider-identityhub%3A7083:provider" + } + ], + "id": "http://org.yourdataspace.com/credentials/1234", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:web:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/k8s/provider/membership_vc.json b/connector_deployment/assets/credentials/k8s/provider/membership_vc.json new file mode 100644 index 000000000..4cf4ec500 --- /dev/null +++ b/connector_deployment/assets/credentials/k8s/provider/membership_vc.json @@ -0,0 +1,31 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": "did:web:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:provider-identityhub%3A7083:provider", + "membership": { + "membershipType": "FullMember", + "website": "www.whatever.com", + "contact": "mix.max@whatever.com", + "since": "2023-01-01T00:00:00Z" + } + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/connector_deployment/assets/credentials/local/consumer/dataprocessor-credential.json new file mode 100644 index 000000000..934f2d850 --- /dev/null +++ b/connector_deployment/assets/credentials/local/consumer/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", + "participantContextId": "did:web:localhost%3A7083", + "timestamp": 1700659822500, + "issuerId": "did:web:localhost%3A9876", + "holderId": "did:web:localhost%3A7093", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "VC1_0_JWT", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDgzIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTc0ODg0NDkxOX0.B3ZjHNsiOhuiv78uv4hu08LyA9gZrciMhKOHsC9CV99_KesoWQAjrsg2bJd2b3QQguLoR0C3S3u-9tcYvmB1Cg", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:localhost%3A7083", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1235", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:web:localhost%3A9876", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/local/consumer/membership-credential.json b/connector_deployment/assets/credentials/local/consumer/membership-credential.json new file mode 100644 index 000000000..95ce92cd9 --- /dev/null +++ b/connector_deployment/assets/credentials/local/consumer/membership-credential.json @@ -0,0 +1,41 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantContextId": "did:web:localhost%3A7083", + "timestamp": 1700659822500, + "issuerId": "did:web:localhost%3A9876", + "holderId": "did:web:localhost%3A7083", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E5ODc2IiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoibWl4Lm1heEB3aGF0ZXZlci5jb20iLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19fSwiaWF0IjoxNzQ4ODQ0OTE5fQ.xnb1qnjEUpSAzFlJT9krVkW8y7MffVJL7xhfimLEV2ADYtRw_94LvcYuv-eFwMcOEMtNzfWj4MRoM2IslI5rBw", + "format": "VC1_0_JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membershipType": "FullMember", + "website": "www.some-other-website.com", + "contact": "bar.baz@company.com", + "since": "2023-01-01T00:00:00Z" + }, + "id": "did:web:localhost%3A7083" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:web:localhost%3A9876", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json b/connector_deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json new file mode 100644 index 000000000..e65876bf7 --- /dev/null +++ b/connector_deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json @@ -0,0 +1,24 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": "did:web:localhost%3A9876", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:localhost%3A7083", + "contractVersion": "1.0.0", + "level": "processing" + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/local/consumer/unsigned/membership_vc.json b/connector_deployment/assets/credentials/local/consumer/unsigned/membership_vc.json new file mode 100644 index 000000000..65b1b56da --- /dev/null +++ b/connector_deployment/assets/credentials/local/consumer/unsigned/membership_vc.json @@ -0,0 +1,31 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": "did:web:localhost%3A9876", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:localhost%3A7083", + "membership": { + "membershipType": "FullMember", + "website": "www.whatever.com", + "contact": "mix.max@whatever.com", + "since": "2023-01-01T00:00:00Z" + } + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/local/provider/dataprocessor-credential.json b/connector_deployment/assets/credentials/local/provider/dataprocessor-credential.json new file mode 100644 index 000000000..aadbef8fe --- /dev/null +++ b/connector_deployment/assets/credentials/local/provider/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1ca7", + "participantContextId": "did:web:localhost%3A7093", + "timestamp": 1700659822500, + "issuerId": "did:web:localhost%3A9876", + "holderId": "did:web:localhost%3A7093", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "VC1_0_JWT", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkRhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBOTg3NiIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJsZXZlbCI6InByb2Nlc3NpbmciLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCJ9fSwiaWF0IjoxNzQ4ODQ0OTE5fQ.aeb2uwwwEbaa3236XJhNOpJ_KxUIIefYeheAiw7OPtk_rXjmFOQ_aa7F09kEEgGK1NB3sijfVIEo5E96vMfZCQ", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:localhost%3A7093", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://org.yourdataspace.com/credentials/1265", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:web:localhost%3A9876", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/local/provider/membership-credential.json b/connector_deployment/assets/credentials/local/provider/membership-credential.json new file mode 100644 index 000000000..419beea63 --- /dev/null +++ b/connector_deployment/assets/credentials/local/provider/membership-credential.json @@ -0,0 +1,43 @@ +{ + "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", + "participantContextId": "did:web:localhost%3A7093", + "timestamp": 1700659822500, + "issuerId": "did:web:localhost%3A9876", + "holderId": "did:web:localhost%3A7093", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc0ODg0NDkxOX0.HmC6-GC6GalGL6n8UQ2BNDOAS1qNJ0B6A7gObM_p0psOkZqCvtSQ-gwMTX8qd5gK7eihGuAEiMQ7Z_gCvgKKAw", + "format": "VC1_0_JWT", + "credential": { + "credentialSubject": [ + { + "claims": { + "membership": { + "contact": "fizz.buzz@quizzquazz.com", + "membershipType": "PartialMember", + "since": "2023-01-01T00:00:00Z", + "website": "www.quizzquazz.com" + } + }, + "id": "did:web:localhost%3A7093" + } + ], + "id": "http://org.yourdataspace.com/credentials/1234", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "did:web:localhost%3A9876", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector_deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/connector_deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json new file mode 100644 index 000000000..3152b5f13 --- /dev/null +++ b/connector_deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json @@ -0,0 +1,24 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" + } + ], + "id": "http://org.yourdataspace.com/credentials/2347", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": "did:web:localhost%3A9876", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:localhost%3A7093", + "level": "processing", + "contractVersion": "1.0.0" + } +} \ No newline at end of file diff --git a/connector_deployment/assets/credentials/local/provider/unsigned/membership_vc.json b/connector_deployment/assets/credentials/local/provider/unsigned/membership_vc.json new file mode 100644 index 000000000..a2b9efe35 --- /dev/null +++ b/connector_deployment/assets/credentials/local/provider/unsigned/membership_vc.json @@ -0,0 +1,31 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" + } + ], + "id": "http://org.yourdataspace.com/credentials/1234", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": "did:web:localhost%3A9876", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:localhost%3A7093", + "membership": { + "membershipType": "ProspectMember", + "website": "www.quizzquazz.com", + "contact": "foo.bar@quizzquazz.com", + "since": "2023-01-01T00:00:00Z" + } + } +} \ No newline at end of file diff --git a/connector_deployment/assets/env/consumer_connector.env b/connector_deployment/assets/env/consumer_connector.env new file mode 100644 index 000000000..78c803bf1 --- /dev/null +++ b/connector_deployment/assets/env/consumer_connector.env @@ -0,0 +1,38 @@ +# control plane specific config +edc.iam.issuer.id=did:web:localhost%3A7083 +web.http.port=8080 +web.http.path=/api +web.http.management.port=8081 +web.http.management.path=/api/management/ +web.http.management.auth.type=tokenbased +web.http.management.auth.key=password +web.http.protocol.port=8082 +web.http.protocol.path=/api/dsp +web.http.control.port=8083 +web.http.control.path=/api/control +web.http.catalog.port=8084 +web.http.catalog.path=/api/catalog +web.http.catalog_auth.type=tokenbased +web.http.catalog_auth.key=password +web.http.version.port=8085 +web.http.version.path=/api/version +edc.iam.did.web.use.https=false +edc.iam.sts.privatekey.alias=did:web:localhost%3A7083-alias +edc.iam.sts.publickey.id=did:web:localhost%3A7083#key-1 +edc.dsp.callback.address=http://localhost:8082/api/dsp +edc.participant.id=did:web:localhost%3A7083 +edc.catalog.cache.execution.delay.seconds=5 +edc.catalog.cache.execution.period.seconds=10 +edc.mvd.participants.list.file=deployment/assets/participants/participants.local.json +edc.management.context.enabled=true +edc.iam.sts.oauth.client.secret.alias=did:web:localhost%3A7083-sts-client-secret +edc.iam.sts.oauth.client.id=did:web:localhost%3A7083 +edc.iam.sts.oauth.token.url=http://localhost:7086/api/sts/token + +# dataplane specific config +edc.runtime.id=consumer-embedded-runtime +edc.transfer.proxy.token.verifier.publickey.alias=did:web:localhost%3A7083#key-1 +edc.transfer.proxy.token.signer.privatekey.alias=did:web:localhost%3A7083-alias +edc.dpf.selector.url=http://localhost:8083/api/control/v1/dataplanes +web.http.public.port=11001 +web.http.public.path=/api/public diff --git a/connector_deployment/assets/env/consumer_identityhub.env b/connector_deployment/assets/env/consumer_identityhub.env new file mode 100644 index 000000000..368423112 --- /dev/null +++ b/connector_deployment/assets/env/consumer_identityhub.env @@ -0,0 +1,19 @@ +web.http.port=7080 +web.http.path=/api +web.http.credentials.port=7081 +web.http.credentials.path=/api/credentials +web.http.identity.port=7082 +web.http.identity.path=/api/identity +web.http.did.port=7083 +web.http.did.path=/ +web.http.version.port=7085 +web.http.version.path=/api/version +web.http.sts.port=7086 +web.http.sts.path=/api/sts +edc.iam.did.web.use.https=false +edc.iam.sts.privatekey.alias=key-1 +edc.iam.sts.publickey.id=did:web:localhost%3A7083#key-1 +edc.ih.iam.publickey.path=./deployment/assets/consumer_public.pem +edc.ih.iam.id=did:web:localhost%3A7083 +edc.ih.api.superuser.key=c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo= +edc.mvd.credentials.path=deployment/assets/credentials/local/consumer/ \ No newline at end of file diff --git a/connector_deployment/assets/env/issuerservice.env b/connector_deployment/assets/env/issuerservice.env new file mode 100644 index 000000000..e2aa1130d --- /dev/null +++ b/connector_deployment/assets/env/issuerservice.env @@ -0,0 +1,15 @@ +edc.issuer.statuslist.signing.key.alias=signing-key-alias +web.http.port=10010 +web.http.path=/api +web.http.sts.port=10011 +web.http.sts.path=/api/sts +web.http.issuance.port=10012 +web.http.issuance.path=/api/issuance +web.http.issueradmin.port=10013 +web.http.issueradmin.path=/api/admin +web.http.version.port=10014 +web.http.version.path=/.well-known/api +web.http.identity.port=10015 +web.http.identity.path=/api/identity +edc.iam.did.web.use.https=false +edc.ih.api.superuser.key=c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo= \ No newline at end of file diff --git a/connector_deployment/assets/env/provider_catalogserver.env b/connector_deployment/assets/env/provider_catalogserver.env new file mode 100644 index 000000000..7b9706ee6 --- /dev/null +++ b/connector_deployment/assets/env/provider_catalogserver.env @@ -0,0 +1,20 @@ +edc.iam.issuer.id=did:web:localhost%3A7093 +web.http.port=8090 +web.http.path=/api +web.http.management.port=8091 +web.http.management.path=/api/management +web.http.management.auth.type=tokenbased +web.http.management.auth.key=password +web.http.protocol.port=8092 +web.http.protocol.path=/api/dsp +web.http.control.port=8093 +web.http.control.path=/api/control +edc.iam.did.web.use.https=false +edc.iam.sts.privatekey.alias=did:web:localhost%3A7093-alias +edc.iam.sts.publickey.id=did:web:localhost%3A7093#key-1 +edc.dsp.callback.address=http://localhost:8092/api/dsp +edc.participant.id=did:web:localhost%3A7093 +edc.management.context.enabled=true +edc.iam.sts.oauth.client.secret.alias=did:web:localhost%3A7093-sts-client-secret +edc.iam.sts.oauth.client.id=did:web:localhost%3A7093 +edc.iam.sts.oauth.token.url=http://localhost:7096/api/sts/token \ No newline at end of file diff --git a/connector_deployment/assets/env/provider_connector_manufacturing.env b/connector_deployment/assets/env/provider_connector_manufacturing.env new file mode 100644 index 000000000..e041c8fb0 --- /dev/null +++ b/connector_deployment/assets/env/provider_connector_manufacturing.env @@ -0,0 +1,38 @@ +# control plane specific config +edc.iam.issuer.id=did:web:localhost%3A7093 +web.http.port=8290 +web.http.path=/api +web.http.management.port=8291 +web.http.management.path=/api/management/ +web.http.management.auth.type=tokenbased +web.http.management.auth.key=password +web.http.protocol.port=8292 +web.http.protocol.path=/api/dsp +web.http.control.port=8293 +web.http.control.path=/api/control +web.http.catalog.port=8294 +web.http.catalog.path=/api/catalog +web.http.catalog_auth.type=tokenbased +web.http.catalog_auth.key=password +web.http.version.port=8295 +web.http.version.path=/api/version +edc.iam.did.web.use.https=false +edc.iam.sts.privatekey.alias=did:web:localhost%3A7093-alias +edc.iam.sts.publickey.id=did:web:localhost%3A7093#key-1 +edc.dsp.callback.address=http://localhost:8292/api/dsp +edc.participant.id=did:web:localhost%3A7093 +edc.catalog.cache.execution.delay.seconds=5 +edc.catalog.cache.execution.period.seconds=10 +edc.mvd.participants.list.file=deployment/assets/participants/participants.local.json +edc.management.context.enabled=true +edc.iam.sts.oauth.client.secret.alias=did:web:localhost%3A7093-sts-client-secret +edc.iam.sts.oauth.client.id=did:web:localhost%3A7093 +edc.iam.sts.oauth.token.url=http://localhost:7096/api/sts/token + +# dataplane specific config +edc.runtime.id=provider-manufacturing-embedded-runtime +edc.transfer.proxy.token.verifier.publickey.alias=did:web:localhost%3A7093#key-1 +edc.transfer.proxy.token.signer.privatekey.alias=did:web:localhost%3A7093-alias +edc.dpf.selector.url=http://localhost:8293/api/control/v1/dataplanes +web.http.public.port=12002 +web.http.public.path=/api/public diff --git a/connector_deployment/assets/env/provider_connector_qna.env b/connector_deployment/assets/env/provider_connector_qna.env new file mode 100644 index 000000000..353585982 --- /dev/null +++ b/connector_deployment/assets/env/provider_connector_qna.env @@ -0,0 +1,38 @@ +# control plane specific config +edc.iam.issuer.id=did:web:localhost%3A7093 +web.http.port=8190 +web.http.path=/api +web.http.management.port=8191 +web.http.management.path=/api/management/ +web.http.management.auth.type=tokenbased +web.http.management.auth.key=password +web.http.protocol.port=8192 +web.http.protocol.path=/api/dsp +web.http.control.port=8193 +web.http.control.path=/api/control +web.http.catalog.port=8194 +web.http.catalog.path=/api/catalog +web.http.catalog_auth.type=tokenbased +web.http.catalog_auth.key=password +web.http.version.port=8195 +web.http.version.path=/api/version +edc.iam.did.web.use.https=false +edc.iam.sts.privatekey.alias=did:web:localhost%3A7093-alias +edc.iam.sts.publickey.id=did:web:localhost%3A7093#key-1 +edc.dsp.callback.address=http://localhost:8192/api/dsp +edc.participant.id=did:web:localhost%3A7093 +edc.catalog.cache.execution.delay.seconds=5 +edc.catalog.cache.execution.period.seconds=10 +edc.mvd.participants.list.file=deployment/assets/participants/participants.local.json +edc.management.context.enabled=true +edc.iam.sts.oauth.client.secret.alias=did:web:localhost%3A7093-sts-client-secret +edc.iam.sts.oauth.client.id=did:web:localhost%3A7093 +edc.iam.sts.oauth.token.url=http://localhost:7096/api/sts/token + +# dataplane specific config +edc.runtime.id=provider-qna-embedded-runtime +edc.transfer.proxy.token.verifier.publickey.alias=did:web:localhost%3A7093#key-1 +edc.transfer.proxy.token.signer.privatekey.alias=did:web:localhost%3A7093-alias +edc.dpf.selector.url=http://localhost:8193/api/control/v1/dataplanes +web.http.public.port=12001 +web.http.public.path=/api/public diff --git a/connector_deployment/assets/env/provider_identityhub.env b/connector_deployment/assets/env/provider_identityhub.env new file mode 100644 index 000000000..7f2febbe9 --- /dev/null +++ b/connector_deployment/assets/env/provider_identityhub.env @@ -0,0 +1,19 @@ +web.http.port=7090 +web.http.path=/api +web.http.credentials.port=7091 +web.http.credentials.path=/api/credentials/ +web.http.identity.port=7092 +web.http.identity.path=/api/identity +web.http.did.port=7093 +web.http.did.path=/ +web.http.version.port=7095 +web.http.version.path=/api/version +web.http.sts.port=7096 +web.http.sts.path=/api/sts +edc.iam.did.web.use.https=false +edc.iam.sts.privatekey.alias=key-1 +edc.iam.sts.publickey.id=did:web:localhost%3A7093#key-1 +edc.ih.iam.publickey.path=./deployment/assets/provider_public.pem +edc.ih.iam.id=did:web:localhost%3A7093 +edc.ih.api.superuser.key=c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo= +edc.mvd.credentials.path=deployment/assets/credentials/local/provider/ \ No newline at end of file diff --git a/connector_deployment/assets/issuer/did.docker.json b/connector_deployment/assets/issuer/did.docker.json new file mode 100644 index 000000000..1c819d142 --- /dev/null +++ b/connector_deployment/assets/issuer/did.docker.json @@ -0,0 +1,26 @@ +{ + "service": [], + "verificationMethod": [ + { + "id": "did:web:localhost%3A9876#key-1", + "type": "JsonWebKey2020", + "controller": "did:web:localhost%3A9876", + "publicKeyMultibase": null, + "publicKeyJwk": { + "kty": "OKP", + "crv": "Ed25519", + "x": "Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc" + } + } + ], + "authentication": [ + "key-1" + ], + "id": "did:web:localhost%3A9876", + "@context": [ + "https://www.w3.org/ns/did/v1", + { + "@base": "did:web:localhost%3A9876" + } + ] +} \ No newline at end of file diff --git a/connector_deployment/assets/issuer/did.k8s.json b/connector_deployment/assets/issuer/did.k8s.json new file mode 100644 index 000000000..b6b0d01dc --- /dev/null +++ b/connector_deployment/assets/issuer/did.k8s.json @@ -0,0 +1,26 @@ +{ + "service": [], + "verificationMethod": [ + { + "id": "did:web:dataspace-issuer#key-1", + "type": "JsonWebKey2020", + "controller": "did:web:dataspace-issuer", + "publicKeyMultibase": null, + "publicKeyJwk": { + "kty": "OKP", + "crv": "Ed25519", + "x": "Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc" + } + } + ], + "authentication": [ + "key-1" + ], + "id": "did:web:dataspace-issuer", + "@context": [ + "https://www.w3.org/ns/did/v1", + { + "@base": "did:web:dataspace-issuer" + } + ] +} \ No newline at end of file diff --git a/connector_deployment/assets/issuer/nginx.conf b/connector_deployment/assets/issuer/nginx.conf new file mode 100644 index 000000000..fa45fbed2 --- /dev/null +++ b/connector_deployment/assets/issuer/nginx.conf @@ -0,0 +1,9 @@ +events { worker_connections 1024; } + +http { + server { + listen 80; + root /var/www/; + index index.html; + } + } \ No newline at end of file diff --git a/connector_deployment/assets/issuer_private.pem b/connector_deployment/assets/issuer_private.pem new file mode 100644 index 000000000..8a63542f7 --- /dev/null +++ b/connector_deployment/assets/issuer_private.pem @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +MC4CAQAwBQYDK2VwBCIEID1gMsekH7JN9Q/L2UMCBkAPET10NE0T2BB4c2rRSBzg +-----END PRIVATE KEY----- diff --git a/connector_deployment/assets/issuer_public.pem b/connector_deployment/assets/issuer_public.pem new file mode 100644 index 000000000..51b250241 --- /dev/null +++ b/connector_deployment/assets/issuer_public.pem @@ -0,0 +1,3 @@ +-----BEGIN PUBLIC KEY----- +MCowBQYDK2VwAyEAHsq2QXPbbsU7j6JwXstbpxGSgliI04g/fU3z2nwkuVc= +-----END PUBLIC KEY----- diff --git a/connector_deployment/assets/participants/participants.k8s.json b/connector_deployment/assets/participants/participants.k8s.json new file mode 100644 index 000000000..993eeacee --- /dev/null +++ b/connector_deployment/assets/participants/participants.k8s.json @@ -0,0 +1,4 @@ +{ + "consumer-corp": "did:web:consumer-identityhub%3A7083:consumer", + "provider-corp": "did:web:provider-identityhub%3A7083:provider" +} \ No newline at end of file diff --git a/connector_deployment/assets/participants/participants.local.json b/connector_deployment/assets/participants/participants.local.json new file mode 100644 index 000000000..ae3849cf4 --- /dev/null +++ b/connector_deployment/assets/participants/participants.local.json @@ -0,0 +1,4 @@ +{ + "consumer-corp": "did:web:localhost%3A7083", + "provider-corp": "did:web:localhost%3A7093" +} \ No newline at end of file diff --git a/connector_deployment/assets/provider_private.pem b/connector_deployment/assets/provider_private.pem new file mode 100644 index 000000000..81c28bac2 --- /dev/null +++ b/connector_deployment/assets/provider_private.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIARDUGJgKy1yzxkueIJ1k3MPUWQ/tbQWQNqW6TjyHpdcoAoGCCqGSM49 +AwEHoUQDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5roYnkAXuqCYfNK3ex+hMWFuiX +GUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END EC PRIVATE KEY----- \ No newline at end of file diff --git a/connector_deployment/assets/provider_public.pem b/connector_deployment/assets/provider_public.pem new file mode 100644 index 000000000..977a19576 --- /dev/null +++ b/connector_deployment/assets/provider_public.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1l0Lof0a1yBc8KXhesAnoBvxZw5r +oYnkAXuqCYfNK3ex+hMWFuiXGUxHlzShAehR6wvwzV23bbC0tcFcVgW//A== +-----END PUBLIC KEY----- \ No newline at end of file diff --git a/connector_deployment/connector.tf b/connector_deployment/connector.tf new file mode 100644 index 000000000..3018ec8f9 --- /dev/null +++ b/connector_deployment/connector.tf @@ -0,0 +1,63 @@ +# +# Copyright (c) 2024 Metaform Systems, Inc. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Metaform Systems, Inc. - initial API and implementation +# + +# This file deploys all the components needed for the consumer side of the scenario, +# i.e. the connector, an identityhub and a vault. + +# +resource "kubernetes_namespace" "ns_participant" { + metadata { + name = var.participant + } +} + +# connector +module "participant-connector" { + source = "./modules/connector" + humanReadableName = var.participant + participantId = local.participant-did + database = { + user = var.participant + password = module.participant_password.random_value + url = local.database_url + } + vault-url = local.vault_url + namespace = kubernetes_namespace.ns_participant.metadata.0.name + sts-token-url = "${module.participant-identityhub.sts-token-url}/token" + useSVE = var.useSVE +} + +# consumer identity hub +module "participant-identityhub" { + depends_on = [module.consumer-vault] + source = "./modules/identity-hub" + credentials-dir = dirname("./assets/credentials/k8s/consumer/") # To~Do + humanReadableName = "${var.participant}-identityhub" + participantId = local.participant-did + vault-url = local.vault_url + service-name = var.participant + database = { + user = var.participant + password = module.participant_password.random_value + url = local.database_url + } + namespace = kubernetes_namespace.ns_participant.metadata.0.name + useSVE = var.useSVE +} + +# participant vault +module "participant-vault" { + source = "./modules/vault" + humanReadableName = "${var.participant}-vault" + namespace = kubernetes_namespace.ns_participant.metadata.0.name +} diff --git a/connector_deployment/database.tf b/connector_deployment/database.tf new file mode 100644 index 000000000..ef989439f --- /dev/null +++ b/connector_deployment/database.tf @@ -0,0 +1,38 @@ +module "participant_password" { + source = "../random_string_generator" + override_special = "!#$%&()-_=+[]{}<>?" +} + +provider "postgresql" { + host = var.postgres_endpoint + port = var.postgres_port + database = "participants" + username = "dbadmin" + password = var.postgres_admin_password + sslmode = "require" + connect_timeout = 15 + superuser = false +} + +resource "postgresql_role" "participant_user" { + name = var.participant + login = true + password = module.participant_password.random_value +} + +resource "postgresql_database" "participant_database" { + name = var.participant + owner = postgresql_role.participant_user.name + lc_collate = "en_US.UTF-8" + lc_ctype = "en_US.UTF-8" + template = "template0" + allow_connections = true +} + +resource "postgresql_grant" "participant_privs" { + database = postgresql_database.participant_database.name + role = postgresql_role.participant_user.name + schema = "public" + object_type = "database" + privileges = ["ALL"] +} diff --git a/connector_deployment/kms.tf b/connector_deployment/kms.tf new file mode 100644 index 000000000..c58649627 --- /dev/null +++ b/connector_deployment/kms.tf @@ -0,0 +1,7 @@ +module "kms" { + source = "./modules/kms" + environment = var.environment + project = "kordat" + alias = "${var.participant}-key" + role = "kms" +} \ No newline at end of file diff --git a/connector_deployment/locals.tf b/connector_deployment/locals.tf new file mode 100644 index 000000000..d74ad2a36 --- /dev/null +++ b/connector_deployment/locals.tf @@ -0,0 +1,5 @@ +locals { + participant-did = "did:web:${var.participant}-identityhub%3A7083:${var.participant}" + database_url = "jdbc:postgresql://${var.postgres_endpoint}:${var.postgres_port}/${var.participant}" + vault_url = "http://${var.participant}-vault:8200" +} \ No newline at end of file diff --git a/connector_deployment/modules/connector/controlplane.tf b/connector_deployment/modules/connector/controlplane.tf new file mode 100644 index 000000000..68ed49597 --- /dev/null +++ b/connector_deployment/modules/connector/controlplane.tf @@ -0,0 +1,185 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +resource "kubernetes_deployment" "controlplane" { + metadata { + name = "${lower(var.humanReadableName)}-controlplane" + namespace = var.namespace + labels = { + App = "${lower(var.humanReadableName)}-controlplane" + } + } + + spec { + replicas = 1 + selector { + match_labels = { + App = "${lower(var.humanReadableName)}-controlplane" + } + } + + template { + metadata { + labels = { + App = "${lower(var.humanReadableName)}-controlplane" + } + } + + spec { + container { + name = "connector-${lower(var.humanReadableName)}" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:latest" + image_pull_policy = "IfNotPresent" + + env_from { + config_map_ref { + name = kubernetes_config_map.connector-config.metadata[0].name + } + } + + port { + container_port = var.ports.management + name = "management-port" + } + port { + container_port = var.ports.web + name = "default-port" + } + port { + container_port = var.ports.debug + name = "debug-port" + } + + liveness_probe { + http_get { + path = "/api/check/liveness" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + readiness_probe { + http_get { + path = "/api/check/readiness" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + startup_probe { + http_get { + path = "/api/check/startup" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + volume_mount { + mount_path = "/etc/registry" + name = "registry-volume" + } + + volume_mount { + mount_path = "/etc/participants" + name = "participants-volume" + } + } + + volume { + name = "registry-volume" + config_map { + name = kubernetes_config_map.connector-config.metadata[0].name + } + } + + volume { + name = "participants-volume" + config_map { + name = kubernetes_config_map.participants-map.metadata[0].name + } + } + } + } + } +} + +resource "kubernetes_config_map" "participants-map" { + metadata { + name = "${var.humanReadableName}-participants" + namespace = var.namespace + } + + data = { + "participants.json" = file(var.participant-list-file) + } + +} + +resource "kubernetes_config_map" "connector-config" { + metadata { + name = "${lower(var.humanReadableName)}-controlplane-config" + namespace = var.namespace + } + + ## Create databases for keycloak and MIW, create users and assign privileges + data = { + EDC_PARTICIPANT_ID = var.participantId + EDC_IAM_ISSUER_ID = var.participantId + EDC_IAM_DID_WEB_USE_HTTPS = false + WEB_HTTP_PORT = var.ports.web + WEB_HTTP_PATH = "/api" + WEB_HTTP_MANAGEMENT_PORT = var.ports.management + WEB_HTTP_MANAGEMENT_PATH = "/api/management" + WEB_HTTP_MANAGEMENT_AUTH_TYPE = "tokenbased" + WEB_HTTP_MANAGEMENT_AUTH_KEY = "password" + WEB_HTTP_CONTROL_PORT = var.ports.control + WEB_HTTP_CONTROL_PATH = "/api/control" + WEB_HTTP_PROTOCOL_PORT = var.ports.protocol + WEB_HTTP_PROTOCOL_PATH = "/api/dsp" + WEB_HTTP_CATALOG_PORT = var.ports.catalog + WEB_HTTP_CATALOG_PATH = "/api/catalog" + WEB_HTTP_CATALOG_AUTH_TYPE = "tokenbased" + WEB_HTTP_CATALOG_AUTH_KEY = "password" + EDC_DSP_CALLBACK_ADDRESS = "http://${local.controlplane-service-name}:${var.ports.protocol}/api/dsp" + EDC_IAM_STS_PRIVATEKEY_ALIAS = "${var.participantId}#${var.aliases.sts-private-key}" + EDC_IAM_STS_PUBLICKEY_ID = "${var.participantId}#${var.aliases.sts-public-key-id}" + JAVA_TOOL_OPTIONS = "${var.useSVE ? "-XX:UseSVE=0 " : ""}-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${var.ports.debug}" + EDC_IH_AUDIENCE_REGISTRY_PATH = "/etc/registry/registry.json" + EDC_VAULT_HASHICORP_URL = var.vault-url + EDC_VAULT_HASHICORP_TOKEN = var.vault-token + EDC_MVD_PARTICIPANTS_LIST_FILE = "/etc/participants/participants.json" + EDC_CATALOG_CACHE_EXECUTION_DELAY_SECONDS = 10 + EDC_CATALOG_CACHE_EXECUTION_PERIOD_SECONDS = 10 + EDC_DATASOURCE_DEFAULT_URL = var.database.url + EDC_DATASOURCE_DEFAULT_USER = var.database.user + EDC_DATASOURCE_DEFAULT_PASSWORD = var.database.password + EDC_SQL_SCHEMA_AUTOCREATE = true + + # remote STS configuration + EDC_IAM_STS_OAUTH_TOKEN_URL = var.sts-token-url + EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + } +} diff --git a/connector_deployment/modules/connector/dataplane.tf b/connector_deployment/modules/connector/dataplane.tf new file mode 100644 index 000000000..cfeadabd2 --- /dev/null +++ b/connector_deployment/modules/connector/dataplane.tf @@ -0,0 +1,137 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +resource "kubernetes_deployment" "dataplane" { + # needs a hard dependency, otherwise the dataplane registration fails, and it is not retried + depends_on = [kubernetes_deployment.controlplane] + metadata { + name = "${lower(var.humanReadableName)}-dataplane" + namespace = var.namespace + labels = { + App = "${lower(var.humanReadableName)}-dataplane" + } + } + + spec { + replicas = 1 + selector { + match_labels = { + App = "${lower(var.humanReadableName)}-dataplane" + } + } + + template { + metadata { + labels = { + App = "${lower(var.humanReadableName)}-dataplane" + } + } + + spec { + container { + name = "dataplane-${lower(var.humanReadableName)}" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:latest" + image_pull_policy = "IfNotPresent" + + env_from { + config_map_ref { + name = kubernetes_config_map.dataplane-config.metadata[0].name + } + } + + port { + container_port = var.ports.public + name = "public-port" + } + + port { + container_port = var.ports.debug + name = "debug-port" + } + + liveness_probe { + http_get { + path = "/api/check/liveness" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + readiness_probe { + http_get { + path = "/api/check/readiness" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + startup_probe { + http_get { + path = "/api/check/startup" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + } + } + } + } +} + +resource "kubernetes_config_map" "dataplane-config" { + metadata { + name = "${lower(var.humanReadableName)}-dataplane-config" + namespace = var.namespace + } + + ## Create databases for keycloak and MIW, create users and assign privileges + data = { + # hostname is "localhost" by default, but must be the service name at which the dataplane is reachable. URL scheme and port are appended by the application + EDC_HOSTNAME = local.dataplane-service-name + EDC_RUNTIME_ID = "${var.humanReadableName}-dataplane" + EDC_PARTICIPANT_ID = var.participantId + EDC_TRANSFER_PROXY_TOKEN_VERIFIER_PUBLICKEY_ALIAS = "${var.participantId}#${var.aliases.sts-public-key-id}" + EDC_TRANSFER_PROXY_TOKEN_SIGNER_PRIVATEKEY_ALIAS = "${var.participantId}#${var.aliases.sts-private-key}" + EDC_DPF_SELECTOR_URL = "http://${local.controlplane-service-name}:${var.ports.control}/api/control/v1/dataplanes" + WEB_HTTP_PORT = var.ports.web + WEB_HTTP_PATH = "/api" + WEB_HTTP_CONTROL_PORT = var.ports.control + WEB_HTTP_CONTROL_PATH = "/api/control" + WEB_HTTP_PUBLIC_PORT = var.ports.public + WEB_HTTP_PUBLIC_PATH = "/api/public" + EDC_VAULT_HASHICORP_URL = var.vault-url + EDC_VAULT_HASHICORP_TOKEN = var.vault-token + JAVA_TOOL_OPTIONS = "${var.useSVE ? "-XX:UseSVE=0 " : ""}-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${var.ports.debug}" + EDC_DATASOURCE_DEFAULT_URL = var.database.url + EDC_DATASOURCE_DEFAULT_USER = var.database.user + EDC_DATASOURCE_DEFAULT_PASSWORD = var.database.password + EDC_SQL_SCHEMA_AUTOCREATE = true + + # remote STS configuration + EDC_IAM_STS_OAUTH_TOKEN_URL = var.sts-token-url + EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + } +} diff --git a/connector_deployment/modules/connector/ingress.tf b/connector_deployment/modules/connector/ingress.tf new file mode 100644 index 000000000..8c4b5d3af --- /dev/null +++ b/connector_deployment/modules/connector/ingress.tf @@ -0,0 +1,99 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +resource "kubernetes_ingress_v1" "api-ingress" { + metadata { + name = "${var.humanReadableName}-ingress" + namespace = var.namespace + annotations = { + "nginx.ingress.kubernetes.io/rewrite-target" = "/$2" + "nginx.ingress.kubernetes.io/use-regex" = "true" + } + } + spec { + ingress_class_name = "nginx" + rule { + http { + path { + path = "/${var.humanReadableName}/health(/|$)(.*)" + backend { + service { + name = kubernetes_service.controlplane-service.metadata.0.name + port { + number = var.ports.web + } + } + } + } + + path { + path = "/${var.humanReadableName}/cp(/|$)(.*)" + backend { + service { + name = kubernetes_service.controlplane-service.metadata.0.name + port { + number = var.ports.management + } + } + } + } + + path { + path = "/${var.humanReadableName}/public(/|$)(.*)" + backend { + service { + name = kubernetes_service.dataplane-service.metadata.0.name + port { + number = var.ports.public + } + } + } + } + + path { + path = "/${var.humanReadableName}/fc(/|$)(.*)" + backend { + service { + name = kubernetes_service.controlplane-service.metadata.0.name + port { + number = var.ports.catalog + } + } + } + } + + path { + path = "/${var.humanReadableName}/vault(/|$)(.*)" + backend { + service { + name = "${var.humanReadableName}-vault" + port { + number = 8200 + } + } + } + } + } + } + } +} + +locals { + data-plane-service = "${var.humanReadableName}-dataplane" +} diff --git a/connector_deployment/modules/connector/outputs.tf b/connector_deployment/modules/connector/outputs.tf new file mode 100644 index 000000000..81a5e9c54 --- /dev/null +++ b/connector_deployment/modules/connector/outputs.tf @@ -0,0 +1,38 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +output "connector-node-ip" { + value = kubernetes_service.controlplane-service.spec.0.cluster_ip +} + + +output "database-name" { + value = var.database +} + +output "ports" { + value = var.ports +} + +output "audience-mapping" { + value = { + # dspAudience = "http://${local.connector-cluster-ip}:${var.ports.protocol}/api/dsp" + dcpAudience = var.participantId + } +} diff --git a/connector_deployment/modules/connector/services.tf b/connector_deployment/modules/connector/services.tf new file mode 100644 index 000000000..972e1cd2d --- /dev/null +++ b/connector_deployment/modules/connector/services.tf @@ -0,0 +1,76 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +resource "kubernetes_service" "controlplane-service" { + metadata { + name = local.controlplane-service-name + namespace = var.namespace + } + spec { + type = "NodePort" + selector = { + App = kubernetes_deployment.controlplane.spec.0.template.0.metadata[0].labels.App + } + port { + name = "health" + port = var.ports.web + } + port { + name = "management" + port = var.ports.management + } + port { + name = "catalog" + port = var.ports.catalog + } + port { + name = "protocol" + port = var.ports.protocol + } + port { + name = "debug" + port = var.ports.debug + } + port { + name = "control" + port = var.ports.control + } + } +} + +resource "kubernetes_service" "dataplane-service" { + metadata { + name = local.dataplane-service-name + namespace = var.namespace + } + spec { + type = "NodePort" + selector = { + App = kubernetes_deployment.dataplane.spec.0.template.0.metadata[0].labels.App + } + port { + name = "control" + port = var.ports.control + } + port { + name = "public" + port = var.ports.public + } + } +} \ No newline at end of file diff --git a/connector_deployment/modules/connector/variables.tf b/connector_deployment/modules/connector/variables.tf new file mode 100644 index 000000000..5c3c95f23 --- /dev/null +++ b/connector_deployment/modules/connector/variables.tf @@ -0,0 +1,115 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +## Normally, you shouldn't need to change any values here. If you do, please be sure to also change them in the seed script (seed-k8s.sh). +## Neglecting to do that will render the connectors and identity hubs inoperable! + + +variable "image-pull-policy" { + default = "Always" + type = string + description = "Kubernetes ImagePullPolicy for all images" +} + +variable "humanReadableName" { + type = string + description = "Human readable name of the connector, NOT the BPN!!. Required." +} + +variable "participantId" { + type = string + description = "DID:WEB identifier of the participant, will be used as runtime participantId" +} + +variable "namespace" { + type = string +} + +variable "ports" { + type = object({ + web = number + management = number + protocol = number + control = number + catalog = number + debug = number + public = number + }) + default = { + web = 8080 + management = 8081 + protocol = 8082 + control = 8083 + catalog = 8084 + debug = 1044 + public = 11002 + } +} + +variable "database" { + type = object({ + url = string + user = string + password = string + }) +} + +variable "participant-list-file" { + type = string + default = "./assets/participants/participants.k8s.json" +} + +variable "vault-token" { + default = "root" + description = "This is the authentication token for the vault. DO NOT USE THIS IN PRODUCTION!" + type = string +} + +variable "vault-url" { + description = "URL of the Hashicorp Vault" + type = string +} + +variable "sts-token-url" { + description = "Full URL of the STS token endpoint" + type = string +} + +variable "aliases" { + type = object({ + sts-private-key = string + sts-public-key-id = string + }) + default = { + sts-private-key = "key-1" + sts-public-key-id = "key-1" + } +} + +variable "useSVE" { + type = bool + description = "If true, the -XX:UseSVE=0 switch (Scalable Vector Extensions) will be appended to the JAVA_TOOL_OPTIONS. Can help on macOs on Apple Silicon processors" + default = false +} + +locals { + name = lower(var.humanReadableName) + controlplane-service-name = "${var.humanReadableName}-controlplane" + dataplane-service-name = "${var.humanReadableName}-dataplane" +} diff --git a/connector_deployment/modules/identity-hub/ingress.tf b/connector_deployment/modules/identity-hub/ingress.tf new file mode 100644 index 000000000..dfacfac2d --- /dev/null +++ b/connector_deployment/modules/identity-hub/ingress.tf @@ -0,0 +1,81 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +resource "kubernetes_ingress_v1" "api-ingress" { + metadata { + name = "${var.humanReadableName}-ingress" + namespace = var.namespace + annotations = { + "nginx.ingress.kubernetes.io/rewrite-target" = "/$2" + "nginx.ingress.kubernetes.io/use-regex" = "true" + } + } + spec { + ingress_class_name = "nginx" + rule { + http { + + path { + path = "/${var.service-name}/cs(/|$)(.*)" + backend { + service { + name = kubernetes_service.ih-service.metadata.0.name + port { + number = var.ports.ih-identity-api + } + } + } + } + } + } + } +} + +// the DID endpoint can not actually modify the URL, otherwise it'll mess up the DID resolution +resource "kubernetes_ingress_v1" "did-ingress" { + metadata { + name = "${var.service-name}-did-ingress" + namespace = var.namespace + annotations = { + "nginx.ingress.kubernetes.io/rewrite-target" = "/${var.service-name}/$2" + } + } + + spec { + ingress_class_name = "nginx" + rule { + http { + + + # ingress routes for the DID endpoint + path { + path = "/${var.service-name}(/|&)(.*)" + backend { + service { + name = kubernetes_service.ih-service.metadata.0.name + port { + number = var.ports.ih-did + } + } + } + } + } + } + } +} \ No newline at end of file diff --git a/connector_deployment/modules/identity-hub/main.tf b/connector_deployment/modules/identity-hub/main.tf new file mode 100644 index 000000000..d909d3300 --- /dev/null +++ b/connector_deployment/modules/identity-hub/main.tf @@ -0,0 +1,171 @@ +# +# Copyright (c) 2024 Metaform Systems, Inc. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Metaform Systems, Inc. - initial API and implementation +# + +resource "kubernetes_deployment" "identityhub" { + metadata { + name = lower(var.humanReadableName) + namespace = var.namespace + labels = { + App = lower(var.humanReadableName) + } + } + + spec { + replicas = 1 + selector { + match_labels = { + App = lower(var.humanReadableName) + } + } + + template { + metadata { + labels = { + App = lower(var.humanReadableName) + } + } + + spec { + container { + image_pull_policy = "IfNotPresent" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:latest" + name = "identity-hub" + + env_from { + config_map_ref { + name = kubernetes_config_map.identityhub-config.metadata[0].name + } + } + port { + container_port = var.ports.credentials-api + name = "creds-port" + } + + port { + container_port = var.ports.ih-debug + name = "debug" + } + port { + container_port = var.ports.ih-identity-api + name = "identity" + } + port { + container_port = var.ports.ih-did + name = "did" + } + port { + container_port = var.ports.web + name = "default-port" + } + + volume_mount { + mount_path = "/etc/credentials" + name = "credentials-volume" + } + + liveness_probe { + http_get { + path = "/api/check/liveness" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + readiness_probe { + http_get { + path = "/api/check/readiness" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + + startup_probe { + http_get { + path = "/api/check/startup" + port = var.ports.web + } + failure_threshold = 10 + period_seconds = 5 + timeout_seconds = 30 + } + } + + volume { + name = "credentials-volume" + config_map { + name = kubernetes_config_map.identityhub-credentials-map.metadata[0].name + } + } + } + + } + } +} + + +resource "kubernetes_config_map" "identityhub-credentials-map" { + metadata { + name = "${lower(var.humanReadableName)}-credentials" + namespace = var.namespace + } + + data = { + for f in fileset(var.credentials-dir, "*-credential.json") : f => file(join("/", [var.credentials-dir, f])) + } +} + +resource "kubernetes_config_map" "identityhub-config" { + metadata { + name = "${lower(var.humanReadableName)}-ih-config" + namespace = var.namespace + } + + data = { + # IdentityHub variables + EDC_IH_IAM_ID = var.participantId + EDC_IAM_DID_WEB_USE_HTTPS = false + EDC_IH_IAM_PUBLICKEY_ALIAS = local.public-key-alias + EDC_IH_API_SUPERUSER_KEY = var.ih_superuser_apikey + WEB_HTTP_PORT = var.ports.web + WEB_HTTP_PATH = "/api" + WEB_HTTP_IDENTITY_PORT = var.ports.ih-identity-api + WEB_HTTP_IDENTITY_PATH = "/api/identity" + WEB_HTTP_IDENTITY_AUTH_KEY = "password" + WEB_HTTP_CREDENTIALS_PORT = var.ports.credentials-api + WEB_HTTP_CREDENTIALS_PATH = "/api/credentials" + WEB_HTTP_DID_PORT = var.ports.ih-did + WEB_HTTP_DID_PATH = "/" + WEB_HTTP_STS_PORT = var.ports.sts-api + WEB_HTTP_STS_PATH = var.sts-token-path + JAVA_TOOL_OPTIONS = "${var.useSVE ? "-XX:UseSVE=0 " : ""}-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${var.ports.debug}" + EDC_IAM_STS_PRIVATEKEY_ALIAS = var.aliases.sts-private-key + EDC_IAM_STS_PUBLICKEY_ID = var.aliases.sts-public-key-id + EDC_MVD_CREDENTIALS_PATH = "/etc/credentials/" + EDC_VAULT_HASHICORP_URL = var.vault-url + EDC_VAULT_HASHICORP_TOKEN = var.vault-token + EDC_DATASOURCE_DEFAULT_URL = var.database.url + EDC_DATASOURCE_DEFAULT_USER = var.database.user + EDC_DATASOURCE_DEFAULT_PASSWORD = var.database.password + EDC_SQL_SCHEMA_AUTOCREATE = true + EDC_IAM_ACCESSTOKEN_JTI_VALIDATION = true + + } +} + +locals { + public-key-alias = "${var.humanReadableName}-publickey" +} \ No newline at end of file diff --git a/connector_deployment/modules/identity-hub/outputs.tf b/connector_deployment/modules/identity-hub/outputs.tf new file mode 100644 index 000000000..007553071 --- /dev/null +++ b/connector_deployment/modules/identity-hub/outputs.tf @@ -0,0 +1,42 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +output "identity-hub-node-ip" { + value = kubernetes_service.ih-service.spec.0.cluster_ip +} + + +output "ports" { + value = var.ports +} + +output "ih-superuser-apikey" { + value = var.ih_superuser_apikey +} + +output "credentials" { + value = { + path = var.credentials-dir + content = fileset(var.credentials-dir, "*-credential.json") + } +} + +output "sts-token-url" { + value = "http://${kubernetes_service.ih-service.metadata.0.name}:${var.ports.sts-api}${var.sts-token-path}" +} \ No newline at end of file diff --git a/connector_deployment/modules/identity-hub/services.tf b/connector_deployment/modules/identity-hub/services.tf new file mode 100644 index 000000000..65b503930 --- /dev/null +++ b/connector_deployment/modules/identity-hub/services.tf @@ -0,0 +1,46 @@ +# +# Copyright (c) 2024 Metaform Systems, Inc. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Metaform Systems, Inc. - initial API and implementation +# + +resource "kubernetes_service" "ih-service" { + metadata { + name = var.humanReadableName + namespace = var.namespace + } + spec { + type = "NodePort" + selector = { + App = kubernetes_deployment.identityhub.spec.0.template.0.metadata[0].labels.App + } + # we need a stable IP, otherwise there will be a cycle with the issuer + port { + name = "credentials" + port = var.ports.credentials-api + } + port { + name = "debug" + port = var.ports.ih-debug + } + port { + name = "management" + port = var.ports.ih-identity-api + } + port { + name = "did" + port = var.ports.ih-did + } + port { + name = "sts" + port = var.ports.sts-api + } + } +} \ No newline at end of file diff --git a/connector_deployment/modules/identity-hub/variables.tf b/connector_deployment/modules/identity-hub/variables.tf new file mode 100644 index 000000000..c8e0f0d65 --- /dev/null +++ b/connector_deployment/modules/identity-hub/variables.tf @@ -0,0 +1,115 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +## Normally, you shouldn't need to change any values here. If you do, please be sure to also change them in the seed script (seed-k8s.sh). +## Neglecting to do that will render the connectors and identity hubs inoperable! + + +variable "humanReadableName" { + type = string + description = "Human readable name of the connector, NOT the ID!!. Required." +} + +variable "participantId" { + type = string + description = "Participant ID of the connector. Usually a DID" +} + +variable "namespace" { + type = string +} + +variable "ports" { + type = object({ + web = number + debug = number + ih-debug = number + ih-did = number + ih-identity-api = number + credentials-api = number + sts-api = number + }) + default = { + web = 7080 + debug = 1044 + ih-debug = 1044 + ih-did = 7083 + ih-identity-api = 7081 + credentials-api = 7082 + sts-api = 7084 + } +} + +variable "credentials-dir" { + type = string + description = "JSON object containing the credentials to seed, sorted by human-readable participant name" +} + +variable "ih_superuser_apikey" { + default = "c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo=" + description = "Management API Key for the Super-User. Defaults to 'base64(super-user).base64(super-secret-key)" + type = string +} + +variable "vault-url" { + description = "URL of the Hashicorp Vault" + type = string +} + +variable "vault-token" { + default = "root" + description = "This is the authentication token for the vault. DO NOT USE THIS IN PRODUCTION!" + type = string +} + +variable "aliases" { + type = object({ + sts-private-key = string + sts-public-key-id = string + }) + default = { + sts-private-key = "key-1" + sts-public-key-id = "key-1" + } +} + +variable "service-name" { + type = string + description = "Name of the Service endpoint" +} + +variable "database" { + type = object({ + url = string + user = string + password = string + }) +} + +variable "useSVE" { + type = bool + description = "If true, the -XX:UseSVE=0 switch (Scalable Vector Extensions) will be appended to the JAVA_TOOL_OPTIONS. Can help on macOs on Apple Silicon processors" + default = false +} + +variable "sts-token-path" { + description = "path suffix of the STS token API" + type = string + default = "/api/sts" +} \ No newline at end of file diff --git a/connector_deployment/modules/kms/README.md b/connector_deployment/modules/kms/README.md new file mode 100644 index 000000000..b2bca74e4 --- /dev/null +++ b/connector_deployment/modules/kms/README.md @@ -0,0 +1,44 @@ +# kms + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_kms_alias.master_key_alias](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_alias) | resource | +| [aws_kms_key.master_key](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key) | resource | +| [aws_kms_key_policy.master_key_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_key_policy) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [alias](#input\_alias) | KMS alias | `string` | `""` | no | +| [environment](#input\_environment) | Environment (dev\|pre\|pro) | `string` | n/a | yes | +| [policy](#input\_policy) | KMS policy | `string` | `""` | no | +| [project](#input\_project) | Project | `string` | n/a | yes | +| [role](#input\_role) | Role into the product | `string` | `"kms"` | no | +| [tags](#input\_tags) | Tags to use | `map(any)` | `{}` | no | +| [tenant](#input\_tenant) | Tenant name | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [key\_arn](#output\_key\_arn) | n/a | +| [key\_id](#output\_key\_id) | n/a | + diff --git a/connector_deployment/modules/kms/input.tf b/connector_deployment/modules/kms/input.tf new file mode 100644 index 000000000..bb803a13a --- /dev/null +++ b/connector_deployment/modules/kms/input.tf @@ -0,0 +1,31 @@ +# Common variables +variable "environment" { + type = string + description = "Environment (dev|pre|pro)" +} +variable "role" { + type = string + description = "Role into the product" + default = "kms" +} +variable "project" { + type = string + description = "Project" +} +variable "tags" { + type = map(any) + description = "Tags to use" + default = {} +} + +# Config vars +variable "policy" { + type = string + description = "KMS policy" + default = "" +} +variable "alias" { + type = string + description = "KMS alias" + default = "" +} \ No newline at end of file diff --git a/connector_deployment/modules/kms/kms.tf b/connector_deployment/modules/kms/kms.tf new file mode 100644 index 000000000..573fdb721 --- /dev/null +++ b/connector_deployment/modules/kms/kms.tf @@ -0,0 +1,22 @@ +# Create and name kms key +resource "aws_kms_key" "master_key" { + deletion_window_in_days = 15 + + tags = merge(var.tags, { + Name = var.alias + Entorno = title(var.environment) + Rol = var.role + Proyecto = length(var.project) == 3 ? upper(var.project) : title(var.project) + }) +} + +resource "aws_kms_alias" "master_key_alias" { + name = "alias/${var.alias}" + target_key_id = aws_kms_key.master_key.key_id +} + +resource "aws_kms_key_policy" "master_key_policy" { + count = length(var.policy) != 0 ? 1 : 0 + key_id = aws_kms_key.master_key.id + policy = var.policy +} \ No newline at end of file diff --git a/connector_deployment/modules/kms/output.tf b/connector_deployment/modules/kms/output.tf new file mode 100644 index 000000000..be942d02f --- /dev/null +++ b/connector_deployment/modules/kms/output.tf @@ -0,0 +1,6 @@ +output "key_id" { + value = aws_kms_key.master_key.key_id +} +output "key_arn" { + value = aws_kms_key.master_key.arn +} \ No newline at end of file diff --git a/connector_deployment/modules/random_string_generator/README.md b/connector_deployment/modules/random_string_generator/README.md new file mode 100644 index 000000000..ffcd2d8f2 --- /dev/null +++ b/connector_deployment/modules/random_string_generator/README.md @@ -0,0 +1,54 @@ +# Random Strin Generator Module + +This module generates a random string. + +## How to use +Include this code in your `main.tf`: + +``` +module "string" { + source = "./modules/random_string_generator" + length = "16" + spacial = true + override_special = "!#$%&*()-_=+[]{}<>:?" +} +``` + +## Requirements + +## Outputs + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [random](#provider\_random) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [random_password.random_string_generator](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [length](#input\_length) | Length of the random string | `string` | `"16"` | no | +| [override\_special](#input\_override\_special) | n/a | `string` | `"!#$%&*()-_=+[]{}<>:?"` | no | +| [special](#input\_special) | n/a | `bool` | `true` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [random\_value](#output\_random\_value) | n/a | + diff --git a/connector_deployment/modules/random_string_generator/input.tf b/connector_deployment/modules/random_string_generator/input.tf new file mode 100644 index 000000000..d0d05dfdb --- /dev/null +++ b/connector_deployment/modules/random_string_generator/input.tf @@ -0,0 +1,16 @@ +# Secret config +variable "length" { + type = string + description = "Length of the random string" + default = "16" +} +variable "special" { + type = bool + description = "" + default = true +} +variable "override_special" { + type = string + description = "" + default = "!#$%&*()-_=+[]{}<>:?" +} \ No newline at end of file diff --git a/connector_deployment/modules/random_string_generator/output.tf b/connector_deployment/modules/random_string_generator/output.tf new file mode 100644 index 000000000..1b65301dc --- /dev/null +++ b/connector_deployment/modules/random_string_generator/output.tf @@ -0,0 +1,4 @@ +output "random_value" { + value = random_password.random_string_generator.result + sensitive = true +} \ No newline at end of file diff --git a/connector_deployment/modules/random_string_generator/random_string_generator.tf b/connector_deployment/modules/random_string_generator/random_string_generator.tf new file mode 100644 index 000000000..745c557ea --- /dev/null +++ b/connector_deployment/modules/random_string_generator/random_string_generator.tf @@ -0,0 +1,5 @@ +resource "random_password" "random_string_generator" { + length = var.length + special = var.special + override_special = var.override_special +} diff --git a/connector_deployment/modules/s3_bucket/README.md b/connector_deployment/modules/s3_bucket/README.md new file mode 100644 index 000000000..16838d3b0 --- /dev/null +++ b/connector_deployment/modules/s3_bucket/README.md @@ -0,0 +1,79 @@ +# S3 Bucket Module + +Creates a S3 bucket and configure the acl, versioning, encryption and objects ownership. + +## How to use +Include this code in your `main.tf`: + +``` +module "example_bucket" { + source = "./modules/s3_bucket" + project = var.project + environment = var.environment + role = "Descriptive functionality" + bucket_name = "The name of the bucket" + object_ownership = "ObjectWriter" + object_expiration = 90 # Days + acl = "private" + versioning = "Enabled" + encryption = true +} +``` + +## Outputs +The name and arn of the new s3 bucket created +``` +module.example_bucket.bucket_name +module.example_bucket.bucket_arn +``` + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_s3_bucket.bucket](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket) | resource | +| [aws_s3_bucket_acl.bucket_acl](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_acl) | resource | +| [aws_s3_bucket_cors_configuration.cors_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_cors_configuration) | resource | +| [aws_s3_bucket_lifecycle_configuration.lifecycle_configuration](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_lifecycle_configuration) | resource | +| [aws_s3_bucket_ownership_controls.bucket_ownership](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_ownership_controls) | resource | +| [aws_s3_bucket_server_side_encryption_configuration.bucket_encryption](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_server_side_encryption_configuration) | resource | +| [aws_s3_bucket_versioning.bucket_versioning](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/s3_bucket_versioning) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [acl](#input\_acl) | Bucket Acl | `string` | `"private"` | no | +| [application](#input\_application) | Role into the product | `string` | n/a | yes | +| [bucket\_name](#input\_bucket\_name) | Bucket Name | `string` | n/a | yes | +| [cors](#input\_cors) | CORS configuration | 
object({
    apply           = bool
    allowed_headers = list(string)
    allowed_methods = list(string)
    allowed_origins = list(string)
    expose_headers  = list(string)
  })
| 
{
  "allowed_headers": [],
  "allowed_methods": [],
  "allowed_origins": [],
  "apply": false,
  "expose_headers": []
}
| no | +| [encryption](#input\_encryption) | Bucket Encryption | `string` | `true` | no | +| [environment](#input\_environment) | Environment (dev\|pre\|pro) | `string` | n/a | yes | +| [lifecycle\_rules](#input\_lifecycle\_rules) | JSON containing rules for lifecycle | 
list(object({
    id     = string
    status = string
    prefix = string
    transitions = list(object({
      days          = number
      storage_class = string
    }))
    expiration = number
  }))
| `[]` | no | +| [object\_ownership](#input\_object\_ownership) | Bucket Objects ownership | `string` | `"ObjectWriter"` | no | +| [project](#input\_project) | project name | `string` | n/a | yes | +| [versioning](#input\_versioning) | Bucket Versioning | `string` | `"Disabled"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| [bucket\_arn](#output\_bucket\_arn) | n/a | +| [bucket\_id](#output\_bucket\_id) | n/a | +| [bucket\_name](#output\_bucket\_name) | n/a | + diff --git a/connector_deployment/modules/s3_bucket/bucket.tf b/connector_deployment/modules/s3_bucket/bucket.tf new file mode 100644 index 000000000..2aa5d89c9 --- /dev/null +++ b/connector_deployment/modules/s3_bucket/bucket.tf @@ -0,0 +1,92 @@ +resource "aws_s3_bucket" "bucket" { + bucket = "${var.project}-${var.environment}-${var.bucket_name}" + + tags = { + Name = "${var.project}-${var.environment}-${var.bucket_name}" + project = var.project + environment = var.environment + application = var.application + module = "s3_bucket" + } +} + +resource "aws_s3_bucket_ownership_controls" "bucket_ownership" { + bucket = aws_s3_bucket.bucket.id + rule { + object_ownership = var.object_ownership + } +} + +resource "aws_s3_bucket_acl" "bucket_acl" { + depends_on = [aws_s3_bucket_ownership_controls.bucket_ownership] + + bucket = aws_s3_bucket.bucket.id + acl = var.acl +} + +resource "aws_s3_bucket_versioning" "bucket_versioning" { + bucket = aws_s3_bucket.bucket.id + versioning_configuration { + status = var.versioning + } +} + +resource "aws_s3_bucket_server_side_encryption_configuration" "bucket_encryption" { + count = (var.encryption ? 1 : 0) + bucket = aws_s3_bucket.bucket.id + + rule { + bucket_key_enabled = true + + apply_server_side_encryption_by_default { + sse_algorithm = "AES256" + } + } +} + +resource "aws_s3_bucket_lifecycle_configuration" "lifecycle_configuration" { + count = length(var.lifecycle_rules) > 0 ? 1 : 0 + bucket = aws_s3_bucket.bucket.id + + dynamic "rule" { + for_each = { for each in var.lifecycle_rules : each.id => each } + iterator = rule + content { + id = rule.key + status = rule.value.status + + filter { + prefix = rule.value.prefix + } + dynamic "expiration" { + for_each = rule.value.expiration != 0 ? [1] : [] + iterator = expiration + content { + days = rule.value.expiration + } + } + + dynamic "transition" { + for_each = rule.value.transitions + iterator = transition + + content { + days = transition.value.days + storage_class = transition.value.storage_class + } + } + } + } +} + +resource "aws_s3_bucket_cors_configuration" "cors_configuration" { + count = var.cors.apply ? 1 : 0 + bucket = aws_s3_bucket.bucket.id + + cors_rule { + allowed_headers = var.cors.allowed_headers + allowed_methods = var.cors.allowed_methods + allowed_origins = var.cors.allowed_origins + expose_headers = var.cors.expose_headers + } +} diff --git a/connector_deployment/modules/s3_bucket/input.tf b/connector_deployment/modules/s3_bucket/input.tf new file mode 100644 index 000000000..131807850 --- /dev/null +++ b/connector_deployment/modules/s3_bucket/input.tf @@ -0,0 +1,70 @@ +# Common variables +variable "project" { + type = string + description = "project name" +} +variable "environment" { + type = string + description = "Environment (dev|pre|pro)" +} +variable "application" { + type = string + description = "Role into the product" +} + +# Bucket variables +variable "bucket_name" { + type = string + description = "Bucket Name" +} +variable "object_ownership" { + type = string + description = "Bucket Objects ownership" + default = "ObjectWriter" +} +variable "lifecycle_rules" { + type = list(object({ + id = string + status = string + prefix = string + transitions = list(object({ + days = number + storage_class = string + })) + expiration = number + })) + description = "JSON containing rules for lifecycle" + default = [] +} + +variable "acl" { + type = string + description = "Bucket Acl" + default = "private" +} +variable "versioning" { + type = string + description = "Bucket Versioning" + default = "Disabled" +} +variable "encryption" { + type = string + description = "Bucket Encryption" + default = true +} +variable "cors" { + type = object({ + apply = bool + allowed_headers = list(string) + allowed_methods = list(string) + allowed_origins = list(string) + expose_headers = list(string) + }) + description = "CORS configuration" + default = { + apply = false, + allowed_headers = [], + allowed_methods = [], + allowed_origins = [], + expose_headers = [], } +} diff --git a/connector_deployment/modules/s3_bucket/output.tf b/connector_deployment/modules/s3_bucket/output.tf new file mode 100644 index 000000000..833d6bd2a --- /dev/null +++ b/connector_deployment/modules/s3_bucket/output.tf @@ -0,0 +1,11 @@ +output "bucket_name" { + value = aws_s3_bucket.bucket.bucket +} + +output "bucket_arn" { + value = aws_s3_bucket.bucket.arn +} + +output "bucket_id" { + value = aws_s3_bucket.bucket.id +} \ No newline at end of file diff --git a/connector_deployment/modules/vault/variables.tf b/connector_deployment/modules/vault/variables.tf new file mode 100644 index 000000000..1ad67483a --- /dev/null +++ b/connector_deployment/modules/vault/variables.tf @@ -0,0 +1,44 @@ +# +# Copyright (c) 2024 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +variable "humanReadableName" { + type = string + description = "Human readable name. Should not contain special characters" +} + +variable "namespace" { + type = string +} + +variable "vault-token" { + default = "root" + description = "This is the authentication token for the vault. DO NOT USE THIS IN PRODUCTION!" + type = string +} + +variable "aliases" { + type = object({ + sts-private-key = string + sts-public-key-id = string + }) + default = { + sts-private-key = "key-1" + sts-public-key-id = "key-1" + } +} \ No newline at end of file diff --git a/connector_deployment/modules/vault/vault-values.yaml b/connector_deployment/modules/vault/vault-values.yaml new file mode 100644 index 000000000..e7a5167ed --- /dev/null +++ b/connector_deployment/modules/vault/vault-values.yaml @@ -0,0 +1,22 @@ +# +# Copyright (c) 2024 Metaform Systems, Inc. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Metaform Systems, Inc. - initial API and implementation +# + +server: + postStart: +hashicorp: + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/secret diff --git a/connector_deployment/modules/vault/vault.tf b/connector_deployment/modules/vault/vault.tf new file mode 100644 index 000000000..371ccf964 --- /dev/null +++ b/connector_deployment/modules/vault/vault.tf @@ -0,0 +1,70 @@ +# +# Copyright (c) 2024 Metaform Systems, Inc. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Metaform Systems, Inc. - initial API and implementation +# + +resource "helm_release" "vault" { + name = var.humanReadableName + namespace = var.namespace + + force_update = true + dependency_update = true + reuse_values = true + cleanup_on_fail = true + replace = true + + repository = "https://helm.releases.hashicorp.com" + chart = "vault" + + + + set = [ + { + name = "server.dev.devRootToken" + value = var.vault-token + }, + { + name = "server.dev.enabled" + value = true + }, + { + name = "injector.enabled" + value = false + }, + { + name = "hashicorp.token" + value = var.vault-token + } + ] + + values = [ + file("${path.module}/vault-values.yaml"), + # yamlencode({ + # "server" : { + # "postStart" : [ + # "sh", + # "-c", + # join(" && ", [ + # "sleep 5", + # "/bin/vault kv put secret/${var.aliases.sts-private-key} content=\"${tls_private_key.private_signing_key.private_key_pem}\"", + # # "/bin/vault kv put secret/${local.public-key-alias} content=\"${tls_private_key.ecdsa.public_key_pem}\"" + # ]) + # ] + # } + # }), + ] +} +# +# ECDSA key with P256 elliptic curve +resource "tls_private_key" "private_signing_key" { + algorithm = "ECDSA" + ecdsa_curve = "P256" +} diff --git a/connector_deployment/outputs.tf b/connector_deployment/outputs.tf new file mode 100644 index 000000000..5bad87e93 --- /dev/null +++ b/connector_deployment/outputs.tf @@ -0,0 +1,31 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +# output "consumer-jdbc-url" { +# # jdbc:postgresql://localhost:5432/mydatabase?currentSchema=myschema +# value = "jdbc:postgresql://${module.consumer-postgres.database-url}/consumer" +# } + +# output "provider-jdbc-url" { +# value = { +# catalog-server = "jdbc:postgresql://${module.provider-postgres.database-url}/catalog_server" +# provider-qna = "jdbc:postgresql://${module.provider-postgres.database-url}/provider_qna" +# provider-manufacturing = "jdbc:postgresql://${module.provider-postgres.database-url}/provider_manufacturing" +# } +# } \ No newline at end of file diff --git a/connector_deployment/providers.tf b/connector_deployment/providers.tf new file mode 100644 index 000000000..a96ea4a3f --- /dev/null +++ b/connector_deployment/providers.tf @@ -0,0 +1,50 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +terraform { + required_providers { + // for generating passwords, clientsecrets etc. + random = { + source = "hashicorp/random" + } + + kubernetes = { + source = "hashicorp/kubernetes" + } + helm = { + // used for Hashicorp Vault + source = "hashicorp/helm" + } + postgresql = { + source = "cyrilgdn/postgresql" + version = "~> 1.26.0" + } + } + required_version = ">= 1.13.0" +} + +provider "kubernetes" { + config_path = "~/.kube/config" +} + +provider "helm" { + kubernetes = { + config_path = "~/.kube/config" + } +} diff --git a/connector_deployment/s3.tf b/connector_deployment/s3.tf new file mode 100644 index 000000000..06c97fb45 --- /dev/null +++ b/connector_deployment/s3.tf @@ -0,0 +1,8 @@ +module "remote_state_s3" { + source = "./modules/s3_bucket" + project = "kordat" + environment = var.environment + application = "assets" + bucket_name = "${var.participant}-assets-bucket" + versioning = "Enabled" +} \ No newline at end of file diff --git a/connector_deployment/variables.tf b/connector_deployment/variables.tf new file mode 100644 index 000000000..8314e8f32 --- /dev/null +++ b/connector_deployment/variables.tf @@ -0,0 +1,46 @@ +# +# Copyright (c) 2023 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +# + +variable "participant" { + type = string +} + +variable "environment" { + type = string +} + +variable "postgres_endpoint" { + type = string + default = "kordat-dev-participants-database.cnsm066acc36.eu-west-1.rds.amazonaws.com" +} + +variable "postgres_port" { + type = number + default = 5432 +} + +variable "postgres_admin_password" { + type = string +} + +variable "useSVE" { + type = bool + description = "If true, the -XX:UseSVE=0 switch (Scalable Vector Extensions) will be added to the JAVA_TOOL_OPTIONS. Can help on macOs on Apple Silicon processors" + default = false +} From 45cf33b21ca0395fae441b5995538cf8be4491f5 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 19:57:20 +0100 Subject: [PATCH 03/72] Update mvd deployment --- deployment/kind.config.yaml | 37 ------------------- .../assets/consumer_private.pem | 0 .../assets/consumer_public.pem | 0 .../consumer/dataprocessor-credential.json | 0 .../k8s/consumer/dataprocessor_vc.json | 0 .../k8s/consumer/membership-credential.json | 0 .../k8s/consumer/membership_vc.json | 0 .../provider/dataprocessor-credential.json | 0 .../k8s/provider/dataprocessor_vc.json | 0 .../k8s/provider/membership-credential.json | 0 .../k8s/provider/membership_vc.json | 0 .../consumer/dataprocessor-credential.json | 0 .../local/consumer/membership-credential.json | 0 .../consumer/unsigned/dataprocessor_vc.json | 0 .../consumer/unsigned/membership_vc.json | 0 .../provider/dataprocessor-credential.json | 0 .../local/provider/membership-credential.json | 0 .../provider/unsigned/dataprocessor_vc.json | 0 .../provider/unsigned/membership_vc.json | 0 .../assets/env/consumer_connector.env | 0 .../assets/env/consumer_identityhub.env | 0 .../assets/env/issuerservice.env | 0 .../assets/env/provider_catalogserver.env | 0 .../env/provider_connector_manufacturing.env | 0 .../assets/env/provider_connector_qna.env | 0 .../assets/env/provider_identityhub.env | 0 .../assets/issuer/did.docker.json | 0 .../assets/issuer/did.k8s.json | 0 .../assets/issuer/nginx.conf | 0 .../assets/issuer_private.pem | 0 .../assets/issuer_public.pem | 0 .../assets/participants/participants.k8s.json | 0 .../participants/participants.local.json | 0 .../assets/provider_private.pem | 0 .../assets/provider_public.pem | 0 {deployment => mvd-deployment}/consumer.tf | 0 {deployment => mvd-deployment}/issuer.tf | 0 .../issuer_nginx.tf | 0 .../modules/catalog-server/catalog-server.tf | 0 .../modules/catalog-server/ingress.tf | 0 .../modules/catalog-server/outputs.tf | 0 .../modules/catalog-server/services.tf | 0 .../modules/catalog-server/variables.tf | 0 .../modules/connector/controlplane.tf | 0 .../modules/connector/dataplane.tf | 0 .../modules/connector/ingress.tf | 0 .../modules/connector/outputs.tf | 0 .../modules/connector/services.tf | 0 .../modules/connector/variables.tf | 0 .../modules/identity-hub/ingress.tf | 0 .../modules/identity-hub/main.tf | 0 .../modules/identity-hub/outputs.tf | 0 .../modules/identity-hub/services.tf | 0 .../modules/identity-hub/variables.tf | 0 .../modules/issuer/ingress.tf | 0 .../modules/issuer/main.tf | 0 .../modules/issuer/services.tf | 0 .../modules/issuer/variables.tf | 0 .../modules/postgres/main.tf | 0 .../modules/postgres/outputs.tf | 0 .../modules/postgres/variables.tf | 0 .../modules/vault/variables.tf | 0 .../modules/vault/vault-values.yaml | 0 .../modules/vault/vault.tf | 0 mvd-deployment/namespace.tf | 11 ++++++ {deployment => mvd-deployment}/outputs.tf | 0 .../postman/MVD K8S.postman_environment.json | 0 ...Local Development.postman_environment.json | 0 .../postman/MVD.postman_collection.json | 0 .../postman/http-client.env.json | 0 {deployment => mvd-deployment}/provider.tf | 0 .../main.tf => mvd-deployment/providers.tf | 22 ++++------- {deployment => mvd-deployment}/variables.tf | 0 73 files changed, 19 insertions(+), 51 deletions(-) delete mode 100644 deployment/kind.config.yaml rename {deployment => mvd-deployment}/assets/consumer_private.pem (100%) rename {deployment => mvd-deployment}/assets/consumer_public.pem (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/consumer/dataprocessor-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/consumer/dataprocessor_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/consumer/membership-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/consumer/membership_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/provider/dataprocessor-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/provider/dataprocessor_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/provider/membership-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/k8s/provider/membership_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/consumer/dataprocessor-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/consumer/membership-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/consumer/unsigned/membership_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/provider/dataprocessor-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/provider/membership-credential.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/provider/unsigned/dataprocessor_vc.json (100%) rename {deployment => mvd-deployment}/assets/credentials/local/provider/unsigned/membership_vc.json (100%) rename {deployment => mvd-deployment}/assets/env/consumer_connector.env (100%) rename {deployment => mvd-deployment}/assets/env/consumer_identityhub.env (100%) rename {deployment => mvd-deployment}/assets/env/issuerservice.env (100%) rename {deployment => mvd-deployment}/assets/env/provider_catalogserver.env (100%) rename {deployment => mvd-deployment}/assets/env/provider_connector_manufacturing.env (100%) rename {deployment => mvd-deployment}/assets/env/provider_connector_qna.env (100%) rename {deployment => mvd-deployment}/assets/env/provider_identityhub.env (100%) rename {deployment => mvd-deployment}/assets/issuer/did.docker.json (100%) rename {deployment => mvd-deployment}/assets/issuer/did.k8s.json (100%) rename {deployment => mvd-deployment}/assets/issuer/nginx.conf (100%) rename {deployment => mvd-deployment}/assets/issuer_private.pem (100%) rename {deployment => mvd-deployment}/assets/issuer_public.pem (100%) rename {deployment => mvd-deployment}/assets/participants/participants.k8s.json (100%) rename {deployment => mvd-deployment}/assets/participants/participants.local.json (100%) rename {deployment => mvd-deployment}/assets/provider_private.pem (100%) rename {deployment => mvd-deployment}/assets/provider_public.pem (100%) rename {deployment => mvd-deployment}/consumer.tf (100%) rename {deployment => mvd-deployment}/issuer.tf (100%) rename {deployment => mvd-deployment}/issuer_nginx.tf (100%) rename {deployment => mvd-deployment}/modules/catalog-server/catalog-server.tf (100%) rename {deployment => mvd-deployment}/modules/catalog-server/ingress.tf (100%) rename {deployment => mvd-deployment}/modules/catalog-server/outputs.tf (100%) rename {deployment => mvd-deployment}/modules/catalog-server/services.tf (100%) rename {deployment => mvd-deployment}/modules/catalog-server/variables.tf (100%) rename {deployment => mvd-deployment}/modules/connector/controlplane.tf (100%) rename {deployment => mvd-deployment}/modules/connector/dataplane.tf (100%) rename {deployment => mvd-deployment}/modules/connector/ingress.tf (100%) rename {deployment => mvd-deployment}/modules/connector/outputs.tf (100%) rename {deployment => mvd-deployment}/modules/connector/services.tf (100%) rename {deployment => mvd-deployment}/modules/connector/variables.tf (100%) rename {deployment => mvd-deployment}/modules/identity-hub/ingress.tf (100%) rename {deployment => mvd-deployment}/modules/identity-hub/main.tf (100%) rename {deployment => mvd-deployment}/modules/identity-hub/outputs.tf (100%) rename {deployment => mvd-deployment}/modules/identity-hub/services.tf (100%) rename {deployment => mvd-deployment}/modules/identity-hub/variables.tf (100%) rename {deployment => mvd-deployment}/modules/issuer/ingress.tf (100%) rename {deployment => mvd-deployment}/modules/issuer/main.tf (100%) rename {deployment => mvd-deployment}/modules/issuer/services.tf (100%) rename {deployment => mvd-deployment}/modules/issuer/variables.tf (100%) rename {deployment => mvd-deployment}/modules/postgres/main.tf (100%) rename {deployment => mvd-deployment}/modules/postgres/outputs.tf (100%) rename {deployment => mvd-deployment}/modules/postgres/variables.tf (100%) rename {deployment => mvd-deployment}/modules/vault/variables.tf (100%) rename {deployment => mvd-deployment}/modules/vault/vault-values.yaml (100%) rename {deployment => mvd-deployment}/modules/vault/vault.tf (100%) create mode 100644 mvd-deployment/namespace.tf rename {deployment => mvd-deployment}/outputs.tf (100%) rename {deployment => mvd-deployment}/postman/MVD K8S.postman_environment.json (100%) rename {deployment => mvd-deployment}/postman/MVD Local Development.postman_environment.json (100%) rename {deployment => mvd-deployment}/postman/MVD.postman_collection.json (100%) rename {deployment => mvd-deployment}/postman/http-client.env.json (100%) rename {deployment => mvd-deployment}/provider.tf (100%) rename deployment/main.tf => mvd-deployment/providers.tf (87%) rename {deployment => mvd-deployment}/variables.tf (100%) diff --git a/deployment/kind.config.yaml b/deployment/kind.config.yaml deleted file mode 100644 index 9d918bb2d..000000000 --- a/deployment/kind.config.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License, Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the -# License for the specific language governing permissions and limitations -# under the License. -# -# SPDX-License-Identifier: Apache-2.0 -# - ---- -kind: Cluster -apiVersion: kind.x-k8s.io/v1alpha4 -nodes: - - role: control-plane - kubeadmConfigPatches: - - | - kind: InitConfiguration - nodeRegistration: - kubeletExtraArgs: - node-labels: "ingress-ready=true" - extraPortMappings: - - containerPort: 80 - hostPort: 80 - protocol: TCP - - containerPort: 443 - hostPort: 443 - protocol: TCP \ No newline at end of file diff --git a/deployment/assets/consumer_private.pem b/mvd-deployment/assets/consumer_private.pem similarity index 100% rename from deployment/assets/consumer_private.pem rename to mvd-deployment/assets/consumer_private.pem diff --git a/deployment/assets/consumer_public.pem b/mvd-deployment/assets/consumer_public.pem similarity index 100% rename from deployment/assets/consumer_public.pem rename to mvd-deployment/assets/consumer_public.pem diff --git a/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/mvd-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json similarity index 100% rename from deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json rename to mvd-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json diff --git a/deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json b/mvd-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json similarity index 100% rename from deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json rename to mvd-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json diff --git a/deployment/assets/credentials/k8s/consumer/membership-credential.json b/mvd-deployment/assets/credentials/k8s/consumer/membership-credential.json similarity index 100% rename from deployment/assets/credentials/k8s/consumer/membership-credential.json rename to mvd-deployment/assets/credentials/k8s/consumer/membership-credential.json diff --git a/deployment/assets/credentials/k8s/consumer/membership_vc.json b/mvd-deployment/assets/credentials/k8s/consumer/membership_vc.json similarity index 100% rename from deployment/assets/credentials/k8s/consumer/membership_vc.json rename to mvd-deployment/assets/credentials/k8s/consumer/membership_vc.json diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/mvd-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json similarity index 100% rename from deployment/assets/credentials/k8s/provider/dataprocessor-credential.json rename to mvd-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json diff --git a/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json b/mvd-deployment/assets/credentials/k8s/provider/dataprocessor_vc.json similarity index 100% rename from deployment/assets/credentials/k8s/provider/dataprocessor_vc.json rename to mvd-deployment/assets/credentials/k8s/provider/dataprocessor_vc.json diff --git a/deployment/assets/credentials/k8s/provider/membership-credential.json b/mvd-deployment/assets/credentials/k8s/provider/membership-credential.json similarity index 100% rename from deployment/assets/credentials/k8s/provider/membership-credential.json rename to mvd-deployment/assets/credentials/k8s/provider/membership-credential.json diff --git a/deployment/assets/credentials/k8s/provider/membership_vc.json b/mvd-deployment/assets/credentials/k8s/provider/membership_vc.json similarity index 100% rename from deployment/assets/credentials/k8s/provider/membership_vc.json rename to mvd-deployment/assets/credentials/k8s/provider/membership_vc.json diff --git a/deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/mvd-deployment/assets/credentials/local/consumer/dataprocessor-credential.json similarity index 100% rename from deployment/assets/credentials/local/consumer/dataprocessor-credential.json rename to mvd-deployment/assets/credentials/local/consumer/dataprocessor-credential.json diff --git a/deployment/assets/credentials/local/consumer/membership-credential.json b/mvd-deployment/assets/credentials/local/consumer/membership-credential.json similarity index 100% rename from deployment/assets/credentials/local/consumer/membership-credential.json rename to mvd-deployment/assets/credentials/local/consumer/membership-credential.json diff --git a/deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json b/mvd-deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json similarity index 100% rename from deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json rename to mvd-deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json diff --git a/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json b/mvd-deployment/assets/credentials/local/consumer/unsigned/membership_vc.json similarity index 100% rename from deployment/assets/credentials/local/consumer/unsigned/membership_vc.json rename to mvd-deployment/assets/credentials/local/consumer/unsigned/membership_vc.json diff --git a/deployment/assets/credentials/local/provider/dataprocessor-credential.json b/mvd-deployment/assets/credentials/local/provider/dataprocessor-credential.json similarity index 100% rename from deployment/assets/credentials/local/provider/dataprocessor-credential.json rename to mvd-deployment/assets/credentials/local/provider/dataprocessor-credential.json diff --git a/deployment/assets/credentials/local/provider/membership-credential.json b/mvd-deployment/assets/credentials/local/provider/membership-credential.json similarity index 100% rename from deployment/assets/credentials/local/provider/membership-credential.json rename to mvd-deployment/assets/credentials/local/provider/membership-credential.json diff --git a/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/mvd-deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json similarity index 100% rename from deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json rename to mvd-deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json diff --git a/deployment/assets/credentials/local/provider/unsigned/membership_vc.json b/mvd-deployment/assets/credentials/local/provider/unsigned/membership_vc.json similarity index 100% rename from deployment/assets/credentials/local/provider/unsigned/membership_vc.json rename to mvd-deployment/assets/credentials/local/provider/unsigned/membership_vc.json diff --git a/deployment/assets/env/consumer_connector.env b/mvd-deployment/assets/env/consumer_connector.env similarity index 100% rename from deployment/assets/env/consumer_connector.env rename to mvd-deployment/assets/env/consumer_connector.env diff --git a/deployment/assets/env/consumer_identityhub.env b/mvd-deployment/assets/env/consumer_identityhub.env similarity index 100% rename from deployment/assets/env/consumer_identityhub.env rename to mvd-deployment/assets/env/consumer_identityhub.env diff --git a/deployment/assets/env/issuerservice.env b/mvd-deployment/assets/env/issuerservice.env similarity index 100% rename from deployment/assets/env/issuerservice.env rename to mvd-deployment/assets/env/issuerservice.env diff --git a/deployment/assets/env/provider_catalogserver.env b/mvd-deployment/assets/env/provider_catalogserver.env similarity index 100% rename from deployment/assets/env/provider_catalogserver.env rename to mvd-deployment/assets/env/provider_catalogserver.env diff --git a/deployment/assets/env/provider_connector_manufacturing.env b/mvd-deployment/assets/env/provider_connector_manufacturing.env similarity index 100% rename from deployment/assets/env/provider_connector_manufacturing.env rename to mvd-deployment/assets/env/provider_connector_manufacturing.env diff --git a/deployment/assets/env/provider_connector_qna.env b/mvd-deployment/assets/env/provider_connector_qna.env similarity index 100% rename from deployment/assets/env/provider_connector_qna.env rename to mvd-deployment/assets/env/provider_connector_qna.env diff --git a/deployment/assets/env/provider_identityhub.env b/mvd-deployment/assets/env/provider_identityhub.env similarity index 100% rename from deployment/assets/env/provider_identityhub.env rename to mvd-deployment/assets/env/provider_identityhub.env diff --git a/deployment/assets/issuer/did.docker.json b/mvd-deployment/assets/issuer/did.docker.json similarity index 100% rename from deployment/assets/issuer/did.docker.json rename to mvd-deployment/assets/issuer/did.docker.json diff --git a/deployment/assets/issuer/did.k8s.json b/mvd-deployment/assets/issuer/did.k8s.json similarity index 100% rename from deployment/assets/issuer/did.k8s.json rename to mvd-deployment/assets/issuer/did.k8s.json diff --git a/deployment/assets/issuer/nginx.conf b/mvd-deployment/assets/issuer/nginx.conf similarity index 100% rename from deployment/assets/issuer/nginx.conf rename to mvd-deployment/assets/issuer/nginx.conf diff --git a/deployment/assets/issuer_private.pem b/mvd-deployment/assets/issuer_private.pem similarity index 100% rename from deployment/assets/issuer_private.pem rename to mvd-deployment/assets/issuer_private.pem diff --git a/deployment/assets/issuer_public.pem b/mvd-deployment/assets/issuer_public.pem similarity index 100% rename from deployment/assets/issuer_public.pem rename to mvd-deployment/assets/issuer_public.pem diff --git a/deployment/assets/participants/participants.k8s.json b/mvd-deployment/assets/participants/participants.k8s.json similarity index 100% rename from deployment/assets/participants/participants.k8s.json rename to mvd-deployment/assets/participants/participants.k8s.json diff --git a/deployment/assets/participants/participants.local.json b/mvd-deployment/assets/participants/participants.local.json similarity index 100% rename from deployment/assets/participants/participants.local.json rename to mvd-deployment/assets/participants/participants.local.json diff --git a/deployment/assets/provider_private.pem b/mvd-deployment/assets/provider_private.pem similarity index 100% rename from deployment/assets/provider_private.pem rename to mvd-deployment/assets/provider_private.pem diff --git a/deployment/assets/provider_public.pem b/mvd-deployment/assets/provider_public.pem similarity index 100% rename from deployment/assets/provider_public.pem rename to mvd-deployment/assets/provider_public.pem diff --git a/deployment/consumer.tf b/mvd-deployment/consumer.tf similarity index 100% rename from deployment/consumer.tf rename to mvd-deployment/consumer.tf diff --git a/deployment/issuer.tf b/mvd-deployment/issuer.tf similarity index 100% rename from deployment/issuer.tf rename to mvd-deployment/issuer.tf diff --git a/deployment/issuer_nginx.tf b/mvd-deployment/issuer_nginx.tf similarity index 100% rename from deployment/issuer_nginx.tf rename to mvd-deployment/issuer_nginx.tf diff --git a/deployment/modules/catalog-server/catalog-server.tf b/mvd-deployment/modules/catalog-server/catalog-server.tf similarity index 100% rename from deployment/modules/catalog-server/catalog-server.tf rename to mvd-deployment/modules/catalog-server/catalog-server.tf diff --git a/deployment/modules/catalog-server/ingress.tf b/mvd-deployment/modules/catalog-server/ingress.tf similarity index 100% rename from deployment/modules/catalog-server/ingress.tf rename to mvd-deployment/modules/catalog-server/ingress.tf diff --git a/deployment/modules/catalog-server/outputs.tf b/mvd-deployment/modules/catalog-server/outputs.tf similarity index 100% rename from deployment/modules/catalog-server/outputs.tf rename to mvd-deployment/modules/catalog-server/outputs.tf diff --git a/deployment/modules/catalog-server/services.tf b/mvd-deployment/modules/catalog-server/services.tf similarity index 100% rename from deployment/modules/catalog-server/services.tf rename to mvd-deployment/modules/catalog-server/services.tf diff --git a/deployment/modules/catalog-server/variables.tf b/mvd-deployment/modules/catalog-server/variables.tf similarity index 100% rename from deployment/modules/catalog-server/variables.tf rename to mvd-deployment/modules/catalog-server/variables.tf diff --git a/deployment/modules/connector/controlplane.tf b/mvd-deployment/modules/connector/controlplane.tf similarity index 100% rename from deployment/modules/connector/controlplane.tf rename to mvd-deployment/modules/connector/controlplane.tf diff --git a/deployment/modules/connector/dataplane.tf b/mvd-deployment/modules/connector/dataplane.tf similarity index 100% rename from deployment/modules/connector/dataplane.tf rename to mvd-deployment/modules/connector/dataplane.tf diff --git a/deployment/modules/connector/ingress.tf b/mvd-deployment/modules/connector/ingress.tf similarity index 100% rename from deployment/modules/connector/ingress.tf rename to mvd-deployment/modules/connector/ingress.tf diff --git a/deployment/modules/connector/outputs.tf b/mvd-deployment/modules/connector/outputs.tf similarity index 100% rename from deployment/modules/connector/outputs.tf rename to mvd-deployment/modules/connector/outputs.tf diff --git a/deployment/modules/connector/services.tf b/mvd-deployment/modules/connector/services.tf similarity index 100% rename from deployment/modules/connector/services.tf rename to mvd-deployment/modules/connector/services.tf diff --git a/deployment/modules/connector/variables.tf b/mvd-deployment/modules/connector/variables.tf similarity index 100% rename from deployment/modules/connector/variables.tf rename to mvd-deployment/modules/connector/variables.tf diff --git a/deployment/modules/identity-hub/ingress.tf b/mvd-deployment/modules/identity-hub/ingress.tf similarity index 100% rename from deployment/modules/identity-hub/ingress.tf rename to mvd-deployment/modules/identity-hub/ingress.tf diff --git a/deployment/modules/identity-hub/main.tf b/mvd-deployment/modules/identity-hub/main.tf similarity index 100% rename from deployment/modules/identity-hub/main.tf rename to mvd-deployment/modules/identity-hub/main.tf diff --git a/deployment/modules/identity-hub/outputs.tf b/mvd-deployment/modules/identity-hub/outputs.tf similarity index 100% rename from deployment/modules/identity-hub/outputs.tf rename to mvd-deployment/modules/identity-hub/outputs.tf diff --git a/deployment/modules/identity-hub/services.tf b/mvd-deployment/modules/identity-hub/services.tf similarity index 100% rename from deployment/modules/identity-hub/services.tf rename to mvd-deployment/modules/identity-hub/services.tf diff --git a/deployment/modules/identity-hub/variables.tf b/mvd-deployment/modules/identity-hub/variables.tf similarity index 100% rename from deployment/modules/identity-hub/variables.tf rename to mvd-deployment/modules/identity-hub/variables.tf diff --git a/deployment/modules/issuer/ingress.tf b/mvd-deployment/modules/issuer/ingress.tf similarity index 100% rename from deployment/modules/issuer/ingress.tf rename to mvd-deployment/modules/issuer/ingress.tf diff --git a/deployment/modules/issuer/main.tf b/mvd-deployment/modules/issuer/main.tf similarity index 100% rename from deployment/modules/issuer/main.tf rename to mvd-deployment/modules/issuer/main.tf diff --git a/deployment/modules/issuer/services.tf b/mvd-deployment/modules/issuer/services.tf similarity index 100% rename from deployment/modules/issuer/services.tf rename to mvd-deployment/modules/issuer/services.tf diff --git a/deployment/modules/issuer/variables.tf b/mvd-deployment/modules/issuer/variables.tf similarity index 100% rename from deployment/modules/issuer/variables.tf rename to mvd-deployment/modules/issuer/variables.tf diff --git a/deployment/modules/postgres/main.tf b/mvd-deployment/modules/postgres/main.tf similarity index 100% rename from deployment/modules/postgres/main.tf rename to mvd-deployment/modules/postgres/main.tf diff --git a/deployment/modules/postgres/outputs.tf b/mvd-deployment/modules/postgres/outputs.tf similarity index 100% rename from deployment/modules/postgres/outputs.tf rename to mvd-deployment/modules/postgres/outputs.tf diff --git a/deployment/modules/postgres/variables.tf b/mvd-deployment/modules/postgres/variables.tf similarity index 100% rename from deployment/modules/postgres/variables.tf rename to mvd-deployment/modules/postgres/variables.tf diff --git a/deployment/modules/vault/variables.tf b/mvd-deployment/modules/vault/variables.tf similarity index 100% rename from deployment/modules/vault/variables.tf rename to mvd-deployment/modules/vault/variables.tf diff --git a/deployment/modules/vault/vault-values.yaml b/mvd-deployment/modules/vault/vault-values.yaml similarity index 100% rename from deployment/modules/vault/vault-values.yaml rename to mvd-deployment/modules/vault/vault-values.yaml diff --git a/deployment/modules/vault/vault.tf b/mvd-deployment/modules/vault/vault.tf similarity index 100% rename from deployment/modules/vault/vault.tf rename to mvd-deployment/modules/vault/vault.tf diff --git a/mvd-deployment/namespace.tf b/mvd-deployment/namespace.tf new file mode 100644 index 000000000..f1b9e1f8a --- /dev/null +++ b/mvd-deployment/namespace.tf @@ -0,0 +1,11 @@ +resource "kubernetes_namespace" "ns_consumer" { + metadata { + name = "consumer" + } +} + +resource "kubernetes_namespace" "ns_provider" { + metadata { + name = "provider" + } +} \ No newline at end of file diff --git a/deployment/outputs.tf b/mvd-deployment/outputs.tf similarity index 100% rename from deployment/outputs.tf rename to mvd-deployment/outputs.tf diff --git a/deployment/postman/MVD K8S.postman_environment.json b/mvd-deployment/postman/MVD K8S.postman_environment.json similarity index 100% rename from deployment/postman/MVD K8S.postman_environment.json rename to mvd-deployment/postman/MVD K8S.postman_environment.json diff --git a/deployment/postman/MVD Local Development.postman_environment.json b/mvd-deployment/postman/MVD Local Development.postman_environment.json similarity index 100% rename from deployment/postman/MVD Local Development.postman_environment.json rename to mvd-deployment/postman/MVD Local Development.postman_environment.json diff --git a/deployment/postman/MVD.postman_collection.json b/mvd-deployment/postman/MVD.postman_collection.json similarity index 100% rename from deployment/postman/MVD.postman_collection.json rename to mvd-deployment/postman/MVD.postman_collection.json diff --git a/deployment/postman/http-client.env.json b/mvd-deployment/postman/http-client.env.json similarity index 100% rename from deployment/postman/http-client.env.json rename to mvd-deployment/postman/http-client.env.json diff --git a/deployment/provider.tf b/mvd-deployment/provider.tf similarity index 100% rename from deployment/provider.tf rename to mvd-deployment/provider.tf diff --git a/deployment/main.tf b/mvd-deployment/providers.tf similarity index 87% rename from deployment/main.tf rename to mvd-deployment/providers.tf index 388c11f9a..1eda6f3a1 100644 --- a/deployment/main.tf +++ b/mvd-deployment/providers.tf @@ -23,7 +23,6 @@ terraform { random = { source = "hashicorp/random" } - kubernetes = { source = "hashicorp/kubernetes" } @@ -32,6 +31,14 @@ terraform { source = "hashicorp/helm" } } + + backend "s3" { + region = "eu-west-1" + bucket = "aie-kordat-dev-terraform-remote-state" + key = "infra/kordat/mvd/terraform.tfstate" + profile = "kordat-dev" + } + required_version = ">= 1.13.0" } @@ -44,16 +51,3 @@ provider "helm" { config_path = "~/.kube/config" } } - -resource "kubernetes_namespace" "ns_consumer" { - metadata { - name = "consumer" - } -} - -resource "kubernetes_namespace" "ns_provider" { - metadata { - name = "provider" - } -} - diff --git a/deployment/variables.tf b/mvd-deployment/variables.tf similarity index 100% rename from deployment/variables.tf rename to mvd-deployment/variables.tf From 01e1be30c8a821f621f58b3f99643bb2e734f851 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 20:17:55 +0100 Subject: [PATCH 04/72] Update connector code --- .../assets/consumer_private.pem | 0 .../assets/consumer_public.pem | 0 .../consumer/dataprocessor-credential.json | 0 .../k8s/consumer/dataprocessor_vc.json | 0 .../k8s/consumer/membership-credential.json | 0 .../k8s/consumer/membership_vc.json | 0 .../provider/dataprocessor-credential.json | 0 .../k8s/provider/dataprocessor_vc.json | 0 .../k8s/provider/membership-credential.json | 0 .../k8s/provider/membership_vc.json | 0 .../consumer/dataprocessor-credential.json | 0 .../local/consumer/membership-credential.json | 0 .../consumer/unsigned/dataprocessor_vc.json | 0 .../consumer/unsigned/membership_vc.json | 0 .../provider/dataprocessor-credential.json | 0 .../local/provider/membership-credential.json | 0 .../provider/unsigned/dataprocessor_vc.json | 0 .../provider/unsigned/membership_vc.json | 0 .../assets/env/consumer_connector.env | 0 .../assets/env/consumer_identityhub.env | 0 .../assets/env/issuerservice.env | 0 .../assets/env/provider_catalogserver.env | 0 .../env/provider_connector_manufacturing.env | 0 .../assets/env/provider_connector_qna.env | 0 .../assets/env/provider_identityhub.env | 0 .../assets/issuer/did.docker.json | 0 .../assets/issuer/did.k8s.json | 0 .../assets/issuer/nginx.conf | 0 .../assets/issuer_private.pem | 0 .../assets/issuer_public.pem | 0 .../assets/participants/participants.k8s.json | 0 .../participants/participants.local.json | 0 .../assets/provider_private.pem | 0 .../assets/provider_public.pem | 0 .../connector.tf | 0 .../database.tf | 0 .../kms.tf | 0 .../locals.tf | 0 .../modules/connector/controlplane.tf | 0 .../modules/connector/dataplane.tf | 0 .../modules/connector/ingress.tf | 0 .../modules/connector/outputs.tf | 0 .../modules/connector/services.tf | 0 .../modules/connector/variables.tf | 0 .../modules/identity-hub/ingress.tf | 0 .../modules/identity-hub/main.tf | 0 .../modules/identity-hub/outputs.tf | 0 .../modules/identity-hub/services.tf | 0 .../modules/identity-hub/variables.tf | 0 .../modules/kms/README.md | 0 .../modules/kms/input.tf | 6 --- connector-deployment/modules/kms/kms.tf | 52 +++++++++++++++++++ .../modules/kms/output.tf | 0 .../modules/random_string_generator/README.md | 0 .../modules/random_string_generator/input.tf | 0 .../modules/random_string_generator/output.tf | 0 .../random_string_generator.tf | 0 .../modules/s3_bucket/README.md | 0 .../modules/s3_bucket/bucket.tf | 51 ++++++++++++++++-- .../modules/s3_bucket/input.tf | 5 +- .../modules/s3_bucket/output.tf | 0 .../modules/vault/variables.tf | 0 .../modules/vault/vault-values.yaml | 0 .../modules/vault/vault.tf | 0 .../outputs.tf | 0 .../providers.tf | 8 +++ .../s3.tf | 1 + .../variables.tf | 0 connector_deployment/modules/kms/kms.tf | 22 -------- 69 files changed, 110 insertions(+), 35 deletions(-) rename {connector_deployment => connector-deployment}/assets/consumer_private.pem (100%) rename {connector_deployment => connector-deployment}/assets/consumer_public.pem (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/consumer/dataprocessor-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/consumer/dataprocessor_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/consumer/membership-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/consumer/membership_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/provider/dataprocessor-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/provider/dataprocessor_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/provider/membership-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/k8s/provider/membership_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/consumer/dataprocessor-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/consumer/membership-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/consumer/unsigned/membership_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/provider/dataprocessor-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/provider/membership-credential.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/provider/unsigned/dataprocessor_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/credentials/local/provider/unsigned/membership_vc.json (100%) rename {connector_deployment => connector-deployment}/assets/env/consumer_connector.env (100%) rename {connector_deployment => connector-deployment}/assets/env/consumer_identityhub.env (100%) rename {connector_deployment => connector-deployment}/assets/env/issuerservice.env (100%) rename {connector_deployment => connector-deployment}/assets/env/provider_catalogserver.env (100%) rename {connector_deployment => connector-deployment}/assets/env/provider_connector_manufacturing.env (100%) rename {connector_deployment => connector-deployment}/assets/env/provider_connector_qna.env (100%) rename {connector_deployment => connector-deployment}/assets/env/provider_identityhub.env (100%) rename {connector_deployment => connector-deployment}/assets/issuer/did.docker.json (100%) rename {connector_deployment => connector-deployment}/assets/issuer/did.k8s.json (100%) rename {connector_deployment => connector-deployment}/assets/issuer/nginx.conf (100%) rename {connector_deployment => connector-deployment}/assets/issuer_private.pem (100%) rename {connector_deployment => connector-deployment}/assets/issuer_public.pem (100%) rename {connector_deployment => connector-deployment}/assets/participants/participants.k8s.json (100%) rename {connector_deployment => connector-deployment}/assets/participants/participants.local.json (100%) rename {connector_deployment => connector-deployment}/assets/provider_private.pem (100%) rename {connector_deployment => connector-deployment}/assets/provider_public.pem (100%) rename {connector_deployment => connector-deployment}/connector.tf (100%) rename {connector_deployment => connector-deployment}/database.tf (100%) rename {connector_deployment => connector-deployment}/kms.tf (100%) rename {connector_deployment => connector-deployment}/locals.tf (100%) rename {connector_deployment => connector-deployment}/modules/connector/controlplane.tf (100%) rename {connector_deployment => connector-deployment}/modules/connector/dataplane.tf (100%) rename {connector_deployment => connector-deployment}/modules/connector/ingress.tf (100%) rename {connector_deployment => connector-deployment}/modules/connector/outputs.tf (100%) rename {connector_deployment => connector-deployment}/modules/connector/services.tf (100%) rename {connector_deployment => connector-deployment}/modules/connector/variables.tf (100%) rename {connector_deployment => connector-deployment}/modules/identity-hub/ingress.tf (100%) rename {connector_deployment => connector-deployment}/modules/identity-hub/main.tf (100%) rename {connector_deployment => connector-deployment}/modules/identity-hub/outputs.tf (100%) rename {connector_deployment => connector-deployment}/modules/identity-hub/services.tf (100%) rename {connector_deployment => connector-deployment}/modules/identity-hub/variables.tf (100%) rename {connector_deployment => connector-deployment}/modules/kms/README.md (100%) rename {connector_deployment => connector-deployment}/modules/kms/input.tf (80%) create mode 100644 connector-deployment/modules/kms/kms.tf rename {connector_deployment => connector-deployment}/modules/kms/output.tf (100%) rename {connector_deployment => connector-deployment}/modules/random_string_generator/README.md (100%) rename {connector_deployment => connector-deployment}/modules/random_string_generator/input.tf (100%) rename {connector_deployment => connector-deployment}/modules/random_string_generator/output.tf (100%) rename {connector_deployment => connector-deployment}/modules/random_string_generator/random_string_generator.tf (100%) rename {connector_deployment => connector-deployment}/modules/s3_bucket/README.md (100%) rename {connector_deployment => connector-deployment}/modules/s3_bucket/bucket.tf (63%) rename {connector_deployment => connector-deployment}/modules/s3_bucket/input.tf (94%) rename {connector_deployment => connector-deployment}/modules/s3_bucket/output.tf (100%) rename {connector_deployment => connector-deployment}/modules/vault/variables.tf (100%) rename {connector_deployment => connector-deployment}/modules/vault/vault-values.yaml (100%) rename {connector_deployment => connector-deployment}/modules/vault/vault.tf (100%) rename {connector_deployment => connector-deployment}/outputs.tf (100%) rename {connector_deployment => connector-deployment}/providers.tf (87%) rename {connector_deployment => connector-deployment}/s3.tf (86%) rename {connector_deployment => connector-deployment}/variables.tf (100%) delete mode 100644 connector_deployment/modules/kms/kms.tf diff --git a/connector_deployment/assets/consumer_private.pem b/connector-deployment/assets/consumer_private.pem similarity index 100% rename from connector_deployment/assets/consumer_private.pem rename to connector-deployment/assets/consumer_private.pem diff --git a/connector_deployment/assets/consumer_public.pem b/connector-deployment/assets/consumer_public.pem similarity index 100% rename from connector_deployment/assets/consumer_public.pem rename to connector-deployment/assets/consumer_public.pem diff --git a/connector_deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/connector-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json rename to connector-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json diff --git a/connector_deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json b/connector-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json rename to connector-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json diff --git a/connector_deployment/assets/credentials/k8s/consumer/membership-credential.json b/connector-deployment/assets/credentials/k8s/consumer/membership-credential.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/consumer/membership-credential.json rename to connector-deployment/assets/credentials/k8s/consumer/membership-credential.json diff --git a/connector_deployment/assets/credentials/k8s/consumer/membership_vc.json b/connector-deployment/assets/credentials/k8s/consumer/membership_vc.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/consumer/membership_vc.json rename to connector-deployment/assets/credentials/k8s/consumer/membership_vc.json diff --git a/connector_deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/connector-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/provider/dataprocessor-credential.json rename to connector-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json diff --git a/connector_deployment/assets/credentials/k8s/provider/dataprocessor_vc.json b/connector-deployment/assets/credentials/k8s/provider/dataprocessor_vc.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/provider/dataprocessor_vc.json rename to connector-deployment/assets/credentials/k8s/provider/dataprocessor_vc.json diff --git a/connector_deployment/assets/credentials/k8s/provider/membership-credential.json b/connector-deployment/assets/credentials/k8s/provider/membership-credential.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/provider/membership-credential.json rename to connector-deployment/assets/credentials/k8s/provider/membership-credential.json diff --git a/connector_deployment/assets/credentials/k8s/provider/membership_vc.json b/connector-deployment/assets/credentials/k8s/provider/membership_vc.json similarity index 100% rename from connector_deployment/assets/credentials/k8s/provider/membership_vc.json rename to connector-deployment/assets/credentials/k8s/provider/membership_vc.json diff --git a/connector_deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/connector-deployment/assets/credentials/local/consumer/dataprocessor-credential.json similarity index 100% rename from connector_deployment/assets/credentials/local/consumer/dataprocessor-credential.json rename to connector-deployment/assets/credentials/local/consumer/dataprocessor-credential.json diff --git a/connector_deployment/assets/credentials/local/consumer/membership-credential.json b/connector-deployment/assets/credentials/local/consumer/membership-credential.json similarity index 100% rename from connector_deployment/assets/credentials/local/consumer/membership-credential.json rename to connector-deployment/assets/credentials/local/consumer/membership-credential.json diff --git a/connector_deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json b/connector-deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json similarity index 100% rename from connector_deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json rename to connector-deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json diff --git a/connector_deployment/assets/credentials/local/consumer/unsigned/membership_vc.json b/connector-deployment/assets/credentials/local/consumer/unsigned/membership_vc.json similarity index 100% rename from connector_deployment/assets/credentials/local/consumer/unsigned/membership_vc.json rename to connector-deployment/assets/credentials/local/consumer/unsigned/membership_vc.json diff --git a/connector_deployment/assets/credentials/local/provider/dataprocessor-credential.json b/connector-deployment/assets/credentials/local/provider/dataprocessor-credential.json similarity index 100% rename from connector_deployment/assets/credentials/local/provider/dataprocessor-credential.json rename to connector-deployment/assets/credentials/local/provider/dataprocessor-credential.json diff --git a/connector_deployment/assets/credentials/local/provider/membership-credential.json b/connector-deployment/assets/credentials/local/provider/membership-credential.json similarity index 100% rename from connector_deployment/assets/credentials/local/provider/membership-credential.json rename to connector-deployment/assets/credentials/local/provider/membership-credential.json diff --git a/connector_deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/connector-deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json similarity index 100% rename from connector_deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json rename to connector-deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json diff --git a/connector_deployment/assets/credentials/local/provider/unsigned/membership_vc.json b/connector-deployment/assets/credentials/local/provider/unsigned/membership_vc.json similarity index 100% rename from connector_deployment/assets/credentials/local/provider/unsigned/membership_vc.json rename to connector-deployment/assets/credentials/local/provider/unsigned/membership_vc.json diff --git a/connector_deployment/assets/env/consumer_connector.env b/connector-deployment/assets/env/consumer_connector.env similarity index 100% rename from connector_deployment/assets/env/consumer_connector.env rename to connector-deployment/assets/env/consumer_connector.env diff --git a/connector_deployment/assets/env/consumer_identityhub.env b/connector-deployment/assets/env/consumer_identityhub.env similarity index 100% rename from connector_deployment/assets/env/consumer_identityhub.env rename to connector-deployment/assets/env/consumer_identityhub.env diff --git a/connector_deployment/assets/env/issuerservice.env b/connector-deployment/assets/env/issuerservice.env similarity index 100% rename from connector_deployment/assets/env/issuerservice.env rename to connector-deployment/assets/env/issuerservice.env diff --git a/connector_deployment/assets/env/provider_catalogserver.env b/connector-deployment/assets/env/provider_catalogserver.env similarity index 100% rename from connector_deployment/assets/env/provider_catalogserver.env rename to connector-deployment/assets/env/provider_catalogserver.env diff --git a/connector_deployment/assets/env/provider_connector_manufacturing.env b/connector-deployment/assets/env/provider_connector_manufacturing.env similarity index 100% rename from connector_deployment/assets/env/provider_connector_manufacturing.env rename to connector-deployment/assets/env/provider_connector_manufacturing.env diff --git a/connector_deployment/assets/env/provider_connector_qna.env b/connector-deployment/assets/env/provider_connector_qna.env similarity index 100% rename from connector_deployment/assets/env/provider_connector_qna.env rename to connector-deployment/assets/env/provider_connector_qna.env diff --git a/connector_deployment/assets/env/provider_identityhub.env b/connector-deployment/assets/env/provider_identityhub.env similarity index 100% rename from connector_deployment/assets/env/provider_identityhub.env rename to connector-deployment/assets/env/provider_identityhub.env diff --git a/connector_deployment/assets/issuer/did.docker.json b/connector-deployment/assets/issuer/did.docker.json similarity index 100% rename from connector_deployment/assets/issuer/did.docker.json rename to connector-deployment/assets/issuer/did.docker.json diff --git a/connector_deployment/assets/issuer/did.k8s.json b/connector-deployment/assets/issuer/did.k8s.json similarity index 100% rename from connector_deployment/assets/issuer/did.k8s.json rename to connector-deployment/assets/issuer/did.k8s.json diff --git a/connector_deployment/assets/issuer/nginx.conf b/connector-deployment/assets/issuer/nginx.conf similarity index 100% rename from connector_deployment/assets/issuer/nginx.conf rename to connector-deployment/assets/issuer/nginx.conf diff --git a/connector_deployment/assets/issuer_private.pem b/connector-deployment/assets/issuer_private.pem similarity index 100% rename from connector_deployment/assets/issuer_private.pem rename to connector-deployment/assets/issuer_private.pem diff --git a/connector_deployment/assets/issuer_public.pem b/connector-deployment/assets/issuer_public.pem similarity index 100% rename from connector_deployment/assets/issuer_public.pem rename to connector-deployment/assets/issuer_public.pem diff --git a/connector_deployment/assets/participants/participants.k8s.json b/connector-deployment/assets/participants/participants.k8s.json similarity index 100% rename from connector_deployment/assets/participants/participants.k8s.json rename to connector-deployment/assets/participants/participants.k8s.json diff --git a/connector_deployment/assets/participants/participants.local.json b/connector-deployment/assets/participants/participants.local.json similarity index 100% rename from connector_deployment/assets/participants/participants.local.json rename to connector-deployment/assets/participants/participants.local.json diff --git a/connector_deployment/assets/provider_private.pem b/connector-deployment/assets/provider_private.pem similarity index 100% rename from connector_deployment/assets/provider_private.pem rename to connector-deployment/assets/provider_private.pem diff --git a/connector_deployment/assets/provider_public.pem b/connector-deployment/assets/provider_public.pem similarity index 100% rename from connector_deployment/assets/provider_public.pem rename to connector-deployment/assets/provider_public.pem diff --git a/connector_deployment/connector.tf b/connector-deployment/connector.tf similarity index 100% rename from connector_deployment/connector.tf rename to connector-deployment/connector.tf diff --git a/connector_deployment/database.tf b/connector-deployment/database.tf similarity index 100% rename from connector_deployment/database.tf rename to connector-deployment/database.tf diff --git a/connector_deployment/kms.tf b/connector-deployment/kms.tf similarity index 100% rename from connector_deployment/kms.tf rename to connector-deployment/kms.tf diff --git a/connector_deployment/locals.tf b/connector-deployment/locals.tf similarity index 100% rename from connector_deployment/locals.tf rename to connector-deployment/locals.tf diff --git a/connector_deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf similarity index 100% rename from connector_deployment/modules/connector/controlplane.tf rename to connector-deployment/modules/connector/controlplane.tf diff --git a/connector_deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf similarity index 100% rename from connector_deployment/modules/connector/dataplane.tf rename to connector-deployment/modules/connector/dataplane.tf diff --git a/connector_deployment/modules/connector/ingress.tf b/connector-deployment/modules/connector/ingress.tf similarity index 100% rename from connector_deployment/modules/connector/ingress.tf rename to connector-deployment/modules/connector/ingress.tf diff --git a/connector_deployment/modules/connector/outputs.tf b/connector-deployment/modules/connector/outputs.tf similarity index 100% rename from connector_deployment/modules/connector/outputs.tf rename to connector-deployment/modules/connector/outputs.tf diff --git a/connector_deployment/modules/connector/services.tf b/connector-deployment/modules/connector/services.tf similarity index 100% rename from connector_deployment/modules/connector/services.tf rename to connector-deployment/modules/connector/services.tf diff --git a/connector_deployment/modules/connector/variables.tf b/connector-deployment/modules/connector/variables.tf similarity index 100% rename from connector_deployment/modules/connector/variables.tf rename to connector-deployment/modules/connector/variables.tf diff --git a/connector_deployment/modules/identity-hub/ingress.tf b/connector-deployment/modules/identity-hub/ingress.tf similarity index 100% rename from connector_deployment/modules/identity-hub/ingress.tf rename to connector-deployment/modules/identity-hub/ingress.tf diff --git a/connector_deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf similarity index 100% rename from connector_deployment/modules/identity-hub/main.tf rename to connector-deployment/modules/identity-hub/main.tf diff --git a/connector_deployment/modules/identity-hub/outputs.tf b/connector-deployment/modules/identity-hub/outputs.tf similarity index 100% rename from connector_deployment/modules/identity-hub/outputs.tf rename to connector-deployment/modules/identity-hub/outputs.tf diff --git a/connector_deployment/modules/identity-hub/services.tf b/connector-deployment/modules/identity-hub/services.tf similarity index 100% rename from connector_deployment/modules/identity-hub/services.tf rename to connector-deployment/modules/identity-hub/services.tf diff --git a/connector_deployment/modules/identity-hub/variables.tf b/connector-deployment/modules/identity-hub/variables.tf similarity index 100% rename from connector_deployment/modules/identity-hub/variables.tf rename to connector-deployment/modules/identity-hub/variables.tf diff --git a/connector_deployment/modules/kms/README.md b/connector-deployment/modules/kms/README.md similarity index 100% rename from connector_deployment/modules/kms/README.md rename to connector-deployment/modules/kms/README.md diff --git a/connector_deployment/modules/kms/input.tf b/connector-deployment/modules/kms/input.tf similarity index 80% rename from connector_deployment/modules/kms/input.tf rename to connector-deployment/modules/kms/input.tf index bb803a13a..da60355a3 100644 --- a/connector_deployment/modules/kms/input.tf +++ b/connector-deployment/modules/kms/input.tf @@ -19,13 +19,7 @@ variable "tags" { } # Config vars -variable "policy" { - type = string - description = "KMS policy" - default = "" -} variable "alias" { type = string description = "KMS alias" - default = "" } \ No newline at end of file diff --git a/connector-deployment/modules/kms/kms.tf b/connector-deployment/modules/kms/kms.tf new file mode 100644 index 000000000..8eb29e6dc --- /dev/null +++ b/connector-deployment/modules/kms/kms.tf @@ -0,0 +1,52 @@ +# Current AWS account +data "aws_caller_identity" "current" {} + +# Create and name kms key +resource "aws_kms_key" "master_key" { + deletion_window_in_days = 15 + enable_key_rotation = true +} + +resource "aws_kms_alias" "master_key_alias" { + name = "alias/${var.alias}" + target_key_id = aws_kms_key.master_key.key_id +} + +resource "aws_kms_key_policy" "master_key_policy" { + key_id = aws_kms_key.master_key.id + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + # Admin de la key (tu cuenta) + { + Sid = "AllowAccountAdmin" + Effect = "Allow" + Principal = { AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root" } + Action = "kms:*" + Resource = "*" + }, + # Permitir a S3 usar la key para este bucket (vía servicio s3 y en tu cuenta) + { + Sid = "AllowS3UseOfKey" + Effect = "Allow" + Principal = { Service = "s3.amazonaws.com" } + Action = [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:DescribeKey" + ] + Resource = "*" + Condition = { + StringEquals = { + "kms:CallerAccount" = data.aws_caller_identity.current.account_id + } + StringLike = { + "kms:ViaService" = "s3.eu-west-1.amazonaws.com" + } + } + } + ] + }) +} \ No newline at end of file diff --git a/connector_deployment/modules/kms/output.tf b/connector-deployment/modules/kms/output.tf similarity index 100% rename from connector_deployment/modules/kms/output.tf rename to connector-deployment/modules/kms/output.tf diff --git a/connector_deployment/modules/random_string_generator/README.md b/connector-deployment/modules/random_string_generator/README.md similarity index 100% rename from connector_deployment/modules/random_string_generator/README.md rename to connector-deployment/modules/random_string_generator/README.md diff --git a/connector_deployment/modules/random_string_generator/input.tf b/connector-deployment/modules/random_string_generator/input.tf similarity index 100% rename from connector_deployment/modules/random_string_generator/input.tf rename to connector-deployment/modules/random_string_generator/input.tf diff --git a/connector_deployment/modules/random_string_generator/output.tf b/connector-deployment/modules/random_string_generator/output.tf similarity index 100% rename from connector_deployment/modules/random_string_generator/output.tf rename to connector-deployment/modules/random_string_generator/output.tf diff --git a/connector_deployment/modules/random_string_generator/random_string_generator.tf b/connector-deployment/modules/random_string_generator/random_string_generator.tf similarity index 100% rename from connector_deployment/modules/random_string_generator/random_string_generator.tf rename to connector-deployment/modules/random_string_generator/random_string_generator.tf diff --git a/connector_deployment/modules/s3_bucket/README.md b/connector-deployment/modules/s3_bucket/README.md similarity index 100% rename from connector_deployment/modules/s3_bucket/README.md rename to connector-deployment/modules/s3_bucket/README.md diff --git a/connector_deployment/modules/s3_bucket/bucket.tf b/connector-deployment/modules/s3_bucket/bucket.tf similarity index 63% rename from connector_deployment/modules/s3_bucket/bucket.tf rename to connector-deployment/modules/s3_bucket/bucket.tf index 2aa5d89c9..c15e9d03b 100644 --- a/connector_deployment/modules/s3_bucket/bucket.tf +++ b/connector-deployment/modules/s3_bucket/bucket.tf @@ -17,6 +17,14 @@ resource "aws_s3_bucket_ownership_controls" "bucket_ownership" { } } +resource "aws_s3_bucket_public_access_block" "this" { + bucket = aws_s3_bucket.bucket.id + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + resource "aws_s3_bucket_acl" "bucket_acl" { depends_on = [aws_s3_bucket_ownership_controls.bucket_ownership] @@ -32,15 +40,16 @@ resource "aws_s3_bucket_versioning" "bucket_versioning" { } resource "aws_s3_bucket_server_side_encryption_configuration" "bucket_encryption" { - count = (var.encryption ? 1 : 0) bucket = aws_s3_bucket.bucket.id rule { - bucket_key_enabled = true - apply_server_side_encryption_by_default { - sse_algorithm = "AES256" + sse_algorithm = "aws:kms" + kms_master_key_id = var.kms } + + # Reduce llamadas a KMS y coste en muchos casos + bucket_key_enabled = true } } @@ -90,3 +99,37 @@ resource "aws_s3_bucket_cors_configuration" "cors_configuration" { expose_headers = var.cors.expose_headers } } + +# (Opcional) Forzar cifrado: deniega PUT si no viene SSE-KMS con TU key +# resource "aws_s3_bucket_policy" "enforce_kms" { +# bucket = aws_s3_bucket.bucket.id +# policy = jsonencode({ +# Version = "2012-10-17" +# Statement = [ +# { +# Sid = "DenyUnEncryptedObjectUploads" +# Effect = "Deny" +# Principal = "*" +# Action = "s3:PutObject" +# Resource = "${aws_s3_bucket.bucket.arn}/*" +# Condition = { +# StringNotEquals = { +# "s3:x-amz-server-side-encryption" = "aws:kms" +# } +# } +# }, +# { +# Sid = "DenyWrongKMSKey" +# Effect = "Deny" +# Principal = "*" +# Action = "s3:PutObject" +# Resource = "${aws_s3_bucket.bucket.arn}/*" +# Condition = { +# StringNotEquals = { +# "s3:x-amz-server-side-encryption-aws-kms-key-id" = var.kms +# } +# } +# } +# ] +# }) +# } diff --git a/connector_deployment/modules/s3_bucket/input.tf b/connector-deployment/modules/s3_bucket/input.tf similarity index 94% rename from connector_deployment/modules/s3_bucket/input.tf rename to connector-deployment/modules/s3_bucket/input.tf index 131807850..1d8884cf4 100644 --- a/connector_deployment/modules/s3_bucket/input.tf +++ b/connector-deployment/modules/s3_bucket/input.tf @@ -47,10 +47,9 @@ variable "versioning" { description = "Bucket Versioning" default = "Disabled" } -variable "encryption" { +variable "kms" { type = string - description = "Bucket Encryption" - default = true + description = "KMS for Encryption" } variable "cors" { type = object({ diff --git a/connector_deployment/modules/s3_bucket/output.tf b/connector-deployment/modules/s3_bucket/output.tf similarity index 100% rename from connector_deployment/modules/s3_bucket/output.tf rename to connector-deployment/modules/s3_bucket/output.tf diff --git a/connector_deployment/modules/vault/variables.tf b/connector-deployment/modules/vault/variables.tf similarity index 100% rename from connector_deployment/modules/vault/variables.tf rename to connector-deployment/modules/vault/variables.tf diff --git a/connector_deployment/modules/vault/vault-values.yaml b/connector-deployment/modules/vault/vault-values.yaml similarity index 100% rename from connector_deployment/modules/vault/vault-values.yaml rename to connector-deployment/modules/vault/vault-values.yaml diff --git a/connector_deployment/modules/vault/vault.tf b/connector-deployment/modules/vault/vault.tf similarity index 100% rename from connector_deployment/modules/vault/vault.tf rename to connector-deployment/modules/vault/vault.tf diff --git a/connector_deployment/outputs.tf b/connector-deployment/outputs.tf similarity index 100% rename from connector_deployment/outputs.tf rename to connector-deployment/outputs.tf diff --git a/connector_deployment/providers.tf b/connector-deployment/providers.tf similarity index 87% rename from connector_deployment/providers.tf rename to connector-deployment/providers.tf index a96ea4a3f..78d278a4c 100644 --- a/connector_deployment/providers.tf +++ b/connector-deployment/providers.tf @@ -36,6 +36,14 @@ terraform { version = "~> 1.26.0" } } + + backend "s3" { + region = "eu-west-1" + bucket = "aie-kordat-dev-terraform-remote-state" + key = "infra/kordat//terraform.tfstate" + profile = "kordat-dev" + } + required_version = ">= 1.13.0" } diff --git a/connector_deployment/s3.tf b/connector-deployment/s3.tf similarity index 86% rename from connector_deployment/s3.tf rename to connector-deployment/s3.tf index 06c97fb45..7e06a4254 100644 --- a/connector_deployment/s3.tf +++ b/connector-deployment/s3.tf @@ -5,4 +5,5 @@ module "remote_state_s3" { application = "assets" bucket_name = "${var.participant}-assets-bucket" versioning = "Enabled" + kms = module.kms.key_arn } \ No newline at end of file diff --git a/connector_deployment/variables.tf b/connector-deployment/variables.tf similarity index 100% rename from connector_deployment/variables.tf rename to connector-deployment/variables.tf diff --git a/connector_deployment/modules/kms/kms.tf b/connector_deployment/modules/kms/kms.tf deleted file mode 100644 index 573fdb721..000000000 --- a/connector_deployment/modules/kms/kms.tf +++ /dev/null @@ -1,22 +0,0 @@ -# Create and name kms key -resource "aws_kms_key" "master_key" { - deletion_window_in_days = 15 - - tags = merge(var.tags, { - Name = var.alias - Entorno = title(var.environment) - Rol = var.role - Proyecto = length(var.project) == 3 ? upper(var.project) : title(var.project) - }) -} - -resource "aws_kms_alias" "master_key_alias" { - name = "alias/${var.alias}" - target_key_id = aws_kms_key.master_key.key_id -} - -resource "aws_kms_key_policy" "master_key_policy" { - count = length(var.policy) != 0 ? 1 : 0 - key_id = aws_kms_key.master_key.id - policy = var.policy -} \ No newline at end of file From fe3761542245e2416bb7f86cda61b2558dc2c013 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 20:23:56 +0100 Subject: [PATCH 05/72] Add terraform vars --- connector-deployment/terraform.tfvars | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 connector-deployment/terraform.tfvars diff --git a/connector-deployment/terraform.tfvars b/connector-deployment/terraform.tfvars new file mode 100644 index 000000000..749226524 --- /dev/null +++ b/connector-deployment/terraform.tfvars @@ -0,0 +1,2 @@ +participant = +environment = \ No newline at end of file From daf0b3f50786ce8680a029b258222acf5746b01b Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 20:32:28 +0100 Subject: [PATCH 06/72] Update connector code --- connector-deployment/database.tf | 20 ++++--- .../modules/random_string_generator/README.md | 54 ------------------- .../modules/random_string_generator/input.tf | 16 ------ .../modules/random_string_generator/output.tf | 4 -- .../random_string_generator.tf | 5 -- 5 files changed, 14 insertions(+), 85 deletions(-) delete mode 100644 connector-deployment/modules/random_string_generator/README.md delete mode 100644 connector-deployment/modules/random_string_generator/input.tf delete mode 100644 connector-deployment/modules/random_string_generator/output.tf delete mode 100644 connector-deployment/modules/random_string_generator/random_string_generator.tf diff --git a/connector-deployment/database.tf b/connector-deployment/database.tf index ef989439f..8ee319c1d 100644 --- a/connector-deployment/database.tf +++ b/connector-deployment/database.tf @@ -1,5 +1,6 @@ -module "participant_password" { - source = "../random_string_generator" +resource "random_password" "participant_password" { + length = 16 + special = true override_special = "!#$%&()-_=+[]{}<>?" } @@ -17,7 +18,7 @@ provider "postgresql" { resource "postgresql_role" "participant_user" { name = var.participant login = true - password = module.participant_password.random_value + password = random_password.participant_password.result } resource "postgresql_database" "participant_database" { @@ -29,10 +30,17 @@ resource "postgresql_database" "participant_database" { allow_connections = true } -resource "postgresql_grant" "participant_privs" { +resource "postgresql_grant" "db_privs" { database = postgresql_database.participant_database.name role = postgresql_role.participant_user.name - schema = "public" object_type = "database" - privileges = ["ALL"] + privileges = ["CONNECT", "CREATE", "TEMPORARY"] +} + +resource "postgresql_grant" "schema_privs" { + database = postgresql_database.participant_database.name + role = postgresql_role.participant_user.name + schema = "public" + object_type = "schema" + privileges = ["CREATE", "USAGE"] } diff --git a/connector-deployment/modules/random_string_generator/README.md b/connector-deployment/modules/random_string_generator/README.md deleted file mode 100644 index ffcd2d8f2..000000000 --- a/connector-deployment/modules/random_string_generator/README.md +++ /dev/null @@ -1,54 +0,0 @@ -# Random Strin Generator Module - -This module generates a random string. - -## How to use -Include this code in your `main.tf`: - -``` -module "string" { - source = "./modules/random_string_generator" - length = "16" - spacial = true - override_special = "!#$%&*()-_=+[]{}<>:?" -} -``` - -## Requirements - -## Outputs - -## Requirements - -No requirements. - -## Providers - -| Name | Version | -|------|---------| -| [random](#provider\_random) | n/a | - -## Modules - -No modules. - -## Resources - -| Name | Type | -|------|------| -| [random_password.random_string_generator](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password) | resource | - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|------|---------|:--------:| -| [length](#input\_length) | Length of the random string | `string` | `"16"` | no | -| [override\_special](#input\_override\_special) | n/a | `string` | `"!#$%&*()-_=+[]{}<>:?"` | no | -| [special](#input\_special) | n/a | `bool` | `true` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| [random\_value](#output\_random\_value) | n/a | - diff --git a/connector-deployment/modules/random_string_generator/input.tf b/connector-deployment/modules/random_string_generator/input.tf deleted file mode 100644 index d0d05dfdb..000000000 --- a/connector-deployment/modules/random_string_generator/input.tf +++ /dev/null @@ -1,16 +0,0 @@ -# Secret config -variable "length" { - type = string - description = "Length of the random string" - default = "16" -} -variable "special" { - type = bool - description = "" - default = true -} -variable "override_special" { - type = string - description = "" - default = "!#$%&*()-_=+[]{}<>:?" -} \ No newline at end of file diff --git a/connector-deployment/modules/random_string_generator/output.tf b/connector-deployment/modules/random_string_generator/output.tf deleted file mode 100644 index 1b65301dc..000000000 --- a/connector-deployment/modules/random_string_generator/output.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "random_value" { - value = random_password.random_string_generator.result - sensitive = true -} \ No newline at end of file diff --git a/connector-deployment/modules/random_string_generator/random_string_generator.tf b/connector-deployment/modules/random_string_generator/random_string_generator.tf deleted file mode 100644 index 745c557ea..000000000 --- a/connector-deployment/modules/random_string_generator/random_string_generator.tf +++ /dev/null @@ -1,5 +0,0 @@ -resource "random_password" "random_string_generator" { - length = var.length - special = var.special - override_special = var.override_special -} From c35e3827d68d687989fc452273edf5e1a973452a Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 20:33:48 +0100 Subject: [PATCH 07/72] Fix connector code provider --- connector-deployment/providers.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/connector-deployment/providers.tf b/connector-deployment/providers.tf index 78d278a4c..8c8e07277 100644 --- a/connector-deployment/providers.tf +++ b/connector-deployment/providers.tf @@ -41,7 +41,6 @@ terraform { region = "eu-west-1" bucket = "aie-kordat-dev-terraform-remote-state" key = "infra/kordat//terraform.tfstate" - profile = "kordat-dev" } required_version = ">= 1.13.0" From 7eaa13099d5062b51c053d752cb7de68cd275d19 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 20:41:37 +0100 Subject: [PATCH 08/72] Fix connector code error --- connector-deployment/terraform.tfvars | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connector-deployment/terraform.tfvars b/connector-deployment/terraform.tfvars index 749226524..31203d2a1 100644 --- a/connector-deployment/terraform.tfvars +++ b/connector-deployment/terraform.tfvars @@ -1,2 +1,2 @@ -participant = -environment = \ No newline at end of file +participant = "" +environment = "" \ No newline at end of file From a72c22b29b6fc83800a4fc543931ab10a210a64e Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 20:52:37 +0100 Subject: [PATCH 09/72] Add connector var --- connector-deployment/terraform.tfvars | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/connector-deployment/terraform.tfvars b/connector-deployment/terraform.tfvars index 31203d2a1..c9c8f7372 100644 --- a/connector-deployment/terraform.tfvars +++ b/connector-deployment/terraform.tfvars @@ -1,2 +1,3 @@ participant = "" -environment = "" \ No newline at end of file +environment = "" +postgres_admin_password = "" \ No newline at end of file From de250a522f912db34a36b86962c291e743161537 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 21:09:01 +0100 Subject: [PATCH 10/72] fix error coonector code --- connector-deployment/connector.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index 3018ec8f9..b63036d81 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -15,7 +15,7 @@ # i.e. the connector, an identityhub and a vault. # -resource "kubernetes_namespace" "ns_participant" { +resource "kubernetes_namespace_v1" "ns_participant" { metadata { name = var.participant } @@ -28,7 +28,7 @@ module "participant-connector" { participantId = local.participant-did database = { user = var.participant - password = module.participant_password.random_value + password = random_password.participant_password.result url = local.database_url } vault-url = local.vault_url @@ -39,7 +39,7 @@ module "participant-connector" { # consumer identity hub module "participant-identityhub" { - depends_on = [module.consumer-vault] + depends_on = [module.participant-vault] source = "./modules/identity-hub" credentials-dir = dirname("./assets/credentials/k8s/consumer/") # To~Do humanReadableName = "${var.participant}-identityhub" @@ -48,7 +48,7 @@ module "participant-identityhub" { service-name = var.participant database = { user = var.participant - password = module.participant_password.random_value + password = random_password.participant_password.result url = local.database_url } namespace = kubernetes_namespace.ns_participant.metadata.0.name From 915a18373ee9973548cf1cf674a18f2e0cb49150 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 21:12:08 +0100 Subject: [PATCH 11/72] fix connector code error --- connector-deployment/connector.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index b63036d81..d0b620670 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -32,7 +32,7 @@ module "participant-connector" { url = local.database_url } vault-url = local.vault_url - namespace = kubernetes_namespace.ns_participant.metadata.0.name + namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name sts-token-url = "${module.participant-identityhub.sts-token-url}/token" useSVE = var.useSVE } @@ -51,7 +51,7 @@ module "participant-identityhub" { password = random_password.participant_password.result url = local.database_url } - namespace = kubernetes_namespace.ns_participant.metadata.0.name + namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name useSVE = var.useSVE } @@ -59,5 +59,5 @@ module "participant-identityhub" { module "participant-vault" { source = "./modules/vault" humanReadableName = "${var.participant}-vault" - namespace = kubernetes_namespace.ns_participant.metadata.0.name + namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name } From 90db81fb5bda5c20cd7476cbd449cbaad0e8d5bb Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 18 Dec 2025 21:14:28 +0100 Subject: [PATCH 12/72] Update connector provider config --- connector-deployment/providers.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/providers.tf b/connector-deployment/providers.tf index 8c8e07277..8312f1148 100644 --- a/connector-deployment/providers.tf +++ b/connector-deployment/providers.tf @@ -40,7 +40,7 @@ terraform { backend "s3" { region = "eu-west-1" bucket = "aie-kordat-dev-terraform-remote-state" - key = "infra/kordat//terraform.tfstate" + key = "infra/kordat//terraform.tfstate" } required_version = ">= 1.13.0" From 7f54ae3ee14eab5bcb3ef19bf360d5778bf6b5ac Mon Sep 17 00:00:00 2001 From: Marc Pesquera Date: Tue, 23 Dec 2025 12:10:40 +0100 Subject: [PATCH 13/72] =?UTF-8?q?Introducci=C3=B3n=20de=20policy=20Assigne?= =?UTF-8?q?dParticipant?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...AssignedParticipantConstraintFunction.java | 211 ++++++++++++++++++ .../dcp/policy/PolicyEvaluationExtension.java | 8 + 2 files changed, 219 insertions(+) create mode 100644 extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AssignedParticipantConstraintFunction.java diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AssignedParticipantConstraintFunction.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AssignedParticipantConstraintFunction.java new file mode 100644 index 000000000..308c52571 --- /dev/null +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/AssignedParticipantConstraintFunction.java @@ -0,0 +1,211 @@ +/* + * Copyright (c) 2025 MinimumViableDataspace Contributors + * + * This program and the accompanying materials are made available under the + * terms of the Apache License, Version 2.0 which is available at + * https://www.apache.org/licenses/LICENSE-2.0 + * + * SPDX-License-Identifier: Apache-2.0 + * + * Contributors: + * MinimumViableDataspace Contributors - initial API and implementation + * + */ + +package org.eclipse.edc.demo.dcp.policy; + +import org.eclipse.edc.participant.spi.ParticipantAgentPolicyContext; +import org.eclipse.edc.policy.engine.spi.AtomicConstraintRuleFunction; +import org.eclipse.edc.policy.model.Operator; +import org.eclipse.edc.policy.model.Permission; + +import java.util.Arrays; +import java.util.List; +import java.util.Objects; +import java.util.stream.Collectors; + +/** + * Constraint function que valida que el participante que intenta acceder + * sea el participante asignado en la política. + * + * Esta función permite crear políticas donde solo ciertos participantes + * específicos pueden ver y negociar contratos para un asset. + * + * Ejemplo de uso en política con un solo participante asignado: + * + * { + * "leftOperand": "AssignedParticipant", + * "operator": "eq", + * "rightOperand": "did:web:consumer-identityhub%3A7083:consumer" + * } + * + * + * Ejemplo con múltiples participantes asignados: + * + * { + * "leftOperand": "AssignedParticipant", + * "operator": "isAnyOf", + * "rightOperand": "did:web:consumer1-identityhub%3A7083:consumer1,did:web:consumer2-identityhub%3A7083:consumer2" + * } + * + * + * Ejemplo de blacklist (todos excepto estos): + * + * { + * "leftOperand": "AssignedParticipant", + * "operator": "isNoneOf", + * "rightOperand": "ddid:web:consumer-identityhub%3A7083:consumer" + * } + * + */ + +public class AssignedParticipantConstraintFunction + implements AtomicConstraintRuleFunction { + + public static final String ASSIGNED_PARTICIPANT_KEY = "AssignedParticipant"; + + private AssignedParticipantConstraintFunction() { + } + + public static AssignedParticipantConstraintFunction create() { + return new AssignedParticipantConstraintFunction<>(); + } + + /** + * Evalúa si el participante actual está asignado a esta política. + * + * @param operator El operador de comparación (soporta: eq, isAnyOf, isNoneOf) + * @param rightOperand El DID del participante asignado o lista separada por comas + * @param permission El permiso que se está evaluando + * @param context El contexto de la política con información del participante + * @return true si el participante está autorizado según la asignación, false en caso contrario + */ + + @Override + public boolean evaluate(Operator operator, Object rightOperand, Permission permission, C context) { + // Valida que el operador sea soportado + if (!isSupportedOperator(operator)) { + context.reportProblem("Unsupported operator '%s' for AssignedParticipant. Supported: eq, isAnyOf, isNoneOf".formatted(operator)); + return false; + } + + // Obtener participante del contexto + var participantAgent = context.participantAgent(); + if (participantAgent == null) { + context.reportProblem("No ParticipantAgent found in policy context"); + return false; + } + + // Obtener la identidad del participante (su DID) + var participantId = participantAgent.getIdentity(); + if (participantId == null || participantId.isBlank()) { + context.reportProblem("ParticipantAgent does not have an identity (DID)"); + return false; + } + + // Parsear los participantes asignados del rightOperand + var assignedParticipants = parseRightOperand(rightOperand); + if (assignedParticipants.isEmpty()) { + context.reportProblem("No assigned participants found in rightOperand"); + return false; + } + + // Evaluar según el operador + return switch (operator) { + case EQ -> evaluateEquals(participantId, assignedParticipants, context); + case IS_ANY_OF -> evaluateIsAnyOf(participantId, assignedParticipants, context); + case IS_NONE_OF -> evaluateIsNoneOf(participantId, assignedParticipants, context); + default -> { + context.reportProblem("Unsupported operator: %s".formatted(operator)); + yield false; + } + }; + } + + /** + * Evalúa IS_NONE_OF: el participante NO debe estar en la lista de bloqueados. + * Permite a todos los participantes EXCEPTO los que están en la lista. + * El participante actual NO debe coincidir con ninguno de los DIDs en la lista. + */ + private boolean evaluateIsNoneOf(String participantId, List blockedParticipants, C context) { + boolean matches = blockedParticipants.stream() + .noneMatch(blocked -> Objects.equals(participantId, blocked)); + + if (!matches) { + context.reportProblem( + "Participant '%s' is in the blocked participants list: %s" + .formatted(participantId, blockedParticipants) + ); + } + return matches; + } + + /** + * Evalúa IS_ANY_OF: el participante debe estar en la lista de asignados. + * Permite múltiples participantes asignados. El participante actual debe + * coincidir con al menos uno de los DIDs en la lista. + */ + private boolean evaluateIsAnyOf(String participantId, List assignedParticipants, C context) { + boolean matches = assignedParticipants.stream() + .anyMatch(assigned -> Objects.equals(participantId, assigned) + ); + + if (!matches) { + context.reportProblem( + "Participant '%s' is not in the list of assigned participants: %s" + .formatted(participantId, assignedParticipants) + ); + } + return matches; + } + + /** + * Evalúa EQ: el participante debe ser exactamente el asignado. + * Este operador espera un único participante en el rightOperand. + */ + private boolean evaluateEquals(String participantId, List assignedParticipants, C context) { + // Para eq, solo debería haber un participante asignado + if (assignedParticipants.size() > 1) { + context.reportProblem("Operator 'eq' expects a single assigned participant, but got %d. Use 'isAnyOf' for multiple participants."); + return false; + } + + String assignedParticipant = assignedParticipants.get(0); + boolean matches = Objects.equals(participantId, assignedParticipant); + + if (!matches) { + context.reportProblem("Participant '%s' is not the assigned participant. Expected: '%s'".formatted(participantId, assignedParticipant) + ); + } + + return matches; + + } + + /** + * Parsea el rightOperand a una lista de DIDs de participantes asignados. + * Acepta formatos: + * - Un solo DID: "did:web:localhost%3A7083" + * - Múltiples DIDs separados por coma: "did:web:consumer1,did:web:consumer2" + */ + private List parseRightOperand(Object rightOperand) { + if (rightOperand == null) { + return List.of(); + } + + String rightOpStr = rightOperand.toString(); + return Arrays.stream(rightOpStr.split(",")) + .map(String::trim) + .filter(s -> !s.isEmpty()) + .collect(Collectors.toList()); + } + + /** + * Verifica si el operador es soportado por esta función. + */ + private boolean isSupportedOperator(Operator operator) { + return operator == Operator.EQ || + operator == Operator.IS_ANY_OF || + operator == Operator.IS_NONE_OF; + } +} diff --git a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java index 01b761a17..746076eea 100644 --- a/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java +++ b/extensions/dcp-impl/src/main/java/org/eclipse/edc/demo/dcp/policy/PolicyEvaluationExtension.java @@ -27,6 +27,7 @@ import org.eclipse.edc.spi.system.ServiceExtension; import org.eclipse.edc.spi.system.ServiceExtensionContext; +import static org.eclipse.edc.demo.dcp.policy.AssignedParticipantConstraintFunction.ASSIGNED_PARTICIPANT_KEY; import static org.eclipse.edc.demo.dcp.policy.MembershipCredentialEvaluationFunction.MEMBERSHIP_CONSTRAINT_KEY; import static org.eclipse.edc.policy.model.OdrlNamespace.ODRL_SCHEMA; @@ -46,6 +47,7 @@ public void initialize(ServiceExtensionContext context) { bindPermissionFunction(MembershipCredentialEvaluationFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, MEMBERSHIP_CONSTRAINT_KEY); registerDataAccessLevelFunction(); + registerAssignedParticipantFunction(); } @@ -72,4 +74,10 @@ private void bindDutyFunction(AtomicConstraintRuleFunc policyEngine.registerFunction(contextClass, Duty.class, constraintType, function); } + + private void registerAssignedParticipantFunction() { + bindPermissionFunction(AssignedParticipantConstraintFunction.create(), CatalogPolicyContext.class, CatalogPolicyContext.CATALOG_SCOPE, ASSIGNED_PARTICIPANT_KEY); + bindPermissionFunction(AssignedParticipantConstraintFunction.create(), ContractNegotiationPolicyContext.class, ContractNegotiationPolicyContext.NEGOTIATION_SCOPE, ASSIGNED_PARTICIPANT_KEY); + bindPermissionFunction(AssignedParticipantConstraintFunction.create(), TransferProcessPolicyContext.class, TransferProcessPolicyContext.TRANSFER_SCOPE, ASSIGNED_PARTICIPANT_KEY); + } } From 66153d1b91e073c0169d9a27104c7a6dc1390fdb Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 10:01:12 +0100 Subject: [PATCH 14/72] Deploy pipeline to build connector images --- buildspec.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 buildspec.yml diff --git a/buildspec.yml b/buildspec.yml new file mode 100644 index 000000000..a1fe78724 --- /dev/null +++ b/buildspec.yml @@ -0,0 +1,34 @@ +version: 0.2 + +phases: + pre_build: + commands: + - AWS_REGION="eu-west-1" + - echo "Conectando con ECR..." + - ECR_IMAGE_CATALOG_SERVER=${REPOSITORY_URI}/kordat-$ENV-catalog-server:latest + - ECR_IMAGE_CONTROLPLANE=${REPOSITORY_URI}/kordat-$ENV-controlplane:latest + - ECR_IMAGE_DATAPLANE=${REPOSITORY_URI}/kordat-$ENV-dataplane:latest + - ECR_IMAGE_IDENTITY_HUB=${REPOSITORY_URI}/kordat-$ENV-identity-hub:latest + - ECR_IMAGE_ISSUERSERVICE=${REPOSITORY_URI}/kordat-$ENV-issuerservice:latest + - ECR_IMAGE_VAULT=${REPOSITORY_URI}/kordat-$ENV-vault:latest + - aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $REPOSITORY_URI + - gradle --version || echo "Gradle no está instalado" + build: + commands: + - ./gradlew build + - ./gradlew -Ppersistence=true dockerize + - docker images + post_build: + commands: + - echo "Tagging images..." + - docker tag controlplane:latest ECR_IMAGE_CONTROLPLANE + - docker tag dataplane:latest ECR_IMAGE_DATAPLANE + - docker tag controlplane:latest ECR_IMAGE_IDENTITY_HUB + - docker tag catalog-server:latest ECR_IMAGE_CATALOG_SERVER + - docker tag vault:latest ECR_IMAGE_VAULT + - echo "Pushing images..." + - docker push ECR_IMAGE_CONTROLPLANE + - docker push ECR_IMAGE_DATAPLANE + - docker push ECR_IMAGE_IDENTITY_HUB + - docker push ECR_IMAGE_CATALOG_SERVER + - docker push ECR_IMAGE_VAULT From b0a874668bc8cec35b94959c85a92f39550a57c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Tue, 27 Jan 2026 11:55:56 +0100 Subject: [PATCH 15/72] Bugfix: Missing wrong directory --- .../assets/consumer_private.pem | 0 .../assets/consumer_public.pem | 0 .../consumer/dataprocessor-credential.json | 2 +- .../k8s/consumer/dataprocessor_vc.json | 0 .../k8s/consumer/membership-credential.json | 2 +- .../k8s/consumer/membership_vc.json | 0 .../provider/dataprocessor-credential.json | 2 +- .../k8s/provider/dataprocessor_vc.json | 0 .../k8s/provider/membership-credential.json | 2 +- .../k8s/provider/membership_vc.json | 0 .../consumer/dataprocessor-credential.json | 2 +- .../local/consumer/membership-credential.json | 2 +- .../consumer/unsigned/dataprocessor_vc.json | 0 .../consumer/unsigned/membership_vc.json | 0 .../provider/dataprocessor-credential.json | 2 +- .../local/provider/membership-credential.json | 2 +- .../provider/unsigned/dataprocessor_vc.json | 0 .../provider/unsigned/membership_vc.json | 0 .../assets/env/consumer_connector.env | 0 .../assets/env/consumer_identityhub.env | 0 .../assets/env/issuerservice.env | 0 .../assets/env/provider_catalogserver.env | 0 .../env/provider_connector_manufacturing.env | 0 .../assets/env/provider_connector_qna.env | 0 .../assets/env/provider_identityhub.env | 0 deployment/assets/issuer/did.docker.json | 1 + deployment/assets/issuer/did.k8s.json | 1 + .../assets/issuer/nginx.conf | 0 .../assets/issuer_private.pem | 0 .../assets/issuer_public.pem | 0 .../assets/participants/participants.k8s.json | 0 .../participants/participants.local.json | 0 .../assets/provider_private.pem | 0 .../assets/provider_public.pem | 0 {mvd-deployment => deployment}/consumer.tf | 0 {mvd-deployment => deployment}/issuer.tf | 0 .../issuer_nginx.tf | 0 .../modules/catalog-server/catalog-server.tf | 0 .../modules/catalog-server/ingress.tf | 0 .../modules/catalog-server/outputs.tf | 0 .../modules/catalog-server/services.tf | 0 .../modules/catalog-server/variables.tf | 0 .../modules/connector/controlplane.tf | 0 .../modules/connector/dataplane.tf | 0 .../modules/connector/ingress.tf | 0 .../modules/connector/outputs.tf | 0 .../modules/connector/services.tf | 0 .../modules/connector/variables.tf | 0 .../modules/identity-hub/ingress.tf | 0 .../modules/identity-hub/main.tf | 0 .../modules/identity-hub/outputs.tf | 0 .../modules/identity-hub/services.tf | 0 .../modules/identity-hub/variables.tf | 0 .../modules/issuer/ingress.tf | 0 .../modules/issuer/main.tf | 0 .../modules/issuer/services.tf | 0 .../modules/issuer/variables.tf | 0 .../modules/postgres/main.tf | 0 .../modules/postgres/outputs.tf | 0 .../modules/postgres/variables.tf | 0 .../modules/vault/variables.tf | 0 .../modules/vault/vault-values.yaml | 0 .../modules/vault/vault.tf | 0 {mvd-deployment => deployment}/namespace.tf | 0 {mvd-deployment => deployment}/outputs.tf | 0 .../postman/MVD K8S.postman_environment.json | 0 ...Local Development.postman_environment.json | 0 .../postman/MVD.postman_collection.json | 0 .../postman/http-client.env.json | 0 {mvd-deployment => deployment}/provider.tf | 0 {mvd-deployment => deployment}/providers.tf | 0 {mvd-deployment => deployment}/variables.tf | 0 gradle/libs.versions.toml | 6 +++++ launchers/controlplane/build.gradle.kts | 4 +++ launchers/dataplane/build.gradle.kts | 5 +++- mvd-deployment/assets/issuer/did.docker.json | 26 ------------------- mvd-deployment/assets/issuer/did.k8s.json | 26 ------------------- 77 files changed, 24 insertions(+), 61 deletions(-) rename {mvd-deployment => deployment}/assets/consumer_private.pem (100%) rename {mvd-deployment => deployment}/assets/consumer_public.pem (100%) rename {mvd-deployment => deployment}/assets/credentials/k8s/consumer/dataprocessor-credential.json (93%) rename {mvd-deployment => deployment}/assets/credentials/k8s/consumer/dataprocessor_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/k8s/consumer/membership-credential.json (93%) rename {mvd-deployment => deployment}/assets/credentials/k8s/consumer/membership_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/k8s/provider/dataprocessor-credential.json (93%) rename {mvd-deployment => deployment}/assets/credentials/k8s/provider/dataprocessor_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/k8s/provider/membership-credential.json (94%) rename {mvd-deployment => deployment}/assets/credentials/k8s/provider/membership_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/local/consumer/dataprocessor-credential.json (94%) rename {mvd-deployment => deployment}/assets/credentials/local/consumer/membership-credential.json (94%) rename {mvd-deployment => deployment}/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/local/consumer/unsigned/membership_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/local/provider/dataprocessor-credential.json (94%) rename {mvd-deployment => deployment}/assets/credentials/local/provider/membership-credential.json (94%) rename {mvd-deployment => deployment}/assets/credentials/local/provider/unsigned/dataprocessor_vc.json (100%) rename {mvd-deployment => deployment}/assets/credentials/local/provider/unsigned/membership_vc.json (100%) rename {mvd-deployment => deployment}/assets/env/consumer_connector.env (100%) rename {mvd-deployment => deployment}/assets/env/consumer_identityhub.env (100%) rename {mvd-deployment => deployment}/assets/env/issuerservice.env (100%) rename {mvd-deployment => deployment}/assets/env/provider_catalogserver.env (100%) rename {mvd-deployment => deployment}/assets/env/provider_connector_manufacturing.env (100%) rename {mvd-deployment => deployment}/assets/env/provider_connector_qna.env (100%) rename {mvd-deployment => deployment}/assets/env/provider_identityhub.env (100%) create mode 100644 deployment/assets/issuer/did.docker.json create mode 100644 deployment/assets/issuer/did.k8s.json rename {mvd-deployment => deployment}/assets/issuer/nginx.conf (100%) rename {mvd-deployment => deployment}/assets/issuer_private.pem (100%) rename {mvd-deployment => deployment}/assets/issuer_public.pem (100%) rename {mvd-deployment => deployment}/assets/participants/participants.k8s.json (100%) rename {mvd-deployment => deployment}/assets/participants/participants.local.json (100%) rename {mvd-deployment => deployment}/assets/provider_private.pem (100%) rename {mvd-deployment => deployment}/assets/provider_public.pem (100%) rename {mvd-deployment => deployment}/consumer.tf (100%) rename {mvd-deployment => deployment}/issuer.tf (100%) rename {mvd-deployment => deployment}/issuer_nginx.tf (100%) rename {mvd-deployment => deployment}/modules/catalog-server/catalog-server.tf (100%) rename {mvd-deployment => deployment}/modules/catalog-server/ingress.tf (100%) rename {mvd-deployment => deployment}/modules/catalog-server/outputs.tf (100%) rename {mvd-deployment => deployment}/modules/catalog-server/services.tf (100%) rename {mvd-deployment => deployment}/modules/catalog-server/variables.tf (100%) rename {mvd-deployment => deployment}/modules/connector/controlplane.tf (100%) rename {mvd-deployment => deployment}/modules/connector/dataplane.tf (100%) rename {mvd-deployment => deployment}/modules/connector/ingress.tf (100%) rename {mvd-deployment => deployment}/modules/connector/outputs.tf (100%) rename {mvd-deployment => deployment}/modules/connector/services.tf (100%) rename {mvd-deployment => deployment}/modules/connector/variables.tf (100%) rename {mvd-deployment => deployment}/modules/identity-hub/ingress.tf (100%) rename {mvd-deployment => deployment}/modules/identity-hub/main.tf (100%) rename {mvd-deployment => deployment}/modules/identity-hub/outputs.tf (100%) rename {mvd-deployment => deployment}/modules/identity-hub/services.tf (100%) rename {mvd-deployment => deployment}/modules/identity-hub/variables.tf (100%) rename {mvd-deployment => deployment}/modules/issuer/ingress.tf (100%) rename {mvd-deployment => deployment}/modules/issuer/main.tf (100%) rename {mvd-deployment => deployment}/modules/issuer/services.tf (100%) rename {mvd-deployment => deployment}/modules/issuer/variables.tf (100%) rename {mvd-deployment => deployment}/modules/postgres/main.tf (100%) rename {mvd-deployment => deployment}/modules/postgres/outputs.tf (100%) rename {mvd-deployment => deployment}/modules/postgres/variables.tf (100%) rename {mvd-deployment => deployment}/modules/vault/variables.tf (100%) rename {mvd-deployment => deployment}/modules/vault/vault-values.yaml (100%) rename {mvd-deployment => deployment}/modules/vault/vault.tf (100%) rename {mvd-deployment => deployment}/namespace.tf (100%) rename {mvd-deployment => deployment}/outputs.tf (100%) rename {mvd-deployment => deployment}/postman/MVD K8S.postman_environment.json (100%) rename {mvd-deployment => deployment}/postman/MVD Local Development.postman_environment.json (100%) rename {mvd-deployment => deployment}/postman/MVD.postman_collection.json (100%) rename {mvd-deployment => deployment}/postman/http-client.env.json (100%) rename {mvd-deployment => deployment}/provider.tf (100%) rename {mvd-deployment => deployment}/providers.tf (100%) rename {mvd-deployment => deployment}/variables.tf (100%) delete mode 100644 mvd-deployment/assets/issuer/did.docker.json delete mode 100644 mvd-deployment/assets/issuer/did.k8s.json diff --git a/mvd-deployment/assets/consumer_private.pem b/deployment/assets/consumer_private.pem similarity index 100% rename from mvd-deployment/assets/consumer_private.pem rename to deployment/assets/consumer_private.pem diff --git a/mvd-deployment/assets/consumer_public.pem b/deployment/assets/consumer_public.pem similarity index 100% rename from mvd-deployment/assets/consumer_public.pem rename to deployment/assets/consumer_public.pem diff --git a/mvd-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json similarity index 93% rename from mvd-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json rename to deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json index f7c8f50dc..496b00182 100644 --- a/mvd-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json +++ b/deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "VC1_0_JWT", - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6Y29uc3VtZXIiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzQ4ODQ0OTE5fQ.Asd_5HEu-UaV3bSZ3DlkIlI5yiAik18JcAtKwK6HVx3MAW5uR907lEJfgdO29eHfTR9_qiHG5OitXYCpL_sxBQ", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpjb25zdW1lci1pZGVudGl0eWh1YiUzQTcwODM6Y29uc3VtZXIiLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCIsImxldmVsIjoicHJvY2Vzc2luZyJ9fSwiaWF0IjoxNzY5NTExMDc4fQ.WNMOSZVwMf3TDETcIXEsREZceVxEmNyTW6Mq2onQWiQRAS7uvGb-X7ZLwtpWtsxzVhjqdx2-0vJM77Rpu0xDAA", "credential": { "credentialSubject": [ { diff --git a/mvd-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json b/deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json rename to deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json diff --git a/mvd-deployment/assets/credentials/k8s/consumer/membership-credential.json b/deployment/assets/credentials/k8s/consumer/membership-credential.json similarity index 93% rename from mvd-deployment/assets/credentials/k8s/consumer/membership-credential.json rename to deployment/assets/credentials/k8s/consumer/membership-credential.json index c8d45368d..fa69143a9 100644 --- a/mvd-deployment/assets/credentials/k8s/consumer/membership-credential.json +++ b/deployment/assets/credentials/k8s/consumer/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJmaXp6LmJ1enpAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc0ODg0NDkxOX0.xcb9qKJ_BGGj_KvSM9lZIdJW01FSdDjALXxhmH8CehkOPy2nXGnWKIbjHJZmW60NtU7kqRC23THU7OWFs28EDw", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpkYXRhc3BhY2UtaXNzdWVyIiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmNvbnN1bWVyIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IkZ1bGxNZW1iZXIiLCJ3ZWJzaXRlIjoid3d3LndoYXRldmVyLmNvbSIsImNvbnRhY3QiOiJmaXp6LmJ1enpAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc2OTUxMTA3OH0.C13JgUg8c2PRdTdqThmmTG40FTrGQ5zp2MIdlgarboKBq4jZ7rZVX6Xg1_XMK50NRcnU0kIGL1xk1KQpan-QDA", "format": "VC1_0_JWT", "credential": { "credentialSubject": [ diff --git a/mvd-deployment/assets/credentials/k8s/consumer/membership_vc.json b/deployment/assets/credentials/k8s/consumer/membership_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/k8s/consumer/membership_vc.json rename to deployment/assets/credentials/k8s/consumer/membership_vc.json diff --git a/mvd-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json similarity index 93% rename from mvd-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json rename to deployment/assets/credentials/k8s/provider/dataprocessor-credential.json index 7ed5bee2c..581ac0d93 100644 --- a/mvd-deployment/assets/credentials/k8s/provider/dataprocessor-credential.json +++ b/deployment/assets/credentials/k8s/provider/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "VC1_0_JWT", - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkRhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIn19LCJpYXQiOjE3NDg4NDQ5MTl9.lgSIzaPA9mm1LTEssDlfG2bcKUyhjWfjl85yEMHcKxAjl3kyFw1lBSokCR85f2bm-ZBHiAfCh9M9W1jixjPTCg", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkRhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6ZGF0YXNwYWNlLWlzc3VlciIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpwcm92aWRlciIsImxldmVsIjoicHJvY2Vzc2luZyIsImNvbnRyYWN0VmVyc2lvbiI6IjEuMC4wIn19LCJpYXQiOjE3Njk1MTEwNzh9.WfLbQ2hOGeIwlD-TFj-_mOUswjQsCYmH5l9GexWKqoPNatLw7wgMFCgQiXTUK2V_0VIbxk9NLP8eNEdTgLoqBw", "credential": { "credentialSubject": [ { diff --git a/mvd-deployment/assets/credentials/k8s/provider/dataprocessor_vc.json b/deployment/assets/credentials/k8s/provider/dataprocessor_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/k8s/provider/dataprocessor_vc.json rename to deployment/assets/credentials/k8s/provider/dataprocessor_vc.json diff --git a/mvd-deployment/assets/credentials/k8s/provider/membership-credential.json b/deployment/assets/credentials/k8s/provider/membership-credential.json similarity index 94% rename from mvd-deployment/assets/credentials/k8s/provider/membership-credential.json rename to deployment/assets/credentials/k8s/provider/membership-credential.json index 076ef60e0..c587ebfe5 100644 --- a/mvd-deployment/assets/credentials/k8s/provider/membership-credential.json +++ b/deployment/assets/credentials/k8s/provider/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc0ODg0NDkxOH0.iX84wIF6unwmOWPtyRHAYv-YaoDSTzHl1ioZcfa-Y6aMGzbgD4EDhjKY9syR5mdYYIvqs__cAN-d3MOKbMgjDA", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmRhdGFzcGFjZS1pc3N1ZXIiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpwcm92aWRlci1pZGVudGl0eWh1YiUzQTcwODM6cHJvdmlkZXIiLCJtZW1iZXJzaGlwIjp7Im1lbWJlcnNoaXBUeXBlIjoiRnVsbE1lbWJlciIsIndlYnNpdGUiOiJ3d3cud2hhdGV2ZXIuY29tIiwiY29udGFjdCI6Im1peC5tYXhAd2hhdGV2ZXIuY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc2OTUxMTA3N30.ARHPRA0VhoYAC6oI1Ue0iFNcQtPZ48qS-St4ZY6Rx-njB1wUR9NzstcQ93CI2Yexjl9eR3qVflib6fEQWYrFBg", "format": "VC1_0_JWT", "credential": { "credentialSubject": [ diff --git a/mvd-deployment/assets/credentials/k8s/provider/membership_vc.json b/deployment/assets/credentials/k8s/provider/membership_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/k8s/provider/membership_vc.json rename to deployment/assets/credentials/k8s/provider/membership_vc.json diff --git a/mvd-deployment/assets/credentials/local/consumer/dataprocessor-credential.json b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json similarity index 94% rename from mvd-deployment/assets/credentials/local/consumer/dataprocessor-credential.json rename to deployment/assets/credentials/local/consumer/dataprocessor-credential.json index 934f2d850..094fefb54 100644 --- a/mvd-deployment/assets/credentials/local/consumer/dataprocessor-credential.json +++ b/deployment/assets/credentials/local/consumer/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "VC1_0_JWT", - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDgzIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTc0ODg0NDkxOX0.B3ZjHNsiOhuiv78uv4hu08LyA9gZrciMhKOHsC9CV99_KesoWQAjrsg2bJd2b3QQguLoR0C3S3u-9tcYvmB1Cg", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwiY29udHJhY3RWZXJzaW9uIjoibXZkLWNyZWRlbnRpYWxzOmNvbnRyYWN0VmVyc2lvbiIsImxldmVsIjoibXZkLWNyZWRlbnRpYWxzOmxldmVsIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMjM0NyIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJEYXRhUHJvY2Vzc29yQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDgzIiwiY29udHJhY3RWZXJzaW9uIjoiMS4wLjAiLCJsZXZlbCI6InByb2Nlc3NpbmcifX0sImlhdCI6MTc2OTUxMTA3OH0.UDIGZ5izyeEcI3EK1nO_x0gLKbSiRGbZZYwcnlcCjANVH-rzGXeTJZ4NK1qpv8XHGMUh24sfAxwnhnzzI3kNBQ", "credential": { "credentialSubject": [ { diff --git a/mvd-deployment/assets/credentials/local/consumer/membership-credential.json b/deployment/assets/credentials/local/consumer/membership-credential.json similarity index 94% rename from mvd-deployment/assets/credentials/local/consumer/membership-credential.json rename to deployment/assets/credentials/local/consumer/membership-credential.json index 95ce92cd9..63bd267e9 100644 --- a/mvd-deployment/assets/credentials/local/consumer/membership-credential.json +++ b/deployment/assets/credentials/local/consumer/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E5ODc2IiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoibWl4Lm1heEB3aGF0ZXZlci5jb20iLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19fSwiaWF0IjoxNzQ4ODQ0OTE5fQ.xnb1qnjEUpSAzFlJT9krVkW8y7MffVJL7xhfimLEV2ADYtRw_94LvcYuv-eFwMcOEMtNzfWj4MRoM2IslI5rBw", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOmNvbnN1bWVyLWlkZW50aXR5aHViJTNBNzA4MzphbGljZSIsInN1YiI6ImRpZDp3ZWI6Y29uc3VtZXItaWRlbnRpdHlodWIlM0E3MDgzOmFsaWNlIiwidmMiOnsiQGNvbnRleHQiOlsiaHR0cHM6Ly93d3cudzMub3JnLzIwMTgvY3JlZGVudGlhbHMvdjEiLCJodHRwczovL3czaWQub3JnL3NlY3VyaXR5L3N1aXRlcy9qd3MtMjAyMC92MSIsImh0dHBzOi8vd3d3LnczLm9yZy9ucy9kaWQvdjEiLHsibXZkLWNyZWRlbnRpYWxzIjoiaHR0cHM6Ly93M2lkLm9yZy9tdmQvY3JlZGVudGlhbHMvIiwibWVtYmVyc2hpcCI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwIiwibWVtYmVyc2hpcFR5cGUiOiJtdmQtY3JlZGVudGlhbHM6bWVtYmVyc2hpcFR5cGUiLCJ3ZWJzaXRlIjoibXZkLWNyZWRlbnRpYWxzOndlYnNpdGUiLCJjb250YWN0IjoibXZkLWNyZWRlbnRpYWxzOmNvbnRhY3QiLCJzaW5jZSI6Im12ZC1jcmVkZW50aWFsczpzaW5jZSJ9XSwiaWQiOiJodHRwOi8vb3JnLnlvdXJkYXRhc3BhY2UuY29tL2NyZWRlbnRpYWxzLzIzNDciLCJ0eXBlIjpbIlZlcmlmaWFibGVDcmVkZW50aWFsIiwiTWVtYmVyc2hpcENyZWRlbnRpYWwiXSwiaXNzdWVyIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E5ODc2IiwiaXNzdWFuY2VEYXRlIjoiMjAyMy0wOC0xOFQwMDowMDowMFoiLCJjcmVkZW50aWFsU3ViamVjdCI6eyJpZCI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBNzA4MyIsIm1lbWJlcnNoaXAiOnsibWVtYmVyc2hpcFR5cGUiOiJGdWxsTWVtYmVyIiwid2Vic2l0ZSI6Ind3dy53aGF0ZXZlci5jb20iLCJjb250YWN0IjoibWl4Lm1heEB3aGF0ZXZlci5jb20iLCJzaW5jZSI6IjIwMjMtMDEtMDFUMDA6MDA6MDBaIn19fSwiaWF0IjoxNzY5NTExMDc4fQ.c-4O4pzWedCYzYl4kk5NfdkQGZROA53KyzqtU7LucF5AnCg8ESUHJqp9m8ZHqO51JLdF6IJV7dk4mJhwrDQXCQ", "format": "VC1_0_JWT", "credential": { "credentialSubject": [ diff --git a/mvd-deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json b/deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json rename to deployment/assets/credentials/local/consumer/unsigned/dataprocessor_vc.json diff --git a/mvd-deployment/assets/credentials/local/consumer/unsigned/membership_vc.json b/deployment/assets/credentials/local/consumer/unsigned/membership_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/local/consumer/unsigned/membership_vc.json rename to deployment/assets/credentials/local/consumer/unsigned/membership_vc.json diff --git a/mvd-deployment/assets/credentials/local/provider/dataprocessor-credential.json b/deployment/assets/credentials/local/provider/dataprocessor-credential.json similarity index 94% rename from mvd-deployment/assets/credentials/local/provider/dataprocessor-credential.json rename to deployment/assets/credentials/local/provider/dataprocessor-credential.json index aadbef8fe..5e448ddc9 100644 --- a/mvd-deployment/assets/credentials/local/provider/dataprocessor-credential.json +++ b/deployment/assets/credentials/local/provider/dataprocessor-credential.json @@ -9,7 +9,7 @@ "reissuancePolicy": null, "verifiableCredential": { "format": "VC1_0_JWT", - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkRhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBOTg3NiIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJsZXZlbCI6InByb2Nlc3NpbmciLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCJ9fSwiaWF0IjoxNzQ4ODQ0OTE5fQ.aeb2uwwwEbaa3236XJhNOpJ_KxUIIefYeheAiw7OPtk_rXjmFOQ_aa7F09kEEgGK1NB3sijfVIEo5E96vMfZCQ", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJjb250cmFjdFZlcnNpb24iOiJtdmQtY3JlZGVudGlhbHM6Y29udHJhY3RWZXJzaW9uIiwibGV2ZWwiOiJtdmQtY3JlZGVudGlhbHM6bGV2ZWwifV0sImlkIjoiaHR0cDovL29yZy55b3VyZGF0YXNwYWNlLmNvbS9jcmVkZW50aWFscy8yMzQ3IiwidHlwZSI6WyJWZXJpZmlhYmxlQ3JlZGVudGlhbCIsIkRhdGFQcm9jZXNzb3JDcmVkZW50aWFsIl0sImlzc3VlciI6ImRpZDp3ZWI6bG9jYWxob3N0JTNBOTg3NiIsImlzc3VhbmNlRGF0ZSI6IjIwMjMtMDgtMThUMDA6MDA6MDBaIiwiY3JlZGVudGlhbFN1YmplY3QiOnsiaWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTcwOTMiLCJsZXZlbCI6InByb2Nlc3NpbmciLCJjb250cmFjdFZlcnNpb24iOiIxLjAuMCJ9fSwiaWF0IjoxNzY5NTExMDc4fQ.qqxdAG6lT_Eiwvae788Vo2fhjswBdTxSwsYKeHKFMnfnQwshdld-vh4vQyOvT_f8_e_tbzHRr-OAVyHxpSFABg", "credential": { "credentialSubject": [ { diff --git a/mvd-deployment/assets/credentials/local/provider/membership-credential.json b/deployment/assets/credentials/local/provider/membership-credential.json similarity index 94% rename from mvd-deployment/assets/credentials/local/provider/membership-credential.json rename to deployment/assets/credentials/local/provider/membership-credential.json index 419beea63..eb899c197 100644 --- a/mvd-deployment/assets/credentials/local/provider/membership-credential.json +++ b/deployment/assets/credentials/local/provider/membership-credential.json @@ -8,7 +8,7 @@ "issuancePolicy": null, "reissuancePolicy": null, "verifiableCredential": { - "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc0ODg0NDkxOX0.HmC6-GC6GalGL6n8UQ2BNDOAS1qNJ0B6A7gObM_p0psOkZqCvtSQ-gwMTX8qd5gK7eihGuAEiMQ7Z_gCvgKKAw", + "rawVc": "eyJraWQiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYja2V5LTEiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJhdWQiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJzdWIiOiJkaWQ6d2ViOnByb3ZpZGVyLWlkZW50aXR5aHViJTNBNzA4Mzpib2IiLCJ2YyI6eyJAY29udGV4dCI6WyJodHRwczovL3d3dy53My5vcmcvMjAxOC9jcmVkZW50aWFscy92MSIsImh0dHBzOi8vdzNpZC5vcmcvc2VjdXJpdHkvc3VpdGVzL2p3cy0yMDIwL3YxIiwiaHR0cHM6Ly93d3cudzMub3JnL25zL2RpZC92MSIseyJtdmQtY3JlZGVudGlhbHMiOiJodHRwczovL3czaWQub3JnL212ZC9jcmVkZW50aWFscy8iLCJtZW1iZXJzaGlwIjoibXZkLWNyZWRlbnRpYWxzOm1lbWJlcnNoaXAiLCJtZW1iZXJzaGlwVHlwZSI6Im12ZC1jcmVkZW50aWFsczptZW1iZXJzaGlwVHlwZSIsIndlYnNpdGUiOiJtdmQtY3JlZGVudGlhbHM6d2Vic2l0ZSIsImNvbnRhY3QiOiJtdmQtY3JlZGVudGlhbHM6Y29udGFjdCIsInNpbmNlIjoibXZkLWNyZWRlbnRpYWxzOnNpbmNlIn1dLCJpZCI6Imh0dHA6Ly9vcmcueW91cmRhdGFzcGFjZS5jb20vY3JlZGVudGlhbHMvMTIzNCIsInR5cGUiOlsiVmVyaWZpYWJsZUNyZWRlbnRpYWwiLCJNZW1iZXJzaGlwQ3JlZGVudGlhbCJdLCJpc3N1ZXIiOiJkaWQ6d2ViOmxvY2FsaG9zdCUzQTk4NzYiLCJpc3N1YW5jZURhdGUiOiIyMDIzLTA4LTE4VDAwOjAwOjAwWiIsImNyZWRlbnRpYWxTdWJqZWN0Ijp7ImlkIjoiZGlkOndlYjpsb2NhbGhvc3QlM0E3MDkzIiwibWVtYmVyc2hpcCI6eyJtZW1iZXJzaGlwVHlwZSI6IlByb3NwZWN0TWVtYmVyIiwid2Vic2l0ZSI6Ind3dy5xdWl6enF1YXp6LmNvbSIsImNvbnRhY3QiOiJmb28uYmFyQHF1aXp6cXVhenouY29tIiwic2luY2UiOiIyMDIzLTAxLTAxVDAwOjAwOjAwWiJ9fX0sImlhdCI6MTc2OTUxMTA3OH0.Q3FfHKNGwtSCkrfnybWm6Uu9jqGysfE5YBlWoXLkYRdUTQDT31LrUk5Uz6ae2JbqaZiSsptp_iRappeuBG67CQ", "format": "VC1_0_JWT", "credential": { "credentialSubject": [ diff --git a/mvd-deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json b/deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json rename to deployment/assets/credentials/local/provider/unsigned/dataprocessor_vc.json diff --git a/mvd-deployment/assets/credentials/local/provider/unsigned/membership_vc.json b/deployment/assets/credentials/local/provider/unsigned/membership_vc.json similarity index 100% rename from mvd-deployment/assets/credentials/local/provider/unsigned/membership_vc.json rename to deployment/assets/credentials/local/provider/unsigned/membership_vc.json diff --git a/mvd-deployment/assets/env/consumer_connector.env b/deployment/assets/env/consumer_connector.env similarity index 100% rename from mvd-deployment/assets/env/consumer_connector.env rename to deployment/assets/env/consumer_connector.env diff --git a/mvd-deployment/assets/env/consumer_identityhub.env b/deployment/assets/env/consumer_identityhub.env similarity index 100% rename from mvd-deployment/assets/env/consumer_identityhub.env rename to deployment/assets/env/consumer_identityhub.env diff --git a/mvd-deployment/assets/env/issuerservice.env b/deployment/assets/env/issuerservice.env similarity index 100% rename from mvd-deployment/assets/env/issuerservice.env rename to deployment/assets/env/issuerservice.env diff --git a/mvd-deployment/assets/env/provider_catalogserver.env b/deployment/assets/env/provider_catalogserver.env similarity index 100% rename from mvd-deployment/assets/env/provider_catalogserver.env rename to deployment/assets/env/provider_catalogserver.env diff --git a/mvd-deployment/assets/env/provider_connector_manufacturing.env b/deployment/assets/env/provider_connector_manufacturing.env similarity index 100% rename from mvd-deployment/assets/env/provider_connector_manufacturing.env rename to deployment/assets/env/provider_connector_manufacturing.env diff --git a/mvd-deployment/assets/env/provider_connector_qna.env b/deployment/assets/env/provider_connector_qna.env similarity index 100% rename from mvd-deployment/assets/env/provider_connector_qna.env rename to deployment/assets/env/provider_connector_qna.env diff --git a/mvd-deployment/assets/env/provider_identityhub.env b/deployment/assets/env/provider_identityhub.env similarity index 100% rename from mvd-deployment/assets/env/provider_identityhub.env rename to deployment/assets/env/provider_identityhub.env diff --git a/deployment/assets/issuer/did.docker.json b/deployment/assets/issuer/did.docker.json new file mode 100644 index 000000000..8fa1b9707 --- /dev/null +++ b/deployment/assets/issuer/did.docker.json @@ -0,0 +1 @@ +{"service":[],"verificationMethod":[{"id":"did:web:localhost%3A9876#key-1","type":"JsonWebKey2020","controller":"did:web:localhost%3A9876","publicKeyMultibase":null,"publicKeyJwk":{"kty":"OKP","crv":"Ed25519","x":"Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc"}}],"authentication":["key-1"],"id":"did:web:localhost%3A9876","@context":["https://www.w3.org/ns/did/v1",{"@base":"did:web:localhost%3A9876"}]} \ No newline at end of file diff --git a/deployment/assets/issuer/did.k8s.json b/deployment/assets/issuer/did.k8s.json new file mode 100644 index 000000000..87759dcbf --- /dev/null +++ b/deployment/assets/issuer/did.k8s.json @@ -0,0 +1 @@ +{"service":[],"verificationMethod":[{"id":"did:web:dataspace-issuer#key-1","type":"JsonWebKey2020","controller":"did:web:dataspace-issuer","publicKeyMultibase":null,"publicKeyJwk":{"kty":"OKP","crv":"Ed25519","x":"Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc"}}],"authentication":["key-1"],"id":"did:web:dataspace-issuer","@context":["https://www.w3.org/ns/did/v1",{"@base":"did:web:dataspace-issuer"}]} \ No newline at end of file diff --git a/mvd-deployment/assets/issuer/nginx.conf b/deployment/assets/issuer/nginx.conf similarity index 100% rename from mvd-deployment/assets/issuer/nginx.conf rename to deployment/assets/issuer/nginx.conf diff --git a/mvd-deployment/assets/issuer_private.pem b/deployment/assets/issuer_private.pem similarity index 100% rename from mvd-deployment/assets/issuer_private.pem rename to deployment/assets/issuer_private.pem diff --git a/mvd-deployment/assets/issuer_public.pem b/deployment/assets/issuer_public.pem similarity index 100% rename from mvd-deployment/assets/issuer_public.pem rename to deployment/assets/issuer_public.pem diff --git a/mvd-deployment/assets/participants/participants.k8s.json b/deployment/assets/participants/participants.k8s.json similarity index 100% rename from mvd-deployment/assets/participants/participants.k8s.json rename to deployment/assets/participants/participants.k8s.json diff --git a/mvd-deployment/assets/participants/participants.local.json b/deployment/assets/participants/participants.local.json similarity index 100% rename from mvd-deployment/assets/participants/participants.local.json rename to deployment/assets/participants/participants.local.json diff --git a/mvd-deployment/assets/provider_private.pem b/deployment/assets/provider_private.pem similarity index 100% rename from mvd-deployment/assets/provider_private.pem rename to deployment/assets/provider_private.pem diff --git a/mvd-deployment/assets/provider_public.pem b/deployment/assets/provider_public.pem similarity index 100% rename from mvd-deployment/assets/provider_public.pem rename to deployment/assets/provider_public.pem diff --git a/mvd-deployment/consumer.tf b/deployment/consumer.tf similarity index 100% rename from mvd-deployment/consumer.tf rename to deployment/consumer.tf diff --git a/mvd-deployment/issuer.tf b/deployment/issuer.tf similarity index 100% rename from mvd-deployment/issuer.tf rename to deployment/issuer.tf diff --git a/mvd-deployment/issuer_nginx.tf b/deployment/issuer_nginx.tf similarity index 100% rename from mvd-deployment/issuer_nginx.tf rename to deployment/issuer_nginx.tf diff --git a/mvd-deployment/modules/catalog-server/catalog-server.tf b/deployment/modules/catalog-server/catalog-server.tf similarity index 100% rename from mvd-deployment/modules/catalog-server/catalog-server.tf rename to deployment/modules/catalog-server/catalog-server.tf diff --git a/mvd-deployment/modules/catalog-server/ingress.tf b/deployment/modules/catalog-server/ingress.tf similarity index 100% rename from mvd-deployment/modules/catalog-server/ingress.tf rename to deployment/modules/catalog-server/ingress.tf diff --git a/mvd-deployment/modules/catalog-server/outputs.tf b/deployment/modules/catalog-server/outputs.tf similarity index 100% rename from mvd-deployment/modules/catalog-server/outputs.tf rename to deployment/modules/catalog-server/outputs.tf diff --git a/mvd-deployment/modules/catalog-server/services.tf b/deployment/modules/catalog-server/services.tf similarity index 100% rename from mvd-deployment/modules/catalog-server/services.tf rename to deployment/modules/catalog-server/services.tf diff --git a/mvd-deployment/modules/catalog-server/variables.tf b/deployment/modules/catalog-server/variables.tf similarity index 100% rename from mvd-deployment/modules/catalog-server/variables.tf rename to deployment/modules/catalog-server/variables.tf diff --git a/mvd-deployment/modules/connector/controlplane.tf b/deployment/modules/connector/controlplane.tf similarity index 100% rename from mvd-deployment/modules/connector/controlplane.tf rename to deployment/modules/connector/controlplane.tf diff --git a/mvd-deployment/modules/connector/dataplane.tf b/deployment/modules/connector/dataplane.tf similarity index 100% rename from mvd-deployment/modules/connector/dataplane.tf rename to deployment/modules/connector/dataplane.tf diff --git a/mvd-deployment/modules/connector/ingress.tf b/deployment/modules/connector/ingress.tf similarity index 100% rename from mvd-deployment/modules/connector/ingress.tf rename to deployment/modules/connector/ingress.tf diff --git a/mvd-deployment/modules/connector/outputs.tf b/deployment/modules/connector/outputs.tf similarity index 100% rename from mvd-deployment/modules/connector/outputs.tf rename to deployment/modules/connector/outputs.tf diff --git a/mvd-deployment/modules/connector/services.tf b/deployment/modules/connector/services.tf similarity index 100% rename from mvd-deployment/modules/connector/services.tf rename to deployment/modules/connector/services.tf diff --git a/mvd-deployment/modules/connector/variables.tf b/deployment/modules/connector/variables.tf similarity index 100% rename from mvd-deployment/modules/connector/variables.tf rename to deployment/modules/connector/variables.tf diff --git a/mvd-deployment/modules/identity-hub/ingress.tf b/deployment/modules/identity-hub/ingress.tf similarity index 100% rename from mvd-deployment/modules/identity-hub/ingress.tf rename to deployment/modules/identity-hub/ingress.tf diff --git a/mvd-deployment/modules/identity-hub/main.tf b/deployment/modules/identity-hub/main.tf similarity index 100% rename from mvd-deployment/modules/identity-hub/main.tf rename to deployment/modules/identity-hub/main.tf diff --git a/mvd-deployment/modules/identity-hub/outputs.tf b/deployment/modules/identity-hub/outputs.tf similarity index 100% rename from mvd-deployment/modules/identity-hub/outputs.tf rename to deployment/modules/identity-hub/outputs.tf diff --git a/mvd-deployment/modules/identity-hub/services.tf b/deployment/modules/identity-hub/services.tf similarity index 100% rename from mvd-deployment/modules/identity-hub/services.tf rename to deployment/modules/identity-hub/services.tf diff --git a/mvd-deployment/modules/identity-hub/variables.tf b/deployment/modules/identity-hub/variables.tf similarity index 100% rename from mvd-deployment/modules/identity-hub/variables.tf rename to deployment/modules/identity-hub/variables.tf diff --git a/mvd-deployment/modules/issuer/ingress.tf b/deployment/modules/issuer/ingress.tf similarity index 100% rename from mvd-deployment/modules/issuer/ingress.tf rename to deployment/modules/issuer/ingress.tf diff --git a/mvd-deployment/modules/issuer/main.tf b/deployment/modules/issuer/main.tf similarity index 100% rename from mvd-deployment/modules/issuer/main.tf rename to deployment/modules/issuer/main.tf diff --git a/mvd-deployment/modules/issuer/services.tf b/deployment/modules/issuer/services.tf similarity index 100% rename from mvd-deployment/modules/issuer/services.tf rename to deployment/modules/issuer/services.tf diff --git a/mvd-deployment/modules/issuer/variables.tf b/deployment/modules/issuer/variables.tf similarity index 100% rename from mvd-deployment/modules/issuer/variables.tf rename to deployment/modules/issuer/variables.tf diff --git a/mvd-deployment/modules/postgres/main.tf b/deployment/modules/postgres/main.tf similarity index 100% rename from mvd-deployment/modules/postgres/main.tf rename to deployment/modules/postgres/main.tf diff --git a/mvd-deployment/modules/postgres/outputs.tf b/deployment/modules/postgres/outputs.tf similarity index 100% rename from mvd-deployment/modules/postgres/outputs.tf rename to deployment/modules/postgres/outputs.tf diff --git a/mvd-deployment/modules/postgres/variables.tf b/deployment/modules/postgres/variables.tf similarity index 100% rename from mvd-deployment/modules/postgres/variables.tf rename to deployment/modules/postgres/variables.tf diff --git a/mvd-deployment/modules/vault/variables.tf b/deployment/modules/vault/variables.tf similarity index 100% rename from mvd-deployment/modules/vault/variables.tf rename to deployment/modules/vault/variables.tf diff --git a/mvd-deployment/modules/vault/vault-values.yaml b/deployment/modules/vault/vault-values.yaml similarity index 100% rename from mvd-deployment/modules/vault/vault-values.yaml rename to deployment/modules/vault/vault-values.yaml diff --git a/mvd-deployment/modules/vault/vault.tf b/deployment/modules/vault/vault.tf similarity index 100% rename from mvd-deployment/modules/vault/vault.tf rename to deployment/modules/vault/vault.tf diff --git a/mvd-deployment/namespace.tf b/deployment/namespace.tf similarity index 100% rename from mvd-deployment/namespace.tf rename to deployment/namespace.tf diff --git a/mvd-deployment/outputs.tf b/deployment/outputs.tf similarity index 100% rename from mvd-deployment/outputs.tf rename to deployment/outputs.tf diff --git a/mvd-deployment/postman/MVD K8S.postman_environment.json b/deployment/postman/MVD K8S.postman_environment.json similarity index 100% rename from mvd-deployment/postman/MVD K8S.postman_environment.json rename to deployment/postman/MVD K8S.postman_environment.json diff --git a/mvd-deployment/postman/MVD Local Development.postman_environment.json b/deployment/postman/MVD Local Development.postman_environment.json similarity index 100% rename from mvd-deployment/postman/MVD Local Development.postman_environment.json rename to deployment/postman/MVD Local Development.postman_environment.json diff --git a/mvd-deployment/postman/MVD.postman_collection.json b/deployment/postman/MVD.postman_collection.json similarity index 100% rename from mvd-deployment/postman/MVD.postman_collection.json rename to deployment/postman/MVD.postman_collection.json diff --git a/mvd-deployment/postman/http-client.env.json b/deployment/postman/http-client.env.json similarity index 100% rename from mvd-deployment/postman/http-client.env.json rename to deployment/postman/http-client.env.json diff --git a/mvd-deployment/provider.tf b/deployment/provider.tf similarity index 100% rename from mvd-deployment/provider.tf rename to deployment/provider.tf diff --git a/mvd-deployment/providers.tf b/deployment/providers.tf similarity index 100% rename from mvd-deployment/providers.tf rename to deployment/providers.tf diff --git a/mvd-deployment/variables.tf b/deployment/variables.tf similarity index 100% rename from mvd-deployment/variables.tf rename to deployment/variables.tf diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index da0ec0822..359c1bb91 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -105,6 +105,12 @@ edc-bom-identityhub-sql = { module = "org.eclipse.edc:identityhub-feature-sql-bo edc-bom-issuerservice = { module = "org.eclipse.edc:issuerservice-bom", version.ref = "edc" } edc-bom-issuerservice-sql = { module = "org.eclipse.edc:issuerservice-feature-sql-bom", version.ref = "edc" } +# AWS +edc-aws-s3-core = { module = "org.eclipse.edc.aws:aws-s3-core", version.ref = "edc" } +edc-aws-data-plane-s3 = { module = "org.eclipse.edc.aws:data-plane-aws-s3", version.ref = "edc" } +edc-aws-validator-data-address-s3 = { module = "org.eclipse.edc.aws:validator-data-address-s3", version.ref = "edc" } + + [bundles] connector = [ "edc-boot", diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index d09d3d2a0..9f3036b9a 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -19,11 +19,15 @@ plugins { } dependencies { + implementation(libs.edc.aws.s3.core) + implementation(libs.edc.aws.data.plane.s3) + runtimeOnly(project(":extensions:did-example-resolver")) runtimeOnly(project(":extensions:dcp-impl")) // some patches/impls for DCP runtimeOnly(project(":extensions:catalog-node-resolver")) // to trigger the federated catalog runtimeOnly(libs.edc.bom.controlplane) runtimeOnly(libs.edc.api.secrets) + runtimeOnly(libs.edc.aws.validator.data.address.s3) if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) diff --git a/launchers/dataplane/build.gradle.kts b/launchers/dataplane/build.gradle.kts index 71964e2a6..3966b9398 100644 --- a/launchers/dataplane/build.gradle.kts +++ b/launchers/dataplane/build.gradle.kts @@ -19,9 +19,12 @@ plugins { } dependencies { + implementation(libs.edc.aws.s3.core) + implementation(libs.edc.aws.data.plane.s3) + runtimeOnly(libs.edc.bom.dataplane) runtimeOnly(libs.edc.dataplane.v2) - + runtimeOnly(libs.edc.aws.validator.data.address.s3) if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) runtimeOnly(libs.edc.bom.dataplane.sql) diff --git a/mvd-deployment/assets/issuer/did.docker.json b/mvd-deployment/assets/issuer/did.docker.json deleted file mode 100644 index 1c819d142..000000000 --- a/mvd-deployment/assets/issuer/did.docker.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "service": [], - "verificationMethod": [ - { - "id": "did:web:localhost%3A9876#key-1", - "type": "JsonWebKey2020", - "controller": "did:web:localhost%3A9876", - "publicKeyMultibase": null, - "publicKeyJwk": { - "kty": "OKP", - "crv": "Ed25519", - "x": "Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc" - } - } - ], - "authentication": [ - "key-1" - ], - "id": "did:web:localhost%3A9876", - "@context": [ - "https://www.w3.org/ns/did/v1", - { - "@base": "did:web:localhost%3A9876" - } - ] -} \ No newline at end of file diff --git a/mvd-deployment/assets/issuer/did.k8s.json b/mvd-deployment/assets/issuer/did.k8s.json deleted file mode 100644 index b6b0d01dc..000000000 --- a/mvd-deployment/assets/issuer/did.k8s.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "service": [], - "verificationMethod": [ - { - "id": "did:web:dataspace-issuer#key-1", - "type": "JsonWebKey2020", - "controller": "did:web:dataspace-issuer", - "publicKeyMultibase": null, - "publicKeyJwk": { - "kty": "OKP", - "crv": "Ed25519", - "x": "Hsq2QXPbbsU7j6JwXstbpxGSgliI04g_fU3z2nwkuVc" - } - } - ], - "authentication": [ - "key-1" - ], - "id": "did:web:dataspace-issuer", - "@context": [ - "https://www.w3.org/ns/did/v1", - { - "@base": "did:web:dataspace-issuer" - } - ] -} \ No newline at end of file From 32ed1723712f2e5adcecbf7442c4fcaf01405e04 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 12:53:16 +0100 Subject: [PATCH 16/72] Update piepline --- buildspec.yml | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/buildspec.yml b/buildspec.yml index a1fe78724..d210bd9f7 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -4,13 +4,13 @@ phases: pre_build: commands: - AWS_REGION="eu-west-1" + - COMMIT_HASH=$(echo $CODEBUILD_RESOLVED_SOURCE_VERSION | cut -c 1-8) + - ECR_IMAGE_CATALOG_SERVER=${REPOSITORY_URI}/kordat-$ENV-catalog-server:${COMMIT_HASH} + - ECR_IMAGE_CONTROLPLANE=${REPOSITORY_URI}/kordat-$ENV-controlplane:${COMMIT_HASH} + - ECR_IMAGE_DATAPLANE=${REPOSITORY_URI}/kordat-$ENV-dataplane:${COMMIT_HASH} + - ECR_IMAGE_IDENTITY_HUB=${REPOSITORY_URI}/kordat-$ENV-identity-hub:${COMMIT_HASH} + - ECR_IMAGE_ISSUERSERVICE=${REPOSITORY_URI}/kordat-$ENV-issuerservice:${COMMIT_HASH} - echo "Conectando con ECR..." - - ECR_IMAGE_CATALOG_SERVER=${REPOSITORY_URI}/kordat-$ENV-catalog-server:latest - - ECR_IMAGE_CONTROLPLANE=${REPOSITORY_URI}/kordat-$ENV-controlplane:latest - - ECR_IMAGE_DATAPLANE=${REPOSITORY_URI}/kordat-$ENV-dataplane:latest - - ECR_IMAGE_IDENTITY_HUB=${REPOSITORY_URI}/kordat-$ENV-identity-hub:latest - - ECR_IMAGE_ISSUERSERVICE=${REPOSITORY_URI}/kordat-$ENV-issuerservice:latest - - ECR_IMAGE_VAULT=${REPOSITORY_URI}/kordat-$ENV-vault:latest - aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $REPOSITORY_URI - gradle --version || echo "Gradle no está instalado" build: @@ -21,14 +21,12 @@ phases: post_build: commands: - echo "Tagging images..." - - docker tag controlplane:latest ECR_IMAGE_CONTROLPLANE - - docker tag dataplane:latest ECR_IMAGE_DATAPLANE - - docker tag controlplane:latest ECR_IMAGE_IDENTITY_HUB - - docker tag catalog-server:latest ECR_IMAGE_CATALOG_SERVER - - docker tag vault:latest ECR_IMAGE_VAULT + - docker tag controlplane:latest $ECR_IMAGE_CONTROLPLANE + - docker tag dataplane:latest $ECR_IMAGE_DATAPLANE + - docker tag controlplane:latest $ECR_IMAGE_IDENTITY_HUB + - docker tag catalog-server:latest $ECR_IMAGE_CATALOG_SERVER - echo "Pushing images..." - - docker push ECR_IMAGE_CONTROLPLANE - - docker push ECR_IMAGE_DATAPLANE - - docker push ECR_IMAGE_IDENTITY_HUB - - docker push ECR_IMAGE_CATALOG_SERVER - - docker push ECR_IMAGE_VAULT + - docker push $ECR_IMAGE_CONTROLPLANE + - docker push $ECR_IMAGE_DATAPLANE + - docker push $ECR_IMAGE_IDENTITY_HUB + - docker push $ECR_IMAGE_CATALOG_SERVER From 62bc23e20dbcb5bd6c179b62f26986defd60017c Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 12:56:52 +0100 Subject: [PATCH 17/72] Update connector deployments --- connector-deployment/connector.tf | 11 +++++++---- connector-deployment/iam.tf | 15 +++++++++++++++ connector-deployment/kms.tf | 2 +- .../modules/connector/controlplane.tf | 8 ++++++++ .../modules/connector/variables.tf | 15 +++++++++++++++ connector-deployment/s3.tf | 2 +- connector-deployment/variables.tf | 5 +++++ 7 files changed, 52 insertions(+), 6 deletions(-) create mode 100644 connector-deployment/iam.tf diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index d0b620670..1f15fff9e 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -31,10 +31,13 @@ module "participant-connector" { password = random_password.participant_password.result url = local.database_url } - vault-url = local.vault_url - namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name - sts-token-url = "${module.participant-identityhub.sts-token-url}/token" - useSVE = var.useSVE + vault-url = local.vault_url + namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name + sts-token-url = "${module.participant-identityhub.sts-token-url}/token" + useSVE = var.useSVE + s3_endpoint = "https://${module.remote_state_s3.bucket_name}.s3.eu-west-1.amazonaws.com" + aws_access_key = aws_iam_access_key.deployer.id + aws_secret_key = aws_iam_access_key.deployer.secret } # consumer identity hub diff --git a/connector-deployment/iam.tf b/connector-deployment/iam.tf new file mode 100644 index 000000000..8321c3ca7 --- /dev/null +++ b/connector-deployment/iam.tf @@ -0,0 +1,15 @@ +resource "aws_iam_user" "main" { + name = "${var.project}-${var.participant}-s3-user" + +# tags = merge(var.tags, { +# Name = "${var.tenant}-${var.project}-${var.environment}-${var.role}-user" +# tenant = var.tenant +# Proyecto = length(var.project) == 3 ? upper(var.project) : title(var.project) +# Entorno = title(var.environment) +# Rol = var.role +# }) +} + +resource "aws_iam_access_key" "deployer" { + user = aws_iam_user.main.name +} \ No newline at end of file diff --git a/connector-deployment/kms.tf b/connector-deployment/kms.tf index c58649627..5cd3b25f1 100644 --- a/connector-deployment/kms.tf +++ b/connector-deployment/kms.tf @@ -1,7 +1,7 @@ module "kms" { source = "./modules/kms" environment = var.environment - project = "kordat" + project = var.project alias = "${var.participant}-key" role = "kms" } \ No newline at end of file diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 68ed49597..59aa5403a 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -181,5 +181,13 @@ resource "kubernetes_config_map" "connector-config" { EDC_IAM_STS_OAUTH_TOKEN_URL = var.sts-token-url EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + + # S3 configuration for AmazonS3 DataAddress support + # These variables enable the ControlPlane to validate and accept AmazonS3 DataAddress types + # Default values are for LocalStack (can be overridden by setting these values in the ConfigMap manually) + EDC_S3_ENDPOINT = var.s3_endpoint + AWS_ACCESS_KEY_ID = var.aws_access_key + AWS_SECRET_ACCESS_KEY = var.aws_secret_key + AWS_REGION = "us-east-1" } } diff --git a/connector-deployment/modules/connector/variables.tf b/connector-deployment/modules/connector/variables.tf index 5c3c95f23..2e440261f 100644 --- a/connector-deployment/modules/connector/variables.tf +++ b/connector-deployment/modules/connector/variables.tf @@ -113,3 +113,18 @@ locals { controlplane-service-name = "${var.humanReadableName}-controlplane" dataplane-service-name = "${var.humanReadableName}-dataplane" } + +variable "s3_endpoint" { + type = string + description = "S3 endpoint" +} + +variable "aws_access_key" { + type = string + description = "IAM user access key" +} + +variable "aws_secret_key" { + type = string + description = "IAM user secret key" +} diff --git a/connector-deployment/s3.tf b/connector-deployment/s3.tf index 7e06a4254..4bd94684c 100644 --- a/connector-deployment/s3.tf +++ b/connector-deployment/s3.tf @@ -1,6 +1,6 @@ module "remote_state_s3" { source = "./modules/s3_bucket" - project = "kordat" + project = var.project environment = var.environment application = "assets" bucket_name = "${var.participant}-assets-bucket" diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 8314e8f32..772c11865 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -39,6 +39,11 @@ variable "postgres_admin_password" { type = string } +variable "project" { + type = string + default = "kordat" +} + variable "useSVE" { type = bool description = "If true, the -XX:UseSVE=0 switch (Scalable Vector Extensions) will be added to the JAVA_TOOL_OPTIONS. Can help on macOs on Apple Silicon processors" From f73e0b9a81689c37cc8902547e17c6f3bedb1769 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 13:16:46 +0100 Subject: [PATCH 18/72] Update connector deployments --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 59aa5403a..67e77285e 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:latest" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane32ed1723" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index cfeadabd2..bad775893 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:latest" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane32ed1723" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index d909d3300..42bf8c380 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:latest" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub32ed1723" name = "identity-hub" env_from { From 01970afbc4ac39b2004727c10e9ac67ca1db9f7e Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 16:36:39 +0100 Subject: [PATCH 19/72] Update connector k8s deployment --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 67e77285e..1976591f0 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane32ed1723" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:32ed1723" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index bad775893..651ddac9c 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane32ed1723" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:32ed1723" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 42bf8c380..8abacd20f 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub32ed1723" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:32ed1723" name = "identity-hub" env_from { From e3a8a8efe2304e73548baa6fd0c56cfc7ca801d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Tue, 27 Jan 2026 16:51:53 +0100 Subject: [PATCH 20/72] WIP: Fixing build --- launchers/controlplane/build.gradle.kts | 3 --- launchers/dataplane/build.gradle.kts | 7 +++++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index 9f3036b9a..eef7c5ec8 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -19,9 +19,6 @@ plugins { } dependencies { - implementation(libs.edc.aws.s3.core) - implementation(libs.edc.aws.data.plane.s3) - runtimeOnly(project(":extensions:did-example-resolver")) runtimeOnly(project(":extensions:dcp-impl")) // some patches/impls for DCP runtimeOnly(project(":extensions:catalog-node-resolver")) // to trigger the federated catalog diff --git a/launchers/dataplane/build.gradle.kts b/launchers/dataplane/build.gradle.kts index 3966b9398..ba152556e 100644 --- a/launchers/dataplane/build.gradle.kts +++ b/launchers/dataplane/build.gradle.kts @@ -24,7 +24,14 @@ dependencies { runtimeOnly(libs.edc.bom.dataplane) runtimeOnly(libs.edc.dataplane.v2) + + + + // S3 support for data plane + // Note: This may need to be adjusted based on actual EDC version and available extensions + // If data-plane-s3 extension is not available, HTTP can be used as fallback runtimeOnly(libs.edc.aws.validator.data.address.s3) + if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) runtimeOnly(libs.edc.bom.dataplane.sql) From 8f7794b027de9a24ea525db95aebc652d8ca5f5c Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 16:53:52 +0100 Subject: [PATCH 21/72] Update connector k8s deployment --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 1976591f0..777e72f72 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:32ed1723" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:e3a8a8ef" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 651ddac9c..31db75fda 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:32ed1723" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:e3a8a8ef" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 8abacd20f..f8b024bfd 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:32ed1723" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:e3a8a8ef" name = "identity-hub" env_from { From 59548f82a18b8f81609a2e79dc8aba41f88136a2 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 16:57:01 +0100 Subject: [PATCH 22/72] Update connector k8s deployments --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 777e72f72..d95d13d14 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:e3a8a8ef" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:8f7794b0" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 31db75fda..b38ce5219 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:e3a8a8ef" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:8f7794b0" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index f8b024bfd..10a0d33f9 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:e3a8a8ef" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:8f7794b0" name = "identity-hub" env_from { From 96545462103cdd7b5fb0d5ac89d213669dd8ff39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Tue, 27 Jan 2026 17:57:10 +0100 Subject: [PATCH 23/72] WIP: Fixing identityhub build --- connector-deployment/modules/identity-hub/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 10a0d33f9..a958b3873 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -137,6 +137,7 @@ resource "kubernetes_config_map" "identityhub-config" { data = { # IdentityHub variables EDC_IH_IAM_ID = var.participantId + EDC_IAM_ISSUER_ID = var.participantId EDC_IAM_DID_WEB_USE_HTTPS = false EDC_IH_IAM_PUBLICKEY_ALIAS = local.public-key-alias EDC_IH_API_SUPERUSER_KEY = var.ih_superuser_apikey @@ -163,6 +164,11 @@ resource "kubernetes_config_map" "identityhub-config" { EDC_SQL_SCHEMA_AUTOCREATE = true EDC_IAM_ACCESSTOKEN_JTI_VALIDATION = true + # remote STS configuration + EDC_IAM_STS_OAUTH_TOKEN_URL = "http://${kubernetes_service.ih-service.metadata.0.name}:${var.ports.sts-api}${var.sts-token-path}/token" + EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + } } From 552045414459954935cadbf5fc6d3dbec08d9bd9 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 27 Jan 2026 18:03:09 +0100 Subject: [PATCH 24/72] Update connector k8s deployment --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index d95d13d14..f5c2f87c5 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:8f7794b0" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:96545462" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index b38ce5219..b10b48957 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:8f7794b0" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:96545462" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index a958b3873..1e599396f 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:8f7794b0" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:96545462" name = "identity-hub" env_from { From 3cba94bfb7f1e00cabaa11260639b1d56ee94c1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Tue, 27 Jan 2026 18:37:34 +0100 Subject: [PATCH 25/72] WIP: Fixing identityhub build --- connector-deployment/modules/identity-hub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 1e599396f..dbfd3a84c 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -165,7 +165,7 @@ resource "kubernetes_config_map" "identityhub-config" { EDC_IAM_ACCESSTOKEN_JTI_VALIDATION = true # remote STS configuration - EDC_IAM_STS_OAUTH_TOKEN_URL = "http://${kubernetes_service.ih-service.metadata.0.name}:${var.ports.sts-api}${var.sts-token-path}/token" + EDC_IAM_STS_OAUTH_TOKEN_URL = "http://${var.humanReadableName}:${var.ports.sts-api}${var.sts-token-path}/token" EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" From d2a07ec603c467406a7477679b3062073a43386b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Tue, 27 Jan 2026 18:41:06 +0100 Subject: [PATCH 26/72] WIP: Updated image commit --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index f5c2f87c5..42e8e28f2 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:96545462" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:3cba94bf" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index b10b48957..7222d9b56 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:96545462" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:3cba94bf" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index dbfd3a84c..eaec2157a 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:96545462" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:3cba94bf" name = "identity-hub" env_from { From 8c6945488bf40f3ab1e2abaa44dda51ff8f6c21e Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 07:44:50 +0100 Subject: [PATCH 27/72] fix identity hub issue --- deployment/modules/identity-hub/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/deployment/modules/identity-hub/main.tf b/deployment/modules/identity-hub/main.tf index d909d3300..1d886622a 100644 --- a/deployment/modules/identity-hub/main.tf +++ b/deployment/modules/identity-hub/main.tf @@ -162,6 +162,7 @@ resource "kubernetes_config_map" "identityhub-config" { EDC_DATASOURCE_DEFAULT_PASSWORD = var.database.password EDC_SQL_SCHEMA_AUTOCREATE = true EDC_IAM_ACCESSTOKEN_JTI_VALIDATION = true + EDC_RUNTIME_DISABLED_EXTENSIONS = org.eclipse.edc.demo.participants.ParticipantsResolverExtension } } From 9ecb47376deefc804defb4032594056e5ecc637e Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 07:56:48 +0100 Subject: [PATCH 28/72] fix identity hub issue --- connector-deployment/modules/identity-hub/main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index eaec2157a..31c1cd1c8 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -169,6 +169,9 @@ resource "kubernetes_config_map" "identityhub-config" { EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + # Remove participant creation + EDC_RUNTIME_DISABLED_EXTENSIONS = org.eclipse.edc.demo.participants.ParticipantsResolverExtension + } } From b3f8fe5690459076d3655632455883eaaf052c0a Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 08:01:56 +0100 Subject: [PATCH 29/72] update indentity-hub image commit tag --- connector-deployment/modules/identity-hub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 31c1cd1c8..d812a769d 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:3cba94bf" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:302b1d13" name = "identity-hub" env_from { From c0cc24be09c8d7f22aef24167ef1291a4f00fe8c Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 08:34:55 +0100 Subject: [PATCH 30/72] update indentity-hub --- connector-deployment/modules/identity-hub/main.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index d812a769d..d4283ec2d 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -169,8 +169,11 @@ resource "kubernetes_config_map" "identityhub-config" { EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" - # Remove participant creation - EDC_RUNTIME_DISABLED_EXTENSIONS = org.eclipse.edc.demo.participants.ParticipantsResolverExtension + # Remove participant creation - participants are controlled elsewhere + # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension + # is in the Docker image classpath. Providing config value as fallback. + EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" + EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" } } From f2e517ccbcfc935b4ff3a4196c5bc258538aa9bf Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 08:39:33 +0100 Subject: [PATCH 31/72] update connector commit version tag --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 42e8e28f2..9c89de665 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:3cba94bf" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:c0cc24be" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 7222d9b56..3fc65d9a2 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:3cba94bf" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:c0cc24be" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index d4283ec2d..cf78edfc2 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:302b1d13" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:c0cc24be" name = "identity-hub" env_from { From edb07e80f8aea44d6949b0d8ef466bc16e1c7fcb Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 09:31:02 +0100 Subject: [PATCH 32/72] fix issues with dmeo participants in control and datapalnes --- connector-deployment/modules/connector/controlplane.tf | 6 ++++++ connector-deployment/modules/connector/dataplane.tf | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 9c89de665..2e62653c3 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -189,5 +189,11 @@ resource "kubernetes_config_map" "connector-config" { AWS_ACCESS_KEY_ID = var.aws_access_key AWS_SECRET_ACCESS_KEY = var.aws_secret_key AWS_REGION = "us-east-1" + + # Remove participant creation - participants are controlled elsewhere + # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension + # is in the Docker image classpath. Providing config value as fallback. + EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" + EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" } } diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 3fc65d9a2..61102916e 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -133,5 +133,11 @@ resource "kubernetes_config_map" "dataplane-config" { EDC_IAM_STS_OAUTH_TOKEN_URL = var.sts-token-url EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + + # Remove participant creation - participants are controlled elsewhere + # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension + # is in the Docker image classpath. Providing config value as fallback. + EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" + EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" } } From 6a27e8ee95563fb8b6cd0dce7566d3b00f8f9888 Mon Sep 17 00:00:00 2001 From: js Date: Wed, 28 Jan 2026 09:33:38 +0100 Subject: [PATCH 33/72] bump up conectors versions to deploy --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 2e62653c3..172916f1b 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -44,7 +44,7 @@ resource "kubernetes_deployment" "controlplane" { spec { container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:c0cc24be" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:edb07e80" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 61102916e..791630a08 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -46,7 +46,7 @@ resource "kubernetes_deployment" "dataplane" { spec { container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:c0cc24be" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:edb07e80" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index cf78edfc2..933a437c8 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:c0cc24be" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:edb07e80" name = "identity-hub" env_from { From b6569b251e70e8b814d788a5c42482502aae8ba0 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Wed, 28 Jan 2026 17:12:27 +0100 Subject: [PATCH 34/72] Update connector infra --- connector-deployment/connector.tf | 15 +++-- connector-deployment/data.tf | 11 ++++ connector-deployment/locals.tf | 13 ++-- .../modules/connector/controlplane.tf | 1 + .../modules/connector/dataplane.tf | 1 + .../modules/connector/serviceaccount.tf | 10 +++ .../modules/connector/variables.tf | 5 ++ .../modules/iam_role/README.md | 46 +++++++++++++ .../modules/iam_role/attachments.tf | 5 ++ .../modules/iam_role/input.tf | 45 +++++++++++++ .../modules/iam_role/output.tf | 7 ++ .../modules/iam_role/policies.tf | 7 ++ connector-deployment/modules/iam_role/role.tf | 25 +++++++ connector-deployment/roles.tf | 66 +++++++++++++++++++ connector-deployment/s3.tf | 2 +- 15 files changed, 247 insertions(+), 12 deletions(-) create mode 100644 connector-deployment/data.tf create mode 100644 connector-deployment/modules/connector/serviceaccount.tf create mode 100644 connector-deployment/modules/iam_role/README.md create mode 100644 connector-deployment/modules/iam_role/attachments.tf create mode 100644 connector-deployment/modules/iam_role/input.tf create mode 100644 connector-deployment/modules/iam_role/output.tf create mode 100644 connector-deployment/modules/iam_role/policies.tf create mode 100644 connector-deployment/modules/iam_role/role.tf create mode 100644 connector-deployment/roles.tf diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index 1f15fff9e..1a953e026 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -31,13 +31,14 @@ module "participant-connector" { password = random_password.participant_password.result url = local.database_url } - vault-url = local.vault_url - namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name - sts-token-url = "${module.participant-identityhub.sts-token-url}/token" - useSVE = var.useSVE - s3_endpoint = "https://${module.remote_state_s3.bucket_name}.s3.eu-west-1.amazonaws.com" - aws_access_key = aws_iam_access_key.deployer.id - aws_secret_key = aws_iam_access_key.deployer.secret + vault-url = local.vault_url + namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name + sts-token-url = "${module.participant-identityhub.sts-token-url}/token" + useSVE = var.useSVE + s3_endpoint = "https://${module.remote_state_s3.bucket_name}.s3.eu-west-1.amazonaws.com" + aws_access_key = aws_iam_access_key.deployer.id + aws_secret_key = aws_iam_access_key.deployer.secret + service_account_role_arn = module.participant-s3-role.role_arn } # consumer identity hub diff --git a/connector-deployment/data.tf b/connector-deployment/data.tf new file mode 100644 index 000000000..b24bc49d6 --- /dev/null +++ b/connector-deployment/data.tf @@ -0,0 +1,11 @@ +# Current AWS account +data "aws_caller_identity" "current" {} + +# EKS data +data "aws_eks_cluster" "eks" { + name = "${var.project}-${var.environment}-eks" +} + +data "aws_iam_openid_connect_provider" "eks_oidc" { + url = data.aws_eks_cluster.eks.identity[0].oidc[0].issuer +} \ No newline at end of file diff --git a/connector-deployment/locals.tf b/connector-deployment/locals.tf index d74ad2a36..a17e066ec 100644 --- a/connector-deployment/locals.tf +++ b/connector-deployment/locals.tf @@ -1,5 +1,10 @@ locals { - participant-did = "did:web:${var.participant}-identityhub%3A7083:${var.participant}" - database_url = "jdbc:postgresql://${var.postgres_endpoint}:${var.postgres_port}/${var.participant}" - vault_url = "http://${var.participant}-vault:8200" -} \ No newline at end of file + participant-did = "did:web:${var.participant}-identityhub%3A7083:${var.participant}" + database_url = "jdbc:postgresql://${var.postgres_endpoint}:${var.postgres_port}/${var.participant}" + vault_url = "http://${var.participant}-vault:8200" + + eks_oidc = trimprefix( + data.aws_eks_cluster.eks.identity[0].oidc[0].issuer, + "https://" + ) +} diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 172916f1b..3c15b9abb 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -42,6 +42,7 @@ resource "kubernetes_deployment" "controlplane" { } spec { + service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:edb07e80" diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 791630a08..abf7cc830 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -44,6 +44,7 @@ resource "kubernetes_deployment" "dataplane" { } spec { + service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:edb07e80" diff --git a/connector-deployment/modules/connector/serviceaccount.tf b/connector-deployment/modules/connector/serviceaccount.tf new file mode 100644 index 000000000..fc92cb7a5 --- /dev/null +++ b/connector-deployment/modules/connector/serviceaccount.tf @@ -0,0 +1,10 @@ +resource "kubernetes_service_account" "s3_sa" { + metadata { + name = "${lower(var.humanReadableName)}-s3-sa" + namespace = var.namespace + + annotations = { + "eks.amazonaws.com/role-arn" = var.service_account_role_arn + } + } +} \ No newline at end of file diff --git a/connector-deployment/modules/connector/variables.tf b/connector-deployment/modules/connector/variables.tf index 2e440261f..a21cfe15f 100644 --- a/connector-deployment/modules/connector/variables.tf +++ b/connector-deployment/modules/connector/variables.tf @@ -128,3 +128,8 @@ variable "aws_secret_key" { type = string description = "IAM user secret key" } + +variable "service_account_role_arn" { + type = string + description = "ARN of IAM rol to use as service account; controlplane & dataplane" +} diff --git a/connector-deployment/modules/iam_role/README.md b/connector-deployment/modules/iam_role/README.md new file mode 100644 index 000000000..8de0fe1b0 --- /dev/null +++ b/connector-deployment/modules/iam_role/README.md @@ -0,0 +1,46 @@ +# iam_role + + +## Requirements + +No requirements. + +## Providers + +| Name | Version | +|------|---------| +| [aws](#provider\_aws) | n/a | + +## Modules + +No modules. + +## Resources + +| Name | Type | +|------|------| +| [aws_iam_role.role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role) | resource | +| [aws_iam_role_policy.policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy) | resource | +| [aws_iam_role_policy_attachment.test-attach](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_role_policy_attachment) | resource | + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| [environment](#input\_environment) | Environment (dev\|pre\|pro) | `string` | n/a | yes | +| [extra\_policies](#input\_extra\_policies) | Extra policies to attach | `list(string)` | `[]` | no | +| [full\_assume\_role\_policy](#input\_full\_assume\_role\_policy) | n/a | `string` | `""` | no | +| [policy\_content](#input\_policy\_content) | Name of the content | `string` | `""` | no | +| [policy\_name](#input\_policy\_name) | Name of the policy | `string` | `""` | no | +| [role](#input\_role) | Role into the product | `string` | n/a | yes | +| [role\_name](#input\_role\_name) | Name of the role | `string` | n/a | yes | +| [role\_principal\_service](#input\_role\_principal\_service) | Principal service of the role | `string` | `""` | no | +| [tenant](#input\_tenant) | Tenant name | `string` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| [role\_arn](#output\_role\_arn) | n/a | +| [role\_name](#output\_role\_name) | n/a | + diff --git a/connector-deployment/modules/iam_role/attachments.tf b/connector-deployment/modules/iam_role/attachments.tf new file mode 100644 index 000000000..50422bcca --- /dev/null +++ b/connector-deployment/modules/iam_role/attachments.tf @@ -0,0 +1,5 @@ +resource "aws_iam_role_policy_attachment" "test-attach" { + for_each = toset(var.extra_policies) + role = aws_iam_role.role.id + policy_arn = each.key +} \ No newline at end of file diff --git a/connector-deployment/modules/iam_role/input.tf b/connector-deployment/modules/iam_role/input.tf new file mode 100644 index 000000000..1166a4564 --- /dev/null +++ b/connector-deployment/modules/iam_role/input.tf @@ -0,0 +1,45 @@ +# Common variables +variable "tenant" { + type = string + description = "Tenant name" +} +variable "environment" { + type = string + description = "Environment (dev|pre|pro)" +} +variable "role" { + type = string + description = "Role into the product" +} + +# Role vars +variable "role_name" { + type = string + description = "Name of the role" +} +variable "role_principal_service" { + type = string + description = "Principal service of the role" + default = "" +} +variable "full_assume_role_policy" { + type = string + default = "" +} +variable "policy_name" { + type = string + description = "Name of the policy" + default = "" +} +variable "policy_content" { + type = string + description = "Name of the content" + default = "" +} + +# Additional attachements +variable "extra_policies" { + type = list(string) + description = "Extra policies to attach" + default = [] +} diff --git a/connector-deployment/modules/iam_role/output.tf b/connector-deployment/modules/iam_role/output.tf new file mode 100644 index 000000000..3afc45033 --- /dev/null +++ b/connector-deployment/modules/iam_role/output.tf @@ -0,0 +1,7 @@ +output "role_arn" { + value = aws_iam_role.role.arn +} + +output "role_name" { + value = "${var.tenant}-${var.environment}-${var.role_name}" +} diff --git a/connector-deployment/modules/iam_role/policies.tf b/connector-deployment/modules/iam_role/policies.tf new file mode 100644 index 000000000..97f4c6e53 --- /dev/null +++ b/connector-deployment/modules/iam_role/policies.tf @@ -0,0 +1,7 @@ +resource "aws_iam_role_policy" "policy" { + count = length(var.policy_content) > 0 ? 1 : 0 + name = "${var.tenant}-${var.environment}-${var.policy_name}" + role = aws_iam_role.role.id + + policy = var.policy_content +} diff --git a/connector-deployment/modules/iam_role/role.tf b/connector-deployment/modules/iam_role/role.tf new file mode 100644 index 000000000..35ad20f2f --- /dev/null +++ b/connector-deployment/modules/iam_role/role.tf @@ -0,0 +1,25 @@ +resource "aws_iam_role" "role" { + name = "${var.tenant}-${var.environment}-${var.role_name}" + assume_role_policy = coalesce( + var.full_assume_role_policy, + jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = var.role_principal_service + } + }, + ] + }) + ) + + tags = { + Name = "${var.tenant}-${var.environment}-${var.role_name}" + tenant = var.tenant + environment = var.environment + role = var.role + } +} diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf new file mode 100644 index 000000000..39f0268f1 --- /dev/null +++ b/connector-deployment/roles.tf @@ -0,0 +1,66 @@ +module "participant-s3-role" { + source = "./modules/iam_role" + environment = lower(var.shared.environment) + tenant = lower(var.shared.project) + role = "kordat-participant" + role_name = "${var.participant}-s3-sa-role" + full_assume_role_policy = < Date: Wed, 28 Jan 2026 17:23:22 +0100 Subject: [PATCH 35/72] Fix connector iam rol error --- connector-deployment/roles.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index 39f0268f1..7a900c2bb 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -1,7 +1,7 @@ module "participant-s3-role" { source = "./modules/iam_role" - environment = lower(var.shared.environment) - tenant = lower(var.shared.project) + environment = var.environment + tenant = var.project role = "kordat-participant" role_name = "${var.participant}-s3-sa-role" full_assume_role_policy = < Date: Wed, 28 Jan 2026 17:46:52 +0100 Subject: [PATCH 36/72] fix: disable catalog cache --- connector-deployment/modules/identity-hub/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 933a437c8..4125afbb6 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -174,6 +174,8 @@ resource "kubernetes_config_map" "identityhub-config" { # is in the Docker image classpath. Providing config value as fallback. EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" + + EDC_CATALOG_CACHE_EXECUTION_ENABLED = "false" } } From 8059af82bee372f1ee165b8548f56b1d22bb7c00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Wed, 28 Jan 2026 18:15:49 +0100 Subject: [PATCH 37/72] WIP: Removed demo extension --- connector-deployment/modules/connector/controlplane.tf | 1 - connector-deployment/modules/connector/dataplane.tf | 1 - connector-deployment/modules/identity-hub/main.tf | 1 - deployment/modules/identity-hub/main.tf | 1 - 4 files changed, 4 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 3c15b9abb..2b1a8555f 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -194,7 +194,6 @@ resource "kubernetes_config_map" "connector-config" { # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension # is in the Docker image classpath. Providing config value as fallback. - EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" } } diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index abf7cc830..bb69c1944 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -138,7 +138,6 @@ resource "kubernetes_config_map" "dataplane-config" { # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension # is in the Docker image classpath. Providing config value as fallback. - EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" } } diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 4125afbb6..1de3e0064 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -172,7 +172,6 @@ resource "kubernetes_config_map" "identityhub-config" { # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension # is in the Docker image classpath. Providing config value as fallback. - EDC_RUNTIME_DISABLED_EXTENSIONS = "org.eclipse.edc.demo.participants.ParticipantsResolverExtension" EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" EDC_CATALOG_CACHE_EXECUTION_ENABLED = "false" diff --git a/deployment/modules/identity-hub/main.tf b/deployment/modules/identity-hub/main.tf index 1d886622a..d909d3300 100644 --- a/deployment/modules/identity-hub/main.tf +++ b/deployment/modules/identity-hub/main.tf @@ -162,7 +162,6 @@ resource "kubernetes_config_map" "identityhub-config" { EDC_DATASOURCE_DEFAULT_PASSWORD = var.database.password EDC_SQL_SCHEMA_AUTOCREATE = true EDC_IAM_ACCESSTOKEN_JTI_VALIDATION = true - EDC_RUNTIME_DISABLED_EXTENSIONS = org.eclipse.edc.demo.participants.ParticipantsResolverExtension } } From 0322c6b9e0762fede2e376fd8d53c208dd0d0dfc Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Wed, 28 Jan 2026 18:18:27 +0100 Subject: [PATCH 38/72] Update connector image tag --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 2b1a8555f..fdc455679 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -45,7 +45,7 @@ resource "kubernetes_deployment" "controlplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:edb07e80" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:8059af82" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index bb69c1944..d78b9e628 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -47,7 +47,7 @@ resource "kubernetes_deployment" "dataplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:edb07e80" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:8059af82" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 1de3e0064..ff6dd3a78 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:edb07e80" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:8059af82" name = "identity-hub" env_from { From bba03a7f7e77c6be486acce0cf67c2eeeb82d7c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Wed, 28 Jan 2026 18:33:16 +0100 Subject: [PATCH 39/72] WIP: Removed demo extension --- .../ParticipantsResolverExtension.java | 85 ------------------- 1 file changed, 85 deletions(-) delete mode 100644 extensions/catalog-node-resolver/src/main/java/org/eclipse/edc/demo/participants/ParticipantsResolverExtension.java diff --git a/extensions/catalog-node-resolver/src/main/java/org/eclipse/edc/demo/participants/ParticipantsResolverExtension.java b/extensions/catalog-node-resolver/src/main/java/org/eclipse/edc/demo/participants/ParticipantsResolverExtension.java deleted file mode 100644 index c31ec3918..000000000 --- a/extensions/catalog-node-resolver/src/main/java/org/eclipse/edc/demo/participants/ParticipantsResolverExtension.java +++ /dev/null @@ -1,85 +0,0 @@ -/* - * Copyright (c) 2024 Metaform Systems, Inc. - * - * This program and the accompanying materials are made available under the - * terms of the Apache License, Version 2.0 which is available at - * https://www.apache.org/licenses/LICENSE-2.0 - * - * SPDX-License-Identifier: Apache-2.0 - * - * Contributors: - * Metaform Systems, Inc. - initial API and implementation - * - */ - -package org.eclipse.edc.demo.participants; - -import org.eclipse.edc.crawler.spi.TargetNodeDirectory; -import org.eclipse.edc.crawler.spi.TargetNodeFilter; -import org.eclipse.edc.demo.participants.resolver.LazyLoadNodeDirectory; -import org.eclipse.edc.iam.did.spi.resolution.DidResolverRegistry; -import org.eclipse.edc.runtime.metamodel.annotation.Extension; -import org.eclipse.edc.runtime.metamodel.annotation.Inject; -import org.eclipse.edc.runtime.metamodel.annotation.Provider; -import org.eclipse.edc.spi.monitor.Monitor; -import org.eclipse.edc.spi.system.ServiceExtension; -import org.eclipse.edc.spi.system.ServiceExtensionContext; -import org.eclipse.edc.spi.types.TypeManager; - -import java.io.File; - -import static org.eclipse.edc.demo.participants.ParticipantsResolverExtension.NAME; - -@Extension(value = NAME) -public class ParticipantsResolverExtension implements ServiceExtension { - public static final String NAME = "MVD Participant Resolver Extension"; - - public static final String PARTICIPANT_LIST_FILE_PATH = "edc.mvd.participants.list.file"; - - @Inject - private TypeManager typeManager; - - @Inject - private DidResolverRegistry didResolverRegistry; - - private File participantListFile; - private Monitor monitor; - private TargetNodeDirectory nodeDirectory; - - @Override - public String name() { - return NAME; - } - - @Override - public void initialize(ServiceExtensionContext context) { - var participantsPath = context.getConfig().getString(PARTICIPANT_LIST_FILE_PATH); - monitor = context.getMonitor().withPrefix("DEMO"); - - participantListFile = new File(participantsPath).getAbsoluteFile(); - if (!participantListFile.exists()) { - monitor.warning("Path '%s' does not exist. It must be a resolvable path with read access. Will not add any VCs.".formatted(participantsPath)); - } - } - - @Provider - public TargetNodeDirectory createLazyTargetNodeDirectory() { - if (nodeDirectory == null) { - nodeDirectory = new LazyLoadNodeDirectory(typeManager.getMapper(), participantListFile, didResolverRegistry, monitor); - } - return nodeDirectory; - } - - @Provider - public TargetNodeFilter skipSelfNodeFilter(ServiceExtensionContext context) { - return targetNode -> { - var predicateTest = !targetNode.id().equals(context.getParticipantId()); - if (!predicateTest) { - monitor.debug("Node filter: skipping node '%s' for participant '%s'".formatted(targetNode.id(), context.getParticipantId())); - } - return predicateTest; - }; - } - - -} From 16071b46615337a69dd10f1072ebec1fe8f1c8ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jorge=20Guti=C3=A9rrez?= Date: Wed, 28 Jan 2026 18:35:06 +0100 Subject: [PATCH 40/72] WIP: Updated image commit --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index fdc455679..9997b0a9c 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -45,7 +45,7 @@ resource "kubernetes_deployment" "controlplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:8059af82" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:bba03a7f" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index d78b9e628..3eb9f033d 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -47,7 +47,7 @@ resource "kubernetes_deployment" "dataplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:8059af82" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:bba03a7f" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index ff6dd3a78..546de6397 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:8059af82" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:bba03a7f" name = "identity-hub" env_from { From 96ae997ee764c1760779fe6126d50135d8b0fd51 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Wed, 28 Jan 2026 21:40:34 +0100 Subject: [PATCH 41/72] Fix connector terraform error --- connector-deployment/connector.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index 1a953e026..48869f7dd 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -35,7 +35,7 @@ module "participant-connector" { namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name sts-token-url = "${module.participant-identityhub.sts-token-url}/token" useSVE = var.useSVE - s3_endpoint = "https://${module.remote_state_s3.bucket_name}.s3.eu-west-1.amazonaws.com" + s3_endpoint = "https://${module.assets_s3_bucket.bucket_name}.s3.eu-west-1.amazonaws.com" aws_access_key = aws_iam_access_key.deployer.id aws_secret_key = aws_iam_access_key.deployer.secret service_account_role_arn = module.participant-s3-role.role_arn From e64b9ae1f5ae9e5d8825b186f642e2fcc0392287 Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 08:47:37 +0100 Subject: [PATCH 42/72] fix identity hub and remove federated catalog from controlplane --- buildspec.yml | 2 +- .../services/org.eclipse.edc.spi.system.ServiceExtension | 2 +- launchers/controlplane/build.gradle.kts | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/buildspec.yml b/buildspec.yml index d210bd9f7..844429819 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -23,7 +23,7 @@ phases: - echo "Tagging images..." - docker tag controlplane:latest $ECR_IMAGE_CONTROLPLANE - docker tag dataplane:latest $ECR_IMAGE_DATAPLANE - - docker tag controlplane:latest $ECR_IMAGE_IDENTITY_HUB + - docker tag identity-hub:latest $ECR_IMAGE_IDENTITY_HUB - docker tag catalog-server:latest $ECR_IMAGE_CATALOG_SERVER - echo "Pushing images..." - docker push $ECR_IMAGE_CONTROLPLANE diff --git a/extensions/catalog-node-resolver/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension b/extensions/catalog-node-resolver/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension index 9b6064c26..8a1808ca0 100644 --- a/extensions/catalog-node-resolver/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension +++ b/extensions/catalog-node-resolver/src/main/resources/META-INF/services/org.eclipse.edc.spi.system.ServiceExtension @@ -12,4 +12,4 @@ # # -org.eclipse.edc.demo.participants.ParticipantsResolverExtension \ No newline at end of file +# ParticipantsResolverExtension removed: participants are managed by kordat project, no federated catalog used \ No newline at end of file diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index eef7c5ec8..9e5d9978f 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -21,7 +21,7 @@ plugins { dependencies { runtimeOnly(project(":extensions:did-example-resolver")) runtimeOnly(project(":extensions:dcp-impl")) // some patches/impls for DCP - runtimeOnly(project(":extensions:catalog-node-resolver")) // to trigger the federated catalog + // runtimeOnly(project(":extensions:catalog-node-resolver")) // Removed: participants managed by kordat project, no federated catalog runtimeOnly(libs.edc.bom.controlplane) runtimeOnly(libs.edc.api.secrets) runtimeOnly(libs.edc.aws.validator.data.address.s3) From 632507a7a63d360d1daa81e7c75fc40955329660 Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 08:56:09 +0100 Subject: [PATCH 43/72] bump up connector version --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 9997b0a9c..30bfc99e1 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -45,7 +45,7 @@ resource "kubernetes_deployment" "controlplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:bba03a7f" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:d425278c" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 3eb9f033d..cd37ed458 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -47,7 +47,7 @@ resource "kubernetes_deployment" "dataplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:bba03a7f" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:d425278c" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 546de6397..f6f2bcda2 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:bba03a7f" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:d425278c" name = "identity-hub" env_from { From 74e0a36ff6fb9c875c93f14a9ce87fe556e7f490 Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 09:56:31 +0100 Subject: [PATCH 44/72] fix control plane --- connector-deployment/modules/connector/controlplane.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 30bfc99e1..00ae8f5b1 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -66,6 +66,10 @@ resource "kubernetes_deployment" "controlplane" { container_port = var.ports.debug name = "debug-port" } + port { + container_port = var.ports.control + name = "control-port" + } liveness_probe { http_get { From 168c36064a4206fb279f247d0f40761aab0407a5 Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 10:40:06 +0100 Subject: [PATCH 45/72] fix identityhub did --- connector-deployment/locals.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/locals.tf b/connector-deployment/locals.tf index a17e066ec..085a9b106 100644 --- a/connector-deployment/locals.tf +++ b/connector-deployment/locals.tf @@ -1,5 +1,5 @@ locals { - participant-did = "did:web:${var.participant}-identityhub%3A7083:${var.participant}" + participant-did = "did:web:${var.participant}-identityhub.${var.participant}%3A7083:${var.participant}" database_url = "jdbc:postgresql://${var.postgres_endpoint}:${var.postgres_port}/${var.participant}" vault_url = "http://${var.participant}-vault:8200" From cd2be1e75028897a6832e28acf397ce7a39e397a Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 10:50:21 +0100 Subject: [PATCH 46/72] bump up version --- connector-deployment/modules/connector/controlplane.tf | 2 +- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 00ae8f5b1..ea712da96 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -45,7 +45,7 @@ resource "kubernetes_deployment" "controlplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:d425278c" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:168c3606" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index cd37ed458..79a33785c 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -47,7 +47,7 @@ resource "kubernetes_deployment" "dataplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:d425278c" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:168c3606" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index f6f2bcda2..27d6e5132 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:d425278c" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:168c3606" name = "identity-hub" env_from { From 0de20e0049e46d3ab4e987aea79c629751602ec4 Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 11:37:58 +0100 Subject: [PATCH 47/72] Add ports --- connector-deployment/modules/connector/controlplane.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index ea712da96..4e18926d4 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -70,6 +70,10 @@ resource "kubernetes_deployment" "controlplane" { container_port = var.ports.control name = "control-port" } + port { + container_port = var.ports.catalog + name = "catalog-port" + } liveness_probe { http_get { From 0aaeb91273265222eea337e94c9d07f375b22c0d Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 29 Jan 2026 11:46:22 +0100 Subject: [PATCH 48/72] Update connector k8s deployment --- connector-deployment/modules/connector/controlplane.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 4e18926d4..b06603edc 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -74,6 +74,10 @@ resource "kubernetes_deployment" "controlplane" { container_port = var.ports.catalog name = "catalog-port" } + port { + container_port = var.ports.protocol + name = "protocol-port" + } liveness_probe { http_get { From bbb9ba550506e3e8e38e8c17eef784669e6abad0 Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 12:05:48 +0100 Subject: [PATCH 49/72] Add explicit managetment api --- launchers/controlplane/build.gradle.kts | 1 + 1 file changed, 1 insertion(+) diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index 9e5d9978f..5a4f9e1cb 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -25,6 +25,7 @@ dependencies { runtimeOnly(libs.edc.bom.controlplane) runtimeOnly(libs.edc.api.secrets) runtimeOnly(libs.edc.aws.validator.data.address.s3) + runtimeOnly(libs.edc.api.management.config) // Ensure catalog API context is registered if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) From 10b100ee391f6b657796e12e0a6110f745db1a3d Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 12:06:43 +0100 Subject: [PATCH 50/72] Add explicit managetment api --- connector-deployment/modules/connector/controlplane.tf | 4 ---- launchers/controlplane/build.gradle.kts | 3 +-- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index b06603edc..a196d9b0a 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -171,10 +171,6 @@ resource "kubernetes_config_map" "connector-config" { WEB_HTTP_CONTROL_PATH = "/api/control" WEB_HTTP_PROTOCOL_PORT = var.ports.protocol WEB_HTTP_PROTOCOL_PATH = "/api/dsp" - WEB_HTTP_CATALOG_PORT = var.ports.catalog - WEB_HTTP_CATALOG_PATH = "/api/catalog" - WEB_HTTP_CATALOG_AUTH_TYPE = "tokenbased" - WEB_HTTP_CATALOG_AUTH_KEY = "password" EDC_DSP_CALLBACK_ADDRESS = "http://${local.controlplane-service-name}:${var.ports.protocol}/api/dsp" EDC_IAM_STS_PRIVATEKEY_ALIAS = "${var.participantId}#${var.aliases.sts-private-key}" EDC_IAM_STS_PUBLICKEY_ID = "${var.participantId}#${var.aliases.sts-public-key-id}" diff --git a/launchers/controlplane/build.gradle.kts b/launchers/controlplane/build.gradle.kts index 5a4f9e1cb..2cf3deef6 100644 --- a/launchers/controlplane/build.gradle.kts +++ b/launchers/controlplane/build.gradle.kts @@ -21,11 +21,10 @@ plugins { dependencies { runtimeOnly(project(":extensions:did-example-resolver")) runtimeOnly(project(":extensions:dcp-impl")) // some patches/impls for DCP - // runtimeOnly(project(":extensions:catalog-node-resolver")) // Removed: participants managed by kordat project, no federated catalog + runtimeOnly(project(":extensions:catalog-node-resolver")) // Removed: participants managed by kordat project, no federated catalog runtimeOnly(libs.edc.bom.controlplane) runtimeOnly(libs.edc.api.secrets) runtimeOnly(libs.edc.aws.validator.data.address.s3) - runtimeOnly(libs.edc.api.management.config) // Ensure catalog API context is registered if (project.properties.getOrDefault("persistence", "false") == "true") { runtimeOnly(libs.edc.vault.hashicorp) From 8fdeb9b37465b301088e0bbe0a10b3fc1af093af Mon Sep 17 00:00:00 2001 From: js Date: Thu, 29 Jan 2026 12:11:34 +0100 Subject: [PATCH 51/72] bump up --- connector-deployment/modules/connector/controlplane.tf | 6 +++++- connector-deployment/modules/connector/dataplane.tf | 2 +- connector-deployment/modules/identity-hub/main.tf | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index a196d9b0a..c0171f85f 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -45,7 +45,7 @@ resource "kubernetes_deployment" "controlplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:168c3606" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:10b100ee" image_pull_policy = "IfNotPresent" env_from { @@ -171,6 +171,10 @@ resource "kubernetes_config_map" "connector-config" { WEB_HTTP_CONTROL_PATH = "/api/control" WEB_HTTP_PROTOCOL_PORT = var.ports.protocol WEB_HTTP_PROTOCOL_PATH = "/api/dsp" + WEB_HTTP_CATALOG_PORT = var.ports.catalog + WEB_HTTP_CATALOG_PATH = "/api/catalog" + WEB_HTTP_CATALOG_AUTH_TYPE = "tokenbased" + WEB_HTTP_CATALOG_AUTH_KEY = "password" EDC_DSP_CALLBACK_ADDRESS = "http://${local.controlplane-service-name}:${var.ports.protocol}/api/dsp" EDC_IAM_STS_PRIVATEKEY_ALIAS = "${var.participantId}#${var.aliases.sts-private-key}" EDC_IAM_STS_PUBLICKEY_ID = "${var.participantId}#${var.aliases.sts-public-key-id}" diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 79a33785c..057912241 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -47,7 +47,7 @@ resource "kubernetes_deployment" "dataplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:168c3606" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:10b100ee" image_pull_policy = "IfNotPresent" env_from { diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 27d6e5132..6737fa03c 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:168c3606" + image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:10b100ee" name = "identity-hub" env_from { From 00953570f21e7fbd34b2e82ad71b6d6f4ca71103 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 29 Jan 2026 13:15:23 +0100 Subject: [PATCH 52/72] Update buildspec --- buildspec.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/buildspec.yml b/buildspec.yml index 844429819..dde83314f 100644 --- a/buildspec.yml +++ b/buildspec.yml @@ -25,8 +25,10 @@ phases: - docker tag dataplane:latest $ECR_IMAGE_DATAPLANE - docker tag identity-hub:latest $ECR_IMAGE_IDENTITY_HUB - docker tag catalog-server:latest $ECR_IMAGE_CATALOG_SERVER + - docker tag issuerservice:latest $ECR_IMAGE_ISSUERSERVICE - echo "Pushing images..." - docker push $ECR_IMAGE_CONTROLPLANE - docker push $ECR_IMAGE_DATAPLANE - docker push $ECR_IMAGE_IDENTITY_HUB - docker push $ECR_IMAGE_CATALOG_SERVER + - docker push $ECR_IMAGE_ISSUERSERVICE From 4b1556402722bd60cea273dd58e82d534488455b Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 29 Jan 2026 14:25:23 +0100 Subject: [PATCH 53/72] Update connector infra --- .../k8s/consumer/dataprocessor-credential.json | 6 +++--- .../credentials/k8s/consumer/dataprocessor_vc.json | 2 +- .../k8s/consumer/membership-credential.json | 6 +++--- .../credentials/k8s/consumer/membership_vc.json | 2 +- connector-deployment/modules/identity-hub/main.tf | 12 ++++++++---- 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/connector-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json b/connector-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json index f7c8f50dc..cd820a437 100644 --- a/connector-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json +++ b/connector-deployment/assets/credentials/k8s/consumer/dataprocessor-credential.json @@ -1,9 +1,9 @@ { "id": "40e24588-b510-41ca-966c-c1e0f57d1b15", - "participantContextId": "did:web:consumer-identityhub%3A7083:consumer", + "participantContextId": "${did}", "timestamp": 1700659822500, "issuerId": "did:web:dataspace-issuer", - "holderId": "did:web:consumer-identityhub%3A7083:consumer", + "holderId": "${did}", "state": 500, "issuancePolicy": null, "reissuancePolicy": null, @@ -14,7 +14,7 @@ "credentialSubject": [ { "claims": { - "id": "did:web:consumer-identityhub%3A7083:consumer", + "id": "${did}", "contractVersion": "1.0.0", "level": "processing" } diff --git a/connector-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json b/connector-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json index fb5154731..1b9e7faac 100644 --- a/connector-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json +++ b/connector-deployment/assets/credentials/k8s/consumer/dataprocessor_vc.json @@ -17,7 +17,7 @@ "issuer": "did:web:dataspace-issuer", "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { - "id": "did:web:consumer-identityhub%3A7083:consumer", + "id": "${did}", "contractVersion": "1.0.0", "level": "processing" } diff --git a/connector-deployment/assets/credentials/k8s/consumer/membership-credential.json b/connector-deployment/assets/credentials/k8s/consumer/membership-credential.json index c8d45368d..d3334ce58 100644 --- a/connector-deployment/assets/credentials/k8s/consumer/membership-credential.json +++ b/connector-deployment/assets/credentials/k8s/consumer/membership-credential.json @@ -1,9 +1,9 @@ { "id": "40e24588-b510-41ca-966c-c1e0f57d1b14", - "participantContextId": "did:web:consumer-identityhub%3A7083:consumer", + "participantContextId": "${did}", "timestamp": 1700659822500, "issuerId": "did:web:dataspace-issuer", - "holderId": "did:web:consumer-identityhub%3A7083:consumer", + "holderId": "${did}", "state": 500, "issuancePolicy": null, "reissuancePolicy": null, @@ -19,7 +19,7 @@ "contact": "bar.baz@company.com", "since": "2023-01-01T00:00:00Z" }, - "id": "did:web:consumer-identityhub%3A7083:consumer" + "id": "${did}" } ], "id": "http://org.yourdataspace.com/credentials/2347", diff --git a/connector-deployment/assets/credentials/k8s/consumer/membership_vc.json b/connector-deployment/assets/credentials/k8s/consumer/membership_vc.json index d3f4ae745..1cf10b329 100644 --- a/connector-deployment/assets/credentials/k8s/consumer/membership_vc.json +++ b/connector-deployment/assets/credentials/k8s/consumer/membership_vc.json @@ -20,7 +20,7 @@ "issuer": "did:web:dataspace-issuer", "issuanceDate": "2023-08-18T00:00:00Z", "credentialSubject": { - "id": "did:web:consumer-identityhub%3A7083:consumer", + "id": "${did}", "membership": { "membershipType": "FullMember", "website": "www.whatever.com", diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 6737fa03c..42e622248 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -124,7 +124,11 @@ resource "kubernetes_config_map" "identityhub-credentials-map" { } data = { - for f in fileset(var.credentials-dir, "*-credential.json") : f => file(join("/", [var.credentials-dir, f])) + for f in fileset(var.credentials-dir, "*.json") : f => templatefile(join("/", [var.credentials-dir, f]), + { + did = var.participantId + } + ) } } @@ -172,8 +176,8 @@ resource "kubernetes_config_map" "identityhub-config" { # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension # is in the Docker image classpath. Providing config value as fallback. - EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" - + EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" + EDC_CATALOG_CACHE_EXECUTION_ENABLED = "false" } @@ -181,4 +185,4 @@ resource "kubernetes_config_map" "identityhub-config" { locals { public-key-alias = "${var.humanReadableName}-publickey" -} \ No newline at end of file +} From d26b3414a224c7fd6641483a2801b3547eeae95d Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Thu, 29 Jan 2026 14:34:38 +0100 Subject: [PATCH 54/72] Fix error --- connector-deployment/modules/identity-hub/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 42e622248..445f0d43e 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -124,7 +124,7 @@ resource "kubernetes_config_map" "identityhub-credentials-map" { } data = { - for f in fileset(var.credentials-dir, "*.json") : f => templatefile(join("/", [var.credentials-dir, f]), + for f in fileset(var.credentials-dir, "*-credential.json") : f => templatefile(join("/", [var.credentials-dir, f]), { did = var.participantId } From fbed87070374c2a9fba99b684b1abe86b901e5f9 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Fri, 30 Jan 2026 12:40:00 +0100 Subject: [PATCH 55/72] Update connectos k8s deployment --- .../modules/connector/services.tf | 24 ++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/connector-deployment/modules/connector/services.tf b/connector-deployment/modules/connector/services.tf index 972e1cd2d..7299ca7d2 100644 --- a/connector-deployment/modules/connector/services.tf +++ b/connector-deployment/modules/connector/services.tf @@ -73,4 +73,26 @@ resource "kubernetes_service" "dataplane-service" { port = var.ports.public } } -} \ No newline at end of file +} + +resource "kubernetes_service" "dataspace-issuer" { + metadata { + name = "dataspace-issuer" + namespace = var.namespace + } + spec { + type = "ExternalName" + external_name = "dataspace-issuer.kordat.svc.cluster.local" + } +} + +resource "kubernetes_service" "dataspace-issuer-service" { + metadata { + name = "dataspace-issuer-service" + namespace = var.namespace + } + spec { + type = "ExternalName" + external_name = "dataspace-issuer-service.kordat.svc.cluster.local" + } +} From 812eb3f23bd384cfbf065158a906eb1868fcd238 Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Feb 2026 09:54:01 +0100 Subject: [PATCH 56/72] fix credentials generation --- .../participant/dataprocessor-credential.json | 39 ++++++++++ .../k8s/participant/dataprocessor_vc.json | 24 ++++++ .../participant/membership-credential.json | 41 ++++++++++ .../k8s/participant/membership_vc.json | 31 ++++++++ connector-deployment/connector.tf | 16 +++- connector-deployment/outputs.tf | 8 +- .../produce_participant_credentials.sh | 77 +++++++++++++++++++ .../scripts/seed_vault_participant_key.sh | 34 ++++++++ connector-deployment/scripts/sign_vc.sh | 30 ++++++++ 9 files changed, 298 insertions(+), 2 deletions(-) create mode 100644 connector-deployment/assets/credentials/k8s/participant/dataprocessor-credential.json create mode 100644 connector-deployment/assets/credentials/k8s/participant/dataprocessor_vc.json create mode 100644 connector-deployment/assets/credentials/k8s/participant/membership-credential.json create mode 100644 connector-deployment/assets/credentials/k8s/participant/membership_vc.json create mode 100755 connector-deployment/scripts/produce_participant_credentials.sh create mode 100644 connector-deployment/scripts/seed_vault_participant_key.sh create mode 100755 connector-deployment/scripts/sign_vc.sh diff --git a/connector-deployment/assets/credentials/k8s/participant/dataprocessor-credential.json b/connector-deployment/assets/credentials/k8s/participant/dataprocessor-credential.json new file mode 100644 index 000000000..7cc5facf3 --- /dev/null +++ b/connector-deployment/assets/credentials/k8s/participant/dataprocessor-credential.json @@ -0,0 +1,39 @@ +{ + "id": "", + "participantContextId": "did:web:-identityhub.%3A7083:", + "timestamp": , + "issuerId": "did:web:dataspace-issuer", + "holderId": "did:web:-identityhub.%3A7083:", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "VC1_0_JWT", + "rawVc": "{{RAW_VC_JWT}}", + "credential": { + "credentialSubject": [ + { + "claims": { + "id": "did:web:-identityhub.%3A7083:", + "contractVersion": "1.0.0", + "level": "processing" + } + } + ], + "id": "http://kordat.es/credentials/", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": { + "id": "did:web:dataspace-issuer", + "additionalProperties": {} + }, + "issuanceDate": null, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector-deployment/assets/credentials/k8s/participant/dataprocessor_vc.json b/connector-deployment/assets/credentials/k8s/participant/dataprocessor_vc.json new file mode 100644 index 000000000..6ad853a64 --- /dev/null +++ b/connector-deployment/assets/credentials/k8s/participant/dataprocessor_vc.json @@ -0,0 +1,24 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "contractVersion": "mvd-credentials:contractVersion", + "level": "mvd-credentials:level" + } + ], + "id": "http://kordat.es/credentials/1235", + "type": [ + "VerifiableCredential", + "DataProcessorCredential" + ], + "issuer": "did:web:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:-identityhub.%3A7083:", + "contractVersion": "1.0.0", + "level": "processing" + } +} diff --git a/connector-deployment/assets/credentials/k8s/participant/membership-credential.json b/connector-deployment/assets/credentials/k8s/participant/membership-credential.json new file mode 100644 index 000000000..9437b892a --- /dev/null +++ b/connector-deployment/assets/credentials/k8s/participant/membership-credential.json @@ -0,0 +1,41 @@ +{ + "id": "", + "participantContextId": "did:web:-identityhub.%3A7083:", + "timestamp": , + "issuerId": "did:web:dataspace-issuer", + "holderId": "did:web:-identityhub.%3A7083:", + "state": 500, + "issuancePolicy": null, + "reissuancePolicy": null, + "verifiableCredential": { + "format": "VC1_0_JWT", + "rawVc": "{{RAW_VC_JWT}}", + "credential": { + "credentialSubject": [ + { + "claims": { + "membershipType": "FullMember", + "website": "www.example.com", + "contact": "admin@example.com", + "since": "2023-01-01T00:00:00Z" + }, + "id": "did:web:-identityhub.%3A7083:" + } + ], + "id": "http://kordat.es/credentials/", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": { + "id": "{{DATASPACE_ISSUER_DID}}", + "additionalProperties": {} + }, + "issuanceDate": 1702339200.000000000, + "expirationDate": null, + "credentialStatus": null, + "description": null, + "name": null + } + } +} diff --git a/connector-deployment/assets/credentials/k8s/participant/membership_vc.json b/connector-deployment/assets/credentials/k8s/participant/membership_vc.json new file mode 100644 index 000000000..bdd7ce1da --- /dev/null +++ b/connector-deployment/assets/credentials/k8s/participant/membership_vc.json @@ -0,0 +1,31 @@ +{ + "@context": [ + "https://www.w3.org/2018/credentials/v1", + "https://w3id.org/security/suites/jws-2020/v1", + "https://www.w3.org/ns/did/v1", + { + "mvd-credentials": "https://w3id.org/mvd/credentials/", + "membership": "mvd-credentials:membership", + "membershipType": "mvd-credentials:membershipType", + "website": "mvd-credentials:website", + "contact": "mvd-credentials:contact", + "since": "mvd-credentials:since" + } + ], + "id": "http://kordat.es/credentials/2347", + "type": [ + "VerifiableCredential", + "MembershipCredential" + ], + "issuer": "did:web:dataspace-issuer", + "issuanceDate": "2023-08-18T00:00:00Z", + "credentialSubject": { + "id": "did:web:-identityhub.%3A7083:", + "membership": { + "membershipType": "FullMember", + "website": "www.example.com", + "contact": "admin@example.com", + "since": "2023-01-01T00:00:00Z" + } + } +} diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index 48869f7dd..a8d3b349a 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -45,7 +45,7 @@ module "participant-connector" { module "participant-identityhub" { depends_on = [module.participant-vault] source = "./modules/identity-hub" - credentials-dir = dirname("./assets/credentials/k8s/consumer/") # To~Do + credentials-dir = "./assets/credentials/k8s/${var.participant}" humanReadableName = "${var.participant}-identityhub" participantId = local.participant-did vault-url = local.vault_url @@ -65,3 +65,17 @@ module "participant-vault" { humanReadableName = "${var.participant}-vault" namespace = kubernetes_namespace_v1.ns_participant.metadata.0.name } + +# Seed Vault with participant private key from assets/_private.pem (produced by produce_participant_credentials.sh) +resource "null_resource" "seed_vault_participant_key" { + count = fileexists("${path.module}/assets/${var.participant}_private.pem") ? 1 : 0 + depends_on = [module.participant-vault] + triggers = { + participant = var.participant + pem = fileexists("${path.module}/assets/${var.participant}_private.pem") ? filemd5("${path.module}/assets/${var.participant}_private.pem") : "no-file" + } + provisioner "local-exec" { + command = "chmod +x scripts/seed_vault_participant_key.sh && ./scripts/seed_vault_participant_key.sh ${var.participant}" + working_dir = path.module + } +} diff --git a/connector-deployment/outputs.tf b/connector-deployment/outputs.tf index 5bad87e93..a91b82fef 100644 --- a/connector-deployment/outputs.tf +++ b/connector-deployment/outputs.tf @@ -28,4 +28,10 @@ # provider-qna = "jdbc:postgresql://${module.provider-postgres.database-url}/provider_qna" # provider-manufacturing = "jdbc:postgresql://${module.provider-postgres.database-url}/provider_manufacturing" # } -# } \ No newline at end of file +# } + +# Participant credentials produced by produce_participant_credentials.sh (run in pipeline before Terraform) +output "participant_public_key_path" { + description = "Path to participant public PEM (assets/_public.pem) for DID doc or backend registration" + value = "${path.module}/assets/${var.participant}_public.pem" +} \ No newline at end of file diff --git a/connector-deployment/scripts/produce_participant_credentials.sh b/connector-deployment/scripts/produce_participant_credentials.sh new file mode 100755 index 000000000..b52cad887 --- /dev/null +++ b/connector-deployment/scripts/produce_participant_credentials.sh @@ -0,0 +1,77 @@ +#!/bin/bash +# Produce participant PEM (private key) and signed -credential.json from participant_id. +# Tested with: public.ecr.aws/codebuild/amazonlinux-x86_64-standard:5.0 (jq, openssl preinstalled). +# Requirements: jq, openssl (on other AL images: dnf install -y jq) +# +# Usage: produce_participant_credentials.sh [output_dir] [dataspace_issuer_did] +# Example: produce_participant_credentials.sh testcloud4 +# Output: assets/_private.pem, assets/_public.pem; assets/credentials/k8s//*-credential.json +set -e + +# Require jq and openssl (amazonlinux-x86_64-standard:5.0 has both; else: dnf install -y jq) +command -v jq >/dev/null 2>&1 || { echo "Missing: jq. On Amazon Linux: dnf install -y jq" >&2; exit 1; } +command -v openssl >/dev/null 2>&1 || { echo "Missing: openssl" >&2; exit 1; } + +PARTICIPANT_ID="${1}" +OUT_DIR_ARG="${2}" +DATASPACE_ISSUER_DID="${3:-did:web:dataspace-issuer}" + +ISSUANCEDATE_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ") +TIMESTAMP=$(date -u +%s) + +[ -z "$PARTICIPANT_ID" ] && { echo "Usage: $0 [output_dir] [dataspace_issuer_did]" >&2; exit 1; } + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +CONNECTOR_DEPLOYMENT="$(cd "$SCRIPT_DIR/.." && pwd)" +CREDENTIALS_DIR="$CONNECTOR_DEPLOYMENT/assets/credentials" +TEMPLATE_DIR="$CREDENTIALS_DIR/k8s/participant" +OUT_DIR="${OUT_DIR_ARG:-$CREDENTIALS_DIR/k8s/$PARTICIPANT_ID}" +ISSUER_PEM="${ISSUER_PEM:-$CONNECTOR_DEPLOYMENT/assets/issuer_private.pem}" +SIGN_VC_SH="${SIGN_VC_SH:-$SCRIPT_DIR/sign_vc.sh}" +[ ! -f "$SIGN_VC_SH" ] && { echo "sign_vc.sh not found: $SIGN_VC_SH (set SIGN_VC_SH)" >&2; exit 1; } +[ ! -f "$ISSUER_PEM" ] && { echo "Issuer key not found: $ISSUER_PEM (set ISSUER_PEM)" >&2; exit 1; } +ASSETS_DIR="$CONNECTOR_DEPLOYMENT/assets" +mkdir -p "$OUT_DIR" +mkdir -p "$ASSETS_DIR" + +PARTICIPANT_PRIVATE_PEM="$ASSETS_DIR/${PARTICIPANT_ID}_private.pem" +PARTICIPANT_PUBLIC_PEM="$ASSETS_DIR/${PARTICIPANT_ID}_public.pem" + +# 1) Generate participant EC P256 private key and public key in assets/ +openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:P-256 -out "$PARTICIPANT_PRIVATE_PEM" 2>/dev/null +openssl pkey -in "$PARTICIPANT_PRIVATE_PEM" -pubout -out "$PARTICIPANT_PUBLIC_PEM" 2>/dev/null +echo "Wrote $PARTICIPANT_PRIVATE_PEM" +echo "Wrote $PARTICIPANT_PUBLIC_PEM" + +# 2) Substitute in templates and sign VC; build credential JSON +# Variables: , , , , +subst_vc() { + sed -e "s||$PARTICIPANT_ID|g" \ + -e "s||$ISSUANCEDATE_DATE|g" \ + -e "s||$DATASPACE_ISSUER_DID|g" \ + "$1" +} +subst_cred() { + sed -e "s||$PARTICIPANT_ID|g" \ + -e "s||$CRED_ID|g" \ + -e "s||$TIMESTAMP|g" \ + -e "s||$DATASPACE_ISSUER_DID|g" \ + "$1" +} +# Portable UUID (Linux /proc first, then uuidgen, no dependency on util-linux in minimal images) +gen_uuid() { cat /proc/sys/kernel/random/uuid 2>/dev/null || uuidgen 2>/dev/null || echo "00000000-0000-0000-0000-000000000000"; } + +for kind in dataprocessor membership; do + VC_TMP=$(mktemp) + subst_vc "$TEMPLATE_DIR/${kind}_vc.json" > "$VC_TMP" + JWT=$("$SIGN_VC_SH" "$VC_TMP" "$ISSUER_PEM") + rm -f "$VC_TMP" + CRED_ID=$(gen_uuid) + CRED_TMP=$(mktemp) + JWT_TMP=$(mktemp) + printf '%s' "$JWT" > "$JWT_TMP" + subst_cred "$TEMPLATE_DIR/${kind}-credential.json" > "$CRED_TMP" + jq --rawfile raw "$JWT_TMP" '.verifiableCredential.rawVc = $raw' "$CRED_TMP" > "$OUT_DIR/${kind}-credential.json" + rm -f "$CRED_TMP" "$JWT_TMP" + echo "Wrote $OUT_DIR/${kind}-credential.json" +done diff --git a/connector-deployment/scripts/seed_vault_participant_key.sh b/connector-deployment/scripts/seed_vault_participant_key.sh new file mode 100644 index 000000000..771631b3f --- /dev/null +++ b/connector-deployment/scripts/seed_vault_participant_key.sh @@ -0,0 +1,34 @@ +#!/bin/bash +# Seed the participant's private key (PEM) into the participant namespace Vault. +# Key path matches EDC alias: did:web:{participant}-identityhub.{participant}%3A7083:{participant}#key-1 +# (URL-encoded in Vault as secret/KEY) +# +# Usage: ./seed_vault_participant_key.sh PARTICIPANT [path_to_private_pem] +# Default PEM: ./assets/_private.pem (relative to connector-deployment) +# Run from: connector-deployment/ (or set PEM path explicitly) +set -e + +PARTICIPANT="${1}" +PEM_PATH="${2:-$(dirname "$0")/../assets/${PARTICIPANT}_private.pem}" +NS="${PARTICIPANT}" + +[ -z "$PARTICIPANT" ] && { echo "Usage: $0 PARTICIPANT [path_to_private_pem]" >&2; exit 1; } +[ ! -f "$PEM_PATH" ] && { echo "PEM not found: $PEM_PATH" >&2; exit 1; } + +# Vault secret key (URL-encoded DID#key-1, same as participant_vault_csv.sh / EDC) +PREFIX="did%3Aweb%3A${PARTICIPANT}-identityhub.${PARTICIPANT}%253A7083%3A${PARTICIPANT}" +VAULT_KEY="${PREFIX}%23key-1" + +echo "Waiting for Vault pod in namespace $NS..." +for i in $(seq 1 30); do + VAULT_POD=$(kubectl get pods -n "$NS" -l app.kubernetes.io/name=vault -o jsonpath='{.items[0].metadata.name}' 2>/dev/null || true) + [ -n "$VAULT_POD" ] && kubectl get pod -n "$NS" "$VAULT_POD" -o jsonpath='{.status.phase}' 2>/dev/null | grep -q Running && break + sleep 2 +done +[ -z "$VAULT_POD" ] && { echo "Vault pod not found in $NS" >&2; exit 1; } + +TMP_IN_POD="/tmp/participant_key_$$.pem" +kubectl cp "$PEM_PATH" "$NS/$VAULT_POD:$TMP_IN_POD" +kubectl exec -n "$NS" "$VAULT_POD" -- vault kv put "secret/$VAULT_KEY" content=@"$TMP_IN_POD" +kubectl exec -n "$NS" "$VAULT_POD" -- rm -f "$TMP_IN_POD" 2>/dev/null || true +echo "Seeded Vault secret/$VAULT_KEY from $PEM_PATH" diff --git a/connector-deployment/scripts/sign_vc.sh b/connector-deployment/scripts/sign_vc.sh new file mode 100755 index 000000000..d5ececb79 --- /dev/null +++ b/connector-deployment/scripts/sign_vc.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Sign a verifiable credential JSON with the dataspace-issuer key. Outputs JWT to stdout. +# Usage: sign_vc.sh [issuer_private.pem] +# Issuer DID and subject (aud/sub) are taken from the VC (issuer, credentialSubject.id). + +set -e +VC="$1" +KEY="${2:-$(cd "$(dirname "$0")/.." && pwd)/assets/issuer_private.pem}" +[ -z "$VC" ] || [ ! -f "$VC" ] && { echo "Usage: $0 [issuer_private.pem]" >&2; exit 1; } +[ ! -f "$KEY" ] && { echo "Key not found: $KEY" >&2; exit 1; } + +b64url() { base64 -w 0 2>/dev/null | tr '+/' '-_' | tr -d '=' || base64 | tr -d '\n' | tr '+/' '-_' | tr -d '='; } + +ISSUER=$(jq -r '.issuer // "did:web:dataspace-issuer"' "$VC") +SUBJECT=$(jq -r '.credentialSubject.id // .credentialSubject[0].id // empty' "$VC") +[ -z "$SUBJECT" ] && SUBJECT="$ISSUER" + +HEADER=$(jq -nc --arg kid "${ISSUER}#key-1" '{alg:"EdDSA",kid:$kid,typ:"JWT"}') +PAYLOAD=$(jq -nc --arg iss "$ISSUER" --arg aud "$SUBJECT" --arg sub "$SUBJECT" --slurpfile vc "$VC" '{iss:$iss,aud:$aud,sub:$sub,vc:($vc[0]),iat:(now|floor)}') + +B64H=$(echo -n "$HEADER" | b64url) +B64P=$(echo -n "$PAYLOAD" | b64url) +SIGN_INPUT="${B64H}.${B64P}" +TMP=$(mktemp) +trap "rm -f $TMP ${TMP}.msg" EXIT +printf '%s' "$SIGN_INPUT" > "${TMP}.msg" +# Ed25519 (EdDSA) requires -rawin in OpenSSL 3.x (CodeBuild amazonlinux image) +openssl pkeyutl -sign -inkey "$KEY" -in "${TMP}.msg" -out "$TMP" -rawin +SIG=$(base64 -w 0 "$TMP" 2>/dev/null | tr '+/' '-_' | tr -d '=' || base64 < "$TMP" | tr -d '\n' | tr '+/' '-_' | tr -d '=') +echo "${SIGN_INPUT}.${SIG}" From 1d22ce7f048d9774269200dc88457c1bbd6c0c83 Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Feb 2026 10:58:53 +0100 Subject: [PATCH 57/72] fix contract negotiation endpoints --- connector-deployment/modules/connector/controlplane.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index c0171f85f..44a2abfed 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -175,7 +175,8 @@ resource "kubernetes_config_map" "connector-config" { WEB_HTTP_CATALOG_PATH = "/api/catalog" WEB_HTTP_CATALOG_AUTH_TYPE = "tokenbased" WEB_HTTP_CATALOG_AUTH_KEY = "password" - EDC_DSP_CALLBACK_ADDRESS = "http://${local.controlplane-service-name}:${var.ports.protocol}/api/dsp" + # Namespace-qualified so other participants (e.g. provider) can resolve when sending agreement/termination + EDC_DSP_CALLBACK_ADDRESS = "http://${local.controlplane-service-name}.${var.namespace}:${var.ports.protocol}/api/dsp" EDC_IAM_STS_PRIVATEKEY_ALIAS = "${var.participantId}#${var.aliases.sts-private-key}" EDC_IAM_STS_PUBLICKEY_ID = "${var.participantId}#${var.aliases.sts-public-key-id}" JAVA_TOOL_OPTIONS = "${var.useSVE ? "-XX:UseSVE=0 " : ""}-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${var.ports.debug}" From 6268d7a80eb8bc4af13800b0e7bcf9cb2b4358f5 Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Feb 2026 12:06:37 +0100 Subject: [PATCH 58/72] fix sts --- connector-deployment/connector.tf | 3 + .../modules/connector/controlplane.tf | 4 +- .../modules/connector/dataplane.tf | 4 +- .../modules/connector/variables.tf | 12 + .../modules/identity-hub/main.tf | 4 +- .../modules/identity-hub/variables.tf | 5 + .../scripts/fix_participant.sh | 318 ++++++++++++++++++ connector-deployment/variables.tf | 20 ++ 8 files changed, 364 insertions(+), 6 deletions(-) create mode 100644 connector-deployment/scripts/fix_participant.sh diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index a8d3b349a..ada998c17 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -26,6 +26,8 @@ module "participant-connector" { source = "./modules/connector" humanReadableName = var.participant participantId = local.participant-did + controlplane_image = var.controlplane_image + dataplane_image = var.dataplane_image database = { user = var.participant password = random_password.participant_password.result @@ -50,6 +52,7 @@ module "participant-identityhub" { participantId = local.participant-did vault-url = local.vault_url service-name = var.participant + identityhub_image = var.identityhub_image database = { user = var.participant password = random_password.participant_password.result diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 44a2abfed..9d77d48d6 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -45,7 +45,7 @@ resource "kubernetes_deployment" "controlplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "connector-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:10b100ee" + image = var.controlplane_image image_pull_policy = "IfNotPresent" env_from { @@ -194,7 +194,7 @@ resource "kubernetes_config_map" "connector-config" { # remote STS configuration EDC_IAM_STS_OAUTH_TOKEN_URL = var.sts-token-url EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = local.sts_client_secret_alias # S3 configuration for AmazonS3 DataAddress support # These variables enable the ControlPlane to validate and accept AmazonS3 DataAddress types diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index 057912241..bed113371 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -47,7 +47,7 @@ resource "kubernetes_deployment" "dataplane" { service_account_name = kubernetes_service_account.s3_sa.metadata[0].name container { name = "dataplane-${lower(var.humanReadableName)}" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:10b100ee" + image = var.dataplane_image image_pull_policy = "IfNotPresent" env_from { @@ -133,7 +133,7 @@ resource "kubernetes_config_map" "dataplane-config" { # remote STS configuration EDC_IAM_STS_OAUTH_TOKEN_URL = var.sts-token-url EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = local.sts_client_secret_alias # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension diff --git a/connector-deployment/modules/connector/variables.tf b/connector-deployment/modules/connector/variables.tf index a21cfe15f..c0ce29f01 100644 --- a/connector-deployment/modules/connector/variables.tf +++ b/connector-deployment/modules/connector/variables.tf @@ -112,6 +112,8 @@ locals { name = lower(var.humanReadableName) controlplane-service-name = "${var.humanReadableName}-controlplane" dataplane-service-name = "${var.humanReadableName}-dataplane" + # HashiCorp Vault KV path-encodes keys; EDC must look up with the same key under which the secret is stored (URL-encoded). + sts_client_secret_alias = urlencode("${var.participantId}-sts-client-secret") } variable "s3_endpoint" { @@ -133,3 +135,13 @@ variable "service_account_role_arn" { type = string description = "ARN of IAM rol to use as service account; controlplane & dataplane" } + +variable "controlplane_image" { + type = string + description = "Control Plane container image (tag upgraded in connector-deployment, not Kordat)" +} + +variable "dataplane_image" { + type = string + description = "Data Plane container image (tag upgraded in connector-deployment, not Kordat)" +} diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 445f0d43e..1ea196f0b 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -38,7 +38,7 @@ resource "kubernetes_deployment" "identityhub" { spec { container { image_pull_policy = "IfNotPresent" - image = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:10b100ee" + image = var.identityhub_image name = "identity-hub" env_from { @@ -171,7 +171,7 @@ resource "kubernetes_config_map" "identityhub-config" { # remote STS configuration EDC_IAM_STS_OAUTH_TOKEN_URL = "http://${var.humanReadableName}:${var.ports.sts-api}${var.sts-token-path}/token" EDC_IAM_STS_OAUTH_CLIENT_ID = var.participantId - EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = "${var.participantId}-sts-client-secret" + EDC_IAM_STS_OAUTH_CLIENT_SECRET_ALIAS = urlencode("${var.participantId}-sts-client-secret") # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension diff --git a/connector-deployment/modules/identity-hub/variables.tf b/connector-deployment/modules/identity-hub/variables.tf index c8e0f0d65..7566608de 100644 --- a/connector-deployment/modules/identity-hub/variables.tf +++ b/connector-deployment/modules/identity-hub/variables.tf @@ -112,4 +112,9 @@ variable "sts-token-path" { description = "path suffix of the STS token API" type = string default = "/api/sts" +} + +variable "identityhub_image" { + type = string + description = "Identity Hub container image (tag upgraded in connector-deployment, not Kordat)" } \ No newline at end of file diff --git a/connector-deployment/scripts/fix_participant.sh b/connector-deployment/scripts/fix_participant.sh new file mode 100644 index 000000000..79330e9aa --- /dev/null +++ b/connector-deployment/scripts/fix_participant.sh @@ -0,0 +1,318 @@ +#!/bin/bash +# Complete idempotent script to fix all participant issues +# Combines registration, vault fixes, credential cleanup, and DNS setup +# Safe to run multiple times - checks before making changes +# Usage: ./fix_participant.sh NAMESPACE +# +# Used by the connector pipeline (post_build) so STS client secret keys +# are properly deployed in Vault under the raw alias EDC uses. +# Also kept in repo root scripts/ for manual runs. + +NAMESPACE=${1} + +if [ -z "$NAMESPACE" ]; then + echo "Usage: ./fix_participant.sh NAMESPACE" + echo "Example: ./fix_participant.sh testcloud3" + exit 1 +fi + +PARTICIPANT=$NAMESPACE +API_KEY="c3VwZXItdXNlcg==.c3VwZXItc2VjcmV0LWtleQo=" +NEEDS_IH_RESTART=false + +echo "==========================================" +echo "Complete Participant Fix: $NAMESPACE" +echo "==========================================" +echo "" + +# Get backend pod +BACKEND_POD=$(kubectl get pods -n kordat | grep backend | grep Running | head -1 | awk '{print $1}') + +if [ -z "$BACKEND_POD" ]; then + echo "❌ No running backend pod found in kordat namespace" + exit 1 +fi + +# Get vault pod +VAULT_POD=$(kubectl get pods -n $NAMESPACE | grep vault | grep Running | head -1 | awk '{print $1}') + +if [ -z "$VAULT_POD" ]; then + echo "❌ No running vault pod found in $NAMESPACE" + exit 1 +fi + +echo "Backend Pod: $BACKEND_POD" +echo "Vault Pod: $VAULT_POD" +echo "" + +# ========================================== +# Step 1: Fix vault super-user-apikey +# ========================================== +echo "Step 1: Checking vault super-user-apikey..." + +if kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get secret/super-user-apikey &>/dev/null; then + echo " ✅ super-user-apikey exists" +else + echo " ➕ Adding super-user-apikey..." + kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv put secret/super-user-apikey content="$API_KEY" > /dev/null + echo " ✅ Added super-user-apikey" + NEEDS_IH_RESTART=true +fi + +echo "" + +# ========================================== +# Step 2: Check/create dataspace-issuer ExternalName services +# ========================================== +echo "Step 2: Checking dataspace-issuer services..." + +if kubectl get service dataspace-issuer -n $NAMESPACE &>/dev/null; then + echo " ✅ dataspace-issuer service exists" +else + echo " ➕ Creating dataspace-issuer service..." + kubectl apply -f - </dev/null +apiVersion: v1 +kind: Service +metadata: + name: dataspace-issuer + namespace: $NAMESPACE +spec: + type: ExternalName + externalName: dataspace-issuer.kordat.svc.cluster.local +EOF + echo " ✅ Created dataspace-issuer service" +fi + +if kubectl get service dataspace-issuer-service -n $NAMESPACE &>/dev/null; then + echo " ✅ dataspace-issuer-service exists" +else + echo " ➕ Creating dataspace-issuer-service..." + kubectl apply -f - </dev/null +apiVersion: v1 +kind: Service +metadata: + name: dataspace-issuer-service + namespace: $NAMESPACE +spec: + type: ExternalName + externalName: dataspace-issuer-service.kordat.svc.cluster.local +EOF + echo " ✅ Created dataspace-issuer-service" +fi + +echo "" + +# ========================================== +# Step 3: Restart IdentityHub if needed +# ========================================== +if [ "$NEEDS_IH_RESTART" = true ]; then + echo "Step 3: Restarting IdentityHub to pick up vault changes..." + IH_POD=$(kubectl get pods -n $NAMESPACE | grep identityhub | grep Running | head -1 | awk '{print $1}') + if [ -n "$IH_POD" ]; then + kubectl delete pod -n $NAMESPACE $IH_POD &>/dev/null + echo " ✅ IdentityHub pod deleted, waiting for restart..." + sleep 5 + fi +else + echo "Step 3: IdentityHub restart not needed" +fi + +echo "" + +# ========================================== +# Step 4: Wait for identityhub to be ready +# ========================================== +echo "Step 4: Waiting for identityhub to be ready..." + +for i in {1..60}; do + IDENTITYHUB_POD=$(kubectl get pods -n $NAMESPACE | grep identityhub | grep Running | head -1 | awk '{print $1}' 2>/dev/null) + if [ -n "$IDENTITYHUB_POD" ]; then + if kubectl exec -n $NAMESPACE $IDENTITYHUB_POD -- curl -s -f http://localhost:7080/api/check/health &>/dev/null; then + echo " ✅ IdentityHub ready: $IDENTITYHUB_POD" + break + fi + fi + if [ $i -eq 60 ]; then + echo " ⚠️ IdentityHub not ready after 60 seconds, continuing anyway..." + IDENTITYHUB_POD=$(kubectl get pods -n $NAMESPACE | grep identityhub | head -1 | awk '{print $1}') + if [ -z "$IDENTITYHUB_POD" ]; then + echo " ❌ No IdentityHub pod found" + exit 1 + fi + fi + sleep 1 +done + +echo "" + +# ========================================== +# Step 5: Check STS client secret and register if missing +# ========================================== +echo "Step 5: Checking STS client secret..." + +STS_SECRET="did%3Aweb%3A${NAMESPACE}-identityhub.${NAMESPACE}%253A7083%3A${NAMESPACE}-sts-client-secret" +STS_SECRET_SHORT="${NAMESPACE}-sts-client-secret" +STS_SECRET_RAW="did:web:${NAMESPACE}-identityhub.${NAMESPACE}%3A7083:${NAMESPACE}-sts-client-secret" + +if kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET_RAW" &>/dev/null; then + SECRET_VALUE=$(kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get -field=content "secret/$STS_SECRET_RAW" 2>/dev/null) +elif kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET" &>/dev/null; then + SECRET_VALUE=$(kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get -field=content "secret/$STS_SECRET" 2>/dev/null) +fi + +if [ -n "$SECRET_VALUE" ]; then + echo " ✅ STS client secret exists: $SECRET_VALUE" + if ! kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET_RAW" &>/dev/null; then + echo " ➕ Storing STS client secret under raw alias (EDC lookup)..." + kubectl exec -n $NAMESPACE $VAULT_POD -- sh -c "vault kv put 'secret/$STS_SECRET_RAW' content='$SECRET_VALUE'" &>/dev/null + echo " ✅ Raw alias stored" + NEEDS_IH_RESTART=true + fi + if ! kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET_SHORT" &>/dev/null; then + echo " ➕ Storing STS client secret under short alias..." + kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv put "secret/$STS_SECRET_SHORT" content="$SECRET_VALUE" &>/dev/null + echo " ✅ Short alias $STS_SECRET_SHORT stored" + NEEDS_IH_RESTART=true + fi +else + echo " ➕ STS client secret missing, registering participant..." + + PARTICIPANT_ID=$(kubectl exec -n kordat $BACKEND_POD -- python -c " +import django +import os +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'kordat.settings') +django.setup() + +from participants.models import Participant +try: + p = Participant.objects.get(short_name='$NAMESPACE') + print(p.id) +except Participant.DoesNotExist: + print('NOT_FOUND') +" 2>/dev/null) + + if [ "$PARTICIPANT_ID" == "NOT_FOUND" ]; then + echo " ❌ Participant '$NAMESPACE' not found in database" + exit 1 + fi + + echo " ✅ Found participant ID: $PARTICIPANT_ID" + + RESULT=$(kubectl exec -n kordat $BACKEND_POD -- python -c " +import django +import os +import json +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'kordat.settings') +django.setup() + +from participants.services.participant import register_participant_in_identityhub + +result = register_participant_in_identityhub('$PARTICIPANT_ID') +print(json.dumps(result, indent=2, default=str)) +" 2>&1) + + if echo "$RESULT" | grep -q '"status": "success"'; then + echo " ✅ Registration successful!" + elif echo "$RESULT" | grep -q '"status": "exists"'; then + echo " ✅ Participant already registered!" + else + echo " ⚠️ Registration status unclear, continuing..." + fi + + if kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET_RAW" &>/dev/null; then + SECRET_VALUE=$(kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get -field=content "secret/$STS_SECRET_RAW" 2>/dev/null) + echo " ✅ STS client secret now exists: $SECRET_VALUE" + elif kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET" &>/dev/null; then + SECRET_VALUE=$(kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get -field=content "secret/$STS_SECRET" 2>/dev/null) + echo " ✅ STS client secret now exists: $SECRET_VALUE" + kubectl exec -n $NAMESPACE $VAULT_POD -- sh -c "vault kv put 'secret/$STS_SECRET_RAW' content='$SECRET_VALUE'" &>/dev/null + echo " ✅ Stored under raw alias for EDC" + else + echo " ⚠️ STS client secret not created automatically" + echo " ➕ Generating and storing STS client secret manually..." + + CLIENT_SECRET=$(tr -dc 'A-Za-z0-9' /dev/null + kubectl exec -n $NAMESPACE $VAULT_POD -- sh -c "vault kv put 'secret/$STS_SECRET_RAW' content='$CLIENT_SECRET'" &>/dev/null + kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv put "secret/$STS_SECRET_SHORT" content="$CLIENT_SECRET" &>/dev/null + + if kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET_RAW" &>/dev/null; then + echo " ✅ Created STS client secret: $CLIENT_SECRET" + + kubectl exec -n kordat $BACKEND_POD -- python -c " +import django +import os +os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'kordat.settings') +django.setup() + +from participants.models import Participant + +p = Participant.objects.get(short_name='$NAMESPACE') +metadata = p.metadata or {} +metadata['client_secret'] = '$CLIENT_SECRET' +p.metadata = metadata +p.save() +print('✅ Stored client_secret in participant metadata') +" 2>&1 | grep "✅" + else + echo " ❌ Failed to create STS client secret in vault" + fi + fi +fi + +echo "" + +# ========================================== +# Step 6: Check and delete corrupted credentials +# ========================================== +echo "Step 6: Checking for corrupted credentials..." + +RESPONSE=$(kubectl exec -n $NAMESPACE $IDENTITYHUB_POD -- curl -s \ + -H "x-api-key: $API_KEY" \ + "http://localhost:7081/api/identity/v1alpha/participants/did:web:${PARTICIPANT}-identityhub.${NAMESPACE}%3A7083:${PARTICIPANT}/credentials" 2>&1) + +if echo "$RESPONSE" | grep -q "HTTP ERROR"; then + echo " ⚠️ Could not fetch credentials (API may still be initializing)" +else + TOTAL=$(echo "$RESPONSE" | jq '. | length' 2>/dev/null || echo "0") + BAD=$(echo "$RESPONSE" | jq --arg expected "did:web:${PARTICIPANT}-identityhub.${NAMESPACE}%3A7083:${PARTICIPANT}" '[.[] | select((.verifiableCredential.rawVc | split(".")[1] | @base64d | fromjson | .vc.credentialSubject.id) != $expected)] | length' 2>/dev/null || echo "0") + + echo " Total credentials: $TOTAL" + echo " Corrupted credentials: $BAD" + + if [ "$BAD" -gt 0 ]; then + echo " 🗑️ Deleting corrupted credentials..." + CORRUPTED_IDS=$(echo "$RESPONSE" | jq -r --arg expected "did:web:${PARTICIPANT}-identityhub.${NAMESPACE}%3A7083:${PARTICIPANT}" ' + .[] | + select((.verifiableCredential.rawVc | split(".")[1] | @base64d | fromjson | .vc.credentialSubject.id) != $expected) | + .id + ') + for CRED_ID in $CORRUPTED_IDS; do + echo " Deleting: $CRED_ID" + kubectl exec -n $NAMESPACE $IDENTITYHUB_POD -- \ + curl -s -X DELETE \ + -H "x-api-key: $API_KEY" \ + "http://localhost:7081/api/identity/v1alpha/participants/did:web:${PARTICIPANT}-identityhub.${NAMESPACE}%3A7083:${PARTICIPANT}/credentials/${CRED_ID}" > /dev/null + done + echo " ✅ Deleted $BAD corrupted credential(s)" + else + echo " ✅ No corrupted credentials found" + fi +fi + +echo "" + +# ========================================== +# Step 7: Final verification +# ========================================== +echo "Step 7: Final verification..." + +if ! kubectl exec -n $NAMESPACE $VAULT_POD -- vault kv get "secret/$STS_SECRET_RAW" &>/dev/null; then + echo "❌ STS client secret missing (raw alias - EDC uses this)" +else + echo "✅ SUCCESS: $NAMESPACE is fully configured!" + echo " STS client secret present under raw alias." +fi + +echo "" diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 772c11865..605a3f515 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -49,3 +49,23 @@ variable "useSVE" { description = "If true, the -XX:UseSVE=0 switch (Scalable Vector Extensions) will be added to the JAVA_TOOL_OPTIONS. Can help on macOs on Apple Silicon processors" default = false } + +# MVD component image versions are upgraded here (connector-deployment), not in the Kordat project. +# The Control Plane stores STS client secrets in Vault; upgrading its image may change Vault key behaviour. +variable "controlplane_image" { + type = string + description = "Control Plane (connector) image. Upgrade tag here when releasing new MVD/EDC versions." + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:10b100ee" +} + +variable "dataplane_image" { + type = string + description = "Data Plane image. Upgrade tag here when releasing new MVD/EDC versions." + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:10b100ee" +} + +variable "identityhub_image" { + type = string + description = "Identity Hub image. Upgrade tag here when releasing new MVD/EDC versions." + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:10b100ee" +} From abd042f8cabed8421513f10a9e9db95d7496fd7a Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Feb 2026 12:08:06 +0100 Subject: [PATCH 59/72] bump up --- connector-deployment/variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 605a3f515..51b4f20d1 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -55,17 +55,17 @@ variable "useSVE" { variable "controlplane_image" { type = string description = "Control Plane (connector) image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:10b100ee" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:6268d7a8" } variable "dataplane_image" { type = string description = "Data Plane image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:10b100ee" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:6268d7a8" } variable "identityhub_image" { type = string description = "Identity Hub image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:10b100ee" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:6268d7a8" } From 193aad1e76e17df4a8a7ca7aa9fc147df9174ef6 Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Feb 2026 15:49:28 +0100 Subject: [PATCH 60/72] Add aws credentials to dataplane --- connector-deployment/modules/connector/dataplane.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index bed113371..b30495f42 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -139,5 +139,10 @@ resource "kubernetes_config_map" "dataplane-config" { # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension # is in the Docker image classpath. Providing config value as fallback. EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" + + EDC_S3_ENDPOINT = var.s3_endpoint + AWS_ACCESS_KEY_ID = var.aws_access_key + AWS_SECRET_ACCESS_KEY = var.aws_secret_key + AWS_REGION = "us-east-1" } } From 25ee529b27c3985fe7a04d23947de676d21965e9 Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Feb 2026 15:53:17 +0100 Subject: [PATCH 61/72] bump up --- connector-deployment/variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 51b4f20d1..3902422b9 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -55,17 +55,17 @@ variable "useSVE" { variable "controlplane_image" { type = string description = "Control Plane (connector) image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:6268d7a8" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:193aad1e" } variable "dataplane_image" { type = string description = "Data Plane image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:6268d7a8" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:193aad1e" } variable "identityhub_image" { type = string description = "Identity Hub image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:6268d7a8" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:193aad1e" } From 4dd1d16d0b04c61ca1ab6c6d789623eff4be562e Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 3 Feb 2026 13:34:14 +0100 Subject: [PATCH 62/72] Update infra --- connector-deployment/connector.tf | 4 +-- connector-deployment/iam.tf | 26 +++++++++---------- .../modules/connector/controlplane.tf | 7 ++--- .../modules/connector/dataplane.tf | 7 ++--- .../modules/connector/variables.tf | 18 ++++++------- connector-deployment/roles.tf | 26 ++++++++----------- 6 files changed, 43 insertions(+), 45 deletions(-) diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index ada998c17..1719cbd26 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -38,8 +38,8 @@ module "participant-connector" { sts-token-url = "${module.participant-identityhub.sts-token-url}/token" useSVE = var.useSVE s3_endpoint = "https://${module.assets_s3_bucket.bucket_name}.s3.eu-west-1.amazonaws.com" - aws_access_key = aws_iam_access_key.deployer.id - aws_secret_key = aws_iam_access_key.deployer.secret + # aws_access_key = aws_iam_access_key.deployer.id + # aws_secret_key = aws_iam_access_key.deployer.secret service_account_role_arn = module.participant-s3-role.role_arn } diff --git a/connector-deployment/iam.tf b/connector-deployment/iam.tf index 8321c3ca7..f521e4a44 100644 --- a/connector-deployment/iam.tf +++ b/connector-deployment/iam.tf @@ -1,15 +1,15 @@ -resource "aws_iam_user" "main" { - name = "${var.project}-${var.participant}-s3-user" +# resource "aws_iam_user" "main" { +# name = "${var.project}-${var.participant}-s3-user" -# tags = merge(var.tags, { -# Name = "${var.tenant}-${var.project}-${var.environment}-${var.role}-user" -# tenant = var.tenant -# Proyecto = length(var.project) == 3 ? upper(var.project) : title(var.project) -# Entorno = title(var.environment) -# Rol = var.role -# }) -} +# # tags = merge(var.tags, { +# # Name = "${var.tenant}-${var.project}-${var.environment}-${var.role}-user" +# # tenant = var.tenant +# # Proyecto = length(var.project) == 3 ? upper(var.project) : title(var.project) +# # Entorno = title(var.environment) +# # Rol = var.role +# # }) +# } -resource "aws_iam_access_key" "deployer" { - user = aws_iam_user.main.name -} \ No newline at end of file +# resource "aws_iam_access_key" "deployer" { +# user = aws_iam_user.main.name +# } \ No newline at end of file diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 9d77d48d6..7b6a2ed5c 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -200,9 +200,10 @@ resource "kubernetes_config_map" "connector-config" { # These variables enable the ControlPlane to validate and accept AmazonS3 DataAddress types # Default values are for LocalStack (can be overridden by setting these values in the ConfigMap manually) EDC_S3_ENDPOINT = var.s3_endpoint - AWS_ACCESS_KEY_ID = var.aws_access_key - AWS_SECRET_ACCESS_KEY = var.aws_secret_key - AWS_REGION = "us-east-1" + # AWS_ACCESS_KEY_ID = var.aws_access_key + # AWS_SECRET_ACCESS_KEY = var.aws_secret_key + AWS_REGION = "eu-west-1" + AWS_REGION = "eu-west-1" # Remove participant creation - participants are controlled elsewhere # Note: EDC_RUNTIME_DISABLED_EXTENSIONS may not prevent initialization if extension diff --git a/connector-deployment/modules/connector/dataplane.tf b/connector-deployment/modules/connector/dataplane.tf index b30495f42..78fe8ac3d 100644 --- a/connector-deployment/modules/connector/dataplane.tf +++ b/connector-deployment/modules/connector/dataplane.tf @@ -141,8 +141,9 @@ resource "kubernetes_config_map" "dataplane-config" { EDC_MVD_PARTICIPANTS_LIST_FILE = "/dev/null" EDC_S3_ENDPOINT = var.s3_endpoint - AWS_ACCESS_KEY_ID = var.aws_access_key - AWS_SECRET_ACCESS_KEY = var.aws_secret_key - AWS_REGION = "us-east-1" + # AWS_ACCESS_KEY_ID = var.aws_access_key + # AWS_SECRET_ACCESS_KEY = var.aws_secret_key + AWS_REGION = "eu-west-1" + AWS_DEFAULT_REGION = "eu-west-1" } } diff --git a/connector-deployment/modules/connector/variables.tf b/connector-deployment/modules/connector/variables.tf index c0ce29f01..fedbf90eb 100644 --- a/connector-deployment/modules/connector/variables.tf +++ b/connector-deployment/modules/connector/variables.tf @@ -121,15 +121,15 @@ variable "s3_endpoint" { description = "S3 endpoint" } -variable "aws_access_key" { - type = string - description = "IAM user access key" -} - -variable "aws_secret_key" { - type = string - description = "IAM user secret key" -} +# variable "aws_access_key" { +# type = string +# description = "IAM user access key" +# } + +# variable "aws_secret_key" { +# type = string +# description = "IAM user secret key" +# } variable "service_account_role_arn" { type = string diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index 7a900c2bb..b646c123b 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -32,21 +32,8 @@ EOT { "Effect": "Allow", "Action": [ - "s3:ListAccessPointsForObjectLambda", - "s3:GetAccessPoint", - "s3:PutAccountPublicAccessBlock", - "s3:ListAccessPoints", - "s3:CreateStorageLensGroup", - "s3:ListJobs", - "s3:PutStorageLensConfiguration", - "s3:ListMultiRegionAccessPoints", - "s3:ListStorageLensGroups", - "s3:ListStorageLensConfigurations", - "s3:GetAccountPublicAccessBlock", - "s3:ListAllMyBuckets", - "s3:ListAccessGrantsInstances", - "s3:PutAccessPointPublicAccessBlock", - "s3:CreateJob" + "s3:Get*", + "s3:List*", ], "Resource": "*" }, @@ -59,6 +46,15 @@ EOT "${module.assets_s3_bucket.bucket_arn}", "${module.assets_s3_bucket.bucket_arn}/*" ] + }, + { + "Action": [ + "kms:*" + ], + "Effect": "Allow", + "Resource": [ + "${module.kms.key_arn}" + ] } ] } From fd76dd300decaa91e1ed30bcb09311ce1e7f29cd Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 3 Feb 2026 13:39:16 +0100 Subject: [PATCH 63/72] Update images tag --- connector-deployment/variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 3902422b9..23dde892f 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -55,17 +55,17 @@ variable "useSVE" { variable "controlplane_image" { type = string description = "Control Plane (connector) image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:193aad1e" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:4dd1d16d" } variable "dataplane_image" { type = string description = "Data Plane image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:193aad1e" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:4dd1d16d" } variable "identityhub_image" { type = string description = "Identity Hub image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:193aad1e" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:4dd1d16d" } From b4bcf6aefcfb34218c5e599a81ef9476e3d8f1b9 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 3 Feb 2026 13:42:36 +0100 Subject: [PATCH 64/72] Fix error --- connector-deployment/roles.tf | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index b646c123b..5dd6f5b58 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -32,8 +32,11 @@ EOT { "Effect": "Allow", "Action": [ - "s3:Get*", - "s3:List*", + "s3:GetBucketLocation", + "s3:ListMultiRegionAccessPoints", + "s3:GetAccountPublicAccessBlock", + "s3:ListAllMyBuckets", + "s3:ListAccessGrantsInstances", ], "Resource": "*" }, From 77ff2b26202944206054080c42b121d740dd409a Mon Sep 17 00:00:00 2001 From: js Date: Wed, 4 Feb 2026 10:26:28 +0100 Subject: [PATCH 65/72] fix: api key properly created as random uuid --- connector-deployment/connector.tf | 2 ++ connector-deployment/modules/connector/controlplane.tf | 4 ++-- connector-deployment/modules/connector/variables.tf | 6 ++++++ connector-deployment/modules/identity-hub/main.tf | 2 +- connector-deployment/modules/identity-hub/variables.tf | 6 ++++++ connector-deployment/terraform.tfvars | 3 ++- connector-deployment/variables.tf | 6 ++++++ 7 files changed, 25 insertions(+), 4 deletions(-) diff --git a/connector-deployment/connector.tf b/connector-deployment/connector.tf index 1719cbd26..26c1acdd2 100644 --- a/connector-deployment/connector.tf +++ b/connector-deployment/connector.tf @@ -41,6 +41,7 @@ module "participant-connector" { # aws_access_key = aws_iam_access_key.deployer.id # aws_secret_key = aws_iam_access_key.deployer.secret service_account_role_arn = module.participant-s3-role.role_arn + management_auth_key = var.participant_management_auth_key } # consumer identity hub @@ -53,6 +54,7 @@ module "participant-identityhub" { vault-url = local.vault_url service-name = var.participant identityhub_image = var.identityhub_image + identity_auth_key = var.participant_management_auth_key database = { user = var.participant password = random_password.participant_password.result diff --git a/connector-deployment/modules/connector/controlplane.tf b/connector-deployment/modules/connector/controlplane.tf index 7b6a2ed5c..6cbc26316 100644 --- a/connector-deployment/modules/connector/controlplane.tf +++ b/connector-deployment/modules/connector/controlplane.tf @@ -166,7 +166,7 @@ resource "kubernetes_config_map" "connector-config" { WEB_HTTP_MANAGEMENT_PORT = var.ports.management WEB_HTTP_MANAGEMENT_PATH = "/api/management" WEB_HTTP_MANAGEMENT_AUTH_TYPE = "tokenbased" - WEB_HTTP_MANAGEMENT_AUTH_KEY = "password" + WEB_HTTP_MANAGEMENT_AUTH_KEY = var.management_auth_key WEB_HTTP_CONTROL_PORT = var.ports.control WEB_HTTP_CONTROL_PATH = "/api/control" WEB_HTTP_PROTOCOL_PORT = var.ports.protocol @@ -174,7 +174,7 @@ resource "kubernetes_config_map" "connector-config" { WEB_HTTP_CATALOG_PORT = var.ports.catalog WEB_HTTP_CATALOG_PATH = "/api/catalog" WEB_HTTP_CATALOG_AUTH_TYPE = "tokenbased" - WEB_HTTP_CATALOG_AUTH_KEY = "password" + WEB_HTTP_CATALOG_AUTH_KEY = var.management_auth_key # Namespace-qualified so other participants (e.g. provider) can resolve when sending agreement/termination EDC_DSP_CALLBACK_ADDRESS = "http://${local.controlplane-service-name}.${var.namespace}:${var.ports.protocol}/api/dsp" EDC_IAM_STS_PRIVATEKEY_ALIAS = "${var.participantId}#${var.aliases.sts-private-key}" diff --git a/connector-deployment/modules/connector/variables.tf b/connector-deployment/modules/connector/variables.tf index fedbf90eb..764278fcf 100644 --- a/connector-deployment/modules/connector/variables.tf +++ b/connector-deployment/modules/connector/variables.tf @@ -145,3 +145,9 @@ variable "dataplane_image" { type = string description = "Data Plane container image (tag upgraded in connector-deployment, not Kordat)" } + +variable "management_auth_key" { + type = string + description = "Default API key for Management and Catalog APIs (x-api-key). For Kordat-managed participants the key is created once in Kordat and distributed via K8s patch (this value is then overwritten). Use a fixed value for testing or leave default 'password' for seed scripts." + default = "password" +} diff --git a/connector-deployment/modules/identity-hub/main.tf b/connector-deployment/modules/identity-hub/main.tf index 1ea196f0b..52e7b94dd 100644 --- a/connector-deployment/modules/identity-hub/main.tf +++ b/connector-deployment/modules/identity-hub/main.tf @@ -149,7 +149,7 @@ resource "kubernetes_config_map" "identityhub-config" { WEB_HTTP_PATH = "/api" WEB_HTTP_IDENTITY_PORT = var.ports.ih-identity-api WEB_HTTP_IDENTITY_PATH = "/api/identity" - WEB_HTTP_IDENTITY_AUTH_KEY = "password" + WEB_HTTP_IDENTITY_AUTH_KEY = var.identity_auth_key WEB_HTTP_CREDENTIALS_PORT = var.ports.credentials-api WEB_HTTP_CREDENTIALS_PATH = "/api/credentials" WEB_HTTP_DID_PORT = var.ports.ih-did diff --git a/connector-deployment/modules/identity-hub/variables.tf b/connector-deployment/modules/identity-hub/variables.tf index 7566608de..7c585e363 100644 --- a/connector-deployment/modules/identity-hub/variables.tf +++ b/connector-deployment/modules/identity-hub/variables.tf @@ -117,4 +117,10 @@ variable "sts-token-path" { variable "identityhub_image" { type = string description = "Identity Hub container image (tag upgraded in connector-deployment, not Kordat)" +} + +variable "identity_auth_key" { + type = string + description = "API key for Identity API (x-api-key). Default 'password' for backward compatibility; set same as management_auth_key when using a fixed key." + default = "password" } \ No newline at end of file diff --git a/connector-deployment/terraform.tfvars b/connector-deployment/terraform.tfvars index c9c8f7372..bb4724f1f 100644 --- a/connector-deployment/terraform.tfvars +++ b/connector-deployment/terraform.tfvars @@ -1,3 +1,4 @@ participant = "" environment = "" -postgres_admin_password = "" \ No newline at end of file +postgres_admin_password = "" +participant_management_auth_key = "" \ No newline at end of file diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 23dde892f..50e0913ff 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -69,3 +69,9 @@ variable "identityhub_image" { description = "Identity Hub image. Upgrade tag here when releasing new MVD/EDC versions." default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:4dd1d16d" } + +variable "participant_management_auth_key" { + type = string + description = "Default API key for this participant's connector. For Kordat-managed participants the key is created once in Kordat and distributed via K8s patch (this default is overwritten). Set a fixed value for testing; default 'password' for seed scripts." + default = "password" +} From 317785c5cb90328ef9824fd67c319a73ad5d7037 Mon Sep 17 00:00:00 2001 From: js Date: Wed, 4 Feb 2026 13:37:16 +0100 Subject: [PATCH 66/72] fix role --- connector-deployment/roles.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index 5dd6f5b58..e20496b7d 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -36,7 +36,7 @@ EOT "s3:ListMultiRegionAccessPoints", "s3:GetAccountPublicAccessBlock", "s3:ListAllMyBuckets", - "s3:ListAccessGrantsInstances", + "s3:ListAccessGrantsInstances" ], "Resource": "*" }, From 012e96acfa916327b70765175cff67bd3c8870f3 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Wed, 4 Feb 2026 13:42:28 +0100 Subject: [PATCH 67/72] Update connector sa role --- connector-deployment/roles.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index e20496b7d..b8ddd290f 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -46,8 +46,7 @@ EOT ], "Effect": "Allow", "Resource": [ - "${module.assets_s3_bucket.bucket_arn}", - "${module.assets_s3_bucket.bucket_arn}/*" + "*" ] }, { @@ -56,7 +55,7 @@ EOT ], "Effect": "Allow", "Resource": [ - "${module.kms.key_arn}" + "*" ] } ] From e88340a7f568768c1a6a4aab2612c3389373004d Mon Sep 17 00:00:00 2001 From: js Date: Wed, 4 Feb 2026 17:03:15 +0100 Subject: [PATCH 68/72] bump up --- connector-deployment/variables.tf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index 50e0913ff..a30e39ff6 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -55,19 +55,19 @@ variable "useSVE" { variable "controlplane_image" { type = string description = "Control Plane (connector) image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:4dd1d16d" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-controlplane:012e96ac" } variable "dataplane_image" { type = string description = "Data Plane image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:4dd1d16d" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-dataplane:012e96ac" } variable "identityhub_image" { type = string description = "Identity Hub image. Upgrade tag here when releasing new MVD/EDC versions." - default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:4dd1d16d" + default = "150073872684.dkr.ecr.eu-west-1.amazonaws.com/kordat-dev-identity-hub:012e96ac" } variable "participant_management_auth_key" { From 5c48b8755e8231bc62febbdc350ce52fadb31990 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 24 Feb 2026 18:48:48 +0100 Subject: [PATCH 69/72] Update connector policy --- connector-deployment/roles.tf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index b8ddd290f..d295376d1 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -19,6 +19,13 @@ module "participant-s3-role" { "${local.eks_oidc}:sub": "system:serviceaccount:${var.participant}:${var.participant}-s3-sa" } } + }, + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/kordat-${var.environment}-backend-sa-role" + }, + "Action": "sts:AssumeRole" } ] } @@ -36,7 +43,8 @@ EOT "s3:ListMultiRegionAccessPoints", "s3:GetAccountPublicAccessBlock", "s3:ListAllMyBuckets", - "s3:ListAccessGrantsInstances" + "s3:ListAccessGrantsInstances", + "s3:PutObject" ], "Resource": "*" }, From 72e8f1e97666414dd81c924618a8622b95ce1271 Mon Sep 17 00:00:00 2001 From: SergioMedeirosGarcia Date: Tue, 24 Feb 2026 19:06:53 +0100 Subject: [PATCH 70/72] Update connector policy --- connector-deployment/roles.tf | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index d295376d1..2bf497c08 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -54,7 +54,8 @@ EOT ], "Effect": "Allow", "Resource": [ - "*" + "${module.assets_s3_bucket.bucket_arn}", + "${module.assets_s3_bucket.bucket_arn}/*" ] }, { @@ -63,6 +64,16 @@ EOT ], "Effect": "Allow", "Resource": [ + "${module.kms.key_arn}" + ] + }, + { + "Action": [ + "kms:GenerateDataKey", + "kms:Decrypt" + ], + "Effect": "Allow", + "Resource": [ "*" ] } From ae03477656257ca8b1cb5023e9955c44e419452f Mon Sep 17 00:00:00 2001 From: js Date: Mon, 2 Mar 2026 10:47:15 +0100 Subject: [PATCH 71/72] Add ViaService to connector policy for kms actions --- connector-deployment/roles.tf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/connector-deployment/roles.tf b/connector-deployment/roles.tf index 2bf497c08..377c214d1 100644 --- a/connector-deployment/roles.tf +++ b/connector-deployment/roles.tf @@ -75,7 +75,12 @@ EOT "Effect": "Allow", "Resource": [ "*" - ] + ], + "Condition": { + "StringEquals": { + "kms:ViaService": "s3.eu-west-1.amazonaws.com" + } + } } ] } From 280ec1914ceee27afa78da97bab5f93e14fbf34e Mon Sep 17 00:00:00 2001 From: js Date: Wed, 4 Mar 2026 13:00:35 +0100 Subject: [PATCH 72/72] enable S3 replication to external buckets --- connector-deployment/locals.tf | 3 +++ connector-deployment/outputs.tf | 6 ++++++ connector-deployment/terraform.tfvars | 7 ++++++- connector-deployment/variables.tf | 19 +++++++++++++++++++ 4 files changed, 34 insertions(+), 1 deletion(-) diff --git a/connector-deployment/locals.tf b/connector-deployment/locals.tf index 085a9b106..34ed7fa01 100644 --- a/connector-deployment/locals.tf +++ b/connector-deployment/locals.tf @@ -3,6 +3,9 @@ locals { database_url = "jdbc:postgresql://${var.postgres_endpoint}:${var.postgres_port}/${var.participant}" vault_url = "http://${var.participant}-vault:8200" + # S3 replication: only enabled for participants that replicate to another account + replication_enabled = var.replicate_to_participant && var.participant_account_id != "" && var.participant_bucket_name != "" + eks_oidc = trimprefix( data.aws_eks_cluster.eks.identity[0].oidc[0].issuer, "https://" diff --git a/connector-deployment/outputs.tf b/connector-deployment/outputs.tf index a91b82fef..7cb91c950 100644 --- a/connector-deployment/outputs.tf +++ b/connector-deployment/outputs.tf @@ -34,4 +34,10 @@ output "participant_public_key_path" { description = "Path to participant public PEM (assets/_public.pem) for DID doc or backend registration" value = "${path.module}/assets/${var.participant}_public.pem" +} + +# S3 replication role ARN (use in destination account bucket policy when replicate_to_participant=true) +output "s3_replication_role_arn" { + description = "ARN of the S3 replication role, for use in the destination bucket policy" + value = local.replication_enabled ? module.s3_replication[0].replication_role_arn : null } \ No newline at end of file diff --git a/connector-deployment/terraform.tfvars b/connector-deployment/terraform.tfvars index bb4724f1f..8c6a44c80 100644 --- a/connector-deployment/terraform.tfvars +++ b/connector-deployment/terraform.tfvars @@ -1,4 +1,9 @@ participant = "" environment = "" postgres_admin_password = "" -participant_management_auth_key = "" \ No newline at end of file +participant_management_auth_key = "" + +# S3 replication - substituted by pipeline (connector-up-apply.yml) +replicate_to_participant = +participant_account_id = "" +participant_bucket_name = "" \ No newline at end of file diff --git a/connector-deployment/variables.tf b/connector-deployment/variables.tf index a30e39ff6..d651b65ab 100644 --- a/connector-deployment/variables.tf +++ b/connector-deployment/variables.tf @@ -75,3 +75,22 @@ variable "participant_management_auth_key" { description = "Default API key for this participant's connector. For Kordat-managed participants the key is created once in Kordat and distributed via K8s patch (this default is overwritten). Set a fixed value for testing; default 'password' for seed scripts." default = "password" } + +# S3 replication (isolated per participant - only created when all three are set) +variable "replicate_to_participant" { + type = bool + description = "Enable replication from this participant's bucket to a destination participant bucket" + default = false +} + +variable "participant_account_id" { + type = string + description = "Destination AWS account ID for replication (e.g. GDM account)" + default = "" +} + +variable "participant_bucket_name" { + type = string + description = "Destination bucket name in the participant account (e.g. gdm-pre-backend-bucket)" + default = "" +}