Merge branch 'main' into postgres-operator

Author: pulledtim

.github/workflows/test.yaml

@@ -22,3 +22,4 @@ jobs:
         id: test        
         run: |
           mvn clean integration-test -Ptest
+          

charts/data-space-connector/Chart.yaml

@@ -7,7 +7,7 @@ dependencies:
   - name: postgresql
     condition: postgresql.enabled
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 13.1.5
+    version: 16.7.27
   # authentication
   - name: vcverifier
     condition: vcverifier.enabled
@@ -23,7 +23,7 @@ dependencies:
     repository: https://fiware.github.io/helm-charts
   - name: mysql
     condition: mysql.enabled
-    version: 9.4.4
+    version: 12.2.2
     repository: https://charts.bitnami.com/bitnami
   - name: dss-validation-service
     alias: dss
@@ -49,16 +49,16 @@ dependencies:
     alias: postgis
     condition: postgis.enabled
     repository: oci://registry-1.docker.io/bitnamicharts
-    version: 13.1.5
+    version: 16.7.27
   # issuance
   - name: keycloak
     condition: keycloak.enabled
-    version: 24.6.1
-    repository: https://charts.bitnami.com/bitnami
+    version: 24.5.2
+    repository: oci://registry-1.docker.io/bitnamicharts
   # contract management
   - name: tm-forum-api
     condition: tm-forum-api.enabled
-    version: 0.14.9
+    version: 0.14.11
     repository: https://fiware.github.io/helm-charts
   - name: contract-management
     condition: contract-management.enabled

charts/data-space-connector/templates/authentication-secrets.yaml

@@ -1,4 +1,5 @@
-{{- if .Values.authentication.generatePasswords.enabled }}
+{{- $existing := lookup "v1" "Secret" $.Release.Namespace .Values.authentication.generatePasswords.secretName }}
+{{- if and .Values.authentication.generatePasswords.enabled (not $existing) }}
 apiVersion: v1
 kind: Secret
 type: Opaque

charts/data-space-connector/templates/data-plane-secrets.yaml

@@ -1,4 +1,5 @@
-{{- if .Values.dataplane.generatePasswords.enabled }}
+{{- $existing := lookup "v1" "Secret" $.Release.Namespace .Values.dataplane.generatePasswords.secretName }}
+{{- if and .Values.dataplane.generatePasswords.enabled (not $existing) }}
 apiVersion: v1
 kind: Secret
 type: Opaque

charts/data-space-connector/templates/database-secrets.yaml

@@ -1,4 +1,5 @@
-{{- if .Values.postgresql.generatePasswords.enabled }}
+{{- $existing := lookup "v1" "Secret" $.Release.Namespace .Values.postgresql.generatePasswords.secretName }}
+{{- if and .Values.postgresql.generatePasswords.enabled (not $existing) }}
 apiVersion: v1
 kind: Secret
 type: Opaque

charts/data-space-connector/templates/issuance-secrets.yaml

@@ -1,4 +1,5 @@
-{{- if .Values.issuance.generatePasswords.enabled }}
+{{- $existing := lookup "v1" "Secret" $.Release.Namespace .Values.issuance.generatePasswords.secretName }}
+{{- if and .Values.issuance.generatePasswords.enabled (not $existing) }}
 apiVersion: v1
 kind: Secret
 type: Opaque

charts/data-space-connector/templates/marketplace-env-var-secret.yaml

@@ -1,4 +1,5 @@
-{{- if .Values.marketplace.generatePasswords.enabled }}
+{{- $existing := lookup "v1" "Secret" $.Release.Namespace (printf "%s-env" .Values.marketplace.generatePasswords.secretName) }}
+{{- if and .Values.marketplace.generatePasswords.enabled (not $existing) }}
 apiVersion: v1
 kind: Secret
 type: Opaque

charts/data-space-connector/templates/marketplace-secrets.yaml

@@ -1,4 +1,5 @@
-{{- if .Values.marketplace.generatePasswords.enabled }}
+{{- $existing := lookup "v1" "Secret" $.Release.Namespace .Values.marketplace.generatePasswords.secretName }}
+{{- if and .Values.marketplace.generatePasswords.enabled (not $existing) }}
 apiVersion: v1
 kind: Secret
 type: Opaque

charts/data-space-connector/templates/rainbow-ingress.yaml

@@ -5,17 +5,40 @@ metadata:
   name: rainbow
   namespace: {{ $.Release.Namespace | quote }}
   labels:
-    {{ include "dsc.labels" . | nindent 4 }}
+     {{- include "dsc.labels" . | nindent 4 }}
+  {{- if .Values.rainbow.ingress.annotations }}
+  annotations:
+    {{- with .Values.rainbow.ingress.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
 spec:
+  {{- if .Values.rainbow.ingress.className }}
+  ingressClassName: {{ .Values.rainbow.ingress.className }}
+  {{- end }}
+  {{- if .Values.rainbow.ingress.tls }}
+  tls:
+    {{- range .Values.rainbow.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
   rules:
-    - host: {{ .Values.rainbow.ingress.host }}
+  {{- range .Values.rainbow.ingress.hosts }}
+    - host: {{ .host | quote }}
       http:
         paths:
-          - path: /
-            pathType: Prefix
-            backend:
-              service:
-                name: rainbow
-                port:
-                  name: http
+        {{- range .paths }}
+        - path: {{ . }}
+          pathType: Prefix
+          backend:
+            service:
+              name: rainbow
+              port:
+                number: {{ $.Values.rainbow.service.port }}
+        {{- end }}
+  {{- end }}
 {{- end }}

charts/data-space-connector/templates/realm.yaml

@@ -106,6 +106,43 @@ data:
         {{ .Values.keycloak.realm.clients | nindent 8 }}
       ],
       "clientScopes": [
+        {
+          "name": "basic",
+          "description": "OpenID Connect scope for add all basic claims to the token",
+          "protocol": "openid-connect",
+          "attributes": {
+            "include.in.token.scope": "false",
+            "display.on.consent.screen": "false"
+          },
+          "protocolMappers": [
+            {
+              "id": "feebb873-c2a4-487b-afae-e7993a3d8082",
+              "name": "sub",
+              "protocol": "openid-connect",
+              "protocolMapper": "oidc-sub-mapper",
+              "consentRequired": false,
+              "config": {
+                "introspection.token.claim": "true",
+                "access.token.claim": "true"
+              }
+            },
+            {
+              "id": "a2531c5e-0cb4-4228-8d71-7cd03cea45d4",
+              "name": "auth_time",
+              "protocol": "openid-connect",
+              "protocolMapper": "oidc-usersessionmodel-note-mapper",
+              "consentRequired": false,
+              "config": {
+                "user.session.note": "AUTH_TIME",
+                "id.token.claim": "true",
+                "introspection.token.claim": "true",
+                "access.token.claim": "true",
+                "claim.name": "auth_time",
+                "jsonType.label": "long"
+              }
+            }
+          ]
+        },
         {
           "name": "roles",
           "description": "OpenID Connect scope for add user roles to the access token",