Merge pull request #95 from FIWARE/dcql

Support Central Marketplace and increase verifeir version to support DCQL

Author: wistefan

charts/data-space-connector/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: data-space-connector
 description: Umbrella Chart for the FIWARE Data Space Connector, combining all essential parts to be used by a participant.
 type: application
-version: 8.2.22
+version: 8.3.0
 dependencies:
   - name: postgresql
     condition: postgresql.enabled
@@ -11,11 +11,11 @@ dependencies:
   # authentication
   - name: vcverifier
     condition: vcverifier.enabled
-    version: 4.1.2
+    version: 4.3.0
     repository: https://fiware.github.io/helm-charts
   - name: credentials-config-service
     condition: credentials-config-service.enabled
-    version: 2.1.12
+    version: 2.3.0
     repository: https://fiware.github.io/helm-charts
   - name: trusted-issuers-list
     condition: trusted-issuers-list.enabled
@@ -33,7 +33,7 @@ dependencies:
   # authorization
   - name: odrl-pap
     condition: odrl-pap.enabled
-    version: 2.0.2
+    version: 2.3.0
     repository: https://fiware.github.io/helm-charts
   - name: apisix
     condition: apisix.enabled
@@ -53,16 +53,16 @@ dependencies:
   # issuance
   - name: keycloak
     condition: keycloak.enabled
-    version: 24.5.2
+    version: 25.2.0
     repository: oci://registry-1.docker.io/bitnamicharts
   # contract management
   - name: tm-forum-api
     condition: tm-forum-api.enabled
-    version: 0.14.11
+    version: 0.14.14
     repository: https://fiware.github.io/helm-charts
   - name: contract-management
     condition: contract-management.enabled
-    version: 3.2.0
+    version: 3.5.6
     repository: https://fiware.github.io/helm-charts
   # marketplace
   - name: business-api-ecosystem

charts/data-space-connector/templates/did-cm.yaml

@@ -22,12 +22,17 @@ data:
             {{- else }}
             "kty: "RSA",
             {{- end }}
+            {{- if eq .Values.didJson.key.kty "RSA" }}
             "e": {{ .Values.didJson.key.exponent | quote }},
             "n": {{ .Values.didJson.key.modulus | quote }},
+            {{- end }}
+            {{- if eq .Values.didJson.key.kty "EC" }}
+            "crv": {{ .Values.didJson.key.crv | quote }},
+            "x": {{ .Values.didJson.key.xCoord | quote }},
+            "y": {{ .Values.didJson.key.yCoord | quote }},
+            {{- end }}
             {{- if .Values.didJson.key.x5u }}
             "x5u": {{ .Values.didJson.key.x5u | quote }}
-            {{- else }}
-            "x5u": "https://fancy-marketplace.biz/.well-known/tls.crt"
             {{- end }}
           }
         }

charts/data-space-connector/templates/did-ingress.yaml

@@ -4,10 +4,40 @@ kind: Ingress
 metadata:
   name: did-json
   namespace: {{ $.Release.Namespace | quote }}
-{{- if .Values.didJson.ingress.annotations }}
   annotations:
-{{- toYaml .Values.didJson.ingress.annotations | nindent 4 }}
-{{- end }}
+    {{- with .Values.didJson.ingress.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  labels:
+    {{ include "dsc.labels" . | nindent 4 }}
+spec:
+  {{- if .Values.didJson.ingress.tlsSecret }}
+  tls:
+    - hosts:
+      - {{ .Values.didJson.ingress.host }}
+      secretName: {{ .Values.didJson.ingress.tlsSecret }}
+  {{- end }}
+  rules:
+    - host: {{ .Values.didJson.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: did-json
+                port:
+                  name: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: did-json-unsecured
+  namespace: {{ $.Release.Namespace | quote }}
+  annotations:
+    {{- with .Values.didJson.ingress.annotations }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
   labels:
     {{ include "dsc.labels" . | nindent 4 }}
 spec:

charts/data-space-connector/templates/participant-registration.yaml

@@ -13,9 +13,7 @@ data:
     {{ .Values.registration.prepScript }} 
     {{- end }}
     {{- $registration := .Values.registration}}
-    {{- range $index, $credentialType := .Values.registration.credentialTypes }}
 
-    # credentials config service registration
     curl -v -X 'POST' \
       '{{ $registration.til }}/issuer' \
       -H 'accept: */*' \
@@ -31,6 +29,5 @@ data:
         {{- end }}
       ]
     }"
-    {{- end }}
 
 {{- end }}

charts/data-space-connector/templates/realm.yaml

@@ -11,8 +11,8 @@ data:
     {
       "id": "{{ .Values.keycloak.realm.name }}",
       "realm": "{{ .Values.keycloak.realm.name }}",
-      "displayName": "Keycloak",
-      "displayNameHtml": "<div class=\"kc-logo-text\"><span>Keycloak</span></div>",
+      "displayName": "{{ .Values.keycloak.realm.name }}",
+      "displayNameHtml": "<div class=\"kc-logo-text\"><span>{{ .Values.keycloak.realm.name }}</span></div>",
       "verifiableCredentialsEnabled": true,
       "enabled": true,
       "attributes": {
@@ -630,9 +630,33 @@ data:
             "providerId": "jwt_vc"
           } 
         ],
-        
-        {{- if eq .Values.elsi.enabled  true }}
         "org.keycloak.keys.KeyProvider": [
+          {
+            "name": "ecdh-generated",
+            "providerId": "ecdh-generated",
+            "subComponents": {},
+            "config": {
+              "ecGenerateCertificate": [
+                "false"
+              ],
+              "active": [
+                "true"
+              ],
+              "priority": [
+                "0"
+              ],
+              "ecdhAlgorithm": [
+                "ECDH-ES"
+              ],
+              "ecdhEllipticCurveKey": [
+                "P-256"
+              ],
+              "enabled": [
+                "true"
+              ]
+            }
+          },
+        {{- if eq .Values.elsi.enabled  true }}
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
             "name": {{ .Values.elsi.keyAlias | quote }},
@@ -658,9 +682,7 @@ data:
               ]
             }
           }
-        ]
         {{- else if .Values.keycloak.signingKey }}
-        "org.keycloak.keys.KeyProvider": [
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
             "name": "signing-key",
@@ -690,9 +712,7 @@ data:
               ]
             }
           }
-        ]
         {{ else }}
-        "org.keycloak.keys.KeyProvider": [
           {
             "id": "a4589e8f-7f82-4345-b2ea-ccc9d4366600",
             "name": "test-key",
@@ -718,8 +738,8 @@ data:
               ]
             }
           }
-        ]
         {{- end }}
+        ]
       }
     }
 

charts/data-space-connector/values.yaml

@@ -24,6 +24,7 @@ issuance:
 
 # -- configuration for the mysql to be deployed as part of the connector, see https://github.com/bitnami/charts/tree/main/bitnami/mysql for all options
 mysql:
+  kubeVersion: 1.34-1
   # -- should it be enabled? set to false if one outside the chart is used.
   enabled: true
   global:
@@ -116,6 +117,7 @@ credentials-config-service:
     enabled: false
 # -- configuration for the postgresql to be deployed as part of the connector, see https://github.com/bitnami/charts/tree/main/bitnami/postgresql for all options
 postgresql:
+  kubeVersion: 1.34-1
   # -- should it be enabled? set to false if one outside the chart is used.
   enabled: true
   global:
@@ -205,6 +207,7 @@ tpp:
 
 # -- configuration for apisix to be deployed as part of the connector, see https://github.com/bitnami/charts/tree/main/bitnami/apisix for all options
 apisix:
+  kubeVersion: 1.34-1
   global:
     security:
       # allow the image from the legacy repo
@@ -237,6 +240,7 @@ apisix:
       repository: bitnamilegacy/apisix-ingress-controller
   # -- configuration in regard to the apisix etcd
   etcd:
+    kubeVersion: 1.34-1
     # -- should it be enabled
     enabled: true
     global:
@@ -356,6 +360,7 @@ apisix:
 
 # -- configuration for the postgresql to be deployed as part of the connector, see https://github.com/bitnami/charts/tree/main/bitnami/postgresql for all options
 postgis:
+  kubeVersion: 1.34-1
   # -- should it be enabled? set to false if one outside the chart is used.
   enabled: true
   global:
@@ -469,6 +474,7 @@ elsi:
 
 ## configuration of the keycloak - see https://github.com/bitnami/charts/tree/main/bitnami/keycloak for details
 keycloak:
+  kubeVersion: 1.34-1
   # -- should it be enabled? set to false if one outside the chart is used.
   enabled: true
   global:
@@ -479,12 +485,13 @@ keycloak:
   image:
     # -- repository where the image is held, see https://github.com/bitnami/charts/issues/35164 for further info
     repository: bitnamilegacy/keycloak
-    tag: 26.3.2-debian-12-r0
   # -- disable the security context, required by the current quarkus container, will be solved in the future chart versions of keycloak
   containerSecurityContext:
     enabled: false
   proxyHeaders: xforwarded
   proxy: edge
+  tls:
+    enabled: false
   service:
     ports:
       http: 8080
@@ -523,8 +530,6 @@ keycloak:
 
   # -- extra env vars to be set. we require them at the moment, since some of the chart config mechanisms only work with the bitnami-image
   extraEnvVars:
-    - name: KEYCLOAK_LOG_LEVEL
-      value: INFO
     - name: KEYCLOAK_EXTRA_ARGS
       value: "--import-realm"
     - name: KC_FEATURES
@@ -611,6 +616,7 @@ keycloak:
         "frontchannelLogout": false,
         "protocol": "oid4vc",
         "attributes": {
+          "oid4vci.enabled": true,
           "client.secret.creation.time": "1675260539",
           "vc.natural-person.format": "jwt_vc",
           "vc.natural-person.scope": "NaturalPersonCredential",
@@ -851,6 +857,8 @@ contract-management:
   # -- should it be enabled? set to false if one outside the chart is used.
   enabled: true
   fullnameOverride: contract-management
+  til:
+    credentialType: OperatorCredential
   services:
     ## Config for Trusted Issuers List
     trusted-issuers-list:
@@ -881,6 +889,7 @@ contract-management:
     odrl:
       ## URL to the ODRL-PAP
       url: http://odrl-pap:8080
+  
 
 # -- configuration for the did-helper, should only be used for demonstrational deployments, see https://github.com/wistefan/did-helper
 did:
@@ -889,7 +898,6 @@ did:
 # -- configuration for registering a participant at the til, will most probably only be used in demonstrational enviornments
 registration:
   enabled: false
-  prepScript: "test"
 
 # -- configuration for the .well-known/data-space-configuration endpoint document
 dataSpaceConfig:
@@ -911,9 +919,42 @@ dataSpaceConfig:
   authenticationProtocols: []
 
 
+## didJson provider to make the did.json file available
 didJson:
+  # -- should the did.json be provided?
   enabled: false
+  # -- port of the service to be used
+  port: 3000
+  # -- did to be serverd
+  did:
+  # -- key material to be provided in the jwk of the did.json
   key:
+    # -- kty to be used in the jwk - RSA and EC supported
+    kty: EC
+    # -- optional x5u endpoint to provide access to the corresponding cert chain
+    x5u: 
+    # -- In case of kty==EC: xCoord of the EC key 
+    xCoord:
+    # -- In case of kty==EC: yCoord of the EC key 
+    yCoord:
+    # -- In case of kty==EC: curve to be used for the EC key
+    crv:
+    # -- In case of kty==RSA: exponent of the RSA key
+    exponent:
+    # -- In case of kty==RSA: modulus of the RSA key
+    modulus:
+  # -- ingress configuration of the did.json
+  ingress:
+    # -- should the ingress be enabled?
+    enabled: false
+    # -- host to provide the did.json at
+    host:
+    # -- tls secret to be used for the ingress
+    tlsSecret:
+    # -- annotations to be applied to the ingress
+    annotations:
+      traefik.ingress.kubernetes.io/service.passhostheader: "true"
+      traefik.ingress.kubernetes.io/router.tls: "true"
 
 ## Installation of the mongo-operator - see https://github.com/mongodb/helm-charts/tree/main/charts/community-operator
 mongo-operator: