Merge pull request #2 from AmadeusITGroup/bump_eonax_v0.5.2

chore: bump Eona-X components version to `v0.5.2`
AmadeusITGroup · Feb 26, 2024 · e30fb73 · e30fb73
2 parents 13c5405 + b94aae8
commit e30fb73
Show file tree

Hide file tree

Showing 36 changed files with 1,779 additions and 681 deletions.
diff --git a/deployment/data/Seeding.postman_collection.json b/deployment/data/Seeding.postman_collection.json
diff --git a/deployment/main.tf b/deployment/main.tf
@@ -5,9 +5,7 @@ locals {
   base64Token                   = base64encode("${var.container_registry_username}:${var.container_registry_token}")
   secretJson                    = "{\"auths\":{\"ghcr.io\":{\"auth\":\"${local.base64Token}\"}}}"
 
-  registration_service_mock_name = "registration-service-mock"
-  registration_service_mock_port = 8080
-  registration_service_mock_host = "${local.registration_service_mock_name}:${local.registration_service_mock_port}"
+  participants = [var.data_provider, var.data_consumer]
 }
 
 ###################
@@ -17,7 +15,8 @@ locals {
 module "db" {
   source = "./modules/db"
 
-  participant_names = [for p in var.participants : p.name]
+  authority_name    = var.authority.name
+  participant_names = [for p in local.participants : p.name]
 }
 
 ####################################
@@ -53,32 +52,65 @@ resource "kubernetes_secret_v1" "docker-image-pull-secret" {
   type = "kubernetes.io/dockerconfigjson"
 }
 
-#########################
-## EONA-X PARTICIPANTS ##
-#########################
+##################
+## PARTICIPANTS ##
+##################
 
 module "participant" {
   source = "./modules/participant"
 
-  for_each                         = { for p in var.participants : p.name => p }
-  participant                      = each.value
+  for_each    = { for p in local.participants : p.name => p }
+  participant = each.value
+
+  # POSTGRES
   postgres_host                    = module.db.postgres_host
-  registration_service_url         = "http://${local.registration_service_mock_host}"
   postgres_credentials_secret_name = kubernetes_secret.postgresql-db-secret.metadata.0.name
-  docker_image_pull_secret_name    = local.docker_image_pull_secret_name
-  connector_docker_image_repo      = var.connector_docker_image_repo
-  connector_helm_chart_repo        = var.connector_helm_chart_repo
-  connector_version                = var.connector_version
+
+  # DOCKER
+  docker_image_pull_secret_name = kubernetes_secret_v1.docker-image-pull-secret.metadata.0.name
+  helm_chart_repo               = var.helm_chart_repo
+
+  # CONNECTOR
+  connector_repo       = var.connector_repo
+  connector_chart_name = var.connector_chart_name
+  connector_version    = var.connector_version
+
+  # IDENTITY HUB
+  identityhub_repo       = var.identityhub_repo
+  identityhub_chart_name = var.identityhub_chart_name
+  identityhub_version    = var.identityhub_version
 }
 
-###############################
-## REGISTRATION SERVICE MOCK ##
-###############################
+#########################
+## DATASPACE AUTHORITY ##
+#########################
+
+module "authority" {
+  source = "./modules/authority"
+
+  authority = var.authority
+
+  participants = [
+    for p in local.participants : merge(p, {
+      did : module.participant[p.name].did_url
+    })
+  ]
+
+  # POSTGRES
+  postgres_host                    = module.db.postgres_host
+  postgres_credentials_secret_name = kubernetes_secret.postgresql-db-secret.metadata.0.name
+
+  # DOCKER
+  docker_image_pull_secret_name = kubernetes_secret_v1.docker-image-pull-secret.metadata.0.name
+  helm_chart_repo               = var.helm_chart_repo
 
-module "registration-service-mock" {
-  source = "./modules/registration-service-mock"
+  # FEDERATED CATALOG
+  federatedcatalog_chart_name = var.federatedcatalog_chart_name
+  federatedcatalog_repo       = var.federatedcatalog_repo
+  federatedcatalog_version    = var.federatedcatalog_version
 
-  participants_did = [for p in module.participant : p.did_url]
-  name             = local.registration_service_mock_name
-  server_port      = local.registration_service_mock_port
+  # IDENTITY HUB
+  identityhub_chart_name = var.identityhub_chart_name
+  identityhub_version    = var.identityhub_version
+  identityhub_repo       = var.identityhub_repo
 }
diff --git a/deployment/modules/authority/catalog.tf b/deployment/modules/authority/catalog.tf
@@ -0,0 +1,83 @@
+locals {
+  catalog_release_name = "${var.authority.name}-federatedcatalog"
+
+  crawler_initial_delay    = 10
+  crawler_execution_period = 10
+}
+
+resource "helm_release" "federated-catalog" {
+  name              = local.catalog_release_name
+  cleanup_on_fail   = true
+  dependency_update = true
+  recreate_pods     = true
+  repository        = var.helm_chart_repo
+  chart             = var.federatedcatalog_chart_name
+  version           = var.federatedcatalog_version
+
+  values = [
+    yamlencode({
+
+      "imagePullSecrets" : [
+        {
+          "name" : var.docker_image_pull_secret_name
+        }
+      ],
+
+      "federatedcatalog" : {
+        "image" : {
+          "repository" : var.federatedcatalog_repo
+          "tag" : var.federatedcatalog_version
+        },
+        "did" : {
+          "web" : {
+            "url" : local.did_url,
+            "useHttps" : false
+          }
+        },
+        "crawler" : {
+          "participantsRegistry" : {
+            "url" : "http://${local.participants_registry_name}:8080/participants.json"
+          },
+          "cache" : {
+            "executionPeriodSeconds" : local.crawler_execution_period
+            "executionDelaySeconds" : local.crawler_initial_delay
+          }
+        },
+        "trustedIssuers" : {
+          "authority" : {
+            "did" : local.did_url
+          }
+        },
+        "keys" : {
+          "sts" : {
+            "privateKeyVaultAlias" : local.privatekey_alias,
+            "publicKeyDid" : local.did_url
+          }
+        },
+        "ingress" : {
+          "enabled" : true
+          "className" : "nginx"
+          "annotations" : {
+            "nginx.ingress.kubernetes.io/ssl-redirect" : "false"
+            "nginx.ingress.kubernetes.io/use-regex" : "true"
+            "nginx.ingress.kubernetes.io/rewrite-target" : "/api/$1$2"
+          },
+          "endpoints" : [
+            {
+              "port" : 8181,
+              "path" : "/${var.authority.name}/catalog/(management)(.*)"
+            }
+          ]
+        },
+        "vault" : {
+          "hashicorp" : {
+            "url" : module.vault.vault_url
+            "token" : module.vault.vault_token
+          }
+        }
+      }
+    })
+  ]
+
+  depends_on = [kubernetes_service.registry-service, module.vault]
+}
diff --git a/deployment/modules/authority/identityhub.tf b/deployment/modules/authority/identityhub.tf
@@ -0,0 +1,97 @@
+locals {
+  identityhub_release_name = "${var.authority.name}-identityhub"
+
+  credential_service_url = "http://${local.identityhub_release_name}:8282/api/resolution"
+  did_url                = "did:web:${local.identityhub_release_name}%3A8383:api:did"
+}
+
+############################
+## VERIFIABLE CREDENTIALS ##
+############################
+
+resource "kubernetes_config_map" "verifiable-credentials" {
+
+  metadata {
+    name = "${local.identityhub_release_name}-credentials"
+  }
+
+  data = {
+    "credentials.json" = jsonencode(var.authority.vc)
+  }
+}
+
+##################
+## IDENTITY HUB ##
+##################
+
+resource "helm_release" "identity-hub" {
+  name              = local.identityhub_release_name
+  cleanup_on_fail   = true
+  dependency_update = true
+  recreate_pods     = true
+  repository        = var.helm_chart_repo
+  chart             = var.identityhub_chart_name
+  version           = var.identityhub_version
+
+  values = [
+    yamlencode({
+
+      "imagePullSecrets" : [
+        {
+          "name" : var.docker_image_pull_secret_name
+        }
+      ],
+
+      "identityhub" : {
+        "image" : {
+          "repository" : var.identityhub_repo
+          "tag" : var.identityhub_version
+        },
+        "keys" : {
+          "sts" : {
+            "publicKeyVaultAlias" : local.publickey_alias
+          }
+        },
+        "did" : {
+          "web" : {
+            "url" : local.did_url,
+            "useHttps" : false
+          }
+        },
+        "postgresql" : {
+          "jdbcUrl" : "jdbc:postgresql://${var.postgres_host}/${var.authority.name}",
+          "secret" : {
+            "name" : var.postgres_credentials_secret_name
+          }
+        },
+        "ingress" : {
+          "enabled" : true
+          "className" : "nginx"
+          "annotations" : {
+            "nginx.ingress.kubernetes.io/ssl-redirect" : "false"
+            "nginx.ingress.kubernetes.io/use-regex" : "true"
+            "nginx.ingress.kubernetes.io/rewrite-target" : "/api/$1$2"
+          },
+          "endpoints" : [
+            {
+              "port" : 8181,
+              "path" : "/${var.authority.name}/ih/(management)(.*)"
+            },
+            {
+              "port" : 8282,
+              "path" : "/${var.authority.name}/ih/(resolution)(.*)"
+            }
+          ]
+        },
+        "vault" : {
+          "hashicorp" : {
+            "url" : module.vault.vault_url
+            "token" : module.vault.vault_token
+          }
+        }
+      }
+    })
+  ]
+
+  depends_on = [module.vault]
+}
diff --git a/deployment/modules/authority/main.tf b/deployment/modules/authority/main.tf
@@ -0,0 +1,10 @@
+locals {
+  privatekey_alias = var.authority.name
+  publickey_alias  = "${local.privatekey_alias}-pub"
+}
+
+module "vault" {
+  source = "../vault"
+
+  participant_name = var.authority.name
+}
diff --git a/deployment/modules/authority/providers.tf b/deployment/modules/authority/providers.tf
@@ -0,0 +1,7 @@
+terraform {
+  required_providers {
+    helm = {
+      source = "hashicorp/helm"
+    }
+  }
+}