Chore/edc 0.7.0 iatp mock

[ds-jhartmann]

Description

• Add iatp mock and helm chart
• update tx-data-provider EDC to 0.7.1
• switch to fixed key/cert for EDC which can be used for iatp mock
• add bdrs memory service + seeding with BPN + DIDs

eclipse-tractusx/sig-release#710

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

• DEPENDENCIES are up-to-date. Dash license tool. Committers can open IP issues for restricted libs.
• Copyright and license header are present on all affected files

[gitguardian]

️✅ There are no secrets present in this pull request anymore.

If these secrets were true positive and are still valid, we highly recommend you to revoke them.
Once a secret has been leaked into a git repository, you should consider it compromised, even if it was deleted immediately.
Find here more information about risks.

---

^{_{🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.}}

[evegufy]

Looks really good! Just some comments and when installing locally with dataexchange subset, I encounter the following issue:
Error: INSTALLATION FAILED: execution error at (umbrella/charts/tx-data-provider/charts/tractusx-connector/templates/deployment-controlplane.yaml:302:75): .Values.backendService.httpProxyTokenReceiverUrl is required

[evegufy]

we should discuss if it's not worth to also publish the image, for e2e testing maybe not necessary but from a local sandbox (easy entrance point for new developers) maybe beneficial

[ds-jhartmann]

That's something I don't like either. The mock requires configuration in code which can change depending on the use-case. I did not manage to get this configurable via helm chart in a reasonable amount of time, so I decided to not publish the image.
I'm open for suggestions here

[evegufy]

@tom-rm-meyer-ISST could you please have a look if it's possible to make the mock more configurable?

[ds-jhartmann]

Looks really good! Just some comments and when installing locally with dataexchange subset, I encounter the following issue: Error: INSTALLATION FAILED: execution error at (umbrella/charts/tx-data-provider/charts/tractusx-connector/templates/deployment-controlplane.yaml:302:75): .Values.backendService.httpProxyTokenReceiverUrl is required

Regarding the local installation:
I could not reproduce this on my machine. Did you update the depencencies of the tx-data-provider chart? Since the EDC version was updated, the charts have to be pulled first.
I could install it with

helm dep up .\charts\tx-data-provider\
helm dep up .\charts\umbrella\
helm install umbrella .\charts\umbrella\ -n umbrella --create-namespace -f .\charts\umbrella\values-adopter-data-exchange.yaml

[evegufy]

Looks really good! Just some comments and when installing locally with dataexchange subset, I encounter the following issue: Error: INSTALLATION FAILED: execution error at (umbrella/charts/tx-data-provider/charts/tractusx-connector/templates/deployment-controlplane.yaml:302:75): .Values.backendService.httpProxyTokenReceiverUrl is required

Regarding the local installation: I could not reproduce this on my machine. Did you update the depencencies of the tx-data-provider chart? Since the EDC version was updated, the charts have to be pulled first. I could install it with

helm dep up .\charts\tx-data-provider\
helm dep up .\charts\umbrella\
helm install umbrella .\charts\umbrella\ -n umbrella --create-namespace -f .\charts\umbrella\values-adopter-data-exchange.yaml

HI @ds-jhartmann thanks I was able to install it but the dataprovider testdata postinstall is failing, that's not the case for you?
logs-from-post-install-job-in-umbrella-dataprovider-post-install-testdata-rl89g.log

[evegufy]

Looks really good! Just some comments and when installing locally with dataexchange subset, I encounter the following issue: Error: INSTALLATION FAILED: execution error at (umbrella/charts/tx-data-provider/charts/tractusx-connector/templates/deployment-controlplane.yaml:302:75): .Values.backendService.httpProxyTokenReceiverUrl is required

Regarding the local installation: I could not reproduce this on my machine. Did you update the depencencies of the tx-data-provider chart? Since the EDC version was updated, the charts have to be pulled first. I could install it with

helm dep up .\charts\tx-data-provider\
helm dep up .\charts\umbrella\
helm install umbrella .\charts\umbrella\ -n umbrella --create-namespace -f .\charts\umbrella\values-adopter-data-exchange.yaml

HI @ds-jhartmann thanks I was able to install it but the dataprovider testdata postinstall is failing, that's not the case for you? logs-from-post-install-job-in-umbrella-dataprovider-post-install-testdata-rl89g.log

as discussed, it was an issue on my local, install works 👍

[evegufy]

just commenting that I noticed the following warning as install

coalesce.go:289: warning: destination for tractusx-connector.vault.injector.webhook.objectSelector is a table. Ignoring non-table value (matchExpressions:
- key: app.kubernetes.io/name
  operator: NotIn
  values:
  - {{ template "vault.name" . }}-agent-injector
)
coalesce.go:289: warning: destination for tractusx-connector.vault.injector.webhook.objectSelector is a table. Ignoring non-table value (matchExpressions:
- key: app.kubernetes.io/name
  operator: NotIn
  values:
  - {{ template "vault.name" . }}-agent-injector
)

as discussed, they appear to be inherent to the new edc version in this install scenario

[evegufy]

as discussed in the last open meeting, it would be great to prepare for easy image override, I hope it's fine that I pushed the change cc5200e

[tom-rm-meyer-ISST]

For some reason my comment was still 'pending'.

@ds-jhartmann @evegufy I had a check on that as I've not yet done a configuration for python. I think I would be able to achieve a configuration in either of the two ways in around < 0.5PD. The options below only focus on the docker environment vars.

Sidenotes:

• It may make sense to configure only one trusted issuer, as this should be sufficient. Further the ES256 keys need to be generated just once and are used for all partners.
• One need to mount the key directory with their names accordingly and need to put the private + public keys into the vaults as the EDC accesses them.

As some time went by, do we need further configuration options? How should I contribute that? First in PURIS or directly with a branch forked from this branch so that you can merge? I maybe can manage to get this within this or latest by end of next week. I can also adapt it in the puris repo so that one of you can review it and see the delta easily.

Option A: configure participants and their key via json array in one environment var

PARTICIPANTS='[
       {
           "did": "did:web:mock-util-service/trusted-issuer",
           "bpnl": "NONE",
           "did_resolve_name": "trusted-issuer",
           "kid_vault": "",
           "private_key_path": "",
           "is_trusted_issuer": true
       },
       {
           "did": "did:web:mock-util-service/supplier",
           "bpnl": "BPNL1234567890ZZ",
           "did_resolve_name": "supplier",
           "kid_vault": "supplier-cert",
           "private_key_path": "keys/supplier.key",
           "is_trusted_issuer": false
       },
       {
           "did": "did:web:mock-util-service/customer",
           "bpnl": "BPNL4444444444XX",
           "did_resolve_name": "customer",
           "kid_vault": "customer-cert",
           "private_key_path": "keys/customer.key",
           "is_trusted_issuer": false
       }
   ]'

Option B: configure participants dynamically using prefix

PARTICIPANT_1_DID="did:web:mock-util-service/trusted-issuer"
PARTICIPANT_1_BPNL="NONE"
PARTICIPANT_1_DID_RESOLVE_NAME="trusted-issuer"
PARTICIPANT_1_KID_VAULT=""
PARTICIPANT_1_PRIVATE_KEY_PATH=""
PARTICIPANT_1_IS_TRUSTED_ISSUER=true

PARTICIPANT_2_DID="did:web:mock-util-service/supplier"
PARTICIPANT_2_BPNL="BPNL1234567890ZZ"
PARTICIPANT_2_DID_RESOLVE_NAME="supplier"
PARTICIPANT_2_KID_VAULT="supplier-cert"
PARTICIPANT_2_PRIVATE_KEY_PATH="keys/supplier.key"
PARTICIPANT_2_IS_TRUSTED_ISSUER=false

PARTICIPANT_3_DID="did:web:mock-util-service/customer"
PARTICIPANT_3_BPNL="BPNL4444444444XX"
PARTICIPANT_3_DID_RESOLVE_NAME="customer"
PARTICIPANT_3_KID_VAULT="customer-cert"
PARTICIPANT_3_PRIVATE_KEY_PATH="keys/customer.key"
PARTICIPANT_3_IS_TRUSTED_ISSUER=false

[ds-jhartmann]

Hi @tom-rm-meyer-ISST thank you for the input.
I like Option A a bit better, I think it makes it a bit easier to add additional participants.
It would be great, if you could contribute this directly to the umbrella repo.

[tom-rm-meyer-ISST]

Hi @tom-rm-meyer-ISST thank you for the input. I like Option A a bit better, I think it makes it a bit easier to add additional participants. It would be great, if you could contribute this directly to the umbrella repo.

Will try to give it a shot after QGate / R24.08. Which branch should I use to fork from? this one or upgrade/24.05?

[ds-jhartmann]

The IAPT mock is not yet available on upgrade/24.05, so I would recommend to fork from this branch