chore: add SSI Credential Issuer

charts/umbrella/Chart.yaml

@@ -28,7 +28,7 @@ sources:
   - https://github.com/eclipse-tractusx/tractus-x-umbrella
 
 type: application
-version: 0.20.0
+version: 0.21.0
 
 # when adding or updating versions of dependencies, also update list under README.md#Install
 dependencies:
@@ -62,6 +62,11 @@ dependencies:
     alias: selfdescription
     repository: https://eclipse-tractusx.github.io/charts/dev
     version: 2.1.19
+    # ssi-credential-issuer
+  - name: ssi-credential-issuer
+    condition: ssi-credential-issuer.enabled
+    repository: https://eclipse-tractusx.github.io/charts/dev
+    version: 1.0.0
   # semantic-hub
   - condition: semantic-hub.enabled
     name: semantic-hub

charts/umbrella/README.md

@@ -117,6 +117,7 @@ If you still face DNS issues, add the hosts to your /etc/hosts file:
 192.168.49.2    portal-backend.tx.test
 192.168.49.2    semantics.tx.test
 192.168.49.2    sdfactory.tx.test
+192.168.49.2    ssi.tx.test
 192.168.49.2    dataconsumer-1-dataplane.tx.test
 192.168.49.2    dataconsumer-1-controlplane.tx.test
 192.168.49.2    dataprovider-dataplane.tx.test
@@ -144,6 +145,7 @@ For Windows edit the hosts file under `C:\Windows\System32\drivers\etc\hosts`:
 192.168.49.2    portal-backend.tx.test
 192.168.49.2    semantics.tx.test
 192.168.49.2    sdfactory.tx.test
+192.168.49.2    ssi.tx.test
 192.168.49.2    dataconsumer-1-dataplane.tx.test
 192.168.49.2    dataconsumer-1-controlplane.tx.test
 192.168.49.2    dataprovider-dataplane.tx.test
@@ -168,6 +170,7 @@ The currently available components are following:
 - [sdfactory](https://github.com/eclipse-tractusx/sd-factory/tree/sdfactory-2.1.12)
 - [managed-identity-wallet](https://github.com/eclipse-tractusx/managed-identity-wallet/tree/v0.4.0)
 - [semantic-hub](https://github.com/eclipse-tractusx/sldt-semantic-hub/tree/semantic-hub-0.2.2)
+- [ssi credential issuer](https://github.com/eclipse-tractusx/ssi-credential-issuer/tree/v1.0.0)
 - [dataconsumerOne](https://github.com/eclipse-tractusx/tractus-x-umbrella/tree/main/charts/tx-data-provider) ([tractusx-edc](https://github.com/eclipse-tractusx/tractusx-edc/tree/0.7.1), [vault](https://github.com/hashicorp/vault-helm/tree/v0.20.0))
 - [tx-data-provider](https://github.com/eclipse-tractusx/tractus-x-umbrella/tree/main/charts/tx-data-provider) ([tractusx-edc](https://github.com/eclipse-tractusx/tractusx-edc/tree/0.7.1), [digital-twin-registry](https://github.com/eclipse-tractusx/sldt-digital-twin-registry/tree/digital-twin-registry-0.4.5), [vault](https://github.com/hashicorp/vault-helm/tree/v0.20.0), [simple-data-backend](https://github.com/eclipse-tractusx/tractus-x-umbrella/tree/main/charts/simple-data-backend))
 - [dataconsumerTwo](https://github.com/eclipse-tractusx/tractus-x-umbrella/tree/main/charts/tx-data-provider) ([tractusx-edc](https://github.com/eclipse-tractusx/tractusx-edc/tree/0.7.1), [vault](https://github.com/hashicorp/vault-helm/tree/v0.20.0))
@@ -426,6 +429,7 @@ Currently enabled ingresses:
   - http://portal-backend.tx.test/api/notification/swagger/index.html
 - http://portal.tx.test
 - http://semantics.tx.test/discoveryfinder/swagger-ui/index.html
+- http://ssi.tx.test/
 - http://dataconsumer-1-controlplane.tx.test
 - http://dataconsumer-1-dataplane.tx.test
 - http://dataprovider-dataplane.tx.test

charts/umbrella/values.yaml

@@ -46,6 +46,7 @@
   sdfactoryAddress: "http://sdfactory.tx.test"
   clearinghouseAddress: "http://validation.tx.test"
   clearinghouseTokenAddress: "http://keycloak.tx.test/realms/example/protocol/openid-connect/token"
+  issuerComponentAddress: "http://ssi.tx.test"
   frontend:
     ingress:
       enabled: true
@@ -639,6 +640,125 @@
           - path: /
             pathType: ImplementationSpecific
 
+ssi-credential-issuer:
+  enabled: false
+  portalBackendAddress: "http://portal-backend.tx.test"
+  walletAddress: "http://managed-identity-wallets.tx.test"
+  walletTokenAddress: "http://centralidp.tx.test/auth/realms/CX-Central/protocol/openid-connect/token"
+
+  issuer:
+    swaggerEnabled: true
+    logging:
+      businessLogic: "Debug"
+      default: "Debug"
+    portal:
+      # -- Provide portal client-id from CX IAM centralidp.
+      # You must specify the technical user with the required roles for the interaction with the portal
+      clientId: "sa-cl24-01"
+      # -- Client-secret for portal client-id. Secret-key 'portal-client-secret'.
+      clientSecret: "VRHQM2NOA4176Vrscxey1DdO4P7ikUQc"
+    credential:
+      issuerDid: "did:web:managed-identity-wallets.tx.test:BPNL00000003CRHK"
+      issuerBpn: "BPNL00000003CRHK"
+      # statusListUrl: "https://example.org/statuslist"
+      encryptionConfigIndex: 0
+      encryptionConfigs:
+        index0:
+          # EncryptionKey for wallet. Secret-key 'credential-encryption-key0'. Expected format is 256 bit (64 digits) hex.
+          encryptionKey: "deb8261ec7b89c344f1c5ef5a11606e305f14e0d231b1357d90ad0180c5081d3"
+
+  processesworker:
+    portal:
+      # -- Provide portal client-id from CX IAM centralidp.
+      # You must specify the technical user with the required roles for the interaction with the portal
+      clientId: "sa-cl24-01"
+      # -- Client-secret for portal client-id. Secret-key 'portal-client-secret'.
+      clientSecret: "VRHQM2NOA4176Vrscxey1DdO4P7ikUQc"
+    logging:
+      default: "Debug"
+    processIdentity:
+      identityId: ac1cf001-7fbc-1f2f-817f-bce058020006
+    wallet:
+      # -- Provide wallet client-id from CX IAM centralidp.
+      # You must specify the technical user with the required roles for the interaction with the managed-identity-wallet
+      clientId: "sa-cl5-custodian-2"
+      # -- Client-secret for wallet client-id. Secret-key 'wallet-client-secret'.
+      clientSecret: "UIqawwoohsvZ6AZOd1llLhnsUTKMWe4D"
+      encryptionConfigIndex: 0
+      encryptionConfigs:
+        index0:
+          # EncryptionKey for wallet. Secret-key 'process-wallet-encryption-key0'. Expected format is 256 bit (64 digits) hex.
+          encryptionKey: "deb8261ec7b89c344f1c5ef5a11606e305f14e0d231b1357d90ad0180c5081d3"
+
+  issuermigrations:
+    logging:
+      default: "Debug"
+
+  credentialExpiry:
+    expiry:
+      expiredVcsToDeleteInMonth: 12
+      inactiveVcsToDeleteInWeeks: 12
+    logging:
+      default: "Debug"
+
+  dbConnection:
+    schema: "issuer"
+    sslMode: "Disable"
+
+  postgresql:
+    enabled: true
+    architecture: standalone
+    primary:
+      persistence:
+        enabled: true
+    auth:
+      # -- Non-root username.
+      username: issuer
+      # -- Database name.
+      database: issuer
+      # -- Secret containing the passwords for root usernames postgres and non-root username issuer.
+      # Should not be changed without changing the "issuer-postgresSecretName" template as well.
+      existingSecret: "{{ .Release.Name }}-issuer-postgres"
+      # -- Password for the root username 'postgres'. Secret-key 'postgres-password'.
+      postgrespassword: "rootissuerpassword"
+      # -- Password for the non-root username 'issuer'. Secret-key 'password'.
+      password: "issuerpassword"
+
+  centralidp:
+    # -- Provide centralidp base address (CX IAM), without trailing '/auth'.
+    address: "http://centralidp.tx.test"
+    authRealm: "CX-Central"
+    jwtBearerOptions:
+      requireHttpsMetadata: "false"
+      metadataPath: "/auth/realms/CX-Central/.well-known/openid-configuration"
+      tokenValidationParameters:
+        validIssuerPath: "/auth/realms/CX-Central"
+        validAudience: "Cl24-CX-SSI-CredentialIssuer"
+      refreshInterval: "00:00:30"
+    tokenPath: "/auth/realms/CX-Central/protocol/openid-connect/token"
+    # -- Flag if the api should be used with an leading /auth path
+    useAuthTrail: true
+
+  ingress:
+    enabled: true
+    className: "nginx"
+    annotations:
+      nginx.ingress.kubernetes.io/use-regex: "true"
+      nginx.ingress.kubernetes.io/enable-cors: "true"
+      nginx.ingress.kubernetes.io/proxy-body-size: "8m"
+      nginx.ingress.kubernetes.io/cors-allow-origin: "http://*.tx.test"
+    # -- Ingress TLS configuration
+    tls: []
+      # - secretName: ""
+      #   hosts:
+      #     - ""
+    hosts:
+      - host: "ssi.tx.test"
+        paths:
+          - path: "/"
+            pathType: "Prefix"
+            backend:
+              port: 8080
 # Set up services for a business partner pool, golden record process
 # and a gate with which the Portal and the users can share business partner data
 bpdm: