eclipse-tractusx
diff --git a/‎DEPENDENCIES‎
Lines changed: 2 additions & 2 deletions b/‎DEPENDENCIES‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/agent-connector-azure-vault/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/agent-connector-azure-vault/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/agent-connector-azure-vault/README.md‎
Lines changed: 14 additions & 5 deletions b/‎charts/agent-connector-azure-vault/README.md‎
Lines changed: 14 additions & 5 deletions
diff --git a/‎charts/agent-connector-azure-vault/README.md.gotmpl‎
Lines changed: 9 additions & 0 deletions b/‎charts/agent-connector-azure-vault/README.md.gotmpl‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎charts/agent-connector-azure-vault/ci/integration-values.yaml‎
Lines changed: 57 additions & 0 deletions b/‎charts/agent-connector-azure-vault/ci/integration-values.yaml‎
Lines changed: 57 additions & 0 deletions
diff --git a/‎charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/agent-connector-azure-vault/templates/deployment-controlplane.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/agent-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml‎
Lines changed: 2 additions & 2 deletions b/‎charts/agent-connector-azure-vault/templates/tests/test-dataplane-readiness.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/agent-connector-azure-vault/values.yaml‎
Lines changed: 3 additions & 4 deletions b/‎charts/agent-connector-azure-vault/values.yaml‎
Lines changed: 3 additions & 4 deletions
diff --git a/‎charts/agent-connector-memory/Chart.yaml‎
Lines changed: 1 addition & 1 deletion b/‎charts/agent-connector-memory/Chart.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/agent-connector-memory/README.md‎
Lines changed: 22 additions & 5 deletions b/‎charts/agent-connector-memory/README.md‎
Lines changed: 22 additions & 5 deletions
@@ -213,8 +213,8 @@ maven/mavencentral/org.eclipse.jetty/jetty-servlet/11.0.15, EPL-2.0 OR Apache-2.
 maven/mavencentral/org.eclipse.jetty/jetty-util/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-webapp/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
 maven/mavencentral/org.eclipse.jetty/jetty-xml/11.0.15, EPL-2.0 OR Apache-2.0, approved, rt.jetty
-maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.9.5-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
-maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.9.5-SNAPSHOT, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.agents.edc.agent-plane/agent-plane-protocol/1.9.5-20230831.070321-5, Apache-2.0, approved, automotive.tractusx
+maven/mavencentral/org.eclipse.tractusx.edc/auth-jwt/1.9.5-20230831.070252-7, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.edc/core-spi/0.5.0, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-azure-vault/0.5.0, Apache-2.0, approved, automotive.tractusx
 maven/mavencentral/org.eclipse.tractusx.edc/edc-dataplane-base/0.5.0, Apache-2.0, approved, automotive.tractusx
 
@@ -42,7 +42,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.9.7-SNAPSHOT
+version: 1.9.8-SNAPSHOT
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 
@@ -20,7 +20,7 @@
 
 # agent-connector-azure-vault
 
-![Version: 1.9.7-SNAPSHOT](https://img.shields.io/badge/Version-1.9.7--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.5-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square)
+![Version: 1.9.8-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.5-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square)
 
 A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector configured against Azure Vault. This is a variant of [the Tractus-X Azure Vault Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-azure-vault) which allows
 to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
@@ -46,6 +46,15 @@ You should set your BPNL in the folloing property:
 - 'vault.azure.tenant': Id of the subscription that the vault runs into
 - 'vault.azure.secret' or 'vault.azure.certificate': the secret/credential to use when interacting with Azure Vault
 
+### Setting up the transfer token encryption
+
+Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
+you should setup a private/public certificate as well as a symmetric AES key.
+
+- 'vault.secretNames.transferProxyTokenSignerPrivateKey':
+- 'vault.secretNames.transferProxyTokenSignerPublicKey':
+- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
+
 ## Setting up SSI
 
 ### Preconditions
@@ -103,7 +112,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
 
 ```shell
 helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1.9.7-SNAPSHOT\
+helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1.9.8-SNAPSHOT\
      -f <path-to>/tractusx-connector-azure-vault-test.yaml \
      --set vault.azure.name=$AZURE_VAULT_NAME \
      --set vault.azure.client=$AZURE_CLIENT_ID \
@@ -222,7 +231,7 @@ helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1
 | controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
 | controlplane.ssi.miw.url | string | `""` | MIW URL |
 | controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
+| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. |
 | controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
 | controlplane.tolerations | list | `[]` |  |
 | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
@@ -344,7 +353,7 @@ helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1
 | networkPolicy.dataplane.from | list | `[{"namespaceSelector":{}}]` | Specify from rule network policy for dp (defaults to all namespaces) |
 | networkPolicy.enabled | bool | `false` | If `true` network policy will be created to restrict access to control- and dataplane |
 | participant.id | string | `""` | BPN Number |
-| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
+| postgresql | object | `{"auth":{"database":"edc","password":"password","username":"user"},"jdbcUrl":"jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc","primary":{"persistence":{"enabled":false}},"readReplicas":{"persistence":{"enabled":false}}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
 | serviceAccount.annotations | object | `{}` |  |
 | serviceAccount.create | bool | `true` |  |
 | serviceAccount.imagePullSecrets | list | `[]` | Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) |
@@ -356,7 +365,7 @@ helm install my-release eclipse-tractusx/agent-connector-azure-vault --version 1
 | vault.azure.name | string | `""` |  |
 | vault.azure.secret | string | `nil` |  |
 | vault.azure.tenant | string | `""` |  |
-| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `"transfer-proxy-token-encryption-aes-key"` |  |
+| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` |  |
 | vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` |  |
 | vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` |  |
 
 
@@ -44,6 +44,15 @@ You should set your BPNL in the folloing property:
 - 'vault.azure.tenant': Id of the subscription that the vault runs into
 - 'vault.azure.secret' or 'vault.azure.certificate': the secret/credential to use when interacting with Azure Vault
 
+### Setting up the transfer token encryption
+
+Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
+you should setup a private/public certificate as well as a symmetric AES key.
+ 
+- 'vault.secretNames.transferProxyTokenSignerPrivateKey': 
+- 'vault.secretNames.transferProxyTokenSignerPublicKey':
+- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
+
 ## Setting up SSI
 
 ### Preconditions
 
@@ -0,0 +1,57 @@
+#
+#  Copyright (c) 2023 T-Systems International GmbH
+#  Copyright (c) 2023 ZF Friedrichshafen AG
+#  Copyright (c) 2023 Mercedes-Benz Tech Innovation GmbH
+#  Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG)
+#  Copyright (c) 2021, 2023 Contributors to the Eclipse Foundation
+#
+#  See the NOTICE file(s) distributed with this work for additional
+#  information regarding copyright ownership.
+#
+#  This program and the accompanying materials are made available under the
+#  terms of the Apache License, Version 2.0 which is available at
+#  https://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+#
+#  SPDX-License-Identifier: Apache-2.0
+#
+
+install:
+  postgresql: true
+
+controlplane:
+  endpoints:
+    management:
+      authKey: "bla"
+  ssi:
+    miw:
+      url: "https://managed-identity-wallets.int"
+      authorityId: "BPNL0000000DUMMY"
+    oauth:
+      tokenurl: "https://keycloak/auth/realms/REALM/protocol/openid-connect/token"
+      client:
+        id: "serviceaccount"
+        secretAlias: "miw-secret"
+
+vault:
+  azure:
+    name: "AZURE_NAME"
+    tenant: "AZURE_TENANT"
+    client: "AZURE_CLIENT"
+    secret: "AZURE_SECRET"
+  hashicorp:
+    url: "https://vault.demo"
+    token: "VAULT_TOKEN"
+    paths:
+      secret: "/v1/secrets"
+  secretNames:
+    transferProxyTokenSignerPrivateKey: "key"
+    transferProxyTokenSignerPublicKey: "cert"
+    transferProxyTokenEncryptionAesKey: "symmetric-key"
+participant:
+  id: "BPNL0000000DUMMY"
@@ -176,7 +176,7 @@ spec:
             - name: "EDC_DATASOURCE_ASSET_PASSWORD"
               value: {{ .Values.postgresql.auth.password | required ".Values.postgresql.auth.password is required" | quote }}
             - name: "EDC_DATASOURCE_ASSET_URL"
-              value: {{ .Values.postgresql.jdbcUrl | quote }}
+              value: {{ tpl .Values.postgresql.jdbcUrl . | quote }}
 
             # see extension https://github.com/eclipse-edc/Connector/tree/main/extensions/control-plane/store/sql/contract-definition-store-sql
             - name: "EDC_DATASOURCE_CONTRACTDEFINITION_NAME"
 
@@ -19,7 +19,7 @@
 {{- $root := . -}}
 {{- $allcommands := (dict "commands" (list)) -}}
 {{- range $dataplane_name, $dataplane := .Values.dataplanes -}}
-{{- printf "curl http://%s-%s:%v%s/check/readiness" $dataplane.name (include "txdc.fullname" $root ) $dataplane.endpoints.default.port $dataplane.endpoints.default.path  | append $allcommands.commands | set $allcommands "commands" -}}
+{{- printf "curl http://%s-%s:%v%s/check/readiness" (include "txdc.fullname" $root ) $dataplane.name $dataplane.endpoints.default.port $dataplane.endpoints.default.path  | append $allcommands.commands | set $allcommands "commands" -}}
 {{- end }}
 
 ---
@@ -36,6 +36,6 @@ spec:
   containers:
     - name: wget
       image: curlimages/curl
-      command: [ '/bin/bash','-c' ]
+      command: [ '/bin/sh','-c' ]
       args: [ {{ join "&&" $allcommands.commands | quote }} ]
   restartPolicy: Never
@@ -134,7 +134,7 @@ controlplane:
         # -- The client ID for KeyCloak
         id: ""
         # -- The alias under which the client secret is stored in the vault.
-        secretAlias: "client-secret"
+        secretAlias: ""
 
   service:
     # -- [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) to expose the running application on a set of Pods as a network service.
@@ -561,7 +561,7 @@ dataplanes:
 
 # -- Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden
 postgresql:
-  jdbcUrl: "jdbc:postgresql://postgresql:5432/edc"
+  jdbcUrl: "jdbc:postgresql://{{ .Release.Name }}-postgresql:5432/edc"
   primary:
     persistence:
       enabled: false
@@ -579,11 +579,10 @@ vault:
     tenant: ""
     secret:
     certificate:
-
   secretNames:
     transferProxyTokenSignerPrivateKey:
     transferProxyTokenSignerPublicKey:
-    transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key
+    transferProxyTokenEncryptionAesKey:
 
 backendService:
   httpProxyTokenReceiverUrl: ""
 
@@ -42,7 +42,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.9.7-SNAPSHOT
+version: 1.9.8-SNAPSHOT
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 
@@ -20,7 +20,7 @@
 
 # agent-connector-memory
 
-![Version: 1.9.7-SNAPSHOT](https://img.shields.io/badge/Version-1.9.7--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.5-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square)
+![Version: 1.9.8-SNAPSHOT](https://img.shields.io/badge/Version-1.9.8--SNAPSHOT-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.5-SNAPSHOT](https://img.shields.io/badge/AppVersion-1.9.5--SNAPSHOT-informational?style=flat-square)
 
 A Helm chart for an Agent-Enabled Tractus-X Eclipse Data Space Connector using In-Memory Persistence. This is a variant of [the Tractus-X In-Memory Connector Helm Chart](https://github.com/eclipse-tractusx/tractusx-edc/tree/main/charts/tractusx-connector-memory) which allows
 to deal with several data (and agent) planes. The connector deployment consists of at least two runtime consists of a
@@ -40,9 +40,19 @@ You should set your BPNL in the folloing property:
 
 ## Setting up Hashicorp Vault
 
-You should set your BPNL in the folloing property:
+You should set configure access to required secrets as follows:
 - 'vault.hashicorp.url': URL of the vault API
 - 'vault.hashicorp.token': A valid, generated access token.
+- 'vault.hashicorp.paths.secret': Api path to the folder hosting the secrets (usually prepended with /v1)
+
+### Setting up the transfer token encryption
+
+Transfer tokens handed out from the provider to the consumer should be signed and encrypted. For that purpose
+you should setup a private/public certificate as well as a symmetric AES key.
+
+- 'vault.secretNames.transferProxyTokenSignerPrivateKey':
+- 'vault.secretNames.transferProxyTokenSignerPublicKey':
+- 'vault.secretNames.transferProxyTokenEncryptionAesKey':
 
 ## Setting up SSI
 
@@ -98,7 +108,7 @@ Combined, run this shell command to start the in-memory Tractus-X EDC runtime:
 
 ```shell
 helm repo add eclipse-tractusx https://eclipse-tractusx.github.io/charts/dev
-helm install my-release eclipse-tractusx/agent-connector --version 1.9.7-SNAPSHOT
+helm install my-release eclipse-tractusx/agent-connector --version 1.9.8-SNAPSHOT
 ```
 
 ## Maintainers
@@ -212,7 +222,7 @@ helm install my-release eclipse-tractusx/agent-connector --version 1.9.7-SNAPSHO
 | controlplane.ssi.miw.authorityId | string | `""` | The BPN of the issuer authority |
 | controlplane.ssi.miw.url | string | `""` | MIW URL |
 | controlplane.ssi.oauth.client.id | string | `""` | The client ID for KeyCloak |
-| controlplane.ssi.oauth.client.secretAlias | string | `"client-secret"` | The alias under which the client secret is stored in the vault. |
+| controlplane.ssi.oauth.client.secretAlias | string | `""` | The alias under which the client secret is stored in the vault. |
 | controlplane.ssi.oauth.tokenurl | string | `""` | The URL (of KeyCloak), where access tokens can be obtained |
 | controlplane.tolerations | list | `[]` |  |
 | controlplane.url.protocol | string | `""` | Explicitly declared url for reaching the dsp api (e.g. if ingresses not used) |
@@ -340,7 +350,14 @@ helm install my-release eclipse-tractusx/agent-connector --version 1.9.7-SNAPSHO
 | serviceAccount.name | string | `""` |  |
 | tests | object | `{"hookDeletePolicy":"before-hook-creation,hook-succeeded"}` | Configurations for Helm tests |
 | tests.hookDeletePolicy | string | `"before-hook-creation,hook-succeeded"` | Configure the hook-delete-policy for Helm tests |
-| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":"transfer-proxy-token-encryption-aes-key","transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
+| vault | object | `{"hashicorp":{"healthCheck":{"enabled":true,"standbyOk":true},"paths":{"health":"/v1/sys/health","secret":"/v1/secret"},"timeout":30,"token":"","url":"http://{{ .Release.Name }}-vault:8200"},"injector":{"enabled":false},"secretNames":{"transferProxyTokenEncryptionAesKey":null,"transferProxyTokenSignerPrivateKey":null,"transferProxyTokenSignerPublicKey":null},"server":{"dev":{"devRootToken":"root","enabled":true},"postStart":null}}` | Standard settings for persistence, "jdbcUrl", "username" and "password" need to be overridden |
+| vault.hashicorp.paths.health | string | `"/v1/sys/health"` | Default health api |
+| vault.hashicorp.paths.secret | string | `"/v1/secret"` | Path to secrets needs to be changed if install.vault=false |
+| vault.hashicorp.token | string | `""` | Access token to the vault service needs to be changed if install.vault=false |
+| vault.hashicorp.url | string | `"http://{{ .Release.Name }}-vault:8200"` | URL to the vault service, needs to be changed if install.vault=false |
+| vault.secretNames.transferProxyTokenEncryptionAesKey | string | `nil` | encrypt handed out tokens with this symmetric key |
+| vault.secretNames.transferProxyTokenSignerPrivateKey | string | `nil` | sign handed out tokens with this key |
+| vault.secretNames.transferProxyTokenSignerPublicKey | string | `nil` | sign handed out tokens with this certificate |
 
 ----------------------------------------------
 Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0)