diff --git a/.github/workflows/helm-test.yml b/.github/workflows/helm-test.yml index b2102d9d..9078d77a 100644 --- a/.github/workflows/helm-test.yml +++ b/.github/workflows/helm-test.yml @@ -76,7 +76,7 @@ jobs: run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }} --config charts/chart-testing-config.yaml - name: Run chart-testing (install) - run: ct install --charts charts/registry --config charts/chart-testing-config.yaml + run: ct install --charts charts/registry --config charts/chart-testing-config.yaml --helm-extra-set-args "--set registry.authentication=false" if: github.event_name != 'pull_request' || steps.list-changed.outputs.changed == 'true' - name: Upload test report diff --git a/charts/registry/Chart.yaml b/charts/registry/Chart.yaml index d2de848c..8c7e691f 100644 --- a/charts/registry/Chart.yaml +++ b/charts/registry/Chart.yaml @@ -26,7 +26,7 @@ sources: - https://github.com/eclipse-tractusx/sldt-digital-twin-registry type: application -version: 0.3.28 +version: 0.3.29 appVersion: 0.3.19 dependencies: diff --git a/charts/registry/config/default-realm-import.json b/charts/registry/config/default-realm-import.json index ead6bcdc..ada109e9 100644 --- a/charts/registry/config/default-realm-import.json +++ b/charts/registry/config/default-realm-import.json @@ -591,129 +591,6 @@ "nodeReRegistrationTimeout" : 0, "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ] - }, { - "id" : "f1c5d623-0c0a-4d33-92b0-adaa9436cb04", - "clientId" : "default-client", - "name" : "", - "description" : "", - "rootUrl" : "", - "adminUrl" : "", - "baseUrl" : "", - "surrogateAuthRequired" : false, - "enabled" : true, - "alwaysDisplayInConsole" : false, - "clientAuthenticatorType" : "client-secret", - "secret" : "wJcfhf5uXynRcAHy5Ua9KAwM4EhsFvC1", - "redirectUris" : [ "http://localhost" ], - "webOrigins" : [ ], - "notBefore" : 0, - "bearerOnly" : false, - "consentRequired" : false, - "standardFlowEnabled" : true, - "implicitFlowEnabled" : true, - "directAccessGrantsEnabled" : true, - "serviceAccountsEnabled" : true, - "authorizationServicesEnabled" : true, - "publicClient" : false, - "frontchannelLogout" : true, - "protocol" : "openid-connect", - "attributes" : { - "oidc.ciba.grant.enabled" : "true", - "client.secret.creation.time" : "1680192891", - "backchannel.logout.session.required" : "true", - "post.logout.redirect.uris" : "+", - "oauth2.device.authorization.grant.enabled" : "true", - "display.on.consent.screen" : "false", - "backchannel.logout.revoke.offline.tokens" : "false" - }, - "authenticationFlowBindingOverrides" : { }, - "fullScopeAllowed" : true, - "nodeReRegistrationTimeout" : -1, - "protocolMappers" : [ { - "id" : "d2482667-e3c9-4cb0-871f-fd00268a0edd", - "name" : "Client Host", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientHost", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientHost", - "jsonType.label" : "String" - } - }, { - "id" : "0a8028dc-37b8-41bd-8532-f2345ef48427", - "name" : "Client ID", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientId", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientId", - "jsonType.label" : "String" - } - }, { - "id" : "c072cc3a-399e-44f8-8186-a330b8123976", - "name" : "Client IP Address", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usersessionmodel-note-mapper", - "consentRequired" : false, - "config" : { - "user.session.note" : "clientAddress", - "userinfo.token.claim" : "true", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "clientAddress", - "jsonType.label" : "String" - } - }, { - "id" : "2ef856d5-53a4-4120-adb6-f8f2d41e1af1", - "name" : "bpn", - "protocol" : "openid-connect", - "protocolMapper" : "oidc-usermodel-attribute-mapper", - "consentRequired" : false, - "config" : { - "aggregate.attrs" : "false", - "userinfo.token.claim" : "true", - "multivalued" : "false", - "user.attribute" : "bpn", - "id.token.claim" : "true", - "access.token.claim" : "true", - "claim.name" : "bpn" - } - } ], - "defaultClientScopes" : [ "web-origins", "acr", "roles", "profile", "email" ], - "optionalClientScopes" : [ "address", "phone", "offline_access", "microprofile-jwt" ], - "authorizationSettings" : { - "allowRemoteResourceManagement" : true, - "policyEnforcementMode" : "ENFORCING", - "resources" : [ { - "name" : "Default Resource", - "type" : "urn:Cl4-CX-DigitalTwin:resources:default", - "ownerManagedAccess" : false, - "attributes" : { }, - "_id" : "d6e665e8-d14b-406c-9af9-1ff54e156e1a", - "uris" : [ "/*" ] - } ], - "policies" : [ { - "id" : "6893fcc4-591e-4f40-96bc-026da34c9a47", - "name" : "Default Permission", - "description" : "A permission that applies to the default resource type", - "type" : "resource", - "logic" : "POSITIVE", - "decisionStrategy" : "UNANIMOUS", - "config" : { - "defaultResourceType" : "urn:Cl4-CX-DigitalTwin:resources:default" - } - } ], - "scopes" : [ ], - "decisionStrategy" : "UNANIMOUS" - } }, { "id" : "18f280c7-2d5a-43ae-a022-5c440b988f15", "clientId" : "realm-management", diff --git a/charts/registry/templates/tests/test-connection.yaml b/charts/registry/templates/tests/test-connection.yaml index 5edb05c9..e946228e 100644 --- a/charts/registry/templates/tests/test-connection.yaml +++ b/charts/registry/templates/tests/test-connection.yaml @@ -37,26 +37,11 @@ spec: - name: test-output mountPath: /tests/output env: - - name: CLIENT_ID - valueFrom: - secretKeyRef: - name: test-credentials - key: clientId - - name: CLIENT_SECRET - valueFrom: - secretKeyRef: - name: test-credentials - key: clientSecret - name: AAS_REGISTRY_API_URL valueFrom: secretKeyRef: name: test-credentials key: aasRegistryUrl - - name: AUTH_SERVER_TOKEN_URL - valueFrom: - secretKeyRef: - name: test-credentials - key: authServerTokenUrl volumes: - name: test-script configMap: diff --git a/charts/registry/templates/tests/test-credentials.yaml b/charts/registry/templates/tests/test-credentials.yaml index 86569221..cf9664a8 100644 --- a/charts/registry/templates/tests/test-credentials.yaml +++ b/charts/registry/templates/tests/test-credentials.yaml @@ -23,7 +23,4 @@ metadata: name: test-credentials type: Opaque data: - clientId: {{ "default-client" | b64enc }} - clientSecret: {{ "wJcfhf5uXynRcAHy5Ua9KAwM4EhsFvC1" | b64enc }} - authServerTokenUrl: {{ "http://registry-keycloak/realms/default-realm/protocol/openid-connect/token" | b64enc }} aasRegistryUrl: {{ printf "http://cx-%s-registry-svc:8080" .Release.Name | b64enc }} diff --git a/charts/registry/templates/tests/test-script-configmap.yaml b/charts/registry/templates/tests/test-script-configmap.yaml index 4c2762f1..186599be 100644 --- a/charts/registry/templates/tests/test-script-configmap.yaml +++ b/charts/registry/templates/tests/test-script-configmap.yaml @@ -40,88 +40,19 @@ data: aas_registry_api_url: "{tavern.env_vars.AAS_REGISTRY_API_URL}" decoded_shell_id: 20062250-6b6e-4eba-bf90-7720ddc855e9 encoded_shell_id: MjAwNjIyNTAtNmI2ZS00ZWJhLWJmOTAtNzcyMGRkYzg1NWU5 - stage_auth.yaml: | - --- - name: Authentication stage - description: - Reusable test stage for authentication - - variables: - auth: - client_id: "{tavern.env_vars.CLIENT_ID}" - client_secret: "{tavern.env_vars.CLIENT_SECRET}" - auth_server_token_url: "{tavern.env_vars.AUTH_SERVER_TOKEN_URL}" - - stages: - - id: request_auth_token - name: Request token - request: - url: "{auth.auth_server_token_url:s}" - headers: - Accept: "*/*" - Content-Type: "application/x-www-form-urlencoded" - data: - grant_type: "client_credentials" - client_id: "{auth.client_id:s}" - client_secret: "{auth.client_secret:s}" - method: POST - response: - status_code: 200 - headers: - content-type: application/json - save: - json: - access_token: access_token test_api.tavern.yaml: | - --- - test_name: Test APIs are protected with authentication - - includes: - - !include common.yaml - - !include stage_auth.yaml - - stages: - - name: Test get shell descriptors without access token - request: - url: "{aas_registry_api_url:s}/api/v3.0/shell-descriptors" - method: GET - response: - status_code: 401 - - - type: ref - id: request_auth_token - - - name: Authenticated request - request: - url: "{aas_registry_api_url:s}/api/v3.0/shell-descriptors" - method: GET - headers: - Content-Type: application/json - Authorization: "Bearer {access_token}" - Edc-Bpn: "default-tenant" - response: - status_code: 200 - headers: - content-type: application/json - - --- test_name: Test create, read, update and delete of a shell descriptor includes: - !include common.yaml - - !include stage_auth.yaml stages: - - type: ref - id: request_auth_token - - name: Create shell descriptor expect success request: url: "{aas_registry_api_url:s}/api/v3.0/shell-descriptors" method: POST headers: Content-Type: application/json - Authorization: "Bearer {access_token}" Edc-Bpn: "default-tenant" json: id: "{decoded_shell_id:s}" @@ -137,7 +68,6 @@ data: method: GET headers: Content-Type: application/json - Authorization: "Bearer {access_token}" Edc-Bpn: "default-tenant" response: status_code: 200 @@ -157,7 +87,6 @@ data: method: PUT headers: Content-Type: application/json - Authorization: "Bearer {access_token}" Edc-Bpn: "default-tenant" json: id: "{decoded_shell_id:s}" @@ -171,7 +100,6 @@ data: method: DELETE headers: Content-Type: application/json - Authorization: "Bearer {access_token}" Edc-Bpn: "default-tenant" response: status_code: 204 diff --git a/charts/registry/values.yaml b/charts/registry/values.yaml index f3a3771b..6172e434 100644 --- a/charts/registry/values.yaml +++ b/charts/registry/values.yaml @@ -23,7 +23,7 @@ enablePostgres: true # enables the default keycloak identity provider # relies on a postgres instance -enableKeycloak: true +enableKeycloak: false registry: image: @@ -104,8 +104,8 @@ keycloak: # database: default-database existingSecret: keycloak-database-credentials auth: - adminUser: admin - adminPassword: "admin" + adminUser: + adminPassword: service: type: ClusterIP extraVolumes: