diff --git a/.github/actions/run-deployment-test/action.yml b/.github/actions/run-deployment-test/action.yml index 1644c6b..5e346df 100644 --- a/.github/actions/run-deployment-test/action.yml +++ b/.github/actions/run-deployment-test/action.yml @@ -89,6 +89,14 @@ runs: --selector=app.kubernetes.io/component=controller \ --timeout=90s + - name: "Install Vault chart" + shell: bash + run: | + helm install vault hashicorp/vault \ + -f system-tests/helm/values-vault-test.yaml \ + --wait -for-jobs --timeout=120s --dependency-update + + - name: Install Runtime shell: bash run: ${{ inputs.helm_command }} diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml index 2bea0f4..8fbaaa0 100644 --- a/.github/workflows/deployment-test.yaml +++ b/.github/workflows/deployment-test.yaml @@ -92,4 +92,4 @@ jobs: # verify management API is reachable as well. # in production scenarios, the Managment API should NEVER be on the same ingress as the public API - curl -X GET --fail -k -L http://localhost/api/management/bpn-directory -H "content-type: application/json" -H "x-api-key: password" -o - \ No newline at end of file + curl -X GET --fail -k -L https://localhost/api/management/bpn-directory -H "content-type: application/json" -H "x-api-key: password" -o - \ No newline at end of file diff --git a/system-tests/helm/values-test.yaml b/system-tests/helm/values-test.yaml index e91e64e..fdc2b97 100644 --- a/system-tests/helm/values-test.yaml +++ b/system-tests/helm/values-test.yaml @@ -18,6 +18,8 @@ ################################################################################# --- +install: + vault: false server: ingresses: - enabled: true @@ -30,19 +32,6 @@ server: enabled: true secretName: "tls-secret" -# we use this to pre-populate the Hashicorp Vault with the database user and password vault: - server: - postStart: - - sh - - -c - - |- - { - sleep 5 - - /bin/vault kv put secret/edc.datasource.didentry.user content=bdrs - - /bin/vault kv put secret/edc.datasource.didentry.password content=password - - /bin/vault kv put secret/mgmt-api-key content=password - } \ No newline at end of file + hashicorp: + url: "http://vault:8200" \ No newline at end of file diff --git a/system-tests/helm/values-vault-test.yaml b/system-tests/helm/values-vault-test.yaml new file mode 100644 index 0000000..13cc072 --- /dev/null +++ b/system-tests/helm/values-vault-test.yaml @@ -0,0 +1,49 @@ +################################################################################# +# Copyright (c) 2024 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0. +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. +# +# SPDX-License-Identifier: Apache-2.0 +################################################################################# + +# this file is intended to provide configuration for a standalone Hashicorp Vault deployment used in a BDRS CI test +--- +injector: + enabled: false +server: + dev: + enabled: true + devRootToken: "root" + postStart: + - sh + - -c + - |- + { + sleep 5 + + /bin/vault kv put secret/edc.datasource.didentry.user content=bdrs + + /bin/vault kv put secret/edc.datasource.didentry.password content=password + + /bin/vault kv put secret/mgmt-api-key content=password + } +hashicorp: + token: "root" + timeout: 30 + healthCheck: + enabled: true + standbyOk: true + paths: + secret: /v1/secret + health: /v1/sys/health \ No newline at end of file