diff --git a/.github/actions/run-deployment-test/action.yml b/.github/actions/run-deployment-test/action.yml index acd430d49..fafff52b2 100644 --- a/.github/actions/run-deployment-test/action.yml +++ b/.github/actions/run-deployment-test/action.yml @@ -69,6 +69,11 @@ runs: ################################################### # Install the test infrastructure ################################################### + - name: "Generate test credentials" + shell: bash + run: |- + sh -c "edc-tests/deployment/src/main/resources/prepare-test.sh \ + edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml" - name: Install Infrastructure shell: bash run: |- diff --git a/.github/workflows/deploy-test-secrets b/.github/workflows/deploy-test-secrets deleted file mode 100644 index 8fa03fbc5..000000000 --- a/.github/workflows/deploy-test-secrets +++ /dev/null @@ -1,51 +0,0 @@ -daps-key:-----BEGIN PRIVATE KEY----- -MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDBqOWHLtR/pXk/ -tQ2Zvl9IvS4ku3UQh6oS4sxNzwnpWECC/tYa1EmJnJIgV9BUFzCLM7QL6nPIddj3 -nsckoVaG6KIAKY7U0E5C4XlMJ79f0wdQ58rWXnaYO7rNeFWk9GfxljsIG6X/3hZv -9JLT5InqiCR0HyfAj77cRPXrpa6/VpJ0YoBzZ1qx5DVidq588vbOJVAN8+HnX71V -Qby27AavBqAWtrAOTkWRkHtn6c9nRamYs3ZD6hVEVpKANG5xPHp6Myza0xIrMkgm -MhXOAdEhQvI9IxLcCXAe5vcXBmnZOteiVzMMlYv5cht8d/Dooo1YZHzT9EzjnsCE -3MCl3QZhAgMBAAECggEBAKR/RphRWwciE5/dtrPFVUKAD1X8NS/ZTMnGBCyDlLO0 -1vduZ4dakyxk5mq6rKcBG6biQClu+PJpx+Zt5FJlCQ6HRDRHGKAEYLXGuDXL/W7z -3d8HRPBaRPqCoeYuNPFs+W3oYjQ86AAzMXPfl2iNU+j3w58vZ6DVeRW5LfsAPTMg -Z8Sooa1jD2a/7uDN4lC0FGkTWif//Dio5tbijqeG8xqBnS8iKi4hgxcQA9azd0KB -6uwvbX/izq4sVR2ZjxtT9WPX1cpOcXjUZBM9px9eAwLPmsM/AUAOHkKkd1DPYLjX -yyB0qvz+LmUQdJv11yGagsW7lrrvsBsro4ZMp0Ot1wECgYEA5j2XFCKNUcX/8OFm -8E9q6DXyrd9T3rMxPYWR9nRwV0upN9Zd9mnvOKnl5MYQSgP0XJgwwyHawmG3wIcx -0puf3uWi2lSpt6aafMCW6JEJbK/49XSPAjrptwkZUcCT3XJv1tMZuXzhv/p4t24o -hw9/EtzVxK7thGGZD6sDsQtbOlkCgYEA11OUofuD1VWN5YwFciPv0RhyfDyYYK7e -nPMXEoiBMQJnGkp3eaUzUgej/V93VtJcg9h0Tqn6NpI4rWUfUdi5ihZ6+hcvUIO4 -Roh+Oxpmu0yBfuBo7Uwf5XMpoQu74Z+cr24Pv32YtEUshUZidMuvOMaBXNJGlKiG -DjbCUV0CG0kCgYAVHvlJA5JrOfqsokDLMr3f53MHuED9YPrXZfVp4myb1XkEgknE -XRtw20UXo4PDBnHYPK3ceLKUuloc80oCw/v6ep5h4PpguovZfeFaHFP9AHeaLMMh -tT3TaKZF9aCa4/CWiG8HsQkUj2mbiiN1oFpL5K5HiLSJPFrKMSn5h80qoQKBgQC2 -obt1UEDXFwONaJ/N2dE0RkoEOdj8WBWUhVJSc9kv2lvcnsCLOqU2tChRZUFxMGcr -pNGxTtZcptTPrO9NmkZ0avDPYg7NeYs4t9hpBNGRlyhWlrwoWOLM2Eq8v5kRmzFo -Ui+lOT/l1q4WNEaZzZDG1Qcv1WHsAKwDLkrOe9ankQKBgQDM1fdqraKN2lCkDSPU -/Uw5nmFA7gNJQ9ta6CVITlDMWFb+e2OcDK7pKT1iEhJAfGndtQ0lwK6I5VDDxhXY -DGcU2UIWMAiJOZILDVjkny9brrIQ/fTwZps2qWNJ0bmYsmwPCe9QskNWz8sYAY6p -eBB+WUqNNqBb25p2CmcwqoT7Tg== ------END PRIVATE KEY-----;daps-crt:-----BEGIN CERTIFICATE----- -MIIEAzCCAuugAwIBAgIULy0aTdGiGkyvVp7l5Ccoq7DQREgwDQYJKoZIhvcNAQEL -BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl -cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0 -bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ -TjEyMzQwHhcNMjMwNDI2MTI1OTE5WhcNMzMwNDIzMTI1OTE5WjCBkDELMAkGA1UE -BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK -DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD -DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ -KoZIhvcNAQEBBQADggEPADCCAQoCggEBALCr0h3vT5kNnwWhAmGRvEEo38nKyiXB -Gx0GlepYToKklMgtGIX25OkOrXJqq4BzybxN27DoWvU9DEixylkCbhwmwmpI3IhF -8w6cV/odaYdQ3tEeZ6zWYXqKx+MVWTHQ8A4Njy64PWNDWBZmaGvxeE48i7EJnnrM -M5CGDAKbA/Jd1nlFxaq9hGiaCHa2kCNKdfrJ6ZUda5rPlLJk5at3VPxvRIpT50Gp -3P4PtdwpwIHwa7y1xTBc43bEfcD1lmR9VkkxCX8lg4V1OBLx1GVwoUZBkN8P4POT -t+gQq7FbDbBEeOSmKELC3Tc8D8JCGv94sEg6o+4yzgpvyIvMyV8uGcECAwEAAaNT -MFEwHQYDVR0OBBYEFIxEsuJTl+5V8vTCUhMGhWsmdQShMB8GA1UdIwQYMBaAFIxE -suJTl+5V8vTCUhMGhWsmdQShMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggEBAJHOKmFNZDk5xebzBARgcIrYrmRb5pIU4gNCWh/q1TF0+CFnnK8RTFTZ -12pTbid6v5knn/f9bsilnudhxBzBQ4bukiI8Be0nzYfZU2dTU+w1cl/JnJfkGirt -8Nwqv3fiUXfFBl8nE0RduAk9XF/UBIZXPapE6u1zR29jvuV+ppmhQrFFeJufeBGd -Wwn6XGK4fzENGDyjdk4QB/dg3/heM5h330vIGO4hVvlQBfJhNbC7Iikkr5ulytfd -deuZIfa7hG6WgIgGhg3YL1p/TTpJamBDS860PWyI7RH3o53VPphu/y2Rpud5AECV -xcrqaSGUTZPVyTUB8BxE32LqFDbpZb4= ------END CERTIFICATE----- \ No newline at end of file diff --git a/.github/workflows/deployment-test.yaml b/.github/workflows/deployment-test.yaml index f4c52abc3..5ecd32e1c 100644 --- a/.github/workflows/deployment-test.yaml +++ b/.github/workflows/deployment-test.yaml @@ -82,7 +82,7 @@ jobs: helm_command: |- helm install tx-inmem charts/tractusx-connector-memory \ -f charts/tractusx-connector-memory/example.yaml \ - --set vault.secrets="$(cat ./.github/workflows/deploy-test-secrets)" \ + --set vault.secrets="daps-crt:$(cat daps.cert);daps-key:$(cat daps.key)" \ --wait-for-jobs --timeout=120s # wait for the pod to become ready @@ -123,12 +123,20 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3.3.0 + - uses: Azure/login@v1 + with: + creds: '{"clientId":"${{ secrets.AZURE_CLIENT_ID }}","clientSecret":"${{ secrets.AZURE_CLIENT_SECRET }}","tenantId":"${{ secrets.AZURE_TENANT_ID }}"}' + allow-no-subscriptions: true - uses: ./.github/actions/run-deployment-test name: "Run deployment test using KinD and Helm" with: imagename: "edc-controlplane-postgresql-azure-vault edc-dataplane-azure-vault" rootDir: "." helm_command: |- + az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name daps-crt --value "$(cat daps.cert)" > /dev/null + az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name daps-key --value "$(cat daps.key)" > /dev/null + az keyvault secret set --vault-name ${{ secrets.AZURE_VAULT_NAME }} --name aes-keys --value "$(cat aes.key)" > /dev/null + helm install tx-prod charts/tractusx-connector-azure-vault \ -f edc-tests/deployment/src/main/resources/helm/tractusx-connector-azure-vault-test.yaml \ --dependency-update \ diff --git a/edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml b/edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml index 9a48a1047..c7db37ef2 100644 --- a/edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml +++ b/edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml @@ -5,12 +5,9 @@ fullnameOverride: "" nameOverride: "" - # -- Existing image pull secret to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] - customLabels: {} - runtime: controlplane: image: @@ -214,17 +211,16 @@ runtime: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: [] # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m # memory: 128Mi replicaCount: 1 autoscaling: @@ -250,18 +246,15 @@ runtime: java.util.logging.ConsoleHandler.formatter=java.util.logging.SimpleFormatter java.util.logging.ConsoleHandler.level=ALL java.util.logging.SimpleFormatter.format=[%1$tY-%1$tm-%1$td %1$tH:%1$tM:%1$tS] [%4$-7s] %5$s%6$s%n - # [node selector](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) to constrain pods to nodes nodeSelector: {} # [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) to configure preferred nodes tolerations: [] # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} - url: # -- Explicitly declared url for reaching the ids api (e.g. if ingresses not used) ids: "" - dataplane: image: # -- Which derivate of the data plane to use. when left empty the deployment will select the correct image automatically @@ -415,17 +408,16 @@ runtime: # -- [volume](https://kubernetes.io/docs/concepts/storage/volumes/) directories volumes: [] # -- [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the container - resources: - {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m # memory: 128Mi replicaCount: 1 autoscaling: @@ -457,17 +449,14 @@ runtime: tolerations: [] # [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) to configure which nodes the pods can be scheduled on affinity: {} - url: # -- Explicitly declared url for reaching the public api (e.g. if ingresses not used) public: "" - postgresql: enabled: false jdbcUrl: "" username: "" password: "" - vault: hashicorp: enabled: true @@ -486,17 +475,14 @@ runtime: transferProxyTokenEncryptionAesKey: transfer-proxy-token-encryption-aes-key dapsPrivateKey: daps-private-key dapsPublicKey: daps-public-key - daps: url: "" clientId: "" paths: jwks: /jwks.json token: /token - backendService: httpProxyTokenReceiverUrl: "" - serviceAccount: # Specifies whether a service account should be created create: true @@ -507,8 +493,6 @@ runtime: name: "" # -- Existing image pull secret bound to the service account to use to [obtain the container image from private registries](https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry) imagePullSecrets: [] - - ######## # DAPS # ######## @@ -520,34 +504,7 @@ idsdaps: attributes: referringConnector: http://sokrates-controlplane/BPNSOKRATES # Must be the same certificate that is stores in section 'sokrates-vault' - certificate: |- - -----BEGIN CERTIFICATE----- - MIIEAzCCAuugAwIBAgIUXFgjbN7jxGRUDkoUvEwcN3zcew8wDQYJKoZIhvcNAQEL - BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl - cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0 - bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ - TjEyMzQwHhcNMjIwNTEwMDc1NzMzWhcNMjMwNTEwMDc1NzMzWjCBkDELMAkGA1UE - BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK - DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD - DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ - KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/41S8rumkk+IzBk9pBDETvjlPmlXfw - 78yRrLmbzaed3kGgygJ2GFFPLcR/Lv0WG8F8au4UEssbOxAU4RRjncCVt66ajaCa - llIqMlH8zaJ8rgxNpGeJU5YvmYRxlIo+Gwi0qnF0tqJh8Hry7OqSo0gK2YBBFJyV - grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21 - PInqLniMaFlSnRYzCrUaja6HMmzKA+ZPZ1r9lllzsE00RASxRIxlKkwfzTtMb9O6 - ey2i2vM7hKGGlXjNsnYVX9WXEfvK4JrCadHzgX8qdez19RxFKtB+5gECAwEAAaNT - MFEwHQYDVR0OBBYEFOcHLXRWZjHwexDqtgMGTCN/7aZlMB8GA1UdIwQYMBaAFOcH - LXRWZjHwexDqtgMGTCN/7aZlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL - BQADggEBAD2a5kuIdICNXfYLpSe7AIONwZVucaArYtpXBxHEy5lMJsTEJgjZzypd - iIMU7onEQGVbii6yVNpWfIpJYM4e8ytVdJuk5evclVKZs/lZ2IshLyWFVj+ITh2E - 28X4C/Hnmt4MPBCNowQf71nMp4LEziBgXp54qFV9C+qSTEVdrherRE0PU/zKyX10 - S/P5o42weTHnAO/pBN/8AmL3AymynKVgcPaW46IjjRAuc6kfZWCrYQ0M4+/7Ws5r - uM55Zae/L+C82OTNNaaK324ogsCkORPeQ23OCrRD8rZJmQ9bpoOGglPminfwEOhB - UHtyKgmvqCyOV3G/4G93W/xsLV0kxLA= - -----END CERTIFICATE----- - - - + certificate: |- # must be set externally! ############## # POSTGRESQL # ############## @@ -563,7 +520,6 @@ postgresql: database: "edc" username: "user" password: "password" - ######### # VAULT # ######### @@ -576,74 +532,4 @@ vault: enabled: true devRootToken: "root" # Must be the same certificate that is configured in section 'ids-daps' - postStart: - - "sh" - - "-c" - - | - { - - sleep 5 - - /bin/vault kv put secret/sokrates/data-encryption-aes-keys content=OcvxzWCK8ETSjt1jmZw3RA== - - cat << EOF | /bin/vault kv put secret/daps-key content=- - -----BEGIN PRIVATE KEY----- - MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCv+NUvK7ppJPiM - wZPaQQxE745T5pV38O/Mkay5m82nnd5BoMoCdhhRTy3Efy79FhvBfGruFBLLGzsQ - FOEUY53Albeumo2gmpZSKjJR/M2ifK4MTaRniVOWL5mEcZSKPhsItKpxdLaiYfB6 - 8uzqkqNICtmAQRSclYKzLBM9xHLEtxDWCbnzYFCHoOELGi+PTNIFsUnsT3QuKaJ/ - ejb47vdA/EZbwCQdtTyJ6i54jGhZUp0WMwq1Go2uhzJsygPmT2da/ZZZc7BNNEQE - sUSMZSpMH807TG/TunstotrzO4ShhpV4zbJ2FV/VlxH7yuCawmnR84F/KnXs9fUc - RSrQfuYBAgMBAAECggEAO+KjsjTgcG3bhBNQnMLsSP15Y0Yicbn18ZlVvaivGS7Z - d14fwSytY+ZdPfTGaey/L16HCVSdfK9cr0Fbw9OO2P5ajzobnp9dLsMbctlkpbpm - hNtbarzKTF8QkIkSsuUl0BWjt46vpJ1N+Jl5VO7oUFkY4dPEDvG2lAEY3zlekWDm - cQeOC/YgpoW4xfRwPPS6QE0w3Q+H5NfNjfz+mSHeItTlVfTKDRliWQLPWeRZFuXh - FlRFUQnTmEE/9wpIe3Hn7WXJ3fQqcYDzxU7/zwwY9I7bB15SgVHlR0ENDPAD5X8F - MVZ3EcLlqGBy+WvTWALp6pc8YfhW3fiTWyuamXtNrQKBgQDonsIzBKEOOKdKGW0e - uyw79ErmnmzkY5nuMrMxrmTA4WKCfJ/YRRA+4sxiltWsIJ3UkHe3OBCSSCdj79hb - ugb/+UzE70hOdgrct2NUQqbrj3gvsVvU8ZRQgTRMqKpmC0zY7KOMx6NU85z3IvS1 - z5fjszcUv4kLQlldYGSAuqPy+wKBgQDBqIkc8p/wcw7ygo1q/GerNeszfoxiIFp8 - h4RWLVhkwrcXFz30wBlUWuv5/kxU8tmJcmXxe72EmUstd6wvNOAnYwCiile6zQiJ - vsr1axavZnGOtNGUp6DUAsd2iviBl7IZ7kAcqCrQo4ivGhfHmahH3hmg8wuAMjYB - 8f+FSPgaMwKBgQC7W4tMrjDOFIFhJEOIWfcRvvxI7VcFSNelS76aiDzsQVwnfxr7 - hPzFucQmsBgfUBHvMADMWGK4f1cCnh5kGtwidXgIsjVJxLeQ+EAPkLOCzQZfW3l8 - dKshgD9QcxTzpaxal5ZPAEikVqaZQtVYToCmzCTUGETYBbOWitnH+Qut2wKBgQC6 - Y6DcSLUhc0xOotLDxv1sbu/aVxF8nFEbDD+Vxf0Otc4MnmUWPRHj+8KlkVkcZcR0 - IrP1kThd+EDAGS+TG9wmbIY+6tH3S8HM+eJUBWcHGJ1xUZ1p61DC3Y3nDWiTKlLT - 3Fi+fCkBOHSku4Npq/2odh7Kp0JJd4o9oxJg0VNhuwKBgQDSFn7dqFE0Xmwc40Vr - 0wJH8cPWXKGt7KJENpj894buk2DniLD4w2x874dzTjrOFi6fKxEzbBNA9Rq9UPo8 - u9gKvl/IyWmV0c4zFCNMjRwVdnkMEte/lXcJZ67T4FXZByqAZlhrr/v0FD442Z9B - AjWFbUiBCFOo+gpAFcQGrkOQHA== - -----END PRIVATE KEY----- - EOF - - cat << EOF | /bin/vault kv put secret/daps-crt content=- - -----BEGIN CERTIFICATE----- - MIIEAzCCAuugAwIBAgIUXFgjbN7jxGRUDkoUvEwcN3zcew8wDQYJKoZIhvcNAQEL - BQAwgZAxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl - cmxpbjEMMAoGA1UECgwDQk1XMSAwHgYDVQQLDBdlZGMtcGxheWdyb3VuZC1wYXJ0 - bmVyMTEvMC0GA1UEAwwmc29rcmF0ZXMtZWRjLmRlbW8uY2F0ZW5hLXgubmV0L0JQ - TjEyMzQwHhcNMjIwNTEwMDc1NzMzWhcNMjMwNTEwMDc1NzMzWjCBkDELMAkGA1UE - BhMCREUxDzANBgNVBAgMBkJlcmxpbjEPMA0GA1UEBwwGQmVybGluMQwwCgYDVQQK - DANCTVcxIDAeBgNVBAsMF2VkYy1wbGF5Z3JvdW5kLXBhcnRuZXIxMS8wLQYDVQQD - DCZzb2tyYXRlcy1lZGMuZGVtby5jYXRlbmEteC5uZXQvQlBOMTIzNDCCASIwDQYJ - KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/41S8rumkk+IzBk9pBDETvjlPmlXfw - 78yRrLmbzaed3kGgygJ2GFFPLcR/Lv0WG8F8au4UEssbOxAU4RRjncCVt66ajaCa - llIqMlH8zaJ8rgxNpGeJU5YvmYRxlIo+Gwi0qnF0tqJh8Hry7OqSo0gK2YBBFJyV - grMsEz3EcsS3ENYJufNgUIeg4QsaL49M0gWxSexPdC4pon96Nvju90D8RlvAJB21 - PInqLniMaFlSnRYzCrUaja6HMmzKA+ZPZ1r9lllzsE00RASxRIxlKkwfzTtMb9O6 - ey2i2vM7hKGGlXjNsnYVX9WXEfvK4JrCadHzgX8qdez19RxFKtB+5gECAwEAAaNT - MFEwHQYDVR0OBBYEFOcHLXRWZjHwexDqtgMGTCN/7aZlMB8GA1UdIwQYMBaAFOcH - LXRWZjHwexDqtgMGTCN/7aZlMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL - BQADggEBAD2a5kuIdICNXfYLpSe7AIONwZVucaArYtpXBxHEy5lMJsTEJgjZzypd - iIMU7onEQGVbii6yVNpWfIpJYM4e8ytVdJuk5evclVKZs/lZ2IshLyWFVj+ITh2E - 28X4C/Hnmt4MPBCNowQf71nMp4LEziBgXp54qFV9C+qSTEVdrherRE0PU/zKyX10 - S/P5o42weTHnAO/pBN/8AmL3AymynKVgcPaW46IjjRAuc6kfZWCrYQ0M4+/7Ws5r - uM55Zae/L+C82OTNNaaK324ogsCkORPeQ23OCrRD8rZJmQ9bpoOGglPminfwEOhB - UHtyKgmvqCyOV3G/4G93W/xsLV0kxLA= - -----END CERTIFICATE----- - EOF - - /bin/vault kv put secret/aes-keys content=OcvxzWCK8ETSjt1jmZw3RA== - - } + postStart: # must be set externally! diff --git a/edc-tests/deployment/src/main/resources/prepare-test.sh b/edc-tests/deployment/src/main/resources/prepare-test.sh new file mode 100755 index 000000000..51306abc8 --- /dev/null +++ b/edc-tests/deployment/src/main/resources/prepare-test.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# +# Copyright (c) 2023 Bayerische Motoren Werke Aktiengesellschaft (BMW AG) +# +# This program and the accompanying materials are made available under the +# terms of the Apache License, Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# +# Contributors: +# Bayerische Motoren Werke Aktiengesellschaft (BMW AG) - initial API and implementation +# +# + +set -euo pipefail + +if [ "$#" -lt 1 ]; then + echo "usage prepare-test.sh PATH_TO_YAML" + echo "" + echo "Please provide the path to the YAML file, which contains the config for the test infrastructure! In most cases + this will be edc-tests/deployment/src/main/resources/helm/test-infrastructure/values.yaml" + exit 42 +fi + +VALUES_FILE=$1 +KEY_FILE=daps.key +CERT_FILE=daps.cert + +# generate a new short-lived certificate and export the private key +openssl req -newkey rsa:2048 -new -nodes -x509 -days 1 -keyout $KEY_FILE -out $CERT_FILE -subj "/CN=test" + +DAPSCRT=$(cat $CERT_FILE) +DAPSKEY=$(cat $KEY_FILE) +AES_KEY=$( echo aes_enckey_test | base64) +echo $AES_KEY > aes.key + +# replace the cert for DAPS +yq -i ".idsdaps.connectors[0].certificate=\"$DAPSCRT\"" "$VALUES_FILE" + +# add a "postStart" command to the vault config, that creates a daps-key, daps-cert and an aes-keys secret +yq -i ".vault.server.postStart |= [\"sh\",\"-c\",\"{\nsleep 5\n\ncat << EOF | /bin/vault kv put secret/daps-crt content=-\n$DAPSCRT\nEOF\n\n +cat << EOF | /bin/vault kv put secret/daps-key content=-\n$DAPSKEY\nEOF\n\n +/bin/vault kv put secret/aes-keys content=$AES_KEY\n\n}\"]" "$VALUES_FILE" \ No newline at end of file