diff --git a/charts/portal/templates/cronjob-backend-processes.yaml b/charts/portal/templates/cronjob-backend-processes.yaml index 34733b9ca..10ee574fe 100644 --- a/charts/portal/templates/cronjob-backend-processes.yaml +++ b/charts/portal/templates/cronjob-backend-processes.yaml @@ -194,6 +194,44 @@ spec: value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.processesworker.sdfactory.selfdescriptionPath }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__USERNAME" value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTID" + value: "{{ .Values.backend.processesworker.dim.clientId }}" + - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE" + value: "{{ .Values.backend.processesworker.dim.grantType }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-client-secret" + - name: "APPLICATIONCHECKLIST__DIM__SCOPE" + value: "{{ .Values.backend.processesworker.dim.scope }}" + - name: "APPLICATIONCHECKLIST__DIM__TOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "APPLICATIONCHECKLIST__DIM__BASEADDRESS" + value: "{{ .Values.backend.processesworker.dim.baseAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__UNIVERSALRESOLVERADDRESS" + value: "{{ .Values.backend.processesworker.dim.universalResolverAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__DIDDOCUMENTBASELOCATION" + value: "{{ .Values.backend.processesworker.dim.didDocumentBaseLocation }}" + - name: "APPLICATIONCHECKLIST__DIM__MAXVALIDATIONTIMEINDAYS" + value: "{{ .Values.backend.processesworker.dim.maxValidationTimeInDays }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-encryption-key0" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}" - name: "KEYCLOAK__CENTRAL__AUTHREALM" value: "{{ .Values.backend.keycloak.central.authRealm }}" - name: "KEYCLOAK__CENTRAL__CLIENTID" @@ -342,7 +380,7 @@ spec: valueFrom: secretKeyRef: name: "{{ .Values.backend.interfaces.secret }}" - key: "process-onboardingserviceprovider-encryption-key0" + key: "onboardingserviceprovider-encryption-key0" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__INDEX" value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__CIPHERMODE" diff --git a/charts/portal/templates/deployment-backend-administration.yaml b/charts/portal/templates/deployment-backend-administration.yaml index dfc0de696..c8a321e60 100644 --- a/charts/portal/templates/deployment-backend-administration.yaml +++ b/charts/portal/templates/deployment-backend-administration.yaml @@ -185,6 +185,44 @@ spec: value: "{{ .Values.sdfactoryAddress }}{{ .Values.backend.processesworker.sdfactory.selfdescriptionPath }}" - name: "APPLICATIONCHECKLIST__SDFACTORY__USERNAME" value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__USERNAME" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__PASSWORD" + value: "{{ .Values.backend.placeholder }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTID" + value: "{{ .Values.backend.processesworker.dim.clientId }}" + - name: "APPLICATIONCHECKLIST__DIM__GRANTTYPE" + value: "{{ .Values.backend.processesworker.dim.grantType }}" + - name: "APPLICATIONCHECKLIST__DIM__CLIENTSECRET" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-client-secret" + - name: "APPLICATIONCHECKLIST__DIM__SCOPE" + value: "{{ .Values.backend.processesworker.dim.scope }}" + - name: "APPLICATIONCHECKLIST__DIM__TOKENADDRESS" + value: "{{ .Values.centralidpAddress }}{{ .Values.backend.keycloak.central.tokenPath }}" + - name: "APPLICATIONCHECKLIST__DIM__BASEADDRESS" + value: "{{ .Values.backend.processesworker.dim.baseAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__UNIVERSALRESOLVERADDRESS" + value: "{{ .Values.backend.processesworker.dim.universalResolverAddress }}" + - name: "APPLICATIONCHECKLIST__DIM__DIDDOCUMENTBASELOCATION" + value: "{{ .Values.backend.processesworker.dim.didDocumentBaseLocation }}" + - name: "APPLICATIONCHECKLIST__DIM__MAXVALIDATIONTIMEINDAYS" + value: "{{ .Values.backend.processesworker.dim.maxValidationTimeInDays }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONCONFIGINDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__INDEX" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__ENCRYPTIONKEY" + valueFrom: + secretKeyRef: + name: "{{ .Values.backend.interfaces.secret }}" + key: "dim-encryption-key0" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__CIPHERMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}" + - name: "APPLICATIONCHECKLIST__DIM__ENCRYPTIONMODECONFIGS__0__PADDINGMODE" + value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}" - name: "COMPANYDATA__USECASEPARTICIPATIONMEDIATYPES__0" value: "{{ .Values.backend.administration.companyData.useCaseParticipationMediaTypes.type0 }}" - name: "COMPANYDATA__SSICERTIFICATEMEDIATYPES__0" @@ -326,24 +364,24 @@ spec: - name: "NETWORK2NETWORK__BASEPORTALADDRESS" value: "{{ .Values.portalAddress }}{{ .Values.backend.portalHomePath }}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIG__INDEX" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigIndex }}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigIndex }}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__INDEX" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.index}}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.index}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__CIPHERMODE" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.cipherMode}}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.cipherMode}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__PADDINGMODE" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.paddingMode}}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.paddingMode}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY" valueFrom: secretKeyRef: name: "{{ .Values.backend.interfaces.secret }}" key: "onboardingserviceprovider-encryption-key0" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__INDEX" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.index}}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.index}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__CIPHERMODE" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.cipherMode}}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.cipherMode}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__PADDINGMODE" - value: "{{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.paddingMode}}" + value: "{{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.paddingMode}}" - name: "ONBOARDINGSERVICEPROVIDER__ENCRYPTIONCONFIGS__1__ENCRYPTIONKEY" valueFrom: secretKeyRef: diff --git a/charts/portal/templates/secret-backend-interfaces.yaml b/charts/portal/templates/secret-backend-interfaces.yaml index 8cd8d886f..7523bdba1 100644 --- a/charts/portal/templates/secret-backend-interfaces.yaml +++ b/charts/portal/templates/secret-backend-interfaces.yaml @@ -37,10 +37,10 @@ data: custodian-client-secret: {{ coalesce ( .Values.backend.processesworker.custodian.clientSecret | b64enc ) ( index $secret.data "custodian-client-secret" ) | default ( randAlphaNum 32 ) | quote }} sdfactory-client-secret: {{ coalesce ( .Values.backend.processesworker.sdfactory.clientSecret | b64enc ) ( index $secret.data "sdfactory-client-secret" ) | default ( randAlphaNum 32 ) | quote }} offerprovider-client-secret: {{ coalesce ( .Values.backend.processesworker.offerprovider.clientSecret | b64enc ) ( index $secret.data "offerprovider-client-secret" ) | default ( randAlphaNum 32 ) | quote }} - onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }} - onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }} - process-onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "process-onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }} - process-onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "process-onboardingserviceprovider-encryption-key" ) | default ( randAlphaNum 32 ) | quote }} + dim-client-secret: {{ coalesce ( .Values.backend.processesworker.dim.clientSecret | b64enc ) ( index $secret.data "dim-client-secret" ) | default ( randAlphaNum 32 ) | quote }} + dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key1" ) | default ( randAlphaNum 32 ) | quote }} {{ else -}} stringData: # if secret doesn't exist, use provided value from values file or generate a random one @@ -49,8 +49,8 @@ stringData: custodian-client-secret: {{ .Values.backend.processesworker.custodian.clientSecret | default ( randAlphaNum 32 ) | quote }} sdfactory-client-secret: {{ .Values.backend.processesworker.sdfactory.clientSecret | default ( randAlphaNum 32 ) | quote }} offerprovider-client-secret: {{ .Values.backend.processesworker.offerprovider.clientSecret | default ( randAlphaNum 32 ) | quote }} - onboardingserviceprovider-encryption-key0: {{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} - onboardingserviceprovider-encryption-key1: {{ .Values.backend.administration.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }} - process-onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} - process-onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }} + dim-client-secret: {{ .Values.backend.processesworker.dim.clientSecret | default ( randAlphaNum 32 ) | quote }} + dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }} + onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }} {{ end }} diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index 22538de2e..142cf26ff 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -397,23 +397,6 @@ backend: swaggerEnabled: false frameDocumentTypeIds: type0: "CX_FRAME_CONTRACT" - onboardingServiceProvider: - encryptionConfigIndex: 1 - encryptionConfigs: - index0: - index: 0 - cipherMode: "ECB" - paddingMode: "PKCS7" - # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key0'. - # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md - encryptionKey: "" - index1: - index: 1 - cipherMode: "CBC" - paddingMode: "PKCS7" - # -- EncryptionKey for onboardingserviceprovider encryptionKey. Secret-key 'onboardingserviceprovider-encryption-key1'. - # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md - encryptionKey: "" provisioning: centralRealm: "CX-Central" centralRealmId: "CX-Central" @@ -841,14 +824,14 @@ backend: index: 0 cipherMode: "ECB" paddingMode: "PKCS7" - # -- EncryptionKey for onboardingserviceprovider. Secret-key 'process-onboardingserviceprovider-encryption-key0'. + # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key0'. # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md encryptionKey: "" index1: index: 1 cipherMode: "CBC" paddingMode: "PKCS7" - # -- EncryptionKey for onboardingserviceprovider. Secret-key 'process-onboardingserviceprovider-encryption-key1'. + # -- EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key1'. # Expected format is 256 bit (64 digits) hex. When upgrading from v1.8.0 please read document portal-upgrade-details.md encryptionKey: "" networkRegistration: @@ -856,6 +839,26 @@ backend: externalRegistrationPath: "/?overlay=consent_osp" # -- The logic to decline an application is not yet implemented in the backend - this will currently lead to a 404 page when clicking on the link in the mail closeApplicationPath: "/decline" + dim: + # -- Provide dim client-id from CX IAM centralidp. + clientId: "" + # -- Client-secret for dim client-id. Secret-key 'dim-client-secret'. + clientSecret: "" + grantType: "client_credentials" + scope: "openid" + baseAddress: "" + universalResolverAddress: "" + didDocumentBaseLocation: "" + maxValidationTimeInDays: 7 + encryptionConfigIndex: 0 + encryptionConfigs: + index0: + index: 0 + cipherMode: "CBC" + paddingMode: "PKCS7" + # -- EncryptionKey for dim wallet creation. Secret-key 'process-dimwalletcreation-encryption-key0'. + # Expected format is 256 bit (64 digits) hex. + encryptionKey: "" clients: portal: "Cl2-CX-Portal" registration: "Cl1-CX-Registration" diff --git a/consortia/environments/values-beta.yaml b/consortia/environments/values-beta.yaml index d7e0a1def..b6992d9b2 100644 --- a/consortia/environments/values-beta.yaml +++ b/consortia/environments/values-beta.yaml @@ -151,12 +151,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionConfigs: - index0: - encryptionKey: "" - index1: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -241,9 +235,18 @@ backend: onboardingServiceProvider: encryptionConfigs: index0: - encryptionKey: "" + encryptionKey: "" index1: - encryptionKey: "" + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + baseAddress: "" + universalResolverAddress: "" + didDocumentBaseLocation: "" + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-dev.yaml b/consortia/environments/values-dev.yaml index bc8a86921..0c0115311 100644 --- a/consortia/environments/values-dev.yaml +++ b/consortia/environments/values-dev.yaml @@ -151,12 +151,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionConfigs: - index0: - encryptionKey: "" - index1: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -241,9 +235,18 @@ backend: onboardingServiceProvider: encryptionConfigs: index0: - encryptionKey: "" + encryptionKey: "" index1: - encryptionKey: "" + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + baseAddress: "dummy" + universalResolverAddress: "dummy" + didDocumentBaseLocation: "dummy" + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-int.yaml b/consortia/environments/values-int.yaml index 6bb289ebe..d040fcc6a 100644 --- a/consortia/environments/values-int.yaml +++ b/consortia/environments/values-int.yaml @@ -151,12 +151,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionConfigs: - index0: - encryptionKey: "" - index1: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -241,9 +235,18 @@ backend: onboardingServiceProvider: encryptionConfigs: index0: - encryptionKey: "" + encryptionKey: "" index1: - encryptionKey: "" + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + baseAddress: "" + universalResolverAddress: "" + didDocumentBaseLocation: "" + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-pen.yaml b/consortia/environments/values-pen.yaml index b10c788b9..9ceda3673 100644 --- a/consortia/environments/values-pen.yaml +++ b/consortia/environments/values-pen.yaml @@ -152,12 +152,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionConfigs: - index0: - encryptionKey: "" - index1: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -242,9 +236,18 @@ backend: onboardingServiceProvider: encryptionConfigs: index0: - encryptionKey: "" + encryptionKey: "" index1: - encryptionKey: "" + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + baseAddress: "" + universalResolverAddress: "" + didDocumentBaseLocation: "" + encryptionConfigs: + index0: + encryptionKey: "" postgresql: auth: diff --git a/consortia/environments/values-rc.yaml b/consortia/environments/values-rc.yaml index cb62f8bd2..1926482de 100644 --- a/consortia/environments/values-rc.yaml +++ b/consortia/environments/values-rc.yaml @@ -151,12 +151,6 @@ backend: value: "portaldb" - name: "HEALTHCHECKS__0__TAGS__2" value: "provisioningdb" - onboardingServiceProvider: - encryptionConfigs: - index0: - encryptionKey: "" - index1: - encryptionKey: "" swaggerEnabled: true provisioning: @@ -241,9 +235,18 @@ backend: onboardingServiceProvider: encryptionConfigs: index0: - encryptionKey: "" + encryptionKey: "" index1: - encryptionKey: "" + encryptionKey: "" + dim: + clientId: "" + clientSecret: "" + baseAddress: "" + universalResolverAddress: "" + didDocumentBaseLocation: "" + encryptionConfigs: + index0: + encryptionKey: "" postgresql: fullnameOverride: "portal-backend-rc-postgresql"