Merge pull request #375 from eclipse-tractusx/merge/v2.1.0-RC2

build(2.1.0-rc2): merge main into main

CHANGELOG.md

@@ -2,6 +2,21 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal helm chart.
 
+## 2.1.0-RC2
+
+### Change
+
+* changed to new container images
+  * portal-frontend: v2.1.0-RC2
+  * portal-frontend-registration: v2.0.1-RC2
+
+### Bugfix
+
+* portal-backend:
+  * set correct path for consent osp link in mail notification [#371](https://github.com/eclipse-tractusx/portal/pull/371)
+  * update role name for app approval notifications [#372](https://github.com/eclipse-tractusx/portal/pull/372)
+  aligned dim and issuerComponent encryption key config [#368](https://github.com/eclipse-tractusx/portal/pull/368)
+
 ## 2.1.0-RC1
 
 ### Change
@@ -299,4 +314,4 @@ n/a
 ### Change
 
 * added product helm chart for portal, combining frontend and backend chart.
-* moved repository to eclipse-tractusx.
+* moved repository to eclipse-tractusx.

charts/portal/Chart.yaml

@@ -20,8 +20,8 @@
 apiVersion: v2
 name: portal
 type: application
-version: 2.1.0-RC1
-appVersion: 2.1.0-RC1
+version: 2.1.0-RC2
+appVersion: 2.1.0-RC2
 description: Helm chart for Catena-X Portal
 home: https://github.com/eclipse-tractusx/portal
 sources:

charts/portal/README.md

@@ -1,11 +1,11 @@
 # Helm chart for Catena-X Portal
 
-![Version: 2.1.0-RC1](https://img.shields.io/badge/Version-2.1.0--RC1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.0-RC1](https://img.shields.io/badge/AppVersion-2.1.0--RC1-informational?style=flat-square)
+![Version: 2.1.0-RC2](https://img.shields.io/badge/Version-2.1.0--RC2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.1.0-RC2](https://img.shields.io/badge/AppVersion-2.1.0--RC2-informational?style=flat-square)
 
 This helm chart installs the Catena-X Portal application which consists of
 
-* [portal-frontend (v2.1.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.1.0-RC1),
-* [portal-frontend-registration (v2.0.1-RC1)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v2.0.1-RC1),
+* [portal-frontend (v2.1.0-RC2)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.1.0-RC2),
+* [portal-frontend-registration (v2.0.1-RC2)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v2.0.1-RC2),
 * [portal-assets (v2.0.0)](https://github.com/eclipse-tractusx/portal-assets/tree/v2.0.0) and
 * [portal-backend (v2.1.0-RC1)](https://github.com/eclipse-tractusx/portal-backend/tree/v2.1.0-RC1).
 
@@ -41,7 +41,7 @@ To use the helm chart as a dependency:
 dependencies:
   - name: portal
     repository: https://eclipse-tractusx.github.io/charts/dev
-    version: 2.1.0-RC1
+    version: 2.1.0-RC2
 ```
 
 ## Requirements
@@ -83,13 +83,13 @@ dependencies:
 | frontend.ingress.hosts[0] | object | `{"host":"","paths":[{"backend":{"port":8080,"service":"portal"},"path":"/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"registration"},"path":"/registration/(.*)","pathType":"Prefix"},{"backend":{"port":8080,"service":"assets"},"path":"/((assets|documentation)/.*)","pathType":"Prefix"}]}` | Provide default path for the ingress record. |
 | frontend.portal.name | string | `"portal"` |  |
 | frontend.portal.image.name | string | `"docker.io/tractusx/portal-frontend"` |  |
-| frontend.portal.image.portaltag | string | `"v2.1.0-RC1"` |  |
+| frontend.portal.image.portaltag | string | `"v2.1.0-RC2"` |  |
 | frontend.portal.image.pullPolicy | string | `"IfNotPresent"` |  |
 | frontend.portal.resources | object | `{"limits":{"cpu":"75m","memory":"125M"},"requests":{"cpu":"25m","memory":"125M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 | frontend.portal.requireHttpsUrlPattern | bool | `true` |  |
 | frontend.registration.name | string | `"registration"` |  |
 | frontend.registration.image.name | string | `"docker.io/tractusx/portal-frontend-registration"` |  |
-| frontend.registration.image.registrationtag | string | `"v2.0.1-RC1"` |  |
+| frontend.registration.image.registrationtag | string | `"v2.0.1-RC2"` |  |
 | frontend.registration.image.pullPolicy | string | `"IfNotPresent"` |  |
 | frontend.registration.resources | object | `{"limits":{"cpu":"75m","memory":"100M"},"requests":{"cpu":"25m","memory":"100M"}}` | We recommend to review the default resource limits as this should a conscious choice. |
 | frontend.assets.name | string | `"assets"` |  |
@@ -250,7 +250,7 @@ dependencies:
 | backend.appmarketplace.activeAppCompanyAdminRoles.role0 | string | `"IT Admin"` |  |
 | backend.appmarketplace.activeAppCompanyAdminRoles.role1 | string | `"Company Admin"` |  |
 | backend.appmarketplace.approveAppUserRoles.role0 | string | `"Sales Manager"` |  |
-| backend.appmarketplace.approveAppUserRoles.role1 | string | `"Service Manager"` |  |
+| backend.appmarketplace.approveAppUserRoles.role1 | string | `"App Manager"` |  |
 | backend.appmarketplace.activationUserRoles.role0 | string | `"Sales Manager"` |  |
 | backend.appmarketplace.activationUserRoles.role1 | string | `"App Manager"` |  |
 | backend.appmarketplace.ITAdminRoles.role0 | string | `"IT Admin"` |  |
@@ -448,7 +448,7 @@ dependencies:
 | backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.paddingMode | string | `"PKCS7"` |  |
 | backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | string | `""` | EncryptionKey for onboardingserviceprovider. Secret-key 'onboardingserviceprovider-encryption-key1'. Expected format is 256 bit (64 digits) hex. When upgrading from v2.0.0-RC1 please read document portal-upgrade-details.md |
 | backend.processesworker.networkRegistration.loginDocumentPath | string | `"/documentation/?path=docs%2F09.+Others%28s%29%2F01.+Login.md"` |  |
-| backend.processesworker.networkRegistration.externalRegistrationPath | string | `"/?overlay=consent_osp"` |  |
+| backend.processesworker.networkRegistration.externalRegistrationPath | string | `"/consent_osp"` |  |
 | backend.processesworker.networkRegistration.closeApplicationPath | string | `"/decline"` | The logic to decline an application is not yet implemented in the backend - this will currently lead to a 404 page when clicking on the link in the mail |
 | backend.processesworker.dim.clientId | string | `"dim-client-id"` | Provide dim client-id from CX IAM centralidp. |
 | backend.processesworker.dim.clientSecret | string | `""` | Client-secret for dim client-id. Secret-key 'dim-client-secret'. |
@@ -467,11 +467,6 @@ dependencies:
 | backend.processesworker.issuerComponent.clientSecret | string | `""` | Client-secret for dim client-id. Secret-key 'issuercomponent-client-secret'. |
 | backend.processesworker.issuerComponent.grantType | string | `"client_credentials"` |  |
 | backend.processesworker.issuerComponent.scope | string | `"openid"` |  |
-| backend.processesworker.issuerComponent.encryptionConfigIndex | int | `0` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.index | int | `0` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode | string | `"CBC"` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode | string | `"PKCS7"` |  |
-| backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | string | `""` | EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'. Expected format is 256 bit (64 digits) hex. |
 | backend.processesworker.bpnDidResolver.apiKey | string | `""` | ApiKey for management endpoint of the bpnDidResolver. Secret-key 'bpndidresolver-api-key'. |
 | backend.processesworker.invitation.invitedUserInitialRoles.role0 | string | `"Company Admin"` |  |
 | backend.processesworker.invitation.initialLoginTheme | string | `"catenax-shared"` |  |

charts/portal/README.md.gotmpl

@@ -4,8 +4,8 @@
 
 This helm chart installs the Catena-X Portal application which consists of
 
-* [portal-frontend (v2.1.0-RC1)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.1.0-RC1),
-* [portal-frontend-registration (v2.0.1-RC1)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v2.0.1-RC1),
+* [portal-frontend (v2.1.0-RC2)](https://github.com/eclipse-tractusx/portal-frontend/tree/v2.1.0-RC2),
+* [portal-frontend-registration (v2.0.1-RC2)](https://github.com/eclipse-tractusx/portal-frontend-registration/tree/v2.0.1-RC2),
 * [portal-assets (v2.0.0)](https://github.com/eclipse-tractusx/portal-assets/tree/v2.0.0) and
 * [portal-backend (v2.1.0-RC1)](https://github.com/eclipse-tractusx/portal-backend/tree/v2.1.0-RC1).
 

charts/portal/templates/cronjob-backend-processes.yaml

@@ -268,18 +268,18 @@ spec:
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL"
               value: "{{ .Values.portalBackendAddress }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigIndex }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__INDEX"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.index }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
               valueFrom:
                 secretKeyRef:
                   name: "{{ .Values.backend.interfaces.secret }}"
-                  key: "issuercomponent-encryption-key0"
+                  key: "dim-encryption-key0"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__CIPHERMODE"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
             - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE"
-              value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}"
+              value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
             - name: "BPNDIDRESOLVER__BASEADDRESS"
               value: "{{ .Values.bpnDidResolver.managementApiAddress }}"
             - name: "BPNDIDRESOLVER__APIKEY"

charts/portal/templates/deployment-backend-administration.yaml

@@ -241,18 +241,18 @@ spec:
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__CALLBACKURL"
           value: "{{ .Values.portalBackendAddress }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGINDEX"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigIndex }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigIndex }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__INDEX"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.index }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.index }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__ENCRYPTIONKEY"
           valueFrom:
             secretKeyRef:
               name: "{{ .Values.backend.interfaces.secret }}"
-              key: "issuercomponent-encryption-key0"
+              key: "dim-encryption-key0"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__CIPHERMODE"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.cipherMode }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.cipherMode }}"
         - name: "APPLICATIONCHECKLIST__ISSUERCOMPONENT__ENCRYPTIONCONFIGS__0__PADDINGMODE"
-          value: "{{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.paddingMode }}"
+          value: "{{ .Values.backend.processesworker.dim.encryptionConfigs.index0.paddingMode }}"
         - name: "COMPANYDATA__USECASEPARTICIPATIONMEDIATYPES__0"
           value: "{{ .Values.backend.administration.companyData.useCaseParticipationMediaTypes.type0 }}"
         - name: "COMPANYDATA__SSICERTIFICATEMEDIATYPES__0"

charts/portal/templates/secret-backend-interfaces.yaml

@@ -38,13 +38,12 @@ data:
   sdfactory-client-secret: {{ coalesce ( .Values.backend.processesworker.sdfactory.clientSecret | b64enc ) ( index $secret.data "sdfactory-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   offerprovider-client-secret: {{ coalesce ( .Values.backend.processesworker.offerprovider.clientSecret | b64enc ) ( index $secret.data "offerprovider-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
   dim-client-secret: {{ coalesce ( .Values.backend.processesworker.dim.clientSecret | b64enc ) ( index $secret.data "dim-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
-  dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key0: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key1: {{ coalesce ( .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | b64enc ) ( index $secret.data "onboardingserviceprovider-encryption-key1" ) | default ( randAlphaNum 32 ) | quote }}
   invitation-encryption-key0: {{ coalesce ( .Values.backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "invitation-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   mailing-encryption-key0: {{ coalesce ( .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "mailing-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-client-secret: {{ coalesce ( .Values.backend.processesworker.issuerComponent.clientSecret | b64enc ) ( index $secret.data "issuercomponent-client-secret" ) | default ( randAlphaNum 32 ) | quote }}
-  issuercomponent-encryption-key0: {{ coalesce ( .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "issuercomponent-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
+  dim-encryption-key0: {{ coalesce ( .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "dim-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
   bpndidresolver-api-key: {{ coalesce ( .Values.backend.processesworker.bpnDidResolver.apiKey | b64enc ) ( index $secret.data "bpndidresolver-api-key" ) | default ( randAlphaNum 32 ) | quote }}
   serviceaccount-encryption-key0: {{ coalesce ( .Values.backend.administration.serviceAccount.encryptionConfigs.index0.encryptionKey | b64enc ) ( index $secret.data "serviceaccount-encryption-key0" ) | default ( randAlphaNum 32 ) | quote }}
 {{ else -}}
@@ -56,13 +55,12 @@ stringData:
   sdfactory-client-secret: {{ .Values.backend.processesworker.sdfactory.clientSecret | default ( randAlphaNum 32 ) | quote }}
   offerprovider-client-secret: {{ .Values.backend.processesworker.offerprovider.clientSecret | default ( randAlphaNum 32 ) | quote }}
   dim-client-secret: {{ .Values.backend.processesworker.dim.clientSecret | default ( randAlphaNum 32 ) | quote }}
-  dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key0: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   onboardingserviceprovider-encryption-key1: {{ .Values.backend.processesworker.onboardingServiceProvider.encryptionConfigs.index1.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   invitation-encryption-key0: {{ .Values.backend.processesworker.invitation.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   mailing-encryption-key0: {{ .Values.backend.processesworker.mailing.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   issuercomponent-client-secret: {{ .Values.backend.processesworker.issuerComponent.clientSecret | default ( randAlphaNum 32 ) | quote }}
-  issuercomponent-encryption-key0: {{ .Values.backend.processesworker.issuerComponent.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
+  dim-encryption-key0: {{ .Values.backend.processesworker.dim.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
   bpndidresolver-api-key: {{ .Values.backend.processesworker.bpnDidResolver.apiKey | default ( randAlphaNum 32 ) | quote }}
   serviceaccount-encryption-key0: {{ .Values.backend.administration.serviceAccount.encryptionConfigs.index0.encryptionKey | default ( randAlphaNum 32 ) | quote }}
 {{ end }}

charts/portal/values.yaml

@@ -500,7 +500,7 @@ backend:
       role1: "Company Admin"
     approveAppUserRoles:
       role0: "Sales Manager"
-      role1: "Service Manager"
+      role1: "App Manager"
     activationUserRoles:
       role0: "Sales Manager"
       role1: "App Manager"
@@ -860,7 +860,7 @@ backend:
           encryptionKey: ""
     networkRegistration:
       loginDocumentPath: "/documentation/?path=docs%2F09.+Others%28s%29%2F01.+Login.md"
-      externalRegistrationPath: "/?overlay=consent_osp"
+      externalRegistrationPath: "/consent_osp"
       # -- The logic to decline an application is not yet implemented in the backend - this will currently lead to a 404 page when clicking on the link in the mail
       closeApplicationPath: "/decline"
     dim:
@@ -893,15 +893,6 @@ backend:
       clientSecret: ""
       grantType: "client_credentials"
       scope: "openid"
-      encryptionConfigIndex: 0
-      encryptionConfigs:
-        index0:
-          index: 0
-          cipherMode: "CBC"
-          paddingMode: "PKCS7"
-          # -- EncryptionKey for the issuer component. Secret-key 'issuercomponent-encryption-key0'.
-          # Expected format is 256 bit (64 digits) hex.
-          encryptionKey: ""
     bpnDidResolver:
       # -- ApiKey for management endpoint of the bpnDidResolver. Secret-key 'bpndidresolver-api-key'.
       apiKey: ""

environments/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/portal
     repoURL: 'https://github.com/eclipse-tractusx/portal.git'
-    targetRevision: portal-2.1.0-RC1
+    targetRevision: portal-2.1.0-RC2
     plugin:
       env:
         - name: AVP_SECRET

environments/consortia/argocd-app-templates/appsetup-int.yaml

@@ -28,7 +28,7 @@ spec:
   source:
     path: charts/portal
     repoURL: 'https://github.com/eclipse-tractusx/portal.git'
-    targetRevision: portal-2.1.0-RC1
+    targetRevision: portal-2.1.0-RC2
     plugin:
       env:
         - name: AVP_SECRET

environments/consortia/helm-values/values-dev.yaml

@@ -261,13 +261,10 @@ backend:
       universalResolverAddress: "https://dev.uniresolver.io/"
       encryptionConfigs:
         index0:
-          encryptionKey: "<path:portal/data/dev/processes-worker#dim-encryption-key0>"
+          encryptionKey: "<path:portal/data/dev/encryption-keys#dim-encryption-key0>"
     issuerComponent:
       clientId: "<path:portal/data/processes-worker#issuercomponent-client-id>"
       clientSecret: "<path:portal/data/dev/processes-worker#issuercomponent-client-secret>"
-      encryptionConfigs:
-        index0:
-          encryptionKey: "<path:portal/data/dev/processes-worker#issuercomponent-encryption-key0>"
     bpnDidResolver:
       apiKey: "<path:portal/data/dev/processes-worker#bpndidresolver-api-key>"
     invitation: