From 508d9dff04ed98fba65bbe5e2f4bd395150238c7 Mon Sep 17 00:00:00 2001 From: Paul Latzelsperger Date: Wed, 2 Oct 2024 10:41:54 +0200 Subject: [PATCH] re-order deployment units --- mxd/alice.tf | 87 ++++++++++++++++++++ mxd/alice_variables.tf | 43 ++++++++++ mxd/bob.tf | 61 +++++++++++++++ mxd/bob_variables.tf | 38 +++++++++ mxd/main.tf | 122 ----------------------------- mxd/modules/connector/connector.tf | 13 +-- mxd/modules/connector/variables.tf | 9 ++- mxd/postgres-init.tf | 3 +- mxd/seed_data.tf | 8 +- mxd/variables.tf | 49 ------------ 10 files changed, 243 insertions(+), 190 deletions(-) create mode 100644 mxd/alice.tf create mode 100644 mxd/alice_variables.tf create mode 100644 mxd/bob.tf create mode 100644 mxd/bob_variables.tf diff --git a/mxd/alice.tf b/mxd/alice.tf new file mode 100644 index 00000000..136666a9 --- /dev/null +++ b/mxd/alice.tf @@ -0,0 +1,87 @@ +# First connector +module "alice-connector" { + depends_on = [module.azurite] + source = "./modules/connector" + humanReadableName = var.alice-humanReadableName + participantId = var.alice-bpn + database-host = local.alice-postgres.database-host + database-name = local.databases.alice.database-name + database-credentials = { + user = local.databases.alice.database-username + password = local.databases.alice.database-password + } + dcp-config = { + id = var.alice-did + sts_token_url = "http://${var.alice-identityhub-host}:7084/api/credentials/token" + sts_client_id = var.alice-did + sts_clientsecret_alias = "participant-alice-sts-client-secret" + } + dataplane = { + privatekey-alias = "${var.alice-did}#signing-key-1" + publickey-alias = "${var.alice-did}#signing-key-1" + } + + azure-account-name = var.alice-azure-account-name + azure-account-key = local.alice-azure-key-base64 + azure-account-key-sas = var.alice-azure-key-sas + azure-url = module.azurite.azurite-url + + ingress-host = var.alice-ingress-host + + minio-config = { + username = module.alice-minio.minio-username + password = module.alice-minio.minio-password + url = module.alice-minio.minio-url + } +} + +module "alice-identityhub" { + depends_on = [module.alice-connector] + + source = "./modules/identity-hub" + database = { + user = local.databases.alice.database-username + password = local.databases.alice.database-password + url = "jdbc:postgresql://${local.alice-postgres.database-host}/${local.databases.alice.database-name}" + } + humanReadableName = var.alice-identityhub-host + namespace = kubernetes_namespace.mxd-ns.metadata.0.name + participantId = var.alice-did + vault-url = "http://alice-vault:8200" + url-path = var.alice-identityhub-host +} + +# alice's catalog server +module "alice-catalog-server" { + depends_on = [module.alice-connector] + + source = "./modules/catalog-server" + humanReadableName = "alice-catalogserver" + serviceName = var.alice-catalogserver-host + namespace = kubernetes_namespace.mxd-ns.metadata.0.name + participantId = var.alice-bpn + vault-url = "http://alice-vault:8200" + bdrs-url = "http://bdrs-server:8082/api/directory" + database = { + user = local.databases.alice-catalogserver.database-username + password = local.databases.alice-catalogserver.database-password + url = "jdbc:postgresql://${local.catalogserver-postgres.database-host}/${local.databases.alice-catalogserver.database-name}" + } + dcp-config = { + id = var.alice-did + sts_token_url = "http://${var.alice-identityhub-host}:7084/api/credentials/token" + sts_client_id = var.alice-did + sts_clientsecret_alias = "participant-alice-sts-client-secret" + } +} + +module "alice-minio" { + source = "./modules/minio" + humanReadableName = lower(var.alice-humanReadableName) + minio-username = "aliceawsclient" + minio-password = "aliceawssecret" +} + +locals { + alice-azure-key-base64 = base64encode(var.alice-azure-account-key) +} \ No newline at end of file diff --git a/mxd/alice_variables.tf b/mxd/alice_variables.tf new file mode 100644 index 00000000..89590ca9 --- /dev/null +++ b/mxd/alice_variables.tf @@ -0,0 +1,43 @@ +variable "alice-bpn" { + default = "BPNL000000000001" +} + +variable "alice-humanReadableName" { + default = "alice" +} + +variable "alice-identityhub-host" { + description = "Kubernetes service name of the IdentityHub" + default = "alice-ih" +} + +variable "alice-catalogserver-host" { + description = "Kubernetes service name (=Host) for Alice's Catalog Server" + default = "alice-cs" +} + +variable "alice-did" { + default = "did:web:alice-ih%3A7083:alice" +} + +variable "alice-azure-account-name" { + default = "aliceazureaccount" +} + +variable "alice-azure-account-key" { + default = "aliceazurekey" +} + +variable "alice-azure-key-sas" { + default = "sv=2023-01-03&ss=btqf&srt=sco&st=2023-11-23T13%3A17%3A09Z&se=2030-01-01T00%3A00%3A00Z&sp=rwdxftlacup&sig=uvPcqmLj7%2FMuadAKXMCA7SvWCnClQ9EA1b15OB0m1bc%3D" +} + +variable "alice-ingress-host" { + default = "localhost" +} + +variable "alice-namespace" { + type = string + description = "Kubernetes namespace to use" + default = "mxd" +} \ No newline at end of file diff --git a/mxd/bob.tf b/mxd/bob.tf new file mode 100644 index 00000000..cc073173 --- /dev/null +++ b/mxd/bob.tf @@ -0,0 +1,61 @@ +# Second connector +module "bob-connector" { + depends_on = [module.azurite] + source = "./modules/connector" + humanReadableName = var.bob-humanReadableName + namespace = kubernetes_namespace.mxd-ns.metadata.0.name + participantId = var.bob-bpn + database-host = local.bob-postgres.database-host + database-name = local.databases.bob.database-name + database-credentials = { + user = local.databases.bob.database-username + password = local.databases.bob.database-password + } + dcp-config = { + id = var.bob-did + sts_token_url = "http://${var.bob-identityhub-host}:7084/api/credentials/token" + sts_client_id = var.bob-did + sts_clientsecret_alias = "participant-bob-sts-client-secret" + } + dataplane = { + privatekey-alias = "${var.bob-did}#signing-key-1" + publickey-alias = "${var.bob-did}#signing-key-1" + } + + azure-account-name = var.bob-azure-account-name + azure-account-key = local.bob-azure-key-base64 + azure-account-key-sas = var.bob-azure-key-sas + azure-url = module.azurite.azurite-url + ingress-host = var.bob-ingress-host + minio-config = { + username = module.bob-minio.minio-username + password = module.bob-minio.minio-password + url = module.bob-minio.minio-url + } +} + +module "bob-identityhub" { + depends_on = [module.bob-connector] + source = "./modules/identity-hub" + database = { + user = local.databases.bob.database-username + password = local.databases.bob.database-password + url = "jdbc:postgresql://${local.bob-postgres.database-host}/${local.databases.bob.database-name}" + } + humanReadableName = var.bob-identityhub-host + namespace = kubernetes_namespace.mxd-ns.metadata.0.name + participantId = var.bob-did + vault-url = "http://bob-vault:8200" + url-path = var.bob-identityhub-host +} + +module "bob-minio" { + source = "./modules/minio" + humanReadableName = lower(var.bob-humanReadableName) + minio-username = "bobawsclient" + minio-password = "bobawssecret" +} + +locals { + bob-azure-key-base64 = base64encode(var.bob-azure-account-key) +} \ No newline at end of file diff --git a/mxd/bob_variables.tf b/mxd/bob_variables.tf new file mode 100644 index 00000000..db447312 --- /dev/null +++ b/mxd/bob_variables.tf @@ -0,0 +1,38 @@ +variable "bob-bpn" { + default = "BPNL000000000002" +} + +variable "bob-did" { + default = "did:web:bob-ih%3A7083:bob" +} + + +variable "bob-azure-account-name" { + default = "bobazureaccount" +} + +variable "bob-azure-account-key" { + default = "bobazurekey" +} + +variable "bob-azure-key-sas" { + default = "sv=2023-01-03&ss=btqf&srt=sco&st=2023-11-23T13%3A18%3A49Z&se=2030-01-01T00%3A00%3A00Z&sp=rwdftlacup&sig=Xki%2B2nHBT2V8oe%2BMmS%2BI%2FHzcAsTFCYWDv6t6zT%2FWXFM%3D" +} + +variable "bob-ingress-host" { + default = "localhost" +} + +variable "bob-humanReadableName" { + default = "bob" +} + +variable "bob-identityhub-host" { + description = "Kubernetes service name of the IdentityHub" + default = "bob-ih" +} + +variable "bob-catalogserver-host" { + description = "Kubernetes service name (=Host) for Bob's Catalog Server" + default = "bob-cs" +} diff --git a/mxd/main.tf b/mxd/main.tf index 64ab45ae..554ba00a 100644 --- a/mxd/main.tf +++ b/mxd/main.tf @@ -42,126 +42,6 @@ provider "helm" { } } -# First connector -module "alice-connector" { - depends_on = [module.azurite] - source = "./modules/connector" - humanReadableName = "alice" - participantId = var.alice-bpn - database-host = local.alice-postgres.database-host - database-name = local.databases.alice.database-name - database-credentials = { - user = local.databases.alice.database-username - password = local.databases.alice.database-password - } - dcp-config = { - id = var.alice-did - sts_token_url = "http://alice-ih:7084/api/credentials/token" - sts_client_id = var.alice-did - sts_clientsecret_alias = "participant-alice-sts-client-secret" - } - dataplane = { - privatekey-alias = "${var.alice-did}#signing-key-1" - publickey-alias = "${var.alice-did}#signing-key-1" - } - - azure-account-name = var.alice-azure-account-name - azure-account-key = local.alice-azure-key-base64 - azure-account-key-sas = var.alice-azure-key-sas - azure-url = module.azurite.azurite-url - minio-config = { - minio-username = "aliceawsclient" - minio-password = "aliceawssecret" - } - ingress-host = var.alice-ingress-host -} - -module "alice-identityhub" { - source = "./modules/identity-hub" - database = { - user = local.databases.alice.database-username - password = local.databases.alice.database-password - url = "jdbc:postgresql://${local.alice-postgres.database-host}/${local.databases.alice.database-name}" - } - humanReadableName = "alice-ih" - namespace = kubernetes_namespace.mxd-ns.metadata.0.name - participantId = var.alice-did - vault-url = "http://alice-vault:8200" - url-path = "alice-ih" -} - -# alice's catalog server -module "alice-catalog-server" { - source = "./modules/catalog-server" - humanReadableName = "alice-catalogserver" - serviceName = "alice-cs" - namespace = kubernetes_namespace.mxd-ns.metadata.0.name - participantId = var.alice-bpn - vault-url = "http://alice-vault:8200" - bdrs-url = "http://bdrs-server:8082/api/directory" - database = { - user = local.databases.alice-catalogserver.database-username - password = local.databases.alice-catalogserver.database-password - url = "jdbc:postgresql://${local.catalogserver-postgres.database-host}/${local.databases.alice-catalogserver.database-name}" - } - dcp-config = { - id = var.alice-did - sts_token_url = "http://alice-ih:7084/api/credentials/token" - sts_client_id = var.alice-did - sts_clientsecret_alias = "participant-alice-sts-client-secret" - } -} - - -# Second connector -module "bob-connector" { - depends_on = [module.azurite] - source = "./modules/connector" - humanReadableName = "bob" - namespace = kubernetes_namespace.mxd-ns.metadata.0.name - participantId = var.bob-bpn - database-host = local.bob-postgres.database-host - database-name = local.databases.bob.database-name - database-credentials = { - user = local.databases.bob.database-username - password = local.databases.bob.database-password - } - dcp-config = { - id = var.bob-did - sts_token_url = "http://bob-ih:7084/api/credentials/token" - sts_client_id = var.bob-did - sts_clientsecret_alias = "participant-bob-sts-client-secret" - } - dataplane = { - privatekey-alias = "${var.bob-did}#signing-key-1" - publickey-alias = "${var.bob-did}#signing-key-1" - } - - azure-account-name = var.bob-azure-account-name - azure-account-key = local.bob-azure-key-base64 - azure-account-key-sas = var.bob-azure-key-sas - azure-url = module.azurite.azurite-url - minio-config = { - minio-username = "bobawsclient" - minio-password = "bobawssecret" - } - ingress-host = var.bob-ingress-host -} - -module "bob-identityhub" { - source = "./modules/identity-hub" - database = { - user = local.databases.bob.database-username - password = local.databases.bob.database-password - url = "jdbc:postgresql://${local.bob-postgres.database-host}/${local.databases.bob.database-name}" - } - humanReadableName = "bob-ih" - namespace = kubernetes_namespace.mxd-ns.metadata.0.name - participantId = var.bob-did - vault-url = "http://bob-vault:8200" - url-path = "bob-ih" -} - module "azurite" { source = "./modules/azurite" namespace = kubernetes_namespace.mxd-ns.metadata.0.name @@ -169,8 +49,6 @@ module "azurite" { } locals { - alice-azure-key-base64 = base64encode(var.alice-azure-account-key) - bob-azure-key-base64 = base64encode(var.bob-azure-account-key) trudy-azure-key-base64 = base64encode(var.trudy-azure-account-key) } diff --git a/mxd/modules/connector/connector.tf b/mxd/modules/connector/connector.tf index 46c97850..728d1e64 100644 --- a/mxd/modules/connector/connector.tf +++ b/mxd/modules/connector/connector.tf @@ -17,12 +17,7 @@ # SPDX-License-Identifier: Apache-2.0 # -module "minio" { - source = "../minio" - humanReadableName = lower(var.humanReadableName) - minio-username = var.minio-config.minio-username - minio-password = var.minio-config.minio-password -} + resource "helm_release" "connector" { name = lower(var.humanReadableName) @@ -48,8 +43,8 @@ resource "helm_release" "connector" { "-c", join(" && ", [ "sleep 5", - "/bin/vault kv put secret/edc.aws.access.key content=${var.minio-config.minio-username}", - "/bin/vault kv put secret/edc.aws.secret.access.key content=${var.minio-config.minio-password}", + "/bin/vault kv put secret/edc.aws.access.key content=${var.minio-config.username}", + "/bin/vault kv put secret/edc.aws.secret.access.key content=${var.minio-config.password}", "/bin/vault kv put secret/${var.azure-account-name}-key content=${var.azure-account-key}", "/bin/vault kv put secret/${var.azure-account-name}-sas content='${local.azure-sas-token}'", ]) @@ -185,5 +180,5 @@ locals { jdbcUrl = "jdbc:postgresql://${var.database-host}:${var.database-port}/${var.database-name}" edc-blobstore-endpoint-template = "${var.azure-url}/%s" azure-sas-token = jsonencode({ edctype = "dataspaceconnector:azuretoken", sas = var.azure-account-key-sas }) - minio-url = module.minio.minio-url + minio-url = var.minio-config.url } diff --git a/mxd/modules/connector/variables.tf b/mxd/modules/connector/variables.tf index 5135963e..0eb833bc 100644 --- a/mxd/modules/connector/variables.tf +++ b/mxd/modules/connector/variables.tf @@ -97,10 +97,11 @@ variable "azure-url" { } variable "minio-config" { - default = { - minio-username = "" - minio-password = "" - } + type = object({ + username = string + password = string + url = string + }) } variable "ingress-host" { diff --git a/mxd/postgres-init.tf b/mxd/postgres-init.tf index 7a911d0b..8113f05f 100644 --- a/mxd/postgres-init.tf +++ b/mxd/postgres-init.tf @@ -54,7 +54,6 @@ locals { catalogserver-postgres = module.postgres["alice-catalogserver"] databases = { - bdrs = { database-name = "bdrs", database-username = "bdrs" @@ -74,7 +73,7 @@ locals { } alice-catalogserver = { - database-name = "catalogserver", + database-name = "catalogserver" database-username = "catalogserver" database-password = "catalogserver" } diff --git a/mxd/seed_data.tf b/mxd/seed_data.tf index c501048b..d95f7d11 100644 --- a/mxd/seed_data.tf +++ b/mxd/seed_data.tf @@ -100,13 +100,13 @@ resource "kubernetes_job" "seed_connectors_via_mgmt_api" { command = [ "newman", "run", "--folder", "SeedIH", - "--env-var", "IH_URL=http://alice-ih:7081", + "--env-var", "IH_URL=http://${var.alice-identityhub-host}:7081", "--env-var", "PARTICIPANT_DID=${var.alice-did}", "--env-var", "CONTROL_PLANE_HOST=alice-controlplane", "--env-var", "PARTICIPANT_CONTEXT_ID=participant-alice", "--env-var", "PARTICIPANT_CONTEXT_ID_BASE64=cGFydGljaXBhbnQtYWxpY2U=", "--env-var", - "IDENTITYHUB_URL=http://alice-ih:${module.alice-identityhub.ports.presentation-api}/api/presentation", + "IDENTITYHUB_URL=http://${var.alice-identityhub-host}:${module.alice-identityhub.ports.presentation-api}/api/presentation", "--env-var", "MEMBERSHIP_CREDENTIAL=${file("${path.module}/assets/alice.membership.jwt")}", "--env-var", "FRAMEWORK_CREDENTIAL=${file("${path.module}/assets/alice.dataexchangegov.jwt")}", "--env-var", "BPN=${var.alice-bpn}", @@ -125,13 +125,13 @@ resource "kubernetes_job" "seed_connectors_via_mgmt_api" { command = [ "newman", "run", "--folder", "SeedIH", - "--env-var", "IH_URL=http://bob-ih:7081", + "--env-var", "IH_URL=http://${var.bob-identityhub-host}:7081", "--env-var", "PARTICIPANT_DID=${var.bob-did}", "--env-var", "CONTROL_PLANE_HOST=bob-controlplane", "--env-var", "PARTICIPANT_CONTEXT_ID=participant-bob", "--env-var", "PARTICIPANT_CONTEXT_ID_BASE64=cGFydGljaXBhbnQtYm9i", "--env-var", - "IDENTITYHUB_URL=http://bob-ih:${module.bob-identityhub.ports.presentation-api}/api/presentation", + "IDENTITYHUB_URL=http://${var.bob-identityhub-host}:${module.bob-identityhub.ports.presentation-api}/api/presentation", "--env-var", "MEMBERSHIP_CREDENTIAL=${file("${path.module}/assets/bob.membership.jwt")}", "--env-var", "FRAMEWORK_CREDENTIAL=${file("${path.module}/assets/bob.dataexchangegov.jwt")}", "--env-var", "BPN=${var.bob-bpn}", diff --git a/mxd/variables.tf b/mxd/variables.tf index 3afb18ca..1713f808 100644 --- a/mxd/variables.tf +++ b/mxd/variables.tf @@ -28,56 +28,15 @@ variable "namespace" { default = "mxd" } - -variable "alice-bpn" { - default = "BPNL000000000001" -} - -variable "bob-bpn" { - default = "BPNL000000000002" -} - variable "trudy-bpn" { default = "BPNL000000000003" } -variable "bob-did" { - default = "did:web:bob-ih%3A7083:bob" -} - -variable "alice-did" { - default = "did:web:alice-ih%3A7083:alice" -} - variable "trudy-did" { default = "did:web:trudy-ih%3A7083:trudy" } -variable "alice-azure-account-name" { - default = "aliceazureaccount" -} - -variable "alice-azure-account-key" { - default = "aliceazurekey" -} - -variable "alice-azure-key-sas" { - default = "sv=2023-01-03&ss=btqf&srt=sco&st=2023-11-23T13%3A17%3A09Z&se=2030-01-01T00%3A00%3A00Z&sp=rwdxftlacup&sig=uvPcqmLj7%2FMuadAKXMCA7SvWCnClQ9EA1b15OB0m1bc%3D" -} - -variable "bob-azure-account-name" { - default = "bobazureaccount" -} - -variable "bob-azure-account-key" { - default = "bobazurekey" -} - -variable "bob-azure-key-sas" { - default = "sv=2023-01-03&ss=btqf&srt=sco&st=2023-11-23T13%3A18%3A49Z&se=2030-01-01T00%3A00%3A00Z&sp=rwdftlacup&sig=Xki%2B2nHBT2V8oe%2BMmS%2BI%2FHzcAsTFCYWDv6t6zT%2FWXFM%3D" -} - variable "trudy-azure-account-name" { default = "trudyazureaccount" } @@ -90,14 +49,6 @@ variable "trudy-azure-key-sas" { default = "st=2023-11-23T13%3A18%3A49Z&se=2030-01-01T13%3A18%3A49Z&sp=rwdlacupft&sv=2022-11-02&ss=qftb&srt=sco&sig=lOo5x2U04isnhBdlAZLj2nFk%2BphhiVeuzjv/XGJu3DM%3D" } -variable "alice-ingress-host" { - default = "localhost" -} - -variable "bob-ingress-host" { - default = "localhost" -} - variable "trudy-ingress-host" { default = "localhost" }