diff --git a/CHANGELOG.md b/CHANGELOG.md index 96effa5..61cf40f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,22 @@ New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X IAM * Keycloak instances. +## [4.0.0-rc.1](https://github.com/eclipse-tractusx/portal-iam/compare/v4.0.0-alpha.2...v4.0.0-rc.1) (2024-10-23) + + +### ⚠ BREAKING CHANGES + +* upgrade to Keycloak version 25: upgrade realm configuration and remove deprecated proxy parameter + +### Features + +* upgrade to Keycloak version 25: upgrade realm configuration and remove deprecated proxy parameter ([99503ab](https://github.com/eclipse-tractusx/portal-iam/commit/99503abb0c037bfc8c52c80de19d635b16e7096e)) + + +### Miscellaneous Chores + +* release 4.0.0-rc.1 ([a498b4e](https://github.com/eclipse-tractusx/portal-iam/commit/a498b4ef0995db17baa76c462200a6cd0ffbc6ab)) + ## [4.0.0-alpha.2](https://github.com/eclipse-tractusx/portal-iam/compare/v4.0.0-alpha.1...v4.0.0-alpha.2) (2024-10-21) ### Bug Fixes diff --git a/charts/centralidp/Chart.yaml b/charts/centralidp/Chart.yaml index 0260f8a..fb9f0ae 100644 --- a/charts/centralidp/Chart.yaml +++ b/charts/centralidp/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 name: centralidp type: application -version: 4.0.0-alpha.2 +version: 4.0.0-rc.1 appVersion: 25.0.6 description: Helm chart for Central Keycloak Instance home: https://github.com/eclipse-tractusx/portal-iam diff --git a/charts/centralidp/README.md b/charts/centralidp/README.md index 88796c0..f311dbd 100644 --- a/charts/centralidp/README.md +++ b/charts/centralidp/README.md @@ -1,6 +1,6 @@ # Helm chart for Central Keycloak Instance -![Version: 4.0.0-alpha.2](https://img.shields.io/badge/Version-4.0.0--alpha.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) +![Version: 4.0.0-rc.1](https://img.shields.io/badge/Version-4.0.0--rc.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) This helm chart installs the Helm chart for Central Keycloak Instance. @@ -29,7 +29,7 @@ To use the helm chart as a dependency: dependencies: - name: centralidp repository: https://eclipse-tractusx.github.io/charts/dev - version: 4.0.0-alpha.2 + version: 4.0.0-rc.1 ``` ## Requirements @@ -53,7 +53,7 @@ dependencies: | keycloak.extraVolumeMounts[0].name | string | `"themes"` | | | keycloak.extraVolumeMounts[0].mountPath | string | `"/opt/bitnami/keycloak/themes/catenax-central"` | | | keycloak.initContainers[0].name | string | `"import"` | | -| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-alpha.2"` | | +| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-rc.1"` | | | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | | | keycloak.initContainers[0].command[0] | string | `"sh"` | | | keycloak.initContainers[0].args[0] | string | `"-c"` | | @@ -91,7 +91,7 @@ dependencies: | keycloak.externalDatabase.existingSecretUserKey | string | `""` | | | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` | | | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` | | -| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-alpha.1","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-alpha.2","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. | +| realmSeeding | object | `{"bpn":"BPNL00000003CRHK","clients":{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}},"enabled":true,"extraServiceAccounts":{"clientSecretsAndBpn":[],"existingSecret":""},"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.1","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.1","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"700M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"700M"}},"serviceAccounts":{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""},"sharedidp":"https://sharedidp.example.org","sslRequired":"external"}` | Seeding job to create and update the CX-Central realm: besides creating the CX-Central realm, the job can be used to update the configuration of the realm when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. | | realmSeeding.clients | object | `{"bpdm":{"clientSecret":"","redirects":["https://partners-pool.example.org/*"]},"bpdmGate":{"clientSecret":"","redirects":["https://partners-gate.example.org/*"]},"bpdmOrchestrator":{"clientSecret":""},"existingSecret":"","miw":{"clientSecret":"","redirects":["https://managed-identity-wallets.example.org/*"]},"portal":{"redirects":["https://portal.example.org/*"],"rootUrl":"https://portal.example.org/home"},"registration":{"redirects":["https://portal.example.org/*"]},"semantics":{"redirects":["https://portal.example.org/*"]}}` | Set redirect addresses and - in the case of confidential clients - clients secrets for clients which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. | | realmSeeding.clients.existingSecret | string | `""` | Option to provide an existingSecret for the clients with clientId as key and clientSecret as value. | | realmSeeding.serviceAccounts | object | `{"clientSecrets":[{"clientId":"sa-cl1-reg-2","clientSecret":""},{"clientId":"sa-cl2-01","clientSecret":""},{"clientId":"sa-cl2-02","clientSecret":""},{"clientId":"sa-cl2-03","clientSecret":""},{"clientId":"sa-cl2-04","clientSecret":""},{"clientId":"sa-cl2-05","clientSecret":""},{"clientId":"sa-cl3-cx-1","clientSecret":""},{"clientId":"sa-cl5-custodian-2","clientSecret":""},{"clientId":"sa-cl7-cx-1","clientSecret":""},{"clientId":"sa-cl7-cx-5","clientSecret":""},{"clientId":"sa-cl7-cx-7","clientSecret":""},{"clientId":"sa-cl8-cx-1","clientSecret":""},{"clientId":"sa-cl21-01","clientSecret":""},{"clientId":"sa-cl22-01","clientSecret":""},{"clientId":"sa-cl24-01","clientSecret":""},{"clientId":"sa-cl25-cx-1","clientSecret":""},{"clientId":"sa-cl25-cx-2","clientSecret":""},{"clientId":"sa-cl25-cx-3","clientSecret":""}],"existingSecret":""}` | Client secrets for service accounts which are part of the basic CX-Central realm setup; SET client secrets for all non-testing and non-local purposes, default value is autogenerated. | diff --git a/charts/centralidp/values.yaml b/charts/centralidp/values.yaml index 947fb74..253562c 100644 --- a/charts/centralidp/values.yaml +++ b/charts/centralidp/values.yaml @@ -39,7 +39,7 @@ keycloak: mountPath: /opt/bitnami/keycloak/themes/catenax-central initContainers: - name: import - image: docker.io/tractusx/portal-iam:v4.0.0-alpha.2 + image: docker.io/tractusx/portal-iam:v4.0.0-rc.1 imagePullPolicy: IfNotPresent command: - sh @@ -226,11 +226,11 @@ realmSeeding: # -- Option to provide an existingSecret for additional service accounts with clientId as key and clientSecret as value. existingSecret: "" image: - name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-alpha.1 + name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.1 pullPolicy: IfNotPresent initContainer: image: - name: docker.io/tractusx/portal-iam:v4.0.0-alpha.2 + name: docker.io/tractusx/portal-iam:v4.0.0-rc.1 pullPolicy: IfNotPresent portContainer: 8080 keycloakServicePort: 80 diff --git a/charts/sharedidp/Chart.yaml b/charts/sharedidp/Chart.yaml index ad0c0d8..b28d487 100644 --- a/charts/sharedidp/Chart.yaml +++ b/charts/sharedidp/Chart.yaml @@ -20,7 +20,7 @@ apiVersion: v2 name: sharedidp type: application -version: 4.0.0-alpha.1 +version: 4.0.0-rc.1 appVersion: 25.0.6 description: Helm chart for Shared Keycloak Instance home: https://github.com/eclipse-tractusx/portal-iam diff --git a/charts/sharedidp/README.md b/charts/sharedidp/README.md index 82485c5..ac10e71 100644 --- a/charts/sharedidp/README.md +++ b/charts/sharedidp/README.md @@ -1,6 +1,6 @@ # Helm chart for Shared Keycloak Instance -![Version: 4.0.0-alpha.1](https://img.shields.io/badge/Version-4.0.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) +![Version: 4.0.0-rc.1](https://img.shields.io/badge/Version-4.0.0--rc.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 25.0.6](https://img.shields.io/badge/AppVersion-25.0.6-informational?style=flat-square) This helm chart installs the Helm chart for Shared Keycloak Instance. @@ -29,7 +29,7 @@ To use the helm chart as a dependency: dependencies: - name: sharedidp repository: https://eclipse-tractusx.github.io/charts/dev - version: 4.0.0-alpha.1 + version: 4.0.0-rc.1 ``` ## Requirements @@ -57,7 +57,7 @@ dependencies: | keycloak.extraVolumeMounts[1].name | string | `"themes-catenax-shared-portal"` | | | keycloak.extraVolumeMounts[1].mountPath | string | `"/opt/bitnami/keycloak/themes/catenax-shared-portal"` | | | keycloak.initContainers[0].name | string | `"import"` | | -| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-alpha.1"` | | +| keycloak.initContainers[0].image | string | `"docker.io/tractusx/portal-iam:v4.0.0-rc.1"` | | | keycloak.initContainers[0].imagePullPolicy | string | `"IfNotPresent"` | | | keycloak.initContainers[0].command[0] | string | `"sh"` | | | keycloak.initContainers[0].args[0] | string | `"-c"` | | @@ -97,7 +97,7 @@ dependencies: | keycloak.externalDatabase.existingSecretUserKey | string | `""` | | | keycloak.externalDatabase.existingSecretDatabaseKey | string | `""` | | | keycloak.externalDatabase.existingSecretPasswordKey | string | `""` | | -| realmSeeding | object | `{"enabled":true,"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-alpha.1","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-alpha.1","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"realms":{"cxOperator":{"centralidp":"https://centralidp.example.org","existingSecret":"","initialUser":{"eMail":"cx-operator@tx.org","firstName":"Operator","lastName":"CX Admin","password":"","username":"cx-operator@tx.org"},"mailing":{"from":"email@example.org","host":"smtp.example.org","password":"","port":"123","replyTo":"email@example.org","username":"smtp-user"},"sslRequired":"external"},"master":{"existingSecret":"","serviceAccounts":{"provisioning":{"clientSecret":""},"saCxOperator":{"clientSecret":""}}}},"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"600M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"600M"}}}` | Seeding job to create and update the CX-Operator and master realms: besides creating those realm, the job can be used to update the configuration of the realms when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. | +| realmSeeding | object | `{"enabled":true,"image":{"name":"docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.1","pullPolicy":"IfNotPresent"},"initContainer":{"image":{"name":"docker.io/tractusx/portal-iam:v4.0.0-rc.1","pullPolicy":"IfNotPresent"}},"keycloakServicePort":80,"keycloakServiceTls":false,"portContainer":8080,"realms":{"cxOperator":{"centralidp":"https://centralidp.example.org","existingSecret":"","initialUser":{"eMail":"cx-operator@tx.org","firstName":"Operator","lastName":"CX Admin","password":"","username":"cx-operator@tx.org"},"mailing":{"from":"email@example.org","host":"smtp.example.org","password":"","port":"123","replyTo":"email@example.org","username":"smtp-user"},"sslRequired":"external"},"master":{"existingSecret":"","serviceAccounts":{"provisioning":{"clientSecret":""},"saCxOperator":{"clientSecret":""}}}},"resources":{"limits":{"cpu":"750m","ephemeral-storage":"1024Mi","memory":"600M"},"requests":{"cpu":"250m","ephemeral-storage":"50Mi","memory":"600M"}}}` | Seeding job to create and update the CX-Operator and master realms: besides creating those realm, the job can be used to update the configuration of the realms when upgrading to a new version; Please also refer to the 'Post-Upgrade Configuration' section in the README.md for configuration possibly not covered by the seeding job. | | realmSeeding.realms.cxOperator.centralidp | string | `"https://centralidp.example.org"` | Set centralidp address for the connection to the CX-Central realm. | | realmSeeding.realms.cxOperator.initialUser | object | `{"eMail":"cx-operator@tx.org","firstName":"Operator","lastName":"CX Admin","password":"","username":"cx-operator@tx.org"}` | Configure initial user in CX-Operator realm. | | realmSeeding.realms.cxOperator.initialUser.username | string | `"cx-operator@tx.org"` | SET username for all non-testing and non-local purposes. | diff --git a/charts/sharedidp/values.yaml b/charts/sharedidp/values.yaml index bbdb46a..2996157 100644 --- a/charts/sharedidp/values.yaml +++ b/charts/sharedidp/values.yaml @@ -43,7 +43,7 @@ keycloak: mountPath: /opt/bitnami/keycloak/themes/catenax-shared-portal initContainers: - name: import - image: docker.io/tractusx/portal-iam:v4.0.0-alpha.1 + image: docker.io/tractusx/portal-iam:v4.0.0-rc.1 imagePullPolicy: IfNotPresent command: - sh @@ -181,11 +181,11 @@ realmSeeding: # -- Option to provide an existingSecret for clients secrets with clientId as key and clientSecret as value. existingSecret: "" image: - name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-alpha.1 + name: docker.io/tractusx/portal-iam-seeding:v4.0.0-iam-rc.1 pullPolicy: IfNotPresent initContainer: image: - name: docker.io/tractusx/portal-iam:v4.0.0-alpha.1 + name: docker.io/tractusx/portal-iam:v4.0.0-rc.1 pullPolicy: IfNotPresent portContainer: 8080 keycloakServicePort: 80 diff --git a/environments/argocd-app-templates/centralidp/appsetup-int.yaml b/environments/argocd-app-templates/centralidp/appsetup-int.yaml index 0070d03..7928cb7 100644 --- a/environments/argocd-app-templates/centralidp/appsetup-int.yaml +++ b/environments/argocd-app-templates/centralidp/appsetup-int.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/centralidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: v4.0.0-alpha.2 + targetRevision: v4.0.0-rc.1 plugin: env: - name: AVP_SECRET diff --git a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml index a3667f5..15d1f97 100644 --- a/environments/argocd-app-templates/centralidp/appsetup-stable.yaml +++ b/environments/argocd-app-templates/centralidp/appsetup-stable.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/centralidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: v4.0.0-alpha.2 + targetRevision: v4.0.0-rc.1 plugin: env: - name: AVP_SECRET diff --git a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml index c433969..b3ac4af 100644 --- a/environments/argocd-app-templates/sharedidp/appsetup-int.yaml +++ b/environments/argocd-app-templates/sharedidp/appsetup-int.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/sharedidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: v4.0.0-alpha.1 + targetRevision: v4.0.0-rc.1 plugin: env: - name: AVP_SECRET diff --git a/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml index 1104e6c..033061a 100644 --- a/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml +++ b/environments/argocd-app-templates/sharedidp/appsetup-stable.yaml @@ -28,7 +28,7 @@ spec: source: path: charts/sharedidp repoURL: 'https://github.com/eclipse-tractusx/portal-iam.git' - targetRevision: v4.0.0-alpha.1 + targetRevision: v4.0.0-rc.1 plugin: env: - name: AVP_SECRET