Add walt-id

aws/apps/deployai/marketplace/waltid.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: waltid-marketplace
+  namespace: argocd
+spec:
+  destination:
+    namespace: deployai
+    server: https://kubernetes.default.svc
+  project: default
+  source:
+    path: aws/deployai/marketplace/iam/walt-id
+    repoURL: https://github.com/FIWARE-Ops/fiware-gitops
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true

aws/deployai/marketplace/iam/walt-id/Chart.yaml

@@ -0,0 +1,12 @@
+apiVersion: v2
+name: vcwaltid
+description: Chart holder for argo-cd
+
+type: application
+version: 0.0.17
+appVersion: "0.0.1"
+
+dependencies:
+  - name: vcwaltid
+    version: 0.0.17
+    repository: https://i4trust.github.io/helm-charts

aws/deployai/marketplace/iam/walt-id/templates/_helpers.tpl

@@ -0,0 +1,52 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "waltid.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "waltid.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "waltid.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "waltid.labels" -}}
+helm.sh/chart: {{ include "waltid.chart" . }}
+{{ include "waltid.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app: {{ include "waltid.name" . }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "waltid.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "waltid.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

aws/deployai/marketplace/iam/walt-id/templates/certificate.yaml

@@ -0,0 +1,15 @@
+{{- if .Values.route.certificate -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ include "waltid.fullname" . }}
+  labels:
+    {{ include "waltid.labels" . | nindent 4 }}
+spec:
+  secretName: {{ include "waltid.fullname" . }}-tls-sec
+  issuerRef:
+    {{- toYaml .Values.route.certificate.issuer | nindent 4 }}
+  commonName: {{ .Values.route.host }}
+  dnsNames:
+    - {{ .Values.route.host }}
+{{- end -}}

aws/deployai/marketplace/iam/walt-id/templates/deployment.yaml

@@ -0,0 +1,39 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "waltid.fullname" . }}-certs
+  labels:
+    app.kubernetes.io/name: {{ include "waltid.name" . }}-certs
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  replicas: 1
+  revisionHistoryLimit: 3
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "waltid.name" . }}-certs
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "waltid.name" . }}-certs
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec: 
+      serviceAccountName: default
+      containers:
+        - name: {{ .Chart.Name }}
+          imagePullPolicy: Always
+          image: "lipanski/docker-static-website:2.1.0"
+          ports:
+            - name: http
+              containerPort: 3000
+              protocol: TCP
+          volumeMounts:
+            - name: certs
+              mountPath: /home/static/certs
+      volumes:
+        - name: certs
+          secret:
+            secretName: {{ include "waltid.fullname" . }}-tls-sec
+            items: 
+              - key: tls.crt
+                path: tls.crt

aws/deployai/marketplace/iam/walt-id/templates/init-cm.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "waltid.fullname" . }}-did-config
+data:
+  import.sh: |-
+    export KEY=$(cat /opt/did/secret/tls.key)
+    export KEY_ID=$(curl --location "http://{{ include "waltid.fullname" . }}:{{ .Values.vcwaltid.api.core.port }}/v1/key/import" --header 'Content-Type: text/plain' --data "${KEY}" | jq -r '.id')
+    echo The key id: ${KEY_ID}
+
+    curl -v --location "http://{{ include "waltid.fullname" . }}:{{ .Values.vcwaltid.api.core.port }}/v1/did/create" \
+      --header 'Content-Type: application/json' \
+      --data "{
+          \"method\": \"web\",
+          \"domain\": \"{{ .Values.route.host }}\",
+          \"x5u\": \"https://{{ .Values.route.host }}/certs/tls.crt\"}"

aws/deployai/marketplace/iam/walt-id/templates/init-job.yaml

@@ -0,0 +1,27 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "waltid.fullname" . }}-init
+spec:
+  template:
+    spec:
+      containers:
+      - name: init
+        image: quay.io/opencloudio/curl:4.2.0-build.8
+        command: 
+          - /bin/sh
+          - /opt/did/script/import.sh
+        volumeMounts:
+          - name: did-config
+            mountPath: /opt/did/script
+          - name: did-secret
+            mountPath: /opt/did/secret
+      restartPolicy: OnFailure
+      volumes:
+        - name: did-config
+          configMap:
+            name: {{ include "waltid.fullname" . }}-did-config
+        - name: did-secret
+          secret: 
+            secretName: {{ include "waltid.fullname" . }}-tls-sec
+  backoffLimit: 10

aws/deployai/marketplace/iam/walt-id/templates/route-certs.yaml

@@ -0,0 +1,28 @@
+{{- if .Values.route.enabled -}}
+{{- $fullName := include "waltid.fullname" . -}}
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "waltid.fullname" . }}-certs
+  labels:
+    {{ include "waltid.labels" . | nindent 4 }}
+  annotations:
+    cert-utils-operator.redhat-cop.io/certs-from-secret: {{ include "waltid.fullname" . }}-tls-sec
+    {{- with .Values.route.annotations }}
+      {{- toYaml . | nindent 4 }}
+      {{- end }}
+spec:
+  host: {{ .Values.route.host}}
+  path: /certs
+  port: 
+    targetPort: 3000 
+  to:
+    kind: Service
+    name: {{ include "waltid.fullname" . }}-certs
+  {{- if .Values.route.tls }}
+  tls:
+  {{- with .Values.route.tls }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

aws/deployai/marketplace/iam/walt-id/templates/route.yaml

@@ -0,0 +1,29 @@
+{{- if .Values.route.enabled -}}
+{{- $fullName := include "waltid.fullname" . -}}
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  name: {{ include "waltid.fullname" . }}
+  labels:
+    {{ include "waltid.labels" . | nindent 4 }}
+  annotations:
+    haproxy.router.openshift.io/rewrite-target: /v1/did/{{ .Values.did }}
+    cert-utils-operator.redhat-cop.io/certs-from-secret: {{ include "waltid.fullname" . }}-tls-sec
+    {{- with .Values.route.annotations }}
+      {{- toYaml . | nindent 4 }}
+      {{- end }}
+spec:
+  host: {{ .Values.route.host}}
+  path: /.well-known/did.json
+  port: 
+    targetPort: 7000 
+  to:
+    kind: Service
+    name: {{ $fullName }}
+  {{- if .Values.route.tls }}
+  tls:
+  {{- with .Values.route.tls }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

aws/deployai/marketplace/iam/walt-id/templates/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "waltid.fullname" . }}-certs
+  labels:
+    {{ include "waltid.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: 3000
+      targetPort: 3000
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "waltid.name" . }}-certs
+    app.kubernetes.io/instance: {{ .Release.Name }}

aws/deployai/marketplace/iam/walt-id/values.yaml

@@ -0,0 +1,105 @@
+route:
+  enabled: true
+  host: marketplace.deployai.fiware.dev
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  certificate:
+    issuer:
+      kind: ClusterIssuer
+      name: letsencrypt-aws-prod
+
+
+did: "did:web:marketplace.deployai.fiware.dev"
+
+vcwaltid:
+  deployment:
+    image:  
+      repository: quay.io/fiware/waltid
+      tag: 1.14.1-SNAPSHOT
+      pullPolicy: Always
+  api:
+    core: 
+      enabled: true
+    auditor: 
+      enabled: true
+    signatory: 
+      enabled: true
+    custodian: 
+      enabled: true
+    essif: 
+      enabled: true
+
+  persistence: 
+    enabled: true
+    pvc:
+      size: 1Gi
+
+  templates:
+    GaiaXParticipantCredential.json: |
+      {
+        "@context": [
+          "https://www.w3.org/2018/credentials/v1",
+          "https://registry.lab.gaia-x.eu/development/api/trusted-shape-registry/v1/shapes/jsonld/trustframework#"
+        ],
+        "type": [
+          "VerifiableCredential"
+        ],
+        "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master",
+        "issuer": "did:web:raw.githubusercontent.com:egavard:payload-sign:master",
+        "issuanceDate": "2023-03-21T12:00:00.148Z",
+        "credentialSubject": {
+          "id": "did:web:raw.githubusercontent.com:egavard:payload-sign:master",
+          "type": "gx:LegalParticipant",
+          "gx:legalName": "dsba compliant participant",
+          "gx:legalRegistrationNumber": {
+            "gx:vatID": "MYVATID"
+          },
+          "gx:headquarterAddress": {
+            "gx:countrySubdivisionCode": "BE-BRU"
+          },
+          "gx:legalAddress": {
+            "gx:countrySubdivisionCode": "BE-BRU"
+          },
+          "gx-terms-and-conditions:gaiaxTermsAndConditions": "70c1d713215f95191a11d38fe2341faed27d19e083917bc8732ca4fea4976700"
+        }
+      }
+    NaturalPersonCredential.json: |
+      {
+        "@context": ["https://www.w3.org/2018/credentials/v1"],
+        "credentialSchema": {
+          "id": "https://raw.githubusercontent.com/FIWARE-Ops/tech-x-challenge/main/schema.json",
+          "type": "FullJsonSchemaValidator2021"
+        },
+        "credentialSubject": {
+          "type": "gx:NaturalParticipant",
+          "familyName": "Happy",
+          "firstName": "User",
+          "roles": [{
+            "names": ["LEGAL_REPRESENTATIVE"],
+            "target": "did:web:onboarding"
+          }]
+        },
+        "id": "urn:uuid:3add94f4-28ec-42a1-8704-4e4aa51006b4",
+        "issued": "2021-08-31T00:00:00Z",
+        "issuer": "did:ebsi:2A9BZ9SUe6BatacSpvs1V5CdjHvLpQ7bEsi2Jb6LdHKnQxaN",
+        "validFrom": "2021-08-31T00:00:00Z",
+        "issuanceDate": "2021-08-31T00:00:00Z",
+        "type": ["VerifiableCredential", "LegalPersonCredential"]
+      }
+
+  initContainers:
+    - name: load-did
+      image: quay.io/opencloudio/curl:4.2.0-build.8
+      imagePullPolicy: Always
+      command: 
+        - /bin/sh
+        - /opt/did/script/import.sh
+      env:
+        - name: WALTID_CORE_ADDRESS
+          value: "vcwaltid:7000"
+      volumeMounts:
+        - name: did-config
+          mountPath: /opt/did/script
+        - name: did-secret
+          mountPath: /opt/did/secret