From 8eeb1e78f40b9ea266f3d11f41edb570b2d312bb Mon Sep 17 00:00:00 2001
From: Dennis Wendland <dennis.wendland@fiware.org>
Date: Fri, 26 Jul 2024 08:18:02 +0200
Subject: [PATCH] DeployAI: Add TIL as Trust-TIR with mysql

---
 .../trust/{mongodb.yaml => mysql.yaml}        |   4 +-
 .../trust/{orion-ld.yaml => til.yaml}         |   4 +-
 aws/deployai/trust/mongodb/values.yaml        |  22 ----
 .../trust/{mongodb => mysql}/Chart.yaml       |  11 +-
 aws/deployai/trust/mysql/values.yaml          |  25 +++++
 aws/deployai/trust/orion-ld/Chart.yaml        |  12 ---
 aws/deployai/trust/orion-ld/values.yaml       | 100 ------------------
 .../trust/trusted-issuers-list/Chart.yaml     |  12 +++
 .../trust/trusted-issuers-list/values.yaml    |  65 ++++++++++++
 9 files changed, 111 insertions(+), 144 deletions(-)
 rename aws/apps/deployai/trust/{mongodb.yaml => mysql.yaml} (85%)
 rename aws/apps/deployai/trust/{orion-ld.yaml => til.yaml} (83%)
 delete mode 100644 aws/deployai/trust/mongodb/values.yaml
 rename aws/deployai/trust/{mongodb => mysql}/Chart.yaml (67%)
 create mode 100644 aws/deployai/trust/mysql/values.yaml
 delete mode 100644 aws/deployai/trust/orion-ld/Chart.yaml
 delete mode 100644 aws/deployai/trust/orion-ld/values.yaml
 create mode 100644 aws/deployai/trust/trusted-issuers-list/Chart.yaml
 create mode 100644 aws/deployai/trust/trusted-issuers-list/values.yaml

diff --git a/aws/apps/deployai/trust/mongodb.yaml b/aws/apps/deployai/trust/mysql.yaml
similarity index 85%
rename from aws/apps/deployai/trust/mongodb.yaml
rename to aws/apps/deployai/trust/mysql.yaml
index 2dc5beca..9ed3268e 100644
--- a/aws/apps/deployai/trust/mongodb.yaml
+++ b/aws/apps/deployai/trust/mysql.yaml
@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: mongodb-trust
+  name: mysql-trust
   namespace: argocd
 spec:
   destination:
@@ -9,7 +9,7 @@ spec:
     server: https://kubernetes.default.svc
   project: default
   source:
-    path: aws/deployai/trust/mongodb
+    path: aws/deployai/trust/mysql
     repoURL: https://github.com/FIWARE-Ops/fiware-gitops
     targetRevision: HEAD
   syncPolicy:
diff --git a/aws/apps/deployai/trust/orion-ld.yaml b/aws/apps/deployai/trust/til.yaml
similarity index 83%
rename from aws/apps/deployai/trust/orion-ld.yaml
rename to aws/apps/deployai/trust/til.yaml
index 273b9f6d..6c6ad13d 100644
--- a/aws/apps/deployai/trust/orion-ld.yaml
+++ b/aws/apps/deployai/trust/til.yaml
@@ -1,7 +1,7 @@
 apiVersion: argoproj.io/v1alpha1
 kind: Application
 metadata:
-  name: orion-ld-trust
+  name: tir-trust
   namespace: argocd
 spec:
   destination:
@@ -9,7 +9,7 @@ spec:
     server: https://kubernetes.default.svc
   project: default
   source:
-    path: aws/deployai/trust/orion-ld
+    path: aws/deployai/trust/trusted-issuers-list
     repoURL: https://github.com/FIWARE-Ops/fiware-gitops
     targetRevision: HEAD
   syncPolicy:
diff --git a/aws/deployai/trust/mongodb/values.yaml b/aws/deployai/trust/mongodb/values.yaml
deleted file mode 100644
index 94baad58..00000000
--- a/aws/deployai/trust/mongodb/values.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-mongodb:
-  
-  auth:
-    enabled: true
-    existingSecret: mongodb-secret
-    
-  architecture: standalone
-
-  podSecurityContext:
-    enabled: false
-
-  containerSecurityContext:
-    enabled: false
-
-  resources:
-    limits:
-      cpu: 200m
-      memory: 512Mi
-
-  persistence:
-    enabled: true
-    size: 1Gi
diff --git a/aws/deployai/trust/mongodb/Chart.yaml b/aws/deployai/trust/mysql/Chart.yaml
similarity index 67%
rename from aws/deployai/trust/mongodb/Chart.yaml
rename to aws/deployai/trust/mysql/Chart.yaml
index 519776fd..2d612213 100644
--- a/aws/deployai/trust/mongodb/Chart.yaml
+++ b/aws/deployai/trust/mysql/Chart.yaml
@@ -1,13 +1,12 @@
 apiVersion: v2
-name: mongodb
+name: mysql
 description: Chart holder for argo-cd
 
 type: application
-version: 0.1.0
-appVersion: "4.4.12"
+version: 9.4.4
+appVersion: "8.0.31"
 
 dependencies:
-- name: mongodb
-  version: 11.0.4
+- name: mysql
+  version: 9.4.4
   repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami
-
diff --git a/aws/deployai/trust/mysql/values.yaml b/aws/deployai/trust/mysql/values.yaml
new file mode 100644
index 00000000..5331f7bf
--- /dev/null
+++ b/aws/deployai/trust/mysql/values.yaml
@@ -0,0 +1,25 @@
+mysql:
+  fullnameOverride: mysql-trust
+  
+  auth:
+    existingSecret: mysql-secret
+    
+  rbac: 
+    create: true
+    rules:
+      - apiGroups:
+        - security.openshift.io
+        resourceNames:
+        - anyuid
+        resources:
+        - securitycontextconstraints
+        verbs:
+        - use
+        
+  primary:
+    persistence:
+      size: 1Gi
+      
+  initdbScripts:
+    create.sql: |
+      CREATE DATABASE til;
diff --git a/aws/deployai/trust/orion-ld/Chart.yaml b/aws/deployai/trust/orion-ld/Chart.yaml
deleted file mode 100644
index 763a820a..00000000
--- a/aws/deployai/trust/orion-ld/Chart.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v2
-name: orion-ld
-description: Chart holder for argo-cd
-
-type: application
-version: 1.2.6
-appVersion: "1.1.0"
-
-dependencies:
-- name: orion
-  version: 1.2.6
-  repository: https://fiware.github.io/helm-charts
diff --git a/aws/deployai/trust/orion-ld/values.yaml b/aws/deployai/trust/orion-ld/values.yaml
deleted file mode 100644
index d6eb3452..00000000
--- a/aws/deployai/trust/orion-ld/values.yaml
+++ /dev/null
@@ -1,100 +0,0 @@
-orion:
-  deployment:
-    image: 
-      tag: 1.1.0
-  broker:
-    logging:
-      level: DEBUG
-    db:
-      auth: 
-        user: root
-        mech: "SCRAM-SHA-1"
-      hosts:
-        - mongodb-trust
-      user: root
-      existingSecret:
-        name: mongodb-secret
-        key: mongodb-root-password
-  mongo:
-    # we want to use the individually deployed mongodb
-    enabled: false
-  initData:
-    initEnabled: true
-    hook: post-install, post-upgrade
-    entities:
-      - name: "onboarding.deployai.fiware.dev"
-        data: |
-          {
-            "@context": "https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context.jsonld",
-            "id": "urn:ngsi-ld:TrustedIssuer:did:web:onboarding.deployai.fiware.dev",
-            "type": "TrustedIssuer",
-            "issuer": {
-                "type": "Property",
-                "value": "did:web:onboarding.deployai.fiware.dev"
-            },
-            "selfDescription": {
-                "type": "Property",
-                "value": {
-                    "id": "did:web:onboarding.deployai.fiware.dev",
-                    "type": "gx:LegalParticipant",
-                    "gx:legalName": "DeployAI Marketplace Onboarding Service"
-                }
-            }
-          }
-      - name: "marketplace.deployai.fiware.dev"
-        data: |
-          {
-            "@context": "https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context.jsonld",
-            "id": "urn:ngsi-ld:TrustedIssuer:did:web:marketplace.deployai.fiware.dev",
-            "type": "TrustedIssuer",
-            "issuer": {
-                "type": "Property",
-                "value": "did:web:marketplace.deployai.fiware.dev"
-            },
-            "selfDescription": {
-                "type": "Property",
-                "value": {
-                    "id": "did:web:marketplace.deployai.fiware.dev",
-                    "type": "gx:LegalParticipant",
-                    "gx:legalName": "DeployAI Marketplace"
-                }
-            }
-          }
-      - name: "provider.deployai.fiware.dev"
-        data: |
-          {
-            "@context": "https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context.jsonld",
-            "id": "urn:ngsi-ld:TrustedIssuer:did:web:provider.deployai.fiware.dev",
-            "type": "TrustedIssuer",
-            "issuer": {
-                "type": "Property",
-                "value": "did:web:provider.deployai.fiware.dev"
-            },
-            "selfDescription": {
-                "type": "Property",
-                "value": {
-                    "id": "did:web:provider.deployai.fiware.dev",
-                    "type": "gx:LegalParticipant",
-                    "gx:legalName": "DeployAI Provider"
-                }
-            }
-          }
-      - name: "consumer.deployai.fiware.dev"
-        data: |
-          {
-            "@context": "https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context.jsonld",
-            "id": "urn:ngsi-ld:TrustedIssuer:did:web:consumer.deployai.fiware.dev",
-            "type": "TrustedIssuer",
-            "issuer": {
-                "type": "Property",
-                "value": "did:web:consumer.deployai.fiware.dev"
-            },
-            "selfDescription": {
-                "type": "Property",
-                "value": {
-                    "id": "did:web:consumer.deployai.fiware.dev",
-                    "type": "gx:LegalParticipant",
-                    "gx:legalName": "DeployAI Consumer"
-                }
-            }
-          }
diff --git a/aws/deployai/trust/trusted-issuers-list/Chart.yaml b/aws/deployai/trust/trusted-issuers-list/Chart.yaml
new file mode 100644
index 00000000..1eec77e9
--- /dev/null
+++ b/aws/deployai/trust/trusted-issuers-list/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: trusted-issuers-list
+description: Chart holder for argo-cd
+
+type: application
+version: 0.3.5
+appVersion: "0.0.3"
+
+dependencies:
+  - name: trusted-issuers-list
+    version: 0.3.5
+    repository: https://fiware.github.io/helm-charts
diff --git a/aws/deployai/trust/trusted-issuers-list/values.yaml b/aws/deployai/trust/trusted-issuers-list/values.yaml
new file mode 100644
index 00000000..f40d9739
--- /dev/null
+++ b/aws/deployai/trust/trusted-issuers-list/values.yaml
@@ -0,0 +1,65 @@
+# Used as Trusted Issuers Registry of the data space
+trusted-issuers-list:
+
+  # Image
+  deployment:
+    image:  
+      tag: 0.2.0
+
+  # Configure an Ingress or OpenShift Route
+  ingress:
+    til:
+      enabled: false
+    tir:
+      enabled: false
+  route:
+    til:
+      enabled: false
+      host: til.deployai.fiware.dev
+      tls:
+        insecureEdgeTerminationPolicy: Redirect
+        termination: edge
+      certificate:
+        issuer:
+          kind: ClusterIssuer
+          name: letsencrypt-aws-prod
+    tir:
+      enabled: true
+      host: tir.deployai.fiware.dev
+      tls:
+        insecureEdgeTerminationPolicy: Redirect
+        termination: edge
+      certificate:
+        issuer:
+          kind: ClusterIssuer
+          name: letsencrypt-aws-prod
+      
+  # Database config
+  database:
+    persistence: true
+    host: mysql-trust
+    name: til
+
+    existingSecret:
+      enabled: true
+      name:  mysql-secret
+      key: mysql-root-password
+
+    username: root
+
+  initData:
+    initEnabled: true
+    hook: post-install,post-upgrade
+    issuers: 
+      # allow ourself to issuer credentials
+      - name: deployai-marketplace
+        issuer:
+          did: "did:web:marketplace.deployai.fiware.dev"
+          credentials: []
+      - name: deployai-provider
+        issuer:
+          did: "did:web:provider.deployai.fiware.dev"
+          credentials: []
+      - name: deployai-consumer
+        issuer:
+          did: "did:web:consumer.deployai.fiware.dev"