Remove Product-Lock KeyCloack from Documentation and HelmCharts

[jzbmw]

As we are using OAuth2 Standard to authorize IRS and the API we have actually a product-lock in the configuration, documentation and in helm charts configuration. This might be removed to have a more generic approach.

Hints / Details

• child of eclipse-tractusx/sig-release#218
• HelmCharts Values.yaml https://github.com/catenax-ng/tx-item-relationship-service/blob/main/charts/irs-helm/values.yaml
• https://vault.demo.catena-x.net/
• Conncet to the Valut https://confluence.catena-x.net/pages/viewpage.action?pageId=40503341#DeploymentonARGOcd/HotelBudapest-Vault

Current

keycloak:
  oauth2:
    clientId: <keycloak-client-id>
    clientSecret: <keycloak-client-secret>
    clientTokenUri: <keycloak-token-uri>
    jwkSetUri: <keycloak-jwkset-uri>

Expected

oauth2:
  clientId: "" #<oauth2.clientId>
  clientSecret: "" #<oauth2.clientSecret>
  clientTokenUri: "" #<oauth2.clientTokenUri>
  jwkSetUri: "" #<oauth2.jwkSetUri>
  resourceClient: "" #<oauth2.resourceClient>

Tasks

• [x] Rename all variables keycloak to oauth2
• [x] Source: Helm Charts, Configuration, Product documentation, Admin Manual, ARC42. a.s.o.
• [x] document in a separate chapter that any oauth service can be attached and how to do that.

Outcome / Acceptance Criteria

Outcome

• ...

  Acceptance Criteria

• [x] helm chart can be deployed successfully
• [x] documentation has been added
• [x] Keycloak vendor-lock is removed from docu, deployment etc. OAuth2 is used in code and deployment + docu

Out of Scope

• ...

Sprint Planning 2

• [ ] Rename keyCloak to oath in HelmChart deployment
• [ ] Get rid of keycloak in docs https://github.com/catenax-ng/tx-item-relationship-service/tree/main/docs/*
• [ ] Replace variables in HashiCorps Vault
• [ ] use correct path in Vault path

Currently

 clientId: <path:traceability-irs/data/dev/keycloak/oauth2#clientId>
      clientSecret: <path:traceability-irs/data/dev/keycloak/oauth2#clientSecret>
      clientTokenUri: <path:traceability-irs/data/dev/keycloak/oauth2#tokenUri>
      jwkSetUri: <path:traceability-irs/data/dev/keycloak/oauth2#jwkSetUri>

Expected

 clientId: <path:traceability-irs/data/dev/oauth2#clientId>
      clientSecret: <path:traceability-irs/data/dev/oauth2#clientSecret>
      clientTokenUri: <path:traceability-irs/data/dev/oauth2#tokenUri>
      jwkSetUri: <path:traceability-irs/data/dev/oauth2#jwkSetUri>

[ds-ext-kmassalski]

Waiting for: https://github.com/eclipse-tractusx/sig-infra/issues/342

[mkanal]

Hi @ds-ext-kmassalski & @ds-alexander-bulgakov
what is missing is the outcome. Was this tested. How could this be tested? Is there some evidence to check? Need some assistance here. Thank you very much,

[ds-alexander-bulgakov]

Hi @ds-ext-kmassalski, as discussed please make sure the changes are deployt on DEV so i can test. Please give me a hint once the deployment is done. Thank you!

[ds-ext-kmassalski]

Updated documentation without any 'Keycloak' mentions can be found here: https://catenax-ng.github.io/tx-item-relationship-service/docs/arc42/full.html OAuth2 protocol is used as substitute.

[ds-ext-kmassalski]

App deployed on DEV and INT with newest version (without keycloak configuration names).

Some more evidences that its was modified:

[ds-alexander-bulgakov]

No issues could be found during final QA-review. For testing tavern and cucumber tests were run in gitlab and locally and IRS-jobs were requested on DEV. Docu was checked as well. See outcome:

• Docu has been adjusted, "keycloak" has been replaced by "Oauth2" in docs for configuration, administration guide, arc42, api-specs.
• yml have been adjusted.
• Tests run successfully, authentication was possible.

Ticket is ready for PO-review. FYI @jzbmw