feat: seed issuer for database attestations (#447)

Author: paullatzelsperger

deployment/issuer.tf

@@ -45,6 +45,24 @@ resource "kubernetes_config_map" "issuer-initdb-config" {
         CREATE USER issuer WITH ENCRYPTED PASSWORD 'issuer' SUPERUSER;
         CREATE DATABASE issuer;
         \c issuer issuer
+
+        create table if not exists membership_attestations
+        (
+            membership_type       integer   default 0,
+            holder_id             varchar                             not null,
+            membership_start_date timestamp default now()             not null,
+            id                    varchar   default gen_random_uuid() not null
+                constraint attestations_pk
+                    primary key
+        );
+
+        create unique index if not exists membership_attestation_holder_id_uindex
+          on membership_attestations (holder_id);
+
+        -- seed the consumer and provider into the attestations DB, so that they can request FoobarCredentials sourcing
+        -- information from the database
+        INSERT INTO membership_attestations (membership_type, holder_id) VALUES (1, 'did:web:consumer-identityhub%3A7083:consumer');
+        INSERT INTO membership_attestations (membership_type, holder_id) VALUES (2, 'did:web:provider-identityhub%3A7083:provider');
       EOT
   }
 }

deployment/modules/issuer/main.tf

@@ -137,12 +137,19 @@ resource "kubernetes_config_map" "issuerservice-config" {
     WEB_HTTP_DID_PORT                       = var.ports.did
     WEB_HTTP_DID_PATH                       = "/"
 
-    JAVA_TOOL_OPTIONS                  = "${var.useSVE ? "-XX:UseSVE=0 " : ""}-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${var.ports.debug}"
-    EDC_VAULT_HASHICORP_URL            = var.vault-url
-    EDC_VAULT_HASHICORP_TOKEN          = var.vault-token
-    EDC_DATASOURCE_DEFAULT_URL         = var.database.url
-    EDC_DATASOURCE_DEFAULT_USER        = var.database.user
-    EDC_DATASOURCE_DEFAULT_PASSWORD    = var.database.password
+    JAVA_TOOL_OPTIONS               = "${var.useSVE ? "-XX:UseSVE=0 " : ""}-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=${var.ports.debug}"
+    EDC_VAULT_HASHICORP_URL         = var.vault-url
+    EDC_VAULT_HASHICORP_TOKEN       = var.vault-token
+    EDC_DATASOURCE_DEFAULT_URL      = var.database.url
+    EDC_DATASOURCE_DEFAULT_USER     = var.database.user
+    EDC_DATASOURCE_DEFAULT_PASSWORD = var.database.password
+
+    # even though we have a default data source, we need a named datasource for the DatabaseAttestationSource, because
+    # that is configured in the AttestationDefinition
+    EDC_DATASOURCE_MEMBERSHIP_URL      = var.database.url
+    EDC_DATASOURCE_MEMBERSHIP_USER     = var.database.user
+    EDC_DATASOURCE_MEMBERSHIP_PASSWORD = var.database.password
+
     EDC_SQL_SCHEMA_AUTOCREATE          = true
     EDC_IAM_ACCESSTOKEN_JTI_VALIDATION = true
     EDC_IAM_DID_WEB_USE_HTTPS          = false

deployment/postman/MVD K8S.postman_environment.json

@@ -1,5 +1,5 @@
 {
-	"id": "9432baf7-0849-46e4-a1a7-dece247a41be",
+	"id": "9330e6b5-fffa-40a9-8835-5e76233f9ccd",
 	"name": "MVD K8S",
 	"values": [
 		{
@@ -14,12 +14,6 @@
 			"type": "default",
 			"enabled": true
 		},
-		{
-			"key": "PROVIDER_ID",
-			"value": "did:web:provider-identityhub%3A7083:provider",
-			"type": "default",
-			"enabled": true
-		},
 		{
 			"key": "CATALOG_SERVER_DSP_URL",
 			"value": "http://provider-catalog-server-controlplane:8082",
@@ -32,27 +26,39 @@
 			"type": "default",
 			"enabled": true
 		},
+		{
+			"key": "PROVIDER_PUBLIC_API",
+			"value": "http://localhost/provider-qna/public",
+			"type": "default",
+			"enabled": true
+		},
 		{
 			"key": "PROVIDER_DSP_URL",
 			"value": "http://provider-qna-controlplane:8082",
 			"type": "default",
 			"enabled": true
 		},
 		{
-			"key": "PROVIDER_PUBLIC_API",
-			"value": "http://localhost/provider-qna/public",
+			"key": "PROVIDER_ID",
+			"value": "did:web:provider-identityhub%3A7083:provider",
 			"type": "default",
 			"enabled": true
 		},
 		{
-			"key": "ISSUER_ADMIN_URL",
-			"value": "http://localhost/issuer/ad",
+			"key": "PROVIDER_NAME",
+			"value": "MVD Provider Participant",
 			"type": "default",
 			"enabled": true
 		},
 		{
-			"key": "ISSUER_CONTEXT_ID",
-			"value": "ZGlkOndlYjpkYXRhc3BhY2UtaXNzdWVyLXNlcnZpY2UlM0ExMDAxNjppc3N1ZXI",
+			"key": "CONSUMER_ID",
+			"value": "did:web:consumer-identityhub%3A7083:consumer",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CONSUMER_NAME",
+			"value": "MVD Consumer Participant",
 			"type": "default",
 			"enabled": true
 		},
@@ -61,9 +67,63 @@
 			"value": "did:web:dataspace-issuer-service%3A10016:issuer",
 			"type": "default",
 			"enabled": true
+		},
+		{
+			"key": "ISSUER_BASE_URL",
+			"value": "http://localhost/issuer/ad",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "ISSUER_ADMIN_URL",
+			"value": "",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PARTICIPANT_ID_BASE64",
+			"value": "",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "REQUEST_ID",
+			"value": "",
+			"type": "any",
+			"enabled": true
+		},
+		{
+			"key": "POLICY_ID_ASSET_1",
+			"value": "",
+			"type": "any",
+			"enabled": true
+		},
+		{
+			"key": "CONTRACT_NEGOTIATION_ID",
+			"value": "",
+			"type": "any",
+			"enabled": true
+		},
+		{
+			"key": "CONTRACT_AGREEMENT_ID",
+			"value": "",
+			"type": "any",
+			"enabled": true
+		},
+		{
+			"key": "TRANSFER_PROCESS_ID",
+			"value": "",
+			"type": "any",
+			"enabled": true
+		},
+		{
+			"key": "AUTHORIZATION",
+			"value": "",
+			"type": "any",
+			"enabled": true
 		}
 	],
 	"_postman_variable_scope": "environment",
-	"_postman_exported_at": "2024-07-19T12:19:41.675Z",
-	"_postman_exported_using": "Postman/11.4.0"
+	"_postman_exported_at": "2025-03-05T06:26:50.206Z",
+	"_postman_exported_using": "Postman/11.34.4"
 }

deployment/postman/MVD Local Development.postman_environment.json

@@ -1,5 +1,5 @@
 {
-	"id": "35c096d9-84c2-499f-8ed0-8bcf3275370b",
+	"id": "448d5e51-e4f9-4b2a-96ea-1054aab52c1d",
 	"name": "MVD Local Development",
 	"values": [
 		{
@@ -14,12 +14,6 @@
 			"type": "default",
 			"enabled": true
 		},
-		{
-			"key": "PROVIDER_ID",
-			"value": "did:web:localhost%3A7093",
-			"type": "default",
-			"enabled": true
-		},
 		{
 			"key": "CATALOG_SERVER_DSP_URL",
 			"value": "http://localhost:8092",
@@ -44,14 +38,68 @@
 			"type": "default",
 			"enabled": true
 		},
+		{
+			"key": "ISSUER_BASE_URL",
+			"value": "",
+			"type": "default",
+			"enabled": true
+		},
 		{
 			"key": "ISSUER_ADMIN_URL",
-			"value": "http://localhost:10013",
+			"value": "",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CONSUMER_ID",
+			"value": "did:web:localhost%3A7083",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "CONSUMER_NAME",
+			"value": "MVD Consumer Participant",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_ID",
+			"value": "did:web:localhost%3A7093",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "PROVIDER_NAME",
+			"value": "MVD Provider Participant",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "ISSUER_DID",
+			"value": "did:web:localhost%3A10100",
 			"type": "default",
 			"enabled": true
+		},
+		{
+			"key": "POLICY_ID_ASSET_1",
+			"value": "",
+			"type": "any",
+			"enabled": true
+		},
+		{
+			"key": "PARTICIPANT_ID_BASE64",
+			"value": "ZGlkOndlYjpsb2NhbGhvc3QlM0E3MDgz",
+			"type": "default",
+			"enabled": true
+		},
+		{
+			"key": "REQUEST_ID",
+			"value": "",
+			"type": "any",
+			"enabled": true
 		}
 	],
 	"_postman_variable_scope": "environment",
-	"_postman_exported_at": "2024-07-19T12:19:50.250Z",
-	"_postman_exported_using": "Postman/11.4.0"
+	"_postman_exported_at": "2025-03-05T06:26:44.509Z",
+	"_postman_exported_using": "Postman/11.34.4"
 }