...
| Code Block |
|---|
| breakoutMode | wide |
|---|
| language | yaml |
|---|
|
genoslcToolServiceVersionOverride: ""
global:
# Domain of the cluster or of the external reverse proxy
domain: "example.com"
oidc:
# Setup OIDCclientId: information""
oidc: clientSecret: ""
# OIDCcert:
Client ID registerd for this applicationoverrideTruststorePassword: "changeit"
clientIdsecretName: ""
#crtFullChain: OIDC""
Client Secret registered for this application
clientSecret key: ""
identity:
# SSL certificatesOIDC_ISSUER: ""
certhosts:
overrideTruststorePasswordgenoslc:
"changeit" secretNamesubdomain: "genoslc-octane"
crtFullChain: "" keyport: ""
env:
identitytool:
# OIDC Issuer URL, taken from the /.well-known/openid-configuration endpoint type: "octane"
adaptedToolApiUri: ""
adaptedToolRootUri: ""
OIDC_ISSUERadaptedToolTechnicalUserAuthorizationHeader: ""
hostsconfiguration:
genoslcadministrators: []
oauth10aEncryptionKey: #"" The subdomain
where the OSLCoidc:
Connector for Codebeamer will beclientId: accessible""
subdomainclientSecret: "genoslc-codebeamer"
secretName: ""
portuserNameAttribute: "preferred_username"
env clientAuthenticationScheme: "client_secret_basic"
tool: userInfoAuthenticationMethod: "header"
# Possible valuesclientScope: ""|"codebeameropenid"
pkceEnabled: true
# Setting it topublicUri: "codebeamer" will tell
the helm chartpluginUri: to""
setup the CodebeamerallowedCorsOrigins: Widget""
container in theknownContextRoots: pod""
globalConfigurationProvider: ""
# Required forlinkValidityProvider: a""
complete integration intrsEnabled: thefalse
Codebeamer UI
typecontainerPort: "codebeamer8443"
port: "8443"
# CodebeamerdebugPortToolService: API""
URL
# Usually it isDefines a proxy used by the <codebeamerOSLC Connector instance URL>/api/v3/ or <codebeamer instance URL>/cb/api/v3/for Octane.
proxy:
adaptedToolApiUrihttps:
"" # The URL whereof the https Codebeamerproxy applicationserver
is accessible adaptedToolRootUrihost: ""
# Timezone set in# CodebeamerThe port of the https #proxy See chapter 1.1.22.1 in https://codebeamer.com/cb/wiki/5848463server
adaptedToolToolTimeZoneport: "UTC"
# base64 # encodedA technicallist userof credentialsIP addresses or URLs devided #by Requiredthe whenpipe ifsign TRS'|'
is enabled adaptedToolTechnicalUserAuthorizationHeadernonProxyHosts: ""
# URLSets where the Codebeamerlogging Widgetlevel willin bethe accessible;application
# Mustvalid fillvalues the base URL of the OSLC Connector for Codebeamer
widgetUrl: "<baseUrl>/cbare: INFO, ERROR, DEBUG, TRACE
loggingLevelSpringFramework: "INFO"
ingress:
enabled: true
className: ""
annotations: {}
# If thetls:
flag "manualLoginRequired" is set tosecretName: "true",
the
plugin
will not attempt to automatically login the user.
# This flag should be enabled if many users that do not have access to a third party app connected
# via the OSLC Connector.
manualLoginRequired: "false"
configuration:
# Give a list of up to 5 usernames of users which will have the administration right to change settings
# in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators.
# At least one administrator user must be stated here.
administrators: []
# Key used to encrypt the oauth10a configuration data in the database
oauth10aEncryptionKey: ""
# oidc section overwrites the information set in the global.oidc section
oidc:
# OIDC Client ID registerd for this application
clientId: ""
# OIDC Client Secret registered for this application
clientSecret: ""
# Name of a Kubernetes secret containing clientId and clientSecret.
secretName: ""
# Sets the JWT claim to be used for user identification
# e.g. preferred_username, sub, oid
userNameAttribute: "preferred_username"
# Sets the client authentication method to be used in the authentication process
# Valid values are: client_secret_basic, client_secret_post, none
# Default value is "client_secret_basic"
clientAuthenticationScheme: "client_secret_basic"
# Sets the user info authentication method
# valid values are: header, form, query
userInfoAuthenticationMethod: "header"
# Sets the client scopes used in the authentication process
# Default value "openid"
clientScope: "openid" # comma separated list of scopes (e.g. "read, write")
# Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/
# Default value is true
# Set pkceEnabled to false if the OIDC provider does not support PKCE
pkceEnabled: true
# Sets the URL where the OSLC Connector for Codebeamer is accessible
# Mandatory
publicUri: ""
# Sets the URL where the OSLC Connector for Codebeamer is accessible
# URL must be <publicUri>/spa
# Mandatory
pluginUri: ""
# Comma separate list of applications that are allowed to make requests to the OSLC Connector API
# Examples:
# Third party applications that connect to the OSLC Connector for Codebeamer
# Codebeamer
allowedCorsOrigins: ""
# URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connected
# to this instance via an association.
knownContextRoots: ""
# Sets the Global Configuration provider
# Example: https://<ibm-elm>:9443/gc
# Optional
# Required if IBM ELM link validity is used
globalConfigurationProvider: ""
# Sets the Link Validity Provider
# Examples:
# https://<ibm-elm>:9443/jts/elm
# https://<smartfacts>/platform/elm
linkValidityProvider: ""
# Enables TRS feed generation
# Requires a technical user to be set if it's enabled
# TRS feed exposes base artifacts and changes occurend in syncronized Codebeamer projects
# Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data
trsEnabled: false
containerPort: "8443"
port: "8443"
debugPortToolService: ""
# Defines a proxy used by the OSLC Connector for Codebeamer.
proxy:
https:
# The URL of the https proxy server
host: ""
# The port of the https proxy server
port: ""
# A list of IP addresses or URLs devided by the pipe sign '|'
nonProxyHosts: ""
# Sets the logging level in the application
# valid values are: INFO, ERROR, DEBUG, TRACE
loggingLevelSpringFramework: "INFO"
ingress:
enabled: true
className: ""
annotations: {}
tls:
secretName: ""
# ----------------------------------------------------------------
# ------------------------- Library ------------------------------
# ----------------------------------------------------------------
# Special certtool configuration
certtool:
# certtool should only be activated on the first deployment and after a certificate update
enabled: true
mongodb
# Deployes a mongodb container inside the pod that the OSLC Connector will use
enabled: true |
Overwriting the installed version
Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart
| Code Block |
|---|
genoslcToolServiceVersionOverride: "2024.07.4" |
SSL certificates
| Code Block |
|---|
|
# SSL certificates
cert:
overrideTruststorePassword: "changeit"
secretName: ""
crtFullChain: ""
key: "" |
Domain and subdomain
In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Octane will be accessible.
| Code Block |
|---|
|
global:
domain: "example.com"
hosts:
genoslc:
subdomain: "genoslc-octane"
port: "" |
This will result in genoslc-octane.example.com to become the URL where the OSLC Connector is established.
OIDC Issuer
The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))
| Code Block |
|---|
|
global:
identity:
OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector" |
Configuring the OIDC client
After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.
| Code Block |
|---|
env:
oidc:
clientId: octaneClient
clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9 |
| Note |
|---|
The OIDC client MUST fulfill the following requirements: has to be a private client (so it has a key and secret) grant type must be authorization codeĀ the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
|
Setting up a connection to the Octane instance
Adapting a Octane instance
There are two URLs that must be set before a integration with the API and UI of Octane can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Octane instance. The second one is adaptedToolApiUri and represents the API URL of Octane. This usually follows the following path formats:
...
https://<octane instance URL>/api/v3/
...
# ----------------------------------------------------------------
# ------------------------- Library ------------------------------
# ----------------------------------------------------------------
# Special certtool configuration
certtool:
# certtool should only be activated on the first deployment and after a certificate update
enabled: true
mongodb
# Deployes a mongodb container inside the pod that the OSLC Connector will use
enabled: true |
Overwriting the installed version
Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart
| Code Block |
|---|
genoslcToolServiceVersionOverride: "2024.07.4" |
SSL certificates
| Code Block |
|---|
|
# SSL certificates
cert:
overrideTruststorePassword: "changeit"
secretName: ""
crtFullChain: ""
key: "" |
Domain and subdomain
In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Octane will be accessible.
| Code Block |
|---|
|
global:
domain: "example.com"
hosts:
genoslc:
subdomain: "genoslc-octane"
port: "" |
This will result in genoslc-octane.example.com to become the URL where the OSLC Connector is established.
OIDC Issuer
The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))
| Code Block |
|---|
|
global:
identity:
OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector" |
Configuring the OIDC client
After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.
| Code Block |
|---|
env:
oidc:
clientId: octaneClient
clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9 |
| Note |
|---|
The OIDC client MUST fulfill the following requirements: has to be a private client (so it has a key and secret) grant type must be authorization codeĀ the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
|
Setting up a connection to the Octane instance
Adapting a Octane instance
There are two URLs that must be set before a integration with the API and UI of Octane can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Octane instance. The second one is adaptedToolApiUri and represents the API URL of Octane. This usually follows the following path formats:
https://<octane instance URL>/api/v3/
https://<octane instance URL>/cb/api/v3/
| Code Block |
|---|
|
env:
tool:
adaptedToolApiUri: "https://octane.com"
adaptedToolRootUri: "https://octane.com" |
Technical user authorization for TRS generation
The value for adaptedToolTechnicalUserAuthorizationHeader must be a valid Basic authorization header. The credentials are base64 encoded.
Setting the adaptedToolTechnicalUserAuthorizationHeaderis mandatory if TRS feed generation is required.
| Code Block |
|---|
|
env:
tool:
adaptedToolTechnicalUserAuthorizationHeader: "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" |
List of OSLC Connector for Octane administrators
Provide a list of up to 5 usernames which will have the administration right to change protected settings in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. At least one administrator user must be stated here.
| Code Block |
|---|
|
env:
configuration:
administrators: [] |
Encrypt oauth10a configuration data
Set the encryption key used to encrypt and decrypt the oauth10a configuration data in the database.
| Code Block |
|---|
|
env:
configuration:
oauth10aEncryptionKey: "encryption-key" |
Overwrite global OIDC configuration
This optional section can be used to overwrite the OIDC client configuration used by the OSLC Connector for Octane when the helm chart bundles multiple applications together.
Set the env.oidc.clientId and env.oidc.clientSecret in order to overwrite the values from global.oidc.clientId and global.oidc.clientSecret respectively.
Alternatively you can provide the name of the Kubernetes secret and the values for clientId and clientSecret will be fetched from the specified secret.
| Code Block |
|---|
|
env:
oidc:
clientId: ""
clientSecret: ""
secretName: "" |
User name attribute
Used to set the JWT claim to be used for user identification. Examples are preferred_username, sub, oid.
| Code Block |
|---|
|
env:
userNameAttribute: "preferred_username" |
Client authentication scheme
Sets the client authentication method to be used in the authentication process. Valid values are: client_secret_basic, client_secret_post, none. Default value is "client_secret_basic"
| Code Block |
|---|
|
env:
clientAuthenticationScheme: "client_secret_basic" |
User info authentication method
Sets the user info authentication method. Valid values are: header, form, query
| Code Block |
|---|
|
env:
userInfoAuthenticationMethod: "header" |
Client scopes
Sets the client scopes used in the authentication process. Default value "openid". The value is a comma separated list of scopes (e.g. "read, write").
| Code Block |
|---|
|
env:
clientScope: "openid" |
PKCE
Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/. Default value is true. Set pkceEnabled to false if the OIDC provider does not support PKCE.
| Code Block |
|---|
|
env:
pkceEnabled: true |
Public URI and Plugin URI
The env.publicUri variable sets the URL where the OSLC Connector for Octane is accessible. This is mandatory and has to be set.
The env.pluginUri sets the URL where the OSLC Connector for Octane is accessible and must be in the form of <env.publicUri>/spa. This variable is also mandatory and must be set.
| Code Block |
|---|
|
env:
publicUri: ""
pluginUri: "" |
Allowed CORS URLs
This is a comma separated list of applications that are allowed to make requests to the OSLC Connector API like third party applications that read data from the OSLC Connector for Octane.
| Code Block |
|---|
|
env:
allowedCorsOrigins: "https://smartfacts.com" |
Known context roots
This is a comma separated list URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connect to this instance via an association.
| Code Block |
|---|
|
env:
knownContextRoots: "https://genoslc-codebeamer.smartfacts.com" |
Global Configuration Provider
Sets the Global Configuration provider. An example is https://<ibm-elm>/gc. Setting the value is optional but is mandatory if IBM ELM link validity is required.
| Code Block |
|---|
|
env:
globalConfigurationProvider: "" |
Link Validity Provider
Sets the Link Validity Provider. Examples:
https://<ibm-elm>/jts/elm
https://<smartfacts>/platform/elm
| Code Block |
|---|
|
env:
linkValidityProvider: "" |
Enabling TRS
Enables TRS feed generation. Requires a technical user to be set via the env.tool.adaptedToolTechnicalUserAuthorizationHeader if it's enabled.
TRS feed exposes base artifacts and changes that occurred in synchronized Octane projects.
| Note |
|---|
Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data. |
| Code Block |
|---|
|
env:
tool:
adaptedToolApiUri: "https://octane.com"
adaptedToolRootUri: "https://octane.com"trsEnabled: false |
Install the OSLC Connector for Octane
...