Versions Compared

Version Old Version 1 New Version 2
Changes made by

Jim Amsden

Jim Amsden

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

elm-sync configuration is done in the Spring Boot application.yml file. The configuration associates one CDCM space with one ELM GCM server, and lists the CDCM Configuration Areas that should be synchronized with ELM GCM. Configuration includes the following topics:

  • spring security for oauth2 for CDCM access

  • The SQLite database configuration for elm-sync

  • The elm-sync server configuration

  • cdcm and ibm-elm API information

  • OAuth1.0a configuration for access to ELM GCM

  • The cdcm Configuration Area to ELM GCM server mappings

Description

Usage

Access to CDCM uses AOuth 2 which is configured for the Spring Boot application

Code Block
spring:
  security:
    oauth2:
      client:
        registration:
          custom: #'custom' here can be anything
            client-id: ${CLIENT_ID:genoslc-development} #genoslc-development
            client-secret: ${CLIENT_SECRET:z0AMmptqxxuQBBiZc7FMJVAisvGmMadD}
            redirect-uri: http://localhost:${server.port}/${server.servlet.context-path}/login/oauth2/code/custom
            scope: ${CLIENT_SCOPE:openid}
            authorization-grant-type: authorization_code
        provider:
          custom: #'custom' here can be anything
            issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development
            user-name-attribute: ${USER_NAME_ATTRIBUTE:preferred_username}
            user-info-authentication-method: ${USER_INFO_AUTHENTICATION_METHOD:form} # header, form, query
      resourceserver:
        jwt:
          issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development

elm-sync uses SQLite for persisting information about the CDCM configuration areas and ELM GCM project areas that are being synchronized. The information includes:

  • The Configuration Area id

  • The ELM Server URL and corresponding project area URL

  • The trs:order number of the last trs:change event processed by elm-sync. Changes after this event will be processed on the next elm-sync scan cycle.

Code Block
  datasource:  # tge /SQLite data source used by elm-sync
    url: jdbc:sqlite:/data/sqlite/elmsync.db
    driver-class-name: org.sqlite.JDBC
    username: sa
    password: sa
  jpa:
    database-platform: org.hibernate.community.dialect.SQLiteDialect
    hibernate:
      ddl-auto: update
    show-sql: true

Configuration

elm-sync is configured using the Spring Boot project file application.yml. This file has to be put in the application’s resources folder. Spring Boot profiles can be used for different configurations such as application-local.ymlfor local development, and application-prod.yml for production.

Kubernetes

The application.yml contains security sensitive information such as consumer keys and secrets, and should be placed into a kubernetes secret, and mounted into the CDCM container. The name of this secret is "elm-sync", the value of is the application.yml file.

To integrate the application.yml file into your CDCM deployment, you need to create a secret called “elm-sync” in the namespace of your CDCM deployment.

There are two ways to do this:

  1. Use kubectl

Code Block
kubectl create secret generic elm-sync --from-file=application.yml=./resources/application.yml -n cdcm

  1. If the secret has to be created manually or from a vault, use this template:

Code Block
apiVersion: v1
data:
  application.yml: <base64 encoded content of the file application.yml>
kind: Secret
metadata:
  name: elm-sync
  namespace: cdcm
type: Opaque

Save the file as application.yml and apply it with:

Code Block
kubectl apply -f application.yml -n <namespace>

Example application.yml

This examples defines various external servers and their required authentication mechanisms and a Gateway Proxy configuration. Connections to the Gateway Proxy in this example are authenticated using OAuth 2.0.

Code Block
spring:
  security:
    oauth2:
      client:
        registration:
          custom: #'custom' here can be anything
            client-id: ${CLIENT_ID:genoslc-development} #genoslc-development
            client-secret: ${CLIENT_SECRET:z0AMmptqxxuQBBiZc7FMJVAisvGmMadD}
            redirect-uri: http://localhost:${server.port}/${server.servlet.context-path}/login/oauth2/code/custom
            scope: ${CLIENT_SCOPE:openid}
            authorization-grant-type: authorization_code
        provider:
          custom: #'custom' here can be anything
            issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development
            user-name-attribute: ${USER_NAME_ATTRIBUTE:preferred_username}
            user-info-authentication-method: ${USER_INFO_AUTHENTICATION_METHOD:form} # header, form, query
      resourceserver:
        jwt:
          issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development

  elm-sync:  # configuration for the elm-sync server
  instance:
    name: ELM-SYNC-1
  configuration:
    cdcm-configuration-url: http://localhost:8080/api/v1/objectMappings
    cdcm-url: https://www.example.com/
  max-number-of-retries: 6
  retry-backoff: 2
  max-number-of-unique-title-retries: 50

server:
  port: ${PORT:8080}
  servlet:
    context-path: "/sandbox"

cdcm:  # the CDCM server instance and Space to use, one instance per elm-sync server
  api:
    host: https://cdcm.demo.smartfacts.com
    space-key: CDCM-IPKvRuZYUps1

ibm-elm:  # the IBM ELM server instance to use, corresponds to a CDCM Space
  api:
    host: https://elmdemo.smartfacts.com:9443
    pa-creation-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/projectArea
    pa-get-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/allProjectAreas
    config-update-path: /gc/gc.webui.updateConfiguration

datasource:
    url: jdbc:sqlite:/Users/jamsden/data/sqlite/elmsync.db
    driver-class-name: org.sqlite.JDBC
    username: sa
    password: sa
  jpa:
    database-platform: org.hibernate.community.dialect.SQLiteDialect
    hibernate:
      ddl-auto: update
    show-sql: true

smartfacts:
  oauth10a:
    active: true
    outbound:elm
      details:
        - name: elmdemo.smartfacts.com
          protected-url-roots: https://elmdemo.smartfacts.com:9443/jts/**,https://elmdemo.smartfacts.com:9443/rm/**,https://elmdemo.smartfacts.com:9443/gc/**
          consumer-key: jamsden_auth
          consumer-secret: Chajas3mat#
          rootservices: https://elmdemo.smartfacts.com:9443/jts/rootservices
        - name: ibm-elm-qm
          protected-url-roots: https://elmdemo.smartfacts.com:9443/qm
          consumer-key: consumer-key
          consumer-secret: secret
          rootservices: https://elmdemo.smartfacts.com:9443/qm/rootservices

    inbound:
      realm-name: sandbox-realm
      auto-approve-consumer-keys: true
      auto-approve-tokens: true
      details:
        - name: mid-elm-inbound
          consumer-key: bc2a6767-af53-417a-a97c-c9487804d5df
          consumer-secret: secret

configuration:
  area:
    mapping:
      -
        source: 664f38242aac9257b5b0c79c
        target: https://elmdemo.smartfacts.com:9443
      -
        source: 664f383b2aac9257b5b0c7a0
        target: https://elmdemo.smartfacts.com:9443
      -
        source: 664c7d15f7eb227a1021a7ce
        target: https://elmdemo.smartfacts.com:9443

Reference

The following tables define each of the leave properties in the elm-sync configuration. See the example above for the property paths.

CDCM OAuth 2: spring.security.oauth2

Key

Description

client-id

The CDCM server OAuth 2 client id

client-secret

The CDCM server OAuth 2 client secret

Persistance: datasource

Key

Description

url

URL of the SQLite database. This database will be created if it does not exist.

driver-class-name

The SQLite driver class name, usually org.sqlite.JDBC.

Possible values are GET, POST, PUT, DELETE, OPTIONS, PATCH and ALL

username

The SQLite database user name

password

The SQLite database password