Versions Compared

Version Old Version 4 New Version 5
Changes made by

Jim Amsden (Unlicensed)

Jim Amsden (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

elm-sync configuration is done in the Spring Boot application.yml file. The configuration associates one CDCM space with one ELM GCM server, and lists the CDCM Configuration Areas that should be synchronized with ELM GCM. Configuration includes the following topics:

  • spring security for oauth2 for CDCM accessThe elm-sync server configuration

  • The SQLite database configuration for elm-sync

  • The elm-sync server configuration

  • cdcm sever and API

  • ibm-elm server and API information

  • spring security for oauth2 for CDCM access

  • OAuth1.0a configuration for access to ELM GCM

  • The cdcm Configuration Area to ELM GCM server mappings

Description

Usage

Access to CDCM uses AOuth 2 which is configured for the Spring Boot application

...

elm-sync uses the configuration information in the application.yml file to configure the CDCM and ELM GCM server URLs, access control and API information, and the list of CDCM Configuration Areas to sync. elm-sync then uses the CDCM TRS provider to read the change long to replicate changes in CDCM in the corresponding project areas and resources in ELM GCM. elm-sync does not use the CDCM TRS base to determine what configuration areas to sync. Rather these are explicitly defined in the configuration.area.mapping elements.

elm-sync also does not use the trs:cutoffEvent, assuming it is always 0. This effectively means elm-sync assumes the TRS base is empty and all the TRS provider information is in the change log. This may need to be updated if CDCM implements change log pruning.

Configuration

application.yml

The application.yml defines various information elm-sync uses to determine what CDCM configuration areas should be synced to ELM GCM and how to access them through their authenticated APIs. Here’s an example application.yml file.

Code Block
spring:
  security:
    oauth2:
      client:
        registration:
          custom: #'custom' here can scope: ${CLIENT_SCOPE:openid}be anything
            authorizationclient-grant-typeid: authorization_code
${CLIENT_ID:genoslc-development} #genoslc-development
       provider:           custom: #'custom' here can be anythingclient-secret: ${CLIENT_SECRET:z0AMmptqxxuQBBiZc7FMJVAisvGmMadD}
               issuerredirect-uri: httpshttp://keycloak.mid.de/realms/Smartfacts-Developmentlocalhost:${server.port}/${server.servlet.context-path}/login/oauth2/code/custom
            user-name-attributescope: ${USERCLIENT_NAME_ATTRIBUTE:preferred_usernameSCOPE:openid}
            userauthorization-infogrant-authentication-methodtype: ${USER_INFO_AUTHENTICATION_METHOD:form} # header, form, queryauthorization_code
        provider:
  resourceserver:         jwt:custom: #'custom' here can be anything
            issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development

elm-sync uses SQLite for persisting information about the CDCM configuration areas and ELM GCM project areas that are being synchronized. The information includes:

  • The Configuration Area id

  • The ELM Server URL and corresponding project area URL

  • The trs:order number of the last trs:change event processed by elm-sync. Changes after this event will be processed on the next elm-sync scan cycle.

Code Block
  datasource:  # tge /SQLite data source used by elm-sync
    url: jdbc:sqlite:/data/sqlite/elmsync.db
    driver-class-name: org.sqlite.JDBC
    username: sa
    password: sa
  jpa:
    database-platform: org.hibernate.community.dialect.SQLiteDialect
    hibernate:
      ddl-auto: update
    show-sql: true

Configuration

elm-sync is configured using the Spring Boot project file application.yml. This file has to be put in the application’s resources folder. Spring Boot profiles can be used for different configurations such as application-local.ymlfor local development, and application-prod.yml for production.

Kubernetes

The application.yml contains security sensitive information such as consumer keys and secrets, and should be placed into a kubernetes secret, and mounted into the CDCM container. The name of this secret is "elm-sync", the value of is the application.yml file.

To integrate the application.yml file into your CDCM deployment, you need to create a secret called “elm-sync” in the namespace of your CDCM deployment.

There are two ways to do this:

  1. Use kubectl

Code Block
kubectl create secret generic elm-sync --from-file=application.yml=./resources/application.yml -n cdcm

  1. If the secret has to be created manually or from a vault, use this template:

Code Block
apiVersion: v1
data:
  application.yml: <base64 encoded content of the file application.yml>
kind: Secret
metadata:
  name: elm-sync
  namespace: cdcm
type: Opaque

Save the file as application.yml and apply it with:

Code Block
kubectl apply -f application.yml -n <namespace>

Example application.yml

This examples defines various external servers and their required authentication mechanisms and a Gateway Proxy configuration. Connections to the Gateway Proxy in this example are authenticated using OAuth 2.0.

Code Block
spring:
  security:
    oauth2:
      client:
        registration:
          custom: #'custom' here can be anything
            client-id: ${CLIENT_ID:genoslc-development} #genoslc-development
            client-secret: ${CLIENT_SECRET:z0AMmptqxxuQBBiZc7FMJVAisvGmMadD}
            redirect-uri: http://localhost:${server.port}/${server.servlet.context-path}/login/oauth2/code/custom
            scope: ${CLIENT_SCOPE:openid}
            authorization-grant-type: authorization_code
        provider:
          custom: #'custom' here can be anything
 
            user-name-attribute: ${USER_NAME_ATTRIBUTE:preferred_username}
            user-info-authentication-method: ${USER_INFO_AUTHENTICATION_METHOD:form} # header, form, query
      resourceserver:
        jwt:
          issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development

  elm-sync:  # configuration for the elm-sync server
  instance:
    name: ELM-SYNC-1
  configuration:
    cdcm-configuration-url: http://localhost:8080/api/v1/objectMappings
    cdcm-url: https://www.example.com/
  max-number-of-retries: 6
  retry-backoff: 2
  max-number-of-unique-title-retries: 50

server:
  port: ${PORT:8080}
  servlet:
    context-path: "/sandbox"

cdcm:  # the CDCM server instance and Space to use, one instance per elm-sync server
  api:
    host: https://cdcm.demo.smartfacts.com
    space-key: CDCM-IPKvRuZYUps1

ibm-elm:  # the IBM ELM server instance to use, corresponds to a CDCM Space
  api:
    host: https://elmdemo.smartfacts.com:9443
    pa-creation-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/projectArea
    pa-get-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/allProjectAreas
    config-update-path: /gc/gc.webui.updateConfiguration

datasource:
    url: jdbc:sqlite:/Users/jamsden/data/sqlite/elmsync.db
    driver-class-name: org.sqlite.JDBC
    username: sa
    password: sa
  jpa:
    database-platform: org.hibernate.community.dialect.SQLiteDialect
    hibernate:
      ddl-auto: update
    show-sql: true

smartfacts:
  oauth10a:
    active: true
    outbound:elm
      details:
        - name: elmdemo.smartfacts.com
          issuerprotected-url-uriroots: https://keycloakelmdemo.midsmartfacts.decom:9443/realms/Smartfacts-Developmentjts/**,https://elmdemo.smartfacts.com:9443/rm/**,https://elmdemo.smartfacts.com:9443/gc/**
            user-name-attributeconsumer-key: ${USER_NAME_ATTRIBUTE:preferred_username}jamsden_auth
          consumer-secret:  user-info-authentication-method: ${USER_INFO_AUTHENTICATION_METHOD:form} # header, form, queryChajas3mat#
          rootservices:  resourceserver:https://elmdemo.smartfacts.com:9443/jts/rootservices
        - jwt:name: ibm-elm-qm
          issuerprotected-uriurl-roots: https://keycloakelmdemo.midsmartfacts.de/realms/Smartfacts-Developmentcom:9443/qm
     elm-sync:  # configuration for the elm-sync serverconsumer-key: consumer-key
     instance:     nameconsumer-secret: ELM-SYNC-1secret
  configuration:     cdcm-configuration-url: http   rootservices: https://localhost:8080/api/v1/objectMappingselmdemo.smartfacts.com:9443/qm/rootservices

    cdcm-url: https://www.example.com/inbound:
      max-number-of-retriesrealm-name: 6sandbox-realm
  retry-backoff: 2   maxauto-numberapprove-of-unique-title-retries: 50

server:
  port: ${PORT:8080}
  servlet:consumer-keys: true
      auto-approve-tokens: true
      details:
        context-path name: "/sandbox"mid-elm-inbound
 cdcm:  # the CDCM server instance and Space to use, one instance per elm-sync server
  api:
    host: https://cdcm.demo.smartfacts.com  consumer-key: bc2a6767-af53-417a-a97c-c9487804d5df
          consumer-secret: secret

configuration:
  area:
    space-keymapping:
CDCM-IPKvRuZYUps1  ibm-elm:  #  the-
IBM ELM server instance to use, corresponds to asource: CDCM664f38242aac9257b5b0c79c
Space   api:     hosttarget: https://elmdemo.smartfacts.com:9443
      pa-creation-path:
/gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/projectArea     pa-get-path: /gc/service/com.ibm.team.process.internal.service.web.IProcessWebUIService/allProjectAreas   source: 664f383b2aac9257b5b0c7a0
        config-update-pathtarget: https:/gc/gcelmdemo.webui.updateConfigurationsmartfacts.com:9443
   datasource:   -
 url: jdbc:sqlite:/Users/jamsden/data/sqlite/elmsync.db     driver-class-name: org.sqlite.JDBC
    username: sa source: 664c7d15f7eb227a1021a7ce
    password: sa   jpatarget:     database-platform: org.hibernate.community.dialect.SQLiteDialect
    hibernate:
      ddl-auto: update
    show-sql: true

smartfacts:
  oauth10a:
    active: true
    outbound:elm
      details:
        - name: elmdemo.smartfacts.com
          protected-url-roots: https://elmdemo.smartfacts.com:9443/jts/**,https://elmdemo.smartfacts.com:9443/rm/**,https://elmdemo.smartfacts.com:9443/gc/**
          consumer-key: jamsden_auth
          consumer-secret: Chajas3mat#
 https://elmdemo.smartfacts.com:9443

elm-sync server configuration

elm-syn SQLite database configuration

elm-sync uses SQLite for persisting information about the CDCM configuration areas and ELM GCM project areas that are being synchronized. The information includes:

  • The Configuration Area id

  • The ELM Server URL and corresponding project area URL

  • The trs:order number of the last trs:change event processed by elm-sync. Changes after this event will be processed on the next elm-sync scan cycle.

Code Block
  datasource:  # tge /SQLite data source used by elm-sync
    url: jdbc:sqlite:/data/sqlite/elmsync.db
    driver-class-name: org.sqlite.JDBC
    username: sa
    password: sa
  jpa:
    database-platform: org.hibernate.community.dialect.SQLiteDialect
    hibernate:
      ddl-auto: update
    show-sql: true

CDCM sever and API

IBM ELM server and API information

CDCM Security Configuration

Access to CDCM uses AOuth 2 which is configured for the Spring Boot application

Code Block
spring:
  security:
    oauth2:
      client:
        rootservicesregistration:
https://elmdemo.smartfacts.com:9443/jts/rootservices           - namecustom: ibm-elm-qm
   #'custom' here can be anything
      protected-url-roots: https://elmdemo.smartfacts.com:9443/qm           consumer-key: consumer-keyclient-id: ${CLIENT_ID:genoslc-development} #genoslc-development
             consumerclient-secret: ${CLIENT_SECRET:z0AMmptqxxuQBBiZc7FMJVAisvGmMadD}
     secret           rootservices: https://elmdemo.smartfacts.com:9443/qm/rootservices

    inbound:
      realm-name: sandbox-realm
      auto-approve-consumer-keys: true
      auto-approve-tokens: true
      details:
        - name: mid-elm-inbound
          consumer-key: bc2a6767-af53-417a-a97c-c9487804d5df
          consumer-secret: secret

configuration:
  area:
    mapping:
      -
        source: 664f38242aac9257b5b0c79c
        target: https://elmdemo.smartfacts.com:9443
      -
        source: 664f383b2aac9257b5b0c7a0
        target: https://elmdemo.smartfacts.com:9443
      -
        source: 664c7d15f7eb227a1021a7ce
        target: https://elmdemo.smartfacts.com:9443redirect-uri: http://localhost:${server.port}/${server.servlet.context-path}/login/oauth2/code/custom
            scope: ${CLIENT_SCOPE:openid}
            authorization-grant-type: authorization_code
        provider:
          custom: #'custom' here can be anything
            issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development
            user-name-attribute: ${USER_NAME_ATTRIBUTE:preferred_username}
            user-info-authentication-method: ${USER_INFO_AUTHENTICATION_METHOD:form} # header, form, query
      resourceserver:
        jwt:
          issuer-uri: https://keycloak.mid.de/realms/Smartfacts-Development

ELM GCM OAuth1.0a Security Configuration

elm-sync uses OAuth1.0a to access ELM GCM through the REST APIs. This access is done through a functional user whose ID is associated with a consumer key and secret.

Code Block
smartfacts:
  oauth10a:
    active: true
    outbound:elm
      details:
        - name: elmdemo.smartfacts.com
          protected-url-roots: https://elmdemo.smartfacts.com:9443/jts/**,https://elmdemo.smartfacts.com:9443/rm/**,https://elmdemo.smartfacts.com:9443/gc/**
          consumer-key: jamsden_auth
          consumer-secret: some_password
          rootservices: https://elmdemo.smartfacts.com:9443/jts/rootservices
        - name: ibm-elm-qm
          protected-url-roots: https://elmdemo.smartfacts.com:9443/qm
          consumer-key: consumer-key
          consumer-secret: secret
          rootservices: https://elmdemo.smartfacts.com:9443/qm/rootservices

    inbound:
      realm-name: sandbox-realm
      auto-approve-consumer-keys: true
      auto-approve-tokens: true
      details:
        - name: mid-elm-inbound
          consumer-key: bc2a6767-af53-417a-a97c-c9487804d5df
          consumer-secret: secret

The outbound.details provide the information elm-sync need to be able to access ELM GCM services using OAuth1.0a for authentication.

The inbound.relm-name is used for the elm-sync REST API services defined in the com.mid.smartfacts.cdcm.elmc.controllers classes:

  • ElmApplicationController: provides rootservices, service provider catalog and about information for elm-sync

  • TestConfigurationAreaReaderController: implements various fixed test cases for accessing CDCM Configuration Areas

  • TestController: implements various test cases for accessing CDCM and ELM GCM resources, useful for developing automate test cases and for exploring implementation options and issues

Creating the ELM GCM functional id

elm-sync access the ELM GCM REST APIs using OAuth1.0a and a functional id. The is the most reliable way to do server to server communication with ELM servers because they all use OAuth1.0a to configure consumer/friend relationships to allow the ELM servers to talk to each other. OAuth1.0a can be reliably depended on to be supported by ELM servers.

For elm-sync to access ELM GCM, you must register elm-sync with the ELM Jazz Team Server (JTS) as a consumer (inbound) connection, with consumer key and secret. Then you need to associate that consumer with a functional id that has JazzAdmins, JazzUsers and JazzProjectAdmins repository permissions. Here a brief summary of the steps

  1. Navigate to the Jazz Team Server Administration Home page

  2. Manage or create users and create the functional id with JazzAdmins, JazzUsers and JazzProjectAdmins repository permissions

    image-20250203-152201.pngImage Added

  3. Click Manage Server and then Communication > Consumers (Inbound)

  4. Use the Register Consumer form to create a Trusted Consumer Key with a Consumer Secret. This is the same information that will be used in the smartfacts.oauth10a.outbound.details entry in the application.yml file.

  5. Edit the newly created Authorized Key and set the Functional User ID to the Id you create above:

    image-20250203-153042.pngImage Added

CDCM Configuration Area to ELM GCM Server Mappings

Note: Although a configuration.area.mapping.target specifies the URL of the ELM GCM server, this URL must be the same as ibm-elm.api.host. elm-sync is currently configured to sync one CDCM server with one ELM GCM server. A different instance of elm-sync could be used to sync different CDCM and ELM GCM servers.

Future consideration: Support configuration of multiple CDCM and ELM GCM servers in a single elm-sync implementation:

  1. Change configuration.area.mapping.source to a URL link to the CDCM configuration area, instead of just its ID

  2. Derive the ibm-elm.api information for the configuration.area.mapping.target URL through discovery

Configuration

elm-sync is configured using the Spring Boot project file application.yml. This file has to be put in the application’s resources folder. Spring Boot profiles can be used for different configurations such as application-local.ymlfor local development, and application-prod.yml for production.

Kubernetes

The application.yml contains security sensitive information such as consumer keys and secrets, and should be placed into a kubernetes secret, and mounted into the CDCM container. The name of this secret is "elm-sync", the value of is the application.yml file.

To integrate the application.yml file into your CDCM deployment, you need to create a secret called “elm-sync” in the namespace of your CDCM deployment.

There are two ways to do this:

  1. Use kubectl

Code Block
kubectl create secret generic elm-sync --from-file=application.yml=./resources/application.yml -n cdcm

  1. If the secret has to be created manually or from a vault, use this template:

Code Block
apiVersion: v1
data:
  application.yml: <base64 encoded content of the file application.yml>
kind: Secret
metadata:
  name: elm-sync
  namespace: cdcm
type: Opaque

Save the file as application.yml and apply it with:

Code Block
kubectl apply -f application.yml -n <namespace>

Reference

The following tables define each of the leave properties in the elm-sync configuration. See the example above for the property paths.

...