...
| Code Block |
|---|
| breakoutMode | wide |
|---|
| language | yaml |
|---|
|
genoslcToolServiceVersionOverride: ""
genoslcCodebeamerPluginVersionOverride: ""
global:
# Domain of the cluster or of the external reverse proxy
domain: "example.com"
# Setup OIDC information
oidc:
# OIDC Client ID registerd for this application
clientId: ""
# OIDC Client Secret registered for this application
clientSecret: ""
# SSL certificates
cert:
overrideTruststorePassword: "changeit"
secretName: ""
crtFullChain: ""
key: ""
identity:
# OIDC Issuer URL, taken from the /.well-known/openid-configuration endpoint
OIDC_ISSUER: ""
hosts:
genoslc:
# The subdomain where the OSLC Connector for Codebeamer will be accessible
subdomain: "genoslc-codebeamer"
port: ""
env:
tool:
# Possible valuestype: ""|"codebeamer"
# Setting it to "codebeameradaptedToolApiUri: ""
will tell the helm chartadaptedToolRootUri: to""
setup the Codebeamer Widget container in the podadaptedToolToolTimeZone: "UTC"
adaptedToolTechnicalUserAuthorizationHeader: ""
# Required for a complete integration in the Codebeamer UI
typewidgetUrl: "<baseUrl>/cb"
manualLoginRequired: "false"
authorizationUri: "codebeamer"
introspectionUri: ""
# Codebeamer APIconfiguration:
URL administrators: #[]
Usually it is the <codebeameroauth10aEncryptionKey: instance URL>/api/v3/ or <codebeamer instance URL>/cb/api/v3/""
oidc:
adaptedToolApiUriclientId: ""
#clientSecret: URL""
where the Codebeamer application issecretName: accessible""
userNameAttribute: adaptedToolRootUri"preferred_username"
clientAuthenticationScheme: "client_secret_basic"
userInfoAuthenticationMethod: "header" #
Timezone set in CodebeamerclientScope: "openid"
pkceEnabled: true
# See chapter 1.1.22.1 in https://codebeamer.com/cb/wiki/5848463
adaptedToolToolTimeZone: "UTCpublicUri: ""
pluginUri: ""
allowedCorsOrigins: ""
knownContextRoots: ""
globalConfigurationProvider: ""
# base64 encodedlinkIndexType: technical""
user credentials linkIndexUri: ""
#linkValidityProvider: Required""
when if TRStrsEnabled: isfalse
enabled
adaptedToolTechnicalUserAuthorizationHeadercontainerPort: "8443"
port: "8443"
# URL wheredebugPortToolService: the""
Codebeamer Widget will
be accessible;
# MustDefines filla theproxy baseused URL ofby the OSLC Connector for Codebeamer.
proxy:
widgetUrlhttps:
"<baseUrl>/cb" # IfThe theURL flagof "manualLoginRequired"the is set to "true", the plugin will not attempt to automatically login the user.https proxy server
host: ""
# ThisThe flagport shouldof bethe enabledhttps ifproxy manyserver
users that do not have access toport: a""
third party app connected # viaA thelist OSLCof Connector.IP addresses or manualLoginRequired: "false"
configuration:URLs devided by the pipe sign '|'
# GivenonProxyHosts: a"" list
of
up to 5# usernamesSets ofthe userslogging whichlevel will havein the administrationapplication
right to change# settingsvalid values are: INFO, ERROR, #DEBUG, inTRACE
the OSLC Connector. Inbound details and Outbound details can be managed only by administrators.
# At least one administrator user must be stated here.
administrators: []
# Key used to encrypt the oauth10a configuration data in the database
oauth10aEncryptionKey: ""
# oidc section overwrites the information set in the global.oidc section
oidc:
# OIDC Client ID registerd for this application
clientId: ""
# OIDC Client Secret registered for this application
clientSecret: ""
# Name of a Kubernetes secret containing clientId and clientSecret.
secretName: ""
# Sets the JWT claim to be used for user identification
# e.g. preferred_username, sub, oid
userNameAttribute: "preferred_username"
# Sets the client authentication method to be used in the authentication process
# Valid values are: client_secret_basic, client_secret_post, none
# Default value is "client_secret_basic"
clientAuthenticationScheme: "client_secret_basic"
# Sets the user info authentication method
# valid values are: header, form, query
userInfoAuthenticationMethod: "header"
# Sets the client scopes used in the authentication process
# Default value "openid"
clientScope: "openid" # comma separated list of scopes (e.g. "read, write")
# Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/
# Default value is true
# Set pkceEnabled to false if the OIDC provider does not support PKCE
pkceEnabled: true
# Sets the URL where the OSLC Connector for Codebeamer is accessible
# Mandatory
publicUri: ""
# Sets the URL where the OSLC Connector for Codebeamer is accessible
# URL must be <publicUri>/spa
# Mandatory
pluginUri: ""
# Comma separate list of applications that are allowed to make requests to the OSLC Connector API
# Examples:
# Third party applications that connect to the OSLC Connector for Codebeamer
# Codebeamer
allowedCorsOrigins: ""
# URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connected
# to this instance via an association.
knownContextRoots: ""
# Sets the Global Configuration provider
# Example: https://<ibm-elm>:9443/gc
# Optional
# Required if IBM ELM link validity is used
globalConfigurationProvider: ""
# Sets the Link Validity Provider
# Examples:
# https://<ibm-elm>:9443/jts/elm
# https://<smartfacts>/platform/elm
linkValidityProvider: ""
# Enables TRS feed generation
# Requires a technical user to be set if it's enabled
# TRS feed exposes base artifacts and changes occurend in syncronized Codebeamer projects
# Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data
trsEnabled: false
containerPort: "8443"
port: "8443"
debugPortToolService: ""
# Defines a proxy used by the OSLC Connector for Codebeamer.
proxy:
https:
# The URL of the https proxy server
host: ""
# The port of the https proxy server
port: ""
# A list of IP addresses or URLs devided by the pipe sign '|'
nonProxyHosts: ""
# Sets the logging level in the application
# valid values are: INFO, ERROR, DEBUG, TRACE
loggingLevelSpringFramework: "INFO"
ingress:
enabled: true
className: ""
annotations: {}
tls:
secretName: ""
# ----------------------------------------------------------------
# ------------------------- Library ------------------------------
# ----------------------------------------------------------------
# Special certtool configuration
certtool:
# certtool should only be activated on the first deployment and after a certificate update
enabled: true
mongodb
# Deployes a mongodb container inside the pod that the OSLC Connector will use
enabled: true |
Overwriting the installed version
Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart
| Code Block |
|---|
genoslcToolServiceVersionOverride: "2024.07.4" |
Use genoslcCodebeamerPluginVersionOverride to change the default version set in the helm chart for the Codebeamer plugin widget. Overwrite the default value when you want to switch to another version, other than the one set as default.
| Code Block |
|---|
genoslcCodebeamerPluginVersionOverride: "2024.07.1" |
SSL certificates
| Code Block |
|---|
|
# SSL certificates
cert:
overrideTruststorePassword: "changeit"
secretName: ""
crtFullChain: ""
key: "" |
Domain and subdomain
In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Codebeamer will be accessible.
| Code Block |
|---|
|
global:
domain: "example.com"
hosts:
genoslc:
subdomain: "genoslc-codebeamer"
port: "" |
This will result in genoslc-codebeamer.example.com to become the URL where the OSLC Connector is established.
OIDC Issuer
The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))
| Code Block |
|---|
|
global:
identity:
OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector" |
Configuring the OIDC client
After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.
| Code Block |
|---|
env:
oidc:
clientId: codebeamerClient
clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9 |
| Note |
|---|
The OIDC client MUST fulfill the following requirements: has to be a private client (so it has a key and secret) grant type must be authorization codeĀ the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
|
Setting up a connection to the Codebeamer instance
Adapting a Codebeamer instance
There are two URLs that must be set before a integration with the API and UI of Codebeamer can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Codebeamer instance. The second one is adaptedToolApiUri and represents the API URL of Codebeamer. This usually follows the following path formats:
https://<codebeamer instance URL>/api/v3/
https://<codebeamer instance URL>/cb/api/v3/
| Code Block |
|---|
|
env:
tool:
adaptedToolApiUri: "https://codebeamer.com/api/v3/"
adaptedToolRootUri: "https://codebeamer.com" |
Codebeamer Widget URL
OSLC Connector for Codebeamer comes up with a bundled widget that has to be installed in Codebeamer. The first step to achieve that is to set the widgetUrl - it must be in the format https://<connector base url>/cb
| Code Block |
|---|
|
env:
tool:
widgetUrl: "<baseUrl>/cb" |
Codebeamer time zone
The Codebeamer time zone must be set in the OSLC Connector for Codebeamer too. To do that use adaptedToolToolTimeZone. For more references on the Codebeamer tool time zone see the documentation.
| Code Block |
|---|
|
env:
tool:
adaptedToolToolTimeZone: "UTC" |
...
...
loggingLevelSpringFramework: "INFO"
ingress:
enabled: true
className: ""
annotations: {}
tls:
secretName: ""
# ----------------------------------------------------------------
# ------------------------- Library ------------------------------
# ----------------------------------------------------------------
# Special certtool configuration
certtool:
# certtool should only be activated on the first deployment and after a certificate update
enabled: true
mongodb
# Deployes a mongodb container inside the pod that the OSLC Connector will use
enabled: true |
Overwriting the installed version
Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart
| Code Block |
|---|
genoslcToolServiceVersionOverride: "2024.07.4" |
Use genoslcCodebeamerPluginVersionOverride to change the default version set in the helm chart for the Codebeamer plugin widget. Overwrite the default value when you want to switch to another version, other than the one set as default.
| Code Block |
|---|
genoslcCodebeamerPluginVersionOverride: "2024.07.1" |
SSL certificates
| Code Block |
|---|
|
# SSL certificates
cert:
overrideTruststorePassword: "changeit"
secretName: ""
crtFullChain: ""
key: "" |
Domain and subdomain
In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Codebeamer will be accessible.
| Code Block |
|---|
|
global:
domain: "example.com"
hosts:
genoslc:
subdomain: "genoslc-codebeamer"
port: "" |
This will result in genoslc-codebeamer.example.com to become the URL where the OSLC Connector is established.
OIDC Issuer
The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))
| Code Block |
|---|
|
global:
identity:
OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector" |
Configuring the OIDC client
After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.
| Code Block |
|---|
env:
oidc:
clientId: codebeamerClient
clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9 |
| Note |
|---|
The OIDC client MUST fulfill the following requirements: has to be a private client (so it has a key and secret) grant type must be authorization codeĀ the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
|
Setting up a connection to the Codebeamer instance
Adapting a Codebeamer instance
There are two URLs that must be set before a integration with the API and UI of Codebeamer can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Codebeamer instance. The second one is adaptedToolApiUri and represents the API URL of Codebeamer. This usually follows the following path formats:
https://<codebeamer instance URL>/api/v3/
https://<codebeamer instance URL>/cb/api/v3/
| Code Block |
|---|
|
env:
tool:
adaptedToolApiUri: "https://codebeamer.com/api/v3/"
adaptedToolRootUri: "https://codebeamer.com" |
Codebeamer Widget URL
OSLC Connector for Codebeamer comes up with a bundled widget that has to be installed in Codebeamer. The first step to achieve that is to set the widgetUrl - it must be in the format https://<connector base url>/cb
| Code Block |
|---|
|
env:
tool:
widgetUrl: "<baseUrl>/cb" |
Codebeamer time zone
The Codebeamer time zone must be set in the OSLC Connector for Codebeamer too. To do that use adaptedToolToolTimeZone. For more references on the Codebeamer tool time zone see the documentation.
| Code Block |
|---|
|
env:
tool:
adaptedToolToolTimeZone: "UTC" |
| Code Block |
|---|
|
env:
tool:
adaptedToolToolTimeZone: "UTC"
# base64 encoded technical user credentials
# Required when if TRS is enabled
adaptedToolTechnicalUserAuthorizationHeader: ""
widgetUrl: "<baseUrl>/cb"
# If the flag "manualLoginRequired" is set to "true", the plugin will not attempt to automatically login the user.
# This flag should be enabled if many users that do not have access to a third party app connected
# via the OSLC Connector.
manualLoginRequired: "false" |
Technical user authorization for TRS generation
The value for adaptedToolTechnicalUserAuthorizationHeader must be a valid Basic authorization header. The credentials are base64 encoded.
Setting the adaptedToolTechnicalUserAuthorizationHeaderis mandatory if TRS feed generation is required.
| Code Block |
|---|
env:
tool:
adaptedToolTechnicalUserAuthorizationHeader: "Basic dXNlcm5hbWU6cGFzc3dvcmQ=" |
List of OSLC Connector for Codebeamer administrators
Provide a list of up to 5 usernames which will have the administration right to change protected settings in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. At least one administrator user must be stated here.
| Code Block |
|---|
env:
configuration:
administrators: [] |
Encrypt oauth10a configuration data
Set the encryption key used to encrypt and decrypt the oauth10a configuration data in the database.
| Code Block |
|---|
env:
configuration:
oauth10aEncryptionKey: "encryption-key" |
Overwrite global OIDC configuration
This optional section can be used to overwrite the OIDC client configuration used by the OSLC Connector for Codebeamer when the helm chart bundles multiple applications together.
Set the env.oidc.clientId and env.oidc.clientSecret in order to overwrite the values from global.oidc.clientId and global.oidc.clientSecret respectively.
Alternatively you can provide the name of the Kubernetes secret and the values for clientId and clientSecret will be fetched from the specified secret.
| Code Block |
|---|
env:
oidc:
clientId: ""
clientSecret: ""
secretName: "" |
User name attribute
Used to set the JWT claim to be used for user identification. Examples are preferred_username, sub, oid.
| Code Block |
|---|
env:
userNameAttribute: "preferred_username" |
Client authentication scheme
Sets the client authentication method to be used in the authentication process. Valid values are: client_secret_basic, client_secret_post, none. Default value is "client_secret_basic"
| Code Block |
|---|
env:
clientAuthenticationScheme: "client_secret_basic" |
User info authentication method
Sets the user info authentication method. Valid values are: header, form, query
| Code Block |
|---|
env:
userInfoAuthenticationMethod: "header" |
Client scopes
Sets the client scopes used in the authentication process. Default value "openid". The value is a comma separated list of scopes (e.g. "read, write").
| Code Block |
|---|
env:
clientScope: "openid" |
PKCE
Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/ . Default value is true. Set pkceEnabled to false if the OIDC provider does not support PKCE.
| Code Block |
|---|
env:
pkceEnabled: true |
Authorization URI
By default, the authorization URI will be retrieved from the issuer URI. However, if you need to configure custom query parameters for the authorization request you can set it up; e.g. for acr_values
| Code Block |
|---|
env:
authorizationUri: <https://<auth_uri>>/<path>?acr_values=<value> |
Introspection URI
The introspection URI will be used to validate and retrieve token data necessary for user identification.
| Note |
|---|
Mandatory from OSLC Connector for Codebeamer 2024.09.1 |
| Code Block |
|---|
|
env:
introspectionUri: "" |
Public URI and Plugin URI
The env.publicUri variable sets the URL where the OSLC Connector for Codebeamer is accessible. This is mandatory and has to be set.
The env.pluginUri sets the URL where the OSLC Connector for Codebeamer is accessible and must be in the form of <env.publicUri>/spa. This variable is also mandatory and must be set.
| Code Block |
|---|
env:
publicUri: ""
pluginUri: "" |
Allowed CORS URLs
This is a comma separated list of applications that are allowed to make requests to the OSLC Connector API like third party applications that read data from the OSLC Connector for Codebeamer.
| Code Block |
|---|
env:
allowedCorsOrigins: "https://smartfacts.com" |
Known context roots
This is a comma separated list URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Codebeamer, DOORS Classic) that are connect to this instance via an association.
| Code Block |
|---|
env:
knownContextRoots: "https://genoslc-codebeamer.smartfacts.com" |
Global Configuration Provider
Sets the Global Configuration provider. An example is https://<ibm-elm>/gc. Setting the value is optional but is mandatory if IBM ELM link validity is required.
| Code Block |
|---|
env:
globalConfigurationProvider: "" |
Link Index Type
Sets the type of link index used. A link index is generally used when links are retrieved by the OSLC Connector for Codebeamer from an external link index (e.g. LDX or Smartfacts Link Index).
e.g. Requirements are handled in Codebeamer and test cases in Jazz ETM - links must be read from LDX
Available options are: "ibm-elm", "smartfacts", "none"
| Code Block |
|---|
env:
linkIndexType: "none" |
Links Index URI
Provides the querying endpoint for the link index.
Must be configured only if env.linkIndexType has been set to ibm-elm or smartfacts.
| Code Block |
|---|
env:
linkIndexUri: "https://<ibm-elm>/ldx/sparql" |
Link Validity Provider
Sets the Link Validity Provider. Examples:
https://<ibm-elm>/jts/elm
https://<smartfacts>/platform/elm
| Code Block |
|---|
env:
linkValidityProvider: "" |
Enabling TRS
Enables TRS feed generation. Requires a technical user to be set via the env.tool.adaptedToolTechnicalUserAuthorizationHeader if it's enabled.
TRS feed exposes base artifacts and changes that occurred in synchronized Codebeamer projects.
| Note |
|---|
Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data. |
| Code Block |
|---|
env:
trsEnabled: false |
Install the OSLC Connector for Codebeamer
...