Prepare the Deployment
Add library Repository for the OSLC Connector for PREEvision
You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.
sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD>
sudo helm repo update
Customize Values File
Change to your user's home directory on the server and create a new text file
preevision_values.yaml
with the following content:
genoslcToolServiceVersionOverride: "" #use this to overwrite the default OSLC Connector for PREEvision version global: domain: "<base domain>" instance: "<instance name" registry: "repo.mid.de" repologin: "<base64 encoded; provided by MID>" cert: crtFullChain: "<base64 encoded certificate chain>" key: "<base64 encoded key>" oidc: clientId: "<oauth2.0 client ID>" clientSecret: "<oauth2.0 client secret>" hosts: genoslc: subdomain: "<subdomain where the OSLC Connector for PREEvision is accessible>" secrets: oauth2: wellknown: "<well known URL of the oauth2.0 provider; usually ends with /.well-known/openid-configuration>" identity: OIDC_ISSUER: "<identity URL of the oauth2.0 provider>" ingress: enabled: true # if you use nginx as ingress controller please uncomment in this line: #ingressClassType: "nginx" toolservice: livenessProbe: enabled: false startupProbe: enabled: false readinessProbe: enabled: false env: clientScope: "openid <space spearated scopes>" #default value is openid userNameAttribute: "<username attribute in the JWT token>" #default is preferred_username allowedCorsOrigins: "<comma separated URLs of apps that can make REST calls to the OSLC Connector for PREEvision" loggingLevelSpringFramework: "INFO" # ERROR, WARN, INFO, DEBUG, TRACE linkValidityProvider tool: type: "preevision" adaptedToolApiUri: "<API URL of the PREEvision instance>" adaptedToolRootUri: "<base URL of the PREEvision API" # usually the same as the adaptedToolApiUri #technical role to be used for authentication for building TRS feed; technicalUser: "" technicalPassword: "" technicalRole: "" adaptedModel: "<PREEvision Model name>" adaptedToolRoles: "<list of comma separated roles users can have/select for authentication" adaptedToolToolTimeZone: UTC getProductLine: "<metric for retrieving product lines>" getProductlinesRequs: "<metric for retrieving product lines requs" getReqTable: "<metric for retrieving req table" getReqTree: "<metric for retrieving req tree" configuration: # Give a list of up to 5 usernames of users which will have the administration right to change settings in OSLC Connector for PREEvision. # At leas one administrator user must be stated here. administrators: - <administrator1> # replace this value with the username of the person who should configure the oauth10a information for the OSLC Connector for PREEvision # technical role to be used for authentication# key used to encrypt the oauth10a configuration data oauth10aEncryptionKey: "" # define the key which is used to encrypt the oauth10a informatin in the database mongodb: enabled: true certtool: enabled: true
Install the OSLC Connector for PREEvision
Execute the Installation
Enter the following command to execute the Installation:
sudo helm upgrade --install genoslc-preevision library/genoslc -f preevision_values.yaml --version 3.0.0 -n genoslc-preevision --create-namespace
FAQ
What is the OIDC configuration?
The OIDC configuration refers to the oauth2.0 client. You must protect the access to OSLC Connector for PREEvision using an oauth2.0 client configured in the Identity Provider of your choice (Azure AD, Keycloak, Ping .etc). OSLC Connector for PREEvisions uses authorization_code
Can I use OSLC Connector for PREEvision without an oauth2.0 authorization?
No
Can we connect one instance of OSLC Connector for PREEvision to multiple instances of PREEvision?
No. OSLC Connector for PREEvision can connect to only one PREEvision instance specified through the API URL in adaptedToolApiUri
. Additionally the connection is available only for one model, specified through adaptedModel
in the values file.
How does the user authenticate against the PREEvision API?
The user credentials are requested after the oauth2.0 authentication succeeded, as a secondary login step. The user is presented with a form where he can introduce the username, password and select one of the roles made available via the adaptedToolRoles
.
Add Comment