Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Prerequisites

The following steps should already have been done before you install the OSLC Connector for Octane. Please make sure that:

The OAuth client MUST fulfill the following requirements:

  1. has to be a private client (so it has a key and secret)

  2. has to be OIDC

  3. grant type must be authorization codeĀ 

  4. the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Prepare the Deployment

Add library Repository for the OSLC Connector for Octane

You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.

sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD>
sudo helm repo update

Customize Values File

  • Change to your user's home directory on the server and create a new text file values-genoslc-octane.yaml with the following content:

genoslcToolServiceVersionOverride: ""

global:
  # Domain of the cluster or of the external reverse proxy
  domain: "example.com" 
  
  # Setup OIDC information
  oidc:
    # OIDC Client ID registerd for this application
    clientId: ""
    # OIDC Client Secret registered for this application
    clientSecret: ""
  
  # SSL certificates
  cert:
    overrideTruststorePassword: "changeit"
    secretName: ""
    crtFullChain: ""
    key: ""

  identity:
    # OIDC Issuer URL, taken from the /.well-known/openid-configuration endpoint 
    OIDC_ISSUER: ""
  hosts:
    genoslc:
      # The subdomain where the OSLC Connector for Codebeamer will be accessible
      subdomain: "genoslc-codebeamer"  
      port: ""

env:
  tool:
    # Possible values: ""|"codebeamer"
    # Setting it to "codebeamer" will tell the helm chart to setup the Codebeamer Widget container in the pod
    # Required for a complete integration in the Codebeamer UI
    type: "codebeamer"
    # Codebeamer API URL
    # Usually it is the <codebeamer instance URL>/api/v3/ or <codebeamer instance URL>/cb/api/v3/
    adaptedToolApiUri: ""
    # URL where the Codebeamer application is accessible
    adaptedToolRootUri: ""
    # Timezone set in Codebeamer
    # See chapter 1.1.22.1 in https://codebeamer.com/cb/wiki/5848463
    adaptedToolToolTimeZone: "UTC"
    # base64 encoded technical user credentials
    # Required when if TRS is enabled
    adaptedToolTechnicalUserAuthorizationHeader: ""
    # URL where the Codebeamer Widget will be accessible;
    # Must fill the base URL of the OSLC Connector for Codebeamer
    widgetUrl: "<baseUrl>/cb"
  
  # If the flag "manualLoginRequired" is set to "true", the plugin will not attempt to automatically login the user.
  # This flag should be enabled if many users that do not have access to a third party app connected
  # via the OSLC Connector.
  manualLoginRequired: "false"
  
  configuration:
    # Give a list of up to 5 usernames of users which will have the administration right to change settings
    # in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. 
    # At least one administrator user must be stated here.
    administrators: []
    # Key used to encrypt the oauth10a configuration data in the database
    oauth10aEncryptionKey: ""  
  # oidc section overwrites the information set in the global.oidc section
  oidc:
    # OIDC Client ID registerd for this application
    clientId: ""
    # OIDC Client Secret registered for this application
    clientSecret: ""
    # Name of a Kubernetes secret containing clientId and clientSecret.
    secretName: ""
  # Sets the JWT claim to be used for user identification
  # e.g. preferred_username, sub, oid
  userNameAttribute: "preferred_username"
  # Sets the client authentication method to be used in the authentication process
  # Valid values are: client_secret_basic, client_secret_post, none
  # Default value is "client_secret_basic"
  clientAuthenticationScheme: "client_secret_basic" 
  # Sets the user info authentication method
  # valid values are: header, form, query
  userInfoAuthenticationMethod: "header" 
  # Sets the client scopes used in the authentication process
  # Default value "openid"
  clientScope: "openid" # comma separated list of scopes (e.g. "read, write")
  # Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/
  # Default value is true
  # Set pkceEnabled to false if the OIDC provider does not support PKCE
  pkceEnabled: true
  
  # Sets the URL where the OSLC Connector for Codebeamer is accessible
  # Mandatory
  publicUri: ""  
  # Sets the URL where the OSLC Connector for Codebeamer is accessible
  # URL must be <publicUri>/spa
  # Mandatory
  pluginUri: ""
  # Comma separate list of applications that are allowed to make requests to the OSLC Connector API
  # Examples:
  # Third party applications that connect to the OSLC Connector for Codebeamer
  # Codebeamer
  allowedCorsOrigins: ""
  # URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connected
  # to this instance via an association. 
  knownContextRoots: ""
  # Sets the Global Configuration provider
  # Example: https://<ibm-elm>:9443/gc
  # Optional
  # Required if IBM ELM link validity is used 
  globalConfigurationProvider: ""
  # Sets the Link Validity Provider
  # Examples:
  # https://<ibm-elm>:9443/jts/elm
  # https://<smartfacts>/platform/elm
  linkValidityProvider: ""
  # Enables TRS feed generation
  # Requires a technical user to be set if it's enabled
  # TRS feed exposes base artifacts and changes occurend in syncronized Codebeamer projects
  # Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data
  trsEnabled: false
  
  containerPort: "8443"
  port: "8443"
  debugPortToolService: ""
  
  # Defines a proxy used by the OSLC Connector for Codebeamer. 
  proxy:
    https:
      # The URL of the https proxy server
      host: "" 
      # The port of the https proxy server
      port: ""
      # A list of IP addresses or URLs devided by the pipe sign '|'
      nonProxyHosts: "" 

  # Sets the logging level in the application
  # valid values are: INFO, ERROR, DEBUG, TRACE
  loggingLevelSpringFramework: "INFO" 


ingress:
  enabled: true
  className: ""
  annotations: {}
  tls:
    secretName: ""


  # ----------------------------------------------------------------
  # ------------------------- Library ------------------------------
  # ----------------------------------------------------------------

# Special certtool configuration
certtool:
  # certtool should only be activated on the first deployment and after a certificate update
  enabled: true
  
mongodb
  # Deployes a mongodb container inside the pod that the OSLC Connector will use
  enabled: true

Overwriting the installed version

Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart

genoslcToolServiceVersionOverride: "2024.07.4"

SSL certificates

# SSL certificates
  cert:
    overrideTruststorePassword: "changeit"
    secretName: ""
    crtFullChain: ""
    key: ""

Domain and subdomain

In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Octane will be accessible.

global:
  domain: "example.com" 
  hosts:
    genoslc:
      subdomain: "genoslc-octane"  
      port: ""

This will result in genoslc-octane.example.com to become the URL where the OSLC Connector is established.

OIDC Issuer

The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))

global:
  identity: 
    OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector"

Configuring the OIDC client

After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.

env:
  oidc:
    clientId: octaneClient
    clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9

The OIDC client MUST fulfill the following requirements:

  1. has to be a private client (so it has a key and secret)

  2. grant type must be authorization codeĀ 

  3. the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Setting up a connection to the Octane instance

Adapting a Octane instance

There are two URLs that must be set before a integration with the API and UI of Octane can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Octane instance. The second one is adaptedToolApiUri and represents the API URL of Octane. This usually follows the following path formats:

  • https://<octane instance URL>/api/v3/

  • https://<octane instance URL>/cb/api/v3/

env:
  tool:
    adaptedToolApiUri: "https://octane.com"
    adaptedToolRootUri: "https://octane.com"

Install the OSLC Connector for Octane

Execute the Installation

Enter the following command to execute the Installation:

sudo helm upgrade --install genoslc-octane library/genoslc -f values-genoslc-octane.yaml --version 3.0.1 -n genoslc-octane --create-namespace
  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.