Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Current »

Prepare the Deployment

Add library Repository for the OSLC Connector for PREEvision

You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.

sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD>
sudo helm repo update

Customize Values File

  • Change to your user's home directory on the server and create a new text file preevision_values.yaml with the following content:

genoslcToolServiceVersionOverride: "" #use this to overwrite the default OSLC Connector for PREEvision version
global:
  domain: "<base domain>"
  instance: "<instance name"
  registry: "repo.mid.de"
  repologin: "<base64 encoded; provided by MID>"
  cert:
    crtFullChain: "<base64 encoded certificate chain>"
    key: "<base64 encoded key>"
  oidc:
    clientId: "<oauth2.0 client ID>"
    clientSecret: "<oauth2.0 client secret>"
  hosts:
    genoslc:
      subdomain: "<subdomain where the OSLC Connector for PREEvision is accessible>"
  secrets:
    oauth2:
      wellknown: "<well known URL of the oauth2.0 provider; usually ends with /.well-known/openid-configuration>"
  identity:
    OIDC_ISSUER: "<identity URL of the oauth2.0 provider>"
ingress:
  enabled: true
  # if you use nginx as ingress controller please uncomment in this line:
  #ingressClassType: "nginx"
toolservice:
  livenessProbe:
    enabled: false
  startupProbe:
    enabled: false
  readinessProbe:
    enabled: false

env:
  clientScope: "openid <space spearated scopes>" #default value is openid
  userNameAttribute: "<username attribute in the JWT token>" #default is preferred_username
  allowedCorsOrigins: "<comma separated URLs of apps that can make REST calls to the OSLC Connector for PREEvision"
  loggingLevelSpringFramework: "INFO" # ERROR, WARN, INFO, DEBUG, TRACE 
  linkValidityProvider: ""
  tool:
    type: "preevision"
    adaptedToolApiUri: "<API URL of the PREEvision instance>"
    adaptedToolRootUri: "<base URL of the PREEvision API" # usually the same as the adaptedToolApiUri
    #technical role to be used for authentication for building TRS feed; 
    technicalUser: ""
    technicalPassword: ""
    technicalRole: ""    
    
    adaptedModel: "<PREEvision Model name>"
    adaptedToolRoles: "<list of comma separated roles users can have/select for authentication"
    adaptedToolToolTimeZone: UTC
    getProductLine: "<metric for retrieving product lines>"
    getProductlinesRequs: "<metric for retrieving product lines requs"
    getReqTable: "<metric for retrieving req table"
    getReqTree: "<metric for retrieving req tree"
  
  configuration:
    # Give a list of up to 5 usernames of users which will have the administration right to change settings in OSLC Connector for PREEvision.
    # At leas one administrator user must be stated here.
    administrators:
      - <administrator1> # replace this value with the username of the person who should configure the oauth10a information for the OSLC Connector for PREEvision
    # technical role to be used for authentication# key used to encrypt the oauth10a configuration data
    oauth10aEncryptionKey: "" # define the key which is used to encrypt the oauth10a informatin in the database

mongodb:
  enabled: true
certtool:
  enabled: true

Install the OSLC Connector for PREEvision

Execute the Installation

Enter the following command to execute the Installation:

sudo helm upgrade --install genoslc-preevision library/genoslc -f preevision_values.yaml --version 3.0.0 -n genoslc-preevision --create-namespace

FAQ

What is the OIDC configuration?

The OIDC configuration refers to the oauth2.0 client. You must protect the access to OSLC Connector for PREEvision using an oauth2.0 client configured in the Identity Provider of your choice (Azure AD, Keycloak, Ping .etc). OSLC Connector for PREEvisions uses authorization_code

Can I use OSLC Connector for PREEvision without an oauth2.0 authorization?

No

Can we connect one instance of OSLC Connector for PREEvision to multiple instances of PREEvision?

No. OSLC Connector for PREEvision can connect to only one PREEvision instance specified through the API URL in adaptedToolApiUri. Additionally the connection is available only for one model, specified through adaptedModel in the values file.

How does the user authenticate against the PREEvision API?

The user credentials are requested after the oauth2.0 authentication succeeded, as a secondary login step. The user is presented with a form where he can introduce the username, password and select one of the roles made available via the adaptedToolRoles.

  • No labels