This section provides the description of the installation and administration functionalities. An administrator should be able to install, deploy, perform the sanity checks on the environment.
###Get the source code from repository
Open a command prompt and execute the following command to clone the source code from the CaPe GitHub repository (Git must be installed):
git clone https://github.com/OPSILab/Service-Catalogue.gitcd Service-CatalogueService Catalogue installation will involve the deployment of different architectural components, each of which can deployed either in a "on premise", "as a service" or mixed approach:
Service Catalogue uses following libraries and frameworks.
| Name | Version | License |
|---|---|---|
| Spring Boot | 2.4.5 | Apache License 2.0 |
| Springdoc Openapi | 1.5.8 | Apache License 2.0 |
| Spring Data | 2.4.5 | Apache License 2.0 |
| Lombok | 1.18.12 | MIT |
| Apache Commong Lang 3 | 3.11 | Apache License 2.0 |
| JSONSchema2Pojo Plugin | 1.01 | Apache License 2.0 |
| Angular | 11.2.12 | MIT |
| Nebular | 7.0.0 | MIT |
| Json-Editor | 2.8.0 | MIT |
| Bootstrap | 4.6.0 | MIT |
| Ngx-configure | 9.0.0 | ISC License |
| Ng2-smart-table | 1.7.2 | MIT |
| Rxjs | 6.6.7 | Apache License 2.0 |
| Ngx-translate | 13.0.0 | MIT |
| TypeScript | 4.1.5 | Apache License 2.0 |
| jQuery | 3.5.1 | MIT |
| D3 | 6.6.2 | BSD |
| Material-design-icons | 3.0.1 | Apache License 2.0 |
| Fontawesome-free | 5.15.3 | CC-BY-4.0 |
| Fontawesome-svg-core | 1.2.35 | MIT |
| Java OpenJDK | >= 15 | GNU General Public License Version 2.0 |
| Apache Tomcat | >=9.0 | Apache License v.2.0 |
| MongoDB Community Server | >=4.2.9 | Server Side Public License (SSPL) |
| Maven | >=3.5.0 | Apache License 2.0 |
| JsonEditor | 9.10.0 | Apache License 2.0 |
| Lodash | 4.17.21 | MIT |
| urlencode | 1.1.0 | MIT |
Service Catalogue interacts with any Identity Manager that supports OpenId Connect authorization framework.
Note. Service Catalogue uses the Keycloak IdM as default, which will be used as reference for the configuration sections of this installation guide.
Service Catalogue Manager will use the Open Id Connect protocol upon the OAuth2 Authentication workflow (Authorization Code grant), in order to perform User authentication and obtain an Access Token (JWT), which will be used to grant access to Service Catalogue APIs.
This Access Token will be used by the Service Catalogue Manager dashboard to call the APIs exposed by Service Catalogue Server component.
In the same way, an external client application/service that wants to interact with Service Catalogue APIs must perform one of the available OAuth2 flows (Authorization Code, Client Credentials and Password grants) against the IdM (e.g. Keycloak), in order to get an Access Token and then use it in the API requests. In that case, you must enable oauth2 authentication and create a client id and a client secret in order to allow remote access for federated query (see Federation)
The default theme proposed by the Keycloak server has been customized (brand) for the specific application; in this way it was possible to have a specific look and feel for the end-user facing Keycloak administration console, login, welcome page, emails, and for the user's profile page.
keycloak-console.jpg
Keycloak provides an administration console that is used to manage realms. Within each realm it is possible, for an administrator, to register users and client applications managing roles and their associations with the users.
In order to get Keycloak ready to be used by Service Catalogue, following steps must be performed:
-
Install Keycloak, create a realm and at least one user (see here).
-
Register a client applications with a name and clientId (see here). Be sure to select
publicin the Access Type field. -
Create
DATA_CONTROLLER,SERVICE_MANAGERandCATALOGUE_MANAGERin the client. (see here). -
Assign
SERVICE_MANAGERas default role. (see here). -
Create at least a user playing the above third roles in order to view all the sections of the Service Catalogue Manager Dashboard
-
Create for client a Mapper of type User Client Role and set
rolesas Token Claim Name, in order to map client roles to therolesfield of the generated Access Token. -
Enable oauth2 authentication and create a client id and a client secret in order to allow remote access for federated query (see Federation).
Any feedback on this documentation is highly welcome, including bug reports and suggestions. Please send the feedback through GitHub. Thanks!