User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

RDM Application Properties

This article is intended to serve as a reference point for RDM configuration. As such, it provides an overview of the available properties and, when applicable, refers users to more comprehensive sources. The properties described here are defined in the rdm/etc/application.properties file.

For each property, you will find information about the required data type, its default value, and a short description. The Mandatory column specifies whether a property is required for the application to run and function as expected.

RDM properties

Use the following properties to configure server settings for RDM, specify the type of the repository, and the path to the license.

Name Data Type Default value Mandatory Description

server.port

Number

8060

Yes

The number of the port where the RDM application is running.

server.servlet.context-path

String

/

Yes

The context path to the RDM application server. It is root by default.

ataccama.one.rdm.id

String

rdm

Yes

The RDM application ID. If not set, canonical_hostname:context_path is used.

ataccama.one.rdm.repository

String

database

Yes

The type of RDM repository. If set to database, the configuration set in the database is used.

ataccama.one.rdm.application.url

String

localhost:8060

Yes

The URL of the RDM application.

ataccama.one.rdm.license-folder

String

Yes

The path to the folder that contains the license. By default, the application searches for the license in the home directory of the user.

ataccama.one.rdm.server.url

String

http://localhost:8061

Yes

The URL of the RDM (runtime) server.

RDM data connection

Use the following properties to configure the connection to the RDM storage database. See Encrypt Passwords for information about how to encrypt passwords.

Name Data Type Default value Mandatory Description

ataccama.one.rdm.datasource.rdm-data.url

String

/

Yes

The URL of the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.jdbcUrl

String

/

Yes

The JDBC URL of the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.username

String

/

Yes

The username for the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.password

String

/

Yes

The password for the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.driverClassName

String

/

Yes

The driver class name for the RDM storage database.

RDM metadata connection

The following properties configure the connection to the database where RDM metadata is stored. See Encrypt Passwords for information about how to encrypt passwords.

Name Data Type Default value Mandatory Description

ataccama.one.rdm.datasource.rdm-repo.url

String

/

Yes

The URL of the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.jdbcUrl

String

/

Yes

The JDBC URL of the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.username

String

/

Yes

The username for the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.password

String

/

Yes

The password for the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.driverClassName

String

/

Yes

The driver class name for the RDM metadata database.

Keycloak

The following properties configure Keycloak. See Encrypt Passwords for information about how to encrypt passwords.

Name Data Type Default value Mandatory Description

ataccama.authentication.keycloak.server-url

String

http://localhost:8080/auth

Yes

The URL of the server where Keycloak is running.

ataccama.authentication.keycloak.realm

String

ataccamaone

Yes

The name of the Keycloak realm.

ataccama.authentication.keycloak.admin.client-id

String

/

Yes

The client identifier used to verify the admin user’s authorization token.

ataccama.authentication.keycloak.admin.secret

String

/

Yes

The secret key of the client identifier for the admin account. Secret keys can be generated using Keycloak. Used by BASIC and SECRET_JWT strategies.

ataccama.authentication.keycloak.token.client-id

String

/

Yes

The client identifier. Used to verify a user’s authorization token and to log in a user.

ataccama.authentication.keycloak.token.secret

String

/

Yes

The secret key of the client. Secret keys can be generated using Keycloak. Used for BASIC and SECRET_JWT strategies.

ataccama.authentication.keycloak.token.issuer

String

/

Yes

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

ataccama.authentication.keycloak.public.client-id

String

/

Yes

Keycloak public client ID for web application browsing.

ataccama.client.connection.keycloak.http.enabled

Boolean

true

Yes

Specifies whether the HTTP protocol is being used with Keycloak.

ataccama.client.connection.keycloak.http.tls.enabled

Boolean

false

Yes

Specifies whether the TLS protocol is being used with Keycloak.

ataccama.one.rdm.user-synchronization-schedule

String

/

No

The schedule for automatic synchronization of user or role mapping with Keycloak. The value is a Cron expression that consists of six fields representing, in this order, second, minute, hour, day, month, weekday. For more information, see the official Spring documentation.

The following properties specify the links to other applications.

Name Data Type Default value Mandatory Description

ataccama.one.rdm.mdm.link

String

No

The URL for the MDM link.

ataccama.one.rdm.catalog.link

String

No

The URL for the link to the catalog (MMM) application.

Logging

The following properties configure logging. Logging levels can also be set via LOG_PATH.

Name Data Type Default value Mandatory Description

ataccama.logging.plainTextConsoleAppender

Boolean

true

No

If set to true, logs are outputted as plain text in the console.

ataccama.logging.jsonConsoleAppender

Boolean

false

No

If set to true, logs are outputted in JSON format in the console.

ataccama.logging.plainTextFileAppender

Boolean

false

No

If set to true, logs are outputted as plain text in the log file.

ataccama.logging.jsonFileAppender

Boolean

true

No

If set to true, logs are outputted in JSON format in the log file.

logging.file.path

String

${ataccama.path.root}/log

No

The location of the log folder. This value can be updated using the system property LOG_PATH, which can be used for further logging configuration.

logging.level.root

String

INFO

No

The root logging level. Available values are INFO, WARN, ERROR, DEBUG, OFF.

logging.level.com.ataccama

String

INFO

No

The logging level for`com.ataccama` packages. Available values are INFO, WARN, ERROR, DEBUG.

logging.level.com.ataccama.rdm

String

DEBUG

No

The logging level for RDM packages. Available values are INFO, WARN, ERROR, DEBUG.

Endpoints for monitoring

The following properties configure endpoints for monitoring. For more information, see Monitoring Configuration.

Name Data Type Default value Mandatory Description

management.endpoints.enabled-by-default

Boolean

false

No

Enables all actuator endpoints. If set to false, it is possible to configure individually which endpoints should be enabled.

management.endpoint.info.enabled

Boolean

true

No

Enables /info monitoring endpoint.

management.endpoint.health.enabled

Boolean

true

No

Enables /health monitoring endpoint.

management.endpoint.prometheus.enabled

Boolean

true

No

Enables /prometheus monitoring endpoint.

management.endpoints.web.exposure.include

String

health,info,prometheus

No

A comma-separated list of exposed actuator endpoints that should provide information about the application.

These endpoints track the following:

  • health - The health status of the application.

  • info - Other information about the application.

  • prometheus - Provides all metrics from the application in a format that Prometheus can scrape.

management.endpoint.health.show-details

String

always

No

Specifies how much information is provided by the health monitoring endpoint. The following values are available:

  • never - Health details are never displayed to any user.

  • when-authorized - Only authorized users have access to health information.

  • always - All users can see health details.

management.endpoint.health.show-components

String

always

No

Specifies how much detail the health monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available:

  • never - Component information is never displayed to any user.

  • when-authorized - Only authorized users have access to information about components.

  • always - All users can see component details.

management.endpoint.health.status.order

String

down,out-of-service,reloading,unknown,up

No

A comma-separated list that determines how the /health monitoring endpoint prioritizes application health statuses.

management.info.git.mode

String

full

No

Configures how much information the /info monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the git.properties file, set the value to full. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to simple.

management.endpoint.health.probes.enabled

Boolean

true

No

Enables /health/liveness and /health/readiness endpoints.

management.endpoint.health.group.liveness.include

String

diskSpace,ping

No

Defines which components are covered by the liveness probe. These components are a subset of /health components.

management.endpoint.health.group.readiness.include

String

db

No

Defines which components are covered by the readiness probe. These components are a subset of /health components.

ataccama.authentication.http.acl.endpoints.prometheus.endpoint-filter

String

/actuator/prometheus

No

Enables ACL-based authentication on the selected endpoint. The same filter can be enabled on other endpoints.

ataccama.authentication.http.acl.endpoints.prometheus.allowed-roles

String

ONE_PLATFORM_MONITORING

No

Allows access to the endpoint defined in the endpoint-filter property for the selected user roles.

management.metrics.web.server.auto-time-requests

Boolean

false

No

Enables the timing metrics to all Spring endpoints.

Static configuration

Use the following properties to set static configuration.

Name Data Type Default value Mandatory Description

ataccama.one.rdm.static-config.username-case-insensitive

Boolean

false

Yes

If set to true, the username is case insensitive.

ataccama.one.rdm.static-config.start-empty

Boolean

false

Yes

If set to true, RDM starts with the default empty configuration. Otherwise, it waits for the user to upload a configuration.

ataccama.one.rdm.app-login-role

String

RDM

Yes

The name of role that is required to successfully log in to RDM. When not defined, any user can access the application. In such a case a warning is reported to the backend log. If the defined role does not exist in Keycloak, an error is reported to the log and no user can log in to the application.

ataccama.one.rdm.group-regex-filter

String

RDM.*

Yes

Prefix for additional RDM roles with app-login-role. The roles are visible on the Permissions tab.

ataccama.one.rdm.system-group-name

String

RDM_admin

Yes

The system group name for RDM. Users with this role can perform system-related operations and have higher privileges than regular users (for example, they can see all tables).

ataccama.one.rdm.permissions-group-name

String

""

No

The name of the role with access to the Permissions tab in RDM. When empty, the system-group-name role is used to determine access to the permissions.

spring.datasource.maxActive

Number

20

No

The maximum number of active connections that can be allocated from the datasource pool at the same time.

spring.datasource.maxIdle

Number

10

No

The maximum number of connections that should be kept in the pool at all times. Idle connections are checked periodically (if enabled) and connections that have been idle for longer than minEvictableIdleTimeMillis will be released.

spring.datasource.maxWait

Number

-1

No

The maximum time interval that the pool waits (when there are no available connections) for a connection to be returned before throwing an exception. Expressed in ms. If set to -1, the waiting time is not limited.

Mail settings

The following properties configure mail settings. If workflows are used in the project, these properties are mandatory.

Name Data Type Default value Mandatory Description

spring.mail.host

String

/

No

The hostname of the mail server.

spring.mail.port

Number

/

No

The number of the the mail server port.

spring.mail.username

String

/

No

The username used to authenticate to the mail server.

spring.mail.password

String

/

No

The password used to authenticate to the mail server.

spring.mail.default-encoding

String

/

No

The default encoding of the emails.

spring.mail.properties.mail.transport.protocol

String

/

No

Specifies the protocol used to send emails.

spring.mail.properties.mail.smtp.port

Number

/

No

The number of the SMTP port.

spring.mail.properties.mail.smtp.auth

Boolean

/

No

Enables the SMTP authentication.

spring.mail.properties.mail.smtp.starttls.enable

Boolean

/

No

Enables STARTTLS for SMTP.

spring.mail.properties.mail.smtp.starttls.required

String

/

No

Specifies whether the STARTTLS is required for SMTP.

Configuration Service client properties

Use these properties to configure the Configuration Service.

Name Data Type Default value Mandatory Description

ataccama.config-service.runtime

String

mandatory

Yes

Enables using the Configuration Service. Possible values are off, optional, mandatory.

If set to mandatory, the module fails when there is an error connecting to the Configuration Service. If set to off, the Configuration Service is disabled.

ataccama.grpc.client.channels.configservice.url

String

/

No

The URL of the Configuration Service.

ataccama.authentication.internal.jwt.generator.key

String

/

No

The key generated for internal JWT authentication.

Client security headers

You can configure RDM Webapp security by adding response headers (security headers) to HTTP responses from the web application.

Name Data Type Default value Mandatory Description

one.security.header.content-security-policy.connect-src

String

self' ${ataccama.authentication.keycloak.server-url}

No

Specifies allowed connections. We strongly recommend using the default value.

one.security.header.content-security-policy.script-src

String

self' 'unsafe-eval' 'sha256-XI/joSm13E0tRqSDZUO5DZQUbuNxa2lnkOORub88i8U=' 'sha256-7qt6iyJjmGKP6A18nPa5hTNifcr+JTAgPsN9Qpn+QgM='

No

Specifies allowed script sources. We strongly recommend using the default value.

one.security.header.content-security-policy.img-src

String

self' data:

No

Specifies allowed image sources. We strongly recommend using the default value.

internal.encryption.keystore

String

/

No

The path to the internal keystore.

internal.encryption.keystore.password

String

/

No

The password for the internal keystore.

internal.encryption.keystore.passwordFile

String

/

No

The path to the password file for the internal keystore.

properties.encryption.keystore

String

/

No

The path to the properties keystore.

properties.encryption.keystore.password

String

/

No

The password for the properties keystore.

properties.encryption.keystore.passwordFile

String

/

No

The path to the password file for the properties keystore.

one.security.header.X-Frame-Options

String

deny

No

Protects against clickjacking. If set to deny, iframes are disabled.

Was this page useful?