AMT JCL Config
It is possible to make configuration changes to JCL scripts without rebuilding AMT-JCL by overriding their settings with a JSON configuration file (jcl-config.json).
Python scripts load the settings from the configuration file upon start. The location of the JSON configuration file can be set using the JCL_CONFIG_FILE environment variable.
Setting the Environment Variable
The file path pointing to the location of the JCL configuration file can be set using the JCL_CONFIG_FILE environment variable. Follow the instructions below for Windows or Linux.
Windows
- Open the Settings of Windows and navigate to System.
- Click on Advanced system settings A new dialog appears.
- Click on the Environment Variables button.
- Under System variables, click on the New button.
- Fill out the Variable name and Variable value as follows:
- Set the Variable name to JCL_CONFIG_FILE.
- Set the Variable value to point to the location of the JCL configuration file.
- Click the OK button.
Linux
- Open a terminal.
- Open the environment file in a text editor:
sudo <text editor> /etc/environment. - Text editor: specify a text editor, such as nano, vim, gedit, and kate.
- Enter the super user password to authenticate.
- Add the following line at the end of the file:
JCL_CONFIG_FILE="<value>". - The value should point to the location of the JCL logging file.
- Save the file.
- Open a new terminal and run
echo $JCL_CONFIG_FILEto verify the variable has been set successfully.
Configuring GRPC and OIDC Authentication
It is necessary to configure OIDC to authenticate clients and allow access to the AMT application.
Azure Entra Example
"oidc_url": "<URL OIDC provider>", "oidc_client_id": "<Client ID>", "oidc_client_secret": "<Client Secret>", "oidc_scope": "api://id/.default"
Keycloak Example
Set the environment variable "SSL_CERT_FILE" to the cert file used by keycloak. For example: C:\AMT\Java\certs\server1.pem. Python uses the cert file to verify the certificate of Keycloak.
"oidc_url": "<localhost:port/realms/AMTRealm/protocol/openid-connect/token>", "oidc_client_id": "<Client ID>", "oidc_client_secret": "<Client Secret>", "oidc_scope": "openid offline_access"
Enabling Support For OpenTelemetry
Usage of OpenTelemetry is optional and it is disabled by default. To enable OpenTelemetry, the host address and port of the OTEL collector must be configured (these fields are empty by default):
Example:
"otel_collector_host": "localhost", "otel_collector_port": "4317"
Available Configuration Settings
| Paths in JSON files |
|---|
| File paths in JSON files use forward slashes as opposed to backslashes in Windows. |
The following settings are available in the jcl_config.json file:
| Setting | Values | Description |
|---|---|---|
| app_name | String | Set the application name. |
| application_kind | String | Set the application kind. |
| job_summary | Boolean | Default: true. |
| amt_job_name | String | Default: GLOBAL_JOB. |
| job_logging_path | String | The location where log files are stored. |
| proc_libs_folder | String | Path to the directory of the JCL library. |
| file_encoding | String | Default: ASCII. Set to ASCII or UTF8. |
| block_size | Integer | Default: 32000. |
| max_wait_time | Integer | Default: 1. |
| max_gdg_generation | Integer | Default: 255. |
| file_extension | String | Default: ".DAT". Set the file extension. |
| print_extension | String | Default: ".PRN". Set the print file extension. |
| abend_on_missing_file | Boolean | Default: false. |
| virtual_data_path | String | Used as part of the temporary file directory path for the JCL library modules. |
| keep_all_files | Boolean | Default: false. |
| default_printer | String | Set the name of the printer. Use the "DEFAULT" value to use the printer that is designated as default. |
| cert | String | Path to the cert file. Python uses the cert file to verify the certificate of Keycloak. |
| app_host | String | Set to the name of the host server. |
| app_grpc_port | String | Set the GRPC port of the host server. |
| job_finished_polling_interval | Float | Default: 0.5. Set the time in seconds to poll for finished jobs. |
| merge_finished_polling_interval | Float | Default: 0.5. |
| use_date | String | This setting is for testing purposes only and allows for running scripts with a 'today' date, which is specified in this field. |
| ftp_override_mode | Boolean | Default: false. If set to true, other defined FTP config settings will be used instead of FTP settings in the command (sysin) file. |
| ftp_override_host | String | Host URI to the FTP endpoints. Can also contain a port number. |
| ftp_override_user | String | The username to access FTP server. |
| ftp_override_password | String | The password of the user. |
| ftp_override_destination | String | Sets the default remote destination directory (optional). |
| ftp_ignore_cd | Boolean | Default: false. If set to true, FTP CD commands will be ignored. |
| ftp_disabled | Boolean | Default: false. If set to true, this disables FTP. |
| ftp_default_port | Integer | Default: 21. The port to use when port is not defined in 'ftp_override_host'. |
| smtp_host | String | The hostname or IP address of the SMTP server. Example:
"smtp_host": "smtp_hostmail.company.com"
|
| smtp_port | Integer | Default: 25. The port number used to connect to the SMTP server to specify the communication channel for sending emails. Common values include 25 (the default SMTP port), 587 (for TLS), and 465 (for SSL). |
| smtp_user | String | The username used to authenticate with the SMTP server. Example:
"smtp_user": "user@company.com"
|
| smtp_password | String | The password for the SMTP user account. For example, $smtp:SMTP_PASSWORD. |
| smtp_email | String | The email address that appears in the "From" field of the sent emails. Example:
"smtp_email": "noreply@company.com"
|
| smtp_subject_suffix | String | A suffix to add to the subject line of sent emails.
"smtp_subject_suffix": " [Company Internal]"
|
| smtp_default_bcc | String Array | A list of email addresses that are added to the BCC list after parsing. Example:
"smtp_default_bcc": ["john@doe.com", "jane@doe.com"]
|
| server_list | String Array | Maps destination names to SMTP server details, including type and credentials. If a matching SMTP server is found, commands are validated and executed to send emails. |
| oidc_url | String | Enter the URL of the OIDC provider. |
| oidc_client_id | String | Enter the Client ID. |
| oidc_client_secret | String | Enter the client secret. For example, $auth:_CLIENT_SECRET. |
| oidc_scope | String | Set a scope to specify the level of access for the client. |
| otel_collector_host | String | Enter a host to enable the OTEL collector for OpenTelemetry logging. |
| otel_collector_port | Integer | Enter a port to enable the OTEL collector for OpenTelemetry logging. |
| intrdr_folder | String | Enter the path to the AMT Internal Reader folder. This option is used for Dynamic JCL functionality in AMT, which is a bespoke customer solution. |
| vault | JSON object | Enter the configuration details for the HashiCorp vault (see the Vaults header below). |
Vaults
A key vault is a secure storage solution for managing sensitive information, such as API keys, passwords, and certificates. It provides a centralized location for storing and accessing these secrets, ensuring that they are protected and only accessible to authorized users and applications. The JCL configuration offers the possibility to configure the HashiCorp vault.
The vaults setting is an array that can contain multiple vault configurations. Each vault configuration is represented as a JSON object with the following fields:
| Field | Values | Description |
|---|---|---|
| id | String | A unique identifier for the vault configuration. This ID is used to reference the vault when retrieving secrets. |
| type | String | The type of vault being used. Currently, only "HashiCorp" is supported. |
| url | String | The URL of the vault server. It's possible to use an Environment Variable (VAULT_ADDR='127.0.0.1:8200') or the url property from the jcl_config file. |
| token | String | The environment variable containing the token value. This authentication token is used to access the vault. |
| secret_path | String | The path where the secrets are stored. This path is used to locate and retrieve the secrets when needed. |
| engine_version | Integer | The version of the key vault secrets engine to use. The default is 2. This setting is optional. |
| mount_point | String | The mount point of the key vault secrets engine. The default is 'secret'. This setting is optional. |
The secret extraction from the vault is supported for all settings except file_encoding. When using these settings with the vault configuration, the secret name should be specified for each property with the
following structure: $vault_id:secret_name. Otherwise, use a plaintext value.
Example file
jcl_config.json
| Unavailable Settings |
|---|
The following settings are present in the jcl_config.json file but are not used in AMT Java.
|
{
"development" : false,
"customer_library": "",
"app_name": "TEST-APP",
"application_kind": "",
"job_summary": true,
"amt_job_name": "GLOBAL_JOB",
"job_logging_path": "C:/AmtJava/Logging",
"include_folder": "",
"proc_libs_folder": "C:/AmtJava/amt-go/parent-scripting/jcl/python/amt-jcl/amt_jcl/procs",
"file_encoding": "ASCII",
"block_size": 32000,
"max_wait_time": 1,
"max_gdg_generation": 255,
"file_extension": ".DAT",
"print_extension": ".PRN",
"abend_on_missing_file": false,
"virtual_data_path": "",
"keep_all_files": false,
"int_rdr_folder": "",
"int_rdr_queue": "",
"default_printer": "DEFAULT",
"cert": "C:/Sources/amt-go-java/parent-scripting/jcl/python/amt-jcl/amt_jcl/amt/platform/communication/grpc/certs/ca.pem",
"app_host": "localhost",
"app_grpc_port": "8080",
"job_finished_polling_interval": 0.5,
"merge_finished_polling_interval": 0.5,
"use_date": "",
"ftp_override_mode": false,
"ftp_override_host": "",
"ftp_override_user": "",
"ftp_override_password": "",
"ftp_override_destination": "",
"ftp_ignore_cd": false,
"ftp_disabled": false,
"ftp_default_port": 21,
"smtp_host": "",
"smtp_port": 25,
"smtp_user": "",
"smtp_password": "$smtp:SMTP_PASSWORD",
"smtp_email": "",
"smtp_subject_suffix": "",
"smtp_default_bcc": [],
"server_list": [],
"oidc_url": "",
"oidc_client_id": "",
"oidc_client_secret": "$auth:CLIENT_SECRET",
"oidc_scope": "",
"otel_collector_host": "",
"otel_collector_port": -1,
"intrdr_folder": "C:/Amt/Scripts/IntRdr",
"vaults": [
{
"id": "smtp",
"type": "HashiCorp",
"url": "http://127.0.0.1:8200",
"token": "HASHICORP_VAULT_TOKEN_API_KEY1",
"secret_path": "smtp"
},
{
"id": "auth",
"type": "HashiCorp",
"url": "http://127.0.0.1:8202",
"token": "HASHICORP_VAULT_TOKEN_API_KEY2",
"secret_path": "keycloak"
}
]
}