This is an experimental Cloud Foundry Service Broker for provisioning teams on a deployed Concourse CI instance.
It requires a deployed Concourse CI instance in which the main
team is authenticated via Basic Auth.
IMPORTANT: You must trust the users of your CloudFoundry installation implicitly before enabling in your environment. See: http://concourse.ci/teams.html#section_teams-caveats
This application uses oauth to perform actions on your behalf in UAA. To add a new oauth client in UAA, run the following command:
uaac client add concourse-broker --name "Concourse CI Broker" --scope "cloud_controller.read" --authorized_grant_types "authorization_code,client_credentials,refresh_token" --authorities "cloud_controller.admin" --autoapprove "true" --redirect_uri [url-for-concourse-ci]/auth/uaa/callback -s [your-client-secret]
Remember the client-secret, you'll need it for Deployment
The easiest/recommended way to deploy the broker is via the Concourse pipeline.
-
Create a
ci/credentials.yml
file from theci/credentials.example.yml
(i.e.cp ci/credentials.example.yml ci/credentials.yml
), and fill in the templated values from the pipeline. -
Deploy the pipeline.
fly -t lite set-pipeline -n -c ci/pipeline.yml -p deploy-concourse-broker -l ci/credentials.yml
-
Clone this repository, and
cd
into it. -
Target the space you want to deploy the broker to.
$ cf target -o <org> -s <space>
-
The configuration is entirely read from environment variables. Edit the manifest.yml files and update your settings as necessary.
-
Deploy the broker as an application.
$ cf push
-
$ cf create-service-broker concourse-broker [username] [password] [app-url] --space-scoped
BROKER_USERNAME
- The username for providing HTTP Basic Auth for the broker.
BROKER_PASSWORD
- The password for providing HTTP Basic Auth for the broker.
ADMIN_USERNAME
- The username for the user that has access to the main team of the Concourse deployment.
ADMIN_PASSWORD
- The password for the user that has access to the main team of the Concourse deployment.
CONCOURSE_URL
- The base URL for the Concourse instance.
CF_URL
- The CF API URL for the Cloud Foundry deployment. (e.g.
https://api.bosh-lite.com
)
- The CF API URL for the Cloud Foundry deployment. (e.g.
AUTH_URL
- The authorization url for UAA. (e.g.
https://login.bosh-lite.com/oauth/authorize
)
- The authorization url for UAA. (e.g.
TOKEN_URL
- The token url for UAA. (e.g.
https://uaa.bosh-lite.com/oauth/token
)
- The token url for UAA. (e.g.
CLIENT_ID
- The Client ID from Setup
CLIENT_SECRET
- The Client Setup from Setup
In order to contribute to the broker, you will need:
In order to add new dependencies, use Glide from the root of the project:
glide get github.com/org/projectname
Please remember to add the new dependencies in a separate commit from the rest of the commits in the PR.
In order to run the tests for the project, in the root of the project run:
ginkgo -r .