Broker that allows users to provision and deprovision UAA users and clients
Clone or download
Latest commit ffab2fb Sep 28, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
mocks
.cfignore
.codeclimate.yml Add code climate config and badge. Nov 2, 2016
.gitignore Initial commit. Oct 30, 2016
CONTRIBUTING.md
LICENSE.md Add standard 18F license info Nov 14, 2016
README.md
acceptance-tests.sh
acceptance-tests.yml Add in necssary params; Sep 28, 2018
broker.go Yank cloud_controller.read as allowed scope May 24, 2018
broker_test.go Yank cloud_controller.read as allowed scope May 24, 2018
cf.go Manage accounts via binding and drop fugacious. Jun 29, 2017
credentials.example.yml add a blacklist for cloud-gov-service-account Apr 18, 2017
glide.lock
glide.yaml Update dependencies. Jun 29, 2017
main.go
main_suite_test.go Add tests for fugacious sender. Nov 2, 2016
manifest.yml Bump go version. Jun 30, 2017
password.go Add tests to verify password functionality Mar 7, 2018
password_test.go
pipeline.yml Manage accounts via binding and drop fugacious. Jun 29, 2017
run-tests.sh Rename to uaa-credentials-broker. Jan 5, 2017
run-tests.yml Rename to uaa-credentials-broker. Jan 5, 2017
uaa.go
utils.go Refactor api clients into separate interfaces. Nov 2, 2016

README.md

Cloud Foundry UAA Credentials Broker

Code Climate

This service broker allows Cloud Foundry users to provision and deprovision UAA users and clients:

Usage

UAA users

  • Create service instance:

    $ cf create-service cloud-gov-service-account space-deployer my-service-account
  • Create service key:

    $ cf create-service-key my-service-account my-service-key
  • Retrieve credentials from service key:

    $ cf service-key my-service-account my-service-key
  • To rotate or deprovision when user is no longer needed, delete the service key:

    $ cf delete-service-key my-service-account my-service-key

UAA clients

  • Create a service instance:

    $ cf create-service cloud-gov-identity-provider oauth-client my-uaa-client
  • Create service key: dashboard link accessible via:

    $ cf create-service-key my-uaa-client my-service-key \
        -c '{"redirect_uri": ["https://my.app.cloud.gov/auth/callback"]}'
  • Retrieve credentials from service key:

    $ cf service-key my-uaa-client my-service-key
  • To rotate or deprovision when client is no longer needed, delete the service key:

    $ cf delete-service-key my-uaa-client my-service-key

Deployment

  • Create UAA client:

    $ uaac client add uaa-credentials-broker \
        --name uaa-credentials-broker \
        --authorized_grant_types client_credentials \
        --authorities scim.write,uaa.admin,cloud_controller.admin \
        --scope uaa.none
  • Update Concourse pipeline:

    fly -t ci set-pipeline -p uaa-credentials-broker -c pipeline.yml -l credentials.yml

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.