Skip to content
Browse files

Add oauth2 service as a new job

This service binds OAuth2 client credentials to a user
app in VCAP_SERVICES. They can then be used by the app
to identify and authenticate users and operate the
cloud_controller on their behalf (i.e. no more apps
collecting user credentials).

There is a test case already in yeti.

[Fixes #39342839] [cfid-307] Create job in release repo
for UAA as a service

No services updates since last submodule change.

Change-Id: Ied944b9b0cb194bee32d76acd3c62d0cf170ebe1
  • Loading branch information...
1 parent f685b5d commit a68afd139aeb074a37bd7f6c09a22851fe8246bd @dsyer dsyer committed Nov 13, 2012
View
5 jobs/oauth2_gateway/monit
@@ -0,0 +1,5 @@
+check process oauth2_gateway
+ with pidfile /var/vcap/sys/run/oauth2_gateway/oauth2_gateway.pid
+ start program "/var/vcap/jobs/oauth2_gateway/bin/oauth2_gateway_ctl start"
+ stop program "/var/vcap/jobs/oauth2_gateway/bin/oauth2_gateway_ctl stop"
+ group vcap
View
11 jobs/oauth2_gateway/spec
@@ -0,0 +1,11 @@
+---
+name: oauth2_gateway
+templates:
+ oauth2_gateway_ctl.erb: bin/oauth2_gateway_ctl
+ oauth2_gateway.yml.erb: config/oauth2_gateway.yml
+ syslog_forwarder.conf.erb: config/syslog_forwarder.conf
+packages:
+ - common
+ - ruby
+ - syslog_aggregator
+ - oauth2_gateway
View
44 jobs/oauth2_gateway/templates/oauth2_gateway.yml.erb
@@ -0,0 +1,44 @@
+<%
+ # Fix this to https when SSL certs are working in dev and staging
+ protocol = (properties.login && properties.login.protocol) ? properties.login.protocol : "http"
+%>
+<%
+ redirect_uri = (properties.uaa.clients && properties.uaa.clients.oauth2service) ? properties.uaa.clients.oauth2service.marshal_dump['redirect-uri'.to_sym] : nil
+%>
+---
+<%
+service = "oauth2"
+gateway = eval("properties.#{service}_gateway") || {}.to_openstruct
+%>
+index: <%= spec.index %>
+mbus: nats://<%= properties.nats.user %>:<%= properties.nats.password %>@<%= properties.nats.address %>:<%= properties.nats.port %>/
+
+cloud_controller_uri: <%= properties.cc.srv_api_uri %>
+
+service:
+ name: oauth2
+ version: "1.0"
+ description: 'OAuth2 service'
+ plans: ['free']
+ default_plan: 'free'
+ tags: ['oauth2', 'uaa']
+ timeout: 60
+ supported_versions: ["1.0"]
+ version_aliases:
+ current: "1.0"
+ uaa: <%= protocol %>://uaa.<%= properties.domain %>
+ login: <%= protocol %>://login.<%= properties.domain %>
+ client_secret: <%= (properties.uaa.clients && properties.uaa.clients.oauth2service) ? properties.uaa.clients.oauth2service.secret : 'oauth2servicesecret' %>
+ redirect_uri: <%= redirect_uri ? redirect_uri : 'https://uaa.cloudfoundry.com/redirect/oauth2service' %>
+
+<% if gateway.ip_route %>
+ip_route: <%= gateway.ip_route %>
+<% end %>
+logging:
+ file: /var/vcap/sys/log/oauth2_gateway/oauth2_gateway.log
+ level: debug
+ <% if properties.syslog_aggregator %>
+ syslog: vcap.oauth2_gateway
+ <% end %>
+pid: /var/vcap/sys/run/oauth2_gateway/oauth2_gateway.pid
+token: <%= gateway.token ? gateway.token : 0xdeadbeef %>
View
43 jobs/oauth2_gateway/templates/oauth2_gateway_ctl.erb
@@ -0,0 +1,43 @@
+#!/bin/bash -e
+
+RUN_DIR=/var/vcap/sys/run/oauth2_gateway
+LOG_DIR=/var/vcap/sys/log/oauth2_gateway
+JOB_DIR=/var/vcap/jobs/oauth2_gateway
+PIDFILE=$RUN_DIR/oauth2_gateway.pid
+
+source /var/vcap/packages/common/utils.sh
+
+case $1 in
+
+ start)
+ pid_guard $PIDFILE "OAuth2 Service"
+
+ mkdir -p $RUN_DIR
+ mkdir -p $LOG_DIR
+
+ echo $$ > $PIDFILE
+
+ <% if properties.syslog_aggregator %>
+ /var/vcap/packages/syslog_aggregator/setup_syslog_forwarder.sh $JOB_DIR/config
+ <% end %>
+
+ export CONFIG_FILE=$JOB_DIR/config/oauth2_gateway.yml
+
+ exec /var/vcap/packages/ruby/bin/ruby \
+ /var/vcap/packages/oauth2_gateway/services/oauth2/bin/oauth2-gateway \
+ -c $CONFIG_FILE \
+ >>$LOG_DIR/oauth2_gateway.stdout.log \
+ 2>>$LOG_DIR/oauth2_gateway.stderr.log
+
+ ;;
+
+ stop)
+ kill_and_wait $PIDFILE
+
+ ;;
+
+ *)
+ echo "Usage: oauth2_gateway_ctl {start|stop}" ;;
+
+esac
+exit 0
View
29 jobs/oauth2_gateway/templates/syslog_forwarder.conf.erb
@@ -0,0 +1,29 @@
+<% if properties.syslog_aggregator %>
+$ModLoad imuxsock # local message reception (rsyslog uses a datagram socket)
+$MaxMessageSize 4k # default is 2k
+
+$ModLoad imudp # the java log4j appender only works with udp
+$UDPServerRun 514
+
+$WorkDirectory /var/vcap/sys/rsyslog/buffered # where messages should be buffered on disk
+
+# Forward vcap messages to the aggregator
+#
+$ActionResumeRetryCount -1 # Try until the server becomes available
+$ActionQueueType LinkedList # Allocate on-demand
+$ActionQueueFileName agg_backlog # Spill to disk if queue is full
+$ActionQueueMaxDiskSpace 32m # Max size for disk queue
+$ActionQueueLowWaterMark 2000 # Num messages. Assuming avg size of 512B, this is 1MiB.
+$ActionQueueHighWaterMark 8000 # Num messages. Assuming avg size of 512B, this is 4MiB. (If this is reached, messages will spill to disk until the low watermark is reached).
+$ActionQueueTimeoutEnqueue 0 # Discard messages if the queue + disk is full
+$ActionQueueSaveOnShutdown on # Save in-memory data to disk if rsyslog shuts down
+:programname, startswith, "vcap." @@<%= properties.syslog_aggregator.address %>:<%= properties.syslog_aggregator.port %>
+
+# Log vcap messages locally, too
+#$template VcapComponentLogFile, "/var/log/%programname:6:$%/%programname:6:$%.log"
+#$template VcapComponentLogFormat, "%timegenerated% %syslogseverity-text% -- %msg%\n"
+#:programname, startswith, "vcap." -?VcapComponentLogFile;VcapComponentLogFormat
+
+# Prevent them from reaching anywhere else
+:programname, startswith, "vcap." ~
+<% end %>
View
13 packages/oauth2_gateway/packaging
@@ -0,0 +1,13 @@
+# abort script on any command that exit with a non zero value
+set -e
+
+cp -a * ${BOSH_INSTALL_TARGET}
+
+(
+ cd ${BOSH_INSTALL_TARGET}/services/oauth2
+
+ bundle_cmd=/var/vcap/packages/ruby/bin/bundle
+
+ $bundle_cmd config build.do_sqlite3 --with-sqlite3-dir=/var/vcap/packages/sqlite
+ $bundle_cmd install --local --deployment --without development test
+)
View
5 packages/oauth2_gateway/pre_packaging
@@ -0,0 +1,5 @@
+# abort script on any command that exit with a non zero value
+set -e
+
+cd ${BUILD_DIR}
+pkg_utils/vendor.sh services/oauth2
View
10 packages/oauth2_gateway/spec
@@ -0,0 +1,10 @@
+---
+name: oauth2_gateway
+dependencies:
+- ruby
+- sqlite
+files:
+- services/oauth2/Gemfile*
+- services/oauth2/bin/**/*
+- services/oauth2/lib/**/*
+- pkg_utils/*

0 comments on commit a68afd1

Please sign in to comment.
Something went wrong with that request. Please try again.