Skip to content
provisions private CF sandbox spaces on demand
Java Shell Batchfile
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.mvn
bin
ci
src
.gitignore
.travis.yml
LICENSE
NOTICE.txt
README.md
cf-manifest-reference.yml
mvnw
mvnw.bat
pom.xml
settings.xml

README.md

elpaaso-sandbox-service

Build Status Dependencies Swagger UI Validator Apache Version 2 Licence Bintray JCenter Open Hub

Join the chat at https://gitter.im/Orange-OpenSource/elpaaso

Sandbox service stories

stories:

  • MVP: as a paas-user, once logged in, I can use a private CF space: API endpoint, org and space details displayed.
    • given: a user with a account into CF UAA
    • when: the user browses to the sandbox service through sandbox-ui
    • then: the user is prompted in the UAA to provide his consent from sandbox-service to act on his behalf (cloudcontroler.read, openid scopes)
    • and: the user is displayed with CF a CLI command to connect to a private space

Pending stories:

  • paas-ops email notification:
    • given: the paas-ops has configured an email address $email in the sandbox-service config and a cf instance name $cf_instance
    • when: the paas-user first access the sandbox to access her private space
    • then: a notification email is sent to the configured adress which includes:
      • in subject: [sandbox $cf_instance]: private space created for $user_name
      • in the email body: user name, user email, CC API endpoint, org & space name
  • private space templating
    • given: the paas-ops has configured:
      • a security group with name $sec-group-name
      • a space quota with name $space-quota-name
    • when: the paas-user first access the sandbox to access her private space
    • then: a space is allocated and bound to the specific security group $sec-group-name and the space quota $space-quota-name

GUI

Tech specs of the sandbox service

Overview

Authentication process is done by Sandbox UI (details)

sandbox service sequence diagram

Inspirations for API REST

Note: If wanna use angularjs (or javascript in general) don't forget to manage CORS on UAA and API

Dev

Maven

Use maven wrapper

mvn -N io.takari:maven:0.3.0:wrapper -Dmaven=3.3.9

Build

To be able to build this project, you have to update your maven settings. You can use the one provided here

Running Tests

Unit Tests

  • mvn clean install

Integration Tests

  • mvn clean install -PrunITs

Release

We use OJO. Thus we can use build promotion to release our component on Jcenter.

Full release process is detailed in /src/bin/release

Download

According to your usage, you can use Maven Jcenter or Bintray

Install

Please use cf-manifest-reference.yml as template for your CF CLI manifest file.

$ mvn package
$ cf push sanbox-ui -p target/elpaaso-service-1.0-SNAPSHOT.jar -m manifest.yml

Or inherit cf-manifest-reference.yml and customize

`---
inherrit: cf-manifest-reference.yml
applications:
- name: my-sandbox-ui
  domains:
   - cf.rocks.org
   - cf.rocks.com
  env:
    CLOUDFOUNDRY_API_URL: https://my-cloud-foundry.org
    CLOUDFOUNDRY_CREDENTIALS_USER_ID: my-sandbox-admin
    TRUSTED_CA_CERTIFICATE:
    CLOUDFOUNDRY_CREDENTIALS_PASSWORD: <my_sandbox_admin_password>
    SECURITY_OAUTH2_RESOURCE_JWT_KEY_VALUE: |
                -----BEGIN PUBLIC KEY-----
                ZZZZZIIIIIIGGGGGGGERSFRRRRRRRRRRRRRRRRRRTTTTTTTTTTTT2kOrV1r000Hj
                2OrOv/HmuMQMDd0tvUNivz+QWA0SaDEhOmj9T7y0000000fg8f/no00rDeBk/ir+
                3UwpLlw7+AZERTY4FTfp88888888888888888888889999977r2zb1Gkkij0Kd03
                I2YTREZA6W96CA/u/RTHOTPB
                -----END PUBLIC KEY-----

Getting UAA public key to validate JWT signature

UAA public key is used to decode JWT Token signature. The easiest way to get this key, is to ask UAA! From UUA documentation, it is possible to identify the endpoint /token_key

curl https://uaa.<your_domains>/token_key

{
  "alg": "SHA256withRSA",
  "value": "-----BEGIN PUBLIC KEY-----\nZZZZZIIIIIIGGGGGGGERSFRRRRRRRRRRRRRRRRRRTTTTTTTTTTTT2kOrV1r000Hj\n2OrOv/HmuMQMDd0tvUNivz+QWA0SaDEhOmj9T7y0000000fg8f/no00rDeBk/ir+\n3UwpLlw7+AZERTY4FTfp88888888888888888888889999977r2zb1Gkkij0Kd03\nI2YTREZA6W96CA/u/RTHOTPB\n-----END PUBLIC KEY-----\n",
  "kty": "RSA",
  "use": "sig",
  "n": "AL5NZWqsdffWl789798751RRTgtytrhfsssdfjjhjuk9Q2K/P5BYfghf799yhfhPvJsPLqChJfrhT+f0xisN4GTsKfghfghuXDv5bMp71T456546987bdfh9eGGTPLUFVqsdfrGlUbvuvfghUaSSKM4p0fcjY4oGNC3pb3oIff79",
  "e": "AQAB"

}

Warning, the value contains multiple \n (remove it, if required)

Adding trusted self-signed root CA Certificate to the JVM truststore

If required, trusted Self-Signed Root CA Certificate can be added using TRUSTED_CA_CERTIFICATE env property.

Here is snippet of manifest.yml :

applications:
- name: elpaaso-sandbox-service
  env:
     TRUSTED_CA_CERTIFICATE: |
          -----BEGIN CERTIFICATE-----
                        XXXXXX
          -----END CERTIFICATE-----

Running

Pre-requisites

  • Cloudfoundry use, used to create space and to assign role requires at least Org Admin privilege,
  • Org should exist. Creates a new one if required:
    • cf org-users sandboxes
  • A default space should exist,
You can’t perform that action at this time.