README
¶
Concourse Broker
This is an experimental Cloud Foundry Service Broker for provisioning teams on a deployed Concourse CI instance.
It requires a deployed Concourse CI instance in which the main team is authenticated via Basic Auth.
IMPORTANT: You must trust the users of your CloudFoundry installation implicitly before enabling in your environment. See: http://concourse.ci/teams.html#section_teams-caveats
Demo
Setup
Create a client in UAA for this app
This application uses oauth to perform actions on your behalf in UAA. To add a new oauth client in UAA, run the following command:
uaac client add concourse-broker --name "Concourse CI Broker" --scope "cloud_controller.read" --authorized_grant_types "authorization_code,client_credentials,refresh_token" --authorities "cloud_controller.admin" --autoapprove "true" --redirect_uri [url-for-concourse-ci]/auth/uaa/callback -s [your-client-secret]
Remember the client-secret, you'll need it for Deployment
Deployment
Automated
The easiest/recommended way to deploy the broker is via the Concourse pipeline.
-
Create a
ci/credentials.ymlfile from theci/credentials.example.yml(i.e.cp ci/credentials.example.yml ci/credentials.yml), and fill in the templated values from the pipeline. -
Deploy the pipeline.
fly -t lite set-pipeline -n -c ci/pipeline.yml -p deploy-concourse-broker -l ci/credentials.yml
Manual
-
Clone this repository, and
cdinto it. -
Target the space you want to deploy the broker to.
$ cf target -o <org> -s <space> -
The configuration is entirely read from environment variables. Edit the manifest.yml files and update your settings as necessary.
-
Deploy the broker as an application.
$ cf push -
$ cf create-service-broker concourse-broker [username] [password] [app-url] --space-scoped
Explanation of Environment Variables
BROKER_USERNAME- The username for providing HTTP Basic Auth for the broker.
BROKER_PASSWORD- The password for providing HTTP Basic Auth for the broker.
ADMIN_USERNAME- The username for the user that has access to the main team of the Concourse deployment.
ADMIN_PASSWORD- The password for the user that has access to the main team of the Concourse deployment.
CONCOURSE_URL- The base URL for the Concourse instance.
CF_URL- The CF API URL for the Cloud Foundry deployment. (e.g.
https://api.bosh-lite.com)
- The CF API URL for the Cloud Foundry deployment. (e.g.
AUTH_URL- The authorization url for UAA. (e.g.
https://login.bosh-lite.com/oauth/authorize)
- The authorization url for UAA. (e.g.
TOKEN_URL- The token url for UAA. (e.g.
https://uaa.bosh-lite.com/oauth/token)
- The token url for UAA. (e.g.
CLIENT_ID- The Client ID from Setup
CLIENT_SECRET- The Client Setup from Setup
Developing
In order to contribute to the broker, you will need:
Adding new Dependencies
In order to add new dependencies, use Glide from the root of the project:
glide get github.com/org/projectname
Please remember to add the new dependencies in a separate commit from the rest of the commits in the PR.
Running tests
In order to run the tests for the project, in the root of the project run:
ginkgo -r .
Directories