You can use the content of this repository to leverage the Open Policy Agent (https://www.openpolicyagent.org/) for cloud foundry environments. If offers runtime support to make calls to the open policy server from a CF application and support to manage and distribute Open Policy Agent bundles.
Apache License 2.0
5
stars
6
forks
source link
Load IAS certificate from VCAP_SERVICES during app startup #61
Previously the IAS certificate was loaded from the environment and put into the stored apps droplet during staging. This means any changes done to the environment (i.e. change IAS cert due to re-bind) were only reflected after a full restage. A simple restart of the application has no effect.
With this PR the cert for bundle download by OPA is parsed from VCAP_SERVICES during app startup. For that a separate small opa binary is compiled and copied to the apps droplet. During startup this helper programm is executed before OPA is started. The helper program parses the VCAP_SERVICES env and stores the client cert and key as files to the file system.
Description
Previously the IAS certificate was loaded from the environment and put into the stored apps droplet during staging. This means any changes done to the environment (i.e. change IAS cert due to re-bind) were only reflected after a full restage. A simple restart of the application has no effect.
With this PR the cert for bundle download by OPA is parsed from VCAP_SERVICES during app startup. For that a separate small opa binary is compiled and copied to the apps droplet. During startup this helper programm is executed before OPA is started. The helper program parses the VCAP_SERVICES env and stores the client cert and key as files to the file system.