Closed jmcarp closed 8 years ago
In any case this LGTM... should I merge?
Just one question--this PR sneaks in a change from keeping creds in a user-provided service to top-level environment variables. I figured this would simplify deployment, since all the information for a deploy could live in concourse--otherwise, a user would have to run run cups
manually before running the concourse pipeline, or we'd have to teach concourse to run cups
. Does this make sense @dlapiduz @afeld? Aidan expressed a preference for user-provided services in https://github.com/18F/cf-cdn-service-broker/pull/11/files/958d23a49740a78ee89129a856ae771a6a5d99c4#r64143433, so I wanted to discuss before merging.
Heh, I didn't notice the continued discussion on this at #11, so apparently I just went through that conversation again here. It sounds like we're agreed on keeping secrets in concourse for now, so I think this is good to merge.
Haha I think we're all talking past each other...the way to have the fewest credentials needed on our laptops is to use user-provided service instances, whether for deploying the broker directly, or deploying the pipeline that deploys the broker. Does that make sense?
@afeld: I understand what you're saying, but at the moment, pulling credentials from a user-provided service would introduce manual deploy and maintenance work--creating the user-provided service, updating credentials, making sure the service lives in the right org and space. My impression is that we want deployment to be fully automated, so manual steps should be avoided. We could find or write a concourse resource for creating user-provided services, which would solve the automation problem--but then we're back to storing credentials in concourse, so it's not clear that things have improved much.
Thanks @afeld, just updated the envvar names.
cc @afeld @dlapiduz