Concourse - Githubissues

cloud-gov / cf-cdn-service-broker

A Cloud Foundry service broker for CloudFront and Let's Encrypt

Other

10 stars 13 forks source link

Concourse #10

Closed jmcarp closed 8 years ago

jmcarp commented 8 years ago

Deploy with concourse
Parse config from env
Split manifest by app to avoid cf cli bug

cc @afeld @dlapiduz

dlapiduz commented 8 years ago

In any case this LGTM... should I merge?

jmcarp commented 8 years ago

Just one question--this PR sneaks in a change from keeping creds in a user-provided service to top-level environment variables. I figured this would simplify deployment, since all the information for a deploy could live in concourse--otherwise, a user would have to run run cups manually before running the concourse pipeline, or we'd have to teach concourse to run cups. Does this make sense @dlapiduz @afeld? Aidan expressed a preference for user-provided services in https://github.com/18F/cf-cdn-service-broker/pull/11/files/958d23a49740a78ee89129a856ae771a6a5d99c4#r64143433, so I wanted to discuss before merging.

jmcarp commented 8 years ago

Heh, I didn't notice the continued discussion on this at #11, so apparently I just went through that conversation again here. It sounds like we're agreed on keeping secrets in concourse for now, so I think this is good to merge.

afeld commented 8 years ago

Haha I think we're all talking past each other...the way to have the fewest credentials needed on our laptops is to use user-provided service instances, whether for deploying the broker directly, or deploying the pipeline that deploys the broker. Does that make sense?

jmcarp commented 8 years ago

@afeld: I understand what you're saying, but at the moment, pulling credentials from a user-provided service would introduce manual deploy and maintenance work--creating the user-provided service, updating credentials, making sure the service lives in the right org and space. My impression is that we want deployment to be fully automated, so manual steps should be avoided. We could find or write a concourse resource for creating user-provided services, which would solve the automation problem--but then we're back to storing credentials in concourse, so it's not clear that things have improved much.

afeld commented 8 years ago

Having talked in Slack, just one piece of feedback left above.

jmcarp commented 8 years ago

Thanks @afeld, just updated the envvar names.