Concourse Broker

This is an experimental Cloud Foundry Service Broker for provisioning teams on a deployed Concourse CI instance.

It requires a deployed Concourse CI instance in which the main team is authenticated via Basic Auth.

IMPORTANT: You must trust the users of your CloudFoundry installation implicitly before enabling in your environment. See: http://concourse.ci/teams.html#section_teams-caveats

Demo

Setup

Create a client in UAA for this app

This application uses oauth to perform actions on your behalf in UAA. To add a new oauth client in UAA, run the following command:

uaac client add concourse-broker --name "Concourse CI Broker" --scope "cloud_controller.read" --authorized_grant_types "authorization_code,client_credentials,refresh_token" --authorities "cloud_controller.admin" --autoapprove "true" --redirect_uri [url-for-concourse-ci]/auth/uaa/callback -s [your-client-secret]

Remember the client-secret, you'll need it for Deployment

Deployment

Automated

The easiest/recommended way to deploy the broker is via the Concourse pipeline.

1. Create a ci/credentials.yml file from the ci/credentials.example.yml (i.e. cp ci/credentials.example.yml ci/credentials.yml), and fill in the templated values from the pipeline.

2. Deploy the pipeline.

   fly -t lite set-pipeline -n -c ci/pipeline.yml -p deploy-concourse-broker -l ci/credentials.yml

Manual

1. Clone this repository, and cd into it.

2. Target the space you want to deploy the broker to.

   $ cf target -o <org> -s <space>

3. The configuration is entirely read from environment variables. Edit the manifest.yml files and update your settings as necessary.

4. Deploy the broker as an application.

   $ cf push

5. Register the broker.

   $ cf create-service-broker concourse-broker [username] [password] [app-url] --space-scoped

Explanation of Environment Variables

• BROKER_USERNAME
  • The username for providing HTTP Basic Auth for the broker.
• BROKER_PASSWORD
  • The password for providing HTTP Basic Auth for the broker.
• ADMIN_USERNAME
  • The username for the user that has access to the main team of the Concourse deployment.
• ADMIN_PASSWORD
  • The password for the user that has access to the main team of the Concourse deployment.
• CONCOURSE_URL
  • The base URL for the Concourse instance.
• CF_URL
  • The CF API URL for the Cloud Foundry deployment. (e.g. https://api.bosh-lite.com)
• AUTH_URL
  • The authorization url for UAA. (e.g. https://login.bosh-lite.com/oauth/authorize)
• TOKEN_URL
  • The token url for UAA. (e.g. https://uaa.bosh-lite.com/oauth/token)
• CLIENT_ID
  • The Client ID from Setup
• CLIENT_SECRET
  • The Client Setup from Setup

Developing

In order to contribute to the broker, you will need:

• Go 1.7
• Glide
• Ginkgo & Gomega

Adding new Dependencies

In order to add new dependencies, use Glide from the root of the project:

glide get github.com/org/projectname

Please remember to add the new dependencies in a separate commit from the rest of the commits in the PR.

Running tests

In order to run the tests for the project, in the root of the project run:

ginkgo -r .