search

orange-cloudfoundry / static-creds-broker

A CloudFoundry service broker to ease exposition of static credentials
Apache License 2.0
7 stars 1 forks source link

Support volume mounts #31

Closed gberche-orange closed 7 years ago

gberche-orange commented 7 years ago

As a service provider, in order to expose static volume mounts such as existing NFS shares, I need to configure the static-cred-broker to return volume mounts

Given the following yml config: 

security:
    user:
        name: <broker_username>
        password: <broker_password>
services:  
    my_volume_service:
        NAME: static-nfs-share
        DESCRIPTION: an existing NFS share with media images
        CREDENTIALS:
            data_set_version: "2017.01.20.17.11"
            data_tags: "images,pets,nature"
        REQUIRES:
            - "volume_mount"
        VOLUME_MOUNTS:
          - driver: nfsdriverv3
            container_dir: "/data/images"
            mode: ro
            device_type: shared
            device:
              volume_id: myteam-my-image-unique-id
              mount_config:
                remote_mount_point: 
                  source: "nfs://1.2.3.4:25840/my/share/to/mount?uid=1004&gid=1004&auto_cache&multithread&default_permissions"
                  attr_timeout: "0"
                  negative_timeout: "2"

When the catalog endpoint is called, Then the catalog response contains key

"requires": ["volume_mount"]

When my service is instanciated without arbitrary params And When the service instance bound without arbitrary params Then the binding response is:

{

  "credentials": {
      "data_set_version": "2017.01.20.17.11",
     "data_tags":"images,pets,nature"
  },
  "volume_mounts" : [
    {
      "driver": "nfsv3driver",
      "container_dir": "/data/images",
      "mode": "rw",
      "device_type": "shared",
      "device": {
        "volume_id": "bc2c1eab-05b9-482d-b0cf-750ee07de311",
        "mount_config": {
          "source": "nfs://1.2.3.4:25840/my/share/to/mount?uid=1004&gid=1004&auto_cache&multithread&default_permissions",
           "attr_timeout": "0",
           "negative_timeout": "2"
        }
      }
    }
  ]
}

References for volume mount format:

gberche-orange commented 7 years ago

/CC @smaillan @nabbar @f-guichard @allamand @s-bortolussi

gberche-orange commented 7 years ago

@s-bortolussi note that there will be need for support of other attributes at the same level than source (attr_timeout and negative_timeout in this example), so the list of keys should not be hard-coded in the model

s-bortolussi commented 7 years ago

@gberche-orange note that actual implementation of spring-cloud-cloudfoundry-service-broker seems to make it impossible to return Credentials and Volume Mount in a single CreateServiceInstanceBindingResponse. This prevents responses like 

{

  "credentials": {
      "data_set_version": "2017.01.20.17.11",
     "data_tags":"images,pets,nature"
  },
  "volume_mounts" : [
    {
      "driver": "nfsv3driver",
      "container_dir": "/data/images",
      "mode": "rw",
      "device_type": "shared",
      "device": {
        "volume_id": "bc2c1eab-05b9-482d-b0cf-750ee07de311",
        "mount_config": {
          "source": "nfs://1.2.3.4:25840/my/share/to/mount?uid=1004&gid=1004&auto_cache&multithread&default_permissions",
           "attr_timeout": "0",
           "negative_timeout": "2"
        }
      }
    }
  ]
}