Go automation for managing orgs, spaces, users (from ldap groups or internal store) mapping to roles, quotas, application security groups and private-domains that can be driven from concourse pipeline and GIT managed metadata
There has been major refactoring to internals of cf-mgmt to remove duplicate code that is not supported by go-cfclient library. This release SHOULD be backward compatible but wanting to make community aware of a major change. This will be released as the latest tag on dockerhub. If you experience any problems you can revert your cf-mgmt to use the previously released version with tag 0.0.91.
This can be done by modifying you cf-mgmt.yml concourse task with the following:
---
platform: linux
image_resource:
type: docker-image
source: {repository: pivotalservices/cf-mgmt, tag: "0.0.91"}
inputs:
- name: config-repo
run:
path: config-repo/ci/tasks/cf-mgmt.sh
Compiled releases are available on Github.
Download the binary for your platform and place it somewhere on your path.
Don't forget to chmod +x the file on Linux and macOS.
cf-mgmt needs a uaa client to be able to interact with cloud controller and uaa for create, updating, deleting, and listing entities.
uaac target uaa.<your system domain>
uaac token client get admin -s <your uaa admin client secret>
uaac client add cf-mgmt \
--name cf-mgmt \
--secret <client secret from cf-mgmt client> \
--authorized_grant_types client_credentials,refresh_token \
--authorities cloud_controller.admin,scim.read,scim.write,routing.router_groups.read
Navigate into a directory in which will become your git repository for cf-mgmt configuration
-
Initialize git repository by either cloning a remote or using
git init -
You can either setup your configuration by using
- init command from cf-mgmt-config if you are wanting to start with a blank configuration and add the config using cf-mgmt-config operations
- export-config command from
cf-mgmtif you have an existing foundation you can use this to reverse engineer your configuration.
-
(optional) Configure LDAP/SAML Options. If your foundation uses LDAP and/or SAML, you will need to configure ldap.yml with the correct values.
-
Generate the concourse pipeline using cf-mgmt-config
-
Make sure you .gitingore the vars.yml file that is generated
echo vars.yml >> .gitignore -
Commit and push your changes to your git repository
-
fly your pipeline after you have filled in vars.yml
cf-mgmt is a community supported cloud foundry add-on. Opening issues for questions, feature requests and/or bugs is the best path to getting "support". We strive to be active in keeping this tool working and meeting your needs in a timely fashion.
Compiled releases are available on Github.
Download the binary for your platform and place it somewhere on your path.
Don't forget to chmod +x the file on Linux and macOS.
Alternatively, you may wish to build from source.
cf-mgmt is written in Go.
To build the binary yourself, follow these steps:
- Install
Go. - Install Glide, a dependency management tool for Go.
- Clone the repo:
mkdir -p $(go env GOPATH)/src/github.com/pivotalservicescd $(go env GOPATH)/src/github.com/pivotalservicesgit clone git@github.com:pivotalservices/cf-mgmt.git
- Install dependencies:
cd cf-mgmtglide installgo build -o cf-mgmt cmd/cf-mgmt/main.gogo build -o cf-mgmt-config cmd/cf-mgmt-config/main.go
To cross compile, set the $GOOS and $GOARCH environment variables.
For example: GOOS=linux GOARCH=amd64 go build.
To run the unit tests, use go test $(glide nv).
There are integration tests that require some additional configuration.
The LDAP tests require an LDAP server, which can be started with Docker:
docker pull cwashburn/ldap
docker run -d -p 389:389 --name ldap -t cwashburn/ldap
RUN_LDAP_TESTS=true go test ./ldap_integration/...
The remaining integration tests require PCF Dev to be running and the CF CLI to be installed.
cf dev start
uaac target uaa.local.pcfdev.io
uaac token client get admin -s admin-client-secret
uaac client add cf-mgmt \
--name cf-mgmt \
--secret cf-mgmt-secret \
--authorized_grant_types client_credentials,refresh_token \
--authorities cloud_controller.admin,scim.read,scim.write,routing.router_groups.read
RUN_INTEGRATION_TESTS=true go test ./integration/...
Some portions of this code are autogenerated. To regenerate them, install the prerequisites:
go get -u github.com/jteeuwen/go-bindata/...go get -u github.com/maxbrunsfeld/counterfeiter
And then run go generate $(glide nv) from the project directory, or go generate .
from a specific directory.
PRs are always welcome or open issues if you are experiencing an issue and will do my best to address issues in timely fashion.