diff --git a/jobs/eventgenerator/templates/eventgenerator.yml.erb b/jobs/eventgenerator/templates/eventgenerator.yml.erb index 2b302a7115..46bcae0ef5 100644 --- a/jobs/eventgenerator/templates/eventgenerator.yml.erb +++ b/jobs/eventgenerator/templates/eventgenerator.yml.erb @@ -69,15 +69,17 @@ logging: level: <%= p("autoscaler.eventgenerator.logging.level") %> http_client_timeout: <%= p("autoscaler.eventgenerator.http_client_timeout") %> health: - port: <%= p("autoscaler.eventgenerator.health.port") %> - username: <%= p("autoscaler.eventgenerator.health.username") %> - password: <%= p("autoscaler.eventgenerator.health.password") %> - <% if_p("autoscaler.eventgenerator.health.ca_cert", "autoscaler.eventgenerator.health.server_cert", "autoscaler.eventgenerator.health.server_key") do %> - tls: - ca_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/ca.crt - cert_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.crt - key_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.key - <% end %> + server_config: + port: <%= p("autoscaler.eventgenerator.health.port") %> + <% if_p("autoscaler.eventgenerator.health.ca_cert", "autoscaler.eventgenerator.health.server_cert", "autoscaler.eventgenerator.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/eventgenerator/config/certs/healthendpoint/server.key + <% end %> + basic_auth: + username: <%= p("autoscaler.eventgenerator.health.username") %> + password: <%= p("autoscaler.eventgenerator.health.password") %> db: policy_db: diff --git a/jobs/golangapiserver/templates/apiserver.yml.erb b/jobs/golangapiserver/templates/apiserver.yml.erb index ece70ac31d..629bb34b15 100644 --- a/jobs/golangapiserver/templates/apiserver.yml.erb +++ b/jobs/golangapiserver/templates/apiserver.yml.erb @@ -91,13 +91,14 @@ dashboard_redirect_uri: <%= p("autoscaler.apiserver.broker.server.dashboard_redi default_credential_type: <%= p("autoscaler.apiserver.broker.default_credential_type") %> health: - port: <%= p("autoscaler.apiserver.health.port") %> - <% if_p("autoscaler.apiserver.health.ca_cert", "autoscaler.apiserver.health.server_cert", "autoscaler.apiserver.health.server_key") do %> - tls: - ca_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/ca.crt - cert_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.crt - key_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.key - <% end %> + server_config: + port: <%= p("autoscaler.apiserver.health.port") %> + <% if_p("autoscaler.apiserver.health.ca_cert", "autoscaler.apiserver.health.server_cert", "autoscaler.apiserver.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/golangapiserver/config/certs/healthendpoint/server.key + <% end %> db: policy_db: diff --git a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb index e518676955..e6713c8643 100644 --- a/jobs/metricsforwarder/templates/metricsforwarder.yml.erb +++ b/jobs/metricsforwarder/templates/metricsforwarder.yml.erb @@ -91,15 +91,17 @@ cache_ttl: <%= p("autoscaler.metricsforwarder.cache_ttl") %> cache_cleanup_interval: <%= p("autoscaler.metricsforwarder.cache_cleanup_interval") %> policy_poller_interval: <%= p("autoscaler.metricsforwarder.policy_poller_interval") %> health: - port: <%= p("autoscaler.metricsforwarder.health.port") %> - username: <%= p("autoscaler.metricsforwarder.health.username") %> - password: <%= p("autoscaler.metricsforwarder.health.password") %> - <% if_p("autoscaler.metricsforwarder.health.ca_cert", "autoscaler.metricsforwarder.health.server_cert", "autoscaler.metricsforwarder.health.server_key") do %> - tls: - ca_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/ca.crt - cert_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.crt - key_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.key - <% end %> + server_config: + port: <%= p("autoscaler.metricsforwarder.health.port") %> + <% if_p("autoscaler.metricsforwarder.health.ca_cert", "autoscaler.metricsforwarder.health.server_cert", "autoscaler.metricsforwarder.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/metricsforwarder/config/certs/healthendpoint/server.key + <% end %> + basic_auth: + username: <%= p("autoscaler.metricsforwarder.health.username") %> + password: <%= p("autoscaler.metricsforwarder.health.password") %> rate_limit: valid_duration: <%= p("autoscaler.metricsforwarder.rate_limit.valid_duration") %> diff --git a/jobs/operator/templates/operator.yml.erb b/jobs/operator/templates/operator.yml.erb index c96a6890a0..83b53699d9 100644 --- a/jobs/operator/templates/operator.yml.erb +++ b/jobs/operator/templates/operator.yml.erb @@ -58,15 +58,17 @@ cf: logging: level: <%= p("autoscaler.operator.logging.level") %> health: - port: <%= p("autoscaler.operator.health.port") %> - username: <%= p("autoscaler.operator.health.username") %> - password: <%= p("autoscaler.operator.health.password") %> - <% if_p("autoscaler.operator.health.ca_cert", "autoscaler.operator.health.server_cert", "autoscaler.operator.health.server_key") do %> - tls: - ca_file: /var/vcap/jobs/operator/config/certs/healthendpoint/ca.crt - cert_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.crt - key_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.key - <% end %> + server_config: + port: <%= p("autoscaler.operator.health.port") %> + <% if_p("autoscaler.operator.health.ca_cert", "autoscaler.operator.health.server_cert", "autoscaler.operator.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/operator/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/operator/config/certs/healthendpoint/server.key + <% end %> + basic_auth: + username: <%= p("autoscaler.operator.health.username") %> + password: <%= p("autoscaler.operator.health.password") %> http_client_timeout: <%= p("autoscaler.operator.http_client_timeout") %> diff --git a/jobs/scalingengine/templates/scalingengine.yml.erb b/jobs/scalingengine/templates/scalingengine.yml.erb index 38c913d67a..562b65596e 100644 --- a/jobs/scalingengine/templates/scalingengine.yml.erb +++ b/jobs/scalingengine/templates/scalingengine.yml.erb @@ -63,15 +63,17 @@ logging: level: <%= p("autoscaler.scalingengine.logging.level") %> http_client_timeout: <%= p("autoscaler.scalingengine.http_client_timeout") %> health: - port: <%= p("autoscaler.scalingengine.health.port") %> - username: <%= p("autoscaler.scalingengine.health.username") %> - password: <%= p("autoscaler.scalingengine.health.password") %> - <% if_p("autoscaler.scalingengine.health.ca_cert", "autoscaler.scalingengine.health.server_cert", "autoscaler.scalingengine.health.server_key") do %> - tls: - ca_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/ca.crt - cert_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.crt - key_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.key - <% end %> + basic_auth: + username: <%= p("autoscaler.scalingengine.health.username") %> + password: <%= p("autoscaler.scalingengine.health.password") %> + server_config: + port: <%= p("autoscaler.scalingengine.health.port") %> + <% if_p("autoscaler.scalingengine.health.ca_cert", "autoscaler.scalingengine.health.server_cert", "autoscaler.scalingengine.health.server_key") do %> + tls: + ca_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/ca.crt + cert_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.crt + key_file: /var/vcap/jobs/scalingengine/config/certs/healthendpoint/server.key + <% end %> db: diff --git a/spec/jobs/common/health_endpoint_spec.rb b/spec/jobs/common/health_endpoint_spec.rb index 98a96b2898..097e9e14b6 100644 --- a/spec/jobs/common/health_endpoint_spec.rb +++ b/spec/jobs/common/health_endpoint_spec.rb @@ -13,40 +13,38 @@ %w[operator operator config/operator.yml operator.yml], %w[scalingengine scalingengine config/scalingengine.yml scalingengine.yml] ].each do |service, release_job, config_file, properties_file| - context service do - context "health endpoint" do - before(:each) do - @properties = YAML.safe_load(fixture(properties_file).read) - @template = release.job(release_job).template(config_file) - @links = case service - when "eventgenerator" - [Bosh::Template::Test::Link.new(name: "eventgenerator")] - else - [] - end - @rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) - end - it "by default TLS is not configured" do - expect(@rendered_template["health"]["tls"]).to be_nil + describe "service #{service} health endpoint" do + before(:each) do + @properties = YAML.safe_load(fixture(properties_file).read) + @template = release.job(release_job).template(config_file) + @links = case service + when "eventgenerator" + [Bosh::Template::Test::Link.new(name: "eventgenerator")] + else + [] end + @rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) + end + it "by default TLS is not configured" do + expect(@rendered_template["health"]["server_config"]["tls"]).to be_nil + end - it "TLS can be enabled" do - service_config = (@properties["autoscaler"][service] ||= {}) - service_config["health"] = { - "ca_cert" => "SOME_CA", - "server_cert" => "SOME_CERT", - "server_key" => "SOME_KEY" - } + it "TLS can be enabled" do + service_config = (@properties["autoscaler"][service] ||= {}) + service_config["health"] = { + "ca_cert" => "SOME_CA", + "server_cert" => "SOME_CERT", + "server_key" => "SOME_KEY" + } - rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) + rendered_template = YAML.safe_load(@template.render(@properties, consumes: @links)) - expect(rendered_template["health"]["tls"]).not_to be_nil - expect(rendered_template["health"]["tls"]).to include({ - "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key", - "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt", - "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt" - }) - end + expect(rendered_template["health"]["server_config"]["tls"]).not_to be_nil + expect(rendered_template["health"]["server_config"]["tls"]).to include({ + "key_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.key", + "ca_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/ca.crt", + "cert_file" => "/var/vcap/jobs/#{release_job}/config/certs/healthendpoint/server.crt" + }) end end end diff --git a/spec/jobs/eventgenerator/eventgenerator_spec.rb b/spec/jobs/eventgenerator/eventgenerator_spec.rb index e868cb2cd5..3fe85e2ff1 100644 --- a/spec/jobs/eventgenerator/eventgenerator_spec.rb +++ b/spec/jobs/eventgenerator/eventgenerator_spec.rb @@ -29,10 +29,7 @@ "port" => 1234 } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["port"]) end it "check eventgenerator username and password" do @@ -44,12 +41,9 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234, - "username" => "test-user", - "password" => "test-user-password"} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["port"]) + expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["username"]) + expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["eventgenerator"]["health"]["password"]) end describe "when using log-cache via https/uaa" do diff --git a/spec/jobs/metricsforwarder/metricsforwarder_spec.rb b/spec/jobs/metricsforwarder/metricsforwarder_spec.rb index 140ca46a92..0d66108e17 100644 --- a/spec/jobs/metricsforwarder/metricsforwarder_spec.rb +++ b/spec/jobs/metricsforwarder/metricsforwarder_spec.rb @@ -42,10 +42,7 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["port"]) end it "check metricsforwarder basic auth username and password" do @@ -57,12 +54,9 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234, - "username" => "test-user", - "password" => "test-user-password"} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["port"]) + expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["username"]) + expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["metricsforwarder"]["health"]["password"]) end it "has a cred helper impl by default" do diff --git a/spec/jobs/operator/operator_spec.rb b/spec/jobs/operator/operator_spec.rb index fb7ebb2264..a3dc12f463 100644 --- a/spec/jobs/operator/operator_spec.rb +++ b/spec/jobs/operator/operator_spec.rb @@ -20,10 +20,7 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["operator"]["health"]["port"]) end it "check operator basic auth username and password" do @@ -35,12 +32,9 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234, - "username" => "test-user", - "password" => "test-user-password"} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["operator"]["health"]["port"]) + expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["operator"]["health"]["username"]) + expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["operator"]["health"]["password"]) end context "uses tls" do diff --git a/spec/jobs/scalingengine/scalingengine_spec.rb b/spec/jobs/scalingengine/scalingengine_spec.rb index 1c40ad7d3b..39d4c13891 100644 --- a/spec/jobs/scalingengine/scalingengine_spec.rb +++ b/spec/jobs/scalingengine/scalingengine_spec.rb @@ -21,10 +21,7 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["port"]) end it "check scalingengine basic auth username and password" do @@ -36,12 +33,9 @@ } } - expect(rendered_template["health"]) - .to include( - {"port" => 1234, - "username" => "test-user", - "password" => "test-user-password"} - ) + expect(rendered_template["health"]["server_config"]["port"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["port"]) + expect(rendered_template["health"]["basic_auth"]["username"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["username"]) + expect(rendered_template["health"]["basic_auth"]["password"]).to eq(properties["autoscaler"]["scalingengine"]["health"]["password"]) end end diff --git a/src/autoscaler/build-extension-file.sh b/src/autoscaler/build-extension-file.sh index a1adb01176..90ec9f1644 100755 --- a/src/autoscaler/build-extension-file.sh +++ b/src/autoscaler/build-extension-file.sh @@ -40,15 +40,18 @@ _schema-version: 3.3.0 modules: - name: metricsforwarder requires: - - name: config + - name: metricsforwarder-config - name: policydb - name: syslog-client parameters: routes: - route: ${METRICSFORWARDER_APPNAME}.\${default-domain} + - name: publicapiserver + parameters: + instances: 0 resources: -- name: config +- name: metricsforwarder-config parameters: config: metricsforwarder: diff --git a/src/autoscaler/mta.tpl.yaml b/src/autoscaler/mta.tpl.yaml index 0c5f5b5122..1f96ed726b 100644 --- a/src/autoscaler/mta.tpl.yaml +++ b/src/autoscaler/mta.tpl.yaml @@ -12,7 +12,7 @@ modules: properties: GO_INSTALL_PACKAGE_SPEC: code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/cmd/metricsforwarder requires: - - name: config + - name: metricsforwarder-config - name: policydb - name: syslog-client - name: app-autoscaler-application-logs @@ -26,14 +26,39 @@ modules: builder: custom commands: - make vendor + - name: publicapiserver + type: go + path: . + properties: + GO_INSTALL_PACKAGE_SPEC: code.cloudfoundry.org/app-autoscaler/src/autoscaler/metricsforwarder/cmd/publicapiserver + requires: + - name: publicapiserver-config + - name: policydb + - name: app-autoscaler-application-logs + parameters: + memory: 1G + disk-quota: 1G + instances: 2 + stack: cflinuxfs4 + routes: + build-parameters: + builder: custom + commands: + - make vendor resources: -- name: config +- name: metricsforwarder-config type: org.cloudfoundry.user-provided-service parameters: service-tags: - - config + - metricsforwarder-config path: metricsforwarder/default_config.json +- name: publicapiserver-config + type: org.cloudfoundry.user-provided-service + parameters: + service-tags: + - publicapiserver-config + path: api/default_config.json - name: policydb type: org.cloudfoundry.user-provided-service parameters: