Skip to content

Commit

Permalink
Further refinement to reintroduced cflinuxfs3 support
Browse files Browse the repository at this point in the history
  • Loading branch information
@dennisjbell
dennisjbell committed Dec 14, 2023
1 parent 9ca0911 commit 3580e57
Show file tree
Hide file tree
Showing 7 changed files with 32 additions and 15 deletions.
9 changes: 6 additions & 3 deletions hooks/blueprint
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,8 @@ dynamic::isolation::segments() {
'.isolation_segments[] | select( .name == $v ) | .additional_trusted_certs//[] | length > 0' <<<"$1" &>/dev/null
then
additional_trusted_certs="$(dynamic::isolation::template::render "additional-trusted-certs" "$group")"
want_feature cflinuxfs3 &&
additional_trusted_certs+=" $(dynamic::isolation::template::render "additional-trusted-certs-cflinuxfs3" "$group")"
want_feature ocfp &&
additional_trusted_certs+=" $(dynamic::isolation::template::render "ocfp-trusted-certs" "$group")"
fi
Expand Down Expand Up @@ -725,9 +727,10 @@ features::process() {
;;
(trust-blacksmith-ca)
manifests+=( "overlay/addons/trust-blacksmith-ca.yml" )
if want_feature ocfp
then manifests+=( "ocfp/trust-blacksmith-ca.yml" )
fi
want_feature cflinuxfs3 && \
manifests+=( "overlay/addons/trust-blacksmith-ca-cflinuxfs3.yml" )
want_feature ocfp && \
manifests+=( "ocfp/trust-blacksmith-ca.yml" )
;;
(app-autoscaler-integration)
manifests+=( "overlay/addons/autoscaler.yml" )
Expand Down
2 changes: 1 addition & 1 deletion operations/use-cflinuxfs3.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@
path: /instance_groups/name=scheduler/jobs/name=cc_deployment_updater/properties/cc/diego/lifecycle_bundles/buildpack~1cflinuxfs3?
value: buildpack_app_lifecycle/buildpack_app_lifecycle.tgz
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs3-rootfs-setup?
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup:before
value:
name: cflinuxfs3-rootfs-setup
properties:
Expand Down
4 changes: 4 additions & 0 deletions overlay/addons/trust-blacksmith-ca-cflinuxfs3.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs3-rootfs-setup/properties/cflinuxfs3-rootfs/trusted_certs/-
value: (( vault $GENESIS_EXODUS_MOUNT genesis.env "/blacksmith:blacksmith_ca" ))
2 changes: 1 addition & 1 deletion overlay/addons/trust-blacksmith-ca.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs3-rootfs-setup/properties/cflinuxfs3-rootfs/trusted_certs/-
path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs/-
value: (( vault $GENESIS_EXODUS_MOUNT genesis.env "/blacksmith:blacksmith_ca" ))
- type: replace
path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates/-
Expand Down
8 changes: 8 additions & 0 deletions overlay/dynamic-templates/isolation-segment-additional-trusted-certs-cflinuxfs3.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
---
instance_groups:
- name: (( grab meta.name ))
jobs:
- name: cflinuxfs3-rootfs-setup
properties:
cflinuxfs3-rootfs:
trusted_certs: (( defer grab params.isolation_segments.{{segment-name}}.base_trusted_certs params.isolation_segments.{{segment-name}}.additional_trusted_certs ))
4 changes: 2 additions & 2 deletions overlay/dynamic-templates/isolation-segment-additional-trusted-certs.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ params:
instance_groups:
- name: (( grab meta.name ))
jobs:
- name: cflinuxfs3-rootfs-setup
- name: cflinuxfs4-rootfs-setup
properties:
cflinuxfs3-rootfs:
cflinuxfs4-rootfs:
trusted_certs: (( defer grab params.isolation_segments.{{segment-name}}.base_trusted_certs params.isolation_segments.{{segment-name}}.additional_trusted_certs ))
- name: rep
properties:
Expand Down
18 changes: 10 additions & 8 deletions overlay/dynamic-templates/isolation-segment-cflinuxfs3.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,14 +17,7 @@ meta:
instance_groups:
- name: (( grab meta.name ))
jobs:
- name: cflinuxfs3-rootfs-setup
release: cflinuxfs3
properties:
cflinuxfs3-rootfs:
trusted_certs:
- ((diego_instance_identity_ca.ca))
- ((credhub_tls.ca))
- ((uaa_ssl.ca))
- (( merge on name ))
- name: rep
release: diego
properties:
Expand All @@ -33,3 +26,12 @@ instance_groups:
preloaded_rootfses:
- (( prepend ))
- cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar
- (( insert before "cflinuxfs4-rootfs-setup" ))
- name: cflinuxfs3-rootfs-setup
release: cflinuxfs3
properties:
cflinuxfs3-rootfs:
trusted_certs:
- ((diego_instance_identity_ca.ca))
- ((credhub_tls.ca))
- ((uaa_ssl.ca))

0 comments on commit 3580e57

Please sign in to comment.