diff --git a/cloud_controller/Gemfile b/cloud_controller/Gemfile index f0f94b3..cdb64bd 100644 --- a/cloud_controller/Gemfile +++ b/cloud_controller/Gemfile @@ -11,7 +11,7 @@ gem 'logging', '>= 1.5.0' gem 'vcap_common', :require => ['vcap/common', 'vcap/component'] gem 'vcap_logging', :require => ['vcap/logging'] gem 'vcap_staging' -gem 'cf-uaa-client', '>= 0.0.5' +gem 'cf-uaa-client', '>= 0.0.6' # For queuing staging tasks gem 'em-hiredis' diff --git a/cloud_controller/Gemfile.lock b/cloud_controller/Gemfile.lock index 943fee1..8725883 100644 --- a/cloud_controller/Gemfile.lock +++ b/cloud_controller/Gemfile.lock @@ -33,7 +33,7 @@ GEM arel (2.0.9) bcrypt-ruby (2.1.4) builder (2.1.2) - cf-uaa-client (0.0.5) + cf-uaa-client (0.0.6) em-http-request (= 1.0.0.beta.3) eventmachine json_pure @@ -157,7 +157,7 @@ PLATFORMS DEPENDENCIES SystemTimer (~> 1.2) bcrypt-ruby (~> 2.1.4) - cf-uaa-client (>= 0.0.5) + cf-uaa-client (>= 0.0.6) ci_reporter delorean em-hiredis diff --git a/cloud_controller/vendor/cache/cf-uaa-client-0.0.5.gem b/cloud_controller/vendor/cache/cf-uaa-client-0.0.5.gem deleted file mode 100644 index 6dd30d2..0000000 Binary files a/cloud_controller/vendor/cache/cf-uaa-client-0.0.5.gem and /dev/null differ diff --git a/cloud_controller/vendor/cache/cf-uaa-client-0.0.6.gem b/cloud_controller/vendor/cache/cf-uaa-client-0.0.6.gem new file mode 100644 index 0000000..d4e28d8 Binary files /dev/null and b/cloud_controller/vendor/cache/cf-uaa-client-0.0.6.gem differ diff --git a/cloud_controller/vendor/cache/vcap_common-1.0.9.gem b/cloud_controller/vendor/cache/vcap_common-1.0.9.gem deleted file mode 100644 index f548f2f..0000000 Binary files a/cloud_controller/vendor/cache/vcap_common-1.0.9.gem and /dev/null differ diff --git a/dev_setup/cookbooks/uaa/attributes/default.rb b/dev_setup/cookbooks/uaa/attributes/default.rb index b00b4c9..00506f5 100644 --- a/dev_setup/cookbooks/uaa/attributes/default.rb +++ b/dev_setup/cookbooks/uaa/attributes/default.rb @@ -1,21 +1,11 @@ include_attributes "uaadb" default[:uaadb][:host] = "localhost" -# scim password => "scimsecret" -default[:uaa][:scim][:secret] = "$2a$08$duCE9bFm.duhfe6IrjC0Q.zIvJ9DfjBPhCcuJDj9fUVXaNjNeK5fi" - -# my client password => "myclientsecret" -default[:uaa][:my][:secret] = "$2a$08$fsPmrV9zHPU14qpPR1c49.GVRL8JvW33y1qlYFwiZWX4M8vM36bBW" - -# app client password => "appclientsecret" -default[:uaa][:app][:secret] = "$2a$08$Q7ZoYHasNrVzeaZ1Vjgau.2LsOJeDm7.KlCU9w3xZMDa60WYLfVom" - -# cloud controller client secret is the bcrypted password -# uaa expects it bcrypted, but client must have it in the clear -default[:uaa][:cloud_controller][:secret] = "$2a$08$BoWTL27.xae6li/bF3pybOGkEPk8v9LBwudhyuPc4DvvrFS4.TKv6" -default[:uaa][:cloud_controller][:password] = "cloudcontrollersecret" - default[:uaa][:jwt_secret] = "uaa_jwt_secret" default[:uaa][:batch][:username] = "batch_user" -default[:uaa][:batch][:secret] = "batch_password" +default[:uaa][:batch][:password] = "batch_password" + +# uaa client registration bootstrap +default[:uaa][:admin][:password] = "adminsecret" +default[:uaa][:cloud_controller][:password] = "cloudcontrollersecret" diff --git a/dev_setup/cookbooks/uaa/templates/default/uaa.yml.erb b/dev_setup/cookbooks/uaa/templates/default/uaa.yml.erb index 00f185f..843be72 100644 --- a/dev_setup/cookbooks/uaa/templates/default/uaa.yml.erb +++ b/dev_setup/cookbooks/uaa/templates/default/uaa.yml.erb @@ -10,20 +10,9 @@ database: url: jdbc:postgresql://<%= node[:uaadb][:host] %>:<%= node[:uaadb][:port] %>/<%= node[:uaadb][:database] %> jvm_args: -Xmx512m -spring_profiles: jdbc,postgresql,!legacy - -bootstrap: - admin: - username: marissa - password: $2a$10$ikFXo9IFG6zbMbhGcssySOhjDsGPpqzKwsdVOeCvJ7JoWjSQxyfs6 - given_name: Marissa - family_name: Bloggs - email: marissa@test.org +spring_profiles: postgresql cloud_controller: - login_url: http://api.vcap.me/users/{username}/tokens - client: - secret: <%= node[:uaa][:cloud_controller][:secret] %> database: url: jdbc:postgresql://<%= node[:ccdb][:host] %>:<%= node[:ccdb][:port] %>/<%= node[:ccdb][:database] %> username: <%= node[:ccdb][:user] %> @@ -33,18 +22,30 @@ jwt: token: key: <%= node[:uaa][:jwt_secret] %> -app: - client: - secret: <%= node[:uaa][:app][:secret] %> - -my: - client: - secret: <%= node[:uaa][:my][:secret] %> - -scim: - client: - secret: <%= node[:uaa][:scim][:secret] %> - batch: username: <%= node[:uaa][:batch][:username] %> - password: <%= node[:uaa][:batch][:secret] %> + password: <%= node[:uaa][:batch][:password] %> + +oauth: + clients: + admin: + authorized-grant-types: client_credentials + scope: read,write,password + authorities: ROLE_CLIENT,ROLE_ADMIN + id: admin + secret: <%= node[:uaa][:admin][:password] %> + resource-ids: scim,password,tokens,clients,openid + cloud_controller: + authorized-grant-types: client_credentials + scope: read,write,password + authorities: ROLE_CLIENT,ROLE_ADMIN + id: cloud_controller + secret: <%= node[:uaa][:cloud_controller][:password] %> + resource-ids: scim,password,tokens + vmc: + authorized-grant-types: implicit + scope: read,password + authorities: ROLE_UNTRUSTED + id: vmc + resource-ids: cloud_controller,openid,password + redirect-uri: http://uaa.cloudfoundry.com/redirect/vmc diff --git a/health_manager/Gemfile b/health_manager/Gemfile index a7fb1c8..385ec16 100644 --- a/health_manager/Gemfile +++ b/health_manager/Gemfile @@ -13,7 +13,7 @@ gem 'logging', '>= 1.5.0' gem 'vcap_common', '>= 1.0.6' gem 'vcap_logging', :require => ['vcap/logging'] -gem 'cf-uaa-client', '>= 0.0.5' +gem 'cf-uaa-client', '>= 0.0.6' group :test do gem "rspec" diff --git a/health_manager/Gemfile.lock b/health_manager/Gemfile.lock index 71deb2c..a38eaad 100644 --- a/health_manager/Gemfile.lock +++ b/health_manager/Gemfile.lock @@ -3,7 +3,7 @@ GEM specs: addressable (2.2.6) builder (3.0.0) - cf-uaa-client (0.0.5) + cf-uaa-client (0.0.6) em-http-request (= 1.0.0.beta.3) eventmachine json_pure @@ -25,7 +25,7 @@ GEM little-plugger (1.1.3) logging (1.6.2) little-plugger (>= 1.1.3) - mime-types (1.17.2) + mime-types (1.18) nats (0.4.22.beta.8) daemons (>= 1.1.4) eventmachine (>= 0.12.10) @@ -63,7 +63,7 @@ PLATFORMS DEPENDENCIES bundler (>= 1.0.10) - cf-uaa-client (>= 0.0.5) + cf-uaa-client (>= 0.0.6) ci_reporter em-http-request (~> 1.0.0.beta.3) eventmachine diff --git a/health_manager/vendor/cache/cf-uaa-client-0.0.5.gem b/health_manager/vendor/cache/cf-uaa-client-0.0.5.gem deleted file mode 100644 index 6dd30d2..0000000 Binary files a/health_manager/vendor/cache/cf-uaa-client-0.0.5.gem and /dev/null differ diff --git a/health_manager/vendor/cache/cf-uaa-client-0.0.6.gem b/health_manager/vendor/cache/cf-uaa-client-0.0.6.gem new file mode 100644 index 0000000..d4e28d8 Binary files /dev/null and b/health_manager/vendor/cache/cf-uaa-client-0.0.6.gem differ diff --git a/health_manager/vendor/cache/mime-types-1.17.2.gem b/health_manager/vendor/cache/mime-types-1.17.2.gem deleted file mode 100644 index fbb5011..0000000 Binary files a/health_manager/vendor/cache/mime-types-1.17.2.gem and /dev/null differ diff --git a/health_manager/vendor/cache/mime-types-1.18.gem b/health_manager/vendor/cache/mime-types-1.18.gem new file mode 100644 index 0000000..80a2dd8 Binary files /dev/null and b/health_manager/vendor/cache/mime-types-1.18.gem differ diff --git a/uaa b/uaa index 6430068..f81c3cb 160000 --- a/uaa +++ b/uaa @@ -1 +1 @@ -Subproject commit 64300683679150ca69583859c190b2d7c005b252 +Subproject commit f81c3cb58adeb623ec5767355a5104a86f98995a