Merge auth_deployment branch into master.

don't update old vcap_setup
Amended to address Jesse's review comments.
Amended to remove submodule update for services.

Change-Id: Id22dbb005275b99017d132ed6e50f4035e394206

.gitmodules

@@ -7,3 +7,9 @@
 [submodule "java"]
 	path = java
 	url = git@github.com:vmware-ac/vcap-java.git
+[submodule "uaa"]
+	path = uaa
+	url = git@github.com:vmware-ac/uaa.git
+[submodule "acm"]
+	path = acm
+	url = git@github.com:vmware-ac/acm.git

acm

@@ -0,0 +1 @@
+Subproject commit adb874b80b6b97b4898f1980be3eb444014e0524

bin/acm

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+# Copyright (c) 2009-2011 VMware, Inc.
+
+exec(File.expand_path("../../acm/bin/acm", __FILE__), *ARGV)

bin/uaa

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+# Copyright (c) 2009-2011 VMware, Inc.
+
+exec(File.expand_path("../../uaa/bin/uaa", __FILE__), *ARGV)

bin/vcap

@@ -12,6 +12,8 @@
 # - stager
 # - package_cache
 # - dea
+# - uaa
+# - acm
 #
 # services
 # - redis
@@ -437,7 +439,7 @@ module Run
   private
 
   def self.core
-    %w(router cloud_controller dea health_manager stager package_cache)
+    %w(router cloud_controller dea health_manager stager uaa acm package_cache)
   end
 
   def self.services
@@ -598,6 +600,7 @@ opts_parser = OptionParser.new do |opts|
   opts.on('--noprompt', '-n')                      { $noprompt = true }
 
 end
+$configdir ||= ENV['CLOUD_FOUNDRY_CONFIG_PATH']
 args = opts_parser.parse!(args)
 
 $nocolor = true unless STDOUT.tty?

dev_setup/bin/vcap

@@ -10,6 +10,8 @@
 # - cloud_controller
 # - health_manager
 # - dea
+# - uaa
+# - acm
 #
 # services
 # - redis
@@ -390,7 +392,7 @@ module Run
   private
 
   def self.core
-    %w(router cloud_controller dea health_manager)
+    %w(router cloud_controller dea health_manager uaa acm)
   end
 
   def self.services

dev_setup/cookbooks/acm/README.rdoc

@@ -0,0 +1,7 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:

dev_setup/cookbooks/acm/attributes/default.rb

@@ -0,0 +1 @@
+include_attribute "acmdb"

dev_setup/cookbooks/acm/metadata.rb

@@ -0,0 +1,6 @@
+maintainer       "VMWare"
+maintainer_email "support@vmware.com"
+license          "Apache 2.0"
+description      "Installs/Configures ACM"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version          "0.0.1"

dev_setup/cookbooks/acm/recipes/default.rb

@@ -0,0 +1,26 @@
+#
+# Cookbook Name:: acm
+# Recipe:: default
+#
+# Copyright 2011, VMWARE
+#
+#
+
+gem_package "pg" do
+  ignore_failure true
+  gem_binary File.join(node[:ruby][:path], "bin", "gem")
+end
+
+gem_package "postgres" do
+  ignore_failure true
+  gem_binary File.join(node[:ruby][:path], "bin", "gem")
+end
+
+template "acm.yml" do
+  path File.join(node[:deployment][:config_path], "acm.yml")
+  source "acm.yml.erb"
+  owner node[:deployment][:user]
+  mode 0644
+end
+
+cf_bundle_install(File.expand_path(File.join(node["cloudfoundry"]["path"], "acm")))

dev_setup/cookbooks/acm/templates/default/acm.yml.erb

@@ -0,0 +1,14 @@
+---
+pid: /var/vcap/sys/run/acm.pid
+name: ACM
+port: 9090
+logging:
+  level: DEBUG
+  file: /tmp/acm.log
+db:
+  database: <%= "\"postgres://#{node[:acmdb][:user]}:#{node[:acmdb][:password]}@#{node[:acmdb][:host]}:#{node[:acmdb][:port]}/#{node[:acmdb][:database]}\"" %>
+  max_connections: 10
+  pool_timeout: 2000
+basic_auth:
+  user: 'basic auth user key goes here'
+  password: 'basic auth password key goes here'

dev_setup/cookbooks/acmdb/README.rdoc

@@ -0,0 +1,7 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:

dev_setup/cookbooks/acmdb/attributes/default.rb

@@ -0,0 +1,7 @@
+include_attribute "postgresql"
+default[:acmdb][:user] = "root"
+default[:acmdb][:password] = "changeme"
+default[:acmdb][:database] = "acm"
+default[:acmdb][:port] = "5432"
+default[:acmdb][:adapter] = "postgresql"
+default[:acmdb][:data_dir] = File.join(node[:deployment][:home], "acmdb_data_dir")

dev_setup/cookbooks/acmdb/metadata.rb

@@ -0,0 +1,8 @@
+maintainer       "VMware"
+maintainer_email "support@vmware.com"
+license          "Apache 2.0"
+description      "Installs/Configures ACM Database"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version          "0.0.1"
+
+depends          "postgresql"

dev_setup/cookbooks/acmdb/recipes/default.rb

@@ -0,0 +1,9 @@
+#
+# Cookbook Name:: acmdb
+# Recipe:: default
+#
+# Copyright 2011, VMware
+#
+#
+cf_pg_update_hba_conf(node[:acmdb][:database], node[:acmdb][:user])
+cf_pg_setup_db(node[:acmdb][:database], node[:acmdb][:user], node[:acmdb][:password])

dev_setup/cookbooks/deployment/recipes/default.rb

@@ -7,6 +7,8 @@
 
 node[:nats_server][:host] ||= cf_local_ip
 node[:ccdb][:host] ||= cf_local_ip
+node[:acmdb][:host] ||= cf_local_ip
+node[:uaadb][:host] ||= cf_local_ip
 node[:postgresql][:host] ||= cf_local_ip
 
 [node[:deployment][:home], File.join(node[:deployment][:home], "deploy"), node[:deployment][:log_path],
@@ -24,7 +26,7 @@ end
 var_vcap = File.join("", "var", "vcap")
 [var_vcap, File.join(var_vcap, "sys"), File.join(var_vcap, "db"), File.join(var_vcap, "services"),
  File.join(var_vcap, "data"), File.join(var_vcap, "data", "cloud_controller"),
- File.join(var_vcap, "sys", "log"), File.join(var_vcap, "data", "cloud_controller", "tmp"),
+ File.join(var_vcap, "sys", "log"), File.join(var_vcap, "sys", "run"), File.join(var_vcap, "data", "cloud_controller", "tmp"),
  File.join(var_vcap, "data", "cloud_controller", "staging"),
  File.join(var_vcap, "data", "db"), File.join("", "var", "vcap.local"),
  File.join("", "var", "vcap.local", "staging")].each do |dir|

dev_setup/cookbooks/java/recipes/default.rb

@@ -21,7 +21,7 @@ when "ubuntu"
     end
   end
 
-  %w[ curl sun-java6-bin sun-java6-jre sun-java6-jdk].each do |pkg|
+  %w[ curl sun-java6-jdk].each do |pkg|
     package pkg do
       not_if do
         ::File.exists?("/usr/bin/java")

dev_setup/cookbooks/maven/README.md

@@ -0,0 +1,49 @@
+Description
+===========
+
+Installs and configures Apache Maven
+
+Requirements
+============
+
+Platform:
+
+* Debian, Ubuntu, CentOS, Red Hat, Fedora
+
+The following Opscode cookbooks are dependencies:
+
+* java
+* jpackage
+
+Attributes
+==========
+
+Usage
+=====
+
+Simply include the recipe where you want Apache Maven installed.
+
+TODO
+====
+
+* plugin support
+* global config template - %M2_HOME%/conf/settings.xml
+
+License and Author
+==================
+
+Author:: Seth Chisamore (<schisamo@opscode.com>)
+
+Copyright 2010, Opscode, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

dev_setup/cookbooks/maven/metadata.json

@@ -0,0 +1,50 @@
+{
+  "providing": {
+  },
+  "maintainer": "Opscode, Inc.",
+  "replacing": {
+  },
+  "description": "Installs/Configures maven",
+  "maintainer_email": "cookbooks@opscode.com",
+  "groupings": {
+  },
+  "attributes": {
+  },
+  "recommendations": {
+  },
+  "dependencies": {
+    "java": [
+
+    ],
+    "jpackage": [
+
+    ]
+  },
+  "suggestions": {
+  },
+  "long_description": "Description\n===========\n\nInstalls and configures Apache Maven\n\nRequirements\n============\n\nPlatform: \n\n* Debian, Ubuntu, CentOS, Red Hat, Fedora\n\nThe following Opscode cookbooks are dependencies:\n\n* java\n* jpackage\n\nAttributes\n==========\n\nUsage\n=====\n\nSimply include the recipe where you want Apache Maven installed.\n\nTODO\n====\n\n* plugin support\n* global config template - %M2_HOME%/conf/settings.xml\n\nLicense and Author\n==================\n\nAuthor:: Seth Chisamore (<schisamo@opscode.com>)\n\nCopyright 2010, Opscode, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n\n",
+  "platforms": {
+    "debian": [
+
+    ],
+    "fedora": [
+
+    ],
+    "centos": [
+
+    ],
+    "ubuntu": [
+
+    ],
+    "redhat": [
+
+    ]
+  },
+  "name": "maven",
+  "version": "0.10.0",
+  "conflicting": {
+  },
+  "license": "Apache 2.0",
+  "recipes": {
+  }
+}

dev_setup/cookbooks/maven/metadata.rb

@@ -0,0 +1,14 @@
+maintainer       "Opscode, Inc."
+maintainer_email "cookbooks@opscode.com"
+license          "Apache 2.0"
+description      "Installs/Configures maven"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
+version          "0.10.0"
+
+%w{ java }.each do |cb|
+  depends cb
+end
+
+%w{ debian ubuntu centos redhat fedora }.each do |os|
+  supports os
+end

dev_setup/cookbooks/maven/recipes/default.rb

@@ -0,0 +1,29 @@
+#
+# Cookbook Name:: maven
+# Recipe:: default
+#
+# Copyright 2010, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+include_recipe "java"
+
+case node.platform
+when "redhat", "centos", "fedora"
+  include_recipe "jpackage"
+end
+
+package "maven2" do
+  action :install
+end

dev_setup/cookbooks/uaa/README.rdoc

@@ -0,0 +1,7 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:

dev_setup/cookbooks/uaa/attributes/default.rb

@@ -0,0 +1,14 @@
+include_attributes "uaadb"
+default[:uaadb][:host] = "localhost"
+
+# varz password => "varzclientsecret"
+default[:uaa][:varz][:secret] = "$2a$08$x7OrEpKbVFTyg.pwEmQ48.I486F08gKCi5JzhZxhAEjotnpX2kgdO"
+
+# scim password => "scimsecret"
+default[:uaa][:scim][:secret] = "$2a$08$duCE9bFm.duhfe6IrjC0Q.zIvJ9DfjBPhCcuJDj9fUVXaNjNeK5fi"
+
+# my client password => "myclientsecret"
+default[:uaa][:my][:secret] = "$2a$08$fsPmrV9zHPU14qpPR1c49.GVRL8JvW33y1qlYFwiZWX4M8vM36bBW"
+
+# app client password => "appclientsecret"
+default[:uaa][:app][:secret] = "$2a$08$Q7ZoYHasNrVzeaZ1Vjgau.2LsOJeDm7.KlCU9w3xZMDa60WYLfVom"

dev_setup/cookbooks/uaa/metadata.rb

@@ -0,0 +1,8 @@
+maintainer       "VMWare"
+maintainer_email "support@vmware.com"
+license          "Apache 2.0"
+description      "Installs/Configures UAA"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version          "0.0.1"
+
+depends          "uaadb"

dev_setup/cookbooks/uaa/recipes/default.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: uaa
+# Recipe:: default
+#
+# Copyright 2011, VMWARE
+#
+#
+
+template "uaa.yml" do
+  path File.join(node[:deployment][:config_path], "uaa.yml")
+  source "uaa.yml.erb"
+  owner node[:deployment][:user]
+  mode 0644
+end
+
+bash "Grab dependencies for UAA" do
+  user node[:deployment][:user]
+  not_if "[ -d ~/.m2/repository/org/cloudfoundry/runtime ]"
+  cwd "#{node[:cloudfoundry][:path]}/uaa"
+  code "mvn install -U -DskipTests=true"
+end

dev_setup/cookbooks/uaa/templates/default/uaa.yml.erb

@@ -0,0 +1,42 @@
+---
+
+pid: /var/vcap/sys/run/uaa.pid
+# NATS message bus URI
+mbus: nats://<%= node[:nats_server][:user] %>:<%= node[:nats_server][:password] %>@<%= node[:nats_server][:host] %>:<%= node[:nats_server][:port] %>/
+
+name: UAA
+
+database:
+  url: jdbc:postgresql://<%= node[:uaadb][:host] %>:<%= node[:uaadb][:port] %>/<%= node[:uaadb][:database] %>
+
+jvm_args: -Xmx512m
+spring_profiles: jdbc,postgresql,legacy
+
+bootstrap:
+  admin:
+    username: marissa
+    password: $2a$10$ikFXo9IFG6zbMbhGcssySOhjDsGPpqzKwsdVOeCvJ7JoWjSQxyfs6
+    given_name: Marissa
+    familay_name: Bloggs
+    email: marissa@test.org
+
+cloud_controller:
+  login_url: http://api.vcap.me/users/{username}/tokens
+
+varz:
+  client:
+    secret: <%= node[:uaa][:varz][:secret] %>
+    username: varz
+    password: <%= node[:uaa][:varz][:password] %>
+
+app:
+  client:
+    secret: <%= node[:uaa][:app][:secret] %>
+
+my:
+  client:
+    secret: <%= node[:uaa][:my][:secret] %>
+
+scim:
+  client:
+    secret: <%= node[:uaa][:scim][:secret] %>

dev_setup/cookbooks/uaadb/README.rdoc

@@ -0,0 +1,7 @@
+= DESCRIPTION:
+
+= REQUIREMENTS:
+
+= ATTRIBUTES:
+
+= USAGE:

dev_setup/cookbooks/uaadb/attributes/default.rb

@@ -0,0 +1,7 @@
+include_attribute "postgresql"
+default[:uaadb][:user] = "root"
+default[:uaadb][:password] = "changeme"
+default[:uaadb][:database] = "uaa"
+default[:uaadb][:port] = "5432"
+default[:uaadb][:adapter] = "postgresql"
+default[:uaadb][:data_dir] = File.join(node[:deployment][:home], "uaadb_data_dir")

dev_setup/cookbooks/uaadb/metadata.rb

@@ -0,0 +1,8 @@
+maintainer       "VMware"
+maintainer_email "support@vmware.com"
+license          "Apache 2.0"
+description      "Installs/Configures UAA Database"
+long_description IO.read(File.join(File.dirname(__FILE__), 'README.rdoc'))
+version          "0.0.1"
+
+depends          "postgresql"

dev_setup/cookbooks/uaadb/recipes/default.rb

@@ -0,0 +1,9 @@
+#
+# Cookbook Name:: uaadb
+# Recipe:: default
+#
+# Copyright 2011, VMware
+#
+#
+cf_pg_update_hba_conf(node[:uaadb][:database], node[:uaadb][:user])
+cf_pg_setup_db(node[:uaadb][:database], node[:uaadb][:user], node[:uaadb][:password])

dev_setup/lib/job_dependency.rake

@@ -1,5 +1,5 @@
 class JobManager
-  [NATS, CF, CCDB].each do |job|
+  [NATS, CF, CCDB, ACMDB, UAADB].each do |job|
     task job.to_sym do
       install(job)
     end
@@ -11,7 +11,7 @@ class JobManager
     end
   end
 
-  [ROUTER, DEA].each do |job|
+  [ROUTER, DEA, UAA, ACM].each do |job|
     task job.to_sym => [CF.to_sym, NATS.to_sym] do
       install(job)
     end

dev_setup/lib/job_manager.rb

@@ -15,6 +15,10 @@ class JobManager
   CF = "cloudfoundry"
   HM = "health_manager"
   DEA = "dea"
+  UAA = "uaa"
+  UAADB = "uaadb"
+  ACM = "acm"
+  ACMDB = "acmdb"
 
   SERVICES = ["redis", "mysql", "mongodb", "neo4j"]
   SERVICES_NODE = SERVICES.map do |service|
@@ -29,7 +33,7 @@ class JobManager
   end
 
   # All supported jobs
-  JOBS = [ALL, NATS, ROUTER, CF, CC, HM, DEA, CCDB] + SERVICES_NODE + SERVICES_GATEWAY
+  JOBS = [ALL, NATS, ROUTER, CF, CC, HM, DEA, CCDB, UAA, UAADB, ACM, ACMDB] + SERVICES_NODE + SERVICES_GATEWAY
   SYSTEM_JOB = [CF]
 
   # List of the required properties for jobs
@@ -49,7 +53,7 @@ class JobManager
     SERVICE_GATEWAY_RUN_COMPONENTS[gateway] = gateway
   end
 
-  RUN_COMPONENTS = {ROUTER => ROUTER, CC => CC, HM => HM, DEA => DEA}.update(SERVICE_NODE_RUN_COMPONENTS).update(SERVICE_GATEWAY_RUN_COMPONENTS)
+  RUN_COMPONENTS = {ROUTER => ROUTER, CC => CC, HM => HM, DEA => DEA, UAA => UAA, ACM => ACM}.update(SERVICE_NODE_RUN_COMPONENTS).update(SERVICE_GATEWAY_RUN_COMPONENTS)
 
   class << self
     if defined?(Rake::DSL)

dev_setup/roles/acm.json

@@ -0,0 +1,12 @@
+{
+  "name": "acm",
+  "default_attributes": {},
+  "override_attributes": {},
+  "json_class": "Chef::Role",
+  "description": "Authorization Control Manager",
+  "chef_type": "role",
+  "run_list" : ["recipe[deployment]",
+                "recipe[essentials]",
+                "recipe[ruby]",
+                "recipe[acm]"]
+}

dev_setup/roles/acmdb.json

@@ -0,0 +1,14 @@
+{
+  "name": "acmdb",
+  "default_attributes": {
+    "services" : [ "postgresql" ],
+    "service_components" : ["postgresql_node", "postgresql_backup"]
+  },
+  "override_attributes": {},
+  "json_class": "Chef::Role",
+  "description": "ACM Database",
+  "chef_type": "role",
+  "run_list" : ["recipe[deployment]",
+                "recipe[postgresql]",
+                "recipe[acmdb]"]
+}

dev_setup/roles/uaa.json

@@ -0,0 +1,17 @@
+{
+  "name": "uaa",
+  "default_attributes": {
+    "services" : [ "postgresql" ],
+    "service_components" : ["postgresql_node", "postgresql_backup"]
+  },
+  "override_attributes": {},
+  "json_class": "Chef::Role",
+  "description": "User Account and Authentication Service",
+  "chef_type": "role",
+  "run_list" : ["recipe[deployment]",
+                "recipe[essentials]",
+                "recipe[postgresql]",
+                "recipe[java]",
+                "recipe[maven]",
+                "recipe[uaa]"]
+}

dev_setup/roles/uaadb.json

@@ -0,0 +1,14 @@
+{
+  "name": "uaadb",
+  "default_attributes": {
+    "services" : [ "postgresql" ],
+    "service_components" : ["postgresql_node", "postgresql_backup"]
+  },
+  "override_attributes": {},
+  "json_class": "Chef::Role",
+  "description": "UAA Database",
+  "chef_type": "role",
+  "run_list" : ["recipe[deployment]",
+                "recipe[postgresql]",
+                "recipe[uaadb]"]
+}

rakelib/core_components.rake

@@ -9,7 +9,7 @@ module CoreComponents
   end
 
   def components
-    %w[cloud_controller dea health_manager router stager services/redis services/mysql services/mongodb services/postgresql services/neo4j]
+    %w[cloud_controller dea health_manager router stager acm services/redis services/mysql services/mongodb services/postgresql services/neo4j]
   end
 
   def dirs

uaa

@@ -0,0 +1 @@
+Subproject commit ac05e7176edca315dca7680fe04b6beba1ae0f09