Initial commit of working service

cfid · Nov 12, 2012 · d4e8d6b · d4e8d6b
commit d4e8d6b
Show file tree

Hide file tree

Showing 16 changed files with 855 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,7 @@
+*.gem
+.bundle
+pkg/*
+vendor/
+*~
+#*
+dev.yml
diff --git a/Gemfile b/Gemfile
@@ -0,0 +1,12 @@
+source "http://rubygems.org"
+
+gem 'eventmachine', :git => 'git://github.com/cloudfoundry/eventmachine.git', :branch => 'release-0.12.11-cf'
+gem 'vcap_common', :require => ['vcap/common', 'vcap/component'], :git => 'git://github.com/cloudfoundry/vcap-common.git', :ref => 'fd6b6d91'
+gem 'vcap_logging', :require => ['vcap/logging'], :git => 'git://github.com/cloudfoundry/common.git', :ref => 'b96ec1192'
+gem 'vcap_services_base', :git => 'git://github.com/dsyer/vcap-services-base.git', :ref => 'debugging'
+gem 'warden-client', :require => ['warden/client'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => '21f9a32ab50'
+gem 'warden-protocol', :require => ['warden/protocol'], :git => 'git://github.com/cloudfoundry/warden.git', :ref => '21f9a32ab50'
+gem 'cf-uaa-client', :git => 'git://github.com/cloudfoundry/uaa.git', :ref => 'master'
+
+# Specify your gem's dependencies in test_service.gemspec
+gemspec
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -0,0 +1,225 @@
+GIT
+  remote: git://github.com/cloudfoundry/common.git
+  revision: b96ec1192d961925d91e17ca3831f8547489d918
+  ref: b96ec1192
+  specs:
+    vcap_logging (1.0.2)
+      rake
+
+GIT
+  remote: git://github.com/cloudfoundry/eventmachine.git
+  revision: 2806c630d8631d5dcf9fb2555f665b829052aabe
+  branch: release-0.12.11-cf
+  specs:
+    eventmachine (0.12.11.cloudfoundry.3)
+
+GIT
+  remote: git://github.com/cloudfoundry/uaa.git
+  revision: 2bdf250144723ab572626d4b6c3535a16fb5470a
+  ref: master
+  specs:
+    cf-uaa-client (1.2.5)
+      em-http-request (>= 1.0.0.beta.3)
+      eventmachine
+      highline
+      launchy
+      rest-client
+      yajl-ruby
+
+GIT
+  remote: git://github.com/cloudfoundry/vcap-common.git
+  revision: fd6b6d91b19c551cf5091c8469595df923dd2612
+  ref: fd6b6d91
+  specs:
+    vcap_common (2.0.7)
+      em-http-request (~> 1.0.0.beta3)
+      eventmachine
+      httpclient
+      membrane (~> 0.0.2)
+      mime-types
+      multipart-post
+      nats (~> 0.4.24)
+      posix-spawn (~> 0.3.6)
+      thin
+      yajl-ruby (~> 0.8.3)
+
+GIT
+  remote: git://github.com/cloudfoundry/warden.git
+  revision: 21f9a32ab501a6485c9a4e7aff4f9b6f40e31e3c
+  ref: 21f9a32ab50
+  specs:
+    warden-client (0.0.6)
+      warden-protocol
+    warden-protocol (0.0.5)
+      beefcake
+
+GIT
+  remote: git://github.com/dsyer/vcap-services-base.git
+  revision: 8ac662cde534771230fd1661af0c908eaa781ad5
+  ref: debugging
+  specs:
+    vcap_services_base (0.1.16)
+      curb (~> 0.7.16)
+      datamapper (~> 1.1.0)
+      do_sqlite3 (~> 0.10.3)
+      em-http-request (~> 1.0.0.beta.3)
+      eventmachine (~> 0.12.11.cloudfoundry.3)
+      eventmachine_httpserver (~> 0.2.1)
+      json (~> 1.4.6)
+      nats (~> 0.4.22.beta.8)
+      resque (~> 1.20)
+      resque-status (~> 0.3.2)
+      ruby-hmac (~> 0.4.0)
+      rubyzip (~> 0.9.8)
+      sinatra (~> 1.2.3)
+      thin (~> 1.3.1)
+      uuidtools (~> 2.1.2)
+      vcap_common (>= 1.0.8)
+      vcap_logging (>= 1.0.2)
+      warden-client (~> 0.0.6)
+      warden-protocol (~> 0.0.5)
+
+PATH
+  remote: .
+  specs:
+    cf-oauth2-service (1.0.0)
+      cf-uaa-client
+      vcap_common
+      vcap_logging
+      vcap_services_base
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    addressable (2.2.8)
+    bcrypt-ruby (2.1.4)
+    beefcake (0.3.7)
+    curb (0.7.18)
+    daemons (1.1.9)
+    data_objects (0.10.10)
+      addressable (~> 2.1)
+    datamapper (1.1.0)
+      dm-aggregates (= 1.1.0)
+      dm-constraints (= 1.1.0)
+      dm-core (= 1.1.0)
+      dm-migrations (= 1.1.0)
+      dm-serializer (= 1.1.0)
+      dm-timestamps (= 1.1.0)
+      dm-transactions (= 1.1.0)
+      dm-types (= 1.1.0)
+      dm-validations (= 1.1.0)
+    diff-lcs (1.1.3)
+    dm-aggregates (1.1.0)
+      dm-core (~> 1.1.0)
+    dm-constraints (1.1.0)
+      dm-core (~> 1.1.0)
+    dm-core (1.1.0)
+      addressable (~> 2.2.4)
+    dm-migrations (1.1.0)
+      dm-core (~> 1.1.0)
+    dm-serializer (1.1.0)
+      dm-core (~> 1.1.0)
+      fastercsv (~> 1.5.4)
+      json (~> 1.4.6)
+    dm-timestamps (1.1.0)
+      dm-core (~> 1.1.0)
+    dm-transactions (1.1.0)
+      dm-core (~> 1.1.0)
+    dm-types (1.1.0)
+      bcrypt-ruby (~> 2.1.4)
+      dm-core (~> 1.1.0)
+      fastercsv (~> 1.5.4)
+      json (~> 1.4.6)
+      stringex (~> 1.2.0)
+      uuidtools (~> 2.1.2)
+    dm-validations (1.1.0)
+      dm-core (~> 1.1.0)
+    do_sqlite3 (0.10.10)
+      data_objects (= 0.10.10)
+    em-http-request (1.0.0.beta.3)
+      addressable (>= 2.2.3)
+      em-socksify
+      eventmachine
+      http_parser.rb (>= 0.5.1)
+    em-socksify (0.1.0)
+      eventmachine
+    eventmachine_httpserver (0.2.1)
+    fastercsv (1.5.5)
+    highline (1.6.15)
+    http_parser.rb (0.5.3)
+    httpclient (2.3.0.1)
+    json (1.4.6)
+    json_pure (1.7.5)
+    launchy (2.1.0)
+      addressable (~> 2.2.6)
+    macaddr (1.6.1)
+      systemu (~> 2.5.0)
+    membrane (0.0.2)
+    mime-types (1.19)
+    multi_json (1.3.6)
+    multipart-post (1.1.5)
+    nats (0.4.24)
+      daemons (>= 1.1.5)
+      eventmachine (>= 0.12.10)
+      json_pure (>= 1.7.3)
+      thin (>= 1.3.1)
+    posix-spawn (0.3.6)
+    rack (1.4.1)
+    rake (0.9.2.2)
+    redis (3.0.2)
+    redis-namespace (1.2.1)
+      redis (~> 3.0.0)
+    redisk (0.2.2)
+      redis (>= 0.1.1)
+      redis-namespace (>= 0.1.0)
+    resque (1.23.0)
+      multi_json (~> 1.0)
+      redis-namespace (~> 1.0)
+      sinatra (>= 0.9.2)
+      vegas (~> 0.1.2)
+    resque-status (0.3.3)
+      redisk (>= 0.2.1)
+      resque (~> 1.19)
+      uuid (~> 2.3)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.10.0)
+      rspec-core (~> 2.10.0)
+      rspec-expectations (~> 2.10.0)
+      rspec-mocks (~> 2.10.0)
+    rspec-core (2.10.1)
+    rspec-expectations (2.10.0)
+      diff-lcs (~> 1.1.3)
+    rspec-mocks (2.10.1)
+    ruby-hmac (0.4.0)
+    rubyzip (0.9.9)
+    sinatra (1.2.8)
+      rack (~> 1.1)
+      tilt (>= 1.2.2, < 2.0)
+    stringex (1.2.2)
+    systemu (2.5.2)
+    thin (1.3.1)
+      daemons (>= 1.0.9)
+      eventmachine (>= 0.12.6)
+      rack (>= 1.0.0)
+    tilt (1.3.3)
+    uuid (2.3.5)
+      macaddr (~> 1.0)
+    uuidtools (2.1.3)
+    vegas (0.1.11)
+      rack (>= 1.0.0)
+    yajl-ruby (0.8.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  cf-oauth2-service!
+  cf-uaa-client!
+  eventmachine!
+  rspec
+  vcap_common!
+  vcap_logging!
+  vcap_services_base!
+  warden-client!
+  warden-protocol!
diff --git a/README.md b/README.md
@@ -0,0 +1,99 @@
+The project is a cloudfoundry service gateway exposing the kernel
+[UAA][].  When you provision it (`vmc create-service`) an OAuth2
+client registration is created in the UAA.  Then when you bind an
+application to it (`vmc bind-service`), the app gets some credentials
+in `VCAP_SERVICES` environment variable, e.g.
+
+    VCAP_SERVICES={"oauth2-1.0":[{"name":"oauth2", "label":"oauth2-1.0", 
+      "plan":"free", "tags":["uaa", "oauth2-1.0", "oauth2"], "credentials":
+      {"auth_server_url":"http://login.cloudfoundry.com", "token_server_url":"http://uaa.cloudfoundry.com", 
+      "client_id":"b1366591-5456-4221-8563-9f8370ead694", 
+      "client_secret":"af6c147d-5695-495a-bfdc-e7132c8b1dd2"}}]}
+
+The application can use the "credentials" field to drive an
+authorization code flow and obtain an OAuth2 access token.  The
+default scope for a token is
+`["openid", "cloud_controller.read", "cloud_controller.write"]` which
+gives the application the ability to authenticate a user and obtain
+basic profile information, and also to manage the users applications
+and services in the cloud controller.
+
+[UAA]: http://github.com/cloudfoundry/uaa
+
+## Typical Log Output
+
+### Provision
+
+    [2012-11-04 19:02:03.134148] gateway - pid=8970 tid=6f89 fid=17af  DEBUG -- Provision request for label=test-1.0, plan=free, version=1.0
+    [2012-11-04 19:02:03.134406] gateway - pid=8970 tid=6f89 fid=17af  DEBUG -- [Test-Provisioner] Attempting to provision instance (request={:label=>"test-1.0", :name=>"test", :email=>"vcap_tester@vmware.com", :plan=>"free", :version=>"1.0"})
+    [2012-11-04 19:02:03.134858] gateway - pid=8970 tid=6f89 fid=17af  DEBUG -- Provisioned {:configuration=>{:plan=>"free", :version=>"1.0"}, :service_id=>"b5df21d7-ccfd-4a8e-adbe-55a2c3172de9", :credentials=>{"internal"=>{"name"=>"b5df21d7-ccfd-4a8e-adbe-55a2c3172de9"}}}
+    [2012-11-04 19:02:03.135036] gateway - pid=8970 tid=6f89 fid=17af  DEBUG -- Reply status:200, headers:{"Content-Type"=>"application/json"}, body:{"configuration":{"plan":"free","version":"1.0"},"service_id":"b5df21d7-ccfd-4a8e-adbe-55a2c3172de9","credentials":{"internal":{"name":"b5df21d7-ccfd-4a8e-adbe-55a2c3172de9"}}}
+
+### Bind
+
+    [2012-11-05 10:07:34.775173] gateway - pid=12579 tid=dc89 fid=23a0  DEBUG -- [Test-Provisioner] Attempting to bind to service b5df21d7-ccfd-4a8e-adbe-55a2c3172de9
+    [2012-11-05 10:07:34.775694] gateway - pid=12579 tid=dc89 fid=23a0  DEBUG -- [Test-Provisioner] Binded: {:service_id=>"d5e8754d-b1dc-4562-9fce-eb7747460b89", :configuration=>{"plan"=>"free", "version"=>"1.0", "data"=>{"binding_options"=>{}}}, :credentials=>{"internal"=>{"name"=>"b5df21d7-ccfd-4a8e-adbe-55a2c3172de9"}}}
+    [2012-11-05 10:07:34.775903] gateway - pid=12579 tid=dc89 fid=23a0  DEBUG -- Reply status:200, headers:{"Content-Type"=>"application/json"}, body:{"service_id":"d5e8754d-b1dc-4562-9fce-eb7747460b89","configuration":{"plan":"free","version":"1.0","data":{"binding_options":{}}},"credentials":{"internal":{"name":"b5df21d7-ccfd-4a8e-adbe-55a2c3172de9"}}}
+
+### Unbind
+
+    [2012-11-05 10:06:52.458826] gateway - pid=12579 tid=dc89 fid=23a0   INFO -- Unbind request for service_id=b5df21d7-ccfd-4a8e-adbe-55a2c3172de9 handle_id=a55a4fe5-5c3e-4403-960e-c78025e35324
+    [2012-11-05 10:06:52.459112] gateway - pid=12579 tid=dc89 fid=23a0  DEBUG -- [Test-Provisioner] Attempting to unbind to service b5df21d7-ccfd-4a8e-adbe-55a2c3172de9
+    [2012-11-05 10:06:52.459234] gateway - pid=12579 tid=dc89 fid=23a0  DEBUG -- Reply status:200, headers:{"Content-Type"=>"application/json"}, body:{}
+
+
+## Steps to Register with the Cloud Controller
+
+### Provide a config file
+
+To register with the cloud controller you need to provide a config
+file (the default has some values in it, but won't have the right
+values for your environment). Then you can try and launch with, for
+instance
+
+    $ bin/gateway -c config/dev.yml
+
+Note that the services base code will require `/var/vcap/sys/run/LOCK`
+to be writable.  This is fixed in the `dsyer` fork so that the lock
+file location can be overridden with an environment variable:
+
+    $ LOCK_FILE=/tmp/LOCK bin/gateway -c config/dev.yml
+
+### NATS Registration
+
+NATS registration happens before contacting the Cloud Controller so if
+you have problems connecting you are hosed, but you can disable it by
+*not* providing an `mbus` entry in the local config.
+
+### Make the Cloud Controller aware of our offering
+
+The cloud controller has to be expecting us as well, so you need this
+in `cloud_controller.yml` the first time you run the gateway (but not
+subsequently):
+
+    builtin_services:
+     test: 0xdeadbeef
+      
+In a BOSH deployment you can do this by adding a snippet to the
+manifest and then doing a `bosh deploy`:
+
+    external_service_tokens:
+      test: 0xdeadbeef
+
+(Except there's a bug in the `cloud_controller` job where the template
+doesn't expand the external service tokens into a hash before
+iterating on them.)
+
+### Make sure the gateway is not registered as "core"
+
+The cloud controller will register the service, but you need it to be
+registered wit the "core" provider, so *don't* specify that property
+in the gateway config file.
+
+### Port Numbers
+
+The Cloud Controller database doesn't seem to get updated with the new
+port if you change the gateweay, and the default is to pick an
+ephemeral port.  So it's best to fix the port in the gateway YML
+config.
+
diff --git a/Rakefile b/Rakefile
@@ -0,0 +1,7 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new("test") do |test|
+  test.rspec_opts = ["--format", "documentation", "--colour"]
+  test.pattern = "**/*_spec.rb"
+end
diff --git a/app.rb b/app.rb
@@ -0,0 +1,5 @@
+# require 'sinatra'
+$LOAD_PATH.unshift File.join(File.dirname(__FILE__), 'lib')
+require 'service/gateway'
+
+CF::UAA::OAuth2Service::Gateway.new.start
diff --git a/bin/oauth2-gateway b/bin/oauth2-gateway
@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby 
+# -*- mode: ruby -*- 
+# Copyright (c) 2009-2011 VMware, Inc.
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", __FILE__)
+require 'bundler/setup'
+require 'vcap_services_base'
+
+$LOAD_PATH.unshift File.join(File.dirname(__FILE__), '..', 'lib')
+require 'service/gateway'
+CF::UAA::OAuth2Service::Gateway.new.start
diff --git a/config/oauth2_gateway.yml b/config/oauth2_gateway.yml
@@ -0,0 +1,22 @@
+---
+cloud_controller_uri: api.vcap.me
+service:
+  name: oauth2
+  version: "1.0"
+  description: 'OAuth2 service'
+  plans: ['free']
+  default_plan: 'free'
+  tags: ['oauth2','uaa']
+  timeout: 60
+  supported_versions: ["1.0"]
+  version_aliases:
+    current: "1.0"
+  uaa: http://uaa.vcap.me
+  login: http://uaa.vcap.me
+index: 0
+mbus: nats://nats:nats@vcap:4222
+logging:
+  file: /tmp/gateway.log
+  level: debug
+pid: /tmp/service.pid
+token: 0xdeadbeef
-Original file line number
+Diff line change
@@ -0,0 +1,7 @@
+    *.gem
+    .bundle
+    pkg/*
+    vendor/
+    *~
+    #*
+    dev.yml