From 3bd6e7877736bee9202d6f1ff7f113a75ae68343 Mon Sep 17 00:00:00 2001 From: Patryk Kozak Date: Fri, 1 Jul 2022 17:51:08 +0200 Subject: [PATCH] OCF-221: Isolation Segments dynamic creation (#194) Add isolation segments feature [Improvement] * Added dynamically created Isolation Segments feature --- MANUAL.md | 13 +- hooks/blueprint | 27 +- .../dynamic-templates/isolation-segment.yml | 124 + spec/credhub/isolation-segments.yml | 371 +++ spec/deployments/isolation-segments.yml | 26 + spec/go.mod | 14 +- spec/go.sum | 77 + spec/results/isolation-segments.yml | 2433 +++++++++++++++++ spec/spec_test.go | 6 + spec/vault/isolation-segments.yml | 1 + 10 files changed, 3081 insertions(+), 11 deletions(-) create mode 100644 operations/dynamic-templates/isolation-segment.yml create mode 100644 spec/credhub/isolation-segments.yml create mode 100644 spec/deployments/isolation-segments.yml create mode 100644 spec/results/isolation-segments.yml create mode 100644 spec/vault/isolation-segments.yml diff --git a/MANUAL.md b/MANUAL.md index 606045a3..4b6a3ac8 100644 --- a/MANUAL.md +++ b/MANUAL.md @@ -65,7 +65,7 @@ General: - `ssh-proxy-on-routers` - moves the ssh-proxy from scheduler instance group to the router instance group, placing it on the edge network, and enabling scaling via scaling the routers. - `no-tcp-routers` - removes the tcp-router instance group and associated resource allocations for systems that don't need tcp routes. - `windows-diego-cells` - Adds Windows Diego cell functionality. - + - `isolation-segments` - enables usage of [isolation segments](https://docs.cloudfoundry.org/adminguide/routing-is.html#overview) using minimal configuration. Database related - choose one: - `postgres-db` - Use an external postgres instance to host persistent data. @@ -303,6 +303,17 @@ These params need to be set when activating features: | --- | --- | ---- | | `windows_diego_cell_vm_type` | Windows Diego cell VM Type | `small-highmem` | | `windows_diego_cell_instances`| Windows Diego Cell Instance Count | `1` | + + - **isolation-segments**: + | param | description | default | + | --- | --- | --- | + | `name` | (required) Name of the isolation segment and placement tag for cloud foundry | | + | `azs`| (required) Avaliability zones network configuration | | + | `instances`| Amount of VM instances to be created | `1` | + | `vm_type`| VM Type to be applied | `minimal` | + | `vm_extensions`| Extensions to be added to the created VM's | `[]` | + | `network_name`| Name of the network that VM's will be created with | `default` | + | `stemcell`| Name of the stemcell to be used | `default` | # Retired Parameters (from v1.x) diff --git a/hooks/blueprint b/hooks/blueprint index f34c0ebf..ac1d00c2 100755 --- a/hooks/blueprint +++ b/hooks/blueprint @@ -42,6 +42,27 @@ switch_cf_version() { echo >&2 } +generate_dynamic_isolation_segments() { + isolation_groups="$( + echo "$1" | \ + jq -r '.isolation_segments[] | .name' + )" + + generated_segments=() + + for group in $isolation_groups; do + seg=$(echo $1 | jq -r ".isolation_segments[] | select(.name==\"$group\")") + segment_tmp_file="operations/dynamic/isolation_segments_$group.yml" + touch $segment_tmp_file + cat operations/dynamic-templates/isolation-segment.yml > "$segment_tmp_file" + sed -i "" "s/params.isolation_segments.iso_group/params.isolation_segments.$group/g" $segment_tmp_file + generated_segments+=("$segment_tmp_file") + done + + echo ${generated_segments[*]} +} + + ### ============================================================================ ### Main ### ============================================================================ @@ -221,7 +242,7 @@ for want in $GENESIS_REQUESTED_FEATURES; do features+=( "small-footprint" ); ;; local-postgres-db|local-mysql-db|mysql-db|postgres-db) db_specified=1; features+=( "$want" ) ;; - bare|partitioned-network|haproxy|tls|no-nats-tls|self-signed) features+=( "$want" ) ;; + bare|partitioned-network|haproxy|tls|no-nats-tls|self-signed|isolation-segments) features+=( "$want" ) ;; minio-blobstore|aws-blobstore|aws-blobstore-iam|azure-blobstore|gcp-blobstore|gcp-use-access-key) features+=( "$want" ) ;; nfs-volume-services|enable-service-discovery|ssh-proxy-on-routers|no-tcp-routers|smb-volume-services) features+=( "$want" ) ;; app-scheduler-integration|app-autoscaler-integration|prometheus-integration|v2-nats-credentials) features+=( "$want" ) ;; @@ -432,7 +453,7 @@ for want in $GENESIS_REQUESTED_FEATURES; do "overlay/override-releases/static-windows.yml" \ ) if want_feature "compiled-releases"; then - manifests+=( \ + manifest+=( \ "cf-deployment/operations/experimental/use-compiled-releases-windows.yml" \ "overlay/override-releases/compiled-windows.yml" \ ) @@ -443,6 +464,8 @@ for want in $GENESIS_REQUESTED_FEATURES; do ) fi ;; + isolation-segments) + manifest+=( $(generate_dynamic_isolation_segments "$params") ) ;; +migrated-v1-env) manifest+=( "overlay/addons/migration.yml" ) ;; diff --git a/operations/dynamic-templates/isolation-segment.yml b/operations/dynamic-templates/isolation-segment.yml new file mode 100644 index 00000000..54d8b2b2 --- /dev/null +++ b/operations/dynamic-templates/isolation-segment.yml @@ -0,0 +1,124 @@ +instance_groups: +- ((append)) +- name: (( grab params.isolation_segments.iso_group.name )) + azs: (( grab params.isolation_segments.iso_group.azs || "[]" )) + instances: (( grab params.isolation_segments.iso_group.instances || 1 )) + vm_type: (( grab params.isolation_segments.iso_group.vm_type || "minimal" )) + vm_extensions: (( grab params.isolation_segments.iso_group.vm_extensions || "[]" )) + stemcell: (( grab params.isolation_segments.iso_group.stemcell || "default" )) + networks: + - name: (( grab params.isolation_segments.iso_group.network_name || "default" )) + jobs: + - name: cflinuxfs3-rootfs-setup + release: cflinuxfs3 + properties: + cflinuxfs3-rootfs: + trusted_certs: + - ((diego_instance_identity_ca.ca)) + - ((credhub_tls.ca)) + - ((uaa_ssl.ca)) + - name: garden + release: garden-runc + provides: + iptables: nil + properties: + garden: + containerd_mode: true + cleanup_process_dirs_on_wait: true + default_container_grace_time: 0 + destroy_containers_on_start: true + graph_cleanup_threshold_in_mb: 0 + deny_networks: + - 0.0.0.0/0 + logging: + format: + timestamp: "rfc3339" + - name: rep + release: diego + properties: + bpm: + enabled: true + diego: + executor: + instance_identity_ca_cert: ((diego_instance_identity_ca.certificate)) + instance_identity_key: ((diego_instance_identity_ca.private_key)) + rep: + preloaded_rootfses: + - cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar + placement_tags: + - (( grab params.isolation_segments.iso_group.name )) + containers: + proxy: + enabled: true + require_and_verify_client_certificates: true + trusted_ca_certificates: + - ((gorouter_backend_tls.ca)) + - ((ssh_proxy_backends_tls.ca)) + verify_subject_alt_name: + - gorouter.service.cf.internal + - ssh-proxy.service.cf.internal + trusted_ca_certificates: + - ((diego_instance_identity_ca.ca)) + - ((credhub_tls.ca)) + - ((uaa_ssl.ca)) + enable_consul_service_registration: false + enable_declarative_healthcheck: true + loggregator: + use_v2_api: true + ca_cert: "((loggregator_tls_agent.ca))" + cert: "((loggregator_tls_agent.certificate))" + key: "((loggregator_tls_agent.private_key))" + tls: + ca_cert: "((diego_rep_agent_v2.ca))" + cert: "((diego_rep_agent_v2.certificate))" + key: "((diego_rep_agent_v2.private_key))" + logging: + format: + timestamp: "rfc3339" + - name: route_emitter + release: diego + properties: + bpm: + enabled: true + loggregator: + use_v2_api: true + ca_cert: "((loggregator_tls_agent.ca))" + cert: "((loggregator_tls_agent.certificate))" + key: "((loggregator_tls_agent.private_key))" + diego: + route_emitter: + local_mode: true + bbs: + ca_cert: "((diego_bbs_client.ca))" + client_cert: "((diego_bbs_client.certificate))" + client_key: "((diego_bbs_client.private_key))" + nats: + tls: + enabled: true + client_cert: "((nats_client_cert.certificate))" + client_key: "((nats_client_cert.private_key))" + internal_routes: + enabled: true + logging: + format: + timestamp: "rfc3339" + tcp: + enabled: true + uaa: + ca_cert: "((uaa_ssl.ca))" + client_secret: "((uaa_clients_tcp_emitter_secret))" +addons: +- jobs: + - name: bosh-dns-aliases + properties: + aliases: + - domain: _.cell.service.cf.internal + targets: + - (( append )) + - deployment: ((deployment_name)) + domain: bosh + instance_group: (( grab params.isolation_segments.iso_group.name )) + network: (( grab params.isolation_segments.iso_group.network_name || "default" )) + query: _ + release: bosh-dns-aliases + name: bosh-dns-aliases diff --git a/spec/credhub/isolation-segments.yml b/spec/credhub/isolation-segments.yml new file mode 100644 index 00000000..8128f8cc --- /dev/null +++ b/spec/credhub/isolation-segments.yml @@ -0,0 +1,371 @@ +application_ca: + ca: + certificate: + private_key: +binding_cache_api_tls: + ca: + certificate: + private_key: +binding_cache_tls: + ca: + certificate: + private_key: +blobstore_admin_users_password: +blobstore_secure_link_secret: +blobstore_tls: + ca: + certificate: + private_key: +cc_bridge_cc_uploader: + ca: + certificate: + private_key: +cc_bridge_cc_uploader_server: + ca: + certificate: + private_key: +cc_bridge_tps: + ca: + certificate: + private_key: +cc_bulk_api_password: +cc_database_password: +cc_db_encryption_key: +cc_internal_api_password: +cc_logcache_tls: + ca: + certificate: + private_key: +cc_public_tls: + ca: + certificate: + private_key: +cc_staging_upload_password: +cc_tls: + ca: + certificate: + private_key: +cf_admin_password: +cf_app_sd_ca: + ca: + certificate: + private_key: +cf_app_sd_client_tls: + ca: + certificate: + private_key: +cf_app_sd_server_tls: + ca: + certificate: + private_key: +cf_mysql_mysql_admin_password: +cf_mysql_mysql_cluster_health_password: +cf_mysql_mysql_galera_healthcheck_endpoint_password: +cf_mysql_mysql_galera_healthcheck_password: +cf_mysql_proxy_api_password: +credhub_admin_client_secret: +credhub_ca: + ca: + certificate: + private_key: +credhub_database_password: +credhub_encryption_password: +credhub_tls: + ca: + certificate: + private_key: +diego_auctioneer_client: + ca: + certificate: + private_key: +diego_auctioneer_server: + ca: + certificate: + private_key: +diego_bbs_client: + ca: + certificate: + private_key: +diego_bbs_encryption_keys_passphrase: +diego_bbs_server: + ca: + certificate: + private_key: +diego_database_password: +diego_instance_identity_ca: + ca: + certificate: + private_key: +diego_locket_client: + ca: + certificate: + private_key: +diego_locket_server: + ca: + certificate: + private_key: +diego_rep_agent_v2: + ca: + certificate: + private_key: +diego_rep_client: + ca: + certificate: + private_key: +diego_ssh_proxy_host_key: + private_key: + public_key: + public_key_fingerprint: +forwarder_agent_metrics_tls: + ca: + certificate: + private_key: +gorouter_backend_tls: + ca: + certificate: + private_key: +locket_database_password: +log_cache: + ca: + certificate: + private_key: +log_cache_ca: + ca: + certificate: + private_key: +log_cache_cf_auth_proxy_metrics_tls: + ca: + certificate: + private_key: +log_cache_gateway_metrics_tls: + ca: + certificate: + private_key: +log_cache_metrics_tls: + ca: + certificate: + private_key: +log_cache_nozzle_metrics_tls: + ca: + certificate: + private_key: +log_cache_proxy_tls: + ca: + certificate: + private_key: +log_cache_to_loggregator_agent: + ca: + certificate: + private_key: +logcache_ssl: + ca: + certificate: + private_key: +loggr_syslog_binding_cache_metrics_tls: + ca: + certificate: + private_key: +loggr_udp_forwarder_tls: + ca: + certificate: + private_key: +loggregator_agent_metrics_tls: + ca: + certificate: + private_key: +loggregator_ca: + ca: + certificate: + private_key: +loggregator_rlp_gateway: + ca: + certificate: + private_key: +loggregator_rlp_gateway_tls: + ca: + certificate: + private_key: +loggregator_rlp_gateway_tls_cc: + ca: + certificate: + private_key: +loggregator_tls_agent: + ca: + certificate: + private_key: +loggregator_tls_cc_tc: + ca: + certificate: + private_key: +loggregator_tls_doppler: + ca: + certificate: + private_key: +loggregator_tls_rlp: + ca: + certificate: + private_key: +loggregator_tls_statsdinjector: + ca: + certificate: + private_key: +loggregator_tls_tc: + ca: + certificate: + private_key: +loggregator_trafficcontroller_tls: + ca: + certificate: + private_key: +logs_provider: + ca: + certificate: + private_key: +metric_scraper_ca: + ca: + certificate: + private_key: +metrics_agent_tls: + ca: + certificate: + private_key: +metrics_discovery_metrics_tls: + ca: + certificate: + private_key: +nats_ca: + ca: + certificate: + private_key: +nats_client_cert: + ca: + certificate: + private_key: +nats_internal_ca: + ca: + certificate: + private_key: +nats_internal_cert: + ca: + certificate: + private_key: +nats_password: +nats_server_cert: + ca: + certificate: + private_key: +network_connectivity_database_password: +network_policy_ca: + ca: + certificate: + private_key: +network_policy_client: + ca: + certificate: + private_key: +network_policy_database_password: +network_policy_server: + ca: + certificate: + private_key: +network_policy_server_external: + ca: + certificate: + private_key: +prom_scraper_metrics_tls: + ca: + certificate: + private_key: +prom_scraper_scrape_tls: + ca: + certificate: + private_key: +rlp_gateway_metrics_tls: + ca: + certificate: + private_key: +router_ca: + ca: + certificate: + private_key: +router_route_services_secret: +router_ssl: + ca: + certificate: + private_key: +router_status_password: +routing_api_ca: + ca: + certificate: + private_key: +routing_api_database_password: +routing_api_tls: + ca: + certificate: + private_key: +routing_api_tls_client: + ca: + certificate: + private_key: +scrape_config_generator_metrics_tls: + ca: + certificate: + private_key: +service_cf_internal_ca: + ca: + certificate: + private_key: +silk_ca: + ca: + certificate: + private_key: +silk_controller: + ca: + certificate: + private_key: +silk_daemon: + ca: + certificate: + private_key: +ssh_proxy_backends_tls: + ca: + certificate: + private_key: +syslog_agent_api_tls: + ca: + certificate: + private_key: +syslog_agent_metrics_tls: + ca: + certificate: + private_key: +uaa_admin_client_secret: +uaa_ca: + ca: + certificate: + private_key: +uaa_clients_cc-routing_secret: +uaa_clients_cc-service-dashboards_secret: +uaa_clients_cc_service_key_client_secret: +uaa_clients_cf_smoke_tests_secret: +uaa_clients_cloud_controller_username_lookup_secret: +uaa_clients_doppler_secret: +uaa_clients_gorouter_secret: +uaa_clients_network_policy_secret: +uaa_clients_routing_api_client_secret: +uaa_clients_ssh-proxy_secret: +uaa_clients_tcp_emitter_secret: +uaa_clients_tcp_router_secret: +uaa_database_password: +uaa_default_encryption_passphrase: +uaa_jwt_signing_key: + private_key: + public_key: +uaa_login_saml: + ca: + certificate: + private_key: +uaa_ssl: + ca: + certificate: + private_key: diff --git a/spec/deployments/isolation-segments.yml b/spec/deployments/isolation-segments.yml new file mode 100644 index 00000000..48e936d5 --- /dev/null +++ b/spec/deployments/isolation-segments.yml @@ -0,0 +1,26 @@ +--- +kit: + name: dev + version: 2.1.2 + features: + - isolation-segments + +genesis: + env: isolation-segments + +params: + base_domain: cf.testing.example + isolation_segments: + - name: custom-params-group + azs: + - custom-az + instances: 5 + vm_type: small-highmem + network_name: ((cf_runtime_network)) + stemcell: test + vm_extensions: + - 100GB_ephemeral_disk + - cf-router-network-properties + - name: default-params-group + azs: + - z1 \ No newline at end of file diff --git a/spec/go.mod b/spec/go.mod index 38cb97c4..b0b9ee2e 100644 --- a/spec/go.mod +++ b/spec/go.mod @@ -4,7 +4,7 @@ go 1.16 require ( github.com/alecthomas/participle v0.4.4 // indirect - github.com/fsnotify/fsnotify v1.4.9 // indirect + github.com/fsnotify/fsnotify v1.5.4 // indirect github.com/genesis-community/testkit v0.0.0-20210202143224-371569997dc4 github.com/gonvenience/neat v1.3.0 // indirect github.com/itchyny/astgen-go v0.0.0-20200519013840-cf3ea398f645 // indirect @@ -14,12 +14,10 @@ require ( github.com/onsi/gomega v1.10.1 github.com/stretchr/testify v1.5.1 // indirect github.com/texttheater/golang-levenshtein v0.0.0-20191208221605-eb6844b05fc6 // indirect - golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 // indirect - golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 // indirect - golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a // indirect - golang.org/x/sys v0.0.0-20200523222454-059865788121 // indirect - golang.org/x/text v0.3.2 // indirect - golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 // indirect - gopkg.in/yaml.v2 v2.3.0 // indirect + github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 // indirect + golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect + golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c // indirect + golang.org/x/tools v0.1.11 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20200506231410-2ff61e1afc86 // indirect ) diff --git a/spec/go.sum b/spec/go.sum index 2f28b521..c2e5d853 100644 --- a/spec/go.sum +++ b/spec/go.sum @@ -15,6 +15,9 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5 github.com/bmatcuk/doublestar v1.3.0/go.mod h1:wiQtGV+rzVYxB7WIlirSN++5HPtPlXEo9MEoZQC/PmE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/charlievieth/fs v0.0.0-20170613215519-7dc373669fa1/go.mod h1:sAoA1zHCH4FJPE2gne5iBiiVG66U7Nyp6JqlOo+FEyg= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudfoundry/bosh-cli v6.2.1+incompatible/go.mod h1:rzIB+e1sn7wQL/TJ54bl/FemPKRhXby5BIMS3tLuWFM= github.com/cloudfoundry/bosh-utils v0.0.0-20200429181937-96357f638e8c/go.mod h1:JCrKwetZGjxbfq1U139TZuXDBfdGLtjOEAfxMWKV/QM= @@ -37,6 +40,8 @@ github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= +github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwVZI= +github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU= github.com/genesis-community/testkit v0.0.0-20200506104411-5c52e3454c34 h1:jSAXuj6TaluONbMX9j5cKlXqvqL4u84jWtW9JXOLMM0= github.com/genesis-community/testkit v0.0.0-20200506104411-5c52e3454c34/go.mod h1:MPP8ecdescWpJiHufMCHHAM+6kqL1jTN2VgPNQPO8/w= github.com/genesis-community/testkit v0.0.0-20200506183918-f72a6c94ae06 h1:S5B7b/3riqXh/LfDI284IyFulzDx0pvyllL3aWk5KeM= @@ -53,6 +58,8 @@ github.com/genesis-community/testkit v0.0.0-20201119095716-4166cbe08703 h1:NJQbK github.com/genesis-community/testkit v0.0.0-20201119095716-4166cbe08703/go.mod h1:ZidExZ8ejGOmpm1xhzKUeNw/NPtcHdtB+SeFnbb68QI= github.com/genesis-community/testkit v0.0.0-20210202143224-371569997dc4 h1:3HsR/sRmzRwr1Z/7vMGAGbLU6a4wRayZJlv3Zg1BFcc= github.com/genesis-community/testkit v0.0.0-20210202143224-371569997dc4/go.mod h1:ZidExZ8ejGOmpm1xhzKUeNw/NPtcHdtB+SeFnbb68QI= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= +github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= @@ -65,6 +72,9 @@ github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrU github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/gonvenience/bunt v1.1.1 h1:isYxOpDqbRMOSRhZtoux1tYvhhQ/AIbVDFrs24l6t0M= github.com/gonvenience/bunt v1.1.1/go.mod h1:lsyhkmNpSAzhVx059BD0fQy5F29rWcS6AHb7UWNlT/s= github.com/gonvenience/neat v1.2.1/go.mod h1:Yb+9Jlr04pbtcRU8EGosVheOEBs//Lw/OXvgDyQfLTQ= @@ -84,8 +94,11 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/goexpect v0.0.0-20191001010744-5b6988669ffa/go.mod h1:qtE5aAEkt0vOSA84DBh8aJsz6riL8ONfqfULY7lBjqc= github.com/google/goterm v0.0.0-20190703233501-fc88cf888a3f/go.mod h1:nOFQdrUlIlx6M6ODdSpBj1NVA+VgLC6kmw60mkw34H4= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38 h1:yAJXTCF9TqKcTiHJAE8dj7HMvPfh66eeA2JYW7eFpSE= +github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hokaccha/go-prettyjson v0.0.0-20190818114111-108c894c2c0e/go.mod h1:pFlLw2CfqZiIBOx6BuCeRLCrfxBJipTY0nIOF/VbGcI= @@ -93,6 +106,7 @@ github.com/homeport/dyff v1.0.2 h1:BlqDugM0NmgmYbjGrZKIp3f2Okyff/o/zp+sJ9p4sjE= github.com/homeport/dyff v1.0.2/go.mod h1:Qewf84pDql49nJwrK/aHzj+nDBNiKwLHZEDeyoFeixg= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/itchyny/astgen-go v0.0.0-20200116103543-aaa595cf980e h1:PupVBrJNomt2fTXto19vW8Jh1ftn1oKxgtjSzSuLBZI= github.com/itchyny/astgen-go v0.0.0-20200116103543-aaa595cf980e/go.mod h1:9Gyr9nZoENI+woes+xm+BFhmvYmAp6bPtXD866pQH9g= @@ -135,6 +149,8 @@ github.com/mitchellh/hashstructure v1.0.0/go.mod h1:QjSHrPWS+BGUVBYkbTZWEnOh3G1D github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78= github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.8.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= @@ -145,6 +161,12 @@ github.com/onsi/ginkgo v1.12.1 h1:mFwc4LvZ0xpSvDZ3E+k8Yte0hLOMxXUlP+yXtJqkYfQ= github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= github.com/onsi/ginkgo v1.12.2 h1:Ke9m3h2Hu0wsZ45yewCqhYr3Z+emcNTuLY2nMWCkrSI= github.com/onsi/ginkgo v1.12.2/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= +github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= +github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c= +github.com/onsi/ginkgo/v2 v2.1.4 h1:GNapqRSid3zijZ9H77KrgVG4/8KqiyRsxcSxe+7ApXY= +github.com/onsi/ginkgo/v2 v2.1.4/go.mod h1:um6tUpWM/cxCK3/FK8BXqEiUMUwRgSM4JXG47RKZmLU= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1 h1:K0jcRCwNQM3vFGh1ppMtDh/+7ApJrjldlX8fA0jDTLQ= @@ -156,6 +178,9 @@ github.com/onsi/gomega v1.10.0 h1:Gwkk+PTu/nfOwNMtUB/mRUv0X7ewW5dO4AERT1ThVKo= github.com/onsi/gomega v1.10.0/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= github.com/onsi/gomega v1.10.1 h1:o0+MgICZLuZ7xjH7Vx6zS/zcu93/BEp1VwkIW1mEXCE= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= +github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY= +github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= +github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro= github.com/pbnjay/strptime v0.0.0-20140226051138-5c05b0d668c9 h1:4lfz0keanz7/gAlvJ7lAe9zmE08HXxifBZJC0AdeGKo= github.com/pbnjay/strptime v0.0.0-20140226051138-5c05b0d668c9/go.mod h1:6Hr+C/olSdkdL3z68MlyXWzwhvwmwN7KuUFXGb3PoOk= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= @@ -189,18 +214,27 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74 h1:JwtAtbp7r/7QSyGz8mKUbYJBg2+6Cd7OjM8o/GNOcVo= github.com/virtuald/go-ordered-json v0.0.0-20170621173500-b18e6e673d74/go.mod h1:RmMWU37GKR2s6pgrIEB4ixgpVCt/cf7dnJv3fuH1J1c= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79 h1:IaQbIIB2X/Mp/DKctl6ROxz1KyMlKp4uyvL6+kQ7C88= golang.org/x/crypto v0.0.0-20200429183012-4b2356b1ed79/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA= @@ -209,6 +243,7 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f h1:QBjCr1Fz5kw158VqdE9JfI9cJnl/ymnJWAdMuinqL7Y= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200519113804-d87ec0cfa476 h1:E7ct1C6/33eOdrGZKMoyntcEvs2dwZnDe30crG5vpYU= @@ -216,6 +251,13 @@ golang.org/x/net v0.0.0-20200519113804-d87ec0cfa476/go.mod h1:qpuaurCH72eLCgpAm/ golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2 h1:eDrdRpKgkcCqKZQwyZRyeFZgfqt37SL7Kv3tok06cKE= golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f h1:OfiFi4JbukWwe3lzw+xunroH1mnC1e2Gy5cxNJApiSY= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -223,6 +265,9 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a h1:WXEvlFVvvGxCJLG6REjsT03iWnKLEWinaScsxF2Vm2o= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -234,6 +279,7 @@ golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e h1:N7DeIrjYszNmSW409R3frPPwglRwMkXSBzwVbkOjLLA= golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -246,19 +292,45 @@ golang.org/x/sys v0.0.0-20200519105757-fe76b779f299 h1:DYfZAGf2WMFjMxbgTjaC+2HC7 golang.org/x/sys v0.0.0-20200519105757-fe76b779f299/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121 h1:rITEj+UZHYC927n8GT97eC3zrpzXdb/voyeOuVKS46o= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 h1:JGgROgKl9N8DuW20oFS5gxc+lE67/N3FcwmBPMe7ArY= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= +golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= +golang.org/x/tools v0.1.11 h1:loJ25fNOEhSXfHrpoGj91eCUThwdNX6u24rO1xnNteY= +golang.org/x/tools v0.1.11/go.mod h1:SgwaegtQh8clINPpECJMqnxLv9I09HLqnW3RMqW0CA4= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= @@ -273,6 +345,9 @@ google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQ google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -290,6 +365,8 @@ gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20191120175047-4206685974f2/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/spec/results/isolation-segments.yml b/spec/results/isolation-segments.yml new file mode 100644 index 00000000..7d3face7 --- /dev/null +++ b/spec/results/isolation-segments.yml @@ -0,0 +1,2433 @@ +addons: +- exclude: + jobs: + - name: smoke_tests + release: cf-smoke-tests + include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: loggregator_agent + properties: + disable_udp: true + grpc_port: 3459 + loggregator: + tls: + agent: + cert: + key: + ca_cert: + metrics: + ca_cert: + cert: + key: + server_name: loggregator_agent_metrics + release: loggregator-agent + name: loggregator_agent +- include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: loggr-forwarder-agent + properties: + metrics: + ca_cert: + cert: + key: + server_name: forwarder_agent_metrics + tls: + ca_cert: + cert: + key: + release: loggregator-agent + name: forwarder_agent +- exclude: + jobs: + - name: smoke_tests + release: cf-smoke-tests + include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: loggr-syslog-agent + properties: + cache: + tls: + ca_cert: + cert: + cn: binding-cache + key: + metrics: + ca_cert: + cert: + key: + server_name: syslog_agent_metrics + port: 3460 + tls: + ca_cert: + cert: + key: + release: loggregator-agent + name: loggr-syslog-agent +- exclude: + jobs: + - name: smoke_tests + release: cf-smoke-tests + include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: prom_scraper + properties: + metrics: + ca_cert: + cert: + key: + server_name: prom_scraper_metrics + scrape: + tls: + ca_cert: + cert: + key: + scrape_interval: 60s + release: loggregator-agent + name: prom_scraper +- exclude: + jobs: + - name: smoke_tests + release: cf-smoke-tests + include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: metrics-discovery-registrar + properties: + metrics: + ca_cert: + cert: + key: + server_name: metrics_discovery_metrics + nats_client: + cert: + key: + release: metrics-discovery + name: metrics-discovery-registrar +- exclude: + jobs: + - name: smoke_tests + release: cf-smoke-tests + include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: metrics-agent + properties: + grpc: + ca_cert: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: metrics_agent + scrape: + tls: + ca_cert: + cert: + key: + release: metrics-discovery + name: metrics-agent +- include: + stemcell: + - os: ubuntu-xenial + - os: ubuntu-bionic + jobs: + - name: bpm + release: bpm + name: bpm +- jobs: + - name: bosh-dns-aliases + properties: + aliases: + - domain: _.cell.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: diego-cell + network: cf-runtime + query: _ + - deployment: isolation-segments-cf + domain: bosh + instance_group: windows2012R2-cell + network: cf-runtime + query: _ + - deployment: isolation-segments-cf + domain: bosh + instance_group: windows2016-cell + network: cf-runtime + query: _ + - deployment: isolation-segments-cf + domain: bosh + instance_group: isolated-diego-cell + network: cf-runtime + query: _ + - deployment: isolation-segments-cf + domain: bosh + instance_group: custom-params-group + network: cf-runtime + query: _ + - deployment: isolation-segments-cf + domain: bosh + instance_group: default-params-group + network: default + query: _ + - domain: auctioneer.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: scheduler + network: cf-core + query: q-s4 + - domain: bbs.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: diego-api + network: cf-core + query: q-s4 + - domain: blobstore.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: singleton-blobstore + network: cf-core + query: '*' + - domain: cc-uploader.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: api + network: cf-core + query: '*' + - domain: cloud-controller-ng.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: api + network: cf-core + query: '*' + - domain: credhub.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: credhub + network: cf-core + query: '*' + - domain: doppler.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: doppler + network: cf-core + query: '*' + - domain: file-server.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: api + network: cf-core + query: '*' + - domain: gorouter.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: router + network: cf-edge + query: '*' + - domain: locket.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: diego-api + network: cf-core + query: '*' + - domain: loggregator-trafficcontroller.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: log-api + network: cf-core + query: '*' + - domain: policy-server.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: api + network: cf-core + query: '*' + - domain: reverse-log-proxy.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: log-api + network: cf-core + query: '*' + - domain: routing-api.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: api + network: cf-core + query: '*' + - domain: silk-controller.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: diego-api + network: cf-core + query: '*' + - domain: sql-db.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: database + network: cf-core + query: '*' + - domain: ssh-proxy.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: scheduler + network: cf-core + query: '*' + - domain: tps.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: scheduler + network: cf-core + query: '*' + - domain: uaa.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: uaa + network: cf-core + query: '*' + - domain: nats.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: nats + network: cf-core + query: '*' + - domain: _.nats.service.cf.internal + targets: + - deployment: isolation-segments-cf + domain: bosh + instance_group: nats + network: cf-core + query: _ + release: bosh-dns-aliases + name: bosh-dns-aliases +exodus: + admin_password: + admin_username: admin + api_domain: api.system.cf.testing.example + app_domains: + - run.cf.testing.example + apps_domain: run.cf.testing.example + base_domain: cf.testing.example + bosh: isolation-segments + cf-deployment-date: 2022-Feb-14 03:48:47 UTC + cf-deployment-hotfixes: true + cf-deployment-url: https://github.com/cloudfoundry/cf-deployment/releases/tag/v16.25.0 + cf-deployment-version: 16.25.0 + core_network: cf-core + db_network: cf-core + edge_network: cf-edge + features: isolation-segments + is_director: false + runtime_network: cf-runtime + system_domain: system.cf.testing.example + system_org: system + system_space: system + use_create_env: false + vaulted_uaa_clients: /secret/isolation/segments/cf/uaa/client_secrets:firehose +features: + randomize_az_placement: true +instance_groups: +- azs: + - z1 + - z2 + instances: 1 + jobs: + - name: smoke_tests + properties: + bpm: + enabled: true + smoke_tests: + api: https://api.system.cf.testing.example + apps_domain: run.cf.testing.example + cf_dial_timeout_in_seconds: 300 + client: cf_smoke_tests + client_secret: + org: cf_smoke_tests_org + skip_ssl_validation: true + space: cf_smoke_tests_space + release: cf-smoke-tests + - name: cf-cli-7-linux + release: cf-cli + lifecycle: errand + name: smoke-tests + networks: + - name: cf-runtime + stemcell: default + vm_type: minimal +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: nats + properties: + nats: + hostname: nats.service.cf.internal + internal: + tls: + ca: + certificate: + enabled: true + private_key: + password: + user: nats + provides: + nats: + as: nats + shared: true + release: nats + - custom_provider_definitions: + - name: nats-tls-address + type: address + name: nats-tls + properties: + nats: + external: + tls: + ca: + certificate: + private_key: + hostname: nats.service.cf.internal + internal: + tls: + ca: + certificate: + enabled: true + private_key: + password: + user: nats + provides: + nats-tls: + as: nats-tls + shared: true + release: nats + name: nats + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- azs: + - z1 + instances: 1 + jobs: + - name: postgres + properties: + databases: + databases: + - citext: true + name: cloud_controller + tag: cc + - citext: true + name: uaa + tag: uaa + - citext: true + name: diego + tag: diego + - citext: true + name: routing-api + tag: routing-api + - citext: false + name: network_policy + tag: networkpolicy + - citext: false + name: network_connectivity + tag: networkconnectivity + - citext: true + name: locket + tag: locket + - citext: true + name: credhub + tag: credhub + db_scheme: postgres + port: 5524 + roles: + - name: cloud_controller + password: + tag: admin + - name: uaa + password: + tag: admin + - name: diego + password: + tag: admin + - name: routing-api + password: + tag: admin + - name: network_policy + password: + tag: admin + - name: network_connectivity + password: + tag: admin + - name: locket + password: + tag: locket + - name: credhub + password: + tag: admin + release: postgres + migrated_from: + - name: postgres + - name: singleton-database + name: database + networks: + - name: cf-core + persistent_disk_type: 10GB + stemcell: default + update: + serial: true + vm_type: small +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: cfdot + properties: + tls: + ca_certificate: + certificate: + private_key: + release: diego + - name: bbs + properties: + bpm: + enabled: true + diego: + bbs: + active_key_label: key-2016-06 + auctioneer: + ca_cert: + client_cert: + client_key: + ca_cert: + detect_consul_cell_registrations: false + encryption_keys: + - label: key-2016-06 + passphrase: + rep: + ca_cert: + client_cert: + client_key: + require_tls: true + server_cert: + server_key: + skip_consul_lock: true + sql: + db_driver: postgres + db_host: sql-db.service.cf.internal + db_password: + db_port: 5524 + db_schema: diego + db_username: diego + enable_consul_service_registration: false + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + release: diego + - name: silk-controller + properties: + ca_cert: + database: + host: sql-db.service.cf.internal + name: network_connectivity + password: + port: 5524 + type: postgres + username: network_connectivity + server_cert: + server_key: + silk_daemon: + ca_cert: + client_cert: + client_key: + release: silk + - name: locket + properties: + bpm: + enabled: true + diego: + locket: + sql: + db_driver: postgres + db_host: sql-db.service.cf.internal + db_password: + db_port: 5524 + db_schema: locket + db_username: locket + enable_consul_service_registration: false + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + tls: + ca_cert: + cert: + key: + release: diego + - name: loggr-udp-forwarder + properties: + loggregator: + tls: + ca: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: loggr_udp_forwarder_metrics + release: loggregator-agent + migrated_from: + - name: diego-bbs + name: diego-api + networks: + - name: cf-core + stemcell: default + vm_type: small +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: uaa + properties: + encryption: + active_key_label: default_key + encryption_keys: + - label: default_key + passphrase: + login: + branding: + footer_legal_text: null + footer_links: null + product_logo: null + square_logo: null + links: + passwd: https://login.system.cf.testing.example/forgot_password + signup: https://login.system.cf.testing.example/create_account + saml: + activeKeyId: key-1 + keys: + key-1: + certificate: + key: + passphrase: "" + uaa: + admin: + client_secret: + clients: + cc-service-dashboards: + authorities: clients.read,clients.write,clients.admin + authorized-grant-types: client_credentials + scope: openid,cloud_controller_service_permissions.read + secret: + cc_routing: + authorities: routing.router_groups.read + authorized-grant-types: client_credentials + secret: + cc_service_key_client: + authorities: credhub.read,credhub.write + authorized-grant-types: client_credentials + secret: + cf: + access-token-validity: 1200 + authorities: uaa.none + authorized-grant-types: password,refresh_token + override: true + refresh-token-validity: 2592000 + scope: network.admin,network.write,cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write,cloud_controller.admin_read_only,cloud_controller.global_auditor,perm.admin,clients.read + secret: "" + cf_smoke_tests: + authorities: cloud_controller.admin,clients.read + authorized-grant-types: client_credentials + secret: + cloud_controller_username_lookup: + authorities: scim.userids + authorized-grant-types: client_credentials + secret: + credhub_admin_client: + authorities: credhub.read,credhub.write + authorized-grant-types: client_credentials + secret: + doppler: + authorities: uaa.resource + authorized-grant-types: client_credentials + override: true + secret: + gorouter: + authorities: routing.routes.read + authorized-grant-types: client_credentials + secret: + network-policy: + authorities: uaa.resource,cloud_controller.admin_read_only + authorized-grant-types: client_credentials + secret: + routing_api_client: + authorities: routing.routes.write,routing.routes.read,routing.router_groups.read + authorized-grant-types: client_credentials + secret: + ssh-proxy: + authorized-grant-types: authorization_code + autoapprove: true + override: true + redirect-uri: https://uaa.system.cf.testing.example/login + scope: openid,cloud_controller.read,cloud_controller.write,cloud_controller.admin + secret: + tcp_emitter: + authorities: routing.routes.write,routing.routes.read + authorized-grant-types: client_credentials + secret: + tcp_router: + authorities: routing.routes.read,routing.router_groups.read + authorized-grant-types: client_credentials + secret: + jwt: + policy: + active_key_id: key-1 + keys: + key-1: + signingKey: + logging_level: INFO + scim: + users: + - groups: + - clients.read + - cloud_controller.admin + - doppler.firehose + - network.admin + - openid + - routing.router_groups.read + - routing.router_groups.write + - scim.read + - scim.write + name: admin + password: + sslCertificate: + sslPrivateKey: + url: https://uaa.system.cf.testing.example + zones: + internal: + hostnames: + - uaa.service.cf.internal + uaadb: + databases: + - name: uaa + tag: uaa + db_scheme: postgresql + port: 5524 + roles: + - name: uaa + password: + tag: admin + tls: disabled + release: uaa + - name: route_registrar + properties: + nats: + tls: + client_cert: + client_key: + enabled: true + route_registrar: + routes: + - health_check: + name: uaa-healthcheck + script_path: /var/vcap/jobs/uaa/bin/dns/healthy + name: uaa + registration_interval: 10s + server_cert_domain_san: uaa.service.cf.internal + tags: + component: uaa + tls_port: 8443 + uris: + - uaa.system.cf.testing.example + - '*.uaa.system.cf.testing.example' + - login.system.cf.testing.example + - '*.login.system.cf.testing.example' + release: routing + - name: statsd_injector + properties: + loggregator: + tls: + ca_cert: + statsd_injector: + cert: + key: + release: statsd-injector + name: uaa + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- azs: + - z1 + instances: 1 + jobs: + - name: blobstore + properties: + blobstore: + admin_users: + - password: + username: blobstore-user + secure_link: + secret: + tls: + cert: + private_key: + select_directories_to_backup: + - buildpacks + - packages + - droplets + system_domain: system.cf.testing.example + release: capi + - name: route_registrar + properties: + nats: + tls: + client_cert: + client_key: + enabled: true + route_registrar: + routes: + - name: blobstore + port: 8080 + registration_interval: 20s + tags: + component: blobstore + uris: + - blobstore.system.cf.testing.example + release: routing + migrated_from: + - name: blobstore + name: singleton-blobstore + networks: + - name: cf-core + persistent_disk_type: 100GB + stemcell: default + update: + serial: true + vm_type: small +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: cloud_controller_ng + properties: + app_domains: + - run.cf.testing.example + app_ssh: + host_key_fingerprint: + build: cf-genesis-kit v2.1.2 + cc: + buildpacks: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + bulk_api_password: + database_encryption: + current_key_label: encryption_key_0 + keys: + encryption_key_0: + db_encryption_key: + default_running_security_groups: + - public_networks + - dns + default_staging_security_groups: + - public_networks + - dns + diego: + docker_staging_stack: cflinuxfs3 + droplets: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + install_buildpacks: + - name: staticfile_buildpack + package: staticfile-buildpack-cflinuxfs3 + - name: java_buildpack + package: java-buildpack-cflinuxfs3 + - name: ruby_buildpack + package: ruby-buildpack-cflinuxfs3 + - name: dotnet_core_buildpack + package: dotnet-core-buildpack-cflinuxfs3 + - name: nodejs_buildpack + package: nodejs-buildpack-cflinuxfs3 + - name: go_buildpack + package: go-buildpack-cflinuxfs3 + - name: python_buildpack + package: python-buildpack-cflinuxfs3 + - name: php_buildpack + package: php-buildpack-cflinuxfs3 + - name: nginx_buildpack + package: nginx-buildpack-cflinuxfs3 + - name: r_buildpack + package: r-buildpack-cflinuxfs3 + - name: binary_buildpack + package: binary-buildpack-cflinuxfs3 + internal_api_password: + logcache_tls: + certificate: + private_key: + min_cli_version: 6.23.0 + min_recommended_cli_version: 6.23.0 + mutual_tls: + ca_cert: + private_key: + public_cert: + packages: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + public_tls: + ca_cert: + certificate: + private_key: + resource_pool: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + security_group_definitions: + - name: public_networks + rules: + - destination: 0.0.0.0-9.255.255.255 + protocol: all + - destination: 11.0.0.0-169.253.255.255 + protocol: all + - destination: 169.255.0.0-172.15.255.255 + protocol: all + - destination: 172.32.0.0-192.167.255.255 + protocol: all + - destination: 192.169.0.0-255.255.255.255 + protocol: all + - name: dns + rules: + - destination: 0.0.0.0/0 + ports: "53" + protocol: tcp + - destination: 0.0.0.0/0 + ports: "53" + protocol: udp + stacks: + - description: Cloud Foundry Linux-based filesystem (Ubuntu 18.04) + name: cflinuxfs3 + staging_upload_password: + staging_upload_user: staging_user + temporary_use_logcache: true + ccdb: + databases: + - name: cloud_controller + tag: cc + db_scheme: postgres + port: 5524 + roles: + - name: cloud_controller + password: + tag: admin + credhub_api: + ca_cert: + description: Use `genesis info` on environment file for more details + name: Cloud Foundry (isolation-segments) + router: + route_services_secret: + routing_api: + enabled: true + ssl: + skip_cert_verify: true + support_address: https://github.com/genesis-community/cf-genesis-kit + system_domain: system.cf.testing.example + uaa: + ca_cert: + clients: + cc-service-dashboards: + secret: + cc_routing: + secret: + cc_service_key_client: + secret: + cloud_controller_username_lookup: + secret: + url: https://uaa.system.cf.testing.example + provides: + cloud_controller: + as: cloud_controller + shared: true + release: capi + - name: binary-buildpack + release: binary-buildpack + - name: dotnet-core-buildpack + release: dotnet-core-buildpack + - name: go-buildpack + release: go-buildpack + - name: java-buildpack + release: java-buildpack + - name: nodejs-buildpack + release: nodejs-buildpack + - name: nginx-buildpack + release: nginx-buildpack + - name: r-buildpack + release: r-buildpack + - name: php-buildpack + release: php-buildpack + - name: python-buildpack + release: python-buildpack + - name: ruby-buildpack + release: ruby-buildpack + - name: staticfile-buildpack + release: staticfile-buildpack + - name: route_registrar + properties: + nats: + tls: + client_cert: + client_key: + enabled: true + route_registrar: + routes: + - health_check: + name: api-health-check + script_path: /var/vcap/jobs/cloud_controller_ng/bin/cloud_controller_ng_health_check + timeout: 6s + name: api + port: 9022 + registration_interval: 10s + server_cert_domain_san: api.system.cf.testing.example + tags: + component: CloudController + tls_port: 9024 + uris: + - api.system.cf.testing.example + - name: policy-server + registration_interval: 20s + server_cert_domain_san: api.system.cf.testing.example + tls_port: 4002 + uris: + - api.system.cf.testing.example/networking + release: routing + - name: statsd_injector + properties: + loggregator: + tls: + ca_cert: + statsd_injector: + cert: + key: + release: statsd-injector + - name: file_server + properties: + bpm: + enabled: true + enable_consul_service_registration: false + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + release: diego + - name: routing-api + properties: + routing_api: + enabled_api_endpoints: both + locket: + api_location: locket.service.cf.internal:8891 + ca_cert: + client_cert: + client_key: + mtls_ca: + mtls_client_cert: + mtls_client_key: + mtls_server_cert: + mtls_server_key: + router_groups: + - name: default-tcp + reservable_ports: 1024-1033 + type: tcp + skip_consul_lock: true + sqldb: + host: sql-db.service.cf.internal + password: + port: 5524 + schema: routing-api + type: postgres + username: routing-api + system_domain: system.cf.testing.example + uaa: + ca_cert: + tls_port: 8443 + release: routing + - name: policy-server + properties: + database: + host: sql-db.service.cf.internal + name: network_policy + password: + port: 5524 + type: postgres + username: network_policy + enable_space_developer_self_service: true + enable_tls: true + server_cert: + server_key: + uaa_ca: + uaa_client_secret: + release: cf-networking + - name: policy-server-internal + properties: + ca_cert: + server_cert: + server_key: + release: cf-networking + - name: cc_uploader + properties: + capi: + cc_uploader: + cc: + ca_cert: + client_cert: + client_key: + mutual_tls: + ca_cert: + server_cert: + server_key: + release: capi + - name: loggr-udp-forwarder + properties: + loggregator: + tls: + ca: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: loggr_udp_forwarder_metrics + release: loggregator-agent + name: api + networks: + - name: cf-core + stemcell: default + vm_extensions: + - 50GB_ephemeral_disk + vm_type: small +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: cloud_controller_worker + properties: + cc: + buildpacks: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + database_encryption: + current_key_label: encryption_key_0 + keys: + encryption_key_0: + db_encryption_key: + droplets: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + internal_api_password: + mutual_tls: + ca_cert: + private_key: + public_cert: + packages: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + resource_pool: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + staging_upload_password: + staging_upload_user: staging_user + ccdb: + databases: + - name: cloud_controller + tag: cc + db_scheme: postgres + port: 5524 + roles: + - name: cloud_controller + password: + tag: admin + routing_api: + enabled: true + ssl: + skip_cert_verify: true + system_domain: system.cf.testing.example + uaa: + ca_cert: + clients: + cc-service-dashboards: + secret: + cc_routing: + secret: + release: capi + name: cc-worker + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: cfdot + properties: + tls: + ca_certificate: + certificate: + private_key: + release: diego + - name: auctioneer + properties: + bpm: + enabled: true + diego: + auctioneer: + bbs: + ca_cert: + client_cert: + client_key: + ca_cert: + rep: + ca_cert: + client_cert: + client_key: + require_tls: true + server_cert: + server_key: + skip_consul_lock: true + enable_consul_service_registration: false + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + release: diego + - name: cloud_controller_clock + properties: + cc: + buildpacks: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + database_encryption: + current_key_label: encryption_key_0 + keys: + encryption_key_0: + db_encryption_key: + droplets: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + internal_api_password: + mutual_tls: + ca_cert: + private_key: + public_cert: + packages: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + resource_pool: + blobstore_type: webdav + webdav_config: + blobstore_timeout: 5 + ca_cert: + password: + private_endpoint: https://blobstore.service.cf.internal:4443 + public_endpoint: https://blobstore.system.cf.testing.example + username: blobstore-user + staging_upload_password: + staging_upload_user: staging_user + ccdb: + databases: + - name: cloud_controller + tag: cc + db_scheme: postgres + port: 5524 + roles: + - name: cloud_controller + password: + tag: admin + routing_api: + enabled: true + ssl: + skip_cert_verify: true + system_domain: system.cf.testing.example + uaa: + ca_cert: + clients: + cc-service-dashboards: + secret: + cc_routing: + secret: + ssl: + port: 8443 + release: capi + - name: cc_deployment_updater + properties: + cc: + db_encryption_key: + mutual_tls: + ca_cert: + private_key: + public_cert: + ccdb: + databases: + - name: cloud_controller + tag: cc + db_scheme: postgres + port: 5524 + roles: + - name: cloud_controller + password: + tag: admin + release: capi + - name: service-discovery-controller + properties: + dnshttps: + client: + ca: + server: + tls: + ca: + certificate: + private_key: + nats: + cert_chain: + private_key: + tls_enabled: true + release: cf-networking + - name: statsd_injector + properties: + loggregator: + tls: + ca_cert: + statsd_injector: + cert: + key: + release: statsd-injector + - name: tps + properties: + capi: + tps: + bbs: + ca_cert: + client_cert: + client_key: + cc: + ca_cert: + client_cert: + client_key: + watcher: + locket: + api_location: locket.service.cf.internal:8891 + skip_consul_lock: true + release: capi + - name: ssh_proxy + properties: + backends: + tls: + ca_certificates: + - + client_certificate: + client_private_key: + enabled: true + bpm: + enabled: true + diego: + ssh_proxy: + bbs: + ca_cert: + client_cert: + client_key: + disable_healthcheck_server: true + enable_cf_auth: true + host_key: + uaa: + ca_cert: + uaa_secret: + enable_consul_service_registration: false + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + release: diego + - name: loggr-syslog-binding-cache + properties: + api: + tls: + ca_cert: + cert: + cn: cloud-controller-ng.service.cf.internal + key: + external_port: 9000 + metrics: + ca_cert: + cert: + key: + server_name: loggr_syslog_binding_cache_metrics + tls: + ca_cert: + cert: + cn: binding-cache + key: + release: loggregator-agent + - name: loggr-udp-forwarder + properties: + loggregator: + tls: + ca: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: loggr_udp_forwarder_metrics + release: loggregator-agent + migrated_from: + - name: cc-bridge + - name: cc-clock + - name: diego-brain + name: scheduler + networks: + - name: cf-core + stemcell: default + vm_extensions: + - diego-ssh-proxy-network-properties + vm_type: minimal +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: gorouter + properties: + nats: + cert_chain: + private_key: + tls_enabled: true + router: + backends: + cert_chain: + private_key: + ca_certs: | + + + + + enable_ssl: true + route_services_secret: + status: + password: + user: router-status + tls_pem: + - cert_chain: + private_key: + tracing: + enable_zipkin: true + routing_api: + enabled: true + uaa: + ca_cert: + clients: + gorouter: + secret: + ssl: + port: 8443 + release: routing + - name: loggr-udp-forwarder + properties: + loggregator: + tls: + ca: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: loggr_udp_forwarder_metrics + release: loggregator-agent + name: router + networks: + - name: cf-edge + stemcell: default + update: + serial: true + vm_extensions: + - cf-router-network-properties + vm_type: minimal +- name: tcp-router + networks: + - name: cf-edge + instances: 2 + stemcell: default + vm_type: minimal + azs: + - z1 + - z2 + vm_extensions: + - cf-tcp-router-network-properties + jobs: + - name: tcp_router + release: routing + properties: + tcp_router: + oauth_secret: + router_group: default-tcp + uaa: + ca_cert: + tls_port: 8443 + - name: loggr-udp-forwarder + release: loggregator-agent + properties: + loggregator: + tls: + key: + ca: + cert: + metrics: + key: + ca_cert: + cert: + server_name: loggr_udp_forwarder_metrics +- azs: + - z1 + - z2 + instances: 4 + jobs: + - name: doppler + properties: + loggregator: + tls: + ca_cert: + doppler: + cert: + key: + provides: + doppler: + as: doppler + shared: true + release: loggregator + - name: log-cache + properties: + health_addr: localhost:6060 + metrics: + ca_cert: + cert: + key: + server_name: log_cache_metrics + tls: + ca_cert: + cert: + key: + provides: + log-cache: + shared: true + release: log-cache + - name: log-cache-gateway + properties: + gateway_addr: localhost:8081 + metrics: + ca_cert: + cert: + key: + server_name: log_cache_gateway_metrics + proxy_cert: + proxy_key: + release: log-cache + - consumes: + reverse_log_proxy: + from: reverse_log_proxy + name: log-cache-nozzle + properties: + logs_provider: + tls: + ca_cert: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: log_cache_nozzle_metrics + release: log-cache + - name: route_registrar + properties: + nats: + tls: + client_cert: + client_key: + enabled: true + route_registrar: + routes: + - name: log-cache-reverse-proxy + port: 8083 + registration_interval: 20s + server_cert_domain_san: log-cache.system.cf.testing.example + tls_port: 8083 + uris: + - log-cache.system.cf.testing.example + - '*.log-cache.system.cf.testing.example' + release: routing + - name: log-cache-cf-auth-proxy + properties: + cc: + ca_cert: + common_name: cloud-controller-ng.service.cf.internal + external_cert: + external_key: + metrics: + ca_cert: + cert: + key: + server_name: log_cache_cf_auth_proxy_metrics + proxy_ca_cert: + proxy_port: 8083 + uaa: + ca_cert: + client_id: doppler + client_secret: + internal_addr: https://uaa.service.cf.internal:8443 + release: log-cache + name: doppler + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- azs: + - z1 + - z2 + instances: 3 + jobs: + - name: bosh-dns-adapter + properties: + dnshttps: + client: + tls: + ca: + certificate: + private_key: + server: + ca: + internal_domains: + - apps.internal. + release: cf-networking + - name: cflinuxfs3-rootfs-setup + properties: + cflinuxfs3-rootfs: + trusted_certs: + - + - + - + release: cflinuxfs3 + - name: garden + properties: + garden: + cleanup_process_dirs_on_wait: true + containerd_mode: true + debug_listen_address: 127.0.0.1:17019 + default_container_grace_time: 0 + deny_networks: + - 0.0.0.0/0 + destroy_containers_on_start: true + network_plugin: /var/vcap/packages/runc-cni/bin/garden-external-networker + network_plugin_extra_args: + - --configFile=/var/vcap/jobs/garden-cni/config/adapter.json + logging: + format: + timestamp: rfc3339 + release: garden-runc + - name: rep + properties: + bpm: + enabled: true + containers: + proxy: + enabled: true + require_and_verify_client_certificates: true + trusted_ca_certificates: + - + - + verify_subject_alt_name: + - gorouter.service.cf.internal + - ssh-proxy.service.cf.internal + trusted_ca_certificates: + - + - + - + diego: + executor: + instance_identity_ca_cert: + instance_identity_key: + rep: + preloaded_rootfses: + - cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar + enable_consul_service_registration: false + enable_declarative_healthcheck: true + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + tls: + ca_cert: + cert: + key: + release: diego + - name: cfdot + properties: + tls: + ca_certificate: + certificate: + private_key: + release: diego + - consumes: + nats: + ip_addresses: false + nats-tls: + ip_addresses: false + name: route_emitter + properties: + bpm: + enabled: true + diego: + route_emitter: + bbs: + ca_cert: + client_cert: + client_key: + local_mode: true + nats: + tls: + client_cert: + client_key: + enabled: true + internal_routes: + enabled: true + logging: + format: + timestamp: rfc3339 + loggregator: + ca_cert: + cert: + key: + use_v2_api: true + tcp: + enabled: true + uaa: + ca_cert: + client_secret: + release: diego + - name: garden-cni + properties: + cni_config_dir: /var/vcap/jobs/silk-cni/config/cni + cni_plugin_dir: /var/vcap/packages/silk-cni/bin + release: cf-networking + - name: netmon + release: silk + - name: vxlan-policy-agent + properties: + ca_cert: + client_cert: + client_key: + release: silk + - name: silk-daemon + properties: + ca_cert: + client_cert: + client_key: + release: silk + - name: silk-cni + properties: + dns_servers: + - 169.254.0.2 + release: silk + - name: loggr-udp-forwarder + properties: + loggregator: + tls: + ca: + cert: + key: + metrics: + ca_cert: + cert: + key: + server_name: loggr_udp_forwarder_metrics + release: loggregator-agent + name: diego-cell + networks: + - name: cf-runtime + stemcell: default + vm_extensions: + - 100GB_ephemeral_disk + vm_type: small-highmem +- azs: + - z1 + - z2 + instances: 2 + jobs: + - consumes: + doppler: + from: doppler + name: loggregator_trafficcontroller + properties: + cc: + internal_service_hostname: cloud-controller-ng.service.cf.internal + mutual_tls: + ca_cert: + tls_port: 9023 + loggregator: + outgoing_cert: + outgoing_key: + tls: + ca_cert: + cc_trafficcontroller: + cert: + key: + trafficcontroller: + cert: + key: + uaa: + client_secret: + ssl: + skip_cert_verify: true + system_domain: system.cf.testing.example + uaa: + ca_cert: + internal_url: https://uaa.service.cf.internal:8443 + release: loggregator + - name: reverse_log_proxy + properties: + loggregator: + tls: + ca_cert: + reverse_log_proxy: + cert: + key: + provides: + reverse_log_proxy: + as: reverse_log_proxy + shared: true + release: loggregator + - name: reverse_log_proxy_gateway + properties: + cc: + ca_cert: + capi_internal_addr: https://cloud-controller-ng.service.cf.internal:9023 + cert: + common_name: cloud-controller-ng.service.cf.internal + key: + http: + address: 0.0.0.0:8088 + cert: + key: + logs_provider: + ca_cert: + client_cert: + client_key: + metrics: + ca_cert: + cert: + key: + server_name: rlp_gateway_metrics + uaa: + ca_cert: + client_id: doppler + client_secret: + internal_addr: https://uaa.service.cf.internal:8443 + release: loggregator + - name: route_registrar + properties: + nats: + tls: + client_cert: + client_key: + enabled: true + route_registrar: + routes: + - name: doppler + registration_interval: 20s + server_cert_domain_san: doppler.system.cf.testing.example + tls_port: 8081 + uris: + - doppler.system.cf.testing.example + - '*.doppler.system.cf.testing.example' + - name: rlp-gateway + registration_interval: 20s + server_cert_domain_san: log-stream.system.cf.testing.example + tls_port: 8088 + uris: + - log-stream.system.cf.testing.example + - '*.log-stream.system.cf.testing.example' + release: routing + name: log-api + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- azs: + - z1 + - z2 + instances: 2 + jobs: + - name: credhub + properties: + credhub: + authentication: + mutual_tls: + trusted_cas: + - + uaa: + ca_certs: + - + url: https://uaa.service.cf.internal:8443 + authorization: + acls: + enabled: true + permissions: + - actors: + - uaa-client:credhub_admin_client + operations: + - read + - write + - delete + - read_acl + - write_acl + path: /* + - actors: + - uaa-client:cc_service_key_client + operations: + - read + path: /* + ca_certificate: | + + data_storage: + database: credhub + host: sql-db.service.cf.internal + password: + port: 5524 + require_tls: false + type: postgres + username: credhub + encryption: + keys: + - active: true + key_properties: + encryption_password: + provider_name: internal-provider + providers: + - name: internal-provider + type: internal + internal_url: https://credhub.service.cf.internal + tls: + ca: + certificate: + private_key: + release: credhub + name: credhub + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- azs: + - z1 + - z2 + instances: 1 + jobs: + - name: rotate_cc_database_key + properties: {} + release: capi + lifecycle: errand + name: rotate-cc-database-key + networks: + - name: cf-core + stemcell: default + vm_type: minimal +- name: custom-params-group + networks: + - name: cf-runtime + instances: 5 + stemcell: test + vm_type: small-highmem + azs: + - custom-az + vm_extensions: + - 100GB_ephemeral_disk + - cf-router-network-properties + jobs: + - name: cflinuxfs3-rootfs-setup + release: cflinuxfs3 + properties: + cflinuxfs3-rootfs: + trusted_certs: + - + - + - + - name: garden + release: garden-runc + provides: + iptables: nil + properties: + garden: + cleanup_process_dirs_on_wait: true + containerd_mode: true + default_container_grace_time: 0 + deny_networks: + - 0.0.0.0/0 + destroy_containers_on_start: true + graph_cleanup_threshold_in_mb: 0 + logging: + format: + timestamp: rfc3339 + - name: rep + release: diego + properties: + bpm: + enabled: true + containers: + proxy: + enabled: true + require_and_verify_client_certificates: true + trusted_ca_certificates: + - + - + verify_subject_alt_name: + - gorouter.service.cf.internal + - ssh-proxy.service.cf.internal + trusted_ca_certificates: + - + - + - + diego: + executor: + instance_identity_ca_cert: + instance_identity_key: + rep: + placement_tags: + - custom-params-group + preloaded_rootfses: + - cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar + enable_consul_service_registration: false + enable_declarative_healthcheck: true + logging: + format: + timestamp: rfc3339 + loggregator: + key: + ca_cert: + cert: + use_v2_api: true + tls: + key: + ca_cert: + cert: + - name: route_emitter + release: diego + properties: + bpm: + enabled: true + diego: + route_emitter: + bbs: + ca_cert: + client_cert: + client_key: + local_mode: true + nats: + tls: + client_cert: + client_key: + enabled: true + internal_routes: + enabled: true + logging: + format: + timestamp: rfc3339 + loggregator: + key: + ca_cert: + cert: + use_v2_api: true + tcp: + enabled: true + uaa: + ca_cert: + client_secret: +- name: default-params-group + networks: + - name: default + instances: 1 + stemcell: default + vm_type: minimal + vm_extensions: "[]" + azs: + - z1 + jobs: + - name: cflinuxfs3-rootfs-setup + release: cflinuxfs3 + properties: + cflinuxfs3-rootfs: + trusted_certs: + - + - + - + - name: garden + release: garden-runc + provides: + iptables: nil + properties: + garden: + cleanup_process_dirs_on_wait: true + containerd_mode: true + default_container_grace_time: 0 + deny_networks: + - 0.0.0.0/0 + destroy_containers_on_start: true + graph_cleanup_threshold_in_mb: 0 + logging: + format: + timestamp: rfc3339 + - name: rep + release: diego + properties: + bpm: + enabled: true + containers: + proxy: + enabled: true + require_and_verify_client_certificates: true + trusted_ca_certificates: + - + - + verify_subject_alt_name: + - gorouter.service.cf.internal + - ssh-proxy.service.cf.internal + trusted_ca_certificates: + - + - + - + diego: + executor: + instance_identity_ca_cert: + instance_identity_key: + rep: + placement_tags: + - default-params-group + preloaded_rootfses: + - cflinuxfs3:/var/vcap/packages/cflinuxfs3/rootfs.tar + enable_consul_service_registration: false + enable_declarative_healthcheck: true + logging: + format: + timestamp: rfc3339 + loggregator: + key: + ca_cert: + cert: + use_v2_api: true + tls: + key: + ca_cert: + cert: + - name: route_emitter + release: diego + properties: + bpm: + enabled: true + diego: + route_emitter: + bbs: + ca_cert: + client_cert: + client_key: + local_mode: true + nats: + tls: + client_cert: + client_key: + enabled: true + internal_routes: + enabled: true + logging: + format: + timestamp: rfc3339 + loggregator: + key: + ca_cert: + cert: + use_v2_api: true + tcp: + enabled: true + uaa: + ca_cert: + client_secret: +manifest_version: v16.25.0 +name: isolation-segments-cf +releases: +- name: binary-buildpack + sha1: 6e1ff3753ac5a86e968546222bbbaaba1264d938 + url: https://bosh.io/d/github.com/cloudfoundry/binary-buildpack-release?v=1.0.40 + version: 1.0.40 +- name: bpm + sha1: 6e1187b180c3d8e6d3dafa2861147a59d4ede27e + url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.1.14 + version: 1.1.14 +- name: capi + sha1: f57b95580fa2f555ee7be7f17a4be4db6a1fea34 + url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.119.0 + version: 1.119.0 +- name: cf-networking + sha1: ad1c97f03736524128c313f54b3cae16bf5bd986 + url: https://bosh.io/d/github.com/cloudfoundry/cf-networking-release?v=2.39.0 + version: 2.39.0 +- name: cf-smoke-tests + sha1: b1eb4efe1f88367708ac8cbb08dc78a09dde9c4b + url: https://bosh.io/d/github.com/cloudfoundry/cf-smoke-tests-release?v=41.0.2 + version: 41.0.2 +- name: cflinuxfs3 + sha1: 0a7bb8199a63a667569c5d1e5a3e0b1d4a7b96d2 + url: https://bosh.io/d/github.com/cloudfoundry/cflinuxfs3-release?v=0.262.0 + version: 0.262.0 +- name: credhub + sha1: f5b5ce04eee1251d352f337a6ecb794c4dba8a39 + url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.11.1 + version: 2.11.1 +- name: diego + sha1: 85f71928d7d0f89e04cdf386c2ab4c3d485fa468 + url: https://bosh.io/d/github.com/cloudfoundry/diego-release?v=2.53.0 + version: 2.53.0 +- name: dotnet-core-buildpack + sha1: 60442fcaad7552b3bc26e61f77779deef46913b8 + url: https://bosh.io/d/github.com/cloudfoundry/dotnet-core-buildpack-release?v=2.3.34 + version: 2.3.34 +- name: garden-runc + sha1: d06a32a2e50faabd2df328619384089d9418f355 + url: https://bosh.io/d/github.com/cloudfoundry/garden-runc-release?v=1.19.30 + version: 1.19.30 +- name: go-buildpack + sha1: b1a756e21b7a9cbf3c04e66402657a41fce7d7e6 + url: https://bosh.io/d/github.com/cloudfoundry/go-buildpack-release?v=1.9.36 + version: 1.9.36 +- name: java-buildpack + sha1: 437779c708c437f8e60b1c92f218c4d01e809b6c + url: https://bosh.io/d/github.com/cloudfoundry/java-buildpack-release?v=4.42 + version: "4.42" +- name: loggregator + sha1: 9eb81ddf174e826a5f4e59bc4dc6bda9007495eb + url: https://bosh.io/d/github.com/cloudfoundry/loggregator-release?v=106.6.0 + version: 106.6.0 +- name: metrics-discovery + sha1: 073f13a065ca15e7c0c435ec71f88675f4e704d3 + url: https://bosh.io/d/github.com/cloudfoundry/metrics-discovery-release?v=3.0.6 + version: 3.0.6 +- name: nats + sha1: c8b82cebfd24e65b1079b66435aac4b48f4aa3c5 + url: https://bosh.io/d/github.com/cloudfoundry/nats-release?v=40 + version: "40" +- name: nginx-buildpack + sha1: 8adeefbcc10e25776d364f17caa4a3fdab8c3334 + url: https://bosh.io/d/github.com/cloudfoundry/nginx-buildpack-release?v=1.1.32 + version: 1.1.32 +- name: r-buildpack + sha1: 11e2fcb1f349c88a3cc2156d55730c7eb4d143ce + url: https://bosh.io/d/github.com/cloudfoundry/r-buildpack-release?v=1.1.22 + version: 1.1.22 +- name: nodejs-buildpack + sha1: 7be381c1e879493239619ad708d258424fe0b626 + url: https://bosh.io/d/github.com/cloudfoundry/nodejs-buildpack-release?v=1.7.62 + version: 1.7.62 +- name: php-buildpack + sha1: 9f3e8de97495074ebd0362623f23d6884297fab9 + url: https://bosh.io/d/github.com/cloudfoundry/php-buildpack-release?v=4.4.46 + version: 4.4.46 +- name: pxc + sha1: 526751fd60912322aafbb2b25f744b732501493f + url: https://bosh.io/d/github.com/cloudfoundry-incubator/pxc-release?v=0.39.0 + version: 0.39.0 +- name: python-buildpack + sha1: 73f6790af87c0945e9ab91036817b325b9976ee5 + url: https://bosh.io/d/github.com/cloudfoundry/python-buildpack-release?v=1.7.46 + version: 1.7.46 +- name: routing + sha1: a5b7f3b746cfa169f466c2b682db296ab8dcd0ad + url: https://bosh.io/d/github.com/cloudfoundry/routing-release?v=0.225.0 + version: 0.225.0 +- name: ruby-buildpack + sha1: f6b4d39e0df49746cc4a41c308e6737e6c82764e + url: https://bosh.io/d/github.com/cloudfoundry/ruby-buildpack-release?v=1.8.47 + version: 1.8.47 +- name: silk + sha1: 7728d15d5e0bc6c0a0a2124f123c99baf79b6ff7 + url: https://bosh.io/d/github.com/cloudfoundry/silk-release?v=2.39.0 + version: 2.39.0 +- name: staticfile-buildpack + sha1: 713dfd0486f32073281129ab45961031833d7998 + url: https://bosh.io/d/github.com/cloudfoundry/staticfile-buildpack-release?v=1.5.25 + version: 1.5.25 +- name: statsd-injector + sha1: 4ca93a4ab1a65a2b7cb2c84d27b6cbd725a914a9 + url: https://bosh.io/d/github.com/cloudfoundry/statsd-injector-release?v=1.11.16 + version: 1.11.16 +- name: uaa + sha1: 57ffc783177cbca45a983cc573b591b636d0c0bf + url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=75.14.0 + version: 75.14.0 +- name: loggregator-agent + sha1: 9dd3ad00fb49bebd8290fad8ce7b2e4992dac31f + url: https://bosh.io/d/github.com/cloudfoundry/loggregator-agent-release?v=6.3.4 + version: 6.3.4 +- name: log-cache + sha1: f91e89e494ac4f9010f33a9567335dc713287fec + url: https://bosh.io/d/github.com/cloudfoundry/log-cache-release?v=2.11.4 + version: 2.11.4 +- name: bosh-dns-aliases + sha1: 55b3dced813ff9ed92a05cda02156e4b5604b273 + url: https://bosh.io/d/github.com/cloudfoundry/bosh-dns-aliases-release?v=0.0.4 + version: 0.0.4 +- name: cf-cli + sha1: c3d11f473d4518505e2a671d8ad6a553e1b1c1ca + url: https://bosh.io/d/github.com/bosh-packages/cf-cli-release?v=1.34.0 + version: 1.34.0 +- name: postgres + sha1: e44bbe8f8a7cdde1cda67b202e399a239d104db6 + url: https://bosh.io/d/github.com/cloudfoundry/postgres-release?v=43 + version: "43" +stemcells: +- alias: default + os: ubuntu-bionic + version: "1.54" +update: + canaries: 1 + canary_watch_time: 30000-1200000 + max_in_flight: 1 + serial: false + update_watch_time: 5000-1200000 +variables: [] diff --git a/spec/spec_test.go b/spec/spec_test.go index 90af3cc6..13b9af7b 100644 --- a/spec/spec_test.go +++ b/spec/spec_test.go @@ -207,6 +207,12 @@ var _ = Describe("Interal Kit", func() { RuntimeConfig: "dns", CPI: "aws", //"gcp", }) + Test(Environment{ + Name: "isolation-segments", + CloudConfig: "aws", + RuntimeConfig: "dns", + CPI: "aws", + }) // Test(Environment{ // Focus: true, // Name: "nfs-volume-services", diff --git a/spec/vault/isolation-segments.yml b/spec/vault/isolation-segments.yml new file mode 100644 index 00000000..9e26dfee --- /dev/null +++ b/spec/vault/isolation-segments.yml @@ -0,0 +1 @@ +{} \ No newline at end of file