Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dashboard step1: pass thru support (without CF sso support) #47

Closed
gberche-orange opened this issue Dec 10, 2018 · 2 comments · Fixed by #157
Closed

Dashboard step1: pass thru support (without CF sso support) #47

gberche-orange opened this issue Dec 10, 2018 · 2 comments · Fixed by #157

Comments

@gberche-orange
Copy link
Member

gberche-orange commented Dec 10, 2018
edited
Loading

As a service author, I need dashboard returned by nested brokers to be returned to end users. I'm ok to handle authentication for the dashboard (e.g. https url with basic auth credentials in the url) and have it shared among users.

Out of scope:
@gberche-orange
Copy link
Member Author

gberche-orange commented Jul 1, 2019
edited
Loading

See https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md#body-4

a Service Broker that wishes to return dashboard_url for a Service Instance MUST return it with the initial response to the provision request, even if the service is provisioned asynchronously. If present, MUST be a string or null.

Asked clarification about behavior of GET /v2/service_instances/:instance_id w.r.t. dashboard_url returned in openservicebrokerapi/servicebroker#498 (comment)

Possible next steps:

Option 1: return inner broker dashboard in GET /v2/service_instances/:instance_id

1- have provisionning response return an initial (fake) dashboard url

  • possibly pointing to a static page displaying a message such as "service instance being provisionned"
  • possibly configured with a shield url such as https://shield-webui-m_8b04f44b-ae11-4a94-8dda-1d54fc1b1ce1.((/secrets/cloudfoundry_ops_domain)) i.e. configured as https://shield-webui-{0}.my-redactedt-ops-domain.com where {0} is the service instance guid.

2- implement the GET /v2/service_instances/:instance_id and return instances_retrievable in catalog service offering object

  • for inner brokers supporting this endpoint (i.e. , just return provided value from inner broker GET /v2/service_instances/:instance_id endpoint
  • for inner brokers not supporting this endpoint, we'd need to record this value returned from provisionning call. Beware some dashboard urls contain sensitive login/password data (such as rabbitmq broker)
    • in git templates repo in coab-depls/c_0a9018b8-7cb2-47c1-9542-0aceb8ca740a/template/
      • coab-vars.yml: currently holds CSIReq (as to share logic with Fetching a Service Instance endpoint)
      • coab-inner-cisresp.yml
    • in git secrets repo: in new file coab-depls/c_0a9018b8-7cb2-47c1-9542-0aceb8ca740a/coab-inner-cisr.yml (along with manifest file written by coa and watched by coab)
    • in credhub

Limitations of this design:

Likely blocked by CC conformance, see cloudfoundry/cloud_controller_ng#1390

Option 2: Return a dashboard URL served by COAB whose body response content includes a link to the dashboard URL of the inner broker

  • record the inner broker dashboard_url returned from provisionning call. Beware some dashboard urls contain sensitive login/password data (such as rabbitmq broker)
    • in git templates repo in coab-depls/c_0a9018b8-7cb2-47c1-9542-0aceb8ca740a/template/
      • coab-vars.yml: currently holds CSIReq (as to share logic with Fetching a Service Instance endpoint)
      • coab-inner-cisresp.yml
    • in git secrets repo: in new file coab-depls/c_0a9018b8-7cb2-47c1-9542-0aceb8ca740a/coab-inner-cisr.yml (along with manifest file written by coa and watched by coab)
    • in credhub
  • implement a new controller to endpoint /dashboards/{service-instance-guids)/ which returns HTML or Json with a list of dashboards
    • with a statically configured dashboard(s) if configured (e.g. url to shield )
    • with the inner broker dashboard url (e.g. rabbitmq dashboard)

In step 2, project this COAB dashboard with SSO

@gberche-orange gberche-orange mentioned this issue Jul 3, 2019
Merged
@gberche-orange
Copy link
Member Author

gberche-orange commented May 19, 2020
edited
Loading

Option 3: return dashboard url template expanded from service instance guid

https://shield-webui-m_8b04f44b-ae11-4a94-8dda-1d54fc1b1ce1.((/secrets/cloudfoundry_ops_domain)) i.e. configured as https://shield-webui-{0}.my-redactedt-ops-domain.com where {0} is the service instance guid.

Ability to include brokered service guid (planned in orange-cloudfoundry/osb-cmdb#15), or more generically Xpath expression to coab-vars.yml would enable to return a dashboard url for the cmdb users

@gberche-orange gberche-orange mentioned this issue Jul 28, 2020
Closed
gberche-orange added a commit that referenced this issue Apr 23, 2021
@gberche-orange
Implement static dashboard url (#47 step 1)
2163d8f 
   - add a configuration flag in DeploymentProperties
   - use the configuration flag in BoshProcessor#preCreate()
gberche-orange added a commit that referenced this issue Apr 23, 2021
@gberche-orange
Implement static dashboard url (#47 step 2)
ef442d3 
Implement getinstance support in ProcessorChainServiceInstanceService
gberche-orange added a commit that referenced this issue Apr 23, 2021
@gberche-orange
Implement static dashboard url (#47 step 2)
996caf1 
Update TODO
gberche-orange added a commit that referenced this issue Apr 23, 2021
@gberche-orange
Implement static dashboard url (#47 step 2)
3fc37fb 
Fix getinstance support in ProcessorChainServiceInstanceService
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dashboard step 1 orange-cloudfoundry/cf-ops-automation-broker
1 participant
@gberche-orange