team support in concourse ci 2.0 #concourse_tokyo
TRANSCRIPT
‹#›© 2016 Pivotal Software, Inc. All rights reserved. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Team Support in Concourse CI 2.0
Toshiaki Maki 2016-09-08 #concourse_tokyo
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?• Toshiaki Maki (@making) http://blog.ik.am
•Sr. Solutions Architect @Pivotal
•Spring Framework enthusiast
bit.ly/spring-book
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?• Toshiaki Maki (@making) http://blog.ik.am
•Sr. Solutions Architect @Pivotal
•Spring Framework enthusiast
bit.ly/spring-book
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0• 2 types of Authentication / Authorization
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0• 2 types of Authentication / Authorization
Basic
😎
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0• 2 types of Authentication / Authorization
Github TeamBasic
😎
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0• 2 types of Authentication / Authorization
Github TeamBasic
😎
•No multi tenancy •All pipelines/builds are for only 1 team
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Multiple Teams from 2.0 !!•separate namespace for pipelines/builds •main team (=admin) and other teams •multiple providers are supported •Basic •Github Team •Cloud Foundry's UAA •Generic OAuth 2
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Github TeamGithub TeamBasicBasicTeam A Team B
😎
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Github TeamGithub TeamBasicBasicTeam A Team B
😎
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
provider multi users per team
multi teams per provider
Basic 💔 💔
Github 💖 💖 (team)
UAA 💖 💖 (space)
OAuth 2 💖 💔 (depends on impl)
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Basic
$ fly -t foo set-team -n team-a \ --basic-auth-username=foo \ --basic-auth-password=foo
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Github
$ fly -t foo set-team -n team-b \ --github-auth-client-id=xxxx \ --github-auth-client-secret=xxxx \ --github-auth-team=yourorg/yourteam
callback url = https://<concourse url>/auth/github/callback
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
UAA$ fly -t foo set-team -n team-b \ --uaa-auth-client-id=xxxx \ --uaa-auth-client-secret=xxxx \ --uaa-auth-url=https://xxx/oauth/authorize \
--uaa-auth-token-url=https://xxx/oauth/token \
--uaa-auth-cf-url=https://api.xxx \ --uaa-auth-cf-space=xxxx
callback url = https://<concourse url>/auth/uaa/callback
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Generic OAuth 2$ fly -t foo set-team -n team-d \ --generic-oauth-display=name='X' \ --generic-oauth-client-id=xxxx \ --generic-oauth-client-secret=xxxx \ --generic-oauth-auth-url=https://... \ --generic-oauth-token-url=https://...
callback url = https://<concourse url>/auth/oauth/callback
OAuth provider should be private
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Combination$ fly -t foo set-team -n team-e \ --basic-auth-...=... \ --github-auth-...=... \ --uaa-auth-...=... \ --generic-oauth-...=... \
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Demo
‹#›© 2016 Pivotal Software, Inc. All rights reserved.
[Ads] Cloud Foundry Workshop • http://pivotal-japan.connpass.com/