📝 BLOG.IK.AM

@making's memo
(🗃 Categories 🏷 Tags)

Cloud FoundryのUAAでConcourseのチーム機能を使う

🗃 {Dev/CI/ConcourseCI}

🏷 Concourse CI 🏷 Cloud Foundry

🗓 Updated at 2017-12-20T02:32:23Z by Toshiaki Maki  🗓 Created at 2017-03-27T02:22:36Z by Toshiaki Maki  {✒️️ Edit  ⏰ History}


⚠️ Caution: This content is a bit old. Please be careful to read.

memo

基本的にはhttp://concourse.ci/teams.html#section_uaa-cf-authの通り。

まずはUAAのクライアント作成

uaac client add concourse-atc \
  --name concourse-atc \
  --secret <concourse-client-secret> \
  --authorized_grant_types authorization_code,refresh_token \
  --scope cloud_controller.read \
  --access_token_validity 3600 \
  --refresh_token_validity 36000 \
  --redirect_uri https://<concourse domain>/auth/uaa/callback \
  --autoapprove true

次にConcourseのチーム作成

fly -t <target> set-team -n <team>   \
    --basic-auth-username=admin \
    --basic-auth-password=admin \
    --uaa-auth-client-id concourse-atc \
    --uaa-auth-client-secret <concourse-client-secret> \
    --uaa-auth-auth-url https://login.<system domain>/oauth/authorize \
    --uaa-auth-token-url https://login.<system domain>/oauth/token \
    --uaa-auth-cf-url https://api.<system domain> \
    --uaa-auth-cf-space <space uuid> \
    --uaa-auth-cf-ca-cert ~/xxxx.crt

uaa-auth-cf-ca-certは自己証明書を使っている場合に必要