Skip to content

Latest commit

 

History

History
124 lines (97 loc) · 5.55 KB

README.adoc

File metadata and controls

124 lines (97 loc) · 5.55 KB

A small library for parsing the Cloud Foundry environment variables.

Cloud Foundry defines a number of environment variables, but at the moment, we only parse VCAP_SERVICES. We list the bound services by name, exposing the metadata and credentials for each, and provide convenient access to any SSL keys and certificates encoded in the credentials.

Using it

Download it from Bintray:

download

Or use it as a dependency in your build:

repositories {
    jcenter()
}

dependencies {
    compile group: 'io.pivotal.labs', name: 'cf-env', version: '0.0.1'
}

Incorporate it into your application:

import io.pivotal.labs.cfenv.CloudFoundryEnvironment;
import io.pivotal.labs.cfenv.CloudFoundryService;

@WebServlet("/ini")
public class ServicesAsIniFileServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        CloudFoundryEnvironment environment;
        try {
            environment = new CloudFoundryEnvironment(System::getenv);
        } catch (CloudFoundryEnvironmentException e) {
            throw new ServletException(e);
        }

        response.setStatus(HttpServletResponse.SC_OK);
        response.setContentType("text/plain");

        try (PrintWriter out = response.getWriter()) {
            for (String serviceName : environment.getServiceNames()) {
                CloudFoundryService service = environment.getService(serviceName);
                out.println("[" + service.getName() + "]");
                out.println("label = " + service.getLabel());
                if (service.getPlan() != null) out.println("plan = " + service.getPlan());
                out.println("tags = " + service.getTags().stream().collect(Collectors.joining(", ")));
                Map<String, Object> credentials = service.getCredentials();
                credentials.forEach((name, value) -> out.println("credentials." + name + " = " + value));
                out.println();
            }
        }
    }
}

Most of the interesting methods are on the CloudFoundryService class, so have a look at that.

Developing it

Build it with Gradle:

./gradlew build

Release it with Gradle:

# you probably want to make these changes manually rather than like this
sed -i -e "s/^version = .*/version = 'x.y.z'/" build.gradle
echo -e "bintrayUser=pivotal-labs-london\nbintrayKey=..." >gradle.properties

./gradlew bintrayUpload

Create some SSL keys and certificates for testing the certificate handling:

# create a CA RSA key pair
openssl req -x509 -newkey 512 -subj /OU=IAmACertificateAuthority -nodes -keyout ca.key -out ca.crt

# create, sign, and convert to PKCS#8 a service RSA key pair
openssl req -newkey 512 -subj /OU=IAmAService -nodes -keyout service_rsa.key -out service_rsa.csr
openssl x509 -req -in service_rsa.csr -CAkey ca.key -CA ca.crt -CAcreateserial -out service_rsa.crt
openssl pkcs8 -topk8 -in service_rsa.key -nocrypt -out service_rsa.key8
openssl pkey -in service_rsa.key -pubout -out service_rsa.pub
chmod go-r service_rsa.key
ssh-keygen -e -f service_rsa.key -m pem >service_rsa.pub1

# create, sign, and convert to PKCS#8 a service EC key pair
openssl ecparam -name prime256v1 -genkey -noout -out service_ec.key
openssl req -new -key service_ec.key -subj /OU=IAmAService -nodes -out service_ec.csr
openssl x509 -req -in service_ec.csr -CAkey ca.key -CA ca.crt -CAcreateserial -out service_ec.crt
openssl pkcs8 -topk8 -in service_ec.key -nocrypt -out service_ec.key8
openssl pkey -in service_ec.key -pubout -out service_ec.pub

# create, sign, and convert to PKCS#8 a service DSA key pair
openssl dsaparam -genkey 512 -noout -out service_dsa.key
openssl req -new -key service_dsa.key -subj /OU=IAmAService -nodes -out service_dsa.csr
openssl x509 -req -in service_dsa.csr -CAkey ca.key -CA ca.crt -CAcreateserial -out service_dsa.crt
openssl pkcs8 -topk8 -in service_dsa.key -nocrypt -out service_dsa.key8
openssl pkey -in service_dsa.key -pubout -out service_dsa.pub

# create, sign, and convert to PKCS#8 a service Diffie-Hellman key pair
openssl dhparam 512 -out service_dh.params
openssl genpkey -paramfile service_dh.params -out service_dh.key8
openssl pkey -in service_dh.key8 -pubout -out service_dh.pub
openssl req -newkey 512 -subj /OU=IAmAService -nodes -keyout service_dh_dummy.key -out service_dh_dummy.csr
openssl x509 -req -in service_dh_dummy.csr -CAkey ca.key -CA ca.crt -CAcreateserial -force_pubkey service_dh.pub -out service_dh.crt

# diagnostic functions
dump_asn() { openssl asn1parse -i -in "$1"; }
dump_hex() { egrep -v '^--' <"$1" | base64 -D | hexdump | sed -E 's/^.{7}.?//' | tr '\n' ' ' | tr -s ' '; echo; }
dump_cert() { openssl x509 -in "$1" -text -noout; }
dump_rsa_key() { openssl rsa -in "$1" -text -noout; }
dump_ec_key() { openssl ec -in "$1" -text -noout; }