Pivotal/APIs/Service Broker API
Line 31: | Line 31: | ||
==Credentials== | ==Credentials== | ||
In order to manually query the service broker API endpoints, you will need to gather the credentials used to register the service. As of today, PAS 2.3, these credentials are stored within the BOSH credhub instance in Cloud Foundry, however they may be available from Ops Manager UI, PAS > Credentials.<br/> | In order to manually query the service broker API endpoints, you will need to gather the credentials used to register the service. As of today, PAS 2.3, these credentials are stored within the BOSH credhub instance in Cloud Foundry, however they may be available from Ops Manager UI, PAS > Credentials.<br/> | ||
+ | ==Determine Credhub name== | ||
+ | Credhub will have a fairly long string for a name, so its important that we discover what it is. From the Ops Manager VM, run the following command and it should print out the credhub variable names for the username and password. | ||
+ | <nowiki>~$ sudo cat /var/tempest/workspaces/default/deployments/credhub-service-broker*.yml | grep 'name: credhub_broker' -A 2 | ||
+ | name: credhub_broker | ||
+ | password: "((/opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials.password))" | ||
+ | user: "((/opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials.identity))" | ||
+ | -- | ||
+ | name: credhub_broker | ||
+ | domain: run-19.haas-59.pez.pivotal.io | ||
+ | org: credhub-service-broker-org</nowiki> | ||
+ | |||
===Credhub CLI=== | ===Credhub CLI=== | ||
Before we can use the Credhub CLI, we need credentials for CredHub. In this instance we will be logging into the Credhub for BOSH, which is on the Bosh director VM.<br/> | Before we can use the Credhub CLI, we need credentials for CredHub. In this instance we will be logging into the Credhub for BOSH, which is on the Bosh director VM.<br/> | ||
Line 55: | Line 66: | ||
[email protected]'s password: | [email protected]'s password: | ||
Login Successful</nowiki> | Login Successful</nowiki> | ||
+ | |||
+ | Now that we are authenticated with credhub, we can search for the desired credentials | ||
+ | <nowiki>~$ credhub find | grep -i credhub | ||
+ | - name: /opsmgr/director/credhub-service-broker-fe0bf86cb201f5273057/delete-all/vm_credentials | ||
+ | - name: /opsmgr/director/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/vm_credentials | ||
+ | - name: /opsmgr/director/credhub-service-broker-fe0bf86cb201f5273057/uaa_client_secret | ||
+ | - name: /opsmgr/director/cf-c4ad9789367ebcdd824b/credhub/vm_credentials | ||
+ | - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/delete-all/app_credentials | ||
+ | - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/delete-all/vm_credentials | ||
+ | - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials | ||
+ | - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/vm_credentials | ||
+ | - name: /opsmgr/cf-c4ad9789367ebcdd824b/uaa/services_credhub_credentials | ||
+ | - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_tls | ||
+ | - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_key_encryption_passwords/0/key | ||
+ | - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_hsm_provider_partition_password | ||
+ | - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_hsm_provider_client_certificate | ||
+ | - name: /p-bosh/cf-c4ad9789367ebcdd824b/credhub-db-credentials</nowiki> | ||
+ | |||
+ | Since we got the name of the credentials we need earlier, this is pretty easy. remember to remove <code>.identity</code> or <code>.password</code> | ||
+ | <nowiki>~$ credhub get --name /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials | ||
+ | id: a9b9d259-19a1-4577-9f3d-3ed42ae4580c | ||
+ | name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials | ||
+ | type: json | ||
+ | value: | ||
+ | identity: username | ||
+ | password: password | ||
+ | salt: salt | ||
+ | sha512_hashed_password: salted password hash | ||
+ | version_created_at: 2018-10-23T11:09:56Z</nowiki> |
Revision as of 16:53, 1 November 2018
APIs
Open Service Broker API
Contents |
Overview
The open service broker API is used by service brokers; the brokers of services available to developers to supplement their applications.
It allows service brokers to register services, configure, manage, etc.
Manual Queries
Queries are structured like so:
~$ curl http://username:password@service-broker-url/v2/catalog -H "X-Broker-API-Version: 2.14"
The components are:
component | description |
---|---|
curl
|
command used |
http://username:password
|
username and password for the service broker placed inline with the GET request |
@service-broker-url
|
the service broker URL specific to the service deployed |
/v2/catalog
|
the service broker API endpoint |
-H "X-Broker-API-Version: 2.14"
|
A required header for the request that must declare the version number of the Open Service Broker API that the platform is using |
Credentials
In order to manually query the service broker API endpoints, you will need to gather the credentials used to register the service. As of today, PAS 2.3, these credentials are stored within the BOSH credhub instance in Cloud Foundry, however they may be available from Ops Manager UI, PAS > Credentials.
Determine Credhub name
Credhub will have a fairly long string for a name, so its important that we discover what it is. From the Ops Manager VM, run the following command and it should print out the credhub variable names for the username and password.
~$ sudo cat /var/tempest/workspaces/default/deployments/credhub-service-broker*.yml | grep 'name: credhub_broker' -A 2 name: credhub_broker password: "((/opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials.password))" user: "((/opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials.identity))" -- name: credhub_broker domain: run-19.haas-59.pez.pivotal.io org: credhub-service-broker-org
Credhub CLI
Before we can use the Credhub CLI, we need credentials for CredHub. In this instance we will be logging into the Credhub for BOSH, which is on the Bosh director VM.
To start, you'll need to ssh into the Ops Manager. We can run a remote ssh command from there into the Bosh Director VM to extract the username and password for credhub.
~$ ssh [email protected] 'cat /var/vcap/jobs/director/config/director.yml' | jq '.config_server.uaa.client_id,.config_server.uaa.client_secret' Unauthorized use is strictly prohibited. All access and activity is subject to logging and monitoring. [email protected]'s password: "director_to_credhub" "client_secret_password"
Now with the credentials, we can try to connect, again from the Ops Manager vm since it already has the credhub cli installed.
~$ credhub api https://bosh_director_ip:8844 --skip-tls-validation ~$ credhub login --client-name=director_to_credhub --client-secret=client_secret_password Login Successful
Or you can call the username and password inline to avoid having to look them up.
~$ credhub login \ --client-name=`ssh [email protected] 'cat /var/vcap/jobs/director/config/director.yml' | jq '.config_server.uaa.client_id' | sed s'/"//'g` \ --client-secret=`ssh [email protected] 'cat /var/vcap/jobs/director/config/director.yml' | jq '.config_server.uaa.client_secret' | sed s'/"//'g` Unauthorized use is strictly prohibited. All access and activity is subject to logging and monitoring. [email protected]'s password: Unauthorized use is strictly prohibited. All access and activity is subject to logging and monitoring. [email protected]'s password: Login Successful
Now that we are authenticated with credhub, we can search for the desired credentials
~$ credhub find | grep -i credhub - name: /opsmgr/director/credhub-service-broker-fe0bf86cb201f5273057/delete-all/vm_credentials - name: /opsmgr/director/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/vm_credentials - name: /opsmgr/director/credhub-service-broker-fe0bf86cb201f5273057/uaa_client_secret - name: /opsmgr/director/cf-c4ad9789367ebcdd824b/credhub/vm_credentials - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/delete-all/app_credentials - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/delete-all/vm_credentials - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials - name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/vm_credentials - name: /opsmgr/cf-c4ad9789367ebcdd824b/uaa/services_credhub_credentials - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_tls - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_key_encryption_passwords/0/key - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_hsm_provider_partition_password - name: /opsmgr/cf-c4ad9789367ebcdd824b/credhub_hsm_provider_client_certificate - name: /p-bosh/cf-c4ad9789367ebcdd824b/credhub-db-credentials
Since we got the name of the credentials we need earlier, this is pretty easy. remember to remove .identity
or .password
~$ credhub get --name /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials id: a9b9d259-19a1-4577-9f3d-3ed42ae4580c name: /opsmgr/credhub-service-broker-fe0bf86cb201f5273057/deploy-all/app_credentials type: json value: identity: username password: password salt: salt sha512_hashed_password: salted password hash version_created_at: 2018-10-23T11:09:56Z