Comments (5)
Hi @PadmaB
I confirm your expected behavior documented and tested at https://github.com/Orange-OpenSource/autosleep/blob/develop/acceptance/4_application_autobind.robot#L13-L20
Which version of the autosleep service are you using ?
Can you please check the autosleep app logs, especially for failures to connect to the cloudfoundry API as reported in #171
If you try against the latest head on the "develop" branch, the failure should prevent the autosleep at start.
from autosleep.
Hi,
Sorry for the delay on this!
I think I understand what is the issue here, the user [cf.client.username] that is used while provisioning the service is not the SpaceDeveloper where the above raised issue has popped up.
How is this expected to work?
Normally the service is provisioned [deployed] is some 'central org' and then the service access is enabled for all the organizations which would need autosleep functionality. In such a scenario, it is unlikely that the user [cf.client.username] will have SpaceDeveloper role in every org/space where the service is enabled. Also, there could arise security concerns.
Is there any alternative approach to this?
What are your thoughts on this?
Thanks and Kind Regards,
Padma
from autosleep.
Currently, the prerequisite CC API account either:
1- needs to be a space developer for each managed space as documented onto https://github.com/Orange-OpenSource/autosleep/blob/develop/doc/publish.md#prepare-your-manifest in the prereq "a CC API user with cloudcontroller.read and cloudcontroller.write scopes, and role "SpaceDevelopper" on the enrolleable autosleep spaces" part.
2- needs to have cloudcontroller.admin
scope
We are considering future support for an admin to specify a set of spaces to be managed within an organization, or a set of organizations within a CF instance. As part of this feature, it could be envisaged to require the CC API account to have OrgManager role on each of the managed role, and use this to dynamically add itself as space developer on each of the managed space (as the CLI is curently doing when creating a space).
Until then, the recommended usage is to script the autosleep service instance creation in spaces, along with adding space developper membership to the CC API account provided to autosleep app.
With respect to security impact of having an autosleep CC API account be given space developer role on each managed space, I had suggested the related Service Broker User delegation during provisionning which I encourage you to read and comment.
BTW, are you attending the cf summit next week ? Would be great to exchange more together on the use-cases you see for autosleep.
from autosleep.
@gberche-orange
Unfortunately, I am not attending CF Summit but I will interested to know the roadmap for autosleep, especially the autowakeup feature that is under implementation. It is very interesting and will make the autosleep solution more complete.
Thanks for sharing the above details, will go through the details and revert back for further queries/feedback.
Thanks,
Padma
from autosleep.
closing in favor of #201
Please reopen/comment if I missed something
from autosleep.
Related Issues (20)
- NPE returned by the dashboad
- autosleep use of deprecated logging-endpoint, fails fetching app activity, and never stop apps HOT 2
- Failing to create-service when autosleep hosted behind buddy-broker for --shared-scope HOT 4
- Sample manifest uses env vs JAVA_OPTS in demo video HOT 2
- How to delete service instance in forced enrollment mode? HOT 2
- autosleep-app errors when trying to stop app on pivotal.io HOT 4
- Instrumentation and business metrics
- autosleep uses deprecated domain API
- Autosleep service instance not able to bind more than 50 applications in a space HOT 1
- Noticed this issue on orgs that don't even have autosleep enabled HOT 5
- Autosleep App will not start with Pivotal Cloud Foundry 1.11 HOT 3
- Autosleep and healthcheck endpoints HOT 1
- Autosleep App will not start HOT 6
- Evaluate deploying autosleep with “Shared service instance” support enabled
- Syntax Error in CRATE TABLE Statement when deploying with PostgreSQL HOT 2
- SQL syntax error when unbinding app due to app deletion HOT 1
- Migrate to CC API V3
- Autosleep breaking when registering as broker with pcf java buildpack v4.19.1 HOT 1
- Can this app be used without implementing it as a service broker? HOT 5
- Migrate to firehose v2 API
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autosleep.