From d1fe01ffa934af2af1fc2cc664e1b7da1c78bc5f Mon Sep 17 00:00:00 2001 From: Andrew Burnes Date: Mon, 20 May 2024 14:17:47 -0700 Subject: [PATCH 01/36] pages: Edit UAA Client name for Pages envs --- bosh/opsfiles/pages-clients-dev.yml | 2 +- bosh/opsfiles/pages-clients-production.yml | 2 +- bosh/opsfiles/pages-clients-staging.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bosh/opsfiles/pages-clients-dev.yml b/bosh/opsfiles/pages-clients-dev.yml index 063c19c5..6ba30c03 100644 --- a/bosh/opsfiles/pages-clients-dev.yml +++ b/bosh/opsfiles/pages-clients-dev.yml @@ -14,7 +14,7 @@ authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 refresh-token-validity: 259200 - name: Pages - Dev + name: Pages autoapprove: true show-on-homepage: true app-icon: 'iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAYAAAA5ZDbSAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEgAAAABAAAASAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAeKADAAQAAAABAAAAeAAAAAD72DjtAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAuo0lEQVR4Ae2dCZxcVZ3v771V1Z0EwiLpJGSCKEYEAzMKiohJaMEN1xGNo844Cllww3kuozOMPopRx4VxRRA6CaLMjE8iDupzXJ5okY4savT5FHEQ2QyBpCMEAkm6q+697/v7n3urblVXpau7q7ob8Xxqucu5Z/ud/3L+53/O9b1HcygWA6/kBd7ubb4399bYK/VHnlfkO0ZYuTLnbdwYjhFrord978S1eW/LQDlNYFH/2nkjYfgsP/ZO9n3/+NiLn+B5/iLuH8I3z/E+34uHYs/b6vnebZz/LIqjG/6QO+JnXqlYsXSsriXqW3LndnHsH3/sKDMmhu+tXBl4Q0spc4lPi4oC3p/dP/uQMJwzNworB8W54KCgEs+KYq8QBHFPlItvHiptoBFpSs+jTTsY+ov5KiAc94Vb/xLg3hD7/ql+UDjY9wMyJMs44kM/5N8F3/ODgBIlX12MyopzB6X8JtG+tHPz+i0Wt78/7/XTkYttdGQemOkAO1BvPzTIUoRVFCDn3XvIk3KBdwzN9dQ49pZCIUd6vr+QlusjzgEcF3w/l9TSVTWORADx+4c2rf8w1E6LttdQlmfLn9j3+i/IGbhQWt+197yNPN7p53ueqEfiEGKOY3EMIaqC8I2FpisUJ4qWfJM4cc4P8r4XQOA8D0V/nxgfBugS8Ty4RGFUm9iN+p80g/qr030mFjoaVH/BirXHRXHcT1usoIhP43uUnysEjjI4E0WIOkCbH13ga41qB8mFfFCYDYHsXTk0uP6rUANU14Ib6OmxQobd961Y/WKy/EyQ712ijhTDQtzjsXrZeNtaxB7TFdQxcqqn6hNXKl+L4+jcnT+6fJvnOIbup/UbVVq6x4wJUEEx5/XdHCfyMVQF5oX3PMf34zOpwguB7ilQBQWmPlGoBoQ6KhWqrQrSgGpDqMkO9K9DZHQmcGWExlciZ/H9qtfX17JxMo81PxQVbTRZ6/ctXz3gBz2rKZAXVYYlf5Vv0r5WjjQNUajybJavIuo5/cO37V/n0H9ZnQWe1HumVxl+0bxlq1fvLBW/7OK25kR1ORN5OsIopWTh8nOeGsbhG6jea2BTR/lBDjCNIlQ+RxUxDeEaYH91aNaII36upzcKy9fsHFz3yglTcMIi+/rftNAL898NCrP+PCrvMxAoIxSbDeqAvihNEOVVH5O3hl8SL+U+dFpC2kFSsJNI9lcWzNSBlhj51I7Bde+yq1LCmsjl/TVONtHuHGeVEnKYt2zNS/0gfgdE+PwASk1AVY0hXhqtNaBZqhCojgLE4BqfoXGDXAGxNvLSnYMD35oQwEtX9ng3bxzp61+1xAv962GffVDYMPn28s0GlQXQASRfsOtxZeQRzm9D+boTHrPTj/xK5EdzuHY4hT6KSEfB4iFZqlwpR5RfadR3mJj28L2ITpWnU30FUfNaS7yJTjE9AJvc6weUooDx5i9f/Tdg8V4/lz9e2MThiC6nvbi+co61pYAqHsBLDDuqUIXUIvQOMTbxNvvnohpFneUBMD+fnn8pPb5pr9fjLUMCLp3xaDrjjyHIg+HJI+Qptp8Noua8D1iw1BGKcg1K8leiOLiBjnVvNmL1mA6/MLzr6NDPP9+P49d7ufxJrj2MPYua9U0DqkZczvXM7smAnOJpTaCI6YX0oS7/02dPPKc6Ruw7de1KP4rO9/I9Sz2GDVCsAFDhGnSDKovTvQJsm6o63K0zxPEQNbkLLfq3xLwLdeZuuMB9QT5+oBIGD8V+tDfwKpUgCsLZ+WjbnaUr9pENdeeJ8YRR4OYORg9QR3TkWUurTGctSEegNp8rxP6F2zYP3F27zZGUMxvy6WrJazb0WbBi9WlR7F+A3rEMyidebJ1GT6QBkEcEclweduy6gStOHcCZjOf1n/0MPwz+lYKfmgDbilod4Ca3aEOQiyvDQubXAPqjOIpv8vLBz8K9s26//6aLHkorPeZ/pixjxk0jtAeuOgwE2JuPw+H/S/d5447B9f/PklCeCiU4iVdUvGady4erMPLdlvO2LKLujsPNW75mDTW/mI5Np6k0diilUyHPQlQefj3DqC9nh1BTAXBViVpyxrm9Dz6890LY6blSMlLNkAJm2bA1EtUP/Hwe3puTVroPbAcB+BqI/FqGCP/NM43BaeFm1VrkGk8aeWPYuDHL3hvvNj8fL7iV4S8gF8+2xKSMvQywmihAzTPLXFWnSEYVJhL8+DvI+yfSbvUgS/wEatB4D8aRJ9sQKhE/3QU4M0acv2LtC1Ac1geF3iOQGTS8aZVZViwwxIJQSBBnGgLF4U/p6P8WBv7V95fWb81UHZZG5QXmUQ9EDKvGD1pdYvs5GQe4KEd5NNuPbB9cd56lOBFO0aQoSynDzabUvfVALxyRUnf8KJDRWUTFsPKrhwbXvTpVHrsHcMbSMn/F6n/1gsK7TfGJQikkklnZvKsKCSxYYG30csHnhkoDm6v1TY0fjhrUGfTtbmgbXAROoUfgfmj7pnUfMPm6cSnlcyy2I4VMy/Kcs+cGQfBLLFxHJjpLlvuFyP5cFIb9DAGvE8jZRu5IOSyRBNzH9a9enAu9r6POnwDVSp4q1BVIF6DYHD1PdpvL0aY/vnPzult1HQydUjZRFucSmdhv2qBVbbmpQqVOBrhGuRlwu8RRkjJh0Tse06WT7RoqSDlxoQJ159H7vr9zcP3zNUpIb0ysEUY/VZW3C5avOp1xyTVkCFspi2qzwwg1TEVKg+g4DsOrKeZ5VWAzsmd0FlNwZTzgii2HWcrtErhJtavsesWa9wW5no8mVrNUi6ddhXfORxY/QxMUnQTYaYAoE/OXr3kzw5jPa7AOW65XCOjxlDWAqn2o+pY4CN6287qBH1r5RflOpqbUPgVoNmTRNrjN2HJ3wU1KKswEJObRNbeisGL3DtVeKWd0sjgc/iwTKn/XIYAxGCSqf9+KNR/EjPZ+DWfIVPI0zZhDFAGp+gBPF/sgQ4j/qYumMNVs0HZpWn7aBncK2XKzhkhE4LxTV68Ngt7LaOva+BiN2s/lAkC/fSi3+ClZy0izpMa+JnU8AReL1CVokgJXGQrgFFwdu54VVW4PIu/kOnA1qd29Cfix66AY4wHXacvdl7mtSm5jZMm4ylVYye5nyKnRiIhJqiu0U2EKOjjqsPiep08O4JqpL2Y2ZZ1fmPUW2K5YsoBN05YdOYYlF7A6bXz8nuCY7ZsHbrIGVXEE7nSHtsEVW55amdu8adDO0VN2la7YhVL6PTRnRUvFGlyZISj2dsj4FLvTPJExrmrYUixaooB7BQC+MQE3FfhJpkj8fF7zr+cNDW74yJCuOhZjBucxcun+7bbBFVtuHApNicxt3gayASj48ff5SSYbqlHFMQn+CSmVufN2f0W5CUtF5l7VAtwK2jsTARjZospfCVwbH3o8m/FXajfLrsQbD7jTzZYbG0DKKCGOg59j9NChiDUFVo2usydNAGAASsxuyNxrkLkrw/I+UWOWcgEXuYApCmN4/9CmdVcZSzaLUwcH/6rWREPb4M4UttxQUTOkIAvDYCtg7oaQEu2aeKAugLmweLwA80zRegnWqX9H5r4iHNk7wsXsGDcBN2L2xlsmi8rSlW7+VFk3FHN6TtsGd4ax5brWcjjM7tmnSZZdcluqtq4pWlJ9vL7xASyXGpJB5n7Wz896vSiXjpMFN3SUG0VBHCzb/qP1N9rAfOPGmSFv1UDjAXemsWWVvyHc2feI+LNrXxhzchuas8NZ7QMsxQiNt2/5qrfDls+VQkUqNbasGQ1MKEoYq9Tp0pRTq0tDmabvtG1wZyhbbtZyck705NQ3OoBPpT2Ak4G1zI/4914UVTQbFEuok4YCkPoMvXK4w3jeK+Ta+egFdyazZdfa7tcR6yFzRw4AhgPRdXQ5wQNi0+whrHtsgDUcQuuVdz5PbTTzo+eLWtPElC6T3LN8bMrvYDblG2KDmt5yBZkBv21TLuA+CtiytWjxAmv/fKUwn/PHmdZcAzg2R3rPu2dsgBNtrRJG/4tZn0Mxkwi4KksglxGGSXgw7LuEeciLNACXQ9oMgNUVoW1wH0VsWTUriVkChB8fi2lYxzIYpUQHRxUF+3ftH2CxZuY05y1f+0405tOZ72ycFSpjMZHT1/VDmzbgzU8oOeOHHU/3T9vgPlrYcqZBE0MHGs8KN0JyWlUSg3lWFkV48S9bA5yw5r4Vb3oyHpoXAqLUp3qlCoHMIHs3evSZlrCekZY1E8J4wH20sOVau/qpsQgqPcOc+2qmYcUKJEpB+cbWAC+VRwI0H+c/rwl5DlHHM3LXx6MXWwY95awd167fnhgyUnuoHp2+0Da4jzK2nLZof7+JyHmnrn0uduhjWd0hq1YqNlGV/ByEt6un0HtTc4DFmrFWYYZ8DS6tp+NtobFWjXptZqgHuTvyRfyLrzbb8kyRu22D22m2jIXPXHFTFLr532+J43L8LslaqEwAp4HpQvOjuO6eay/+QzOAjfw1zOGJj8n5jVCLp/GuWHNleCg8cPY7LNVk+sqOp/NnPOB2ii3Lid+Um6JGFrEpmXbepYYQ8WGPkM801PtSiE8ANZk08q9UCWrApeXR4mXC0GEHn8uQ4Qnwd1FvSv7WWzQ9Ffjx/7j/2/giJ4pY+vi0/bcNbgfZcm1lYrxw+Vl9i5/9ztlqfNpA4i3VaDvXJJrk0UQN/zjEXyrzQ0MI8fDIA/rtOxbuukb3GgE26p2H5x6P/j0rMhSnBq7mmHHqIoFN2zdt+A9llAp7RZy20Da4HWTLRkmlyoJla57HstGfMwF763B+9+24K30yYdWdBtn3br7ZOs38a7d+Cb3oyaOIj0l/Nzccf8pm+yhjPcAJ9WKReivUu4DBs6g3jaMCo3lTFS/+ewOzVErvTRu202JbVoeCkphwOTPO5f4PEutpKDaH8F0Y9B7wzvnL137CGsTZ7jvRNm4hPFO0rHL4mJfv/evEayarF4l6Wd2w77c43V9smW4ZqDNVGvWeCOosfHoLmpkYTT315ntQv+ON9w1u+LHJmsksnO5Etdum3A6y5SRPgYvp/WrmurVCg/0W4JdxXAlZPMjB6xY/e2XKrifLqqvgMsnz4Vy+5711PljVdkT+S+EKgr/L6ALaRiAJSW/7/QHR6+ghRxr5a6zsgqgXrZmlqXH8IbvUbFlIEnlK/toGt4NseRS4poDqR5QEkFWj/6yo91BsxArFyQBcBy7uQufhJisZnyU8ZTJsrkRReWDounXfdsTnXKFSAGX6MlWbfniOs2tmxry2oKpHk1FX22IqmSOn00luPOB2SltuDW6msX35eqvB79hWGtjJP+BKu55QGA1uuQputdNAeW5Be3nvL3ZsWn+O5VQ633qejh3AZoFi3Nu/RrLkFCiV56q9EY5DPA2XgvgzlsB0Um/b4HaTLRtmasQMuHJ68wsiDpYTvMfaKTFI2PH4ftoClyTLKM092CN2+D3+Cy0Lw7K2LNYBbHOKFC+M3oC3vOJlDdcRq9PlZ3vD0HXrB+mRVX8sS3Aqf9oGt9tsGU1zNLjsikNzhtGZ2zet/0G6+GsCzdM2uHALTMWVXXTlU8yaKM2+gbM6gJOxFTO6L5fS0KBcJXOL8eVW2BNZuzodYTzgdo0tt6TcKrg7Nq/7T7MNTEwBHR+4UWUXit5JO64f+F3iqapRT10InKcjzjulbadgwlzCnC6AVpWr1Gr1wKyK9zV7cstlou6pDW2D2222vH/KNXBVVhHM+MOEwB3adNlvbajYIs9k5ziINoxebptuuX0s0uLZwBmJ/p2tN2y439iOzHFTGdoGd3rZchXcidnkJwfufvJk70M3fwuIp8mIQXBsOwVR5rDA3+hO+9OrU/M/HnCnmy0nZZ1Aw3QNXJXF1O0Fy84+irk/bYuAji9ENUTin0UJeHDcPxwXljy4+fMPJPGnhoLbBldsuSdfv/h6gisOkjxrRgzJ3DbZ8n6oiERaha6Cq0yNWkMveBa2TQ3gkK/p+Bc/KyYVQPNGA3cqJ/PbBvdPbLlVz0mvG8BYuE5OiDlLnaJk4f09i1zd8id9tEv/4wG3a2zZRNV+h0IzVeY2opLK22c661VV/gIubrHMNeTYt9gemgrjRtvgdltbltFilBGjfiiUlLWxQds47zpbzpYhOPR5aw+GD2vqSddNJvNv8he/nu2VKL7FHki8K+24Gz9tg/sntjye5g8Kw9GRsOF5CQUnAMvfCntG7N3Cnku7bd534jbVscszHnD/xJbHbs9MjABefLR8eAgi4QRgadBwbz/+tcXVzmvdCjKvoYHW9n5stZtNN9myca8/GrachQq7eHyUfGgJZofL3vRj9mPqZpDLCxaYscHtNltuJnPxKU9sy1Xz4wwdCu0Pojz258c3iYDnhuF9h93TCy86HeTuUyxWDj9l1ZEVP75Ru7ZiB5eJL+uloHw7t5wkEQW1cW4TyrVtAQPAxW+lMvKaoc0b/lO+VlsXbx3xjjK/71pLJK7FXrF2yR2dT7khGu07KTcbJgA0WW/zuU2m/HjGbU6T2Jar5seJdai6wuRZM3aEhC0hYc92Ir9adkKK77HYk9kVvS67zEniXxTm/U8F+VmH4mrSuN+yCsWeyB3aZKwdcM24g2yK471s7PkS9I8fqsRbb/jU3kzJa4cbEwNf7UpyVHT/xaI17HSBq0Lkmew9DC8NDoWvlQf5i7Ejjh/mtRBDiuSZBt2qMhZjwj/kyHDMKKlRzsf4heW6Y6FqQrlWA3Pm1+6n18RBTvt9vYqRxCOBF1RCn7lXvvYPqwm8XKVCRN7kUs55BdwTK5Wc11PJhXvDfCUId+d64geft+DBvmu3fnAKKNfHi8O9DmFoyBFqMpvFXobxoeq4gOtuGNYG9m4/d8jDDjnXEyeMYrMHzXCyUd3qXlPo6uPYnoteOPxR5laTvR87ZX5sBa4VgGE/zg5+7nW5XOF1Wv5hLUHHlzYqAlAvJAJvQZEXBIch7udeJeQ6kXk7kheEcKWwxyuX+36wlVV+uQVwJ57W2mlLTgkpdIotuyI6d12Xsn6dCIwkgw+rGyKBuCNgb/f27x3YnDXVkunWkRwM1JyXWwauM1gTjyvDtthyY4riXuwEWRlWT1DjuSBU7UyEYAf60TenHuEu6Up6OXnMpl8bLnYaXLKav2zNW9n4/BUUcm/k+5fvLBa/odIgb/zZ6og60Y8LVkjAnbA/UZrQmP+IiJbzyzgqzrUEJmJFmxC41eKqAWSbF9W5r5sj19gxbSc1WvLltVt0CjghK770te3rIzY7T+fW02d4pGOUq13jzRLJZjif92fNuZhlpC/wcj2vyOV7v46v9ttUPg2T9AYIZVwrhI78OJ20rl1XrI4HPwXYClFLnr4YOlW+dq3No8mB204m1kJETP4FugGvBq99a44TaZqdYsuOBaOdH75i9bG4yr45Gn6EF9WUy/hnDduChdgrLjpx7RyUrLphSVIQwzRt+LRwXflHwetsPu2Bq84kFtzQqVpW0Rqkdlenic7iLorKxwqdA1c5lawjRWU/XhKYeIeDOCzFTRTjkEqvd7jYkNanzOKrCElFrN661/WAD2Kd9/2kMmwHXFs8hwsDJs8G1FztqbrVvlqQ+rOE21Xv6kBDyjFCZ8HNZBbEeHJWpYZuqLxiImyW1TMSAmI8giieVVdwxdGDLuhsVFsk9yb9hz5qau2kE2oHXM13BzguS0aGwx9EOXoYdWoOb9hC2Yx7cEYqcK1AZXlRit+D5OI45gVOcLmAr93nVTmOUuR+mqdtVf5n8m1FxYCb08s0zEGuk0YMtRnafA9ytj7oPGaA6eUrAOzv4XuQEOdyEpVDPz7AbU3ftdewWqGQtBVXnvoyjuusXXDllY4yhJ3qhdtL674/rjxaRMYqVgTAkxucFdPYXaNce1+Fy+XABDbhRzCfOTXpSE8YDqs3/gEKXojy5yLQhW1Lnsib2zfUNxtLB2PhDPaWSAd+kj0mUDkxEEwitAduQkXhXgyQ/feV1v9Yb4C5be9hYaahXCHmLkoaKi1TyR2k1jwZEnYfbeu42JD7X2D1/8hGq7RaHZ/UM90D15XIftnh7jDlXF9oI5m98ezKHilZbIOnC0Kejw7d/9y4vA/KFsAX2BO60+kgCp5wmu2CmyvoXXb305uX3btpwy22h9e3L5JpdLzBTdaXBtgQTrblHsDV+wq7ZsQYs3wQ5ry6SIJQY6PYe3D79560V5tssKF0HX66qx45J/ALfTy8zVspg3ldMh07IbOJAdweuFjEDNy7MC4t37bpC78X5d787cPK3spEZmZdkdItelW7LCVrHK54+p/GiYO6Rk/Kx0hssXHchDTBE+ykZIV/kB1DStbva2RrSQht1prmsdCU/4zjX7hXsHUJ4Th5K6dl3eZPO+Ams0JouEyFBf3bNq3X+wL921LKrVanejBG5i7edE4c1BWwlE7vxo9PFGTjvcQRcepP9cVaEwV3i8FA2dmAtQtre+wdzcX/GiWnsjEneYypZXwUnIK7/OxXwRm/mrgaSZOtF+XwfquV7x2M6++17LEphVI7s+7jBla6WMrlI/CqPWjIj9Bc/Os8ekT/7JS7h5HEI6Syh1ce8nLJ4D7Mfm8Mcr3vY6YpzS9tVLVCIue7oy0rg0wg32IkbvTQw3sX27gXWFVjAgN0Dnz/Tp3kqdwdjIx1LLquBl2hQk+tXujaQZVFZxureW4puG7xdWtw3dOJqAkW+LmA3QoknJRFko0d68ydmxRNcnWtYb80lyYaaAkRBg4A2KhlRVBbZcs7JQpVUjxnokRUPPTg8GJm/BbZSDOtCJFUcjabvFXx834U/DesWMeiALvHPzVCv/X943TDs/VIA3bY6R9kSHsULNeeLQMjmsKjpccCNy0mILMneci4tz4k6FUvCv5syIJnUg0dlL04LZ16TjFF2nK2cF4yJUiJcLfKa2G+OIojUE14sYAQA5K5WwXDHiw6jvXmDqWR1hOuxjOxd8ziZ696HP2B68U6Cq/LcCIniZIQMYAc6/HFWz23J4bADdoGN0nWSFWgZL+wa7hX7SujTvabvaeZIupeTYeo1TC1lFvNtt+O4iB6pm0ErqlKx1HsJZVg9wh8+neKFGjVAuj9LtmdtAqwrD2I4UOHe/yllpo06S4ER8FpttkMate23rBxr7nZtAZXkdVRNMcI67EKq9LJVwRqRKp42S+nEw7TBC7lTWbXAPfkRLym2MB06cexd0f6EuqUbH/qhnLWIKqxHpAmrcgrdMFLFonbcQd/4H8tWXRUcBMhtuOebXhixK6fLJu03gurwo+KLy+Fsm/AP29xNMHJGiv++UKFNug3akwbRbVJOkAjp25Z0ekDV9ggf7XVFXbKE2yznJQ9qx72JnTvJ1ZynBoNYKp+Y5OqwLmZzoy959q95C0fTeJN6hKauqFWn4g0fYqWy23rW7bqRQD3lRbaMq8QSGRLWP4F9t5b+P6WuLejeNwNE9oGJ9qhBXQQ8IN8H+aL9hzLyEHHEqDgDOj0fFKy+YeWHS4pI+B2z7Zc3w5NztJtIfL5Z/C6Im11pfYzHPkXd+Invl7/srjZjSiMboptF3ejGItENNxX2CLI805mO+HD3dYAHZbDlKE5BQd+FFZGgkrlLTT+/24JLmxH+EKWr+a1PU8bOn3xcUOnH3HMEC/fmpOrPCWYPXw0IC8ZyVWeVMgFS3CjenJUyB/NxgdPwcv6GKyzx+Yi7zia5+lMpj4r1N7Lnv8D41yO5Vs7ZX4Syg27MnGQyaf1ocykBLbbeIGxYyeG0vjaYhLlIu8AhiilTHh6ozYD+F9RseMBVSwPFggbY66WVYcH+GH5NK79u9dPU1QH2Hpy8sFkcNKlaqmJgn1manL/hApMFcwzIsuWuQi4Wb9lrX5MXtRFOtGdaLe19LDHZk9aHOMF8Q+wuBfU2qAuYoYtV07ixY9uZX0HXFvrctn/idnAkygvTTp+Sr3OOBVXfnXfpstMgxZRBnjjGcg8VDL+Xd8jXFpxvNIOJuI6k5Sm1Z+fc5uCiJYbgvyy6GywUdNiq3fFkurBbbL5CHGUYMNXk/TiQslXjvcaWxMWrFj10SA/+yPkqe7WWJgGcK+YDnCrLjrI32fQuY8zB8Eae0aDNhr4geqT4gq4JTuH032TMeO5nKQ9gkPYtJvMfr7Y9M6NA5i/rHFE5R0JbKoZmsojA8zoQFkylxPzoygX5WLl0Ob1OKWvxCn9gdFO6aPT4spralc1ltQMUWnjiMyPbP6GhWqv5LLjXrWYGXBz00W5rjRO0cVx0/8rLTeKKyKORKxq/Au3o8G+7iKX7C/vlUqiCO+gObM3Pfjw3t+jQBxRm9s0Nl3GP3kO5jlR8Wc97bKzpaptWyKT+cF+YPmPnYYoWchqFF95ydDg5bZuWUOosZ9tHWO0bdl1t+SJDLjTxpbTwht7fkL/m2Y9EvqvVTOgIDlvTrQqjRyYMbtz+57coD2Q4Cr2bHsc3/bt4jCul//FRiznoIGq0VNKZn9KTn3/bK59FmuSeo3IapTk5No4QsnFxbOuftTTKgm6QsAmxmH00Uou+PVhy1edxEhoBPmcIfFWz9ZfjxnhU4Xd/J7NvmD7sS2jjpknhsCdJracFl2O7fg+PxIVXs6+ZYtZVsMb5jwnXuVVEuSF0zdshx9n9TMdxEVIZasfXQl1nEOaYuapLApgh3JE/wttnbt9M54QtX2S0+wn/s/0uY1WJGn3D5XJZOjrvfk4937MdIm2YHJnXPkLXgUxBDhTG66t06JQuUKmv/1wzZJO4rdbe9VojIZgsT6ilM5/pUXXkHaLHSVUai+N9Pwdgxt+xLDiF2jTaoJUzjpqpVWigC3kFVLvBjuZ2M+S2ccbMlEYHE9LiyeoQ40VWGCArxQvQIZVT/qrjku+qmu2a2XYsmRusg/V1GrL9e0ggipqq8m1yxhcLI8rZSmfjjgZMOEPTfmjGxkN/ZTrZghJE0j6Mo2b7BXNjQ3IYd1PAdYxm4AP82TujMNOXfNMGxO7TVl0b/wBzVXzspo4gIouSxS5tCxjpGeMRYB04ttI/jMPXLVGSlBh9I/Y4lXzDDamm9DfPTcb1H9BXZ1qjZrsYFfp9b/ElNhOqErG90xCeqt0Xu9r+YDynHDITvlhW6bH6aN8slQ04eQn8eDMBFfUy3h2/vJVz4Gzvjguj6itHPXSbmZVqwz//uC5s//D6t7w3qoawDJKIpwf+P7AgzT5F9jnUvGzGm5eiWN8eFnfsrXLjIprY2hLe8yfLLipbVkaXP041+Ur0B3wKkPyNecAKXn7+0q5aOebTWMYHaNrrq2q0IRDQr2Ipg/J9lRHvShXbncG//PmqSLlyiimllvCx5ML6dtToujTKB9vI7U5EDF4J0MHsQZpJn754zxxCkI/Q+G1RJseNQPXAVfHUsiLPZdhFWkwuk6J2yqY3kn+03vutP6sPqqY++hA00EaOM/dF8f+qTsHZ4DMTQtpBpyBMvb4lVgU+01zTqlX3FVvvynv2zm3N7hkSM+k+KXP8z+6PRIVG/l4oV/oeQ9AixqMnJPnMF+yKDscfiMbUH+p1S6nmTyq7+ytraxXv9DYy7T1alQKM8Ir9HoQERsZ/FyYD72DMbUwNOKXcQDv6dNKPjmpMyvg0wk4j2I8Q320Qv7pGRA9x8TRefW65tAwfeoamyPznBzWc0gvV68g/mU5mPvFXaVP72qrPtUSd/VA2MR6xcLdc+JboasnYGXLtlmZd0byjoa952GH/0irco8GOLFU6TUxCN3f0b3nopYLEcfOxTY1DRdHO8sY73eVrsDMW+ResTk1t0m5UNdILgGXV8JnTE5dbcT6xKU4Iu/qL07TWZXQVn2CTv+uOkKrYXBvYU+wZNuWAc2QgaXGjvWhxgqr1wGKxO8bHBiav2LNP8MaLozZV4IneyyK5CVGUKh4XqHifZprb2pp3WoTXFEuvdEotwquKqjxXNattVrGhoOsu2vDrTr318Z76bmel5K5sV2rWvpgl/4TcBcsW/ssnBIB1xaQ17Byspe9BYb/ycC1+L4ZNhpL1ISCLYquqzf4mPJ+g4hi2o0xYz1L5R1K7G8Zl8/ccV2yCXZ2z+JR4I7NlqvgziRKsuaYyp+EG9IGffcdrLZf0tD27t1VYfknvD7npFaUm5Y4o0Wnl+w/fUUbLiDBuamO1RADyxLzxVF8udi5mcjSsfEocNU3RstcseVU5v4J3KR1kx31++49+DK4pMAVZaaKKE3GZAhz/MwsvN2e6H9uei9JoP6vFcBMMhUrmnLasWngexgiGDb14vdiS01dCimrzvUcQnaMZwlYxOSrq43NagqVibRG6pd2N1rmFum9M0UGulpO7a8IAy6Ii9LZKLirGl9+BbooVrNpuugT9u4qseYxXh0gVryf4NhFX/9bD/TCETS53OENmpwB5Rd6e1DXP4mp891KbL6c0oMCrq1/Ysv7adz6W4ncnbds9Ym4j/3U2ZtRaFPllrE/7JpRQPjboYW7jnWE0FyxyiY8BsBETTJeyLtqMZv8IK7g8eGmBbLPVqBw/HNH/gbJvRNfqu8kzmCjKFdseZS2/JiWubSxDEZwzL7+Ny30w/wvmbif10BINBsB5BkqnnTfdet+kj5j1/fzs1/+bc/du8W06odvGPjdnMc/rYC2e2qEXADdzLOMTG3aLn4FMuINKgrfUeBycbS2LLZ8ySXNh1j7KfgfzS2bmbuisnTlyp49uw+43ssVjkzkblVrpt005oV6K/+wY9O6q4zobviELHFjhgxI+4l77xZ6UDHYc9cnr52z+C9OCfI9R+MVN8ITyfOydGE2oIvxFbgCrC5tgdtUoXrMg1syoPx5pwzyMu4TmPZTu7ohKQdqN7xNerzKvm+gNb+dWaXA+/InRDxthdZKVv3j7NniLhQO8V/J5gB3M/GgQmTGXgasWIm+dem2BPexrFAZW3bgsg3StV6u99m06wiNVwXX2ldvNqsM33HQgXMmZPwRtbUfEllhu8P68S8gWPb2ML+gKjsZnZhfEXuJynuuxqT2aruvXsj85ui4j5EriV4jamSrwx8yHFrhVYYbwWUShnnbONqHA+mf27x00v7jaaXxAayUk8Jp8hlGPGgEaz499Sw5KYRmO3DcG7kCcM8y9lLUnccwuImNQCsTsC8L3BOxvY8ARI1yZYpkGCp88Rju3zm47rq03ZN2bfuvjpW29ZSsVRRyqDSwmVmAVybO15K3zeWCRLPnH+jABdjpejVeW5XraiQ/fZl1X/+qJZjzf4Ul8ERRbh24NkukJUYFuca93sBNxscTKd34KTjNJaVkm8oqXNVqWER03ms0KxeN7PsNKx3PuK906Z2uNy6iQzxGKNmGgUvp6bjdnLrmDGZgr2ZMOzvRlrMzdSa2sP+zLH54zfbBDesnSrkpTBMHWCmkIK9Y8xq6XLJ+aLRJkphlm1APK8MMof96x+C6q60AE5Ap9tyj6SeVt5R53vLVH2Cq+58Z42rQIe05q7tUwcXn6h1Dg+suStt3MtWdHMDKOanAghVrXs7869fFkFsoXrh5MicbUKewfOmO3OJzzRxqz/8RUnNql2ekgLxdBEu+Enl7WrJDgJopO4yUeGP3PfZiC0fezrKYi9N2VXNOJkweYOWeKA4LVqw+jZUK30V5yCNAGrVCxVQvjdkgmwUrw7exM8KanaX1Jd1IKqRebX3Erj0qfxgh2OIA9wbSvhVr30iH/xzgHYhHhoaVotpsu1NnOj5OLCy4W4vMXdeulaqd5slm1E781nESkBc+Z83SMBdfiwKxoMm4zp4n0xHMcT2yiWD63NDT2/u+e669mG1/CI4jPBqB9im7vWRE1UiGkp+Fal8IVYolC9ysvFU0HP1YimrLdKNXYsu/plOUq8QVOgewUktAXtS/dl4ljL6F5eokJqvT6a5Gjd20bhogx9LVh3jDywU7Dt/1meps0qOGdddT7OPOOPeg/MP7PoDL0Lvlrwy4TevP3lYjWAR5PXt5F5u8vGj75oGb0vZTU3YqdBZglSqRyTpkyvAyLDRr99ODFa0MJRdE0LDtO5DjH9m5cNfldUDLs8M5588U9u17thC7302rUgmbcYtGtOrgPbxk5DDqoro1KlISQBrj8rIRGX/2/cQf8V6246b127Ptpgc7FToPsEqWmR0C5L+lUuswovfIzkrPhk2ZWTNbB8lm1rcy+EN8yzSHX9BFvXHPFXe719q6uOo8Dmyj/mwCU3KsemmFX8ZzxRSoXLCWnvdmZtQW2Pw8Lk2Up1HWqoh05qBg8rYycunOwfVvsXJniMLOO/jTHYBdAenlRVswhfL1RJSvf0O5OgXnMe42lUd6SsCZM3cC9C6WnH2F9f6X2wS3YqRBQyyFfiiiWBRld5q63b6UqU9Yw0svmLftZ2rlLHJ9NfWakwFW2nEzcRQjjlghMvIQL2U+C4/Ur6n4WWKw8w7/dBNgV9RM72T14ruYWPwoGiVbDbA6zukA2eGCe8axMdli6e0QvLkGRdi+PTxHom8Nbdrw81HtoGk3bW+g7Zm0mE4vrSqeD+hjVbHoe0VS03ucBKYc8JpxCezG80r3nuCHWO88/y9REp+qBdcZ8dMEWDytcSI3hdLF/VpQyb9l+/WX7kg0ZXXoTnfMuqYZq/Z1kSd8Yiz7KtiwHxs1e95nwO5lqhsWMLEz9fjRQIMm19UI7J6TD2QWjVhFx+4wv+bZ61BUfsiK0p9u37TuTqVNvLFCWt824jIRsOLeJ5H9CRTzeaR/KpLlyZIiMlRQbslSyqZFYKNEjtKnA6NbIJmQx/dgvXonb1HbaAXMdPqxCjzZ+2mFJ5tOe89nKtb3HEx2gfcxqPl4R6G2lUAroNVgApsvTusQtqjHOogbW97B8S+hll+zDuMWQL/Lj/L37fO8B/rm5vdUNyBtKOUTWExd3hMdUM7POiQuRIvQZo/gVSlPpascR4bHAuwSfKMoE81kXETew7Z8pkU5bU5cnKkAOwZiZoji+OMH5MMP31m6Yp+xY+MsRdVlSsLUAqwqaapQ7DCZC+5bsQpDgH8eDXK0HC+hjJRtCcFW5VMcNZIa3+3XAeBs3IISCwaiMKwGPKzNR7Wh+cNo55hJPd56RZo+AMQsQ/XstT0HckkzO3l1moY0VAQAI1G3ml7ANguuPLXRABv2+OvZq/lftm0euNsemCazbKsGbFaJzl6rqzDscPndfwte70DmPl0cD3ss+Zky1oJaqsVR44OfAQ5+1in0jDZBM8DsktU0rS7RFFMPqkNo4UYyfLGLeoC1MvzqgfQhPZAN6mAClmk924BNi8l3k+GVXhB9aqi04TaLbFwLp/r2REg2/Y4ctyp8RxJvI5E664/i28ZnfsAuA/GLoWpejGFUrVsgLlmHgdMoV5f2F4xdCnoHV7Oo6hauBfQ7VlsoJYHKl3LIri4FUOWLwt9w8EUUqMtNgVJeAvZl2NiLRT0zbWGsSk1VwVKgJb+Mtg4/jdfOVoLXcvoqWPgzsfpAbawoRRZykLJolV+AtwPQeOqiMqTfFKCCTZRI9qsclfJ2cv5uEPlX2rYWaeriTP10gmkGNi3OTAG4Vh6Nnb0SH+evpBsL+t98XBSFL0F7fgGtfhKUcyAyk3am7Y2CDAOBnoJCvVQ1+Q1XwU/rqjgKSVxp33YpuW5cAmGM0k4eiHgXmZfU0LFYSuJtwoH0m2yEUhoqXYJ8T4Kx4pk3K5ZWOi3mzPmXMvZNbdlUL7/mn756QTQSPMP3o2cDzclAeAz4HA7oQsRBpV+TrZKxAj85t9pRZau1uKwA1LkuOG4tnm7OC3GkzfHu4LuFWzfyGtmbtpc2/MqSSH/M2FJSZ0w7V3pnxvxbVWdMaVoVpGoiHE0hejv3vtzDRyAanwIQS4DpifyzzX3cR+Ueh5g9lGTRlO3tbiJHXgTmyZy2D033D8D5AMcPEHcrx3djmriT81t7e3vvrM5wcaEaDFTO3FYJCdVX7864g/8PiLAyhWn6+O8AAAAASUVORK5CYII=' diff --git a/bosh/opsfiles/pages-clients-production.yml b/bosh/opsfiles/pages-clients-production.yml index 75a04e79..ff59e210 100644 --- a/bosh/opsfiles/pages-clients-production.yml +++ b/bosh/opsfiles/pages-clients-production.yml @@ -14,7 +14,7 @@ authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 refresh-token-validity: 259200 - name: Pages - Production + name: Pages autoapprove: true show-on-homepage: true app-icon: 'iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAYAAAA5ZDbSAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEgAAAABAAAASAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAeKADAAQAAAABAAAAeAAAAAD72DjtAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAuo0lEQVR4Ae2dCZxcVZ3v771V1Z0EwiLpJGSCKEYEAzMKiohJaMEN1xGNo844Cllww3kuozOMPopRx4VxRRA6CaLMjE8iDupzXJ5okY4savT5FHEQ2QyBpCMEAkm6q+697/v7n3urblVXpau7q7ob8Xxqucu5Z/ud/3L+53/O9b1HcygWA6/kBd7ubb4399bYK/VHnlfkO0ZYuTLnbdwYjhFrord978S1eW/LQDlNYFH/2nkjYfgsP/ZO9n3/+NiLn+B5/iLuH8I3z/E+34uHYs/b6vnebZz/LIqjG/6QO+JnXqlYsXSsriXqW3LndnHsH3/sKDMmhu+tXBl4Q0spc4lPi4oC3p/dP/uQMJwzNworB8W54KCgEs+KYq8QBHFPlItvHiptoBFpSs+jTTsY+ov5KiAc94Vb/xLg3hD7/ql+UDjY9wMyJMs44kM/5N8F3/ODgBIlX12MyopzB6X8JtG+tHPz+i0Wt78/7/XTkYttdGQemOkAO1BvPzTIUoRVFCDn3XvIk3KBdwzN9dQ49pZCIUd6vr+QlusjzgEcF3w/l9TSVTWORADx+4c2rf8w1E6LttdQlmfLn9j3+i/IGbhQWt+197yNPN7p53ueqEfiEGKOY3EMIaqC8I2FpisUJ4qWfJM4cc4P8r4XQOA8D0V/nxgfBugS8Ty4RGFUm9iN+p80g/qr030mFjoaVH/BirXHRXHcT1usoIhP43uUnysEjjI4E0WIOkCbH13ga41qB8mFfFCYDYHsXTk0uP6rUANU14Ib6OmxQobd961Y/WKy/EyQ712ijhTDQtzjsXrZeNtaxB7TFdQxcqqn6hNXKl+L4+jcnT+6fJvnOIbup/UbVVq6x4wJUEEx5/XdHCfyMVQF5oX3PMf34zOpwguB7ilQBQWmPlGoBoQ6KhWqrQrSgGpDqMkO9K9DZHQmcGWExlciZ/H9qtfX17JxMo81PxQVbTRZ6/ctXz3gBz2rKZAXVYYlf5Vv0r5WjjQNUajybJavIuo5/cO37V/n0H9ZnQWe1HumVxl+0bxlq1fvLBW/7OK25kR1ORN5OsIopWTh8nOeGsbhG6jea2BTR/lBDjCNIlQ+RxUxDeEaYH91aNaII36upzcKy9fsHFz3yglTcMIi+/rftNAL898NCrP+PCrvMxAoIxSbDeqAvihNEOVVH5O3hl8SL+U+dFpC2kFSsJNI9lcWzNSBlhj51I7Bde+yq1LCmsjl/TVONtHuHGeVEnKYt2zNS/0gfgdE+PwASk1AVY0hXhqtNaBZqhCojgLE4BqfoXGDXAGxNvLSnYMD35oQwEtX9ng3bxzp61+1xAv962GffVDYMPn28s0GlQXQASRfsOtxZeQRzm9D+boTHrPTj/xK5EdzuHY4hT6KSEfB4iFZqlwpR5RfadR3mJj28L2ITpWnU30FUfNaS7yJTjE9AJvc6weUooDx5i9f/Tdg8V4/lz9e2MThiC6nvbi+co61pYAqHsBLDDuqUIXUIvQOMTbxNvvnohpFneUBMD+fnn8pPb5pr9fjLUMCLp3xaDrjjyHIg+HJI+Qptp8Noua8D1iw1BGKcg1K8leiOLiBjnVvNmL1mA6/MLzr6NDPP9+P49d7ufxJrj2MPYua9U0DqkZczvXM7smAnOJpTaCI6YX0oS7/02dPPKc6Ruw7de1KP4rO9/I9Sz2GDVCsAFDhGnSDKovTvQJsm6o63K0zxPEQNbkLLfq3xLwLdeZuuMB9QT5+oBIGD8V+tDfwKpUgCsLZ+WjbnaUr9pENdeeJ8YRR4OYORg9QR3TkWUurTGctSEegNp8rxP6F2zYP3F27zZGUMxvy6WrJazb0WbBi9WlR7F+A3rEMyidebJ1GT6QBkEcEclweduy6gStOHcCZjOf1n/0MPwz+lYKfmgDbilod4Ca3aEOQiyvDQubXAPqjOIpv8vLBz8K9s26//6aLHkorPeZ/pixjxk0jtAeuOgwE2JuPw+H/S/d5447B9f/PklCeCiU4iVdUvGady4erMPLdlvO2LKLujsPNW75mDTW/mI5Np6k0diilUyHPQlQefj3DqC9nh1BTAXBViVpyxrm9Dz6890LY6blSMlLNkAJm2bA1EtUP/Hwe3puTVroPbAcB+BqI/FqGCP/NM43BaeFm1VrkGk8aeWPYuDHL3hvvNj8fL7iV4S8gF8+2xKSMvQywmihAzTPLXFWnSEYVJhL8+DvI+yfSbvUgS/wEatB4D8aRJ9sQKhE/3QU4M0acv2LtC1Ac1geF3iOQGTS8aZVZViwwxIJQSBBnGgLF4U/p6P8WBv7V95fWb81UHZZG5QXmUQ9EDKvGD1pdYvs5GQe4KEd5NNuPbB9cd56lOBFO0aQoSynDzabUvfVALxyRUnf8KJDRWUTFsPKrhwbXvTpVHrsHcMbSMn/F6n/1gsK7TfGJQikkklnZvKsKCSxYYG30csHnhkoDm6v1TY0fjhrUGfTtbmgbXAROoUfgfmj7pnUfMPm6cSnlcyy2I4VMy/Kcs+cGQfBLLFxHJjpLlvuFyP5cFIb9DAGvE8jZRu5IOSyRBNzH9a9enAu9r6POnwDVSp4q1BVIF6DYHD1PdpvL0aY/vnPzult1HQydUjZRFucSmdhv2qBVbbmpQqVOBrhGuRlwu8RRkjJh0Tse06WT7RoqSDlxoQJ159H7vr9zcP3zNUpIb0ysEUY/VZW3C5avOp1xyTVkCFspi2qzwwg1TEVKg+g4DsOrKeZ5VWAzsmd0FlNwZTzgii2HWcrtErhJtavsesWa9wW5no8mVrNUi6ddhXfORxY/QxMUnQTYaYAoE/OXr3kzw5jPa7AOW65XCOjxlDWAqn2o+pY4CN6287qBH1r5RflOpqbUPgVoNmTRNrjN2HJ3wU1KKswEJObRNbeisGL3DtVeKWd0sjgc/iwTKn/XIYAxGCSqf9+KNR/EjPZ+DWfIVPI0zZhDFAGp+gBPF/sgQ4j/qYumMNVs0HZpWn7aBncK2XKzhkhE4LxTV68Ngt7LaOva+BiN2s/lAkC/fSi3+ClZy0izpMa+JnU8AReL1CVokgJXGQrgFFwdu54VVW4PIu/kOnA1qd29Cfix66AY4wHXacvdl7mtSm5jZMm4ylVYye5nyKnRiIhJqiu0U2EKOjjqsPiep08O4JqpL2Y2ZZ1fmPUW2K5YsoBN05YdOYYlF7A6bXz8nuCY7ZsHbrIGVXEE7nSHtsEVW55amdu8adDO0VN2la7YhVL6PTRnRUvFGlyZISj2dsj4FLvTPJExrmrYUixaooB7BQC+MQE3FfhJpkj8fF7zr+cNDW74yJCuOhZjBucxcun+7bbBFVtuHApNicxt3gayASj48ff5SSYbqlHFMQn+CSmVufN2f0W5CUtF5l7VAtwK2jsTARjZospfCVwbH3o8m/FXajfLrsQbD7jTzZYbG0DKKCGOg59j9NChiDUFVo2usydNAGAASsxuyNxrkLkrw/I+UWOWcgEXuYApCmN4/9CmdVcZSzaLUwcH/6rWREPb4M4UttxQUTOkIAvDYCtg7oaQEu2aeKAugLmweLwA80zRegnWqX9H5r4iHNk7wsXsGDcBN2L2xlsmi8rSlW7+VFk3FHN6TtsGd4ax5brWcjjM7tmnSZZdcluqtq4pWlJ9vL7xASyXGpJB5n7Wz896vSiXjpMFN3SUG0VBHCzb/qP1N9rAfOPGmSFv1UDjAXemsWWVvyHc2feI+LNrXxhzchuas8NZ7QMsxQiNt2/5qrfDls+VQkUqNbasGQ1MKEoYq9Tp0pRTq0tDmabvtG1wZyhbbtZyck705NQ3OoBPpT2Ak4G1zI/4914UVTQbFEuok4YCkPoMvXK4w3jeK+Ta+egFdyazZdfa7tcR6yFzRw4AhgPRdXQ5wQNi0+whrHtsgDUcQuuVdz5PbTTzo+eLWtPElC6T3LN8bMrvYDblG2KDmt5yBZkBv21TLuA+CtiytWjxAmv/fKUwn/PHmdZcAzg2R3rPu2dsgBNtrRJG/4tZn0Mxkwi4KksglxGGSXgw7LuEeciLNACXQ9oMgNUVoW1wH0VsWTUriVkChB8fi2lYxzIYpUQHRxUF+3ftH2CxZuY05y1f+0405tOZ72ycFSpjMZHT1/VDmzbgzU8oOeOHHU/3T9vgPlrYcqZBE0MHGs8KN0JyWlUSg3lWFkV48S9bA5yw5r4Vb3oyHpoXAqLUp3qlCoHMIHs3evSZlrCekZY1E8J4wH20sOVau/qpsQgqPcOc+2qmYcUKJEpB+cbWAC+VRwI0H+c/rwl5DlHHM3LXx6MXWwY95awd167fnhgyUnuoHp2+0Da4jzK2nLZof7+JyHmnrn0uduhjWd0hq1YqNlGV/ByEt6un0HtTc4DFmrFWYYZ8DS6tp+NtobFWjXptZqgHuTvyRfyLrzbb8kyRu22D22m2jIXPXHFTFLr532+J43L8LslaqEwAp4HpQvOjuO6eay/+QzOAjfw1zOGJj8n5jVCLp/GuWHNleCg8cPY7LNVk+sqOp/NnPOB2ii3Lid+Um6JGFrEpmXbepYYQ8WGPkM801PtSiE8ANZk08q9UCWrApeXR4mXC0GEHn8uQ4Qnwd1FvSv7WWzQ9Ffjx/7j/2/giJ4pY+vi0/bcNbgfZcm1lYrxw+Vl9i5/9ztlqfNpA4i3VaDvXJJrk0UQN/zjEXyrzQ0MI8fDIA/rtOxbuukb3GgE26p2H5x6P/j0rMhSnBq7mmHHqIoFN2zdt+A9llAp7RZy20Da4HWTLRkmlyoJla57HstGfMwF763B+9+24K30yYdWdBtn3br7ZOs38a7d+Cb3oyaOIj0l/Nzccf8pm+yhjPcAJ9WKReivUu4DBs6g3jaMCo3lTFS/+ewOzVErvTRu202JbVoeCkphwOTPO5f4PEutpKDaH8F0Y9B7wzvnL137CGsTZ7jvRNm4hPFO0rHL4mJfv/evEayarF4l6Wd2w77c43V9smW4ZqDNVGvWeCOosfHoLmpkYTT315ntQv+ON9w1u+LHJmsksnO5Etdum3A6y5SRPgYvp/WrmurVCg/0W4JdxXAlZPMjB6xY/e2XKrifLqqvgMsnz4Vy+5711PljVdkT+S+EKgr/L6ALaRiAJSW/7/QHR6+ghRxr5a6zsgqgXrZmlqXH8IbvUbFlIEnlK/toGt4NseRS4poDqR5QEkFWj/6yo91BsxArFyQBcBy7uQufhJisZnyU8ZTJsrkRReWDounXfdsTnXKFSAGX6MlWbfniOs2tmxry2oKpHk1FX22IqmSOn00luPOB2SltuDW6msX35eqvB79hWGtjJP+BKu55QGA1uuQputdNAeW5Be3nvL3ZsWn+O5VQ633qejh3AZoFi3Nu/RrLkFCiV56q9EY5DPA2XgvgzlsB0Um/b4HaTLRtmasQMuHJ68wsiDpYTvMfaKTFI2PH4ftoClyTLKM092CN2+D3+Cy0Lw7K2LNYBbHOKFC+M3oC3vOJlDdcRq9PlZ3vD0HXrB+mRVX8sS3Aqf9oGt9tsGU1zNLjsikNzhtGZ2zet/0G6+GsCzdM2uHALTMWVXXTlU8yaKM2+gbM6gJOxFTO6L5fS0KBcJXOL8eVW2BNZuzodYTzgdo0tt6TcKrg7Nq/7T7MNTEwBHR+4UWUXit5JO64f+F3iqapRT10InKcjzjulbadgwlzCnC6AVpWr1Gr1wKyK9zV7cstlou6pDW2D2222vH/KNXBVVhHM+MOEwB3adNlvbajYIs9k5ziINoxebptuuX0s0uLZwBmJ/p2tN2y439iOzHFTGdoGd3rZchXcidnkJwfufvJk70M3fwuIp8mIQXBsOwVR5rDA3+hO+9OrU/M/HnCnmy0nZZ1Aw3QNXJXF1O0Fy84+irk/bYuAji9ENUTin0UJeHDcPxwXljy4+fMPJPGnhoLbBldsuSdfv/h6gisOkjxrRgzJ3DbZ8n6oiERaha6Cq0yNWkMveBa2TQ3gkK/p+Bc/KyYVQPNGA3cqJ/PbBvdPbLlVz0mvG8BYuE5OiDlLnaJk4f09i1zd8id9tEv/4wG3a2zZRNV+h0IzVeY2opLK22c661VV/gIubrHMNeTYt9gemgrjRtvgdltbltFilBGjfiiUlLWxQds47zpbzpYhOPR5aw+GD2vqSddNJvNv8he/nu2VKL7FHki8K+24Gz9tg/sntjye5g8Kw9GRsOF5CQUnAMvfCntG7N3Cnku7bd534jbVscszHnD/xJbHbs9MjABefLR8eAgi4QRgadBwbz/+tcXVzmvdCjKvoYHW9n5stZtNN9myca8/GrachQq7eHyUfGgJZofL3vRj9mPqZpDLCxaYscHtNltuJnPxKU9sy1Xz4wwdCu0Pojz258c3iYDnhuF9h93TCy86HeTuUyxWDj9l1ZEVP75Ru7ZiB5eJL+uloHw7t5wkEQW1cW4TyrVtAQPAxW+lMvKaoc0b/lO+VlsXbx3xjjK/71pLJK7FXrF2yR2dT7khGu07KTcbJgA0WW/zuU2m/HjGbU6T2Jar5seJdai6wuRZM3aEhC0hYc92Ir9adkKK77HYk9kVvS67zEniXxTm/U8F+VmH4mrSuN+yCsWeyB3aZKwdcM24g2yK471s7PkS9I8fqsRbb/jU3kzJa4cbEwNf7UpyVHT/xaI17HSBq0Lkmew9DC8NDoWvlQf5i7Ejjh/mtRBDiuSZBt2qMhZjwj/kyHDMKKlRzsf4heW6Y6FqQrlWA3Pm1+6n18RBTvt9vYqRxCOBF1RCn7lXvvYPqwm8XKVCRN7kUs55BdwTK5Wc11PJhXvDfCUId+d64geft+DBvmu3fnAKKNfHi8O9DmFoyBFqMpvFXobxoeq4gOtuGNYG9m4/d8jDDjnXEyeMYrMHzXCyUd3qXlPo6uPYnoteOPxR5laTvR87ZX5sBa4VgGE/zg5+7nW5XOF1Wv5hLUHHlzYqAlAvJAJvQZEXBIch7udeJeQ6kXk7kheEcKWwxyuX+36wlVV+uQVwJ57W2mlLTgkpdIotuyI6d12Xsn6dCIwkgw+rGyKBuCNgb/f27x3YnDXVkunWkRwM1JyXWwauM1gTjyvDtthyY4riXuwEWRlWT1DjuSBU7UyEYAf60TenHuEu6Up6OXnMpl8bLnYaXLKav2zNW9n4/BUUcm/k+5fvLBa/odIgb/zZ6og60Y8LVkjAnbA/UZrQmP+IiJbzyzgqzrUEJmJFmxC41eKqAWSbF9W5r5sj19gxbSc1WvLltVt0CjghK770te3rIzY7T+fW02d4pGOUq13jzRLJZjif92fNuZhlpC/wcj2vyOV7v46v9ttUPg2T9AYIZVwrhI78OJ20rl1XrI4HPwXYClFLnr4YOlW+dq3No8mB204m1kJETP4FugGvBq99a44TaZqdYsuOBaOdH75i9bG4yr45Gn6EF9WUy/hnDduChdgrLjpx7RyUrLphSVIQwzRt+LRwXflHwetsPu2Bq84kFtzQqVpW0Rqkdlenic7iLorKxwqdA1c5lawjRWU/XhKYeIeDOCzFTRTjkEqvd7jYkNanzOKrCElFrN661/WAD2Kd9/2kMmwHXFs8hwsDJs8G1FztqbrVvlqQ+rOE21Xv6kBDyjFCZ8HNZBbEeHJWpYZuqLxiImyW1TMSAmI8giieVVdwxdGDLuhsVFsk9yb9hz5qau2kE2oHXM13BzguS0aGwx9EOXoYdWoOb9hC2Yx7cEYqcK1AZXlRit+D5OI45gVOcLmAr93nVTmOUuR+mqdtVf5n8m1FxYCb08s0zEGuk0YMtRnafA9ytj7oPGaA6eUrAOzv4XuQEOdyEpVDPz7AbU3ftdewWqGQtBVXnvoyjuusXXDllY4yhJ3qhdtL674/rjxaRMYqVgTAkxucFdPYXaNce1+Fy+XABDbhRzCfOTXpSE8YDqs3/gEKXojy5yLQhW1Lnsib2zfUNxtLB2PhDPaWSAd+kj0mUDkxEEwitAduQkXhXgyQ/feV1v9Yb4C5be9hYaahXCHmLkoaKi1TyR2k1jwZEnYfbeu42JD7X2D1/8hGq7RaHZ/UM90D15XIftnh7jDlXF9oI5m98ezKHilZbIOnC0Kejw7d/9y4vA/KFsAX2BO60+kgCp5wmu2CmyvoXXb305uX3btpwy22h9e3L5JpdLzBTdaXBtgQTrblHsDV+wq7ZsQYs3wQ5ry6SIJQY6PYe3D79560V5tssKF0HX66qx45J/ALfTy8zVspg3ldMh07IbOJAdweuFjEDNy7MC4t37bpC78X5d787cPK3spEZmZdkdItelW7LCVrHK54+p/GiYO6Rk/Kx0hssXHchDTBE+ykZIV/kB1DStbva2RrSQht1prmsdCU/4zjX7hXsHUJ4Th5K6dl3eZPO+Ams0JouEyFBf3bNq3X+wL921LKrVanejBG5i7edE4c1BWwlE7vxo9PFGTjvcQRcepP9cVaEwV3i8FA2dmAtQtre+wdzcX/GiWnsjEneYypZXwUnIK7/OxXwRm/mrgaSZOtF+XwfquV7x2M6++17LEphVI7s+7jBla6WMrlI/CqPWjIj9Bc/Os8ekT/7JS7h5HEI6Syh1ce8nLJ4D7Mfm8Mcr3vY6YpzS9tVLVCIue7oy0rg0wg32IkbvTQw3sX27gXWFVjAgN0Dnz/Tp3kqdwdjIx1LLquBl2hQk+tXujaQZVFZxureW4puG7xdWtw3dOJqAkW+LmA3QoknJRFko0d68ydmxRNcnWtYb80lyYaaAkRBg4A2KhlRVBbZcs7JQpVUjxnokRUPPTg8GJm/BbZSDOtCJFUcjabvFXx834U/DesWMeiALvHPzVCv/X943TDs/VIA3bY6R9kSHsULNeeLQMjmsKjpccCNy0mILMneci4tz4k6FUvCv5syIJnUg0dlL04LZ16TjFF2nK2cF4yJUiJcLfKa2G+OIojUE14sYAQA5K5WwXDHiw6jvXmDqWR1hOuxjOxd8ziZ696HP2B68U6Cq/LcCIniZIQMYAc6/HFWz23J4bADdoGN0nWSFWgZL+wa7hX7SujTvabvaeZIupeTYeo1TC1lFvNtt+O4iB6pm0ErqlKx1HsJZVg9wh8+neKFGjVAuj9LtmdtAqwrD2I4UOHe/yllpo06S4ER8FpttkMate23rBxr7nZtAZXkdVRNMcI67EKq9LJVwRqRKp42S+nEw7TBC7lTWbXAPfkRLym2MB06cexd0f6EuqUbH/qhnLWIKqxHpAmrcgrdMFLFonbcQd/4H8tWXRUcBMhtuOebXhixK6fLJu03gurwo+KLy+Fsm/AP29xNMHJGiv++UKFNug3akwbRbVJOkAjp25Z0ekDV9ggf7XVFXbKE2yznJQ9qx72JnTvJ1ZynBoNYKp+Y5OqwLmZzoy959q95C0fTeJN6hKauqFWn4g0fYqWy23rW7bqRQD3lRbaMq8QSGRLWP4F9t5b+P6WuLejeNwNE9oGJ9qhBXQQ8IN8H+aL9hzLyEHHEqDgDOj0fFKy+YeWHS4pI+B2z7Zc3w5NztJtIfL5Z/C6Im11pfYzHPkXd+Invl7/srjZjSiMboptF3ejGItENNxX2CLI805mO+HD3dYAHZbDlKE5BQd+FFZGgkrlLTT+/24JLmxH+EKWr+a1PU8bOn3xcUOnH3HMEC/fmpOrPCWYPXw0IC8ZyVWeVMgFS3CjenJUyB/NxgdPwcv6GKyzx+Yi7zia5+lMpj4r1N7Lnv8D41yO5Vs7ZX4Syg27MnGQyaf1ocykBLbbeIGxYyeG0vjaYhLlIu8AhiilTHh6ozYD+F9RseMBVSwPFggbY66WVYcH+GH5NK79u9dPU1QH2Hpy8sFkcNKlaqmJgn1manL/hApMFcwzIsuWuQi4Wb9lrX5MXtRFOtGdaLe19LDHZk9aHOMF8Q+wuBfU2qAuYoYtV07ixY9uZX0HXFvrctn/idnAkygvTTp+Sr3OOBVXfnXfpstMgxZRBnjjGcg8VDL+Xd8jXFpxvNIOJuI6k5Sm1Z+fc5uCiJYbgvyy6GywUdNiq3fFkurBbbL5CHGUYMNXk/TiQslXjvcaWxMWrFj10SA/+yPkqe7WWJgGcK+YDnCrLjrI32fQuY8zB8Eae0aDNhr4geqT4gq4JTuH032TMeO5nKQ9gkPYtJvMfr7Y9M6NA5i/rHFE5R0JbKoZmsojA8zoQFkylxPzoygX5WLl0Ob1OKWvxCn9gdFO6aPT4spralc1ltQMUWnjiMyPbP6GhWqv5LLjXrWYGXBz00W5rjRO0cVx0/8rLTeKKyKORKxq/Au3o8G+7iKX7C/vlUqiCO+gObM3Pfjw3t+jQBxRm9s0Nl3GP3kO5jlR8Wc97bKzpaptWyKT+cF+YPmPnYYoWchqFF95ydDg5bZuWUOosZ9tHWO0bdl1t+SJDLjTxpbTwht7fkL/m2Y9EvqvVTOgIDlvTrQqjRyYMbtz+57coD2Q4Cr2bHsc3/bt4jCul//FRiznoIGq0VNKZn9KTn3/bK59FmuSeo3IapTk5No4QsnFxbOuftTTKgm6QsAmxmH00Uou+PVhy1edxEhoBPmcIfFWz9ZfjxnhU4Xd/J7NvmD7sS2jjpknhsCdJracFl2O7fg+PxIVXs6+ZYtZVsMb5jwnXuVVEuSF0zdshx9n9TMdxEVIZasfXQl1nEOaYuapLApgh3JE/wttnbt9M54QtX2S0+wn/s/0uY1WJGn3D5XJZOjrvfk4937MdIm2YHJnXPkLXgUxBDhTG66t06JQuUKmv/1wzZJO4rdbe9VojIZgsT6ilM5/pUXXkHaLHSVUai+N9Pwdgxt+xLDiF2jTaoJUzjpqpVWigC3kFVLvBjuZ2M+S2ccbMlEYHE9LiyeoQ40VWGCArxQvQIZVT/qrjku+qmu2a2XYsmRusg/V1GrL9e0ggipqq8m1yxhcLI8rZSmfjjgZMOEPTfmjGxkN/ZTrZghJE0j6Mo2b7BXNjQ3IYd1PAdYxm4AP82TujMNOXfNMGxO7TVl0b/wBzVXzspo4gIouSxS5tCxjpGeMRYB04ttI/jMPXLVGSlBh9I/Y4lXzDDamm9DfPTcb1H9BXZ1qjZrsYFfp9b/ElNhOqErG90xCeqt0Xu9r+YDynHDITvlhW6bH6aN8slQ04eQn8eDMBFfUy3h2/vJVz4Gzvjguj6itHPXSbmZVqwz//uC5s//D6t7w3qoawDJKIpwf+P7AgzT5F9jnUvGzGm5eiWN8eFnfsrXLjIprY2hLe8yfLLipbVkaXP041+Ur0B3wKkPyNecAKXn7+0q5aOebTWMYHaNrrq2q0IRDQr2Ipg/J9lRHvShXbncG//PmqSLlyiimllvCx5ML6dtToujTKB9vI7U5EDF4J0MHsQZpJn754zxxCkI/Q+G1RJseNQPXAVfHUsiLPZdhFWkwuk6J2yqY3kn+03vutP6sPqqY++hA00EaOM/dF8f+qTsHZ4DMTQtpBpyBMvb4lVgU+01zTqlX3FVvvynv2zm3N7hkSM+k+KXP8z+6PRIVG/l4oV/oeQ9AixqMnJPnMF+yKDscfiMbUH+p1S6nmTyq7+ytraxXv9DYy7T1alQKM8Ir9HoQERsZ/FyYD72DMbUwNOKXcQDv6dNKPjmpMyvg0wk4j2I8Q320Qv7pGRA9x8TRefW65tAwfeoamyPznBzWc0gvV68g/mU5mPvFXaVP72qrPtUSd/VA2MR6xcLdc+JboasnYGXLtlmZd0byjoa952GH/0irco8GOLFU6TUxCN3f0b3nopYLEcfOxTY1DRdHO8sY73eVrsDMW+ResTk1t0m5UNdILgGXV8JnTE5dbcT6xKU4Iu/qL07TWZXQVn2CTv+uOkKrYXBvYU+wZNuWAc2QgaXGjvWhxgqr1wGKxO8bHBiav2LNP8MaLozZV4IneyyK5CVGUKh4XqHifZprb2pp3WoTXFEuvdEotwquKqjxXNattVrGhoOsu2vDrTr318Z76bmel5K5sV2rWvpgl/4TcBcsW/ssnBIB1xaQ17Byspe9BYb/ycC1+L4ZNhpL1ISCLYquqzf4mPJ+g4hi2o0xYz1L5R1K7G8Zl8/ccV2yCXZ2z+JR4I7NlqvgziRKsuaYyp+EG9IGffcdrLZf0tD27t1VYfknvD7npFaUm5Y4o0Wnl+w/fUUbLiDBuamO1RADyxLzxVF8udi5mcjSsfEocNU3RstcseVU5v4J3KR1kx31++49+DK4pMAVZaaKKE3GZAhz/MwsvN2e6H9uei9JoP6vFcBMMhUrmnLasWngexgiGDb14vdiS01dCimrzvUcQnaMZwlYxOSrq43NagqVibRG6pd2N1rmFum9M0UGulpO7a8IAy6Ii9LZKLirGl9+BbooVrNpuugT9u4qseYxXh0gVryf4NhFX/9bD/TCETS53OENmpwB5Rd6e1DXP4mp891KbL6c0oMCrq1/Ysv7adz6W4ncnbds9Ym4j/3U2ZtRaFPllrE/7JpRQPjboYW7jnWE0FyxyiY8BsBETTJeyLtqMZv8IK7g8eGmBbLPVqBw/HNH/gbJvRNfqu8kzmCjKFdseZS2/JiWubSxDEZwzL7+Ny30w/wvmbif10BINBsB5BkqnnTfdet+kj5j1/fzs1/+bc/du8W06odvGPjdnMc/rYC2e2qEXADdzLOMTG3aLn4FMuINKgrfUeBycbS2LLZ8ySXNh1j7KfgfzS2bmbuisnTlyp49uw+43ssVjkzkblVrpt005oV6K/+wY9O6q4zobviELHFjhgxI+4l77xZ6UDHYc9cnr52z+C9OCfI9R+MVN8ITyfOydGE2oIvxFbgCrC5tgdtUoXrMg1syoPx5pwzyMu4TmPZTu7ohKQdqN7xNerzKvm+gNb+dWaXA+/InRDxthdZKVv3j7NniLhQO8V/J5gB3M/GgQmTGXgasWIm+dem2BPexrFAZW3bgsg3StV6u99m06wiNVwXX2ldvNqsM33HQgXMmZPwRtbUfEllhu8P68S8gWPb2ML+gKjsZnZhfEXuJynuuxqT2aruvXsj85ui4j5EriV4jamSrwx8yHFrhVYYbwWUShnnbONqHA+mf27x00v7jaaXxAayUk8Jp8hlGPGgEaz499Sw5KYRmO3DcG7kCcM8y9lLUnccwuImNQCsTsC8L3BOxvY8ARI1yZYpkGCp88Rju3zm47rq03ZN2bfuvjpW29ZSsVRRyqDSwmVmAVybO15K3zeWCRLPnH+jABdjpejVeW5XraiQ/fZl1X/+qJZjzf4Ul8ERRbh24NkukJUYFuca93sBNxscTKd34KTjNJaVkm8oqXNVqWER03ms0KxeN7PsNKx3PuK906Z2uNy6iQzxGKNmGgUvp6bjdnLrmDGZgr2ZMOzvRlrMzdSa2sP+zLH54zfbBDesnSrkpTBMHWCmkIK9Y8xq6XLJ+aLRJkphlm1APK8MMof96x+C6q60AE5Ap9tyj6SeVt5R53vLVH2Cq+58Z42rQIe05q7tUwcXn6h1Dg+suStt3MtWdHMDKOanAghVrXs7869fFkFsoXrh5MicbUKewfOmO3OJzzRxqz/8RUnNql2ekgLxdBEu+Enl7WrJDgJopO4yUeGP3PfZiC0fezrKYi9N2VXNOJkweYOWeKA4LVqw+jZUK30V5yCNAGrVCxVQvjdkgmwUrw7exM8KanaX1Jd1IKqRebX3Erj0qfxgh2OIA9wbSvhVr30iH/xzgHYhHhoaVotpsu1NnOj5OLCy4W4vMXdeulaqd5slm1E781nESkBc+Z83SMBdfiwKxoMm4zp4n0xHMcT2yiWD63NDT2/u+e669mG1/CI4jPBqB9im7vWRE1UiGkp+Fal8IVYolC9ysvFU0HP1YimrLdKNXYsu/plOUq8QVOgewUktAXtS/dl4ljL6F5eokJqvT6a5Gjd20bhogx9LVh3jDywU7Dt/1meps0qOGdddT7OPOOPeg/MP7PoDL0Lvlrwy4TevP3lYjWAR5PXt5F5u8vGj75oGb0vZTU3YqdBZglSqRyTpkyvAyLDRr99ODFa0MJRdE0LDtO5DjH9m5cNfldUDLs8M5588U9u17thC7302rUgmbcYtGtOrgPbxk5DDqoro1KlISQBrj8rIRGX/2/cQf8V6246b127Ptpgc7FToPsEqWmR0C5L+lUuswovfIzkrPhk2ZWTNbB8lm1rcy+EN8yzSHX9BFvXHPFXe719q6uOo8Dmyj/mwCU3KsemmFX8ZzxRSoXLCWnvdmZtQW2Pw8Lk2Up1HWqoh05qBg8rYycunOwfVvsXJniMLOO/jTHYBdAenlRVswhfL1RJSvf0O5OgXnMe42lUd6SsCZM3cC9C6WnH2F9f6X2wS3YqRBQyyFfiiiWBRld5q63b6UqU9Yw0svmLftZ2rlLHJ9NfWakwFW2nEzcRQjjlghMvIQL2U+C4/Ur6n4WWKw8w7/dBNgV9RM72T14ruYWPwoGiVbDbA6zukA2eGCe8axMdli6e0QvLkGRdi+PTxHom8Nbdrw81HtoGk3bW+g7Zm0mE4vrSqeD+hjVbHoe0VS03ucBKYc8JpxCezG80r3nuCHWO88/y9REp+qBdcZ8dMEWDytcSI3hdLF/VpQyb9l+/WX7kg0ZXXoTnfMuqYZq/Z1kSd8Yiz7KtiwHxs1e95nwO5lqhsWMLEz9fjRQIMm19UI7J6TD2QWjVhFx+4wv+bZ61BUfsiK0p9u37TuTqVNvLFCWt824jIRsOLeJ5H9CRTzeaR/KpLlyZIiMlRQbslSyqZFYKNEjtKnA6NbIJmQx/dgvXonb1HbaAXMdPqxCjzZ+2mFJ5tOe89nKtb3HEx2gfcxqPl4R6G2lUAroNVgApsvTusQtqjHOogbW97B8S+hll+zDuMWQL/Lj/L37fO8B/rm5vdUNyBtKOUTWExd3hMdUM7POiQuRIvQZo/gVSlPpascR4bHAuwSfKMoE81kXETew7Z8pkU5bU5cnKkAOwZiZoji+OMH5MMP31m6Yp+xY+MsRdVlSsLUAqwqaapQ7DCZC+5bsQpDgH8eDXK0HC+hjJRtCcFW5VMcNZIa3+3XAeBs3IISCwaiMKwGPKzNR7Wh+cNo55hJPd56RZo+AMQsQ/XstT0HckkzO3l1moY0VAQAI1G3ml7ANguuPLXRABv2+OvZq/lftm0euNsemCazbKsGbFaJzl6rqzDscPndfwte70DmPl0cD3ss+Zky1oJaqsVR44OfAQ5+1in0jDZBM8DsktU0rS7RFFMPqkNo4UYyfLGLeoC1MvzqgfQhPZAN6mAClmk924BNi8l3k+GVXhB9aqi04TaLbFwLp/r2REg2/Y4ctyp8RxJvI5E664/i28ZnfsAuA/GLoWpejGFUrVsgLlmHgdMoV5f2F4xdCnoHV7Oo6hauBfQ7VlsoJYHKl3LIri4FUOWLwt9w8EUUqMtNgVJeAvZl2NiLRT0zbWGsSk1VwVKgJb+Mtg4/jdfOVoLXcvoqWPgzsfpAbawoRRZykLJolV+AtwPQeOqiMqTfFKCCTZRI9qsclfJ2cv5uEPlX2rYWaeriTP10gmkGNi3OTAG4Vh6Nnb0SH+evpBsL+t98XBSFL0F7fgGtfhKUcyAyk3am7Y2CDAOBnoJCvVQ1+Q1XwU/rqjgKSVxp33YpuW5cAmGM0k4eiHgXmZfU0LFYSuJtwoH0m2yEUhoqXYJ8T4Kx4pk3K5ZWOi3mzPmXMvZNbdlUL7/mn756QTQSPMP3o2cDzclAeAz4HA7oQsRBpV+TrZKxAj85t9pRZau1uKwA1LkuOG4tnm7OC3GkzfHu4LuFWzfyGtmbtpc2/MqSSH/M2FJSZ0w7V3pnxvxbVWdMaVoVpGoiHE0hejv3vtzDRyAanwIQS4DpifyzzX3cR+Ueh5g9lGTRlO3tbiJHXgTmyZy2D033D8D5AMcPEHcrx3djmriT81t7e3vvrM5wcaEaDFTO3FYJCdVX7864g/8PiLAyhWn6+O8AAAAASUVORK5CYII=' diff --git a/bosh/opsfiles/pages-clients-staging.yml b/bosh/opsfiles/pages-clients-staging.yml index 388fed8e..f524f3f6 100644 --- a/bosh/opsfiles/pages-clients-staging.yml +++ b/bosh/opsfiles/pages-clients-staging.yml @@ -14,7 +14,7 @@ authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 refresh-token-validity: 259200 - name: Pages - Staging + name: Pages autoapprove: true show-on-homepage: true app-icon: 'iVBORw0KGgoAAAANSUhEUgAAAHgAAAB4CAYAAAA5ZDbSAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAhGVYSWZNTQAqAAAACAAFARIAAwAAAAEAAQAAARoABQAAAAEAAABKARsABQAAAAEAAABSASgAAwAAAAEAAgAAh2kABAAAAAEAAABaAAAAAAAAAEgAAAABAAAASAAAAAEAA6ABAAMAAAABAAEAAKACAAQAAAABAAAAeKADAAQAAAABAAAAeAAAAAD72DjtAAAACXBIWXMAAAsTAAALEwEAmpwYAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAuo0lEQVR4Ae2dCZxcVZ3v771V1Z0EwiLpJGSCKEYEAzMKiohJaMEN1xGNo844Cllww3kuozOMPopRx4VxRRA6CaLMjE8iDupzXJ5okY4savT5FHEQ2QyBpCMEAkm6q+697/v7n3urblVXpau7q7ob8Xxqucu5Z/ud/3L+53/O9b1HcygWA6/kBd7ubb4399bYK/VHnlfkO0ZYuTLnbdwYjhFrord978S1eW/LQDlNYFH/2nkjYfgsP/ZO9n3/+NiLn+B5/iLuH8I3z/E+34uHYs/b6vnebZz/LIqjG/6QO+JnXqlYsXSsriXqW3LndnHsH3/sKDMmhu+tXBl4Q0spc4lPi4oC3p/dP/uQMJwzNworB8W54KCgEs+KYq8QBHFPlItvHiptoBFpSs+jTTsY+ov5KiAc94Vb/xLg3hD7/ql+UDjY9wMyJMs44kM/5N8F3/ODgBIlX12MyopzB6X8JtG+tHPz+i0Wt78/7/XTkYttdGQemOkAO1BvPzTIUoRVFCDn3XvIk3KBdwzN9dQ49pZCIUd6vr+QlusjzgEcF3w/l9TSVTWORADx+4c2rf8w1E6LttdQlmfLn9j3+i/IGbhQWt+197yNPN7p53ueqEfiEGKOY3EMIaqC8I2FpisUJ4qWfJM4cc4P8r4XQOA8D0V/nxgfBugS8Ty4RGFUm9iN+p80g/qr030mFjoaVH/BirXHRXHcT1usoIhP43uUnysEjjI4E0WIOkCbH13ga41qB8mFfFCYDYHsXTk0uP6rUANU14Ib6OmxQobd961Y/WKy/EyQ712ijhTDQtzjsXrZeNtaxB7TFdQxcqqn6hNXKl+L4+jcnT+6fJvnOIbup/UbVVq6x4wJUEEx5/XdHCfyMVQF5oX3PMf34zOpwguB7ilQBQWmPlGoBoQ6KhWqrQrSgGpDqMkO9K9DZHQmcGWExlciZ/H9qtfX17JxMo81PxQVbTRZ6/ctXz3gBz2rKZAXVYYlf5Vv0r5WjjQNUajybJavIuo5/cO37V/n0H9ZnQWe1HumVxl+0bxlq1fvLBW/7OK25kR1ORN5OsIopWTh8nOeGsbhG6jea2BTR/lBDjCNIlQ+RxUxDeEaYH91aNaII36upzcKy9fsHFz3yglTcMIi+/rftNAL898NCrP+PCrvMxAoIxSbDeqAvihNEOVVH5O3hl8SL+U+dFpC2kFSsJNI9lcWzNSBlhj51I7Bde+yq1LCmsjl/TVONtHuHGeVEnKYt2zNS/0gfgdE+PwASk1AVY0hXhqtNaBZqhCojgLE4BqfoXGDXAGxNvLSnYMD35oQwEtX9ng3bxzp61+1xAv962GffVDYMPn28s0GlQXQASRfsOtxZeQRzm9D+boTHrPTj/xK5EdzuHY4hT6KSEfB4iFZqlwpR5RfadR3mJj28L2ITpWnU30FUfNaS7yJTjE9AJvc6weUooDx5i9f/Tdg8V4/lz9e2MThiC6nvbi+co61pYAqHsBLDDuqUIXUIvQOMTbxNvvnohpFneUBMD+fnn8pPb5pr9fjLUMCLp3xaDrjjyHIg+HJI+Qptp8Noua8D1iw1BGKcg1K8leiOLiBjnVvNmL1mA6/MLzr6NDPP9+P49d7ufxJrj2MPYua9U0DqkZczvXM7smAnOJpTaCI6YX0oS7/02dPPKc6Ruw7de1KP4rO9/I9Sz2GDVCsAFDhGnSDKovTvQJsm6o63K0zxPEQNbkLLfq3xLwLdeZuuMB9QT5+oBIGD8V+tDfwKpUgCsLZ+WjbnaUr9pENdeeJ8YRR4OYORg9QR3TkWUurTGctSEegNp8rxP6F2zYP3F27zZGUMxvy6WrJazb0WbBi9WlR7F+A3rEMyidebJ1GT6QBkEcEclweduy6gStOHcCZjOf1n/0MPwz+lYKfmgDbilod4Ca3aEOQiyvDQubXAPqjOIpv8vLBz8K9s26//6aLHkorPeZ/pixjxk0jtAeuOgwE2JuPw+H/S/d5447B9f/PklCeCiU4iVdUvGady4erMPLdlvO2LKLujsPNW75mDTW/mI5Np6k0diilUyHPQlQefj3DqC9nh1BTAXBViVpyxrm9Dz6890LY6blSMlLNkAJm2bA1EtUP/Hwe3puTVroPbAcB+BqI/FqGCP/NM43BaeFm1VrkGk8aeWPYuDHL3hvvNj8fL7iV4S8gF8+2xKSMvQywmihAzTPLXFWnSEYVJhL8+DvI+yfSbvUgS/wEatB4D8aRJ9sQKhE/3QU4M0acv2LtC1Ac1geF3iOQGTS8aZVZViwwxIJQSBBnGgLF4U/p6P8WBv7V95fWb81UHZZG5QXmUQ9EDKvGD1pdYvs5GQe4KEd5NNuPbB9cd56lOBFO0aQoSynDzabUvfVALxyRUnf8KJDRWUTFsPKrhwbXvTpVHrsHcMbSMn/F6n/1gsK7TfGJQikkklnZvKsKCSxYYG30csHnhkoDm6v1TY0fjhrUGfTtbmgbXAROoUfgfmj7pnUfMPm6cSnlcyy2I4VMy/Kcs+cGQfBLLFxHJjpLlvuFyP5cFIb9DAGvE8jZRu5IOSyRBNzH9a9enAu9r6POnwDVSp4q1BVIF6DYHD1PdpvL0aY/vnPzult1HQydUjZRFucSmdhv2qBVbbmpQqVOBrhGuRlwu8RRkjJh0Tse06WT7RoqSDlxoQJ159H7vr9zcP3zNUpIb0ysEUY/VZW3C5avOp1xyTVkCFspi2qzwwg1TEVKg+g4DsOrKeZ5VWAzsmd0FlNwZTzgii2HWcrtErhJtavsesWa9wW5no8mVrNUi6ddhXfORxY/QxMUnQTYaYAoE/OXr3kzw5jPa7AOW65XCOjxlDWAqn2o+pY4CN6287qBH1r5RflOpqbUPgVoNmTRNrjN2HJ3wU1KKswEJObRNbeisGL3DtVeKWd0sjgc/iwTKn/XIYAxGCSqf9+KNR/EjPZ+DWfIVPI0zZhDFAGp+gBPF/sgQ4j/qYumMNVs0HZpWn7aBncK2XKzhkhE4LxTV68Ngt7LaOva+BiN2s/lAkC/fSi3+ClZy0izpMa+JnU8AReL1CVokgJXGQrgFFwdu54VVW4PIu/kOnA1qd29Cfix66AY4wHXacvdl7mtSm5jZMm4ylVYye5nyKnRiIhJqiu0U2EKOjjqsPiep08O4JqpL2Y2ZZ1fmPUW2K5YsoBN05YdOYYlF7A6bXz8nuCY7ZsHbrIGVXEE7nSHtsEVW55amdu8adDO0VN2la7YhVL6PTRnRUvFGlyZISj2dsj4FLvTPJExrmrYUixaooB7BQC+MQE3FfhJpkj8fF7zr+cNDW74yJCuOhZjBucxcun+7bbBFVtuHApNicxt3gayASj48ff5SSYbqlHFMQn+CSmVufN2f0W5CUtF5l7VAtwK2jsTARjZospfCVwbH3o8m/FXajfLrsQbD7jTzZYbG0DKKCGOg59j9NChiDUFVo2usydNAGAASsxuyNxrkLkrw/I+UWOWcgEXuYApCmN4/9CmdVcZSzaLUwcH/6rWREPb4M4UttxQUTOkIAvDYCtg7oaQEu2aeKAugLmweLwA80zRegnWqX9H5r4iHNk7wsXsGDcBN2L2xlsmi8rSlW7+VFk3FHN6TtsGd4ax5brWcjjM7tmnSZZdcluqtq4pWlJ9vL7xASyXGpJB5n7Wz896vSiXjpMFN3SUG0VBHCzb/qP1N9rAfOPGmSFv1UDjAXemsWWVvyHc2feI+LNrXxhzchuas8NZ7QMsxQiNt2/5qrfDls+VQkUqNbasGQ1MKEoYq9Tp0pRTq0tDmabvtG1wZyhbbtZyck705NQ3OoBPpT2Ak4G1zI/4914UVTQbFEuok4YCkPoMvXK4w3jeK+Ta+egFdyazZdfa7tcR6yFzRw4AhgPRdXQ5wQNi0+whrHtsgDUcQuuVdz5PbTTzo+eLWtPElC6T3LN8bMrvYDblG2KDmt5yBZkBv21TLuA+CtiytWjxAmv/fKUwn/PHmdZcAzg2R3rPu2dsgBNtrRJG/4tZn0Mxkwi4KksglxGGSXgw7LuEeciLNACXQ9oMgNUVoW1wH0VsWTUriVkChB8fi2lYxzIYpUQHRxUF+3ftH2CxZuY05y1f+0405tOZ72ycFSpjMZHT1/VDmzbgzU8oOeOHHU/3T9vgPlrYcqZBE0MHGs8KN0JyWlUSg3lWFkV48S9bA5yw5r4Vb3oyHpoXAqLUp3qlCoHMIHs3evSZlrCekZY1E8J4wH20sOVau/qpsQgqPcOc+2qmYcUKJEpB+cbWAC+VRwI0H+c/rwl5DlHHM3LXx6MXWwY95awd167fnhgyUnuoHp2+0Da4jzK2nLZof7+JyHmnrn0uduhjWd0hq1YqNlGV/ByEt6un0HtTc4DFmrFWYYZ8DS6tp+NtobFWjXptZqgHuTvyRfyLrzbb8kyRu22D22m2jIXPXHFTFLr532+J43L8LslaqEwAp4HpQvOjuO6eay/+QzOAjfw1zOGJj8n5jVCLp/GuWHNleCg8cPY7LNVk+sqOp/NnPOB2ii3Lid+Um6JGFrEpmXbepYYQ8WGPkM801PtSiE8ANZk08q9UCWrApeXR4mXC0GEHn8uQ4Qnwd1FvSv7WWzQ9Ffjx/7j/2/giJ4pY+vi0/bcNbgfZcm1lYrxw+Vl9i5/9ztlqfNpA4i3VaDvXJJrk0UQN/zjEXyrzQ0MI8fDIA/rtOxbuukb3GgE26p2H5x6P/j0rMhSnBq7mmHHqIoFN2zdt+A9llAp7RZy20Da4HWTLRkmlyoJla57HstGfMwF763B+9+24K30yYdWdBtn3br7ZOs38a7d+Cb3oyaOIj0l/Nzccf8pm+yhjPcAJ9WKReivUu4DBs6g3jaMCo3lTFS/+ewOzVErvTRu202JbVoeCkphwOTPO5f4PEutpKDaH8F0Y9B7wzvnL137CGsTZ7jvRNm4hPFO0rHL4mJfv/evEayarF4l6Wd2w77c43V9smW4ZqDNVGvWeCOosfHoLmpkYTT315ntQv+ON9w1u+LHJmsksnO5Etdum3A6y5SRPgYvp/WrmurVCg/0W4JdxXAlZPMjB6xY/e2XKrifLqqvgMsnz4Vy+5711PljVdkT+S+EKgr/L6ALaRiAJSW/7/QHR6+ghRxr5a6zsgqgXrZmlqXH8IbvUbFlIEnlK/toGt4NseRS4poDqR5QEkFWj/6yo91BsxArFyQBcBy7uQufhJisZnyU8ZTJsrkRReWDounXfdsTnXKFSAGX6MlWbfniOs2tmxry2oKpHk1FX22IqmSOn00luPOB2SltuDW6msX35eqvB79hWGtjJP+BKu55QGA1uuQputdNAeW5Be3nvL3ZsWn+O5VQ633qejh3AZoFi3Nu/RrLkFCiV56q9EY5DPA2XgvgzlsB0Um/b4HaTLRtmasQMuHJ68wsiDpYTvMfaKTFI2PH4ftoClyTLKM092CN2+D3+Cy0Lw7K2LNYBbHOKFC+M3oC3vOJlDdcRq9PlZ3vD0HXrB+mRVX8sS3Aqf9oGt9tsGU1zNLjsikNzhtGZ2zet/0G6+GsCzdM2uHALTMWVXXTlU8yaKM2+gbM6gJOxFTO6L5fS0KBcJXOL8eVW2BNZuzodYTzgdo0tt6TcKrg7Nq/7T7MNTEwBHR+4UWUXit5JO64f+F3iqapRT10InKcjzjulbadgwlzCnC6AVpWr1Gr1wKyK9zV7cstlou6pDW2D2222vH/KNXBVVhHM+MOEwB3adNlvbajYIs9k5ziINoxebptuuX0s0uLZwBmJ/p2tN2y439iOzHFTGdoGd3rZchXcidnkJwfufvJk70M3fwuIp8mIQXBsOwVR5rDA3+hO+9OrU/M/HnCnmy0nZZ1Aw3QNXJXF1O0Fy84+irk/bYuAji9ENUTin0UJeHDcPxwXljy4+fMPJPGnhoLbBldsuSdfv/h6gisOkjxrRgzJ3DbZ8n6oiERaha6Cq0yNWkMveBa2TQ3gkK/p+Bc/KyYVQPNGA3cqJ/PbBvdPbLlVz0mvG8BYuE5OiDlLnaJk4f09i1zd8id9tEv/4wG3a2zZRNV+h0IzVeY2opLK22c661VV/gIubrHMNeTYt9gemgrjRtvgdltbltFilBGjfiiUlLWxQds47zpbzpYhOPR5aw+GD2vqSddNJvNv8he/nu2VKL7FHki8K+24Gz9tg/sntjye5g8Kw9GRsOF5CQUnAMvfCntG7N3Cnku7bd534jbVscszHnD/xJbHbs9MjABefLR8eAgi4QRgadBwbz/+tcXVzmvdCjKvoYHW9n5stZtNN9myca8/GrachQq7eHyUfGgJZofL3vRj9mPqZpDLCxaYscHtNltuJnPxKU9sy1Xz4wwdCu0Pojz258c3iYDnhuF9h93TCy86HeTuUyxWDj9l1ZEVP75Ru7ZiB5eJL+uloHw7t5wkEQW1cW4TyrVtAQPAxW+lMvKaoc0b/lO+VlsXbx3xjjK/71pLJK7FXrF2yR2dT7khGu07KTcbJgA0WW/zuU2m/HjGbU6T2Jar5seJdai6wuRZM3aEhC0hYc92Ir9adkKK77HYk9kVvS67zEniXxTm/U8F+VmH4mrSuN+yCsWeyB3aZKwdcM24g2yK471s7PkS9I8fqsRbb/jU3kzJa4cbEwNf7UpyVHT/xaI17HSBq0Lkmew9DC8NDoWvlQf5i7Ejjh/mtRBDiuSZBt2qMhZjwj/kyHDMKKlRzsf4heW6Y6FqQrlWA3Pm1+6n18RBTvt9vYqRxCOBF1RCn7lXvvYPqwm8XKVCRN7kUs55BdwTK5Wc11PJhXvDfCUId+d64geft+DBvmu3fnAKKNfHi8O9DmFoyBFqMpvFXobxoeq4gOtuGNYG9m4/d8jDDjnXEyeMYrMHzXCyUd3qXlPo6uPYnoteOPxR5laTvR87ZX5sBa4VgGE/zg5+7nW5XOF1Wv5hLUHHlzYqAlAvJAJvQZEXBIch7udeJeQ6kXk7kheEcKWwxyuX+36wlVV+uQVwJ57W2mlLTgkpdIotuyI6d12Xsn6dCIwkgw+rGyKBuCNgb/f27x3YnDXVkunWkRwM1JyXWwauM1gTjyvDtthyY4riXuwEWRlWT1DjuSBU7UyEYAf60TenHuEu6Up6OXnMpl8bLnYaXLKav2zNW9n4/BUUcm/k+5fvLBa/odIgb/zZ6og60Y8LVkjAnbA/UZrQmP+IiJbzyzgqzrUEJmJFmxC41eKqAWSbF9W5r5sj19gxbSc1WvLltVt0CjghK770te3rIzY7T+fW02d4pGOUq13jzRLJZjif92fNuZhlpC/wcj2vyOV7v46v9ttUPg2T9AYIZVwrhI78OJ20rl1XrI4HPwXYClFLnr4YOlW+dq3No8mB204m1kJETP4FugGvBq99a44TaZqdYsuOBaOdH75i9bG4yr45Gn6EF9WUy/hnDduChdgrLjpx7RyUrLphSVIQwzRt+LRwXflHwetsPu2Bq84kFtzQqVpW0Rqkdlenic7iLorKxwqdA1c5lawjRWU/XhKYeIeDOCzFTRTjkEqvd7jYkNanzOKrCElFrN661/WAD2Kd9/2kMmwHXFs8hwsDJs8G1FztqbrVvlqQ+rOE21Xv6kBDyjFCZ8HNZBbEeHJWpYZuqLxiImyW1TMSAmI8giieVVdwxdGDLuhsVFsk9yb9hz5qau2kE2oHXM13BzguS0aGwx9EOXoYdWoOb9hC2Yx7cEYqcK1AZXlRit+D5OI45gVOcLmAr93nVTmOUuR+mqdtVf5n8m1FxYCb08s0zEGuk0YMtRnafA9ytj7oPGaA6eUrAOzv4XuQEOdyEpVDPz7AbU3ftdewWqGQtBVXnvoyjuusXXDllY4yhJ3qhdtL674/rjxaRMYqVgTAkxucFdPYXaNce1+Fy+XABDbhRzCfOTXpSE8YDqs3/gEKXojy5yLQhW1Lnsib2zfUNxtLB2PhDPaWSAd+kj0mUDkxEEwitAduQkXhXgyQ/feV1v9Yb4C5be9hYaahXCHmLkoaKi1TyR2k1jwZEnYfbeu42JD7X2D1/8hGq7RaHZ/UM90D15XIftnh7jDlXF9oI5m98ezKHilZbIOnC0Kejw7d/9y4vA/KFsAX2BO60+kgCp5wmu2CmyvoXXb305uX3btpwy22h9e3L5JpdLzBTdaXBtgQTrblHsDV+wq7ZsQYs3wQ5ry6SIJQY6PYe3D79560V5tssKF0HX66qx45J/ALfTy8zVspg3ldMh07IbOJAdweuFjEDNy7MC4t37bpC78X5d787cPK3spEZmZdkdItelW7LCVrHK54+p/GiYO6Rk/Kx0hssXHchDTBE+ykZIV/kB1DStbva2RrSQht1prmsdCU/4zjX7hXsHUJ4Th5K6dl3eZPO+Ams0JouEyFBf3bNq3X+wL921LKrVanejBG5i7edE4c1BWwlE7vxo9PFGTjvcQRcepP9cVaEwV3i8FA2dmAtQtre+wdzcX/GiWnsjEneYypZXwUnIK7/OxXwRm/mrgaSZOtF+XwfquV7x2M6++17LEphVI7s+7jBla6WMrlI/CqPWjIj9Bc/Os8ekT/7JS7h5HEI6Syh1ce8nLJ4D7Mfm8Mcr3vY6YpzS9tVLVCIue7oy0rg0wg32IkbvTQw3sX27gXWFVjAgN0Dnz/Tp3kqdwdjIx1LLquBl2hQk+tXujaQZVFZxureW4puG7xdWtw3dOJqAkW+LmA3QoknJRFko0d68ydmxRNcnWtYb80lyYaaAkRBg4A2KhlRVBbZcs7JQpVUjxnokRUPPTg8GJm/BbZSDOtCJFUcjabvFXx834U/DesWMeiALvHPzVCv/X943TDs/VIA3bY6R9kSHsULNeeLQMjmsKjpccCNy0mILMneci4tz4k6FUvCv5syIJnUg0dlL04LZ16TjFF2nK2cF4yJUiJcLfKa2G+OIojUE14sYAQA5K5WwXDHiw6jvXmDqWR1hOuxjOxd8ziZ696HP2B68U6Cq/LcCIniZIQMYAc6/HFWz23J4bADdoGN0nWSFWgZL+wa7hX7SujTvabvaeZIupeTYeo1TC1lFvNtt+O4iB6pm0ErqlKx1HsJZVg9wh8+neKFGjVAuj9LtmdtAqwrD2I4UOHe/yllpo06S4ER8FpttkMate23rBxr7nZtAZXkdVRNMcI67EKq9LJVwRqRKp42S+nEw7TBC7lTWbXAPfkRLym2MB06cexd0f6EuqUbH/qhnLWIKqxHpAmrcgrdMFLFonbcQd/4H8tWXRUcBMhtuOebXhixK6fLJu03gurwo+KLy+Fsm/AP29xNMHJGiv++UKFNug3akwbRbVJOkAjp25Z0ekDV9ggf7XVFXbKE2yznJQ9qx72JnTvJ1ZynBoNYKp+Y5OqwLmZzoy959q95C0fTeJN6hKauqFWn4g0fYqWy23rW7bqRQD3lRbaMq8QSGRLWP4F9t5b+P6WuLejeNwNE9oGJ9qhBXQQ8IN8H+aL9hzLyEHHEqDgDOj0fFKy+YeWHS4pI+B2z7Zc3w5NztJtIfL5Z/C6Im11pfYzHPkXd+Invl7/srjZjSiMboptF3ejGItENNxX2CLI805mO+HD3dYAHZbDlKE5BQd+FFZGgkrlLTT+/24JLmxH+EKWr+a1PU8bOn3xcUOnH3HMEC/fmpOrPCWYPXw0IC8ZyVWeVMgFS3CjenJUyB/NxgdPwcv6GKyzx+Yi7zia5+lMpj4r1N7Lnv8D41yO5Vs7ZX4Syg27MnGQyaf1ocykBLbbeIGxYyeG0vjaYhLlIu8AhiilTHh6ozYD+F9RseMBVSwPFggbY66WVYcH+GH5NK79u9dPU1QH2Hpy8sFkcNKlaqmJgn1manL/hApMFcwzIsuWuQi4Wb9lrX5MXtRFOtGdaLe19LDHZk9aHOMF8Q+wuBfU2qAuYoYtV07ixY9uZX0HXFvrctn/idnAkygvTTp+Sr3OOBVXfnXfpstMgxZRBnjjGcg8VDL+Xd8jXFpxvNIOJuI6k5Sm1Z+fc5uCiJYbgvyy6GywUdNiq3fFkurBbbL5CHGUYMNXk/TiQslXjvcaWxMWrFj10SA/+yPkqe7WWJgGcK+YDnCrLjrI32fQuY8zB8Eae0aDNhr4geqT4gq4JTuH032TMeO5nKQ9gkPYtJvMfr7Y9M6NA5i/rHFE5R0JbKoZmsojA8zoQFkylxPzoygX5WLl0Ob1OKWvxCn9gdFO6aPT4spralc1ltQMUWnjiMyPbP6GhWqv5LLjXrWYGXBz00W5rjRO0cVx0/8rLTeKKyKORKxq/Au3o8G+7iKX7C/vlUqiCO+gObM3Pfjw3t+jQBxRm9s0Nl3GP3kO5jlR8Wc97bKzpaptWyKT+cF+YPmPnYYoWchqFF95ydDg5bZuWUOosZ9tHWO0bdl1t+SJDLjTxpbTwht7fkL/m2Y9EvqvVTOgIDlvTrQqjRyYMbtz+57coD2Q4Cr2bHsc3/bt4jCul//FRiznoIGq0VNKZn9KTn3/bK59FmuSeo3IapTk5No4QsnFxbOuftTTKgm6QsAmxmH00Uou+PVhy1edxEhoBPmcIfFWz9ZfjxnhU4Xd/J7NvmD7sS2jjpknhsCdJracFl2O7fg+PxIVXs6+ZYtZVsMb5jwnXuVVEuSF0zdshx9n9TMdxEVIZasfXQl1nEOaYuapLApgh3JE/wttnbt9M54QtX2S0+wn/s/0uY1WJGn3D5XJZOjrvfk4937MdIm2YHJnXPkLXgUxBDhTG66t06JQuUKmv/1wzZJO4rdbe9VojIZgsT6ilM5/pUXXkHaLHSVUai+N9Pwdgxt+xLDiF2jTaoJUzjpqpVWigC3kFVLvBjuZ2M+S2ccbMlEYHE9LiyeoQ40VWGCArxQvQIZVT/qrjku+qmu2a2XYsmRusg/V1GrL9e0ggipqq8m1yxhcLI8rZSmfjjgZMOEPTfmjGxkN/ZTrZghJE0j6Mo2b7BXNjQ3IYd1PAdYxm4AP82TujMNOXfNMGxO7TVl0b/wBzVXzspo4gIouSxS5tCxjpGeMRYB04ttI/jMPXLVGSlBh9I/Y4lXzDDamm9DfPTcb1H9BXZ1qjZrsYFfp9b/ElNhOqErG90xCeqt0Xu9r+YDynHDITvlhW6bH6aN8slQ04eQn8eDMBFfUy3h2/vJVz4Gzvjguj6itHPXSbmZVqwz//uC5s//D6t7w3qoawDJKIpwf+P7AgzT5F9jnUvGzGm5eiWN8eFnfsrXLjIprY2hLe8yfLLipbVkaXP041+Ur0B3wKkPyNecAKXn7+0q5aOebTWMYHaNrrq2q0IRDQr2Ipg/J9lRHvShXbncG//PmqSLlyiimllvCx5ML6dtToujTKB9vI7U5EDF4J0MHsQZpJn754zxxCkI/Q+G1RJseNQPXAVfHUsiLPZdhFWkwuk6J2yqY3kn+03vutP6sPqqY++hA00EaOM/dF8f+qTsHZ4DMTQtpBpyBMvb4lVgU+01zTqlX3FVvvynv2zm3N7hkSM+k+KXP8z+6PRIVG/l4oV/oeQ9AixqMnJPnMF+yKDscfiMbUH+p1S6nmTyq7+ytraxXv9DYy7T1alQKM8Ir9HoQERsZ/FyYD72DMbUwNOKXcQDv6dNKPjmpMyvg0wk4j2I8Q320Qv7pGRA9x8TRefW65tAwfeoamyPznBzWc0gvV68g/mU5mPvFXaVP72qrPtUSd/VA2MR6xcLdc+JboasnYGXLtlmZd0byjoa952GH/0irco8GOLFU6TUxCN3f0b3nopYLEcfOxTY1DRdHO8sY73eVrsDMW+ResTk1t0m5UNdILgGXV8JnTE5dbcT6xKU4Iu/qL07TWZXQVn2CTv+uOkKrYXBvYU+wZNuWAc2QgaXGjvWhxgqr1wGKxO8bHBiav2LNP8MaLozZV4IneyyK5CVGUKh4XqHifZprb2pp3WoTXFEuvdEotwquKqjxXNattVrGhoOsu2vDrTr318Z76bmel5K5sV2rWvpgl/4TcBcsW/ssnBIB1xaQ17Byspe9BYb/ycC1+L4ZNhpL1ISCLYquqzf4mPJ+g4hi2o0xYz1L5R1K7G8Zl8/ccV2yCXZ2z+JR4I7NlqvgziRKsuaYyp+EG9IGffcdrLZf0tD27t1VYfknvD7npFaUm5Y4o0Wnl+w/fUUbLiDBuamO1RADyxLzxVF8udi5mcjSsfEocNU3RstcseVU5v4J3KR1kx31++49+DK4pMAVZaaKKE3GZAhz/MwsvN2e6H9uei9JoP6vFcBMMhUrmnLasWngexgiGDb14vdiS01dCimrzvUcQnaMZwlYxOSrq43NagqVibRG6pd2N1rmFum9M0UGulpO7a8IAy6Ii9LZKLirGl9+BbooVrNpuugT9u4qseYxXh0gVryf4NhFX/9bD/TCETS53OENmpwB5Rd6e1DXP4mp891KbL6c0oMCrq1/Ysv7adz6W4ncnbds9Ym4j/3U2ZtRaFPllrE/7JpRQPjboYW7jnWE0FyxyiY8BsBETTJeyLtqMZv8IK7g8eGmBbLPVqBw/HNH/gbJvRNfqu8kzmCjKFdseZS2/JiWubSxDEZwzL7+Ny30w/wvmbif10BINBsB5BkqnnTfdet+kj5j1/fzs1/+bc/du8W06odvGPjdnMc/rYC2e2qEXADdzLOMTG3aLn4FMuINKgrfUeBycbS2LLZ8ySXNh1j7KfgfzS2bmbuisnTlyp49uw+43ssVjkzkblVrpt005oV6K/+wY9O6q4zobviELHFjhgxI+4l77xZ6UDHYc9cnr52z+C9OCfI9R+MVN8ITyfOydGE2oIvxFbgCrC5tgdtUoXrMg1syoPx5pwzyMu4TmPZTu7ohKQdqN7xNerzKvm+gNb+dWaXA+/InRDxthdZKVv3j7NniLhQO8V/J5gB3M/GgQmTGXgasWIm+dem2BPexrFAZW3bgsg3StV6u99m06wiNVwXX2ldvNqsM33HQgXMmZPwRtbUfEllhu8P68S8gWPb2ML+gKjsZnZhfEXuJynuuxqT2aruvXsj85ui4j5EriV4jamSrwx8yHFrhVYYbwWUShnnbONqHA+mf27x00v7jaaXxAayUk8Jp8hlGPGgEaz499Sw5KYRmO3DcG7kCcM8y9lLUnccwuImNQCsTsC8L3BOxvY8ARI1yZYpkGCp88Rju3zm47rq03ZN2bfuvjpW29ZSsVRRyqDSwmVmAVybO15K3zeWCRLPnH+jABdjpejVeW5XraiQ/fZl1X/+qJZjzf4Ul8ERRbh24NkukJUYFuca93sBNxscTKd34KTjNJaVkm8oqXNVqWER03ms0KxeN7PsNKx3PuK906Z2uNy6iQzxGKNmGgUvp6bjdnLrmDGZgr2ZMOzvRlrMzdSa2sP+zLH54zfbBDesnSrkpTBMHWCmkIK9Y8xq6XLJ+aLRJkphlm1APK8MMof96x+C6q60AE5Ap9tyj6SeVt5R53vLVH2Cq+58Z42rQIe05q7tUwcXn6h1Dg+suStt3MtWdHMDKOanAghVrXs7869fFkFsoXrh5MicbUKewfOmO3OJzzRxqz/8RUnNql2ekgLxdBEu+Enl7WrJDgJopO4yUeGP3PfZiC0fezrKYi9N2VXNOJkweYOWeKA4LVqw+jZUK30V5yCNAGrVCxVQvjdkgmwUrw7exM8KanaX1Jd1IKqRebX3Erj0qfxgh2OIA9wbSvhVr30iH/xzgHYhHhoaVotpsu1NnOj5OLCy4W4vMXdeulaqd5slm1E781nESkBc+Z83SMBdfiwKxoMm4zp4n0xHMcT2yiWD63NDT2/u+e669mG1/CI4jPBqB9im7vWRE1UiGkp+Fal8IVYolC9ysvFU0HP1YimrLdKNXYsu/plOUq8QVOgewUktAXtS/dl4ljL6F5eokJqvT6a5Gjd20bhogx9LVh3jDywU7Dt/1meps0qOGdddT7OPOOPeg/MP7PoDL0Lvlrwy4TevP3lYjWAR5PXt5F5u8vGj75oGb0vZTU3YqdBZglSqRyTpkyvAyLDRr99ODFa0MJRdE0LDtO5DjH9m5cNfldUDLs8M5588U9u17thC7302rUgmbcYtGtOrgPbxk5DDqoro1KlISQBrj8rIRGX/2/cQf8V6246b127Ptpgc7FToPsEqWmR0C5L+lUuswovfIzkrPhk2ZWTNbB8lm1rcy+EN8yzSHX9BFvXHPFXe719q6uOo8Dmyj/mwCU3KsemmFX8ZzxRSoXLCWnvdmZtQW2Pw8Lk2Up1HWqoh05qBg8rYycunOwfVvsXJniMLOO/jTHYBdAenlRVswhfL1RJSvf0O5OgXnMe42lUd6SsCZM3cC9C6WnH2F9f6X2wS3YqRBQyyFfiiiWBRld5q63b6UqU9Yw0svmLftZ2rlLHJ9NfWakwFW2nEzcRQjjlghMvIQL2U+C4/Ur6n4WWKw8w7/dBNgV9RM72T14ruYWPwoGiVbDbA6zukA2eGCe8axMdli6e0QvLkGRdi+PTxHom8Nbdrw81HtoGk3bW+g7Zm0mE4vrSqeD+hjVbHoe0VS03ucBKYc8JpxCezG80r3nuCHWO88/y9REp+qBdcZ8dMEWDytcSI3hdLF/VpQyb9l+/WX7kg0ZXXoTnfMuqYZq/Z1kSd8Yiz7KtiwHxs1e95nwO5lqhsWMLEz9fjRQIMm19UI7J6TD2QWjVhFx+4wv+bZ61BUfsiK0p9u37TuTqVNvLFCWt824jIRsOLeJ5H9CRTzeaR/KpLlyZIiMlRQbslSyqZFYKNEjtKnA6NbIJmQx/dgvXonb1HbaAXMdPqxCjzZ+2mFJ5tOe89nKtb3HEx2gfcxqPl4R6G2lUAroNVgApsvTusQtqjHOogbW97B8S+hll+zDuMWQL/Lj/L37fO8B/rm5vdUNyBtKOUTWExd3hMdUM7POiQuRIvQZo/gVSlPpascR4bHAuwSfKMoE81kXETew7Z8pkU5bU5cnKkAOwZiZoji+OMH5MMP31m6Yp+xY+MsRdVlSsLUAqwqaapQ7DCZC+5bsQpDgH8eDXK0HC+hjJRtCcFW5VMcNZIa3+3XAeBs3IISCwaiMKwGPKzNR7Wh+cNo55hJPd56RZo+AMQsQ/XstT0HckkzO3l1moY0VAQAI1G3ml7ANguuPLXRABv2+OvZq/lftm0euNsemCazbKsGbFaJzl6rqzDscPndfwte70DmPl0cD3ss+Zky1oJaqsVR44OfAQ5+1in0jDZBM8DsktU0rS7RFFMPqkNo4UYyfLGLeoC1MvzqgfQhPZAN6mAClmk924BNi8l3k+GVXhB9aqi04TaLbFwLp/r2REg2/Y4ctyp8RxJvI5E664/i28ZnfsAuA/GLoWpejGFUrVsgLlmHgdMoV5f2F4xdCnoHV7Oo6hauBfQ7VlsoJYHKl3LIri4FUOWLwt9w8EUUqMtNgVJeAvZl2NiLRT0zbWGsSk1VwVKgJb+Mtg4/jdfOVoLXcvoqWPgzsfpAbawoRRZykLJolV+AtwPQeOqiMqTfFKCCTZRI9qsclfJ2cv5uEPlX2rYWaeriTP10gmkGNi3OTAG4Vh6Nnb0SH+evpBsL+t98XBSFL0F7fgGtfhKUcyAyk3am7Y2CDAOBnoJCvVQ1+Q1XwU/rqjgKSVxp33YpuW5cAmGM0k4eiHgXmZfU0LFYSuJtwoH0m2yEUhoqXYJ8T4Kx4pk3K5ZWOi3mzPmXMvZNbdlUL7/mn756QTQSPMP3o2cDzclAeAz4HA7oQsRBpV+TrZKxAj85t9pRZau1uKwA1LkuOG4tnm7OC3GkzfHu4LuFWzfyGtmbtpc2/MqSSH/M2FJSZ0w7V3pnxvxbVWdMaVoVpGoiHE0hejv3vtzDRyAanwIQS4DpifyzzX3cR+Ueh5g9lGTRlO3tbiJHXgTmyZy2D033D8D5AMcPEHcrx3djmriT81t7e3vvrM5wcaEaDFTO3FYJCdVX7864g/8PiLAyhWn6+O8AAAAASUVORK5CYII=' From 9733956152ce99c80b602bca6724b93406828d47 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 13 Jun 2024 10:25:01 -0400 Subject: [PATCH 02/36] Switch clients to 12h refresh tokens --- bosh/opsfiles/clients.yml | 8 ++++---- bosh/opsfiles/pages-clients-dev.yml | 2 +- bosh/opsfiles/pages-clients-production.yml | 2 +- bosh/opsfiles/pages-clients-staging.yml | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bosh/opsfiles/clients.yml b/bosh/opsfiles/clients.yml index e969f8c6..8564f36e 100644 --- a/bosh/opsfiles/clients.yml +++ b/bosh/opsfiles/clients.yml @@ -67,7 +67,7 @@ authorized-grant-types: authorization_code,client_credentials authorities: scim.read,password.write,uaa.admin,uaa.resource access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 redirect-uri: https://account.((system_domain))/oauth/login name: Invite Users autoapprove: true @@ -134,7 +134,7 @@ scope: cloud_controller.read,oauth.approvals,openid,scim.userids authorized-grant-types: authorization_code,refresh_token access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: Logsearch redirect-uri: https://logs.((system_domain))/login autoapprove: true @@ -149,7 +149,7 @@ authorized-grant-types: authorization_code,client_credentials,refresh_token authorities: uaa.none access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: "Dashboard" autoapprove: true show-on-homepage: true @@ -181,4 +181,4 @@ value: 600 - type: replace path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cf/refresh-token-validity - value: 259200 + value: 43200 diff --git a/bosh/opsfiles/pages-clients-dev.yml b/bosh/opsfiles/pages-clients-dev.yml index 6ba30c03..cd7fca23 100644 --- a/bosh/opsfiles/pages-clients-dev.yml +++ b/bosh/opsfiles/pages-clients-dev.yml @@ -13,7 +13,7 @@ authorized-grant-types: authorization_code,client_credentials authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: Pages autoapprove: true show-on-homepage: true diff --git a/bosh/opsfiles/pages-clients-production.yml b/bosh/opsfiles/pages-clients-production.yml index ff59e210..a247b8e5 100644 --- a/bosh/opsfiles/pages-clients-production.yml +++ b/bosh/opsfiles/pages-clients-production.yml @@ -13,7 +13,7 @@ authorized-grant-types: authorization_code,client_credentials authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: Pages autoapprove: true show-on-homepage: true diff --git a/bosh/opsfiles/pages-clients-staging.yml b/bosh/opsfiles/pages-clients-staging.yml index f524f3f6..4dfc76b6 100644 --- a/bosh/opsfiles/pages-clients-staging.yml +++ b/bosh/opsfiles/pages-clients-staging.yml @@ -13,7 +13,7 @@ authorized-grant-types: authorization_code,client_credentials authorities: groups.update,scim.read,scim.invite,scim.write access-token-validity: 600 - refresh-token-validity: 259200 + refresh-token-validity: 43200 name: Pages autoapprove: true show-on-homepage: true From c13e4a553950c6b431204e66ccb9153fa66a90ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 13 Jun 2024 21:50:44 +0000 Subject: [PATCH 03/36] Bump the pip group across 1 directory with 8 updates Bumps the pip group with 8 updates in the /ci/test-space-egress directory: | Package | From | To | | --- | --- | --- | | [certifi](https://github.com/certifi/python-certifi) | `2021.5.30` | `2023.7.22` | | [fastapi](https://github.com/tiangolo/fastapi) | `0.68.1` | `0.109.1` | | [idna](https://github.com/kjd/idna) | `3.2` | `3.7` | | [protobuf](https://github.com/protocolbuffers/protobuf) | `3.17.3` | `3.18.3` | | [pydantic](https://github.com/pydantic/pydantic) | `1.8.2` | `1.10.13` | | [requests](https://github.com/psf/requests) | `2.26.0` | `2.32.2` | | [starlette](https://github.com/encode/starlette) | `0.14.2` | `0.36.2` | | [urllib3](https://github.com/urllib3/urllib3) | `1.26.6` | `1.26.18` | Updates `certifi` from 2021.5.30 to 2023.7.22 - [Commits](https://github.com/certifi/python-certifi/compare/2021.05.30...2023.07.22) Updates `fastapi` from 0.68.1 to 0.109.1 - [Release notes](https://github.com/tiangolo/fastapi/releases) - [Commits](https://github.com/tiangolo/fastapi/compare/0.68.1...0.109.1) Updates `idna` from 3.2 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.2...v3.7) Updates `protobuf` from 3.17.3 to 3.18.3 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](https://github.com/protocolbuffers/protobuf/compare/v3.17.3...v3.18.3) Updates `pydantic` from 1.8.2 to 1.10.13 - [Release notes](https://github.com/pydantic/pydantic/releases) - [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md) - [Commits](https://github.com/pydantic/pydantic/compare/v1.8.2...v1.10.13) Updates `requests` from 2.26.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.26.0...v2.32.2) Updates `starlette` from 0.14.2 to 0.36.2 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](https://github.com/encode/starlette/compare/0.14.2...0.36.2) Updates `urllib3` from 1.26.6 to 1.26.18 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.6...1.26.18) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production dependency-group: pip - dependency-name: fastapi dependency-type: direct:production dependency-group: pip - dependency-name: idna dependency-type: direct:production dependency-group: pip - dependency-name: protobuf dependency-type: direct:production dependency-group: pip - dependency-name: pydantic dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-type: direct:production dependency-group: pip - dependency-name: starlette dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] --- ci/test-space-egress/requirements.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index 166180f6..5edee1b4 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -1,28 +1,28 @@ argcomplete==1.12.3 asgiref==3.4.1 -certifi==2021.5.30 +certifi==2023.7.22 cfenv==0.5.3 charset-normalizer==2.0.4 click==8.0.1 -fastapi==0.68.1 +fastapi==0.109.1 furl==2.1.3 h11==0.12.0 -idna==3.2 +idna==3.7 mypy-extensions==0.4.3 orderedmultidict==1.0.1 packaging==21.0 pathspec==0.9.0 platformdirs==2.3.0 -protobuf==3.17.3 +protobuf==3.18.3 psycopg2==2.9.1 -pydantic==1.8.2 +pydantic==1.10.13 pyparsing==2.4.7 regex==2021.8.28 -requests==2.26.0 +requests==2.32.2 six==1.16.0 -starlette==0.14.2 +starlette==0.36.2 tomli==1.2.1 typing-extensions==3.10.0.2 -urllib3==1.26.6 +urllib3==1.26.18 userpath==1.7.0 uvicorn==0.15.0 From a018df1b1b667cf8806f4bb8253a25d58f3255b3 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 18 Jun 2024 09:32:57 -0400 Subject: [PATCH 04/36] Bump starlette version --- ci/test-space-egress/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index 5edee1b4..229bee10 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -20,7 +20,7 @@ pyparsing==2.4.7 regex==2021.8.28 requests==2.32.2 six==1.16.0 -starlette==0.36.2 +starlette==0.35.1 tomli==1.2.1 typing-extensions==3.10.0.2 urllib3==1.26.18 From dad35068a0460a2bc72888b9274c1c08f2203bf1 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 18 Jun 2024 09:56:11 -0400 Subject: [PATCH 05/36] Bumping typing-extensions version --- ci/test-space-egress/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index 229bee10..93acb64c 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -22,7 +22,7 @@ requests==2.32.2 six==1.16.0 starlette==0.35.1 tomli==1.2.1 -typing-extensions==3.10.0.2 +typing-extensions==4.8.0 urllib3==1.26.18 userpath==1.7.0 uvicorn==0.15.0 From b2cbef1c37072129e864d102b350d4064b794e2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Jun 2024 11:13:59 -0400 Subject: [PATCH 06/36] Bump urllib3 (#853) Bumps the pip group with 1 update in the /ci/test-space-egress directory: [urllib3](https://github.com/urllib3/urllib3). Updates `urllib3` from 1.26.18 to 1.26.19 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/1.26.19/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.18...1.26.19) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mark Boyd --- ci/test-space-egress/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index 93acb64c..f456f889 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -23,6 +23,6 @@ six==1.16.0 starlette==0.35.1 tomli==1.2.1 typing-extensions==4.8.0 -urllib3==1.26.18 +urllib3==1.26.19 userpath==1.7.0 uvicorn==0.15.0 From 4c9d8e892ba864f86c056aeff980accf775020c2 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Tue, 18 Jun 2024 12:04:49 -0400 Subject: [PATCH 07/36] Upgrade starlette (#856) * add venv to gitignore * upgrade starlette version to address vulnerability and update FastAPI version for compatibility --- .gitignore | 3 ++- ci/test-space-egress/requirements.txt | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index f5420a77..4ebbc63b 100644 --- a/.gitignore +++ b/.gitignore @@ -25,8 +25,9 @@ jwt_* # Python __pycache__/ *.py[cod] +venv # Python Environments .venv .terraform -.terraform.lock.hcl \ No newline at end of file +.terraform.lock.hcl diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index f456f889..6b11f7d2 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -4,7 +4,7 @@ certifi==2023.7.22 cfenv==0.5.3 charset-normalizer==2.0.4 click==8.0.1 -fastapi==0.109.1 +fastapi==0.111.0 furl==2.1.3 h11==0.12.0 idna==3.7 @@ -20,7 +20,7 @@ pyparsing==2.4.7 regex==2021.8.28 requests==2.32.2 six==1.16.0 -starlette==0.35.1 +starlette==0.37.2 tomli==1.2.1 typing-extensions==4.8.0 urllib3==1.26.19 From faf46d13a802e4c8d9b0856a155c4d2fce412183 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 18 Jun 2024 12:47:55 -0400 Subject: [PATCH 08/36] Remove redundant platform cell config --- bosh/opsfiles/platform-cells.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/bosh/opsfiles/platform-cells.yml b/bosh/opsfiles/platform-cells.yml index 6c07baec..e334f892 100644 --- a/bosh/opsfiles/platform-cells.yml +++ b/bosh/opsfiles/platform-cells.yml @@ -225,19 +225,6 @@ network: ((network_name)) domain: bosh -# Enable service discovery -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=bosh-dns-adapter? - value: - name: bosh-dns-adapter - properties: - internal_domains: ["apps.internal."] - dnshttps: - client: - tls: ((cf_app_sd_client_tls)) - server: - ca: ((cf_app_sd_server_tls.ca)) - release: cf-networking - type: replace path: /instance_groups/name=diego-platform-cell/jobs/name=route_emitter/properties/internal_routes? value: From 57c1b3f09552b28b800484986c76961b1765a37c Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 18 Jun 2024 14:32:42 -0400 Subject: [PATCH 09/36] Remove redundant platform diego cell property --- bosh/opsfiles/platform-cells.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/bosh/opsfiles/platform-cells.yml b/bosh/opsfiles/platform-cells.yml index e334f892..dd78edc7 100644 --- a/bosh/opsfiles/platform-cells.yml +++ b/bosh/opsfiles/platform-cells.yml @@ -225,7 +225,3 @@ network: ((network_name)) domain: bosh -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=route_emitter/properties/internal_routes? - value: - enabled: true From e0018937560ddcb6c1b733f5d607c7014a601c9e Mon Sep 17 00:00:00 2001 From: Ben Berry Date: Tue, 18 Jun 2024 12:14:52 -0700 Subject: [PATCH 10/36] Add CODEOWNERS (#859) * add codeowners * remove success-squad from codeowners --- CODEOWNERS | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..b9618789 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1,2 @@ +* @cloud-gov/platform-ops + From 00033d11e65983c22f75f80fee16b1622dd9ce3f Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 18 Jun 2024 15:25:18 -0400 Subject: [PATCH 11/36] Remove redundant ops file --- bosh/opsfiles/diego-dns.yml | 3 --- ci/pipeline.yml | 3 --- 2 files changed, 6 deletions(-) delete mode 100644 bosh/opsfiles/diego-dns.yml diff --git a/bosh/opsfiles/diego-dns.yml b/bosh/opsfiles/diego-dns.yml deleted file mode 100644 index b729037a..00000000 --- a/bosh/opsfiles/diego-dns.yml +++ /dev/null @@ -1,3 +0,0 @@ -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=silk-cni/properties?/dns_servers - value: [169.254.0.2] diff --git a/ci/pipeline.yml b/ci/pipeline.yml index cbe09ca9..842fdeff 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -65,7 +65,6 @@ jobs: - cf-manifests/bosh/opsfiles/instance-profiles.yml - cf-manifests/bosh/opsfiles/platform-cells.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - - cf-manifests/bosh/opsfiles/diego-dns.yml - cf-manifests/bosh/opsfiles/scaling-development.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml @@ -575,7 +574,6 @@ jobs: - cf-manifests/bosh/opsfiles/instance-profiles.yml - cf-manifests/bosh/opsfiles/platform-cells.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - - cf-manifests/bosh/opsfiles/diego-dns.yml - cf-manifests/bosh/opsfiles/scaling-staging.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml @@ -1090,7 +1088,6 @@ jobs: - cf-manifests/bosh/opsfiles/instance-profiles.yml - cf-manifests/bosh/opsfiles/platform-cells.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - - cf-manifests/bosh/opsfiles/diego-dns.yml - cf-manifests/bosh/opsfiles/scaling-production.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/routing.yml From b82c494dc16ad3b44208ef920403760e8f751139 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 20 Jun 2024 10:20:42 -0400 Subject: [PATCH 12/36] Remove redundant configuration for trusted_ca_certificates --- .../opsfiles/disable-secure-service-credentials.yml | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/bosh/opsfiles/disable-secure-service-credentials.yml b/bosh/opsfiles/disable-secure-service-credentials.yml index 26e06ee8..013e2980 100644 --- a/bosh/opsfiles/disable-secure-service-credentials.yml +++ b/bosh/opsfiles/disable-secure-service-credentials.yml @@ -31,22 +31,9 @@ - type: remove path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/credhub_api -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates - value: - - ((application_ca.certificate)) - - ((uaa_ca.certificate)) - - type: remove path: /variables/name=uaa_clients_cc_service_key_client_secret -####This shouldn't have ever been here? -####- type: replace -#### path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs3-rootfs-setup/properties/cflinuxfs3-rootfs/trusted_certs -#### value: -#### - ((diego_instance_identity_ca.ca)) -#### - ((uaa_ssl.ca)) - - type: replace path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates value: From a2d2e7d43d498ec048b9f210362129deac2ee239 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 20 Jun 2024 11:10:10 -0400 Subject: [PATCH 13/36] Merging credhub removals together --- bosh/opsfiles/disable-secure-service-credentials.yml | 6 ++++++ bosh/opsfiles/enable-cflinuxfs4.yml | 12 ------------ ci/pipeline.yml | 3 --- 3 files changed, 6 insertions(+), 15 deletions(-) delete mode 100644 bosh/opsfiles/enable-cflinuxfs4.yml diff --git a/bosh/opsfiles/disable-secure-service-credentials.yml b/bosh/opsfiles/disable-secure-service-credentials.yml index 013e2980..1a3b603b 100644 --- a/bosh/opsfiles/disable-secure-service-credentials.yml +++ b/bosh/opsfiles/disable-secure-service-credentials.yml @@ -39,3 +39,9 @@ value: - ((diego_instance_identity_ca.ca)) - ((uaa_ssl.ca)) + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs + value: + - ((diego_instance_identity_ca.ca)) + - ((uaa_ssl.ca)) diff --git a/bosh/opsfiles/enable-cflinuxfs4.yml b/bosh/opsfiles/enable-cflinuxfs4.yml deleted file mode 100644 index a63490fc..00000000 --- a/bosh/opsfiles/enable-cflinuxfs4.yml +++ /dev/null @@ -1,12 +0,0 @@ -# This file is the midpoint to get cflinuxfs4 enabled - -# Used to pull out credhub_tls certificate - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs - value: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - - - diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 842fdeff..202da754 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -67,7 +67,6 @@ jobs: - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-development.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - cf-manifests/bosh/opsfiles/diego-rds-certs.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml @@ -576,7 +575,6 @@ jobs: - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-staging.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - cf-manifests/bosh/opsfiles/diego-rds-certs.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml @@ -1092,7 +1090,6 @@ jobs: - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - - cf-manifests/bosh/opsfiles/enable-cflinuxfs4.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - cf-manifests/bosh/opsfiles/diego-rds-certs.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml From de01e2b3af832daded19cb62333e1874e1c90951 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 20 Jun 2024 14:07:08 -0400 Subject: [PATCH 14/36] Continue to split diego-cells --- .../opsfiles/diego-cell-consumes-provides.yml | 30 ++ .../diego-cpu-entitlement-diego-cell.yml | 12 + bosh/opsfiles/diego-cpu-entitlement.yml | 8 - bosh/opsfiles/diego-rds-certs-diego-cell.yml | 261 ++++++++++++++++++ bosh/opsfiles/diego-rds-certs.yml | 7 +- ...-secure-service-credentials-diego-cell.yml | 14 + .../disable-secure-service-credentials.yml | 11 - bosh/opsfiles/log-levels-diego-cell.yml | 11 + bosh/opsfiles/log-levels.yml | 12 - bosh/opsfiles/meta-data-v2-diego-cell.yml | 3 + bosh/opsfiles/meta-data-v2.yml | 3 - bosh/opsfiles/platform-cells.yml | 28 -- ci/pipeline.yml | 18 ++ 13 files changed, 351 insertions(+), 67 deletions(-) create mode 100644 bosh/opsfiles/diego-cell-consumes-provides.yml create mode 100644 bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml create mode 100644 bosh/opsfiles/diego-rds-certs-diego-cell.yml create mode 100644 bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml create mode 100644 bosh/opsfiles/log-levels-diego-cell.yml create mode 100644 bosh/opsfiles/meta-data-v2-diego-cell.yml diff --git a/bosh/opsfiles/diego-cell-consumes-provides.yml b/bosh/opsfiles/diego-cell-consumes-provides.yml new file mode 100644 index 00000000..58a7c3bc --- /dev/null +++ b/bosh/opsfiles/diego-cell-consumes-provides.yml @@ -0,0 +1,30 @@ +# Needed because the isolation segment(s) exist +# Use distinct vxlan policy links for tenant cells +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa + value: {as: vpa-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa + value: {from: vpa-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa + value: {from: vpa-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables + value: {from: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables + value: {from: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables + value: {from: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables + value: {as: iptables-tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config + value: {from: cni_config_tenant} +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config + value: {as: cni_config_tenant} + diff --git a/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml b/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml new file mode 100644 index 00000000..a93b5822 --- /dev/null +++ b/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml @@ -0,0 +1,12 @@ +--- +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter + +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/loggregator/app_metric_exclusion_filter + +- type: remove + path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter + + +### This makes sure that absolute-cpu-entitlement is still emitting in addition to newer cpu_entitlement \ No newline at end of file diff --git a/bosh/opsfiles/diego-cpu-entitlement.yml b/bosh/opsfiles/diego-cpu-entitlement.yml index e4e2f836..3cdcfcbb 100644 --- a/bosh/opsfiles/diego-cpu-entitlement.yml +++ b/bosh/opsfiles/diego-cpu-entitlement.yml @@ -1,12 +1,4 @@ --- -- type: remove - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter - -- type: remove - path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/loggregator/app_metric_exclusion_filter - -- type: remove - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter - type: remove path: /instance_groups/name=diego-api/jobs/name=bbs/properties/loggregator/app_metric_exclusion_filter diff --git a/bosh/opsfiles/diego-rds-certs-diego-cell.yml b/bosh/opsfiles/diego-rds-certs-diego-cell.yml new file mode 100644 index 00000000..e746193a --- /dev/null +++ b/bosh/opsfiles/diego-rds-certs-diego-cell.yml @@ -0,0 +1,261 @@ +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- + value: |- + # rds-ca-2015-root.pem - expired 3/2020 but still in use some instances + -----BEGIN CERTIFICATE----- + MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx + EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoM + GUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMx + GzAZBgNVBAMMEkFtYXpvbiBSRFMgUm9vdCBDQTAeFw0xNTAyMDUwOTExMzFaFw0y + MDAzMDUwOTExMzFaMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv + bjEQMA4GA1UEBwwHU2VhdHRsZTEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNl + cywgSW5jLjETMBEGA1UECwwKQW1hem9uIFJEUzEbMBkGA1UEAwwSQW1hem9uIFJE + UyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD8nrZ8V + u+VA8yVlUipCZIKPTDcOILYpUe8Tct0YeQQr0uyl018StdBsa3CjBgvwpDRq1HgF + Ji2N3+39+shCNspQeE6aYU+BHXhKhIIStt3r7gl/4NqYiDDMWKHxHq0nsGDFfArf + AOcjZdJagOMqb3fF46flc8k2E7THTm9Sz4L7RY1WdABMuurpICLFE3oHcGdapOb9 + T53pQR+xpHW9atkcf3pf7gbO0rlKVSIoUenBlZipUlp1VZl/OD/E+TtRhDDNdI2J + P/DSMM3aEsq6ZQkfbz/Ilml+Lx3tJYXUDmp+ZjzMPLk/+3beT8EhrwtcG3VPpvwp + BIOqsqVVTvw/CwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw + AwEB/zAdBgNVHQ4EFgQUTgLurD72FchM7Sz1BcGPnIQISYMwHwYDVR0jBBgwFoAU + TgLurD72FchM7Sz1BcGPnIQISYMwDQYJKoZIhvcNAQEFBQADggEBAHZcgIio8pAm + MjHD5cl6wKjXxScXKtXygWH2BoDMYBJF9yfyKO2jEFxYKbHePpnXB1R04zJSWAw5 + 2EUuDI1pSBh9BA82/5PkuNlNeSTB3dXDD2PEPdzVWbSKvUB8ZdooV+2vngL0Zm4r + 47QPyd18yPHrRIbtBtHR/6CwKevLZ394zgExqhnekYKIqqEX41xsUV0Gm6x4vpjf + 2u6O/+YE2U+qyyxHE5Wd5oqde0oo9UUpFETJPVb6Q2cEeQib8PBAyi0i6KnF+kIV + A9dY7IHSubtCK/i8wxMVqfd5GtbA8mmpeJFwnDvm9rBEsHybl08qlax9syEwsUYr + /40NawZfTUU= + -----END CERTIFICATE----- + # rds-ca-2012-us-gov-west-1.pem - expired 8/17 but still in use some instances + -----BEGIN CERTIFICATE----- + MIIDQzCCAqygAwIBAgIJAMGs6m/j+u8sMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV + BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRMw + EQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNSRFMxHDAaBgNVBAMTE2F3cy5h + bWF6b24uY29tL3Jkcy8wHhcNMTIwODE2MDY0MjAwWhcNMTcwODE1MDY0MjAwWjB1 + MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2Vh + dHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEMMAoGA1UECxMDUkRTMRwwGgYDVQQD + ExNhd3MuYW1hem9uLmNvbS9yZHMvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB + gQCnTB7AkRR4xuhfAuOt5foNeCRBPeUujkzmJu1yfnTbtFi+g7zmovQ9BJcRoPYL + 45McnXyaT/7UjhJhCI5gnYlTIyBTRFh7lXFJryypFx8AIh6q3D/ht8b6cVro3sJ2 + k4x1w/c7akKKsZJtf0ZyhbMvNnBz3K3TWVB6c9DChbfyUQIDAQABo4HaMIHXMB0G + A1UdDgQWBBS/OwyfNJHDnAmnZBbq9ACiXz7O1jCBpwYDVR0jBIGfMIGcgBS/Owyf + NJHDnAmnZBbq9ACiXz7O1qF5pHcwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh + c2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20x + DDAKBgNVBAsTA1JEUzEcMBoGA1UEAxMTYXdzLmFtYXpvbi5jb20vcmRzL4IJAMGs + 6m/j+u8sMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACR37LqHlzjSH + 9gHCaiVJgCb0CCxSg3PHaQuv8h4ugAqQpGxpX3Zo97VgHnjEve21gXA74kzGUUAo + 7YNTZWbF2VkHUDqekXimvL3q1JEvHDKPkLJrxEic1zTU1uazb9uJeb1aVWTq6N8R + bx56xd/e3o7RYcPfLD45y7RRXKz3AmE= + -----END CERTIFICATE----- + # rds-ca-bundle-us-gov-west-1.pem - expires 5/22 + -----BEGIN CERTIFICATE----- + MIIECjCCAvKgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT + MRAwDgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQK + DBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRT + MSQwIgYDVQQDDBtBbWF6b24gUkRTIEdvdkNsb3VkIFJvb3QgQ0EwHhcNMTcwNTE5 + MjIzMTE5WhcNMjIwNTE4MTIwMDAwWjCBkzELMAkGA1UEBhMCVVMxEzARBgNVBAgM + Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBX + ZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxJDAiBgNVBAMM + G0FtYXpvbiBSRFMgdXMtZ292LXdlc3QtMSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD + ggEPADCCAQoCggEBAM8YZLKAzzOdNnoi7Klih26Zkj+OCpDfwx4ZYB6f8L8UoQi5 + 8z9ZtIwMjiJ/kO08P1yl4gfc7YZcNFvhGruQZNat3YNpxwUpQcr4mszjuffbL4uz + +/8FBxALdqCVOJ5Q0EVSfz3d9Bd1pUPL7ARtSpy7bn/tUPyQeI+lODYO906C0TQ3 + b9bjOsgAdBKkHfjLdsknsOZYYIzYWOJyFJJa0B11XjDUNBy/3IuC0KvDl6At0V5b + 8M6cWcKhte2hgjwTYepV+/GTadeube1z5z6mWsN5arOAQUtYDLH6Aztq9mCJzLHm + RccBugnGl3fRLJ2VjioN8PoGoN9l9hFBy5fnFgsCAwEAAaNmMGQwDgYDVR0PAQH/ + BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEG7+br8KkvwPd5g + 71Rvh2stclJbMB8GA1UdIwQYMBaAFEkQz6S4NS5lOYKcDjBSuCcVpdzjMA0GCSqG + SIb3DQEBCwUAA4IBAQBMA327u5ABmhX+aPxljoIbxnydmAFWxW6wNp5+rZrvPig8 + zDRqGQWWr7wWOIjfcWugSElYtf/m9KZHG/Z6+NG7nAoUrdcd1h/IQhb+lFQ2b5g9 + sVzQv/H2JNkfZA8fL/Ko/Tm/f9tcqe0zrGCtT+5u0Nvz35Wl8CEUKLloS5xEb3k5 + 7D9IhG3fsE3vHWlWrGCk1cKry3j12wdPG5cUsug0vt34u6rdhP+FsM0tHI15Kjch + RuUCvyQecy2ZFNAa3jmd5ycNdL63RWe8oayRBpQBxPPCbHfILxGZEdJbCH9aJ2D/ + l8oHIDnvOLdv7/cBjyYuvmprgPtu3QEkbre5Hln/ + -----END CERTIFICATE----- + # Amazon RDS GovCloud Root CA - expires 5/22 + -----BEGIN CERTIFICATE----- + MIIEDjCCAvagAwIBAgIJAMM61RQn3/kdMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD + VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi + MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h + em9uIFJEUzEkMCIGA1UEAwwbQW1hem9uIFJEUyBHb3ZDbG91ZCBSb290IENBMB4X + DTE3MDUxOTIyMjkxMVoXDTIyMDUxODIyMjkxMVowgZMxCzAJBgNVBAYTAlVTMRAw + DgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQKDBlB + bWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMSQw + IgYDVQQDDBtBbWF6b24gUkRTIEdvdkNsb3VkIFJvb3QgQ0EwggEiMA0GCSqGSIb3 + DQEBAQUAA4IBDwAwggEKAoIBAQDGS9bh1FGiJPT+GRb3C5aKypJVDC1H2gbh6n3u + j8cUiyMXfmm+ak402zdLpSYMaxiQ7oL/B3wEmumIpRDAsQrSp3B/qEeY7ipQGOfh + q2TXjXGIUjiJ/FaoGqkymHRLG+XkNNBtb7MRItsjlMVNELXECwSiMa3nJL2/YyHW + nTr1+11/weeZEKgVbCUrOugFkMXnfZIBSn40j6EnRlO2u/NFU5ksK5ak2+j8raZ7 + xW7VXp9S1Tgf1IsWHjGZZZguwCkkh1tHOlHC9gVA3p63WecjrIzcrR/V27atul4m + tn56s5NwFvYPUIx1dbC8IajLUrepVm6XOwdQCfd02DmOyjWJAgMBAAGjYzBhMA4G + A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRJEM+kuDUu + ZTmCnA4wUrgnFaXc4zAfBgNVHSMEGDAWgBRJEM+kuDUuZTmCnA4wUrgnFaXc4zAN + BgkqhkiG9w0BAQsFAAOCAQEAcfA7uirXsNZyI2j4AJFVtOTKOZlQwqbyNducnmlg + /5nug9fAkwM4AgvF5bBOD1Hw6khdsccMwIj+1S7wpL+EYb/nSc8G0qe1p/9lZ/mZ + ff5g4JOa26lLuCrZDqAk4TzYnt6sQKfa5ZXVUUn0BK3okhiXS0i+NloMyaBCL7vk + kDwkHwEqflRKfZ9/oFTcCfoiHPA7AdBtaPVr0/Kj9L7k+ouz122huqG5KqX0Zpo8 + S0IGvcd2FZjNSNPttNAK7YuBVsZ0m2nIH1SLp//00v7yAHIgytQwwB17PBcp4NXD + pCfTa27ng9mMMC2YLqWQpW4TkqjDin2ZC+5X/mbrjzTvVg== + -----END CERTIFICATE----- + # rds-ca-bundle-us-gov-east-1.pem - expires 7/23 + -----BEGIN CERTIFICATE----- + MIIEAjCCAuqgAwIBAgIJANmdqLPF/hNbMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD + VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi + MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h + em9uIFJEUzEeMBwGA1UEAwwVQW1hem9uIFJEUyBDTiBSb290IENBMB4XDTE4MDcy + ODAwNTIyNloXDTIzMDcyNzAwNTIyNlowgY0xCzAJBgNVBAYTAlVTMRAwDgYDVQQH + DAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQKDBlBbWF6b24g + V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMR4wHAYDVQQD + DBVBbWF6b24gUkRTIENOIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw + ggEKAoIBAQCuwuQHbUOevOTFx49xrBLDXHP9P7LR7n5t18tWLG/dB8ouXcpmUIk8 + XFgN3GXtfuHTheOaXhAZqzTCYza7gUP6KXHCN/dOoXqgaaOJbpVwnitLHHUt5maA + cgwRtLZTteyT92wGG2leb8WgA6MZTGx09In0D31OEwa5NbbAzVBClZgMbV/6D9IE + +/GUuu7qmGXXcj24Vnsem7L6Us8zmEO3sT9hCj1yldHyluwj1eSUaIv1NQ0M4iO5 + 2a1W8TmXGFgGMth2uFax6APVk++pB6kJoKGhgm49+IFLVnSzwMqNut0RC/nTCMXS + hDntHe7QiaWnhrU9zpYh5VmLu37n6lg7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB + BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTPi7UAEXJ3JaMf3Yh4didZKro5 + /TAfBgNVHSMEGDAWgBTPi7UAEXJ3JaMf3Yh4didZKro5/TANBgkqhkiG9w0BAQsF + AAOCAQEAgXyl/JSg6D9hnGjhD+cdEIgnKV4L7VVpY396IHFT+m0y3VupAsEC98XY + nB9lWKW0ALj2JxqKQOtJe6ZposMAnWZ+WctPQKdUnDyKT7/uZf/WMo/Lfs+IaiV4 + Dii9HcvdGPMO5qlMzeH4zGCl/QvtVp5mwaxfkqTCWBkxApb0gdhHaMYyH+J//e0O + CS4sR6S95R2d+OXsGEd3Se2BoKaL3KQGpIoI85lwt8l+YRd+O7Ig0taEE1T1SVAY + rirVdtCyK+dEDq2xKoyR79VesgiPKTMcJPou6gXdeezJE1nL8te47yZlJFoAUL6v + EP9EpISn/Jp+QPoFSUFL/FssWEfdLw== + -----END CERTIFICATE----- + # Amazon RDS us-gov-east-1 CA - expires 6/22 + -----BEGIN CERTIFICATE----- + MIIEBDCCAuygAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAlVT + MRAwDgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQK + DBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRT + MR4wHAYDVQQDDBVBbWF6b24gUkRTIENOIFJvb3QgQ0EwHhcNMTgwNzI4MDA1MjMz + WhcNMjIwNjAxMTIwMDAwWjCBkzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp + bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2Vy + dmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxJDAiBgNVBAMMG0FtYXpv + biBSRFMgdXMtZ292LWVhc3QtMSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC + AQoCggEBANcmOUZZiG+PdIVFlXpCrWmMrDZaU7tlou3B/bH1ECT/nFkLBncLrXJ/ + VItIsEoiKbjtqikuxfOuTOEtlreH4OCogS1fam1I8IYWTcXe1YwFXVfDRVauw9Mr + Up+Ng0iaoZX4ACjHEgDE5Vr7zh69U3S8+NIWO5mRJQJb3QHXCedp3lKOLXOdEzcZ + VT+IfgpFXTpi7+PXK8RVAFrWV6fKLjFYNzFHcaQz1nH/tH1dQCGm+OMOIaTAQ0vQ + jV1iBwoAbzwayvLCil7sGMsKp8t5gWj08NU4KFY1YlA+vvam3HeZV3xDjKyY0YIO + f47+wL3WBwock/0cz7nJo+zZMSPLxJMCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEG + MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBpaY4ioEu0rZrIPWaevervN + X6s/MB8GA1UdIwQYMBaAFM+LtQARcnclox/diHh2J1kqujn9MA0GCSqGSIb3DQEB + CwUAA4IBAQBvUChSX19imujJHUqoJUfUFj1tSFhgZSm8av4F98KKIoJIxA9bIF9R + 8tSkLWRTZEXaBlmol7UXbMUDQUMmYNuST41bI2/4VQqMHg526Ja/MbfHVrYqiXUK + vmeF525/PTH9H1B2LvUNuwmO0S+tl0jwKL0dMHn62Giz8u6sGgOmwfhbJohUq3CD + KuwHwfZXlg0yiA7OSEUAGe9RK0MpoVppKF/lotEzcIcilStfEZQce4h3q2/rAc5d + e7tNxfZRKhtuGPR5/G0Z3j5z8yQMRZxnCDbq6JvE3vUggWSjBNXoSlhvzj6BiEBy + B4rKazWN1OzrKIX0yoiXx6SgtooVPx0k + -----END CERTIFICATE----- + # Amazon RDS us-gov-east-1 Root CA ECC384 G1 - expires 5/2121 + -----BEGIN CERTIFICATE----- + MIICtjCCAjugAwIBAgIQCojG1Zix0YArC/bBkU7eOjAKBggqhkjOPQQDAzCBmjEL + MAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4x + EzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTMwMQYDVQQDDCpBbWF6 + b24gUkRTIHVzLWdvdi1lYXN0LTEgUm9vdCBDQSBFQ0MzODQgRzExEDAOBgNVBAcM + B1NlYXR0bGUwIBcNMjEwNTI2MjIyODU4WhgPMjEyMTA1MjYyMzI4NThaMIGaMQsw + CQYDVQQGEwJVUzEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjET + MBEGA1UECwwKQW1hem9uIFJEUzELMAkGA1UECAwCV0ExMzAxBgNVBAMMKkFtYXpv + biBSRFMgdXMtZ292LWVhc3QtMSBSb290IENBIEVDQzM4NCBHMTEQMA4GA1UEBwwH + U2VhdHRsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABKZfn/XfCIlHTE/YF5lH9D2h + H71kG3RaC92hBPbyncbDMf2Q7JeYwhknKahWmSO/EP0Nj+9iCFimT/Jb9o9ykkKl + gOvv/M6SQAuKsC/24PxwC8QV1miuTMUd7fGhNjQUHKNCMEAwDwYDVR0TAQH/BAUw + AwEB/zAdBgNVHQ4EFgQUniTlDl2igVgummx44YNMd5t4mMgwDgYDVR0PAQH/BAQD + AgGGMAoGCCqGSM49BAMDA2kAMGYCMQCSb8X09cnFdS90i1nqRLhancNU8bCFoI86 + hqyctq0ftvXXmEe0bA+JnpIm5p/UKUUCMQCYYYQFfkeZtD4SOxSIE+WzfghJFaAq + /s17Q6LU2tCl4/csuzsTAl/vCc0JVynH340= + -----END CERTIFICATE----- + # Amazon RDS us-gov-east-1 Root CA RSA4096 G1 - expires 5/2121 + -----BEGIN CERTIFICATE----- + MIIGBjCCA+6gAwIBAgIQaoLp1Iv1/fO7VY8+oWlsgjANBgkqhkiG9w0BAQwFADCB + mzELMAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIElu + Yy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTQwMgYDVQQDDCtB + bWF6b24gUkRTIHVzLWdvdi1lYXN0LTEgUm9vdCBDQSBSU0E0MDk2IEcxMRAwDgYD + VQQHDAdTZWF0dGxlMCAXDTIxMDUyNjIyMjMwNloYDzIxMjEwNTI2MjMyMzA2WjCB + mzELMAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIElu + Yy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTQwMgYDVQQDDCtB + bWF6b24gUkRTIHVzLWdvdi1lYXN0LTEgUm9vdCBDQSBSU0E0MDk2IEcxMRAwDgYD + VQQHDAdTZWF0dGxlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsiIo + 3SyckN+EuZZLEcIgGyfqlO1AuVh2MF+dCrIxvuX9L+Nv6hLck9ArKVIuGotkp3im + 37BzilxaY+3GI+FkMq7aQo9TLYHKX78ZVqMGBWIuIskm/iwHgFtoscecGEwRekLc + Hswl1Odi4y/vmLTHgZIar8fIEB6OIhUO9q0fT9zY+LX9IuH51NjaePsbMHxksrmm + tbmz1zqUsANu/0bG73B1vMfRs3DmCesm+v8hlBDVawla4zPY9/f8pnpIwfOeEjKw + M+llHdLALFjNV4BCdOuwCl0O2XtSX8450knBxsEA5iXoGkZXc6GrsEq7pK6ZZ/7W + /08ejAMrS36Hi3bEYB/RLiG9X6yGgy5QRn7vnXDxFX9DaZID9k1SUbzP8YidGtDc + UnyeQ7gkJQazrPSn71bnNLiL2H3DW6dPxaZwTotLVpXn4WbNtei9zfP0gl5B86CX + 35Ac4NP/6QAdgUeSJ/1sX+IIf3N65NkXWcOtpDIrvseLXyeNxWne27oUNPJ0wgE2 + /2vNlvbXpNIERNcxCYTzgVHMQ9T2rJdrSeyzRpcGF8NODHGPOmc9XI6WWWvrs9kI + 9sCd6LZZ+ViAZPLAwd4k7vttMX5tAXtRREREaqClr5mG/G/lQ+V3GacBR8Z7/i9Y + St+ETUgxPLoiVtoQmiBigj/u8WeYlMDtw9koUxcCAwEAAaNCMEAwDwYDVR0TAQH/ + BAUwAwEB/zAdBgNVHQ4EFgQUHamNV9Qjt8qSO4R8YI9jX7QABIUwDgYDVR0PAQH/ + BAQDAgGGMA0GCSqGSIb3DQEBDAUAA4ICAQCiqAqTb+r4proOPxDjpuOBLaxhqGkC + aU3uBi8iUBiw/8tgVXVeqIrmUNI3t8cMWySYjPcL3Pkaui6lV2kX3XUV9QrAWaFC + Za+nuZNlmLvV27KrvEh9KhW9kqsudibq7fGYureVuEi1JtCczp6JlBzSA+m1a0Nh + y/rRRHQ0g/uoEnIdQrqdJL4pBBLdgSLOFD/O56obO0uoRq1x60g67+J5d3OGfRSW + kb8lR2Ub6HlcD+WDnpLtxyQDSkyK5pFjRKmljxQIZ9FcQfG4P8tXkef130Kbr6ZA + caMKRUtj4FjozuuHi0E7Tv/vujjhg1vEjK471uM5ZHpEqUQaxLo9MbJZJl5SfFum + RSut5ebM/NQnhF+RES08xOG1UFoIjSZ4cmAaA8ggn+vjsBBZitWJ1jc4pk6MhySA + qRJuMeYVCNK/dNCYk/me+Z8y6KvNl6ih00A2RQDlVFySH3Lvo2MGMX/F3qJTUlWX + YWKEslCGhte7755AFgfa9dMKv5ir8tg6NdOLVgSQVU3rVv0F2XM7URxkNtaczgC+ + rSX682gTqnZcK2hrWy2cuktN1N8i0FqX1n8tNLQwpeDvcJXgoVATsZUb6aDHmTJR + k+8N+RsNwC/hHzKs2Vj4YKNP8MelxWcgtu0/QJAtq1/4YFMRY7qv1pCfcQGfg8Sx + JFiKTJMbfPV2uQ== + -----END CERTIFICATE----- + #New certs 2/22 + #Amazon RDS us-gov-west-1 Root CA RSA4096 G1 - expires 5/2121 + -----BEGIN CERTIFICATE----- + MIIGBzCCA++gAwIBAgIRAOzQCoOR21YG2noWOfFcuNIwDQYJKoZIhvcNAQEMBQAw + gZsxCzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJ + bmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTE0MDIGA1UEAwwr + QW1hem9uIFJEUyB1cy1nb3Ytd2VzdC0xIFJvb3QgQ0EgUlNBNDA5NiBHMTEQMA4G + A1UEBwwHU2VhdHRsZTAgFw0yMTA1MjYyMTQ0MzlaGA8yMTIxMDUyNjIyNDQzOVow + gZsxCzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJ + bmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTE0MDIGA1UEAwwr + QW1hem9uIFJEUyB1cy1nb3Ytd2VzdC0xIFJvb3QgQ0EgUlNBNDA5NiBHMTEQMA4G + A1UEBwwHU2VhdHRsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANwY + M2iZdnnlMutI9nfn2fWBICAQHWmMmpPmtSka/ziBFyaCxkHDF8RLmooW+GLe+FEF + 9CQKSVqRa7X5AFiqRFF1KvgxWvazawyScuw88JW6Eqhaw0Rlm2p1Iow3TE8FSCDo + Is1vEV3Brbf26CMiXbqI+aCuTOy0fjRzjl5igViTgZxt2ZXOwyKkF+2T8LQp4b4F + Mh85Ctw1An1DhAemsc3SmcYnPKyFUP90DxGuTjFtfNR01GbBtVYwVvOBgIJe59Zs + OWcEFOO2mU53Ik6oKcLYu4+PmE5aDvQewb6bkQZchClb7Eg0BPYekWwTPsKUTS3H + bgdwVxgzjdAdU9fvaaoQmS9xdHWlonKq8CubJdLUduV3WVmDAg7MQgiT3p8JF9W2 + KbQpUbYxqd7j9OIe3IS3rVPwYA8PVh1hUJ+OBLw61sbGRAuN3H+B1DlJh1smg6bR + g9W+oLRzfjZa32EzFmaQIxtgRfiyjxB/vqAHdl5zPou30X1CyRYquS870O02bvTN + zzWSOfRY4KPmS1YFVsN+m+R4+hSUOAE//bJ25ACP9oDO5w9NWkAux4e0UUAuWCra + jRROYN2J0KCogdru5G7lOQerD12zi3C2iibty6ou4tQX+MIKMMUVq8cfUH7oKv/R + 8mL5PV/NUsgO248llo0lr9QBwQKdiw17wCxFR+8vAgMBAAGjQjBAMA8GA1UdEwEB + /wQFMAMBAf8wHQYDVR0OBBYEFPDYnx2xYIPDDAEjb6UcF29I6DgKMA4GA1UdDwEB + /wQEAwIBhjANBgkqhkiG9w0BAQwFAAOCAgEANTrAGs/GpXCADAwMGlrjXTdohp+p + CIp3gbnryVYZBXvO+f8hjJ8bHk0D/DiBrkjE8o0IpNaAadOZa+WvTNMsanPmGf1A + kD0vA9nm4gwEhBbzj9HRYX+dIhZhVWny9Kugm80s0h0hvbwTakUPOdMqkz6wn+xx + Owh7AIwaC5TTCsQyKlv5rjVblvU1XFgBf3Pf3wvMAfjDoAEPTXER/9mLVbXe+EmW + osP1JmgyDd+0WQFVK/LEDW81L5hsV5JvthAAFhGVtRw9ko5Ep28+EQUJE1wmLTdL + PyjB/KfJrTMDq94WolzFv4JpUStHbclkKlXtigjKeiYZ5Yvo+vLMSkXemccSfYn7 + vdaUFD5vqWXvM4xhiYRq/tigw2E1bjmyd9L3XD7XalufZtMGWn7zT8HMPP+/Lch1 + JjZ9LL2Y99VIqhoHcuSa95FtLpYDRQ28K03uwqxqFnOQLyPVmYwsaHKnmmwaZDjF + K1XxLVRLGRWvKEuSoWrsGcs3ehoxX4Knz/BaJzr/ioU1VnItj53tmOSJO0eMA6k+ + egaVEb0FTa2F5xeLCKjgfDDWMz3v0TdL+kt+9z0THMlPWfOzd1C35ZzSIcTcRj22 + SAzsL0t5ZTI4XvoPFF8dga78/KsBRolqdPjs0UzdlKhwh1ADOkTRgLOaaidMEgsT + JS/rbzD4FPbvc/g= + -----END CERTIFICATE----- + #Amazon RDS us-gov-west-1 Root CA ECC384 G1 - expires 5/2121 + -----BEGIN CERTIFICATE----- + MIICtDCCAjugAwIBAgIQPyg+edjKVnM2PB4KZVu66jAKBggqhkjOPQQDAzCBmjEL + MAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4x + EzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTMwMQYDVQQDDCpBbWF6 + b24gUkRTIHVzLWdvdi13ZXN0LTEgUm9vdCBDQSBFQ0MzODQgRzExEDAOBgNVBAcM + B1NlYXR0bGUwIBcNMjEwNTI2MjE1MzI3WhgPMjEyMTA1MjYyMjUzMjdaMIGaMQsw + CQYDVQQGEwJVUzEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjET + MBEGA1UECwwKQW1hem9uIFJEUzELMAkGA1UECAwCV0ExMzAxBgNVBAMMKkFtYXpv + biBSRFMgdXMtZ292LXdlc3QtMSBSb290IENBIEVDQzM4NCBHMTEQMA4GA1UEBwwH + U2VhdHRsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABFaqyIYrbpPfhiKzLEkmzp1j + 3OYO/e1VE3vCf5c62bN5xYKFKH/MnKgsUFNsFpJ1t0p9cexi+607aiYOo1sOWvOj + q3PUu+ltklQdvunU/Se5++qqsh7lylL5OF/F19uqfqNCMEAwDwYDVR0TAQH/BAUw + AwEB/zAdBgNVHQ4EFgQUJHPtPhijPquZxTz2UGh4YV1npYMwDgYDVR0PAQH/BAQD + AgGGMAoGCCqGSM49BAMDA2cAMGQCMHWDFuIZ9LZgysbL4vx/Ox9z8fbegb3352bM + BFr6JV1x8VLbePblHd0V1MwDdRWeAwIwarWfOVdB1ijrwzjROzCwE0uBkHYUPr0Z + vgwdtlsnwDw9TnjsBrTJkQ0aS8c0Ahl1 + -----END CERTIFICATE----- + + + diff --git a/bosh/opsfiles/diego-rds-certs.yml b/bosh/opsfiles/diego-rds-certs.yml index 024eb9e5..319a3f4b 100644 --- a/bosh/opsfiles/diego-rds-certs.yml +++ b/bosh/opsfiles/diego-rds-certs.yml @@ -1,6 +1,6 @@ - type: replace - path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- - value: &rds-ca |- + path: /instance_groups/name=diego-platform-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- + value: |- # rds-ca-2015-root.pem - expired 3/2020 but still in use some instances -----BEGIN CERTIFICATE----- MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx @@ -258,6 +258,3 @@ -----END CERTIFICATE----- -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- - value: *rds-ca diff --git a/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml b/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml new file mode 100644 index 00000000..6d327f40 --- /dev/null +++ b/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml @@ -0,0 +1,14 @@ +# This file exists to remove CredHub Secured Service Credential Delivery which +# is now on by default in cf-deployment >=4.x. + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates + value: + - ((diego_instance_identity_ca.ca)) + - ((uaa_ssl.ca)) + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs + value: + - ((diego_instance_identity_ca.ca)) + - ((uaa_ssl.ca)) diff --git a/bosh/opsfiles/disable-secure-service-credentials.yml b/bosh/opsfiles/disable-secure-service-credentials.yml index 1a3b603b..4afda218 100644 --- a/bosh/opsfiles/disable-secure-service-credentials.yml +++ b/bosh/opsfiles/disable-secure-service-credentials.yml @@ -34,14 +34,3 @@ - type: remove path: /variables/name=uaa_clients_cc_service_key_client_secret -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/containers/trusted_ca_certificates - value: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs/trusted_certs - value: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) diff --git a/bosh/opsfiles/log-levels-diego-cell.yml b/bosh/opsfiles/log-levels-diego-cell.yml new file mode 100644 index 00000000..d57f46de --- /dev/null +++ b/bosh/opsfiles/log-levels-diego-cell.yml @@ -0,0 +1,11 @@ +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level? + value: error + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/log_level? + value: error + +- type: replace + path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/diego/route_emitter/log_level? + value: error diff --git a/bosh/opsfiles/log-levels.yml b/bosh/opsfiles/log-levels.yml index c324518d..2955c3c0 100644 --- a/bosh/opsfiles/log-levels.yml +++ b/bosh/opsfiles/log-levels.yml @@ -1,15 +1,3 @@ -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level? - value: error - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=rep/properties/diego/rep/log_level? - value: error - -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=route_emitter/properties/diego/route_emitter/log_level? - value: error - - type: replace path: /instance_groups/name=api/jobs/name=cloud_controller_ng/properties/cc/security_event_logging?/enabled value: true diff --git a/bosh/opsfiles/meta-data-v2-diego-cell.yml b/bosh/opsfiles/meta-data-v2-diego-cell.yml new file mode 100644 index 00000000..b24f3108 --- /dev/null +++ b/bosh/opsfiles/meta-data-v2-diego-cell.yml @@ -0,0 +1,3 @@ +- type: replace + path: /instance_groups/name=diego-cell/vm_extensions/- + value: meta-data-v2 diff --git a/bosh/opsfiles/meta-data-v2.yml b/bosh/opsfiles/meta-data-v2.yml index 34297775..39eabc44 100644 --- a/bosh/opsfiles/meta-data-v2.yml +++ b/bosh/opsfiles/meta-data-v2.yml @@ -1,6 +1,3 @@ -- type: replace - path: /instance_groups/name=diego-cell/vm_extensions/- - value: meta-data-v2 - type: replace path: /instance_groups/name=diego-platform-cell/vm_extensions/- value: meta-data-v2 diff --git a/bosh/opsfiles/platform-cells.yml b/bosh/opsfiles/platform-cells.yml index dd78edc7..0bf8bdbb 100644 --- a/bosh/opsfiles/platform-cells.yml +++ b/bosh/opsfiles/platform-cells.yml @@ -186,34 +186,6 @@ path: /instance_groups/name=diego-platform-cell/jobs/name=rep/properties/diego/rep/placement_tags?/- value: platform -# Use distinct vxlan policy links for tenant cells -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/provides?/vpa - value: {as: vpa-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/vpa - value: {from: vpa-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-cni/consumes?/vpa - value: {from: vpa-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/iptables - value: {from: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-daemon/consumes?/iptables - value: {from: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=netmon/consumes?/iptables - value: {from: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=garden/provides?/iptables - value: {as: iptables-tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/consumes?/cni_config - value: {from: cni_config_tenant} -- type: replace - path: /instance_groups/name=diego-cell/jobs/name=silk-cni/provides?/cni_config - value: {as: cni_config_tenant} # Add platform cells to DNS aliases - type: replace diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 202da754..d6506864 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -62,19 +62,24 @@ jobs: - cf-manifests/bosh/opsfiles/encryption.yml - cf-manifests/bosh/opsfiles/sql.yml - cf-manifests/bosh/opsfiles/log-levels.yml + - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-development.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml + - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml - cf-manifests/bosh/opsfiles/diego-rds-certs.yml + - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/content-security-policy.yml - cf-manifests/bosh/opsfiles/loggregator.yml - cf-manifests/bosh/opsfiles/meta-data-v2.yml + - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-main-dev.yml - cf-manifests/bosh/opsfiles/router-logstash.yml @@ -83,6 +88,7 @@ jobs: - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/add-opensearch-ca.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml + - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml - cf-manifests/bosh/opsfiles/aggregate_drains.yml vars_files: - cf-manifests/bosh/varsfiles/development.yml @@ -570,23 +576,29 @@ jobs: - cf-manifests/bosh/opsfiles/encryption.yml - cf-manifests/bosh/opsfiles/sql.yml - cf-manifests/bosh/opsfiles/log-levels.yml + - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-staging.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml + - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml - cf-manifests/bosh/opsfiles/diego-rds-certs.yml + - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/loggregator.yml - cf-manifests/bosh/opsfiles/meta-data-v2.yml + - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-logstash.yml - cf-manifests/bosh/opsfiles/add-autoscaler-ca.yml - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml + - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml vars_files: - cf-manifests/bosh/varsfiles/staging.yml - terraform-secrets/terraform.yml @@ -1083,23 +1095,29 @@ jobs: - cf-manifests/bosh/opsfiles/encryption.yml - cf-manifests/bosh/opsfiles/sql.yml - cf-manifests/bosh/opsfiles/log-levels.yml + - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-production.yml - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml + - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml - cf-manifests/bosh/opsfiles/diego-rds-certs.yml + - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/loggregator.yml - cf-manifests/bosh/opsfiles/meta-data-v2.yml + - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-logstash.yml - cf-manifests/bosh/opsfiles/add-autoscaler-ca.yml - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml + - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml vars_files: - cf-manifests/bosh/varsfiles/production.yml - terraform-secrets/terraform.yml From c10e0977c68bc05e9ccb37776bae8ee93544b911 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Fri, 21 Jun 2024 11:17:19 -0400 Subject: [PATCH 15/36] Rework so diego-platform-cell is generated from diego-cell --- .../opsfiles/diego-cell-consumes-provides.yml | 4 + bosh/opsfiles/diego-cell-disk.yml | 4 + .../diego-cpu-entitlement-diego-cell.yml | 8 +- bosh/opsfiles/diego-rds-certs-diego-cell.yml | 4 + bosh/opsfiles/diego-rds-certs.yml | 260 ------------------ ...-secure-service-credentials-diego-cell.yml | 4 + bosh/opsfiles/log-levels-diego-cell.yml | 4 + bosh/opsfiles/meta-data-v2-diego-cell.yml | 4 + bosh/opsfiles/meta-data-v2.yml | 3 - bosh/opsfiles/platform-cells.yml | 182 +----------- bosh/opsfiles/scaling-development.yml | 5 +- bosh/opsfiles/scaling-staging.yml | 3 + ci/create-diego-platform-cell.sh | 36 +++ ci/create-diego-platform-cell.yml | 21 ++ ci/pipeline.yml | 17 +- 15 files changed, 107 insertions(+), 452 deletions(-) delete mode 100644 bosh/opsfiles/diego-rds-certs.yml delete mode 100644 bosh/opsfiles/meta-data-v2.yml create mode 100755 ci/create-diego-platform-cell.sh create mode 100644 ci/create-diego-platform-cell.yml diff --git a/bosh/opsfiles/diego-cell-consumes-provides.yml b/bosh/opsfiles/diego-cell-consumes-provides.yml index 58a7c3bc..60ac239a 100644 --- a/bosh/opsfiles/diego-cell-consumes-provides.yml +++ b/bosh/opsfiles/diego-cell-consumes-provides.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + # Needed because the isolation segment(s) exist # Use distinct vxlan policy links for tenant cells - type: replace diff --git a/bosh/opsfiles/diego-cell-disk.yml b/bosh/opsfiles/diego-cell-disk.yml index d964f5de..2f7a151d 100644 --- a/bosh/opsfiles/diego-cell-disk.yml +++ b/bosh/opsfiles/diego-cell-disk.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + - type: replace path: /instance_groups/name=diego-cell/vm_extensions/0 value: 300GB_ephemeral_disk diff --git a/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml b/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml index a93b5822..7878bb01 100644 --- a/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml +++ b/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml @@ -1,4 +1,8 @@ ---- +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + +### This makes sure that absolute-cpu-entitlement is still emitting in addition to newer cpu_entitlement - type: remove path: /instance_groups/name=diego-cell/jobs/name=rep/properties/loggregator/app_metric_exclusion_filter @@ -8,5 +12,3 @@ - type: remove path: /instance_groups/name=diego-cell/jobs/name=vxlan-policy-agent/properties/loggregator/app_metric_exclusion_filter - -### This makes sure that absolute-cpu-entitlement is still emitting in addition to newer cpu_entitlement \ No newline at end of file diff --git a/bosh/opsfiles/diego-rds-certs-diego-cell.yml b/bosh/opsfiles/diego-rds-certs-diego-cell.yml index e746193a..5914e71c 100644 --- a/bosh/opsfiles/diego-rds-certs-diego-cell.yml +++ b/bosh/opsfiles/diego-rds-certs-diego-cell.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + - type: replace path: /instance_groups/name=diego-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- value: |- diff --git a/bosh/opsfiles/diego-rds-certs.yml b/bosh/opsfiles/diego-rds-certs.yml deleted file mode 100644 index 319a3f4b..00000000 --- a/bosh/opsfiles/diego-rds-certs.yml +++ /dev/null @@ -1,260 +0,0 @@ -- type: replace - path: /instance_groups/name=diego-platform-cell/jobs/name=cflinuxfs4-rootfs-setup/properties/cflinuxfs4-rootfs?/trusted_certs/- - value: |- - # rds-ca-2015-root.pem - expired 3/2020 but still in use some instances - -----BEGIN CERTIFICATE----- - MIID9DCCAtygAwIBAgIBQjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UEBhMCVVMx - EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoM - GUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMx - GzAZBgNVBAMMEkFtYXpvbiBSRFMgUm9vdCBDQTAeFw0xNTAyMDUwOTExMzFaFw0y - MDAzMDUwOTExMzFaMIGKMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3Rv - bjEQMA4GA1UEBwwHU2VhdHRsZTEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNl - cywgSW5jLjETMBEGA1UECwwKQW1hem9uIFJEUzEbMBkGA1UEAwwSQW1hem9uIFJE - UyBSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuD8nrZ8V - u+VA8yVlUipCZIKPTDcOILYpUe8Tct0YeQQr0uyl018StdBsa3CjBgvwpDRq1HgF - Ji2N3+39+shCNspQeE6aYU+BHXhKhIIStt3r7gl/4NqYiDDMWKHxHq0nsGDFfArf - AOcjZdJagOMqb3fF46flc8k2E7THTm9Sz4L7RY1WdABMuurpICLFE3oHcGdapOb9 - T53pQR+xpHW9atkcf3pf7gbO0rlKVSIoUenBlZipUlp1VZl/OD/E+TtRhDDNdI2J - P/DSMM3aEsq6ZQkfbz/Ilml+Lx3tJYXUDmp+ZjzMPLk/+3beT8EhrwtcG3VPpvwp - BIOqsqVVTvw/CwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw - AwEB/zAdBgNVHQ4EFgQUTgLurD72FchM7Sz1BcGPnIQISYMwHwYDVR0jBBgwFoAU - TgLurD72FchM7Sz1BcGPnIQISYMwDQYJKoZIhvcNAQEFBQADggEBAHZcgIio8pAm - MjHD5cl6wKjXxScXKtXygWH2BoDMYBJF9yfyKO2jEFxYKbHePpnXB1R04zJSWAw5 - 2EUuDI1pSBh9BA82/5PkuNlNeSTB3dXDD2PEPdzVWbSKvUB8ZdooV+2vngL0Zm4r - 47QPyd18yPHrRIbtBtHR/6CwKevLZ394zgExqhnekYKIqqEX41xsUV0Gm6x4vpjf - 2u6O/+YE2U+qyyxHE5Wd5oqde0oo9UUpFETJPVb6Q2cEeQib8PBAyi0i6KnF+kIV - A9dY7IHSubtCK/i8wxMVqfd5GtbA8mmpeJFwnDvm9rBEsHybl08qlax9syEwsUYr - /40NawZfTUU= - -----END CERTIFICATE----- - # rds-ca-2012-us-gov-west-1.pem - expired 8/17 but still in use some instances - -----BEGIN CERTIFICATE----- - MIIDQzCCAqygAwIBAgIJAMGs6m/j+u8sMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV - BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdTZWF0dGxlMRMw - EQYDVQQKEwpBbWF6b24uY29tMQwwCgYDVQQLEwNSRFMxHDAaBgNVBAMTE2F3cy5h - bWF6b24uY29tL3Jkcy8wHhcNMTIwODE2MDY0MjAwWhcNMTcwODE1MDY0MjAwWjB1 - MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHU2Vh - dHRsZTETMBEGA1UEChMKQW1hem9uLmNvbTEMMAoGA1UECxMDUkRTMRwwGgYDVQQD - ExNhd3MuYW1hem9uLmNvbS9yZHMvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB - gQCnTB7AkRR4xuhfAuOt5foNeCRBPeUujkzmJu1yfnTbtFi+g7zmovQ9BJcRoPYL - 45McnXyaT/7UjhJhCI5gnYlTIyBTRFh7lXFJryypFx8AIh6q3D/ht8b6cVro3sJ2 - k4x1w/c7akKKsZJtf0ZyhbMvNnBz3K3TWVB6c9DChbfyUQIDAQABo4HaMIHXMB0G - A1UdDgQWBBS/OwyfNJHDnAmnZBbq9ACiXz7O1jCBpwYDVR0jBIGfMIGcgBS/Owyf - NJHDnAmnZBbq9ACiXz7O1qF5pHcwdTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh - c2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxEzARBgNVBAoTCkFtYXpvbi5jb20x - DDAKBgNVBAsTA1JEUzEcMBoGA1UEAxMTYXdzLmFtYXpvbi5jb20vcmRzL4IJAMGs - 6m/j+u8sMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEACR37LqHlzjSH - 9gHCaiVJgCb0CCxSg3PHaQuv8h4ugAqQpGxpX3Zo97VgHnjEve21gXA74kzGUUAo - 7YNTZWbF2VkHUDqekXimvL3q1JEvHDKPkLJrxEic1zTU1uazb9uJeb1aVWTq6N8R - bx56xd/e3o7RYcPfLD45y7RRXKz3AmE= - -----END CERTIFICATE----- - # rds-ca-bundle-us-gov-west-1.pem - expires 5/22 - -----BEGIN CERTIFICATE----- - MIIECjCCAvKgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgZMxCzAJBgNVBAYTAlVT - MRAwDgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQK - DBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRT - MSQwIgYDVQQDDBtBbWF6b24gUkRTIEdvdkNsb3VkIFJvb3QgQ0EwHhcNMTcwNTE5 - MjIzMTE5WhcNMjIwNTE4MTIwMDAwWjCBkzELMAkGA1UEBhMCVVMxEzARBgNVBAgM - Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBX - ZWIgU2VydmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxJDAiBgNVBAMM - G0FtYXpvbiBSRFMgdXMtZ292LXdlc3QtMSBDQTCCASIwDQYJKoZIhvcNAQEBBQAD - ggEPADCCAQoCggEBAM8YZLKAzzOdNnoi7Klih26Zkj+OCpDfwx4ZYB6f8L8UoQi5 - 8z9ZtIwMjiJ/kO08P1yl4gfc7YZcNFvhGruQZNat3YNpxwUpQcr4mszjuffbL4uz - +/8FBxALdqCVOJ5Q0EVSfz3d9Bd1pUPL7ARtSpy7bn/tUPyQeI+lODYO906C0TQ3 - b9bjOsgAdBKkHfjLdsknsOZYYIzYWOJyFJJa0B11XjDUNBy/3IuC0KvDl6At0V5b - 8M6cWcKhte2hgjwTYepV+/GTadeube1z5z6mWsN5arOAQUtYDLH6Aztq9mCJzLHm - RccBugnGl3fRLJ2VjioN8PoGoN9l9hFBy5fnFgsCAwEAAaNmMGQwDgYDVR0PAQH/ - BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFEG7+br8KkvwPd5g - 71Rvh2stclJbMB8GA1UdIwQYMBaAFEkQz6S4NS5lOYKcDjBSuCcVpdzjMA0GCSqG - SIb3DQEBCwUAA4IBAQBMA327u5ABmhX+aPxljoIbxnydmAFWxW6wNp5+rZrvPig8 - zDRqGQWWr7wWOIjfcWugSElYtf/m9KZHG/Z6+NG7nAoUrdcd1h/IQhb+lFQ2b5g9 - sVzQv/H2JNkfZA8fL/Ko/Tm/f9tcqe0zrGCtT+5u0Nvz35Wl8CEUKLloS5xEb3k5 - 7D9IhG3fsE3vHWlWrGCk1cKry3j12wdPG5cUsug0vt34u6rdhP+FsM0tHI15Kjch - RuUCvyQecy2ZFNAa3jmd5ycNdL63RWe8oayRBpQBxPPCbHfILxGZEdJbCH9aJ2D/ - l8oHIDnvOLdv7/cBjyYuvmprgPtu3QEkbre5Hln/ - -----END CERTIFICATE----- - # Amazon RDS GovCloud Root CA - expires 5/22 - -----BEGIN CERTIFICATE----- - MIIEDjCCAvagAwIBAgIJAMM61RQn3/kdMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD - VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi - MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h - em9uIFJEUzEkMCIGA1UEAwwbQW1hem9uIFJEUyBHb3ZDbG91ZCBSb290IENBMB4X - DTE3MDUxOTIyMjkxMVoXDTIyMDUxODIyMjkxMVowgZMxCzAJBgNVBAYTAlVTMRAw - DgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQKDBlB - bWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMSQw - IgYDVQQDDBtBbWF6b24gUkRTIEdvdkNsb3VkIFJvb3QgQ0EwggEiMA0GCSqGSIb3 - DQEBAQUAA4IBDwAwggEKAoIBAQDGS9bh1FGiJPT+GRb3C5aKypJVDC1H2gbh6n3u - j8cUiyMXfmm+ak402zdLpSYMaxiQ7oL/B3wEmumIpRDAsQrSp3B/qEeY7ipQGOfh - q2TXjXGIUjiJ/FaoGqkymHRLG+XkNNBtb7MRItsjlMVNELXECwSiMa3nJL2/YyHW - nTr1+11/weeZEKgVbCUrOugFkMXnfZIBSn40j6EnRlO2u/NFU5ksK5ak2+j8raZ7 - xW7VXp9S1Tgf1IsWHjGZZZguwCkkh1tHOlHC9gVA3p63WecjrIzcrR/V27atul4m - tn56s5NwFvYPUIx1dbC8IajLUrepVm6XOwdQCfd02DmOyjWJAgMBAAGjYzBhMA4G - A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRJEM+kuDUu - ZTmCnA4wUrgnFaXc4zAfBgNVHSMEGDAWgBRJEM+kuDUuZTmCnA4wUrgnFaXc4zAN - BgkqhkiG9w0BAQsFAAOCAQEAcfA7uirXsNZyI2j4AJFVtOTKOZlQwqbyNducnmlg - /5nug9fAkwM4AgvF5bBOD1Hw6khdsccMwIj+1S7wpL+EYb/nSc8G0qe1p/9lZ/mZ - ff5g4JOa26lLuCrZDqAk4TzYnt6sQKfa5ZXVUUn0BK3okhiXS0i+NloMyaBCL7vk - kDwkHwEqflRKfZ9/oFTcCfoiHPA7AdBtaPVr0/Kj9L7k+ouz122huqG5KqX0Zpo8 - S0IGvcd2FZjNSNPttNAK7YuBVsZ0m2nIH1SLp//00v7yAHIgytQwwB17PBcp4NXD - pCfTa27ng9mMMC2YLqWQpW4TkqjDin2ZC+5X/mbrjzTvVg== - -----END CERTIFICATE----- - # rds-ca-bundle-us-gov-east-1.pem - expires 7/23 - -----BEGIN CERTIFICATE----- - MIIEAjCCAuqgAwIBAgIJANmdqLPF/hNbMA0GCSqGSIb3DQEBCwUAMIGNMQswCQYD - VQQGEwJVUzEQMA4GA1UEBwwHU2VhdHRsZTETMBEGA1UECAwKV2FzaGluZ3RvbjEi - MCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjETMBEGA1UECwwKQW1h - em9uIFJEUzEeMBwGA1UEAwwVQW1hem9uIFJEUyBDTiBSb290IENBMB4XDTE4MDcy - ODAwNTIyNloXDTIzMDcyNzAwNTIyNlowgY0xCzAJBgNVBAYTAlVTMRAwDgYDVQQH - DAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQKDBlBbWF6b24g - V2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMR4wHAYDVQQD - DBVBbWF6b24gUkRTIENOIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw - ggEKAoIBAQCuwuQHbUOevOTFx49xrBLDXHP9P7LR7n5t18tWLG/dB8ouXcpmUIk8 - XFgN3GXtfuHTheOaXhAZqzTCYza7gUP6KXHCN/dOoXqgaaOJbpVwnitLHHUt5maA - cgwRtLZTteyT92wGG2leb8WgA6MZTGx09In0D31OEwa5NbbAzVBClZgMbV/6D9IE - +/GUuu7qmGXXcj24Vnsem7L6Us8zmEO3sT9hCj1yldHyluwj1eSUaIv1NQ0M4iO5 - 2a1W8TmXGFgGMth2uFax6APVk++pB6kJoKGhgm49+IFLVnSzwMqNut0RC/nTCMXS - hDntHe7QiaWnhrU9zpYh5VmLu37n6lg7AgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIB - BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTPi7UAEXJ3JaMf3Yh4didZKro5 - /TAfBgNVHSMEGDAWgBTPi7UAEXJ3JaMf3Yh4didZKro5/TANBgkqhkiG9w0BAQsF - AAOCAQEAgXyl/JSg6D9hnGjhD+cdEIgnKV4L7VVpY396IHFT+m0y3VupAsEC98XY - nB9lWKW0ALj2JxqKQOtJe6ZposMAnWZ+WctPQKdUnDyKT7/uZf/WMo/Lfs+IaiV4 - Dii9HcvdGPMO5qlMzeH4zGCl/QvtVp5mwaxfkqTCWBkxApb0gdhHaMYyH+J//e0O - CS4sR6S95R2d+OXsGEd3Se2BoKaL3KQGpIoI85lwt8l+YRd+O7Ig0taEE1T1SVAY - rirVdtCyK+dEDq2xKoyR79VesgiPKTMcJPou6gXdeezJE1nL8te47yZlJFoAUL6v - EP9EpISn/Jp+QPoFSUFL/FssWEfdLw== - -----END CERTIFICATE----- - # Amazon RDS us-gov-east-1 CA - expires 6/22 - -----BEGIN CERTIFICATE----- - MIIEBDCCAuygAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwgY0xCzAJBgNVBAYTAlVT - MRAwDgYDVQQHDAdTZWF0dGxlMRMwEQYDVQQIDApXYXNoaW5ndG9uMSIwIAYDVQQK - DBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMRMwEQYDVQQLDApBbWF6b24gUkRT - MR4wHAYDVQQDDBVBbWF6b24gUkRTIENOIFJvb3QgQ0EwHhcNMTgwNzI4MDA1MjMz - WhcNMjIwNjAxMTIwMDAwWjCBkzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hp - bmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2Vy - dmljZXMsIEluYy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxJDAiBgNVBAMMG0FtYXpv - biBSRFMgdXMtZ292LWVhc3QtMSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC - AQoCggEBANcmOUZZiG+PdIVFlXpCrWmMrDZaU7tlou3B/bH1ECT/nFkLBncLrXJ/ - VItIsEoiKbjtqikuxfOuTOEtlreH4OCogS1fam1I8IYWTcXe1YwFXVfDRVauw9Mr - Up+Ng0iaoZX4ACjHEgDE5Vr7zh69U3S8+NIWO5mRJQJb3QHXCedp3lKOLXOdEzcZ - VT+IfgpFXTpi7+PXK8RVAFrWV6fKLjFYNzFHcaQz1nH/tH1dQCGm+OMOIaTAQ0vQ - jV1iBwoAbzwayvLCil7sGMsKp8t5gWj08NU4KFY1YlA+vvam3HeZV3xDjKyY0YIO - f47+wL3WBwock/0cz7nJo+zZMSPLxJMCAwEAAaNmMGQwDgYDVR0PAQH/BAQDAgEG - MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFBpaY4ioEu0rZrIPWaevervN - X6s/MB8GA1UdIwQYMBaAFM+LtQARcnclox/diHh2J1kqujn9MA0GCSqGSIb3DQEB - CwUAA4IBAQBvUChSX19imujJHUqoJUfUFj1tSFhgZSm8av4F98KKIoJIxA9bIF9R - 8tSkLWRTZEXaBlmol7UXbMUDQUMmYNuST41bI2/4VQqMHg526Ja/MbfHVrYqiXUK - vmeF525/PTH9H1B2LvUNuwmO0S+tl0jwKL0dMHn62Giz8u6sGgOmwfhbJohUq3CD - KuwHwfZXlg0yiA7OSEUAGe9RK0MpoVppKF/lotEzcIcilStfEZQce4h3q2/rAc5d - e7tNxfZRKhtuGPR5/G0Z3j5z8yQMRZxnCDbq6JvE3vUggWSjBNXoSlhvzj6BiEBy - B4rKazWN1OzrKIX0yoiXx6SgtooVPx0k - -----END CERTIFICATE----- - # Amazon RDS us-gov-east-1 Root CA ECC384 G1 - expires 5/2121 - -----BEGIN CERTIFICATE----- - MIICtjCCAjugAwIBAgIQCojG1Zix0YArC/bBkU7eOjAKBggqhkjOPQQDAzCBmjEL - MAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4x - EzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTMwMQYDVQQDDCpBbWF6 - b24gUkRTIHVzLWdvdi1lYXN0LTEgUm9vdCBDQSBFQ0MzODQgRzExEDAOBgNVBAcM - B1NlYXR0bGUwIBcNMjEwNTI2MjIyODU4WhgPMjEyMTA1MjYyMzI4NThaMIGaMQsw - CQYDVQQGEwJVUzEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjET - MBEGA1UECwwKQW1hem9uIFJEUzELMAkGA1UECAwCV0ExMzAxBgNVBAMMKkFtYXpv - biBSRFMgdXMtZ292LWVhc3QtMSBSb290IENBIEVDQzM4NCBHMTEQMA4GA1UEBwwH - U2VhdHRsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABKZfn/XfCIlHTE/YF5lH9D2h - H71kG3RaC92hBPbyncbDMf2Q7JeYwhknKahWmSO/EP0Nj+9iCFimT/Jb9o9ykkKl - gOvv/M6SQAuKsC/24PxwC8QV1miuTMUd7fGhNjQUHKNCMEAwDwYDVR0TAQH/BAUw - AwEB/zAdBgNVHQ4EFgQUniTlDl2igVgummx44YNMd5t4mMgwDgYDVR0PAQH/BAQD - AgGGMAoGCCqGSM49BAMDA2kAMGYCMQCSb8X09cnFdS90i1nqRLhancNU8bCFoI86 - hqyctq0ftvXXmEe0bA+JnpIm5p/UKUUCMQCYYYQFfkeZtD4SOxSIE+WzfghJFaAq - /s17Q6LU2tCl4/csuzsTAl/vCc0JVynH340= - -----END CERTIFICATE----- - # Amazon RDS us-gov-east-1 Root CA RSA4096 G1 - expires 5/2121 - -----BEGIN CERTIFICATE----- - MIIGBjCCA+6gAwIBAgIQaoLp1Iv1/fO7VY8+oWlsgjANBgkqhkiG9w0BAQwFADCB - mzELMAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIElu - Yy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTQwMgYDVQQDDCtB - bWF6b24gUkRTIHVzLWdvdi1lYXN0LTEgUm9vdCBDQSBSU0E0MDk2IEcxMRAwDgYD - VQQHDAdTZWF0dGxlMCAXDTIxMDUyNjIyMjMwNloYDzIxMjEwNTI2MjMyMzA2WjCB - mzELMAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIElu - Yy4xEzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTQwMgYDVQQDDCtB - bWF6b24gUkRTIHVzLWdvdi1lYXN0LTEgUm9vdCBDQSBSU0E0MDk2IEcxMRAwDgYD - VQQHDAdTZWF0dGxlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsiIo - 3SyckN+EuZZLEcIgGyfqlO1AuVh2MF+dCrIxvuX9L+Nv6hLck9ArKVIuGotkp3im - 37BzilxaY+3GI+FkMq7aQo9TLYHKX78ZVqMGBWIuIskm/iwHgFtoscecGEwRekLc - Hswl1Odi4y/vmLTHgZIar8fIEB6OIhUO9q0fT9zY+LX9IuH51NjaePsbMHxksrmm - tbmz1zqUsANu/0bG73B1vMfRs3DmCesm+v8hlBDVawla4zPY9/f8pnpIwfOeEjKw - M+llHdLALFjNV4BCdOuwCl0O2XtSX8450knBxsEA5iXoGkZXc6GrsEq7pK6ZZ/7W - /08ejAMrS36Hi3bEYB/RLiG9X6yGgy5QRn7vnXDxFX9DaZID9k1SUbzP8YidGtDc - UnyeQ7gkJQazrPSn71bnNLiL2H3DW6dPxaZwTotLVpXn4WbNtei9zfP0gl5B86CX - 35Ac4NP/6QAdgUeSJ/1sX+IIf3N65NkXWcOtpDIrvseLXyeNxWne27oUNPJ0wgE2 - /2vNlvbXpNIERNcxCYTzgVHMQ9T2rJdrSeyzRpcGF8NODHGPOmc9XI6WWWvrs9kI - 9sCd6LZZ+ViAZPLAwd4k7vttMX5tAXtRREREaqClr5mG/G/lQ+V3GacBR8Z7/i9Y - St+ETUgxPLoiVtoQmiBigj/u8WeYlMDtw9koUxcCAwEAAaNCMEAwDwYDVR0TAQH/ - BAUwAwEB/zAdBgNVHQ4EFgQUHamNV9Qjt8qSO4R8YI9jX7QABIUwDgYDVR0PAQH/ - BAQDAgGGMA0GCSqGSIb3DQEBDAUAA4ICAQCiqAqTb+r4proOPxDjpuOBLaxhqGkC - aU3uBi8iUBiw/8tgVXVeqIrmUNI3t8cMWySYjPcL3Pkaui6lV2kX3XUV9QrAWaFC - Za+nuZNlmLvV27KrvEh9KhW9kqsudibq7fGYureVuEi1JtCczp6JlBzSA+m1a0Nh - y/rRRHQ0g/uoEnIdQrqdJL4pBBLdgSLOFD/O56obO0uoRq1x60g67+J5d3OGfRSW - kb8lR2Ub6HlcD+WDnpLtxyQDSkyK5pFjRKmljxQIZ9FcQfG4P8tXkef130Kbr6ZA - caMKRUtj4FjozuuHi0E7Tv/vujjhg1vEjK471uM5ZHpEqUQaxLo9MbJZJl5SfFum - RSut5ebM/NQnhF+RES08xOG1UFoIjSZ4cmAaA8ggn+vjsBBZitWJ1jc4pk6MhySA - qRJuMeYVCNK/dNCYk/me+Z8y6KvNl6ih00A2RQDlVFySH3Lvo2MGMX/F3qJTUlWX - YWKEslCGhte7755AFgfa9dMKv5ir8tg6NdOLVgSQVU3rVv0F2XM7URxkNtaczgC+ - rSX682gTqnZcK2hrWy2cuktN1N8i0FqX1n8tNLQwpeDvcJXgoVATsZUb6aDHmTJR - k+8N+RsNwC/hHzKs2Vj4YKNP8MelxWcgtu0/QJAtq1/4YFMRY7qv1pCfcQGfg8Sx - JFiKTJMbfPV2uQ== - -----END CERTIFICATE----- - #New certs 2/22 - #Amazon RDS us-gov-west-1 Root CA RSA4096 G1 - expires 5/2121 - -----BEGIN CERTIFICATE----- - MIIGBzCCA++gAwIBAgIRAOzQCoOR21YG2noWOfFcuNIwDQYJKoZIhvcNAQEMBQAw - gZsxCzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJ - bmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTE0MDIGA1UEAwwr - QW1hem9uIFJEUyB1cy1nb3Ytd2VzdC0xIFJvb3QgQ0EgUlNBNDA5NiBHMTEQMA4G - A1UEBwwHU2VhdHRsZTAgFw0yMTA1MjYyMTQ0MzlaGA8yMTIxMDUyNjIyNDQzOVow - gZsxCzAJBgNVBAYTAlVTMSIwIAYDVQQKDBlBbWF6b24gV2ViIFNlcnZpY2VzLCBJ - bmMuMRMwEQYDVQQLDApBbWF6b24gUkRTMQswCQYDVQQIDAJXQTE0MDIGA1UEAwwr - QW1hem9uIFJEUyB1cy1nb3Ytd2VzdC0xIFJvb3QgQ0EgUlNBNDA5NiBHMTEQMA4G - A1UEBwwHU2VhdHRsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANwY - M2iZdnnlMutI9nfn2fWBICAQHWmMmpPmtSka/ziBFyaCxkHDF8RLmooW+GLe+FEF - 9CQKSVqRa7X5AFiqRFF1KvgxWvazawyScuw88JW6Eqhaw0Rlm2p1Iow3TE8FSCDo - Is1vEV3Brbf26CMiXbqI+aCuTOy0fjRzjl5igViTgZxt2ZXOwyKkF+2T8LQp4b4F - Mh85Ctw1An1DhAemsc3SmcYnPKyFUP90DxGuTjFtfNR01GbBtVYwVvOBgIJe59Zs - OWcEFOO2mU53Ik6oKcLYu4+PmE5aDvQewb6bkQZchClb7Eg0BPYekWwTPsKUTS3H - bgdwVxgzjdAdU9fvaaoQmS9xdHWlonKq8CubJdLUduV3WVmDAg7MQgiT3p8JF9W2 - KbQpUbYxqd7j9OIe3IS3rVPwYA8PVh1hUJ+OBLw61sbGRAuN3H+B1DlJh1smg6bR - g9W+oLRzfjZa32EzFmaQIxtgRfiyjxB/vqAHdl5zPou30X1CyRYquS870O02bvTN - zzWSOfRY4KPmS1YFVsN+m+R4+hSUOAE//bJ25ACP9oDO5w9NWkAux4e0UUAuWCra - jRROYN2J0KCogdru5G7lOQerD12zi3C2iibty6ou4tQX+MIKMMUVq8cfUH7oKv/R - 8mL5PV/NUsgO248llo0lr9QBwQKdiw17wCxFR+8vAgMBAAGjQjBAMA8GA1UdEwEB - /wQFMAMBAf8wHQYDVR0OBBYEFPDYnx2xYIPDDAEjb6UcF29I6DgKMA4GA1UdDwEB - /wQEAwIBhjANBgkqhkiG9w0BAQwFAAOCAgEANTrAGs/GpXCADAwMGlrjXTdohp+p - CIp3gbnryVYZBXvO+f8hjJ8bHk0D/DiBrkjE8o0IpNaAadOZa+WvTNMsanPmGf1A - kD0vA9nm4gwEhBbzj9HRYX+dIhZhVWny9Kugm80s0h0hvbwTakUPOdMqkz6wn+xx - Owh7AIwaC5TTCsQyKlv5rjVblvU1XFgBf3Pf3wvMAfjDoAEPTXER/9mLVbXe+EmW - osP1JmgyDd+0WQFVK/LEDW81L5hsV5JvthAAFhGVtRw9ko5Ep28+EQUJE1wmLTdL - PyjB/KfJrTMDq94WolzFv4JpUStHbclkKlXtigjKeiYZ5Yvo+vLMSkXemccSfYn7 - vdaUFD5vqWXvM4xhiYRq/tigw2E1bjmyd9L3XD7XalufZtMGWn7zT8HMPP+/Lch1 - JjZ9LL2Y99VIqhoHcuSa95FtLpYDRQ28K03uwqxqFnOQLyPVmYwsaHKnmmwaZDjF - K1XxLVRLGRWvKEuSoWrsGcs3ehoxX4Knz/BaJzr/ioU1VnItj53tmOSJO0eMA6k+ - egaVEb0FTa2F5xeLCKjgfDDWMz3v0TdL+kt+9z0THMlPWfOzd1C35ZzSIcTcRj22 - SAzsL0t5ZTI4XvoPFF8dga78/KsBRolqdPjs0UzdlKhwh1ADOkTRgLOaaidMEgsT - JS/rbzD4FPbvc/g= - -----END CERTIFICATE----- - #Amazon RDS us-gov-west-1 Root CA ECC384 G1 - expires 5/2121 - -----BEGIN CERTIFICATE----- - MIICtDCCAjugAwIBAgIQPyg+edjKVnM2PB4KZVu66jAKBggqhkjOPQQDAzCBmjEL - MAkGA1UEBhMCVVMxIjAgBgNVBAoMGUFtYXpvbiBXZWIgU2VydmljZXMsIEluYy4x - EzARBgNVBAsMCkFtYXpvbiBSRFMxCzAJBgNVBAgMAldBMTMwMQYDVQQDDCpBbWF6 - b24gUkRTIHVzLWdvdi13ZXN0LTEgUm9vdCBDQSBFQ0MzODQgRzExEDAOBgNVBAcM - B1NlYXR0bGUwIBcNMjEwNTI2MjE1MzI3WhgPMjEyMTA1MjYyMjUzMjdaMIGaMQsw - CQYDVQQGEwJVUzEiMCAGA1UECgwZQW1hem9uIFdlYiBTZXJ2aWNlcywgSW5jLjET - MBEGA1UECwwKQW1hem9uIFJEUzELMAkGA1UECAwCV0ExMzAxBgNVBAMMKkFtYXpv - biBSRFMgdXMtZ292LXdlc3QtMSBSb290IENBIEVDQzM4NCBHMTEQMA4GA1UEBwwH - U2VhdHRsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABFaqyIYrbpPfhiKzLEkmzp1j - 3OYO/e1VE3vCf5c62bN5xYKFKH/MnKgsUFNsFpJ1t0p9cexi+607aiYOo1sOWvOj - q3PUu+ltklQdvunU/Se5++qqsh7lylL5OF/F19uqfqNCMEAwDwYDVR0TAQH/BAUw - AwEB/zAdBgNVHQ4EFgQUJHPtPhijPquZxTz2UGh4YV1npYMwDgYDVR0PAQH/BAQD - AgGGMAoGCCqGSM49BAMDA2cAMGQCMHWDFuIZ9LZgysbL4vx/Ox9z8fbegb3352bM - BFr6JV1x8VLbePblHd0V1MwDdRWeAwIwarWfOVdB1ijrwzjROzCwE0uBkHYUPr0Z - vgwdtlsnwDw9TnjsBrTJkQ0aS8c0Ahl1 - -----END CERTIFICATE----- - - diff --git a/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml b/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml index 6d327f40..8c1795b8 100644 --- a/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml +++ b/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + # This file exists to remove CredHub Secured Service Credential Delivery which # is now on by default in cf-deployment >=4.x. diff --git a/bosh/opsfiles/log-levels-diego-cell.yml b/bosh/opsfiles/log-levels-diego-cell.yml index d57f46de..6724e729 100644 --- a/bosh/opsfiles/log-levels-diego-cell.yml +++ b/bosh/opsfiles/log-levels-diego-cell.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + - type: replace path: /instance_groups/name=diego-cell/jobs/name=garden/properties/garden/log_level? value: error diff --git a/bosh/opsfiles/meta-data-v2-diego-cell.yml b/bosh/opsfiles/meta-data-v2-diego-cell.yml index b24f3108..2f0ba7df 100644 --- a/bosh/opsfiles/meta-data-v2-diego-cell.yml +++ b/bosh/opsfiles/meta-data-v2-diego-cell.yml @@ -1,3 +1,7 @@ +# NOTES: +# - This ops file is used for ALL diego cell and isolation segments with ci/create-*-diego-cell.sh +# - This ops file can ONLY contain configurations for `path: /instance_groups/name=diego-cell/` + - type: replace path: /instance_groups/name=diego-cell/vm_extensions/- value: meta-data-v2 diff --git a/bosh/opsfiles/meta-data-v2.yml b/bosh/opsfiles/meta-data-v2.yml deleted file mode 100644 index 39eabc44..00000000 --- a/bosh/opsfiles/meta-data-v2.yml +++ /dev/null @@ -1,3 +0,0 @@ -- type: replace - path: /instance_groups/name=diego-platform-cell/vm_extensions/- - value: meta-data-v2 diff --git a/bosh/opsfiles/platform-cells.yml b/bosh/opsfiles/platform-cells.yml index 0bf8bdbb..d857a935 100644 --- a/bosh/opsfiles/platform-cells.yml +++ b/bosh/opsfiles/platform-cells.yml @@ -1,182 +1,6 @@ -# Copy original diego-cell from https://github.com/cloudfoundry/cf-deployment/blob/master/cf-deployment.yml -- type: replace - path: /instance_groups/- - value: - name: diego-platform-cell - azs: - - z1 - - z2 - instances: 2 - vm_type: small-highmem - vm_extensions: - - 200GB_ephemeral_disk - stemcell: default - networks: - - name: default - jobs: - - name: bosh-dns-adapter - properties: - internal_domains: ["apps.internal."] - dnshttps: - client: - tls: ((cf_app_sd_client_tls)) - server: - ca: ((cf_app_sd_client_tls.ca)) - release: cf-networking - - name: cflinuxfs4-rootfs-setup - release: cflinuxfs4 - properties: - cflinuxfs4-rootfs: - trusted_certs: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - - name: garden - release: garden-runc - provides: - iptables: {as: iptables-platform} - properties: - garden: - containerd_mode: true - cleanup_process_dirs_on_wait: true - debug_listen_address: 127.0.0.1:17019 - default_container_grace_time: 0 - destroy_containers_on_start: true - deny_networks: - - 0.0.0.0/0 - network_plugin: /var/vcap/packages/runc-cni/bin/garden-external-networker - network_plugin_extra_args: - - --configFile=/var/vcap/jobs/garden-cni/config/adapter.json - logging: - format: - timestamp: "rfc3339" - - name: rep - release: diego - properties: - bpm: - enabled: true - diego: - executor: - instance_identity_ca_cert: ((diego_instance_identity_ca.certificate)) - instance_identity_key: ((diego_instance_identity_ca.private_key)) - rep: - preloaded_rootfses: - - cflinuxfs4:/var/vcap/packages/cflinuxfs4/rootfs.tar - containers: - proxy: - enabled: true - require_and_verify_client_certificates: true - trusted_ca_certificates: - - ((gorouter_backend_tls.ca)) - - ((ssh_proxy_backends_tls.ca)) - verify_subject_alt_name: - - gorouter.service.cf.internal - - ssh-proxy.service.cf.internal - trusted_ca_certificates: - - ((diego_instance_identity_ca.ca)) - - ((uaa_ssl.ca)) - enable_consul_service_registration: false - enable_declarative_healthcheck: true - loggregator: &diego_loggregator_client_properties - use_v2_api: true - ca_cert: "((loggregator_tls_agent.ca))" - cert: "((loggregator_tls_agent.certificate))" - key: "((loggregator_tls_agent.private_key))" - tls: - ca_cert: "((diego_rep_agent_v2.ca))" - cert: "((diego_rep_agent_v2.certificate))" - key: "((diego_rep_agent_v2.private_key))" - logging: - format: - timestamp: "rfc3339" - - name: cfdot - release: diego - properties: - tls: - ca_certificate: "((diego_rep_client.ca))" - certificate: "((diego_rep_client.certificate))" - private_key: "((diego_rep_client.private_key))" - - name: route_emitter - release: diego - properties: - bpm: - enabled: true - loggregator: *diego_loggregator_client_properties - diego: - route_emitter: - local_mode: true - bbs: - ca_cert: "((diego_bbs_client.ca))" - client_cert: "((diego_bbs_client.certificate))" - client_key: "((diego_bbs_client.private_key))" - nats: - tls: - enabled: true - client_cert: "((nats_client_cert.certificate))" - client_key: "((nats_client_cert.private_key))" - tcp: - enabled: true - uaa: - ca_cert: "((uaa_ssl.ca))" - client_secret: "((uaa_clients_tcp_emitter_secret))" - logging: - format: - timestamp: "rfc3339" - internal_routes: - enabled: true - - name: garden-cni - release: cf-networking - properties: - cni_plugin_dir: /var/vcap/packages/silk-cni/bin - cni_config_dir: /var/vcap/jobs/silk-cni/config/cni - - name: netmon - release: silk - consumes: - iptables: {from: iptables-platform} - - name: vxlan-policy-agent - release: silk - provides: - vpa: {as: vpa-platform} - consumes: - iptables: {from: iptables-platform} - cni_config: {from: cni_config_platform} - properties: - ca_cert: ((network_policy_client.ca)) - client_cert: ((network_policy_client.certificate)) - client_key: ((network_policy_client.private_key)) - loggregator: *diego_loggregator_client_properties - - name: silk-daemon - release: silk - consumes: - vpa: {from: vpa-platform} - iptables: {from: iptables-platform} - properties: - ca_cert: ((silk_daemon.ca)) - client_cert: ((silk_daemon.certificate)) - client_key: ((silk_daemon.private_key)) - - name: silk-cni - release: silk - properties: - dns_servers: - - 169.254.0.2 - consumes: - vpa: {from: vpa-platform} - provides: - cni_config: {as: cni_config_platform} - - name: silk-datastore-syncer - release: silk - - name: loggr-udp-forwarder - release: loggregator-agent - properties: - loggregator: - tls: - ca: "((loggregator_tls_agent.ca))" - cert: "((loggregator_tls_agent.certificate))" - key: "((loggregator_tls_agent.private_key))" - metrics: - ca_cert: "((loggr_udp_forwarder_tls.ca))" - cert: "((loggr_udp_forwarder_tls.certificate))" - key: "((loggr_udp_forwarder_tls.private_key))" - server_name: loggr_udp_forwarder_metrics +# NOTES: +# - Other than the scaling-*.yml files, this should be the only file to contain configurations for the diego-platform-cell instance group +# - This one is unique from other isolation segments in that it gets a custom identity profile on the vm # Set platform cell instance profile and placement tag - type: replace diff --git a/bosh/opsfiles/scaling-development.yml b/bosh/opsfiles/scaling-development.yml index b80f22d4..ff6ea8d8 100644 --- a/bosh/opsfiles/scaling-development.yml +++ b/bosh/opsfiles/scaling-development.yml @@ -137,7 +137,10 @@ - type: replace path: /instance_groups/name=diego-platform-cell/vm_type value: t3.xlarge - +- type: replace + path: /instance_groups/name=diego-platform-cell/instances + value: 2 + # rotate-cc-database-key - type: replace path: /instance_groups/name=rotate-cc-database-key/vm_type diff --git a/bosh/opsfiles/scaling-staging.yml b/bosh/opsfiles/scaling-staging.yml index f4187cc5..77662eec 100644 --- a/bosh/opsfiles/scaling-staging.yml +++ b/bosh/opsfiles/scaling-staging.yml @@ -138,6 +138,9 @@ - type: replace path: /instance_groups/name=diego-platform-cell/vm_type value: r6i.2xlarge +- type: replace + path: /instance_groups/name=diego-platform-cell/instances + value: 2 # rotate-cc-database-key - type: replace diff --git a/ci/create-diego-platform-cell.sh b/ci/create-diego-platform-cell.sh new file mode 100755 index 00000000..9f1c71e6 --- /dev/null +++ b/ci/create-diego-platform-cell.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -eux + +## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files +## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future +bosh int \ + cf-deployment/cf-deployment.yml \ + -o cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-disk.yml \ + -o cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml \ + --path /instance_groups/name=diego-cell > diego-cell_raw.yml + +## Create ops file header +cat > diego-platform-cell.yml < sed1.yml +sed 's/iptables-tenant/iptables-platform/' sed1.yml > sed2.yml +sed 's/cni_config_tenant/cni_config_platform/' sed2.yml > sed3.yml +sed 's/vpa-tenant/vpa-platform/' sed3.yml > sed4.yml +sed 's/^/ /' sed4.yml > diego-platform-cell_indented.yml + +## Append the platform-diego-cell yaml to the ops file header +cat diego-platform-cell_indented.yml >> diego-platform-cell.yml +cp diego-platform-cell.yml diego-platform-cell/diego-platform-cell.yml + +## return: diego-platform-cell/diego-platform-cell.yml \ No newline at end of file diff --git a/ci/create-diego-platform-cell.yml b/ci/create-diego-platform-cell.yml new file mode 100644 index 00000000..9b66ed02 --- /dev/null +++ b/ci/create-diego-platform-cell.yml @@ -0,0 +1,21 @@ +platform: linux + +image_resource: + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: harden-concourse-task + aws_region: us-gov-west-1 + tag: ((harden-concourse-task-tag)) + +inputs: +- name: cf-deployment +- name: cf-manifests +outputs: +- name: diego-platform-cell + +run: + path: cf-manifests/ci/create-diego-platform-cell.sh + + diff --git a/ci/pipeline.yml b/ci/pipeline.yml index d6506864..e01200fb 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -27,6 +27,8 @@ jobs: file: cf-manifests/ci/create-router-main.yml - task: router-logstash file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + file: cf-manifests/ci/create-diego-platform-cell.yml - put: cf-deployment-development params: &deploy-params manifest: cf-deployment/cf-deployment.yml @@ -64,6 +66,7 @@ jobs: - cf-manifests/bosh/opsfiles/log-levels.yml - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml + - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml @@ -71,14 +74,12 @@ jobs: - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml - - cf-manifests/bosh/opsfiles/diego-rds-certs.yml - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/content-security-policy.yml - cf-manifests/bosh/opsfiles/loggregator.yml - - cf-manifests/bosh/opsfiles/meta-data-v2.yml - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-main-dev.yml @@ -545,6 +546,8 @@ jobs: file: cf-manifests/ci/create-router-main.yml - task: router-logstash file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + file: cf-manifests/ci/create-diego-platform-cell.yml - put: cf-deployment-staging params: <<: *deploy-params @@ -578,6 +581,7 @@ jobs: - cf-manifests/bosh/opsfiles/log-levels.yml - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml + - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml @@ -585,13 +589,11 @@ jobs: - cf-manifests/bosh/opsfiles/cf-networking.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml - - cf-manifests/bosh/opsfiles/diego-rds-certs.yml - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/routing.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/loggregator.yml - - cf-manifests/bosh/opsfiles/meta-data-v2.yml - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-logstash.yml @@ -1064,6 +1066,8 @@ jobs: file: cf-manifests/ci/create-router-main.yml - task: router-logstash file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + file: cf-manifests/ci/create-diego-platform-cell.yml - put: cf-deployment-production params: &prod-deploy-params <<: *deploy-params @@ -1097,6 +1101,7 @@ jobs: - cf-manifests/bosh/opsfiles/log-levels.yml - cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml - cf-manifests/bosh/opsfiles/instance-profiles.yml + - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml @@ -1106,11 +1111,9 @@ jobs: - cf-manifests/bosh/opsfiles/smoke-tests.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials.yml - cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml - - cf-manifests/bosh/opsfiles/diego-rds-certs.yml - cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml - cf-manifests/bosh/opsfiles/uaa-rds-ca.yml - cf-manifests/bosh/opsfiles/loggregator.yml - - cf-manifests/bosh/opsfiles/meta-data-v2.yml - cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml - cf-manifests/bosh/opsfiles/router-main.yml - cf-manifests/bosh/opsfiles/router-logstash.yml @@ -1165,6 +1168,8 @@ jobs: file: cf-manifests/ci/create-router-main.yml - task: router-logstash file: cf-manifests/ci/create-router-logstash.yml + - task: diego-platform-cell + file: cf-manifests/ci/create-diego-platform-cell.yml - put: cf-deployment-production params: <<: *prod-deploy-params From 1aeea5aea2c6971444b0869dddff42a6d4c82acc Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Fri, 21 Jun 2024 15:56:13 -0400 Subject: [PATCH 16/36] Add stub for dynamic iso seg creation --- ci/create-diego-cell-iso-seg.sh | 69 ++++++++++++++++++++++++++++++++ ci/create-diego-cell-iso-seg.yml | 19 +++++++++ 2 files changed, 88 insertions(+) create mode 100755 ci/create-diego-cell-iso-seg.sh create mode 100644 ci/create-diego-cell-iso-seg.yml diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh new file mode 100755 index 00000000..0d53043a --- /dev/null +++ b/ci/create-diego-cell-iso-seg.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +set -eux + +## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files +## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future + +## Create the starting point of a configured diego-cell for cg (minus scaling.ymls) +bosh int \ + cf-deployment/cf-deployment.yml \ + -o cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml \ + -o cf-manifests/bosh/opsfiles/diego-cell-disk.yml \ + -o cf-manifests/bosh/opsfiles/disable-secure-service-credentials-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-rds-certs-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/meta-data-v2-diego-cell.yml \ + -o cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml \ + --path /instance_groups/name=diego-cell > diego-cell_raw.yml + +## Final file +touch diego-cell-iso-seg.yml + +## Loop through and create iso seg ops file, intermediate files aren't deleted for debugging +for iso_seg_number in {1..5} +do + + ## Create ops file header + cat > diego-cell-iso-seg${iso_seg_number}-header.yml < sed1.yml + sed "s/iptables-tenant/iptables-iso-seg${iso_seg_number}/" sed1.yml > sed2.yml + sed "s/cni_config_tenant/cni_config_iso-seg${iso_seg_number}/" sed2.yml > sed3.yml + sed "s/vpa-tenant/vpa-iso-seg${iso_seg_number}/" sed3.yml > sed4.yml + sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg${iso_seg_number}.yml + + cat > diego-cell-iso-seg${iso_seg_number}-footer.yml < diego-cell-iso-seg${iso_seg_number}.yml + + ## Merge into one file + cat diego-cell-iso-seg${iso_seg_number}.yml >> diego-cell-iso-seg.yml +done + +cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml +## return: diego-cell-iso-seg/diego-cell-iso-seg.yml \ No newline at end of file diff --git a/ci/create-diego-cell-iso-seg.yml b/ci/create-diego-cell-iso-seg.yml new file mode 100644 index 00000000..aa14a8cb --- /dev/null +++ b/ci/create-diego-cell-iso-seg.yml @@ -0,0 +1,19 @@ +platform: linux + +image_resource: + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: harden-concourse-task + aws_region: us-gov-west-1 + tag: ((harden-concourse-task-tag)) + +inputs: +- name: cf-deployment +- name: cf-manifests +outputs: +- name: diego-cell-iso-seg + +run: + path: cf-manifests/ci/create-diego-cell-iso-seg.sh From c99ddf4792fee0aaa7db7e917b783926fdcdb8d5 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Mon, 24 Jun 2024 11:24:02 -0400 Subject: [PATCH 17/36] Creating iso segs --- ci/create-diego-cell-iso-seg.sh | 27 ++++++++++++++++++--------- ci/pipeline.yml | 8 ++++++++ 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index 0d53043a..95395811 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -5,7 +5,7 @@ set -eux ## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files ## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future -## Create the starting point of a configured diego-cell for cg (minus scaling.ymls) +## Create the starting point of a configured diego-cell for cg (minus scaling-*.ymls) bosh int \ cf-deployment/cf-deployment.yml \ -o cf-manifests/bosh/opsfiles/log-levels-diego-cell.yml \ @@ -17,14 +17,12 @@ bosh int \ -o cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml \ --path /instance_groups/name=diego-cell > diego-cell_raw.yml -## Final file -touch diego-cell-iso-seg.yml -## Loop through and create iso seg ops file, intermediate files aren't deleted for debugging -for iso_seg_number in {1..5} +## Loop through and create a single iso seg ops file, intermediate files aren't deleted for debugging +for (( iso_seg_number = 1; iso_seg_number <= $NUMBER_OF_ISO_SEGS; iso_seg_number++ )) do - ## Create ops file header + ## Create ops file header - Always start with the instance group declaration cat > diego-cell-iso-seg${iso_seg_number}-header.yml < sed1.yml sed "s/iptables-tenant/iptables-iso-seg${iso_seg_number}/" sed1.yml > sed2.yml sed "s/cni_config_tenant/cni_config_iso-seg${iso_seg_number}/" sed2.yml > sed3.yml sed "s/vpa-tenant/vpa-iso-seg${iso_seg_number}/" sed3.yml > sed4.yml sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg${iso_seg_number}.yml + ## Create ops file footer - All the "replace" that can only be run once the instance group exists (order matters) cat > diego-cell-iso-seg${iso_seg_number}-footer.yml < diego-cell-iso-seg${iso_seg_number}.yml - ## Merge into one file + ## Merge this iso-seg into one file which will have all of them at the end of the loop cat diego-cell-iso-seg${iso_seg_number}.yml >> diego-cell-iso-seg.yml done diff --git a/ci/pipeline.yml b/ci/pipeline.yml index e01200fb..06c63658 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -29,6 +29,13 @@ jobs: file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell file: cf-manifests/ci/create-diego-platform-cell.yml + + - task: diego-cell-iso-seg + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_development)) + + - put: cf-deployment-development params: &deploy-params manifest: cf-deployment/cf-deployment.yml @@ -68,6 +75,7 @@ jobs: - cf-manifests/bosh/opsfiles/instance-profiles.yml - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - diego-cell-iso-seg/diego-cell-iso-seg.yml - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-development.yml From ff428ea105baaf77fcdd54b7a857fe074a9b26d0 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Mon, 24 Jun 2024 13:28:44 -0400 Subject: [PATCH 18/36] Testing --- ci/create-diego-cell-iso-seg.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index 95395811..83effe0d 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -5,6 +5,7 @@ set -eux ## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files ## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future + ## Create the starting point of a configured diego-cell for cg (minus scaling-*.ymls) bosh int \ cf-deployment/cf-deployment.yml \ From 44b56b45a27c788fa01dc81333ca4d97e48ec131 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 25 Jun 2024 09:02:52 -0400 Subject: [PATCH 19/36] Handling case of 0 iso-segs --- ci/create-diego-cell-iso-seg.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index 83effe0d..cd68b205 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -75,5 +75,13 @@ EOF cat diego-cell-iso-seg${iso_seg_number}.yml >> diego-cell-iso-seg.yml done -cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml +## Either return the iso-seg file or a comment only file so "bosh deploy" will work in the main pipeline +if [ "$NUMBER_OF_ISO_SEGS" -gt 0 ]; then + cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml +else + cat > diego-cell-iso-seg/diego-cell-iso-seg.yml << EOF +# Intentionally left blank +EOF +fi + ## return: diego-cell-iso-seg/diego-cell-iso-seg.yml \ No newline at end of file From 4bca1c71b2968204f00982c75d4ad090d81fd038 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 25 Jun 2024 09:22:20 -0400 Subject: [PATCH 20/36] Add pipeline updates --- ci/pipeline.yml | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 06c63658..839e52d6 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -29,13 +29,10 @@ jobs: file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell file: cf-manifests/ci/create-diego-platform-cell.yml - - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_development)) - - + NUMBER_OF_ISO_SEGS: 0 #((number_of_iso_segs_development)) - put: cf-deployment-development params: &deploy-params manifest: cf-deployment/cf-deployment.yml @@ -556,6 +553,10 @@ jobs: file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + NUMBER_OF_ISO_SEGS: 0 - put: cf-deployment-staging params: <<: *deploy-params @@ -591,6 +592,7 @@ jobs: - cf-manifests/bosh/opsfiles/instance-profiles.yml - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - diego-cell-iso-seg/diego-cell-iso-seg.yml - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-staging.yml @@ -1076,6 +1078,10 @@ jobs: file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + NUMBER_OF_ISO_SEGS: 0 - put: cf-deployment-production params: &prod-deploy-params <<: *deploy-params @@ -1111,6 +1117,7 @@ jobs: - cf-manifests/bosh/opsfiles/instance-profiles.yml - diego-platform-cell/diego-platform-cell.yml - cf-manifests/bosh/opsfiles/platform-cells.yml + - diego-cell-iso-seg/diego-cell-iso-seg.yml - cf-manifests/bosh/opsfiles/diego-cell-consumes-provides.yml - cf-manifests/bosh/opsfiles/diego-cell-disk.yml - cf-manifests/bosh/opsfiles/scaling-production.yml @@ -1178,6 +1185,10 @@ jobs: file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell file: cf-manifests/ci/create-diego-platform-cell.yml + - task: diego-cell-iso-seg + file: cf-manifests/ci/create-diego-cell-iso-seg.yml + params: + NUMBER_OF_ISO_SEGS: 0 - put: cf-deployment-production params: <<: *prod-deploy-params From 287464b5a29d1f134a43dbb9898cd13780e9a8dc Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 25 Jun 2024 14:23:42 -0400 Subject: [PATCH 21/36] Make iso-seg count be controlled by credhub vars --- ci/pipeline.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 839e52d6..2fa7e143 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -32,7 +32,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: 0 #((number_of_iso_segs_development)) + NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_development)) # Value in credhub - put: cf-deployment-development params: &deploy-params manifest: cf-deployment/cf-deployment.yml @@ -556,7 +556,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: 0 + NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_staging)) # Value in credhub - put: cf-deployment-staging params: <<: *deploy-params @@ -1081,7 +1081,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: 0 + NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_production)) # Value in credhub - put: cf-deployment-production params: &prod-deploy-params <<: *deploy-params @@ -1188,7 +1188,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: 0 + NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_production)) # Value in credhub - put: cf-deployment-production params: <<: *prod-deploy-params From 486d74eca406fc33d9b77a7a6c18d04dc38d0ef9 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Tue, 25 Jun 2024 14:43:40 -0400 Subject: [PATCH 22/36] Experiment with scaling iso-seg --- bosh/opsfiles/scaling-development.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bosh/opsfiles/scaling-development.yml b/bosh/opsfiles/scaling-development.yml index ff6ea8d8..3185cec4 100644 --- a/bosh/opsfiles/scaling-development.yml +++ b/bosh/opsfiles/scaling-development.yml @@ -145,3 +145,13 @@ - type: replace path: /instance_groups/name=rotate-cc-database-key/vm_type value: t3.medium + + +# iso-segs +- type: replace + path: /instance_groups/name=diego-cell-iso-seg1/vm_type + value: r6i.4xlarge + +- type: replace + path: /instance_groups/name=diego-cell-iso-seg1/instances + value: 1 \ No newline at end of file From dcd8acb06f1c827b0a94f935e3dae3a57a4dbe2f Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Wed, 26 Jun 2024 15:01:04 -0400 Subject: [PATCH 23/36] bumping isoseg1 to two vms for testing --- bosh/opsfiles/scaling-development.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bosh/opsfiles/scaling-development.yml b/bosh/opsfiles/scaling-development.yml index 3185cec4..47a730c0 100644 --- a/bosh/opsfiles/scaling-development.yml +++ b/bosh/opsfiles/scaling-development.yml @@ -154,4 +154,4 @@ - type: replace path: /instance_groups/name=diego-cell-iso-seg1/instances - value: 1 \ No newline at end of file + value: 2 \ No newline at end of file From ba81fb21420a1922c043a65ef2239a9026fccda0 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Wed, 26 Jun 2024 15:30:26 -0400 Subject: [PATCH 24/36] Revert to default scaling for testing --- bosh/opsfiles/scaling-development.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/bosh/opsfiles/scaling-development.yml b/bosh/opsfiles/scaling-development.yml index 47a730c0..6c62d2b2 100644 --- a/bosh/opsfiles/scaling-development.yml +++ b/bosh/opsfiles/scaling-development.yml @@ -148,10 +148,10 @@ # iso-segs -- type: replace - path: /instance_groups/name=diego-cell-iso-seg1/vm_type - value: r6i.4xlarge - -- type: replace - path: /instance_groups/name=diego-cell-iso-seg1/instances - value: 2 \ No newline at end of file +#- type: replace +# path: /instance_groups/name=diego-cell-iso-seg1/vm_type +# value: r6i.4xlarge +# +#- type: replace +# path: /instance_groups/name=diego-cell-iso-seg1/instances +# value: 2 \ No newline at end of file From 2cf4e71f8cc131b446fdfc0a1145dcc8bfc63bb3 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 27 Jun 2024 09:15:53 -0400 Subject: [PATCH 25/36] Switch to list of names for iso seg --- ci/create-diego-cell-iso-seg.sh | 45 ++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index cd68b205..febb74d7 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -5,6 +5,7 @@ set -eux ## Extract current base configuration for the diego-cell instance group from upstream and apply custom ops files ## NOTE: These ops files can only contain remove/replace for the diego-cell instance group for this to work in the future +echo "Creating isolation segments for: ${ISO_SEG_NAMES}"... ## Create the starting point of a configured diego-cell for cg (minus scaling-*.ymls) bosh int \ @@ -20,63 +21,65 @@ bosh int \ ## Loop through and create a single iso seg ops file, intermediate files aren't deleted for debugging -for (( iso_seg_number = 1; iso_seg_number <= $NUMBER_OF_ISO_SEGS; iso_seg_number++ )) -do + +for iso_seg_name in $ISO_SEG_NAMES; do + + echo "Creating isolation segment ${iso_seg_name}"... ## Create ops file header - Always start with the instance group declaration - cat > diego-cell-iso-seg${iso_seg_number}-header.yml < diego-cell-iso-seg${iso_seg_name}-header.yml < sed1.yml - sed "s/iptables-tenant/iptables-iso-seg${iso_seg_number}/" sed1.yml > sed2.yml - sed "s/cni_config_tenant/cni_config_iso-seg${iso_seg_number}/" sed2.yml > sed3.yml - sed "s/vpa-tenant/vpa-iso-seg${iso_seg_number}/" sed3.yml > sed4.yml - sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg${iso_seg_number}.yml + sed "s/name: diego-cell/name: diego-cell-iso-seg${iso_seg_name}/" diego-cell_raw.yml > sed1.yml + sed "s/iptables-tenant/iptables-iso-seg${iso_seg_name}/" sed1.yml > sed2.yml + sed "s/cni_config_tenant/cni_config_iso-seg${iso_seg_name}/" sed2.yml > sed3.yml + sed "s/vpa-tenant/vpa-iso-seg${iso_seg_name}/" sed3.yml > sed4.yml + sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg${iso_seg_name}.yml ## Create ops file footer - All the "replace" that can only be run once the instance group exists (order matters) - cat > diego-cell-iso-seg${iso_seg_number}-footer.yml < diego-cell-iso-seg${iso_seg_name}-footer.yml < diego-cell-iso-seg${iso_seg_number}.yml + cat diego-cell-iso-seg${iso_seg_name}-header.yml diego-cell_indented-iso-seg${iso_seg_name}.yml diego-cell-iso-seg${iso_seg_name}-footer.yml > diego-cell-iso-seg${iso_seg_name}.yml ## Merge this iso-seg into one file which will have all of them at the end of the loop - cat diego-cell-iso-seg${iso_seg_number}.yml >> diego-cell-iso-seg.yml + cat diego-cell-iso-seg${iso_seg_name}.yml >> diego-cell-iso-seg.yml done ## Either return the iso-seg file or a comment only file so "bosh deploy" will work in the main pipeline -if [ "$NUMBER_OF_ISO_SEGS" -gt 0 ]; then +if [ -z "$ISO_SEG_NAMES" ]; then cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml else cat > diego-cell-iso-seg/diego-cell-iso-seg.yml << EOF @@ -84,4 +87,6 @@ else EOF fi +echo "Final iso seg ops file written to diego-cell-iso-seg/diego-cell-iso-seg.yml" + ## return: diego-cell-iso-seg/diego-cell-iso-seg.yml \ No newline at end of file From 8c1ad9e1e14473b5c1b324a0bd47a452bcc3a808 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 27 Jun 2024 09:24:23 -0400 Subject: [PATCH 26/36] Switch to list of names for iso seg --- ci/create-diego-cell-iso-seg.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index febb74d7..b93e2515 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -79,7 +79,7 @@ EOF done ## Either return the iso-seg file or a comment only file so "bosh deploy" will work in the main pipeline -if [ -z "$ISO_SEG_NAMES" ]; then +if [ -n "$ISO_SEG_NAMES" ]; then cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml else cat > diego-cell-iso-seg/diego-cell-iso-seg.yml << EOF From 61221ce80a862a0a5518d27791acfb4acf283967 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 27 Jun 2024 10:47:49 -0400 Subject: [PATCH 27/36] Switch to list of names for iso seg, add - --- ci/create-diego-cell-iso-seg.sh | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index b93e2515..78795ce8 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -27,7 +27,7 @@ for iso_seg_name in $ISO_SEG_NAMES; do echo "Creating isolation segment ${iso_seg_name}"... ## Create ops file header - Always start with the instance group declaration - cat > diego-cell-iso-seg${iso_seg_name}-header.yml < diego-cell-iso-seg-${iso_seg_name}-header.yml < sed1.yml - sed "s/iptables-tenant/iptables-iso-seg${iso_seg_name}/" sed1.yml > sed2.yml - sed "s/cni_config_tenant/cni_config_iso-seg${iso_seg_name}/" sed2.yml > sed3.yml - sed "s/vpa-tenant/vpa-iso-seg${iso_seg_name}/" sed3.yml > sed4.yml - sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg${iso_seg_name}.yml + sed "s/name: diego-cell/name: diego-cell-iso-seg-${iso_seg_name}/" diego-cell_raw.yml > sed1.yml + sed "s/iptables-tenant/iptables-iso-seg-${iso_seg_name}/" sed1.yml > sed2.yml + sed "s/cni_config_tenant/cni_config_iso-seg-${iso_seg_name}/" sed2.yml > sed3.yml + sed "s/vpa-tenant/vpa-iso-seg-${iso_seg_name}/" sed3.yml > sed4.yml + sed 's/^/ /' sed4.yml > diego-cell_indented-iso-seg-${iso_seg_name}.yml ## Create ops file footer - All the "replace" that can only be run once the instance group exists (order matters) - cat > diego-cell-iso-seg${iso_seg_name}-footer.yml < diego-cell-iso-seg-${iso_seg_name}-footer.yml < diego-cell-iso-seg${iso_seg_name}.yml + cat diego-cell-iso-seg-${iso_seg_name}-header.yml diego-cell_indented-iso-seg-${iso_seg_name}.yml diego-cell-iso-seg-${iso_seg_name}-footer.yml > diego-cell-iso-seg-${iso_seg_name}.yml ## Merge this iso-seg into one file which will have all of them at the end of the loop - cat diego-cell-iso-seg${iso_seg_name}.yml >> diego-cell-iso-seg.yml + cat diego-cell-iso-seg-${iso_seg_name}.yml >> diego-cell-iso-seg.yml done ## Either return the iso-seg file or a comment only file so "bosh deploy" will work in the main pipeline From 5f13c11e810155948daea0e245b6516a908a3c6b Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 27 Jun 2024 11:49:25 -0400 Subject: [PATCH 28/36] Switch to list of names for iso seg, add comments --- ci/create-diego-cell-iso-seg.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ci/create-diego-cell-iso-seg.sh b/ci/create-diego-cell-iso-seg.sh index 78795ce8..39954909 100755 --- a/ci/create-diego-cell-iso-seg.sh +++ b/ci/create-diego-cell-iso-seg.sh @@ -80,13 +80,14 @@ done ## Either return the iso-seg file or a comment only file so "bosh deploy" will work in the main pipeline if [ -n "$ISO_SEG_NAMES" ]; then + echo "Returing iso seg ops file for ${ISO_SEG_NAMES}..." cp diego-cell-iso-seg.yml diego-cell-iso-seg/diego-cell-iso-seg.yml else + echo "Returing blank iso seg ops file..." cat > diego-cell-iso-seg/diego-cell-iso-seg.yml << EOF # Intentionally left blank EOF fi echo "Final iso seg ops file written to diego-cell-iso-seg/diego-cell-iso-seg.yml" - ## return: diego-cell-iso-seg/diego-cell-iso-seg.yml \ No newline at end of file From 0cd214cc26fe51f88ad4b3202265dd51719bd3a4 Mon Sep 17 00:00:00 2001 From: Christopher Weibel Date: Thu, 27 Jun 2024 14:50:15 -0400 Subject: [PATCH 29/36] Pipeline update credhub vars used --- ci/pipeline.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 2fa7e143..0f433b69 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -32,7 +32,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_development)) # Value in credhub + ISO_SEG_NAMES: "" #((names_of_iso_segs_development)) # Value in credhub - put: cf-deployment-development params: &deploy-params manifest: cf-deployment/cf-deployment.yml @@ -556,7 +556,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_staging)) # Value in credhub + ISO_SEG_NAMES: "" #((names_of_iso_segs_staging)) # Value in credhub - put: cf-deployment-staging params: <<: *deploy-params @@ -1081,7 +1081,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_production)) # Value in credhub + ISO_SEG_NAMES: "" #((names_of_iso_segs_production)) # Value in credhub - put: cf-deployment-production params: &prod-deploy-params <<: *deploy-params @@ -1188,7 +1188,7 @@ jobs: - task: diego-cell-iso-seg file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: - NUMBER_OF_ISO_SEGS: ((number_of_iso_segs_production)) # Value in credhub + ISO_SEG_NAMES: "" #((names_of_iso_segs_production)) # Value in credhub - put: cf-deployment-production params: <<: *prod-deploy-params From eb5f7b21a8b26b7217bfa1892318055e84f1ee94 Mon Sep 17 00:00:00 2001 From: David Anderson Date: Thu, 27 Jun 2024 17:01:52 -0400 Subject: [PATCH 30/36] update to use hardened images --- ci/acceptance-tests-config.yml | 9 -- ci/check-deployment-was-zdt.yml | 9 -- ci/create-diego-cell-iso-seg.yml | 9 -- ci/create-diego-platform-cell.yml | 9 -- ci/create-router-logstash.yml | 9 -- ci/create-router-main.yml | 9 -- ci/enable-cf-features.yml | 9 -- ci/pipeline.yml | 123 +++++++++++++++++- ci/terraform-secrets.yml | 9 -- ci/test-headers/task-clean-test-env.yml | 9 -- ci/test-headers/task-deploy-test-env.yml | 9 -- ci/test-headers/task-run-tests.yml | 9 -- ci/test-space-egress/task-clean-test-env.yml | 9 -- ci/test-space-egress/task-deploy-test-env.yml | 9 -- ci/test-space-egress/task-run-tests.yml | 9 -- ci/tic-smoke-tests.yml | 9 -- ci/uaa-client-audit.yml | 9 -- ci/uaa-monitor-account-creation.yml | 9 -- terraform/terraform-apply.yml | 9 -- 19 files changed, 117 insertions(+), 168 deletions(-) diff --git a/ci/acceptance-tests-config.yml b/ci/acceptance-tests-config.yml index efd18e25..a08ce67c 100644 --- a/ci/acceptance-tests-config.yml +++ b/ci/acceptance-tests-config.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests outputs: diff --git a/ci/check-deployment-was-zdt.yml b/ci/check-deployment-was-zdt.yml index a90aa26a..283aa3c5 100644 --- a/ci/check-deployment-was-zdt.yml +++ b/ci/check-deployment-was-zdt.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: timestamp diff --git a/ci/create-diego-cell-iso-seg.yml b/ci/create-diego-cell-iso-seg.yml index aa14a8cb..a7d52f32 100644 --- a/ci/create-diego-cell-iso-seg.yml +++ b/ci/create-diego-cell-iso-seg.yml @@ -1,14 +1,5 @@ platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-deployment - name: cf-manifests diff --git a/ci/create-diego-platform-cell.yml b/ci/create-diego-platform-cell.yml index 9b66ed02..9c82fcf1 100644 --- a/ci/create-diego-platform-cell.yml +++ b/ci/create-diego-platform-cell.yml @@ -1,14 +1,5 @@ platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-deployment - name: cf-manifests diff --git a/ci/create-router-logstash.yml b/ci/create-router-logstash.yml index 4ab1176d..554892a5 100644 --- a/ci/create-router-logstash.yml +++ b/ci/create-router-logstash.yml @@ -1,14 +1,5 @@ platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-deployment - name: cf-manifests diff --git a/ci/create-router-main.yml b/ci/create-router-main.yml index 6be479a9..dbcd03a9 100644 --- a/ci/create-router-main.yml +++ b/ci/create-router-main.yml @@ -1,14 +1,5 @@ platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-deployment - name: cf-manifests diff --git a/ci/enable-cf-features.yml b/ci/enable-cf-features.yml index 2c3e5b32..6d366ba4 100644 --- a/ci/enable-cf-features.yml +++ b/ci/enable-cf-features.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 0f433b69..ddd7174f 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -21,15 +21,21 @@ jobs: trigger: true - get: cg-s3-secureproxy-release trigger: true + - get: general-task - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell + image: general-task file: cf-manifests/ci/create-diego-platform-cell.yml - task: diego-cell-iso-seg + image: general-task file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: ISO_SEG_NAMES: "" #((names_of_iso_segs_development)) # Value in credhub @@ -101,6 +107,7 @@ jobs: - terraform-secrets/terraform.yml - task: enable-cf-features + image: general-task file: cf-manifests/ci/enable-cf-features.yml params: CF_API_URL: ((cf-api-url-development)) @@ -154,7 +161,9 @@ jobs: resource: terraform-config trigger: true - get: pipeline-tasks + - get: general-task - task: terraform-plan + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: &tf-development TERRAFORM_ACTION: plan @@ -187,7 +196,9 @@ jobs: passed: [terraform-plan-development] trigger: true - get: pipeline-tasks + - get: general-task - task: terraform-apply + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: <<: *tf-development @@ -241,7 +252,9 @@ jobs: passed: [deploy-cf-development] - get: tests-timer trigger: true + - get: general-task - task: uaa-client-audit + image: general-task file: cf-manifests/ci/uaa-client-audit.yml params: UAA_URL: ((uaa-url-development)) @@ -259,7 +272,9 @@ jobs: passed: [deploy-cf-development] - get: hourly-timer trigger: true + - get: general-task - task: uaa-monitor-account-creation + image: general-task file: cf-manifests/ci/uaa-monitor-account-creation.yml params: UAA_URL: ((uaa-url-development)) @@ -291,7 +306,9 @@ jobs: - get: cg-s3-secureproxy-release trigger: true passed: [deploy-cf-development] + - get: general-task - task: smoke-tests + image: general-task file: cf-manifests/ci/tic-smoke-tests.yml params: CI: true @@ -382,9 +399,9 @@ jobs: source: aws_access_key_id: ((ecr_aws_key)) aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task + repository: general-task aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) + tag: latest inputs: - name: common run: @@ -425,7 +442,9 @@ jobs: passed: [deploy-cf-development] - get: cf-stemcell-jammy passed: [deploy-cf-development] + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-deploy-test-env.yml params: &test-space-egress-development-params CF_API_URL: ((cf-api-url-development)) @@ -436,10 +455,12 @@ jobs: CF_APP_DOMAIN: dev.us-gov-west-1.aws-us-gov.cloud.gov on_failure: &test-space-egress-development-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-clean-test-env.yml params: <<: *test-space-egress-development-params - task: run-tests + image: general-task file: cf-manifests/ci/test-space-egress/task-run-tests.yml params: <<: *test-space-egress-development-params @@ -479,7 +500,9 @@ jobs: passed: [deploy-cf-development] - get: cf-stemcell-jammy passed: [deploy-cf-development] + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-headers/task-deploy-test-env.yml params: &test-headers-development-params CF_API_URL: ((cf-api-url-development)) @@ -490,10 +513,12 @@ jobs: CF_APP_DOMAIN: dev.us-gov-west-1.aws-us-gov.cloud.gov on_failure: &test-headers-development-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-headers/task-clean-test-env.yml params: <<: *test-headers-development-params - task: run-tests + image: general-task file: cf-manifests/ci/test-headers/task-run-tests.yml params: <<: *test-headers-development-params @@ -544,16 +569,22 @@ jobs: - get: cg-s3-secureproxy-release trigger: true passed: [smoke-tests-development] + - get: general-task - put: timestamp - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell + image: general-task file: cf-manifests/ci/create-diego-platform-cell.yml - task: diego-cell-iso-seg + image: general-task file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: ISO_SEG_NAMES: "" #((names_of_iso_segs_staging)) # Value in credhub @@ -616,6 +647,7 @@ jobs: - terraform-secrets/terraform.yml - task: enable-cf-features + image: general-task file: cf-manifests/ci/enable-cf-features.yml params: CF_API_URL: ((cf-api-url-staging)) @@ -641,6 +673,7 @@ jobs: user_org_creation hide_marketplace_from_unauthenticated_users - task: validate-zdt + image: general-task file: cf-manifests/ci/check-deployment-was-zdt.yml params: HEALTH_CHECK_ID: ((staging-route53-healthcheck-id)) @@ -712,7 +745,9 @@ jobs: passed: [deploy-cf-staging] - get: tests-timer trigger: true + - get: general-task - task: uaa-client-audit + image: general-task file: cf-manifests/ci/uaa-client-audit.yml params: UAA_URL: ((uaa-url-staging)) @@ -730,7 +765,9 @@ jobs: passed: [deploy-cf-staging] - get: hourly-timer trigger: true + - get: general-task - task: uaa-monitor-account-creation + image: general-task file: cf-manifests/ci/uaa-monitor-account-creation.yml params: UAA_URL: ((uaa-url-staging)) @@ -759,7 +796,9 @@ jobs: passed: [terraform-apply-staging] trigger: true - get: master-bosh-root-cert + - get: general-task - task: smoke-tests + image: general-task file: cf-manifests/ci/tic-smoke-tests.yml params: CI: true @@ -799,7 +838,9 @@ jobs: trigger: true passed: [terraform-apply-development] - get: pipeline-tasks + - get: general-task - task: terraform-plan + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: &tf-staging TERRAFORM_ACTION: plan @@ -832,7 +873,9 @@ jobs: trigger: true passed: [terraform-plan-staging] - get: pipeline-tasks + - get: general-task - task: terraform-apply + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: <<: *tf-staging @@ -953,7 +996,9 @@ jobs: - uaa-smoke-tests-staging - test-space-egress-staging - smoke-tests-staging + - get: general-task - task: test-config + image: general-task file: cf-manifests/ci/acceptance-tests-config.yml params: API_URL: api.fr-stage.cloud.gov @@ -1007,7 +1052,9 @@ jobs: - get: terraform-config passed: [terraform-apply-staging] trigger: true + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-deploy-test-env.yml params: &test-space-egress-staging-params CF_API_URL: ((cf-api-url-staging)) @@ -1018,10 +1065,12 @@ jobs: CF_APP_DOMAIN: fr-stage.cloud.gov on_failure: &test-space-egress-staging-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-clean-test-env.yml params: <<: *test-space-egress-staging-params - task: run-tests + image: general-task file: cf-manifests/ci/test-space-egress/task-run-tests.yml params: <<: *test-space-egress-staging-params @@ -1070,15 +1119,21 @@ jobs: passed: [acceptance-tests-staging] - get: cg-s3-secureproxy-release passed: [acceptance-tests-staging] + - get: general-task - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell + image: general-task file: cf-manifests/ci/create-diego-platform-cell.yml - task: diego-cell-iso-seg + image: general-task file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: ISO_SEG_NAMES: "" #((names_of_iso_segs_production)) # Value in credhub @@ -1177,15 +1232,21 @@ jobs: passed: [plan-cf-production] - get: cg-s3-secureproxy-release passed: [plan-cf-production] + - get: general-task - task: terraform-secrets + image: general-task file: cf-manifests/ci/terraform-secrets.yml - task: router-main + image: general-task file: cf-manifests/ci/create-router-main.yml - task: router-logstash + image: general-task file: cf-manifests/ci/create-router-logstash.yml - task: diego-platform-cell + image: general-task file: cf-manifests/ci/create-diego-platform-cell.yml - task: diego-cell-iso-seg + image: general-task file: cf-manifests/ci/create-diego-cell-iso-seg.yml params: ISO_SEG_NAMES: "" #((names_of_iso_segs_production)) # Value in credhub @@ -1195,6 +1256,7 @@ jobs: dry_run: false - task: enable-cf-features + image: general-task file: cf-manifests/ci/enable-cf-features.yml params: CF_API_URL: ((cf-api-url-production)) @@ -1269,7 +1331,9 @@ jobs: passed: [deploy-cf-production] - get: tests-timer trigger: true + - get: general-task - task: uaa-client-audit + image: general-task file: cf-manifests/ci/uaa-client-audit.yml params: UAA_URL: ((uaa-url-production)) @@ -1287,7 +1351,9 @@ jobs: passed: [deploy-cf-production] - get: hourly-timer trigger: true + - get: general-task - task: uaa-monitor-account-creation + image: general-task file: cf-manifests/ci/uaa-monitor-account-creation.yml params: UAA_URL: ((uaa-url-production)) @@ -1304,7 +1370,9 @@ jobs: passed: [deploy-cf-production] trigger: true - get: master-bosh-root-cert + - get: general-task - task: smoke-tests + image: general-task file: cf-manifests/ci/tic-smoke-tests.yml params: CI: true @@ -1344,7 +1412,9 @@ jobs: passed: [acceptance-tests-staging] trigger: true - get: pipeline-tasks + - get: general-task - task: terraform-plan + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: &tf-production TERRAFORM_ACTION: plan @@ -1377,7 +1447,9 @@ jobs: passed: [terraform-plan-production] - get: pipeline-tasks + - get: general-task - task: terraform-apply + image: general-task file: terraform-templates/terraform/terraform-apply.yml params: <<: *tf-production @@ -1431,7 +1503,9 @@ jobs: - get: cf-manifests trigger: true passed: [deploy-cf-production] + - get: general-task - task: deploy-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-deploy-test-env.yml params: &test-space-egress-production-params CF_API_URL: ((cf-api-url-production)) @@ -1442,10 +1516,12 @@ jobs: CF_APP_DOMAIN: app.cloud.gov on_failure: &test-space-egress-production-clean-tasks task: clean-test-env + image: general-task file: cf-manifests/ci/test-space-egress/task-clean-test-env.yml params: <<: *test-space-egress-production-params - task: run-tests + image: general-task file: cf-manifests/ci/test-space-egress/task-run-tests.yml params: <<: *test-space-egress-production-params @@ -1612,6 +1688,15 @@ resources: - name: timestamp type: time +- name: general-task + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: general-task + aws_region: us-gov-west-1 + tag: latest + resource_types: - name: registry-image type: registry-image @@ -1632,14 +1717,40 @@ resource_types: tag: latest - name: bosh-deployment - type: docker-image + type: registry-image source: - repository: cloudfoundry/bosh-deployment-resource + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: bosh-deployment-resource + aws_region: us-gov-west-1 + tag: latest - name: s3-iam - type: docker-image + type: registry-image source: - repository: 18fgsa/s3-resource + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: s3-resource + aws_region: us-gov-west-1 + tag: latest + +- name: time + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: time-resource + aws_region: us-gov-west-1 + tag: latest + +- name: bosh-io-stemcell + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: bosh-io-release-resource + aws_region: us-gov-west-1 + tag: latest groups: - name: all diff --git a/ci/terraform-secrets.yml b/ci/terraform-secrets.yml index 0a01e66c..bf358ef5 100644 --- a/ci/terraform-secrets.yml +++ b/ci/terraform-secrets.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: terraform-yaml diff --git a/ci/test-headers/task-clean-test-env.yml b/ci/test-headers/task-clean-test-env.yml index e604344d..cb552816 100644 --- a/ci/test-headers/task-clean-test-env.yml +++ b/ci/test-headers/task-clean-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-headers/task-deploy-test-env.yml b/ci/test-headers/task-deploy-test-env.yml index 83f86aa9..e04b4ee7 100644 --- a/ci/test-headers/task-deploy-test-env.yml +++ b/ci/test-headers/task-deploy-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-headers/task-run-tests.yml b/ci/test-headers/task-run-tests.yml index a1a28c81..3930b148 100644 --- a/ci/test-headers/task-run-tests.yml +++ b/ci/test-headers/task-run-tests.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-space-egress/task-clean-test-env.yml b/ci/test-space-egress/task-clean-test-env.yml index 204d3853..1136f9ac 100644 --- a/ci/test-space-egress/task-clean-test-env.yml +++ b/ci/test-space-egress/task-clean-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-space-egress/task-deploy-test-env.yml b/ci/test-space-egress/task-deploy-test-env.yml index bcc2e2d3..5a970983 100644 --- a/ci/test-space-egress/task-deploy-test-env.yml +++ b/ci/test-space-egress/task-deploy-test-env.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/test-space-egress/task-run-tests.yml b/ci/test-space-egress/task-run-tests.yml index 1abdcf63..d8636e64 100644 --- a/ci/test-space-egress/task-run-tests.yml +++ b/ci/test-space-egress/task-run-tests.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests diff --git a/ci/tic-smoke-tests.yml b/ci/tic-smoke-tests.yml index 1e308b07..b6ef438b 100644 --- a/ci/tic-smoke-tests.yml +++ b/ci/tic-smoke-tests.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: master-bosh-root-cert diff --git a/ci/uaa-client-audit.yml b/ci/uaa-client-audit.yml index 80481725..14457c46 100644 --- a/ci/uaa-client-audit.yml +++ b/ci/uaa-client-audit.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: cf-deployment diff --git a/ci/uaa-monitor-account-creation.yml b/ci/uaa-monitor-account-creation.yml index f835db62..7ff90869 100644 --- a/ci/uaa-monitor-account-creation.yml +++ b/ci/uaa-monitor-account-creation.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: cf-manifests - name: cf-deployment diff --git a/terraform/terraform-apply.yml b/terraform/terraform-apply.yml index c21baf12..a575569f 100644 --- a/terraform/terraform-apply.yml +++ b/terraform/terraform-apply.yml @@ -1,15 +1,6 @@ --- platform: linux -image_resource: - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: harden-concourse-task - aws_region: us-gov-west-1 - tag: ((harden-concourse-task-tag)) - inputs: - name: terraform-templates - name: pipeline-tasks From 8aad667f9684702126876b9a19aa9c16b026273b Mon Sep 17 00:00:00 2001 From: David Anderson Date: Fri, 28 Jun 2024 10:19:08 -0400 Subject: [PATCH 31/36] remove io stemcell resource --- ci/pipeline.yml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index ddd7174f..165c7448 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -1743,15 +1743,6 @@ resource_types: aws_region: us-gov-west-1 tag: latest -- name: bosh-io-stemcell - type: registry-image - source: - aws_access_key_id: ((ecr_aws_key)) - aws_secret_access_key: ((ecr_aws_secret)) - repository: bosh-io-release-resource - aws_region: us-gov-west-1 - tag: latest - groups: - name: all jobs: From 2b246b6f2581b8cdcb17d0556050826a45bffdce Mon Sep 17 00:00:00 2001 From: David Anderson Date: Fri, 28 Jun 2024 11:02:15 -0400 Subject: [PATCH 32/36] use hardened bosh-io-stemcell-resource image --- ci/pipeline.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 165c7448..0a9c1156 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -1743,6 +1743,15 @@ resource_types: aws_region: us-gov-west-1 tag: latest +- name: bosh-io-stemcell + type: registry-image + source: + aws_access_key_id: ((ecr_aws_key)) + aws_secret_access_key: ((ecr_aws_secret)) + repository: bosh-io-stemcell-resource + aws_region: us-gov-west-1 + tag: latest + groups: - name: all jobs: From dd67a27d0b4442ddd175bbab7e5c29a600e703a9 Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Fri, 5 Jul 2024 13:17:57 -0400 Subject: [PATCH 33/36] add client for external domain broker (#871) --- bosh/opsfiles/clients.yml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/bosh/opsfiles/clients.yml b/bosh/opsfiles/clients.yml index 8564f36e..35a25716 100644 --- a/bosh/opsfiles/clients.yml +++ b/bosh/opsfiles/clients.yml @@ -175,6 +175,21 @@ authorities: scim.userids,scim.invite,scim.read redirect-uri: https://cg-ui.((system_domain))/auth/login/callback +- type: replace + path: /variables/- + value: + name: external-domain-broker-client-secret + type: password + +- type: replace + path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/external-domain-broker? + value: + override: true + authorized-grant-types: client_credentials,refresh_token + secret: ((external-domain-broker-client-secret)) + scope: uaa.none + authorities: cloud_controller.global_auditor + # Update existing clients - type: replace path: /instance_groups/name=uaa/jobs/name=uaa/properties/uaa/clients/cf/access-token-validity From 14ea0fee6c9eed833b44d27b612cebd42180d7a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 11:17:26 -0400 Subject: [PATCH 34/36] Bump certifi in /ci/test-space-egress in the pip group (#872) Bumps the pip group in /ci/test-space-egress with 1 update: [certifi](https://github.com/certifi/python-certifi). Updates `certifi` from 2023.7.22 to 2024.7.4 - [Commits](https://github.com/certifi/python-certifi/compare/2023.07.22...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- ci/test-space-egress/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci/test-space-egress/requirements.txt b/ci/test-space-egress/requirements.txt index 6b11f7d2..e5af3365 100644 --- a/ci/test-space-egress/requirements.txt +++ b/ci/test-space-egress/requirements.txt @@ -1,6 +1,6 @@ argcomplete==1.12.3 asgiref==3.4.1 -certifi==2023.7.22 +certifi==2024.7.4 cfenv==0.5.3 charset-normalizer==2.0.4 click==8.0.1 From 7dacea5f95f57f392fbf6cd5bc41fd130941011b Mon Sep 17 00:00:00 2001 From: Mark Boyd Date: Mon, 8 Jul 2024 15:53:43 -0400 Subject: [PATCH 35/36] Add space for external-domain-broker tests (#873) * break up TF code into named files * add space for external domain broker tests * add new org for acceptance tests --- terraform/stack/asg.tf | 152 -------------------------------------- terraform/stack/iso.tf | 10 +++ terraform/stack/orgs.tf | 15 ++++ terraform/stack/quotas.tf | 20 +++++ terraform/stack/spaces.tf | 126 +++++++++++++++++++++++++++++++ 5 files changed, 171 insertions(+), 152 deletions(-) create mode 100644 terraform/stack/iso.tf create mode 100644 terraform/stack/orgs.tf create mode 100644 terraform/stack/quotas.tf create mode 100644 terraform/stack/spaces.tf diff --git a/terraform/stack/asg.tf b/terraform/stack/asg.tf index e1b9484c..a4cd111e 100644 --- a/terraform/stack/asg.tf +++ b/terraform/stack/asg.tf @@ -338,155 +338,3 @@ resource "cloudfoundry_default_asg" "staging" { ] } -resource "cloudfoundry_org_quota" "default-tts" { - name = "default-tts" - allow_paid_service_plans = true - total_memory = 81920 - total_routes = 1000 - total_services = 200 - total_route_ports = -1 -} - -resource "cloudfoundry_org" "cloud-gov" { - name = "cloud-gov" - quota = cloudfoundry_org_quota.default-tts.id -} - -resource "cloudfoundry_isolation_segment" "platform" { - name = "platform" -} - -resource "cloudfoundry_isolation_segment_entitlement" "platform" { - segment = cloudfoundry_isolation_segment.platform.id - orgs = [ - cloudfoundry_org.cloud-gov.id - ] -} - -resource "cloudfoundry_space" "services" { - name = "services" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.brokers.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] - isolation_segment = cloudfoundry_isolation_segment.platform.id -} - -resource "cloudfoundry_space" "dashboard" { - name = "dashboard" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "cg-ui" { - name = "cg-ui" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "uaa-extras" { - name = "uaa-extras" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "cspr-collector" { - name = "cspr-collector" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} - -resource "cloudfoundry_space" "opensearch-dashboards-proxy" { - name = "opensearch-dashboards-proxy" - org = cloudfoundry_org.cloud-gov.id - asgs = [ - cloudfoundry_asg.public_networks_egress.id, - cloudfoundry_asg.dns.id, - ] - staging_asgs = [ - cloudfoundry_asg.dns.id, - ] -} - -# Federalist/Pages - -data "cloudfoundry_org" "gsa-18f-federalist" { - name = "gsa-18f-federalist" -} - -resource "cloudfoundry_space_quota" "tiny" { - name = "tiny-tf-managed" - allow_paid_service_plans = true - total_memory = 1024 - total_routes = -1 - total_services = -1 - total_route_ports = -1 - org = data.cloudfoundry_org.gsa-18f-federalist.id -} - -resource "cloudfoundry_space" "email" { - name = "email" - org = data.cloudfoundry_org.gsa-18f-federalist.id - quota = cloudfoundry_space_quota.tiny.id - asgs = [ - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - cloudfoundry_asg.smtp.id, - ] - staging_asgs = [ - cloudfoundry_asg.trusted_local_networks.id, - cloudfoundry_asg.public_networks.id, - cloudfoundry_asg.dns.id, - ] -} diff --git a/terraform/stack/iso.tf b/terraform/stack/iso.tf new file mode 100644 index 00000000..e48aa5d3 --- /dev/null +++ b/terraform/stack/iso.tf @@ -0,0 +1,10 @@ +resource "cloudfoundry_isolation_segment" "platform" { + name = "platform" +} + +resource "cloudfoundry_isolation_segment_entitlement" "platform" { + segment = cloudfoundry_isolation_segment.platform.id + orgs = [ + cloudfoundry_org.cloud-gov.id + ] +} diff --git a/terraform/stack/orgs.tf b/terraform/stack/orgs.tf new file mode 100644 index 00000000..f5c166f7 --- /dev/null +++ b/terraform/stack/orgs.tf @@ -0,0 +1,15 @@ +resource "cloudfoundry_org" "cloud-gov" { + name = "cloud-gov" + quota = cloudfoundry_org_quota.default-tts.id +} + +resource "cloudfoundry_org" "acceptance_tests" { + name = "cloud-gov-acceptance-tests" + quota = cloudfoundry_org_quota.default-tts.id +} + +# Federalist/Pages + +data "cloudfoundry_org" "gsa-18f-federalist" { + name = "gsa-18f-federalist" +} diff --git a/terraform/stack/quotas.tf b/terraform/stack/quotas.tf new file mode 100644 index 00000000..5cd7759e --- /dev/null +++ b/terraform/stack/quotas.tf @@ -0,0 +1,20 @@ +resource "cloudfoundry_org_quota" "default-tts" { + name = "default-tts" + allow_paid_service_plans = true + total_memory = 81920 + total_routes = 1000 + total_services = 200 + total_route_ports = -1 +} + +# Federalist/ Pages + +resource "cloudfoundry_space_quota" "tiny" { + name = "tiny-tf-managed" + allow_paid_service_plans = true + total_memory = 1024 + total_routes = -1 + total_services = -1 + total_route_ports = -1 + org = data.cloudfoundry_org.gsa-18f-federalist.id +} diff --git a/terraform/stack/spaces.tf b/terraform/stack/spaces.tf new file mode 100644 index 00000000..a43b7287 --- /dev/null +++ b/terraform/stack/spaces.tf @@ -0,0 +1,126 @@ +resource "cloudfoundry_space" "services" { + name = "services" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.brokers.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] + isolation_segment = cloudfoundry_isolation_segment.platform.id +} + +resource "cloudfoundry_space" "dashboard" { + name = "dashboard" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "cg-ui" { + name = "cg-ui" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "uaa-extras" { + name = "uaa-extras" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "cspr-collector" { + name = "cspr-collector" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "opensearch-dashboards-proxy" { + name = "opensearch-dashboards-proxy" + org = cloudfoundry_org.cloud-gov.id + asgs = [ + cloudfoundry_asg.public_networks_egress.id, + cloudfoundry_asg.dns.id, + ] + staging_asgs = [ + cloudfoundry_asg.dns.id, + ] +} + +resource "cloudfoundry_space" "external_domain_broker_tests" { + name = "external-domain-broker-tests" + org = cloudfoundry_org.acceptance_tests.id + asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] + staging_asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} + +# Federalist/ Pages + +resource "cloudfoundry_space" "email" { + name = "email" + org = data.cloudfoundry_org.gsa-18f-federalist.id + quota = cloudfoundry_space_quota.tiny.id + asgs = [ + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + cloudfoundry_asg.smtp.id, + ] + staging_asgs = [ + cloudfoundry_asg.trusted_local_networks.id, + cloudfoundry_asg.public_networks.id, + cloudfoundry_asg.dns.id, + ] +} From 943c79079400f87b217a605369f4677be63eac93 Mon Sep 17 00:00:00 2001 From: Van Nguyen Date: Fri, 12 Jul 2024 09:15:59 -0400 Subject: [PATCH 36/36] Ops file to pin capi for now --- bosh/opsfiles/pin-capi.yml | 18 ++++++++++++++++++ ci/pipeline.yml | 3 +++ 2 files changed, 21 insertions(+) create mode 100644 bosh/opsfiles/pin-capi.yml diff --git a/bosh/opsfiles/pin-capi.yml b/bosh/opsfiles/pin-capi.yml new file mode 100644 index 00000000..e6669b60 --- /dev/null +++ b/bosh/opsfiles/pin-capi.yml @@ -0,0 +1,18 @@ +# Pin CAPI because of valkey +- type: replace + path: /releases/name=capi + value: + name: capi + version: 1.183.0 + url: https://bosh.io/d/github.com/cloudfoundry/capi-release?v=1.183.0 + sha1: fceb5095f6ffc975fe12e0cc36daca00a3cf4db4 + +# Switch to Redis +- type: remove + path: /instance_groups/name=api/jobs/name=valkey + +- type: replace + path: /instance_groups/name=api/jobs/- + value: + name: redis + release: capi diff --git a/ci/pipeline.yml b/ci/pipeline.yml index 0a9c1156..97c92243 100644 --- a/ci/pipeline.yml +++ b/ci/pipeline.yml @@ -102,6 +102,7 @@ jobs: - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml - cf-manifests/bosh/opsfiles/aggregate_drains.yml + - cf-manifests/bosh/opsfiles/pin-capi.yml vars_files: - cf-manifests/bosh/varsfiles/development.yml - terraform-secrets/terraform.yml @@ -642,6 +643,7 @@ jobs: - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml + - cf-manifests/bosh/opsfiles/pin-capi.yml vars_files: - cf-manifests/bosh/varsfiles/staging.yml - terraform-secrets/terraform.yml @@ -1191,6 +1193,7 @@ jobs: - cf-manifests/bosh/opsfiles/add-bosh-dns-other-deployments.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement.yml - cf-manifests/bosh/opsfiles/diego-cpu-entitlement-diego-cell.yml + - cf-manifests/bosh/opsfiles/pin-capi.yml vars_files: - cf-manifests/bosh/varsfiles/production.yml - terraform-secrets/terraform.yml