Switching to CloudFoundry v3 API #148
Conversation
Signed-off-by: Kump3r <[email protected]>
There was a problem hiding this comment.
One a first red through it looks like this migration is easy: https://v3-apidocs.cloudfoundry.org/version/3.179.0/index.html#users-and-roles-in-v3
I'll dive deeper into this once 7.12.0 is out the door. Thanks again for the PR!
|
I think this could be reviewed/tested together with #8970 as they don't seem to have any conflicts, based on my tests at least. This way we can "kill two birds with one stone" 🤣 |
Signed-off-by: Kump3r <[email protected]>
…ructure Signed-off-by: Kump3r <[email protected]>
|
Seems the v3 API info endpoint, does not provide the required information, to access the UAA login url, so it needed some rework. Check info-in-v3. Currently testing with the changes. |
|
As it turns out all of the endpoints used are deprecated in |
|
Hi @taylorsilva, I reached out to @Kump3r, and after a brief discussion about the deprecated endpoints in v3, we’ve developed a potential solution for the issue. If you’re comfortable with the proposed approach, we’d be happy to contribute it. CF API V2 Endpoints Used in current implementationThe following endpoints are deprecated in v3 (source: CF API V2 Docs):
Proposed SolutionTo replace the deprecated endpoints, we suggest the following approachs:
Sample CurlsV2curl -H "Authorization: $(cf oauth-token)" "<cf_api_url>/v2/users/$USER_ID/organizations" v2 audited_spacescurl -H "Authorization: $(cf oauth-token)" "<cf_api_url>/v2/users/$USER_ID/audited_spaces" v2 spacescurl -H "Authorization: $(cf oauth-token)" "<cf_api_url>/v2/users/$USER_ID/spaces" v2 managed_spacescurl -H "Authorization: $(cf oauth-token)" "<cf_api_url>/v2/users/$USER_ID/managed_spaces" V3curl -H "Authorization: $(cf oauth-token)" "<cf_api_url>/v3/users" v3 orgscurl -H "Authorization: $(cf oauth-token)" "<cf_api_url>/v3/roles?user_guids=$USER_ID&types=organization_user" v3 spacescurl -H "Authorization: $(cf oauth-token)" "<auth_url>/v3/roles?user_guids=$USER_ID&types=space_developer,space_manager,space_auditor&per_page=5000" |
|
I prefer option number 2, to quote and change a little LOTR: "One Request to rule them all, One Request to find them, One Request to bring them all and in the darkness bind them." |
Signed-off-by: Kump3r <[email protected]>
Signed-off-by: IvanChalukov <[email protected]>
|
We collaborated with @Kump3r on the implementation and updated it accordingly. Additionally, we tested it locally. Could you take a quick look and share your feedback? If everything looks good to you, we can proceed with the unit tests. |
There was a problem hiding this comment.
Some things to keep in mind:
- I have no CloudFoundry (CF) infra to test this against
- I have not used CF in quite a few years, so my knowledge about it is quite rusty
- My personal interest in CF is very low, but I know a lot of people in the community are CF users, therefore I want to respect the CF community's needs
That out of the way, there are some things I'm trying to understand about this PR and what's going on with the CF API.
I am making an assumption that there will be some people that may be on a CF that only has the v2 API. If this PR was merged in, would it block those people from upgrading their Concourse? Is this PR a breaking change for anyone that uses the CF connector?
I think that's my biggest concern right now. Maybe it's not valid? Has the v3 API been around for a long time? Is it WILD to think that someone would be running a CF today that doesn't have the v3 API enabled already? Any insight you guys have on that would be helpful.
I can see there's a lot of refactoring work going on here too, totally fine with that stuff. Really appreciate any manual testing you guys can do.
|
To try and answer your question. Concourse v2 API End of life RFC is merged in the CF community So anyone using CloudFoundry will have to migrate to v3 anyway from my understanding. The CF community is certainly deprecating v2 API, as mentioned in the [RFC] CF API v2 End Of Life. Meaning that soon, people that are using the CF Connector for authentication, will be unable to login to Concourse. From my perspective it looks like we need to migrate Concourse, as to when v2 stops working, people will be able to continue using it. I am not sure if there is a way to reach out to the people using CF auth and inform them, that as a prerequisite they need to update/migrate to v3. But for sure I think this should be mentioned as a breaking change I guess (not sure how you handled such deprecations of dependancies in the past). Hopefully that cleared things up. If not, I will be more than happy to reach the people supporting CF internally and ask them additional questions, or also ask the CF community in the RFC. |
Signed-off-by: Kump3r <[email protected]>
|
Status update from my side. I was able to collaborate with @IvanChalukov and
|
|
I tested the scenario using the following option:
It looks good from my perspective. Perhaps someone from the Concourse team could review it further and proceed with the PR review. |
Overview
Switch to CF API v3, because of [RFC] CF API v2 End of Life
What this PR does / why we need it
Concourse issue #9006
Special notes for your reviewer
N/A
Does this PR introduce a user-facing change?
No, backwards compatible