Add BOSH user credentials support to Genesis #519
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Implement support for personal BOSH user credentials via environment variables (BOSH_USER/BOSH_PASSWORD), allowing operators to use their own credentials instead of shared admin credentials from Vault. Key changes: - Add user credential detection and validation in Service::BOSH::Director - Prioritize user credentials over admin credentials in credential detection - Support dual credential format (user/client) for BOSH CLI compatibility - Update Genesis::Env to check for user credentials first - Add comprehensive documentation and examples Benefits: - Improved security with individual user authentication - Better audit trails showing who performed each action - Reduced credential sharing across teams - Maintains full backward compatibility The implementation follows BOSH CLI standards and all existing workflows continue to work unchanged. When BOSH_USER and BOSH_PASSWORD are set, Genesis automatically uses them and sets both user and client credential formats for maximum compatibility. Note: UAA admin credential storage remains the responsibility of the BOSH kit, not Genesis core.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implement support for personal BOSH user credentials via environment
variables (BOSH_USER/BOSH_PASSWORD), allowing operators to use their
own credentials instead of shared admin credentials from Vault.
Key changes:
Benefits:
The implementation follows BOSH CLI standards and all existing workflows
continue to work unchanged. When BOSH_USER and BOSH_PASSWORD are set,
Genesis automatically uses them and sets both user and client credential
formats for maximum compatibility.
Note: UAA admin credential storage remains the responsibility of the
BOSH kit, not Genesis core.