Update Concourse auth for 4.x series

The way in which the BOSH atc job receives its lists of Concourse users who can access CI, both via hardcoded credentials and Github OAuth, has changed. [1], [2]. [1] https://github.com/concourse/concourse-bosh-release/blob/master/jobs/atc/spec#L371 [2] https://github.com/concourse/concourse-bosh-release/blob/master/jobs/atc/spec#L376
alphagov · Sep 24, 2018 · a2c1210 · a2c1210
1 parent 338cf2d
commit a2c1210
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 20 deletions.
diff --git a/manifests/concourse-manifest/concourse-base.yml b/manifests/concourse-manifest/concourse-base.yml
@@ -100,9 +100,14 @@ instance_groups:
         release: concourse
         properties:
           external_url: (( concat "https://" terraform_outputs.concourse_dns_name ))
-          basic_auth_username: admin
-          basic_auth_password: (( grab secrets.concourse_atc_password ))
+          add_local_users:
+            - (( concat "admin:" secrets.concourse_atc_password ))
           auth_duration: (( grab $CONCOURSE_AUTH_DURATION ))
+          main_team:
+            auth:
+              local:
+                users:
+                - admin
           postgresql:
             database: atc
             role:

diff --git a/manifests/concourse-manifest/github_auth/config.yml b/manifests/concourse-manifest/github_auth/config.yml
@@ -8,13 +8,16 @@ instance_groups:
           github_auth:
             client_id: (( grab $GITHUB_CLIENT_ID ))
             client_secret: (( grab $GITHUB_CLIENT_SECRET ))
-            authorize:
-              - user: 46bit
-              - user: alext
-              - user: chrisfarms
-              - user: henrytk
-              - user: keymon
-              - user: LeePorte
-              - user: paroxp
-              - user: richardTowers
-              - user: samcrang
+          main_team:
+            auth:
+              github:
+                users:
+                - 46bit
+                - alext
+                - chrisfarms
+                - henrytk
+                - keymon
+                - LeePorte
+                - paroxp
+                - richardTowers
+                - samcrang
diff --git a/manifests/concourse-manifest/github_auth/dev_ci_additional_users.yml b/manifests/concourse-manifest/github_auth/dev_ci_additional_users.yml
@@ -6,10 +6,12 @@ instance_groups:
     jobs:
       - name: atc
         properties:
-          github_auth:
-            authorize:
-              - (( append ))
-              - user: blairboy362
-              - user: jpluscplusm
-              - user: tlwr
-              - user: venusbb
+          main_team:
+            auth:
+              github:
+                users:
+                  - (( append ))
+                  - blairboy362
+                  - jpluscplusm
+                  - tlwr
+                  - venusbb
diff --git a/manifests/concourse-manifest/spec/manifest_generation_spec.rb b/manifests/concourse-manifest/spec/manifest_generation_spec.rb
@@ -35,7 +35,7 @@ def merge_fixtures(fixtures)
 
   it "gets values from secrets" do
     expect(
-      atc_job.fetch("properties").fetch("basic_auth_password")
+      atc_job.fetch("properties").fetch("add_local_users")[0].split(':', 2)[1]
     ).to eq(concourse_secrets_value("concourse_atc_password"))
   end
 end