The document discusses new team support features in Concourse CI 2.0. It introduces the ability to have multiple teams with separate pipelines and builds. Authentication and authorization can now be configured separately for each team using various providers like Basic auth, GitHub teams, Cloud Foundry UAA, and generic OAuth 2. Commands to configure the authentication for each team using the different providers are also shown.

1. ‹#›© 2016 Pivotal Software, Inc. All rights reserved. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Team Support
in Concourse CI 2.0
Toshiaki Maki
2016-09-08 #concourse_tokyo

2. © 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?
• Toshiaki Maki (@making) http://blog.ik.am
• Sr. Solutions Architect @Pivotal
• Spring Framework enthusiast
bit.ly/spring-book

3. © 2016 Pivotal Software, Inc. All rights reserved.
Who am I ?
• Toshiaki Maki (@making) http://blog.ik.am
• Sr. Solutions Architect @Pivotal
• Spring Framework enthusiast
bit.ly/spring-book

4. © 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0
• 2 types of Authentication / Authorization

5. © 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0
• 2 types of Authentication / Authorization
Basic
😎

6. © 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0
• 2 types of Authentication / Authorization
Github TeamBasic
😎

7. © 2016 Pivotal Software, Inc. All rights reserved.
Before 2.0
• 2 types of Authentication / Authorization
Github TeamBasic
😎
•No multi tenancy
•All pipelines/builds are
for only 1 team

8. © 2016 Pivotal Software, Inc. All rights reserved.
Multiple Teams from 2.0 !!
•separate namespace for pipelines/builds
•main team (=admin) and other teams
•multiple providers are supported
• Basic
• Github Team
• Cloud Foundry's UAA
• Generic OAuth 2

9. © 2016 Pivotal Software, Inc. All rights reserved.
Github TeamGithub TeamBasicBasicTeam A Team B
😎

10. © 2016 Pivotal Software, Inc. All rights reserved.
Github TeamGithub TeamBasicBasicTeam A Team B
😎

11. © 2016 Pivotal Software, Inc. All rights reserved.
provider multi users
per team
multi teams
per provider
Basic 💔 💔
Github 💖 💖
(team)
UAA 💖 💖
(space)
OAuth 2 💖 💔
(depends on impl)

12. © 2016 Pivotal Software, Inc. All rights reserved.
Basic
$ fly -t foo set-team -n team-a
--basic-auth-username=foo
--basic-auth-password=foo

13. © 2016 Pivotal Software, Inc. All rights reserved.
Github
$ fly -t foo set-team -n team-b
--github-auth-client-id=xxxx
--github-auth-client-secret=xxxx
--github-auth-team=yourorg/yourteam
callback url = https://<concourse url>/auth/github/callback

14. © 2016 Pivotal Software, Inc. All rights reserved.
UAA
$ fly -t foo set-team -n team-b
--uaa-auth-client-id=xxxx
--uaa-auth-client-secret=xxxx
--uaa-auth-url=https://xxx/oauth/authorize
--uaa-auth-token-url=https://xxx/oauth/token
--uaa-auth-cf-url=https://api.xxx
--uaa-auth-cf-space=xxxx
callback url = https://<concourse url>/auth/uaa/callback

15. © 2016 Pivotal Software, Inc. All rights reserved.
Generic OAuth 2
$ fly -t foo set-team -n team-d
--generic-oauth-display=name='X'
--generic-oauth-client-id=xxxx
--generic-oauth-client-secret=xxxx
--generic-oauth-auth-url=https://...
--generic-oauth-token-url=https://...
callback url =
https://<concourse url>/auth/oauth/callback
OAuth provider should be private

16. © 2016 Pivotal Software, Inc. All rights reserved.
Combination
$ fly -t foo set-team -n team-e
--basic-auth-...=...
--github-auth-...=...
--uaa-auth-...=...
--generic-oauth-...=...

17. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.

18. ‹#›© 2016 Pivotal Software, Inc. All rights reserved.
Demo

19. © 2016 Pivotal Software, Inc. All rights reserved.
[Ads] Cloud Foundry Workshop
• http://pivotal-japan.connpass.com/