Add HTTP/XFCCAuth endpoint in the scheduler component (#3437)

* Adds cf_Server config for scalingengine

Adds xfcc cf endpoint support to scaling engine

Remove debug println

WIP

wip

Fix warning

Initial implementation of CF ServeR

Add .trunk to .gitignore for Devbox configuration.

Add .trunk to .gitignore for Devbox configuration.

* Refactor configuration keys and update tests for cfServer in scheduler component

* Update CFServerConfiguration property prefix to camelCase

* Refactor configuration property names and update scheduler YAML

 - Rename cfServer to cf-server in configuration properties
 - Add launch.json for VSCode Java debugging setup
 - Remove destroyMethod annotation from CFServerConfig bean
 - Update application.yml to reflect new property names for cf-server

* Remove validOrgGuid validation and refactor property names in application.yml

* Updated VSCode settings and added HTTP configuration for scheduler

 • Changed VSCode Java build configuration setting from automatic to interactive
 • Added new CFHTTPConfiguration class to configure additional Tomcat connector for HTTP on port 8090
 • Set server port to 8083 and added HTTP port configuration in application.yml

* WIP: Integration test for api - scheduler cf http server endpoint

* Add gorouter CA and client certificate generation to test scripts; update gorouterproxy to handle TLS and XFCC header; extend testhelpers with localhost SANs in certs.

* Refactor XFCCAuthMiddleware and improve error handling

 • Implement NewXfccAuthMiddleware constructor for initializing middleware
 • Add XFCCAuthenticationMiddleware method to handle authentication within middleware
 • Enhance checkAuth method to include XFCC header parsing and certificate validation
 • Introduce parseXFCCHeader utility method for extracting attributes from XFCC header
 • Add getSpaceGuid and getOrgGuid methods to extract GUIDs from certificate
 • Optimize mapFrom method for parsing organizational units from certificates

* Refactor XFCC auth middleware and update gorouterproxy tests

 • Extract CheckAuth function from xfccAuthMiddleware for standalone use with org and space parameters.
 • Replace instance method calls with standalone function calls in auth checks.
 • Update gorouterproxy tests to use the new CheckAuth function and pass org and space GUIDs directly.
 • Remove debug logging from mapFrom function.

* Remove cf_server.port configuration from scheduler spec

* Exclude 'vendor' and 'integration' directories from binaries search in Makefile

* Fix function parameter and update GoRouterProxy command arguments

 - Correct the missing type for the `portToForward` parameter in `GoRouterProxy` function.
 - Update command arguments to include `--port` and `--forwardTo` flags in `GoRouterProxy`.
 - Add `GoRouterProxy` port to the `PreparePorts` function.
 - Prefix a test with `FWhen` to focus on a specific scheduler test.

* Add build-gorouterproxy target and update tests for gorouterproxy

 - Introduce a new Makefile target `build-gorouterproxy` to compile the gorouterproxy component.
 - Mark `testsuite` as a PHONY target in the Makefile.
 - Update gorouterproxy tests to check for the new startup log message.
 - Add TLS certificate and key file flags to gorouterproxy and update the main function to use provided paths if available.
 - Include additional configuration for the Golang API server in the integration tests.
 - Implement AfterEach cleanup for stopping the Golang API server and gorouterproxy in integration tests.
 - Add GoRouterProxy to the list of compiled executables in the integration suite setup.
 - Allocate a new port for GolangAPICFServer in the integration test suite.

* Increase max_connections to 1000 for PostgreSQL in Makefile

* Enhance Makefile to pass GINKGO_OPTS in test-autoscaler-suite and run Postgres container detached with corrected max_connections config

* WIP: Add SchedulerCFServer component and refactor integration tests

 - Introduce SchedulerCFServer component to handle CF server connections
 - Update integration tests to use temporary directories and URLs
 - Remove CFHTTPConfiguration class and adjust application.yml for scheduler
 - Refactor integration test code for clarity and consistency

* chore: remove self-hosted image input and add devbox installation steps

* 🤖🦾🛠️ scripts/asdf2devbox.py

* Add build-gorouterproxy target to Makefile and include in build-all target

* chore(deps): update github/codeql-action digest to 17a820b (#3471)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update google.golang.org/genproto digest to 29210b9 (#3472)

* chore(deps): update google.golang.org/genproto digest to 29210b9

* 🤖🦾🛠️ go mod tidy & make package-specs

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

* chore(deps): update ghcr.io/cloudfoundry/app-autoscaler-release-tools:main docker digest to a850ee8 (#3470)

* chore(deps): update ghcr.io/cloudfoundry/app-autoscaler-release-tools:main docker digest to a850ee8

* trigger new ci run

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: geigerj0 <112163019+geigerj0@users.noreply.github.com>

* Refactor Golang API server test configuration and remove hardcoded paths

 • Extract default API server configuration into defaultGolangAPITestConfig function
 • Remove hardcoded file paths for API info, schema validation, and service catalog
 • Simplify PrepareGolangApiServerConfig by using the new default config function
 • Clean up commented-out password hash code and other unused variables
 • Update configuration structure to match new defaults and remove unnecessary URI settings

* Refactor Golang API server configuration and tests

 • Refactor defaultGolangAPITestConfig to DefaultGolangAPITestConfig and add dbURI parameter.
 • Include Port in Server and BrokerServer configurations within DefaultGolangAPITestConfig.
 • Add Db and MetricsForwarder configurations to DefaultGolangAPITestConfig.
 • Simplify PrepareGolangApiServerConfig by removing explicit port parameters and using DefaultGolangAPITestConfig.
 • Rename writeYmlConfig to WriteYmlConfig and update its usages across test files.
 • Update test setup functions to reflect changes in configuration functions.
 • Remove redundant port and metrics forwarder URL parameters from test configurations.

* feat: replace` swagger-cli` with `redocly` for OpenAPI validation

# Issue

Redocly CLI is the recommended replacement for the deprecated
swagger-cli package

# Fix

See https://redocly.com/docs/cli/guides/migrate-from-swagger-cli

* Update GitHub Actions workflow and Devbox configuration for Java linting

 - Remove container usage from the code-style job in GitHub Actions workflow
 - Add steps to install Devbox and make its shell environment available
 - Resolve merge conflict in devbox.json by including google-java-format
 - Add google-java-format to devbox.lock with support for multiple architectures
 - Create new Makefile in src/scheduler for Java formatting and checking

* Remove echo statement from check-format target in scheduler Makefile

* Fix go linting

* Fix more linting errors

* Add scheduler's HTTP port configuration and update references in templates and specs

* Update scheduler port descriptions in spec to distinguish between HTTPS and HTTP ports

* Update GoRouterProxy command initialization and add cfserver config to scheduler template

* Simplify Java CI lint workflow by using container and removing devbox setup

* Update GitHub Actions and dependencies

 - Update devbox-install-action to v0.12.0 across workflows
 - Update CodeQL actions to latest version
 - Add devbox installation step to java-ci-lint workflow
 - Upgrade loggregator-agent-release and tlsconfig in go.mod
 - Bump chi, ginkgo, gomega, grpc, and grpc-gateway versions
 - Update indirect dependencies in go.sum

* Add makefile start scheduler task

* Small fix on gorouter proxy

* Add .DS_Store to .gitignore to exclude macOS folder metadata files

* Add removal of scheduler target directory in clean-scheduler make target

* Uses ginkgo from devbox for autoscaler tasks

* Update Makefile to include build-gorouterproxy in integration target

* Refactor VCAP configuration reader to remove error handling

 • Simplify NewVCAPConfigurationReader by removing error return value
 • Update calls to NewVCAPConfigurationReader to handle the new function signature without error checking
 • Adjust error message in NewVCAPConfigurationReader to include the error details when failing to read
   VCAP environment variables

* Add JSON encoding support and fix public API server config retrieval in autoscaler API config

* Add Scheduler TLS configuration setup in API config loading

* Refactors GetDbVcapServices into testhelpers for further reusage

* Add JSON tags to api config structs and implement FromJSON function

 • Implement FromJSON function to unmarshal JSON into config structs
 • Add JSON tags to all configuration structs to support JSON serialization and deserialization
 • Modify ToJSON function to return an error if marshaling fails
 • Add tests for ToJSON and FromJSON functions to ensure proper JSON handling
 • Fix incorrect YAML tag in cf.Config for Secret field

* Improve gorouterproxy tests and request forwarding

 - Update gorouterproxy tests to forward path from original request.
 - Enhance request forwarding in main.go to include the original request method, headers, and body.
 - Add error logging for forwarding failures and ensure the XFCC header is not empty before forwarding.

* Adds working integration test for api-scheduler when running in cf container

* Fix formating

* Update credentials key in VCAP_SERVICES for publicapiserver-config in api_test.

* Fix typo

* Rename cf-server to cfserver in scheduler config and update specs accordingly

* Add CFHTTPConfiguration class to configure additional HTTP connector for Tomcat in Cloud Foundry Autoscaler Scheduler

* Remove commented code

* Uses DBURL when creating stubed api json configuration

* Remove .vscode/settings.json from scheduler module

* Adds missing Remove All

* Remove SynchronizedAfterSuite cleanup block from integration tests

* Remove unused logging

* Fix typo

* Ensure error handling for JSON conversion in config_test.go

* Add nosec annotation to suppress G204 warning in GoRouterProxy command execution

* Rename CFHTTPConfiguration class to CfHttpConfiguration and update references

* Remove check on non empty xfcc space and org in scheduler xfcc filter

* Improve policy deletion and retrieval error handling in API tests

* Remove default HTTP port from scheduler spec and handle zero port configuration in CfHttpConfiguration

* Change logging order in scheduler xfcc filter

* Enable test case for retrieving policy with expected 404 response

* Fix sonarque issue in gorouter proxy test

* Update fly package from 7.12.0 to 7.12.1 across multiple architectures

* Fix flaky test

* Fix scheduler template spec

* Remove unused PostConstruct import from XfccFilter in scheduler module

* Remove httpcore dependency from scheduler module's pom.xml

* Update credhub-cli from 2.9.29 to 2.9.42 and specify version for temurin-bin-21

* Improves scheduler cf_server property structure

* review-commits

* scheduler-> add unit tests for filtering logic

* Removes cf configutil from helper logger

- bubble up the errors to consumers of the cf config util.

* Remove redundant devbox dependencies

* Remove build-gorouterproxy from build-all target in Makefile

* Fix java format

* Amends Abbreviation in java class name

classes must contain no more than '1' consecutive capital letters.

* Update devbox lock

* Update devbox.lock

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Remove unused dependencies from eventgenerator, operator, and scalingengine specs

 - Deleted autoscaler/configutil/* from eventgenerator, operator, and scalingengine
 - Removed autoscaler/vendor/github.com/cloud-gov/go-cfenv/* from eventgenerator and operator
 - Eliminated autoscaler/vendor/github.com/mitchellh/mapstructure/* from eventgenerator and scalingengine

* Fix missing quote in json tag for TLSClientCerts in ScalingEngineConfig

* Fix tabulation

---------

Co-authored-by: app-autoscaler-ci-bot <ApplicationAutoscaler@sap.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: geigerj0 <112163019+geigerj0@users.noreply.github.com>
Co-authored-by: Silvestre Zabala <silvestre.zabala@sap.com>
Co-authored-by: Arsalan Khan <muhammad.arsalan.khan@sap.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

.gitignore

@@ -64,6 +64,8 @@ keys/
 # <https://code.visualstudio.com/docs/editor/extension-marketplace#_workspace-recommended-extensions>
 !.vscode/extensions.json
 
+.trunk
+
 
 # ==================== 📦 Devbox ====================
 .devbox
@@ -75,3 +77,7 @@ keys/
 /result-*
 
 .direnv
+
+# # macOS system file that stores folder metadata (safe to ignore)
+.DS_Store
+

Makefile

@@ -77,6 +77,7 @@ clean-autoscaler:
 clean-scheduler:
 	@echo " - cleaning scheduler test resources"
 	@rm -rf src/scheduler/src/test/resources/certs
+	@rm -rf src/scheduler/target
 clean-certs:
 	@echo " - cleaning test certs"
 	@rm -f test-certs/*
@@ -94,7 +95,7 @@ clean-acceptance:
 build: $(all_modules)
 build-tests: build-test
 build-test: $(addprefix test_,$(go_modules))
-build-all: generate-openapi-generated-clients-and-servers build build-test build-test-app ## Build all modules and tests
+build-all: generate-openapi-generated-clients-and-servers build build-test build-test-app
 db: target/db
 target/db:
 	@echo "# building $@"
@@ -129,10 +130,12 @@ test-autoscaler: check-db_type init-db test-certs
 	@echo ' - using DBURL=${DBURL} TEST=${TEST}'
 	@make --directory='./src/autoscaler' test DBURL='${DBURL}' TEST='${TEST}'
 test-autoscaler-suite: check-db_type init-db test-certs
-	@make --directory='./src/autoscaler' testsuite TEST='${TEST}' DBURL='${DBURL}'
+	@make --directory='./src/autoscaler' testsuite TEST='${TEST}' DBURL='${DBURL}' GINKGO_OPTS='${GINKGO_OPTS}'
+
 test-scheduler: check-db_type init-db test-certs
 	@export DB_HOST=${DB_HOST}; \
-	cd src && mvn test --no-transfer-progress -Dspring.profiles.include=${db_type} && cd ..
+	make --directory='./src/scheduler' test DBURL="${DBURL}" db_type="${db_type}"
+
 test-changelog:
 	@make --directory='./src/changelog' test
 test-changeloglockcleaner: init-db test-certs
@@ -162,7 +165,8 @@ target/start-db-postgres_CI_false:
 			--health-timeout 2s \
 			--health-retries 10 \
 			-d \
-			postgres:${POSTGRES_TAG} >/dev/null;\
+			postgres:${POSTGRES_TAG} \
+			-c 'max_connections=1000' >/dev/null;\
 	else echo " - $@ already up'"; fi;
 	@touch $@
 target/start-db-postgres_CI_true:
@@ -218,7 +222,8 @@ stop-db: check-db_type
 	@docker rm -f ${db_type} &> /dev/null || echo " - we could not stop and remove docker named '${db_type}'"
 
 .PHONY: integration
-integration: generate-openapi-generated-clients-and-servers build init-db test-certs ## Run all integration tests
+integration: generate-openapi-generated-clients-and-servers build build-gorouterproxy init-db test-certs ## Run all integration tests
+
 	@echo " - using DBURL=${DBURL}"
 	@make --directory='./src/autoscaler' integration DBURL="${DBURL}"
 
@@ -248,6 +253,10 @@ $(addprefix lint_,$(go_modules)): lint_%:
 	@echo " - linting: $(patsubst lint_%,%,$@)"
 	@pushd src/$(patsubst lint_%,%,$@) >/dev/null && golangci-lint run --config ${lint_config} ${OPTS} --timeout 5m
 
+lint-gorouterproxy:
+	@echo " - linting: gorouterproxy"
+	@pushd src/autoscaler/integration/gorouterproxy >/dev/null && golangci-lint run --config ${lint_config} $(OPTS) --timeout 5m
+
 .PHONY: spec-test
 spec-test:
 	bundle install
@@ -369,6 +378,9 @@ mta-build:
 build-test-app:
 	@make --directory='./src/acceptance/assets/app/go_app' build
 
+build-gorouterproxy:
+	@make --directory='./src/autoscaler' build-gorouterproxy
+
 .PHONY: deploy-test-app
 deploy-test-app:
 	@make --directory='./src/acceptance/assets/app/go_app' deploy
@@ -457,6 +469,10 @@ go-get-u: $(addsuffix .go-get-u,$(go_modules))
 	go get -u ./...
 
 
+start-scheduler:
+	make --directory='./src/scheduler' start DBURL="${DBURL}"
+
+
 deploy-apps:
 	echo " - deploying apps"
 	DEBUG="${DEBUG}" ${CI_DIR}/autoscaler/scripts/deploy-apps.sh

devbox.lock

@@ -650,7 +650,7 @@
       }
     },
     "github:NixOS/nixpkgs/nixpkgs-unstable": {
-      "resolved": "github:NixOS/nixpkgs/b1b43d32be000928cc71250ed77f4a0a5f2bc23a?lastModified=1739698114&narHash=sha256-8S9n69Dnpg8DhfFlP0YvMGmSOY2X4kImGSPWXYNpaHM%3D"
+      "resolved": "github:NixOS/nixpkgs/632f04521e847173c54fa72973ec6c39a371211c?lastModified=1739863612&narHash=sha256-UbtgxplOhFcyjBcNbTVO8%2BHUHAl%2FWXFDOb6LvqShiZo%3D"
     },
     "glibcLocales@latest": {
       "last_modified": "2025-02-07T11:26:36Z",

jobs/scheduler/spec

@@ -36,8 +36,11 @@ packages:
 
 properties:
   autoscaler.scheduler.port:
-    description: "Scheduler's port"
+    description: "Scheduler's https port"
     default: 6102
+  autoscaler.scheduler.http.port:
+    description: "Scheduler's http port"
+    default: 0
   autoscaler.scheduler.http_client_timeout:
     description: "Http client imeout for scheduler to communicate with other autoscaler components, in seconds"
     default: 60
@@ -57,6 +60,14 @@ properties:
     default: 3
     description: "Maximum number of notification sent to scaling engine for job re-schedule"
 
+  autoscaler.scheduler.cf_server.xfcc.valid_org_guid:
+    description: approve org guid for xfcc endpoint
+    default: ''
+
+  autoscaler.scheduler.cf_server.xfcc.valid_space_guid:
+    description: approve space guid for xfcc endpoint
+    default: ''
+
   autoscaler.scheduler.scaling_engine.host:
     description: "URL where Scaling-engine is running"
     default: "scalingengine.service.cf.internal"

jobs/scheduler/templates/scheduler.yml.erb

@@ -164,11 +164,18 @@ scheduler:
 ############################################################
 server:
   port: <%=p('autoscaler.scheduler.port') %>
+  http:
+    port: <%=p('autoscaler.scheduler.http.port') %>
   ssl:
     ciphers: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     enabled-protocols: TLSv1.3
     bundle: "server"
     client-auth: NEED
 
+cfserver:
+  validOrgGuid: <%= p("autoscaler.scheduler.cf_server.xfcc.valid_org_guid") %>
+  validSpaceGuid: <%= p("autoscaler.scheduler.cf_server.xfcc.valid_space_guid") %>
+
+
 #User added properties
 <%=p('autoscaler.scheduler.application.props')%>

packages/eventgenerator/spec

@@ -12,7 +12,6 @@ files:
 - autoscaler/vendor/google.golang.org/protobuf/types/descriptorpb/*
 - autoscaler/cf/* # gosub
 - autoscaler/collection/* # gosub
-- autoscaler/configutil/* # gosub
 - autoscaler/db/* # gosub
 - autoscaler/db/sqldb/* # gosub
 - autoscaler/envelopeprocessor/* # gosub
@@ -45,7 +44,6 @@ files:
 - autoscaler/vendor/github.com/cenk/backoff/* # gosub
 - autoscaler/vendor/github.com/cenkalti/backoff/v4/* # gosub
 - autoscaler/vendor/github.com/cespare/xxhash/v2/* # gosub
-- autoscaler/vendor/github.com/cloud-gov/go-cfenv/* # gosub
 - autoscaler/vendor/github.com/facebookgo/clock/* # gosub
 - autoscaler/vendor/github.com/felixge/httpsnoop/* # gosub
 - autoscaler/vendor/github.com/go-logr/logr/* # gosub
@@ -84,7 +82,6 @@ files:
 - autoscaler/vendor/github.com/klauspost/compress/internal/snapref/* # gosub
 - autoscaler/vendor/github.com/klauspost/compress/zstd/* # gosub
 - autoscaler/vendor/github.com/klauspost/compress/zstd/internal/xxhash/* # gosub
-- autoscaler/vendor/github.com/mitchellh/mapstructure/* # gosub
 - autoscaler/vendor/github.com/munnerz/goautoneg/* # gosub
 - autoscaler/vendor/github.com/openzipkin/zipkin-go/idgenerator/* # gosub
 - autoscaler/vendor/github.com/openzipkin/zipkin-go/model/* # gosub

packages/operator/spec

@@ -9,7 +9,6 @@ files:
 - autoscaler/vendor/*
 - autoscaler/operator/db/*
 - autoscaler/cf/* # gosub
-- autoscaler/configutil/* # gosub
 - autoscaler/db/* # gosub
 - autoscaler/db/sqldb/* # gosub
 - autoscaler/healthendpoint/* # gosub
@@ -30,7 +29,6 @@ files:
 - autoscaler/vendor/filippo.io/edwards25519/field/* # gosub
 - autoscaler/vendor/github.com/beorn7/perks/quantile/* # gosub
 - autoscaler/vendor/github.com/cespare/xxhash/v2/* # gosub
-- autoscaler/vendor/github.com/cloud-gov/go-cfenv/* # gosub
 - autoscaler/vendor/github.com/go-logr/logr/* # gosub
 - autoscaler/vendor/github.com/go-logr/logr/funcr/* # gosub
 - autoscaler/vendor/github.com/go-logr/stdr/* # gosub
@@ -64,7 +62,6 @@ files:
 - autoscaler/vendor/github.com/klauspost/compress/internal/snapref/* # gosub
 - autoscaler/vendor/github.com/klauspost/compress/zstd/* # gosub
 - autoscaler/vendor/github.com/klauspost/compress/zstd/internal/xxhash/* # gosub
-- autoscaler/vendor/github.com/mitchellh/mapstructure/* # gosub
 - autoscaler/vendor/github.com/munnerz/goautoneg/* # gosub
 - autoscaler/vendor/github.com/openzipkin/zipkin-go/idgenerator/* # gosub
 - autoscaler/vendor/github.com/openzipkin/zipkin-go/model/* # gosub

packages/scalingengine/spec

@@ -9,7 +9,6 @@ files:
 - autoscaler/vendor/*
 - autoscaler/scalingengine/db/*
 - autoscaler/cf/* # gosub
-- autoscaler/configutil/* # gosub
 - autoscaler/db/* # gosub
 - autoscaler/db/sqldb/* # gosub
 - autoscaler/healthendpoint/* # gosub
@@ -36,7 +35,6 @@ files:
 - autoscaler/vendor/filippo.io/edwards25519/field/* # gosub
 - autoscaler/vendor/github.com/beorn7/perks/quantile/* # gosub
 - autoscaler/vendor/github.com/cespare/xxhash/v2/* # gosub
-- autoscaler/vendor/github.com/cloud-gov/go-cfenv/* # gosub
 - autoscaler/vendor/github.com/dlclark/regexp2/* # gosub
 - autoscaler/vendor/github.com/dlclark/regexp2/syntax/* # gosub
 - autoscaler/vendor/github.com/fatih/color/* # gosub
@@ -81,7 +79,6 @@ files:
 - autoscaler/vendor/github.com/klauspost/compress/zstd/internal/xxhash/* # gosub
 - autoscaler/vendor/github.com/mattn/go-colorable/* # gosub
 - autoscaler/vendor/github.com/mattn/go-isatty/* # gosub
-- autoscaler/vendor/github.com/mitchellh/mapstructure/* # gosub
 - autoscaler/vendor/github.com/munnerz/goautoneg/* # gosub
 - autoscaler/vendor/github.com/ogen-go/ogen/conv/* # gosub
 - autoscaler/vendor/github.com/ogen-go/ogen/http/* # gosub

scripts/generate_test_certs.sh

@@ -21,6 +21,11 @@ ${CERTSTRAP} --depot-path "${depot_path}" init --passphrase '' --common-name log
 mv -f "${depot_path}"/loggregatorCA.crt "${depot_path}"/loggregator-ca.crt
 mv -f "${depot_path}"/loggregatorCA.key "${depot_path}"/loggregator-ca.key
 
+# CA to distribute to dummy gorouter ca certs
+${CERTSTRAP} --depot-path "${depot_path}" init --passphrase '' --common-name gorouterCA --years "20"
+mv -f "${depot_path}"/gorouterCA.crt "${depot_path}"/gorouter-ca.crt
+mv -f "${depot_path}"/gorouterCA.key "${depot_path}"/gorouter-ca.key
+
 # CA to distribute to dummy syslog emitter certs
 ${CERTSTRAP} --depot-path "${depot_path}" init --passphrase '' --common-name LogCacheSyslogServerCA --years "20"
 mv -f "${depot_path}"/LogCacheSyslogServerCA.crt "${depot_path}"/log-cache-syslog-server-ca.crt
@@ -96,6 +101,10 @@ ${CERTSTRAP} --depot-path "${depot_path}" sign log-cache --CA autoscaler-ca --ye
 ${CERTSTRAP} --depot-path "${depot_path}" request-cert --passphrase '' --domain postgres,mysql --ip 127.0.0.1
 ${CERTSTRAP} --depot-path "${depot_path}" sign postgres --CA autoscaler-ca --years "20"
 
+# gorouter client certificate
+${CERTSTRAP} --depot-path "${depot_path}" request-cert --passphrase '' --domain gorouter --ip 127.0.0.1
+${CERTSTRAP} --depot-path "${depot_path}" sign gorouter --CA gorouter-ca --years "20"
+
 # mTLS client certificate for local testing
 ## certstrap with multiple OU not working at the moment. Pull request is created in the upstream. Therefore, using openssl at the moment
 ## https://github.com/square/certstrap/pull/120

spec/jobs/scheduler/scheduler_spec.rb

@@ -12,6 +12,24 @@
   let(:properties) { YAML.safe_load(fixture("scheduler.yml").read) }
   let(:rendered_template) { YAML.safe_load(template.render(properties)) }
 
+  context "cf server" do
+    it "default http port set to 0 - disabled" do
+      expect(rendered_template["server"]["http"]["port"]).to eq(0)
+    end
+
+    it "defaults xfcc valid org and space" do
+      properties["autoscaler"]["scheduler"] = {}
+      properties["autoscaler"]["scheduler"]["cf_server"] = {}
+      properties["autoscaler"]["scheduler"]["cf_server"]["xfcc"] = {
+        "valid_org_guid" => "some-valid-org-guid",
+        "valid_space_guid" => "some-valid-space-guid"
+      }
+
+      expect(rendered_template["cfserver"]["validOrgGuid"]).to eq(properties["autoscaler"]["scheduler"]["cf_server"]["xfcc"]["valid_org_guid"])
+      expect(rendered_template["cfserver"]["validSpaceGuid"]).to eq(properties["autoscaler"]["scheduler"]["cf_server"]["xfcc"]["valid_space_guid"])
+    end
+  end
+
   context "Health Configuration" do
     it "does set neither username nor password if not configured" do
       properties["autoscaler"]["scheduler"] = {
@@ -90,7 +108,6 @@
     it "verify database username and password have string types" do
       rendered_template = YAML.safe_load(template.render(properties))
 
-      print rendered_template
       expect(rendered_template["spring"]["datasource"]["username"]).to be_kind_of(String)
       expect(rendered_template["spring"]["datasource"]["username"]).not_to be_kind_of(Float)
       expect(rendered_template["spring"]["datasource"]["username"]).not_to eq(2222e123)

src/acceptance/api/api_test.go

@@ -82,13 +82,13 @@ var _ = Describe("AutoScaler Public API", func() {
 	When("no scaling policy is set", func() {
 
 		BeforeEach(func() {
-			_, status := deletePolicy()
-			Expect(status).To(Or(Equal(200), Equal(404)))
+			response, status := deletePolicy()
+			Expect(status).To(Or(Equal(200), Equal(404)), fmt.Sprintf("failed to delete policy, received response: %s", string(response)))
 		})
 
 		It("should fail with 404 when retrieve policy", func() {
-			_, status := getPolicy()
-			Expect(status).To(Equal(404))
+			response, status := getPolicy()
+			Expect(status).To(Equal(404), fmt.Sprintf("failed to get policy, received response: %s", string(response)))
 		})
 
 		It("should succeed to create a valid policy", func() {

src/autoscaler/Makefile

@@ -22,7 +22,7 @@ EXTENSION_FILE := $(shell mktemp)
 export GOWORK=off
 BUILDFLAGS := -ldflags '-linkmode=external'
 
-binaries=$(shell find . -name "main.go" -exec dirname {} \; |  cut -d/ -f2 | sort | uniq | grep -v vendor)
+binaries=$(shell find . -name "main.go" -exec dirname {} \; |  cut -d/ -f2 | sort | uniq | grep -Ev "vendor|integration")
 test_dirs=$(shell find . -name "*_test.go" -exec dirname {} \; |  cut -d/ -f2 | sort | uniq)
 export GO111MODULE=on
 
@@ -124,10 +124,16 @@ test: generate-fakes
 	@echo "Running tests"
 	APP_AUTOSCALER_TEST_RUN='true' ginkgo -p ${GINKGO_OPTS} ${TEST} --skip-package='integration'
 
-testsuite:
+.PHONY: testsuite
+testsuite: build-gorouterproxy
 	@echo " - using DBURL=${DBURL} TEST=${TEST}"
 	APP_AUTOSCALER_TEST_RUN='true' ginkgo -p ${GINKGO_OPTS} ${TEST}
 
+.PHONY: build-gorouterproxy
+build-gorouterproxy:
+	@echo "# building gorouterproxy"
+	@CGO_ENABLED=1 go build $(BUILDTAGS) $(BUILDFLAGS) -o build/gorouterproxy integration/gorouterproxy/main.go
+
 .PHONY: integration
 integration: generate-fakes
 	@echo "# Running integration tests"

src/autoscaler/api/cmd/api/api_test.go

@@ -390,7 +390,7 @@ func getVcapServices() (result string) {
 	}
 
 	result = `{
-			"user-provided": [ { "name": "config", "tags": ["publicapiserver-config"], "credentials": { "publicapiserver": { } }}],
+			"user-provided": [ { "name": "config", "tags": ["publicapiserver-config"], "credentials": { "publicapiserver-config": { } }}],
 			"autoscaler": [ {
 				"name": "some-service",
 				"credentials": {

src/autoscaler/api/cmd/api/main.go

@@ -36,7 +36,6 @@ func main() {
 	vcapConfiguration, err := configutil.NewVCAPConfigurationReader()
 	if err != nil {
 		_, _ = fmt.Fprintf(os.Stdout, "failed to read vcap configuration : %s\n", err.Error())
-		os.Exit(1)
 	}
 
 	conf, err = config.LoadConfig(path, vcapConfiguration)