Amit-PivotalLabs/Cleanroom.md

## Cleanroom.md

      
    Raw
  

              Cleanroom.md
            
          
    Cleanroom


Do you sometimes want to run performance benchmarks, stress/load tests, or security vulnerability probes against a shared integration environment, or even a production environment?
Do you worry about polluting these environments, or not leaving any audit trail when things go wrong?

Here are a couple scripts to setup, and later teardown, a cleanroom environment (user, org, space, quota) for doing just these kinds of experiments.
Example

$ ./setup_cleanroom.sh                                 \
  ~/workspace/deployments-runtime/stubs/cf/cf-stub.yml \
  rboshman                                             \
  test-ruby-cve-oct-13                                 \
  $(hostname | md5 | head -c 10) # <- hard-to-guess semi-deterministic password
...
You're now free to move about your cleanroom org: 'rboshman-test-ruby-cve-oct-13'.

$ # push apps and stuff

$ ./teardown_cleanroom.sh                              \
  ~/workspace/deployments-runtime/stubs/cf/cf-stub.yml \
  rboshman                                             \
  test-ruby-cve-oct-13                                 \
  $(hostname | md5 | head -c 10)
...
Cleanliness is next to cloudiness.


## setup_cleanroom.sh
#!/bin/sh

set -e -u

command -v cf > /dev/null || { echo "'cf' is required; brew tap pivotal/tap && brew install cloudfoundry-cli"; exit 1; }
command -v uaac > /dev/null || { echo "'uaac' is required; gem install cf-uaac"; exit 1; }

if [ $# -ne 4 -a $# -ne 5 ]; then
  echo "Usage: $0 PATH_TO_CF_MANIFEST_OR_STUB YOUR_NAME EXPERIMENT_PURPOSE CLEANROOM_USER_PASSWORD [--skip-ssl-validation]"
  exit 1
fi

skip_ssl_flag=""
if [ $# -eq 5 ]; then
  if [ "$5" != "--skip-ssl-validation" ]; then
  echo "Usage: $0 PATH_TO_CF_MANIFEST_OR_STUB YOUR_NAME EXPERIMENT_PURPOSE CLEANROOM_USER_PASSWORD [--skip-ssl-validation]"
    exit 1
  else
    skip_ssl_flag=" --skip-ssl-validation"
  fi
fi

cf_data=$1
name=$2
purpose=$3
password=$4
slug="${name}-${purpose}"
email="${slug}@test.test"

system_domain=$(ruby -ryaml -e "puts YAML.load_file('$cf_data')['properties']['system_domain']")
admin_client_secret=$(ruby -ryaml -e "puts YAML.load_file('$cf_data')['properties']['uaa']['admin']['client_secret']")

uaac target uaa.${system_domain} ${skip_ssl_flag}
uaac token client get admin --secret ${admin_client_secret}
uaac user add "${email}" --emails "${email}" --password "${password}"
uaac member add cloud_controller.admin "${email}"

cf api api.${system_domain} ${skip_ssl_flag}
cf auth "${email}" "${password}"
cf create-org "${slug}"
cf target -o "${slug}"
cf create-space "${slug}"
cf target -s "${slug}"
cf create-quota "${slug}" -m 100G -r 500 -i -1
cf set-quota "${slug}" "${slug}"

echo "You're now free to move about your cleanroom org: '${slug}'".

## teardown_cleanroom.sh
#!/bin/sh

set -e -u

command -v cf > /dev/null || { echo "'cf' is required; brew tap pivotal/tap && brew install cloudfoundry-cli"; exit 1; }
command -v uaac > /dev/null || { echo "'uaac' is required; gem install cf-uaac"; exit 1; }

if [ $# -ne 4 -a $# -ne 5 ]; then
  echo "Usage: $0 PATH_TO_CF_MANIFEST_OR_STUB YOUR_NAME EXPERIMENT_PURPOSE CLEANROOM_USER_PASSWORD [--skip-ssl-validation]"
  exit 1
fi

skip_ssl_flag=""
if [ $# -eq 5 ]; then
  if [ "$5" != "--skip-ssl-validation" ]; then
  echo "Usage: $0 PATH_TO_CF_MANIFEST_OR_STUB YOUR_NAME EXPERIMENT_PURPOSE CLEANROOM_USER_PASSWORD [--skip-ssl-validation]"
    exit 1
  else
    skip_ssl_flag=" --skip-ssl-validation"
  fi
fi

cf_data=$1
name=$2
purpose=$3
password=$4
slug="${name}-${purpose}"
email="${slug}@test.test"

system_domain=$(ruby -ryaml -e "puts YAML.load_file('$cf_data')['properties']['system_domain']")
admin_client_secret=$(ruby -ryaml -e "puts YAML.load_file('$cf_data')['properties']['uaa']['admin']['client_secret']")

cf api api.${system_domain} ${skip_ssl_flag}
cf auth "${email}" "${password}"
cf delete-org "${slug}" -f
cf delete-quota "${slug}" -f

uaac target uaa.${system_domain} ${skip_ssl_flag}
uaac token client get admin --secret ${admin_client_secret}
uaac user delete "${email}"

echo "Cleanliness is next to cloudiness."
	#!/bin/sh

	set -e -u

	command -v cf > /dev/null \|\| { echo "'cf' is required; brew tap pivotal/tap && brew install cloudfoundry-cli"; exit 1; }
	command -v uaac > /dev/null \|\| { echo "'uaac' is required; gem install cf-uaac"; exit 1; }

	if [ $# -ne 4 -a $# -ne 5 ]; then
	echo "Usage: $0 PATH_TO_CF_MANIFEST_OR_STUB YOUR_NAME EXPERIMENT_PURPOSE CLEANROOM_USER_PASSWORD [--skip-ssl-validation]"
	exit 1
	fi

	skip_ssl_flag=""
	if [ $# -eq 5 ]; then
	if [ "$5" != "--skip-ssl-validation" ]; then
	echo "Usage: $0 PATH_TO_CF_MANIFEST_OR_STUB YOUR_NAME EXPERIMENT_PURPOSE CLEANROOM_USER_PASSWORD [--skip-ssl-validation]"
	exit 1
	else
	skip_ssl_flag=" --skip-ssl-validation"
	fi
	fi

	cf_data=$1
	name=$2
	purpose=$3
	password=$4
	slug="${name}-${purpose}"
	email="${slug}@test.test"

	system_domain=$(ruby -ryaml -e "puts YAML.load_file('$cf_data')['properties']['system_domain']")
	admin_client_secret=$(ruby -ryaml -e "puts YAML.load_file('$cf_data')['properties']['uaa']['admin']['client_secret']")

	uaac target uaa.${system_domain} ${skip_ssl_flag}
	uaac token client get admin --secret ${admin_client_secret}
	uaac user add "${email}" --emails "${email}" --password "${password}"
	uaac member add cloud_controller.admin "${email}"

	cf api api.${system_domain} ${skip_ssl_flag}
	cf auth "${email}" "${password}"
	cf create-org "${slug}"
	cf target -o "${slug}"
	cf create-space "${slug}"
	cf target -s "${slug}"
	cf create-quota "${slug}" -m 100G -r 500 -i -1
	cf set-quota "${slug}" "${slug}"

	echo "You're now free to move about your cleanroom org: '${slug}'".