Unable to update ssh-proxy uaa client secret with no downtime

[andrew-edgar]

Thank you for submitting an issue to the diego-release repository. We appreciate the feedback. To help us address your issue, please fill out the sections in the following template to the best of your ability:

Summary

We need to roll the uaa client secrets. There is noway to do this in UAA and the only option would be having 2 client-ids that would both work. the diego-ssh (and possibly other components) does NOT expose the uaa client id. (I think it used to) but now it's hard coded in the .erb as "ssh-proxy"

Expected Result

I should be able to roll uaa client secrets using bosh with zero downtime,

Actual Result

When changing the client secret for ssh-proxy we have downtime between when uaa updates and when the scheduler vms update.

Steps to Reproduce

Change the secret for ssh-proxy in the bosh manifest. Then roll the deployment and test if ssh access is continuously available.

Possible Causes or Fixes (optional)

You can expose the uaa_username for ssh-proxy so I can have multiple client ids that work

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/167183147

The labels on this github issue will be updated when the story is started.

[heyjcollins]

As this item has been open for quite a long time, and given current priorities and resource availability we're not going to be in a position to work on this so I'm going to go ahead and close it.