cloudfoundry · jvshahid · Mar 15, 2017 · Mar 9, 2017
@@ -1017,3 +1017,89 @@ property_overrides:
         I0YSumzEeQMcFbg0LUYayZ9PlhPgLosMba9BDK/K244OZvmGyRr1ANnnASsQg4cK
         vsHDEV4jBWxHAw41ArfNLg9vA8ojf/1EU4E2d5GU5fVe
         -----END CERTIFICATE-----
+  cc_uploader:
+    cc:
+      client_cert: |
+        -----BEGIN CERTIFICATE-----
+        MIIEIjCCAgqgAwIBAgIRAKvKRcJmrPpUQSmougsN2oIwDQYJKoZIhvcNAQELBQAw
+        EDEOMAwGA1UEAxMFYmJzQ0EwHhcNMTcwMzA3MjAyMDQ3WhcNMTkwMzA3MjAyMDQ3
+        WjAWMRQwEgYDVQQDDAtjY191cGxvYWRlcjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+        ADCCAQoCggEBAJKtmuPJYqW2n/vgU5Idu6hsgtG/GTahlCEFg3JwSADZb2h4ciyD
+        yC/NTtVmFydl5RQp8FT4TDvzzEUvS410KyLeVsVIBGFqpPI2zVN6IsonFS1GQjC1
+        2mdJx+6bIIwCN9t89qUZ4Xi6x8MZUNWeRH+9kS9XovAjq8Z+GyEaXrM+PsxiGa8t
+        bmxDANTX4ftoI2HGYK18oSJNNHZsRRlh3M/tAYQwlAbq1oyoSaKRESsDnRXih+3I
+        CUOOIcdj2zWPoMbzvczvC9+rY8O6n2tadecAHwWn2p76juSNAUxCwTIFwcqu5leu
+        46zEJMFFbUczHoYR05v7OPNE85qGnx7QSfsCAwEAAaNxMG8wDgYDVR0PAQH/BAQD
+        AgO4MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAdBgNVHQ4EFgQUBKzC
+        xgL5oUwhn3RXxpMhfqmY/SkwHwYDVR0jBBgwFoAU2HFnsP9JOWRvKvDs5YSkjx+r
+        /LMwDQYJKoZIhvcNAQELBQADggIBABiORxMw4vkMVFM8/53JDX9XlWn+dqZqd1K8
+        dxuuWcMF0esTc9mcTpZh1PoMOTapAvocyLNSgxOZVPE5nG0WXR+RvjTJm3R9Oj0e
+        h8tTrfu+wiBVpBcvViUI1QqIMvUZhGKmJi/hi3jPKEF3qzCIW2rwBsFEtC4XYAdS
+        mp5Rp+OIQ5+Bd0PisV/UuRJdutcol/eIppgYORbwNnrOqo80P1Uews56B3qegX80
+        EF7kV45z6iyE5zmSyaQmPeC0SmcKGMTsrrYCKefPXys3v/tqURwtknV7O4soSmI4
+        gvBUzPjNm0eZ5ALL+rP37Q/rjZGiRHgpUuQOnbUhzwDx8lfpgP7x9/BBC43cK2d0
+        +Dz6u+Edn3JUmtKd0fR30kb6dwApiTAwrRTrRU9ruKkvO4h79fWfSrObtkJbuYTI
+        ZDy+yTqU/a2/Yf7p4E/0A5KWRmSJisIU3OEHwoElfKUHMjhDXE59muY5t4gjnxC1
+        yp30k3gi5AKQ5IQ5eJhHYjdtJ2wycUx15KVLTdDYZCxdgv1Qt1hWCsW4/gi1PyID
+        biK8gzDiLZk9NbYKbkbla722mefYFVijY10zc5+TW0wclPDPruVrnHZc3dk2XRU6
+        nqs+JOi2f77k3JBj2+vSYadnAEsd801Z37Pm7td4XrPLzsOpenqyoFmB0JBYPz1l
+        9dO0xzBb
+        -----END CERTIFICATE-----
+      client_key: |
+        -----BEGIN RSA PRIVATE KEY-----
+        MIIEpAIBAAKCAQEAkq2a48lipbaf++BTkh27qGyC0b8ZNqGUIQWDcnBIANlvaHhy
+        LIPIL81O1WYXJ2XlFCnwVPhMO/PMRS9LjXQrIt5WxUgEYWqk8jbNU3oiyicVLUZC
+        MLXaZ0nH7psgjAI323z2pRnheLrHwxlQ1Z5Ef72RL1ei8COrxn4bIRpesz4+zGIZ
+        ry1ubEMA1Nfh+2gjYcZgrXyhIk00dmxFGWHcz+0BhDCUBurWjKhJopERKwOdFeKH
+        7cgJQ44hx2PbNY+gxvO9zO8L36tjw7qfa1p15wAfBafanvqO5I0BTELBMgXByq7m
+        V67jrMQkwUVtRzMehhHTm/s480TzmoafHtBJ+wIDAQABAoIBAQCFVs58jqFf1eIf
+        /jDanq7ukB5ogFlyYXaggjuZd9rs8r0lcoEQWIhOdExbEGCyDx4ts2ZoSAQ9aAbl
+        SfZb1CQ2oXquAycATAtAqXMElP41WUwWCU24rEisJtVa4qi2vnl6zWIGer2Om/Vn
+        NYdXenX4ziLCr99OgI7ydcdB05ANToNCkMKkfbqAb72OaEBe6R0D3EdRpZ0vRssf
+        n5F+zz+rv8Lf2pyGJ+9BvONfqw02D/ndslD+bE2wzOrZn5g2kUFRQ8f59OdaKK7j
+        HyjCiyGljydvDgAkNJyE/uZUyZqTrNw8OgP2dKHXC3DdUk5OCg/YlTL6NDaQNjlA
+        73b2JAlpAoGBAMNRyfjaECi+ac0temW3X0ii8+ck2JCxD8b7mY9cwpYZBOonE22g
+        zhtQZUe4lrlmmOtk01sR5P3hAsmsLtIA9TfqNjYJOV5Jy0oV0N/aYlpzmU5v9yy+
+        ulV7CdNTIIbgThMuiEEKy21MvTaM1oPL8Py2ih9CRx2s4EQmMheZutJXAoGBAMA/
+        QeeQ2NE9RpBRLFv15GzXl8cJ0P50q0TlwjEfVUJPYv2AgX7K6r0gobUsE4K6Tzyh
+        hmVOD2WvY3cwK42jGPShrZ836szQw9xJBBW67woyDebw38OzCPdvHAv9Z7iSQG3N
+        hrh63iQ5ELlBIDBkienNIvFSkdxbaAbCZgkfRqb9AoGAH27jNTRK03PJbSa7gvEe
+        2X64B+PrImYMZvaIwQSpoCRIoTJGsybk5Ipssj0nrJCxXXitdwOLObxjiXc3Vb6n
+        uCbuMIYNgHoZyEN4iP4JRAtEidYFDmNnc2hIrYS8QFiK2BVuAiGtmVp3PPcvcqh4
+        kQMDeYJeFY2DzhPjjd7ErSMCgYBAvw07KBVdov147V27Ov1LivCbIDs696AW/CqC
+        0MKuKn50UitKwJx+RdcwZT/M72JwURYqWDfnT0J4icihUyS8fxcyYGq7wDO2pQCz
+        MNoA3QrBlK5IAqwqaUlQ4G9mQhtg369Xwkm+eVmgisaEhdfM3kG+dMibJk3KuP4U
+        ZGwvIQKBgQC8eHpQO008Fr09iJLFf5sGafppx3xvDQBE25s1Dwm4EkLytiUFbTq0
+        iyWTwfESjW5Z89QyL0C+/UqguYuhX6NQmfPYa8gZGxAAfm7kbUmLD2eYuFFvQen2
+        +swie3/jwbmKrTqSZfTatXzgWpFtgvotdeoauYA/XlFdaC2zdfYycQ==
+        -----END RSA PRIVATE KEY-----
+      ca_cert: |
+        -----BEGIN CERTIFICATE-----
+        MIIE/TCCAuegAwIBAgIBATALBgkqhkiG9w0BAQswEDEOMAwGA1UEAxMFYmJzQ0Ew
+        HhcNMTUwOTE1MjIyOTE4WhcNMjUwOTE1MjIyOTIxWjAQMQ4wDAYDVQQDEwViYnND
+        QTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKjxJkuxVD5jrls2jXfB
+        ZsWd3HisgpdpgrTObOeJnrb6g4BB7GOSqMlZDEl0ROEBuT4Ax+tSEyhO8FgDR6Mq
+        Ey8h/HyOmCOsxt+0ZOlgmY04eGrSgkzhG41UiBEkezgFdxNCB8NZjTwwQmO2qjM7
+        BsTS9SaEh11HdpIhoeu22aqXuP0r56ZaRC7rfPb+U9SaWaygwMfgXZ7ZDBizHz+n
+        gRSvQ+KnvHG1nZGR+vwuNikBdby8YRBVXaGjF1I7uZh/kcPm2XX9RwHaXSIgGyuK
+        C+YJy95L4WdX2sgm8Mm+mhIKRnGggBbmUmbDT8URkYIu11YEI/FqH/+WmEPv0UC7
+        U1rSVkQVhlHgO6Ohjoe251jw9U1UR0qXsfI/2maPESxJW2FDXOrBCzMK0/Us+y7M
+        rBRLhLkYJmv9GUFQG1M3eOfP6VIMMm6wZ1+2untcI7Eb+HZxhO91ddYlKNbFpZ7P
+        f0P0GuopPE6kzX3gFoivEHxIslumeoVDgMzQ4uj1TYGmOtjuiD48kIrVaeEKUcxN
+        7YzSt3tTZ+a1GKqFcuj+g/rbUYLBT5Ztj89O3AahnCzCymOJ3EkWQ4aJzdAs3KEG
+        RxGs2zzsBKkTp+UXXv4q/GrZ+J/PjqY9285TaQx3MZmdLdIyNoh6UwwFPdyEYsTv
+        xhtJb5NdjY9K56mkeVEkfuGtAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIABjASBgNV
+        HRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTYcWew/0k5ZG8q8OzlhKSPH6v8szAf
+        BgNVHSMEGDAWgBTYcWew/0k5ZG8q8OzlhKSPH6v8szALBgkqhkiG9w0BAQsDggIB
+        AFt3ueVxYhu5vT1IKL/xIuxfl8SXZqaJSg35DqJ6FlEDU+E/mjflrPMsV5Iz5ycd
+        JMO3hN9ipilkfx5m7gTIDcxl0izej2jlI2uncjLT6MsPI1+LsRxyVDR4+MDvM7ce
+        myfpIPNQlGQI/cTkmOT+tTaffwf6PLcvT/HvJivax/y0tIsCIqtTSoM6eoi6D9jN
+        n/VkMsZpaxxIt0nm87ZgcWA6IVPdtO51eLWlJyfz8/V8f/ySARUMdMSVkFiS6OMS
+        nxsrQGPLOOWTYepV6XD4GP9zDYL4aLArGfWprq79KHAtRYtGHixgcxFgbfBnon2y
+        6HG1vDa/sVFrleSwBRsCtVRgYvAShdn50hL4JgSn8OjkkTVB1wz74bqCj001RHfS
+        dxKhfzBPQsqsdGCMZKkRGUpUavM3qW/UAxbYgkjcS04hzmjyC/I1sKpDebQJyX9i
+        66F3zR7eRzwH7Y8s5PTo+dYZJmNxtN7vJKq++8Cg707XUzBT/U2SQV84TOsZO70Q
+        Hl7GKY3NdpVEslyiwMdi6DyhTH+MV3HMkEds16wCRNAVriSXPeg/GYNhQqcdTceU
+        I0YSumzEeQMcFbg0LUYayZ9PlhPgLosMba9BDK/K244OZvmGyRr1ANnnASsQg4cK
+        vsHDEV4jBWxHAw41ArfNLg9vA8ojf/1EU4E2d5GU5fVe
+        -----END CERTIFICATE-----
@@ -689,6 +689,10 @@ properties:
     cc_uploader:
       dropsonde_port: (( config_from_cf.metron_agent.dropsonde_incoming_port ))
       log_level: (( property_overrides.cc_uploader.log_level || nil ))
+      cc:
+        ca_cert: (( property_overrides.cc_uploader.cc.ca_cert ))
+        client_cert: (( property_overrides.cc_uploader.cc.client_cert ))
+        client_key: (( property_overrides.cc_uploader.cc.client_key ))
     nsync:
       diego_privileged_containers: (( property_overrides.nsync.diego_privileged_containers || nil ))
       dropsonde_port: (( config_from_cf.metron_agent.dropsonde_incoming_port ))

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+set -e -x
+
+usage() {
+  >&2 echo "    Usage:
+    $0 DIEGO_CA_NAME DIEGO_CA_CERT_DIRECTORY
+
+    Ex:
+    $0 diegoCA ~/workspace/diego-release/diego-certs/
+"
+  exit 1
+}
+
+ca_name=$1
+ca_cert_directory=$2
+
+if [ -z "${ca_name}" ]; then
+  >&2 echo "Specify a CA"
+  usage
+fi
+
+if [ ! -d "${ca_cert_directory}" ]; then
+  >&2 echo "Specify location of CA cert and key"
+  usage
+fi
+
+# Install certstrap
+go get -v github.com/square/certstrap
+
+# Place keys and certificates here
+output_path="diego-certs/cc-uploader-certs"
+mkdir -p ${output_path}
+
+client_cn='cc_uploader'
+certstrap --depot-path ${ca_cert_directory} request-cert --passphrase '' --common-name $client_cn
+certstrap --depot-path ${ca_cert_directory} sign $client_cn --CA $ca_name
+mv -f "${ca_cert_directory}/${client_cn}.key" "${output_path}/client.key"
+mv -f "${ca_cert_directory}/${client_cn}.csr" "${output_path}/client.csr"
+mv -f "${ca_cert_directory}/${client_cn}.crt" "${output_path}/client.crt"
@@ -5,11 +5,12 @@ set -e -x
 existing_depot="$1"
 
 pushd `dirname "$0"`/..
-  scripts/generate-bbs-certs        cf-diego-ca "$existing_depot"
-  scripts/generate-locket-certs     cf-diego-ca "$existing_depot"
-  scripts/generate-rep-certs        cf-diego-ca "$existing_depot"
-  scripts/generate-auctioneer-certs cf-diego-ca "$existing_depot"
-  scripts/generate-tps-certs        cf-diego-ca "$existing_depot"
+  scripts/generate-bbs-certs         cf-diego-ca "$existing_depot"
+  scripts/generate-locket-certs      cf-diego-ca "$existing_depot"
+  scripts/generate-rep-certs         cf-diego-ca "$existing_depot"
+  scripts/generate-auctioneer-certs  cf-diego-ca "$existing_depot"
+  scripts/generate-tps-certs         cf-diego-ca "$existing_depot"
+  scripts/generate-cc-uploader-certs cf-diego-ca "$existing_depot"
 popd
 
 echo "Outputted certs to diego-certs"