The Luna Security Provider Framework causes an application to be automatically configured to work with a bound Luna Security Service. Note: This framework is disabled by default.
| Detection Criterion | Existence of a single bound Luna Security Provider service. The existence of an Luna Security service defined by the VCAP_SERVICES payload containing a service name, label or tag with luna as a substring.
|
| Tags | luna-security-provider=<version> |
When binding to the Luna Security Provider using a user-provided service, it must have name or tag with luna in it. The credential payload can contain the following entries:
| Name | Description |
|---|---|
host |
The controller host name |
host-certificate |
A PEM encoded host certificate |
client-private-key |
A PEM encoded client private key |
client-certificate |
A PEM encoded client certificate |
To provide more complex values such as the PEM certificates, using the interactive mode when creating a user-provided service will manage the character escaping automatically.
For general information on configuring the buildpack, refer to Configuration and Extension.
The framework can be configured by modifying the config/luna_security_provider.yml file in the buildpack. The framework uses the Repository utility support and so it supports the version syntax defined there.
| Name | Description |
|---|---|
repository_root |
The URL of the Luna Security Provider repository index (details). |
version |
Version of the Luna Security Provider to use. |
The framework can also be configured by overlaying a set of resources on the default distribution. To do this, add files to the resources/luna_security_provider directory in the buildpack fork.