v2.1.0

Maintenance release

• Update to Go modules
• Rebuild with current toolchain
• Fixes segmentation fault issue (#19)

Service Key Edition

This version switches to using service keys as the credential source to make the plugin work with "secure service credentials":

With the introduction of CredHub, service brokers can decide to put just a CredHub reference into the credentials object that apps receive via the VCAP_SERVICES environment variable:

{
  "credentials": {
    "credhub-ref": "((/c/my-service-broker/my-service/faa677f5-25cd-4f1e-8921-14a9d5ab48b8/credentials))"
  }
}

Apps can then get actual credentials by calling a CredHub endpoint. The plugin, however, might neither have network nor UAA access to CredHub. So instead it's going to use service keys.

A disadvantage of service keys is that they need to be removed before their service instance can be removed. The plugin does not currently remove keys automatically.

Removing service keys

The plugin creates a service key called 'cf-mysql' for each service instance a user connects to. The keys are reused when available and never deleted. Keys can be removed manually as follows:

$ cf delete-service -f somedb
Deleting service somedb in org afleig-org / space acceptance as afleig@pivotal.io...
FAILED
Cannot delete service instance. Service keys, bindings, and shares must first be deleted.

Deleting the service failed. The CLI hints at service keys and app bindings that might still exist.

$ cf service-keys somedb
Getting keys for service instance somedb as afleig@pivotal.io...

name
cf-mysql

A key called 'cf-mysql' is found for the service instance 'somedb', because we have used the plugin with 'somedb' earlier. After removing the key, the service instance can be deleted:

$ cf delete-service-key -f somedb cf-mysql
Deleting key cf-mysql for service instance somedb as afleig@pivotal.io...
OK

$ cf delete-service -f somedb
Deleting service somedb in org afleig-org / space acceptance as afleig@pivotal.io...
OK

Design decisions

Deleting keys automatically would come with some more complexity:

• It's possible to have multiple sessions connected to the same service. When deleting a key after closing one of the sessions, the other sessions should not be affected. Therefore each session should have its own key.
• Deleting after closing the session will not always work reliably, e.g. if the session was closed by a network issue. If each session also uses a unique key, spaces might fill up quickly with old keys.

v1.4.0

Travis: update Go to 1.8

v1.3.6

Create CF CLI plugin repository YAML in build_all.sh

v1.3.5: Follow next_url links in paginated API responses

Fixes #2
Fixes #3

[#135595571]

Signed-off-by: Andreas Fleig <afleig@pivotal.io>

v1.3.4: Bump version to 1.3.4

Shows services from current space only

v1.3.3

Fix JSON deserialization when 'port' property is missing

v1.3.2: JSON: allow port to be provided as int or string

Signed-off-by: Andreas Fleig <afleig@pivotal.io>

v1.3.1: Bump version to 1.3.1 - parallel API calls

[finishes #134578059]

v1.3.0: Add mysqldump support

[#130224029]