diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/Rubocop.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/Rubocop.xml
new file mode 100644
index 00000000000..1032cf106de
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/Rubocop.xml
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC-Unittests.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC-Unittests.xml
new file mode 100644
index 00000000000..d8a1d30fa2a
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC-Unittests.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC.xml
new file mode 100644
index 00000000000..e5bed903b34
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC.xml
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC_Local_Worker.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC_Local_Worker.xml
new file mode 100644
index 00000000000..02157171f47
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC_Local_Worker.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC_Worker.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC_Worker.xml
new file mode 100644
index 00000000000..7257a36e6b5
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Mariadb__CC_Worker.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC-Unittests.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC-Unittests.xml
new file mode 100644
index 00000000000..4cd0a9f5c3d
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC-Unittests.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC.xml
new file mode 100644
index 00000000000..47cd75f571d
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC.xml
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC_Local_Worker.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC_Local_Worker.xml
new file mode 100644
index 00000000000..c0ea426dff5
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC_Local_Worker.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC_Worker.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC_Worker.xml
new file mode 100644
index 00000000000..dfac50dc661
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_Postgres__CC_Worker.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/intellij/.idea/runConfigurations/_template__of_RSpec.xml b/.devcontainer/configs/intellij/.idea/runConfigurations/_template__of_RSpec.xml
new file mode 100644
index 00000000000..322c2eaa172
--- /dev/null
+++ b/.devcontainer/configs/intellij/.idea/runConfigurations/_template__of_RSpec.xml
@@ -0,0 +1,47 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/.devcontainer/configs/vscode/.vscode/launch.json b/.devcontainer/configs/vscode/.vscode/launch.json
new file mode 100644
index 00000000000..c05ece4fac8
--- /dev/null
+++ b/.devcontainer/configs/vscode/.vscode/launch.json
@@ -0,0 +1,112 @@
+{
+ // Use IntelliSense to learn about possible attributes.
+ // Hover to view descriptions of existing attributes.
+ // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+ "version": "0.2.0",
+ "configurations": [
+ {
+ "name": "[Postgres] CloudController",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/cloud_controller",
+ "script": "-c tmp/cloud_controller.yml",
+ "env": {
+ "DB": "postgres",
+ "DB_CONNECTION_STRING": "postgres://postgres:supersecret@localhost:5432/ccdb"
+ }
+ },
+ {
+ "name": "[Mariadb] CloudController",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/cloud_controller",
+ "script": "-c tmp/cloud_controller.yml",
+ "env": {
+ "DB": "mysql",
+ "DB_CONNECTION_STRING": "mysql2://root:supersecret@localhost:3306/ccdb"
+ }
+ },
+ {
+ "name": "[Mariadb] Unittests",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/rake",
+ "script": "spec:all",
+ "env": {
+ "DB": "mysql",
+ "MYSQL_CONNECTION_PREFIX": "mysql2://root:supersecret@localhost:3306"
+ }
+ },
+ {
+ "name": "[Postgres] Unittests",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/rake",
+ "script": "spec:all",
+ "env": {
+ "DB": "postgres",
+ "POSTGRES_CONNECTION_PREFIX": "postgres://postgres:supersecret@localhost:5432"
+ }
+ },
+ {
+ "name": "[Mariadb] CC Worker",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/rake",
+ "script": "jobs:generic",
+ "env": {
+ "DB": "mysql",
+ "DB_CONNECTION_STRING": "mysql2://root:supersecret@localhost:3306/ccdb"
+ }
+ },
+ {
+ "name": "[Postgres] CC Worker",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/rake",
+ "script": "jobs:generic",
+ "env": {
+ "DB": "postgres",
+ "DB_CONNECTION_STRING": "postgres://postgres:supersecret@localhost:5432/ccdb"
+ }
+ },
+ {
+ "name": "[Mariadb] CC Local Worker",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/rake",
+ "script": "jobs:local",
+ "env": {
+ "DB": "mysql",
+ "DB_CONNECTION_STRING": "mysql2://root:supersecret@localhost:3306/ccdb"
+ }
+ },
+ {
+ "name": "[Postgres] CC Local Worker",
+ "type": "rdbg",
+ "request": "launch",
+ "useBundler": true,
+ "cwd": "${workspaceRoot}",
+ "command": "bin/rake",
+ "script": "jobs:local",
+ "env": {
+ "DB": "postgres",
+ "DB_CONNECTION_STRING": "postgres://postgres:supersecret@localhost:5432/ccdb"
+ }
+ }
+ ]
+}
\ No newline at end of file
diff --git a/.devcontainer/configs/vscode/.vscode/settings.json b/.devcontainer/configs/vscode/.vscode/settings.json
new file mode 100644
index 00000000000..c14a0a2ae87
--- /dev/null
+++ b/.devcontainer/configs/vscode/.vscode/settings.json
@@ -0,0 +1,16 @@
+{
+ "ruby-spec-runner.rspecEnv": {
+ "DB": "postgres",
+ "POSTGRES_CONNECTION_PREFIX": "postgres://postgres:supersecret@localhost:5432",
+ "MYSQL_CONNECTION_PREFIX": "mysql2://root:supersecret@localhost:3306"
+ },
+ "ruby.rubocop.autocorrectOnSave": true,
+ "ruby.rubocop.configFilePath": ".rubocop.yml",
+ "ruby.rubocop.hideDisableSuggestions": true,
+ "ruby.rubocop.useBundler": true,
+ "ruby.rubocop.useServer": true,
+ "ruby.rubocop.onSave": true,
+ "solargraph.useBundler": false,
+ "editor.bracketPairColorization.enabled": true,
+ "editor.guides.bracketPairs": true
+}
\ No newline at end of file
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 00000000000..4fbbe631148
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,54 @@
+// For format details, see https://aka.ms/devcontainer.json. For config options, see the README at:
+{
+ "name": "Cloud Controller Dev Environment",
+ "hostRequirements": {
+ "cpus": 4,
+ "memory": "8gb",
+ "storage": "32gb"
+ },
+ "dockerComposeFile": [
+ "../docker-compose.yml",
+ "docker-compose.override.yml"
+ ],
+ "service": "codespace",
+ "runServices": [
+ "postgres",
+ "mysql",
+ "uaa",
+ "minio",
+ "catsbroker",
+ "nginx"
+ ],
+ "workspaceFolder": "/workspace",
+ "initializeCommand": ".devcontainer/scripts/codespaces_init.sh",
+ "onCreateCommand": ".devcontainer/scripts/codespaces_start.sh",
+ "customizations": {
+ // Configure properties specific to VS Code.
+ "vscode": {
+ // Set *default* container specific settings.json values on container create.
+ "settings": {},
+ // Add the IDs of extensions you want installed when the container is created.
+ "extensions": [
+ "ms-azuretools.vscode-docker",
+ "oderwat.indent-rainbow",
+ "KoichiSasada.vscode-rdbg",
+ "Fooo.ruby-spec-runner",
+ "castwide.solargraph",
+ "eamodio.gitlens",
+ "github.vscode-github-actions"
+ ]
+ }
+ },
+ // Use 'forwardPorts' to make a list of ports inside the container available locally.
+ "forwardPorts": [
+ 80,
+ 1234,
+ 9292,
+ 9393,
+ 9000,
+ 9001,
+ 8080,
+ 3306,
+ 5432
+ ]
+}
\ No newline at end of file
diff --git a/.devcontainer/docker-compose.override.yml b/.devcontainer/docker-compose.override.yml
new file mode 100644
index 00000000000..10b0490cf6b
--- /dev/null
+++ b/.devcontainer/docker-compose.override.yml
@@ -0,0 +1,19 @@
+version: "3.3"
+services:
+
+ # Dev Container
+ codespace:
+ container_name: codespace
+ build:
+ context: ../
+ dockerfile: .devcontainer/images/devcontainer/Dockerfile
+ restart: unless-stopped
+ command: /bin/sh -c "while sleep 1000; do :; done"
+ volumes:
+ - .:/workspace:cached
+ - /var/run/docker.sock:/var/run/docker.sock
+ network_mode: host
+ cap_add:
+ - SYS_PTRACE
+ security_opt:
+ - seccomp:unconfined
diff --git a/.devcontainer/images/catsbroker/Dockerfile b/.devcontainer/images/catsbroker/Dockerfile
new file mode 100644
index 00000000000..702f156818f
--- /dev/null
+++ b/.devcontainer/images/catsbroker/Dockerfile
@@ -0,0 +1,17 @@
+FROM ruby:3.2-alpine
+
+RUN apk --no-cache add git make curl jq build-base \
+ && git clone https://github.com/cloudfoundry/cf-acceptance-tests \
+ --filter=blob:none \
+ --depth=1 \
+ -b $(curl -s https://api.github.com/repos/cloudfoundry/cf-acceptance-tests/releases/latest | jq -r '.tag_name') \
+ --single-branch
+
+WORKDIR /cf-acceptance-tests/assets/service_broker
+RUN git checkout $(curl -s https://api.github.com/repos/cloudfoundry/cf-acceptance-tests/releases/latest | jq -r '.tag_name') \
+ && bundle install
+
+EXPOSE 80
+
+ENTRYPOINT ["bundle"]
+CMD ["exec", "rackup", "--host", "0.0.0.0"]
\ No newline at end of file
diff --git a/.devcontainer/images/devcontainer/Dockerfile b/.devcontainer/images/devcontainer/Dockerfile
new file mode 100644
index 00000000000..a62f108eabc
--- /dev/null
+++ b/.devcontainer/images/devcontainer/Dockerfile
@@ -0,0 +1,7 @@
+FROM mcr.microsoft.com/vscode/devcontainers/ruby
+
+COPY --from=docker:dind /usr/local/bin/docker /usr/local/bin/
+COPY .devcontainer/images/devcontainer/setup.sh /tmp/setup.sh
+COPY .ruby-version /tmp/.ruby-version
+USER vscode
+RUN /tmp/setup.sh && sudo rm /tmp/setup.sh /tmp/.ruby-version
\ No newline at end of file
diff --git a/.devcontainer/images/devcontainer/setup.sh b/.devcontainer/images/devcontainer/setup.sh
new file mode 100755
index 00000000000..8fcb71d9efb
--- /dev/null
+++ b/.devcontainer/images/devcontainer/setup.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+set -Eeuo pipefail
+# shellcheck disable=SC2064
+trap "pkill -P $$" EXIT
+
+setupAptPackages () {
+ # CF CLI is not available for aarch64 :(
+ if [[ $(uname -m) == aarch64 ]]; then
+ PACKAGES="postgresql-client postgresql-client-common mariadb-client ruby-dev"
+ else
+ PACKAGES="cf8-cli postgresql-client postgresql-client-common mariadb-client ruby-dev"
+ fi
+
+ wget -q -O - https://packages.cloudfoundry.org/debian/cli.cloudfoundry.org.key | sudo apt-key add -
+ echo "deb https://packages.cloudfoundry.org/debian stable main" | sudo tee /etc/apt/sources.list.d/cloudfoundry-cli.list
+ sudo apt-get update
+ export DEBIAN_FRONTEND="noninteractive" && echo 'debconf debconf/frontend select Noninteractive' | sudo debconf-set-selections
+ sudo apt-get install -o Dpkg::Options::="--force-overwrite" $PACKAGES -y
+}
+
+setupRuby () {
+ rbenv install $(cat /tmp/.ruby-version)
+ rbenv global $(cat /tmp/.ruby-version)
+}
+
+setupRubyGems () {
+ gem install cf-uaac
+}
+
+setupCredhubCli () {
+ set -x
+ wget "$(curl -s https://api.github.com/repos/cloudfoundry/credhub-cli/releases/latest |
+ jq -r '.assets[] | select(.name|match("credhub-linux.*")) | .browser_download_url')" -O /tmp/credhub.tar.gz
+ cd /tmp
+ sudo tar -xzf /tmp/credhub.tar.gz && sudo rm -f /tmp/credhub.tar.gz && sudo mv /tmp/credhub /usr/bin
+}
+
+setupYqCli () {
+ sudo wget "$(curl -s https://api.github.com/repos/mikefarah/yq/releases/latest |
+ jq -r '.assets[] | select(.name|match("linux_amd64$")) | .browser_download_url')" -O /usr/bin/yq
+ sudo chmod +x /usr/bin/yq
+}
+
+echo """
+export COMPOSE_DOCKER_CLI_BUILD=1
+export DOCKER_BUILDKIT=1
+""" > ~/.bashrc
+
+setupAptPackages
+setupRuby
+setupRubyGems
+setupCredhubCli
+setupYqCli
+
+trap "" EXIT
\ No newline at end of file
diff --git a/.devcontainer/images/nginx/Dockerfile b/.devcontainer/images/nginx/Dockerfile
new file mode 100644
index 00000000000..889a98ca11f
--- /dev/null
+++ b/.devcontainer/images/nginx/Dockerfile
@@ -0,0 +1,22 @@
+FROM alpine
+
+RUN apk --no-cache add build-base pcre-dev openssl-dev gzip curl jq zlib-dev \
+ && NGINX_VERSION=$(curl -s https://nginx.org/en/download.html | grep -o -E -m 1 "nginx-[0-9]+\.[0-9]+\.[0-9]+" | cut -d'-' -f2 | head -n 1) \
+ && UPLOAD_VERSION=$(curl -s https://api.github.com/repos/fdintino/nginx-upload-module/tags | jq -r '.[0].name') \
+ && wget -P /tmp https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar -zxvf /tmp/nginx-${NGINX_VERSION}.tar.gz -C /tmp \
+ && wget -P /tmp https://github.com/fdintino/nginx-upload-module/archive/${UPLOAD_VERSION}.tar.gz && tar -zxvf /tmp/${UPLOAD_VERSION}.tar.gz -C /tmp \
+ && cd /tmp/nginx-${NGINX_VERSION}\
+ && ./configure \
+ --add-module=/tmp/nginx-upload-module-${UPLOAD_VERSION}\
+ --with-http_stub_status_module \
+ && make \
+ && make install\
+ && rm -rf /usr/local/nginx/conf
+
+COPY conf /usr/local/nginx/conf
+
+EXPOSE 80
+
+STOPSIGNAL SIGQUIT
+
+CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]
\ No newline at end of file
diff --git a/.devcontainer/images/nginx/conf/mime.types b/.devcontainer/images/nginx/conf/mime.types
new file mode 100644
index 00000000000..c2302120416
--- /dev/null
+++ b/.devcontainer/images/nginx/conf/mime.types
@@ -0,0 +1,96 @@
+types {
+ text/html html htm shtml;
+ text/css css;
+ text/xml xml;
+ image/gif gif;
+ image/jpeg jpeg jpg;
+ application/javascript js;
+ application/atom+xml atom;
+ application/rss+xml rss;
+
+ text/mathml mml;
+ text/plain txt;
+ text/vnd.sun.j2me.app-descriptor jad;
+ text/vnd.wap.wml wml;
+ text/x-component htc;
+
+ image/png png;
+ image/svg+xml svg svgz;
+ image/tiff tif tiff;
+ image/vnd.wap.wbmp wbmp;
+ image/webp webp;
+ image/x-icon ico;
+ image/x-jng jng;
+ image/x-ms-bmp bmp;
+
+ font/woff woff;
+ font/woff2 woff2;
+
+ application/java-archive jar war ear;
+ application/json json;
+ application/mac-binhex40 hqx;
+ application/msword doc;
+ application/pdf pdf;
+ application/postscript ps eps ai;
+ application/rtf rtf;
+ application/vnd.apple.mpegurl m3u8;
+ application/vnd.google-earth.kml+xml kml;
+ application/vnd.google-earth.kmz kmz;
+ application/vnd.ms-excel xls;
+ application/vnd.ms-fontobject eot;
+ application/vnd.ms-powerpoint ppt;
+ application/vnd.oasis.opendocument.graphics odg;
+ application/vnd.oasis.opendocument.presentation odp;
+ application/vnd.oasis.opendocument.spreadsheet ods;
+ application/vnd.oasis.opendocument.text odt;
+ application/vnd.openxmlformats-officedocument.presentationml.presentation
+ pptx;
+ application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+ xlsx;
+ application/vnd.openxmlformats-officedocument.wordprocessingml.document
+ docx;
+ application/vnd.wap.wmlc wmlc;
+ application/x-7z-compressed 7z;
+ application/x-cocoa cco;
+ application/x-java-archive-diff jardiff;
+ application/x-java-jnlp-file jnlp;
+ application/x-makeself run;
+ application/x-perl pl pm;
+ application/x-pilot prc pdb;
+ application/x-rar-compressed rar;
+ application/x-redhat-package-manager rpm;
+ application/x-sea sea;
+ application/x-shockwave-flash swf;
+ application/x-stuffit sit;
+ application/x-tcl tcl tk;
+ application/x-x509-ca-cert der pem crt;
+ application/x-xpinstall xpi;
+ application/xhtml+xml xhtml;
+ application/xspf+xml xspf;
+ application/zip zip;
+
+ application/octet-stream bin exe dll;
+ application/octet-stream deb;
+ application/octet-stream dmg;
+ application/octet-stream iso img;
+ application/octet-stream msi msp msm;
+
+ audio/midi mid midi kar;
+ audio/mpeg mp3;
+ audio/ogg ogg;
+ audio/x-m4a m4a;
+ audio/x-realaudio ra;
+
+ video/3gpp 3gpp 3gp;
+ video/mp2t ts;
+ video/mp4 mp4;
+ video/mpeg mpeg mpg;
+ video/quicktime mov;
+ video/webm webm;
+ video/x-flv flv;
+ video/x-m4v m4v;
+ video/x-mng mng;
+ video/x-ms-asf asx asf;
+ video/x-ms-wmv wmv;
+ video/x-msvideo avi;
+}
\ No newline at end of file
diff --git a/.devcontainer/images/nginx/conf/nginx.conf b/.devcontainer/images/nginx/conf/nginx.conf
new file mode 100644
index 00000000000..727a6e9cc92
--- /dev/null
+++ b/.devcontainer/images/nginx/conf/nginx.conf
@@ -0,0 +1,47 @@
+worker_processes auto;
+pid /tmp/nginx.pid;
+
+events {
+ worker_connections 768;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ log_format main '$host - [$time_local] "$request" $status $bytes_sent "$http_referer" "$http_user_agent" $proxy_add_x_forwarded_for vcap_request_id:$upstream_http_x_vcap_request_id response_time:$upstream_response_time';
+
+ sendfile on; #enable use of sendfile()
+ sendfile_max_chunk 1M; #make sure not to block on fast clients reading large files
+ tcp_nopush on;
+ tcp_nodelay on; #disable nagel's algorithm
+
+ keepalive_timeout 75 20;
+
+ limit_req_status 429;
+
+ client_max_body_size 15M; #already enforced upstream/but doesn't hurt.
+
+ include mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # Logging Settings
+ ##
+
+ access_log /tmp/nginx-access.log;
+ error_log /tmp/nginx-error.log;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ upstream cloud_controller {
+ server host.docker.internal:3000;
+ }
+
+ include nginx_external_endpoints.conf;
+
+}
\ No newline at end of file
diff --git a/.devcontainer/images/nginx/conf/nginx_external_endpoints.conf b/.devcontainer/images/nginx/conf/nginx_external_endpoints.conf
new file mode 100644
index 00000000000..ee7b058df3b
--- /dev/null
+++ b/.devcontainer/images/nginx/conf/nginx_external_endpoints.conf
@@ -0,0 +1,120 @@
+server {
+ listen 80;
+
+ # Forbid access to internal endpoints
+ location /internal/v4/ {
+ return 403 'Forbidden';
+ }
+
+ # proxy and log all CC traffic
+ location / {
+ access_log /tmp/nginx-access.log main;
+ access_log syslog:server=127.0.0.1,severity=info,tag=vcap_nginx_access main;
+ proxy_buffering off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real_IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_redirect off;
+ proxy_connect_timeout 10;
+ proxy_pass http://cloud_controller;
+ }
+
+
+
+ location ~ /v2/apps/[^/]+/bits {
+ if ($arg_application_path) { return 422; }
+
+ include public_upload.conf;
+
+ upload_pass_args on;
+ upload_pass_form_field "^resources$";
+ }
+
+ location ~ /v2/buildpacks/.*/bits {
+ if ($arg_buildpack_path) { return 422; }
+
+ include public_upload.conf;
+ }
+
+ location ~ /v2/apps/[^/]+/droplet/upload {
+ if ($arg_droplet_path) { return 422; }
+
+ include public_upload.conf;
+ }
+
+ location ~ /v3/packages/.*/upload {
+ if ($arg_bits_path) { return 422; }
+
+ upload_pass_form_field "^resources$";
+ include public_upload.conf;
+ }
+
+ location ~ /v3/buildpacks/.*/upload {
+ if ($arg_bits_path) { return 422; }
+
+ include public_upload.conf;
+ }
+
+ location ~ /v3/droplets/.*/upload {
+ if ($arg_bits_path) { return 422; }
+
+ include public_upload.conf;
+ }
+
+ location ~ /staging/(v3/)?(droplets|buildpack_cache)/.*/upload {
+ # Allow download the droplets and buildpacks
+ if ($request_method = GET){
+ proxy_pass http://cloud_controller;
+ }
+
+ # Allow large uploads
+ client_max_body_size 1536M; #already enforced upstream/but doesn't hurt.
+
+ # Pass along auth header
+ set $auth_header $upstream_http_x_auth;
+ proxy_set_header Authorization $auth_header;
+
+ # Pass altered request body to this location
+ upload_pass @cc_uploads;
+
+ # Store files to this directory
+ upload_store /tmp/staged_droplet_uploads;
+
+ # Allow uploaded files to be read only by user
+ #upload_store_access user:r;
+
+ # Set specified fields in request body
+ upload_set_form_field "droplet_path" $upload_tmp_path;
+
+ #on any error, delete uploaded files.
+ upload_cleanup 400-505;
+ }
+
+ # Pass altered request body to a backend
+ location @cc_uploads {
+ proxy_pass http://cloud_controller;
+ }
+
+ location ~ ^/internal_redirect/(.*){
+ # only allow internal redirects
+ internal;
+
+ set $download_url $1;
+
+ #have to manualy pass along auth header
+ set $auth_header $upstream_http_x_auth;
+ proxy_set_header Authorization $auth_header;
+
+ # Download the file and send it to client
+ proxy_pass $download_url;
+ }
+
+ location /nginx_status {
+ stub_status on;
+
+ access_log /tmp/nginx_status.access.log main;
+
+ allow 127.0.0.1;
+ deny all;
+ }
+}
\ No newline at end of file
diff --git a/.devcontainer/images/nginx/conf/public_upload.conf b/.devcontainer/images/nginx/conf/public_upload.conf
new file mode 100644
index 00000000000..3781a1bfaf2
--- /dev/null
+++ b/.devcontainer/images/nginx/conf/public_upload.conf
@@ -0,0 +1,22 @@
+# Pass altered request body to this location
+upload_pass @cc_uploads;
+
+# Allow large uploads
+client_max_body_size 1536M; #already enforced upstream/but doesn't hurt.
+
+# Store files to this directory
+upload_store /tmp/uploads;
+
+# No limit for output body forwarded to CC
+upload_max_output_body_len 0;
+
+# Set specified fields in request body
+upload_set_form_field "${upload_field_name}_name" $upload_file_name;
+upload_set_form_field "${upload_field_name}_path" $upload_tmp_path;
+upload_set_form_field "upload_start_time" $msec;
+
+#forward the following fields from existing body
+upload_pass_form_field "^_method$";
+
+#on any error, delete uploaded files.
+upload_cleanup 400-505;
\ No newline at end of file
diff --git a/.devcontainer/images/uaa/Dockerfile b/.devcontainer/images/uaa/Dockerfile
new file mode 100644
index 00000000000..c43b5f9c7fa
--- /dev/null
+++ b/.devcontainer/images/uaa/Dockerfile
@@ -0,0 +1,53 @@
+# Build image
+FROM openjdk:11.0-jdk AS builder
+
+WORKDIR /uaa
+
+# Patch admin client, add authority password.write
+COPY PatchAdminOAuthClient.java /PatchAdminOAuthClient.java
+RUN apt-get update && apt-get install jq -y \
+ && git clone -b $(curl -s https://api.github.com/repos/cloudfoundry/uaa/releases/latest | jq -r '.tag_name') https://github.com/cloudfoundry/uaa.git . --recursive --depth=1 --shallow-submodules \
+ && git clone -b $(curl -s https://api.github.com/repos/pivotal/credhub-release/releases/latest | jq -r '.tag_name') https://github.com/pivotal/credhub-release /credhub-release --recursive --depth=1 --shallow-submodules \
+ && javac /PatchAdminOAuthClient.java -d / \
+ && java -cp / PatchAdminOAuthClient uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml \
+ && ./gradlew -Pversion=$(curl -s https://api.github.com/repos/cloudfoundry/uaa/releases/latest | jq -r '.tag_name') clean build -x test
+
+FROM mikefarah/yq:4.9.6 AS yq
+# Newer versions don't work. The following error is shown but the build is not aborted:
+# safelyRenameFile [ERRO] Failed copying from /tmp/temp<...> to /uaa.yml
+# safelyRenameFile [ERRO] open /uaa.yml: permission denied
+# safelyRenameFile [ERRO] Failed copying from /tmp/temp<...> to /credhub-uaa.yml
+# safelyRenameFile [ERRO] open /credhub-uaa.yml: permission denied
+
+COPY --from=builder /uaa/scripts/cargo/uaa.yml /uaa.yml
+COPY --from=builder /credhub-release/src/credhub/config/uaa.yml /credhub-uaa.yml
+
+# Adapt issuer URI
+# Copy to uaa URL
+# Remove jwt node with symmetric key
+# Replace UAA client name in credhub config
+# Concatenate modified cargo and credhub config files
+RUN yq e '.issuer.uri = "http://localhost:8080"' -i /uaa.yml \
+ && yq e '.uaa.url = .issuer.uri' -i /uaa.yml \
+ && yq e 'del(.jwt)' -i /uaa.yml \
+ && yq e '.oauth.clients.director_to_credhub = .oauth.clients.credhub_client' -i /credhub-uaa.yml \
+ && yq e 'del(.oauth.clients.credhub_client)' -i /credhub-uaa.yml \
+ && yq ea 'select(fi == 0) * select(fi == 1)' -i /uaa.yml /credhub-uaa.yml
+
+# Runtime image
+FROM tomcat:9-jdk11
+
+# Copy config file from yq image
+COPY --from=yq /uaa.yml /uaa.yml
+
+# Remove pre-installed apps
+RUN rm -rf /usr/local/tomcat/webapps/*
+
+# Install war from build image
+COPY --from=builder /uaa/uaa/build/libs/cloudfoundry-identity-uaa-*.war /usr/local/tomcat/webapps/ROOT.war
+COPY --from=builder /uaa/k8s/templates/log4j2.properties /log4j2.properties
+
+ENV JAVA_OPTS="-DLOGIN_CONFIG_URL=file:///uaa.yml -Dlogging.config=/log4j2.properties"
+ENV spring_profiles=default
+
+EXPOSE 8080
\ No newline at end of file
diff --git a/.devcontainer/images/uaa/PatchAdminOAuthClient.java b/.devcontainer/images/uaa/PatchAdminOAuthClient.java
new file mode 100644
index 00000000000..70495ec0a89
--- /dev/null
+++ b/.devcontainer/images/uaa/PatchAdminOAuthClient.java
@@ -0,0 +1,39 @@
+import java.io.File;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.InputSource;
+
+public class PatchAdminOAuthClient {
+
+ public static void main(String[] args) throws Exception {
+ if (args.length != 1) {
+ System.err.println("Expecting exactly 1 argument.");
+ System.exit(1);
+ }
+ String xmlFile = args[0];
+
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(xmlFile));
+
+ XPath xpath = XPathFactory.newInstance().newXPath();
+ NodeList nodes = (NodeList)xpath.evaluate("//entry[@key='admin']/map/entry[@key='authorities']", doc, XPathConstants.NODESET);
+ if (nodes.getLength() != 1) {
+ System.err.println("Expecting exactly 1 matching node.");
+ System.exit(1);
+ }
+ Node value = nodes.item(0).getAttributes().getNamedItem("value");
+
+ value.setNodeValue(value.getNodeValue().concat(",password.write"));
+
+ TransformerFactory.newInstance().newTransformer().transform(new DOMSource(doc), new StreamResult(new File(xmlFile)));
+ }
+}
\ No newline at end of file
diff --git a/.devcontainer/scripts/codespaces_init.sh b/.devcontainer/scripts/codespaces_init.sh
new file mode 100755
index 00000000000..c9aa8f38683
--- /dev/null
+++ b/.devcontainer/scripts/codespaces_init.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+set -Eeuxo pipefail
+set -o allexport
+# shellcheck disable=SC2064
+trap "pkill -P $$" EXIT
+
+# Setup volume mounts
+mkdir -p tmp
+
+# Speed up docker builds by prebuilding with buildx
+docker-compose pull || tee tmp/fail &
+docker buildx bake -f docker-compose.yml -f .devcontainer/docker-compose.override.yml || tee tmp/fail &
+
+wait $(jobs -p)
+test -f tmp/fail && rm tmp/fail && exit 1
+
+trap "" EXIT
\ No newline at end of file
diff --git a/.devcontainer/scripts/codespaces_start.sh b/.devcontainer/scripts/codespaces_start.sh
new file mode 100755
index 00000000000..6934883c137
--- /dev/null
+++ b/.devcontainer/scripts/codespaces_start.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+set -Eeuxo pipefail
+# shellcheck disable=SC2064
+trap "pkill -P $$" EXIT
+
+# Setup IDEs
+./.devcontainer/scripts/setupIDEs.sh
+
+# Setup DBs and CC Config File
+./.devcontainer/scripts/setupDevelopmentEnvironment.sh
+
+trap "" EXIT
\ No newline at end of file
diff --git a/.devcontainer/scripts/setupDevelopmentEnvironment.sh b/.devcontainer/scripts/setupDevelopmentEnvironment.sh
new file mode 100755
index 00000000000..b1cce525153
--- /dev/null
+++ b/.devcontainer/scripts/setupDevelopmentEnvironment.sh
@@ -0,0 +1,124 @@
+#!/bin/bash
+set -Eeuo pipefail
+# shellcheck disable=SC2064
+trap "pkill -P $$" EXIT
+
+# Database Information
+POSTGRES_CONNECTION_PREFIX="postgres://postgres:supersecret@localhost:5432"
+MYSQL_CONNECTION_PREFIX="mysql2://root:supersecret@127.0.0.1:3306"
+
+setupPostgres () {
+ export DB="postgres"
+ # Parallel Test DBs
+ export POSTGRES_CONNECTION_PREFIX
+ bundle exec rake db:pick db:parallel:recreate
+ # Sequential Test DBs
+ export PGPASSWORD=supersecret
+ psql -U postgres -h localhost -tc "SELECT 1 FROM pg_database WHERE datname = 'cc_test'" | grep -q 1 || psql -U postgres -h localhost -c "CREATE DATABASE cc_test"
+ # Main DB
+ export DB_CONNECTION_STRING="${POSTGRES_CONNECTION_PREFIX}/ccdb"
+ bundle exec rake db:recreate db:migrate db:seed
+}
+
+setupMariadb () {
+ export DB="mysql"
+ # Parallel Test DBs
+ export MYSQL_CONNECTION_PREFIX
+ bundle exec rake db:pick db:parallel:recreate
+ # Sequential Test DBs
+ mysql -h 127.0.0.1 -u root -psupersecret -e "CREATE DATABASE IF NOT EXISTS cc_test;"
+ # Main DB
+ export DB_CONNECTION_STRING="${MYSQL_CONNECTION_PREFIX}/ccdb"
+ bundle exec rake db:recreate db:migrate db:seed
+}
+
+setupUAA () {
+ # Wait until ready
+ # shellcheck disable=SC2016
+ timeout 300 bash -c 'while [[ "$(curl -s -o /dev/null -w ''%{http_code}'' http://localhost:8080/info)" != "200" ]]; do sleep 5; done' || false
+
+ # Login
+ uaac target http://localhost:8080 --skip-ssl-validation
+ uaac token client get admin -s "adminsecret"
+
+ # Admin User
+ NEW_ADMIN_USERNAME="ccadmin"
+ NEW_ADMIN_PASSWORD="secret"
+ uaac user add ${NEW_ADMIN_USERNAME} -p ${NEW_ADMIN_PASSWORD} --emails fake@example.com
+ uaac member add cloud_controller.admin ${NEW_ADMIN_USERNAME}
+ uaac member add uaa.admin ${NEW_ADMIN_USERNAME}
+ uaac member add scim.read ${NEW_ADMIN_USERNAME}
+ uaac member add scim.write ${NEW_ADMIN_USERNAME}
+
+ # Dasboard User
+ uaac user add cc-service-dashboards -p some-sekret --emails fake2@example.com
+}
+
+# CC config
+mkdir -p tmp
+cp -a config/cloud_controller.yml tmp/cloud_controller.yml
+
+yq -i e '.login.url="http://localhost:8080"' tmp/cloud_controller.yml
+yq -i e '.login.enabled=true' tmp/cloud_controller.yml
+
+yq -i e '.nginx.use_nginx=true' tmp/cloud_controller.yml
+yq -i e '.nginx.instance_socket=""' tmp/cloud_controller.yml
+
+yq -i e '.logging.file="tmp/cloud_controller.log"' tmp/cloud_controller.yml
+yq -i e '.telemetry_log_path="tmp/cloud_controller_telemetry.log"' tmp/cloud_controller.yml
+yq -i e '.directories.tmpdir="tmp"' tmp/cloud_controller.yml
+yq -i e '.directories.diagnostics="tmp"' tmp/cloud_controller.yml
+yq -i e '.security_event_logging.enabled=true' tmp/cloud_controller.yml
+yq -i e '.security_event_logging.file="tmp/cef.log"' tmp/cloud_controller.yml
+
+yq -i e '.uaa.url="http://localhost:8080"' tmp/cloud_controller.yml
+yq -i e '.uaa.internal_url="http://localhost:8080"' tmp/cloud_controller.yml
+yq -i e '.uaa.resource_id="cloud_controller"' tmp/cloud_controller.yml
+yq -i e 'del(.uaa.symmetric_secret)' tmp/cloud_controller.yml
+
+yq -i e '.resource_pool.fog_connection.provider="AWS"' tmp/cloud_controller.yml
+yq -i e '.resource_pool.fog_connection.endpoint="http://localhost:9001"' tmp/cloud_controller.yml
+yq -i e '.resource_pool.fog_connection.aws_access_key_id="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.resource_pool.fog_connection.aws_secret_access_key="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.resource_pool.fog_connection.aws_signature_version=2' tmp/cloud_controller.yml
+yq -i e '.resource_pool.fog_connection.path_style=true' tmp/cloud_controller.yml
+
+yq -i e '.packages.fog_connection.provider="AWS"' tmp/cloud_controller.yml
+yq -i e '.packages.fog_connection.endpoint="http://localhost:9001"' tmp/cloud_controller.yml
+yq -i e '.packages.fog_connection.aws_access_key_id="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.packages.fog_connection.aws_secret_access_key="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.packages.fog_connection.aws_signature_version=2' tmp/cloud_controller.yml
+yq -i e '.packages.fog_connection.path_style=true' tmp/cloud_controller.yml
+
+yq -i e '.droplets.fog_connection.provider="AWS"' tmp/cloud_controller.yml
+yq -i e '.droplets.fog_connection.endpoint="http://localhost:9001"' tmp/cloud_controller.yml
+yq -i e '.droplets.fog_connection.aws_access_key_id="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.droplets.fog_connection.aws_secret_access_key="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.droplets.fog_connection.aws_signature_version=2' tmp/cloud_controller.yml
+yq -i e '.droplets.fog_connection.path_style=true' tmp/cloud_controller.yml
+
+yq -i e '.buildpacks.fog_connection.provider="AWS"' tmp/cloud_controller.yml
+yq -i e '.buildpacks.fog_connection.endpoint="http://localhost:9001"' tmp/cloud_controller.yml
+yq -i e '.buildpacks.fog_connection.aws_access_key_id="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.buildpacks.fog_connection.aws_secret_access_key="minioadmin"' tmp/cloud_controller.yml
+yq -i e '.buildpacks.fog_connection.aws_signature_version=2' tmp/cloud_controller.yml
+yq -i e '.buildpacks.fog_connection.path_style=true' tmp/cloud_controller.yml
+
+yq -i e '.cloud_controller_username_lookup_client_name="login"' tmp/cloud_controller.yml
+yq -i e '.cloud_controller_username_lookup_client_secret="loginsecret"' tmp/cloud_controller.yml
+
+# Install packages
+bundle config set --local with 'debug'
+bundle install
+
+# Setup Containers
+setupPostgres || tee tmp/fail &
+setupMariadb || tee tmp/fail &
+setupUAA || tee tmp/fail &
+
+# Wait for background jobs and exit 1 if any error happened
+# shellcheck disable=SC2046
+wait $(jobs -p)
+test -f tmp/fail && rm tmp/fail && exit 1
+
+trap "" EXIT
\ No newline at end of file
diff --git a/.devcontainer/scripts/setupIDEs.sh b/.devcontainer/scripts/setupIDEs.sh
new file mode 100755
index 00000000000..19b9a2391b8
--- /dev/null
+++ b/.devcontainer/scripts/setupIDEs.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+set -Eeuo pipefail
+# shellcheck disable=SC2064
+trap "pkill -P $$" EXIT
+
+# Setup IDEs
+cp -a -f .devcontainer/configs/vscode/.vscode .
+cp -a -f .devcontainer/configs/intellij/.idea .
+
+trap "" EXIT
\ No newline at end of file
diff --git a/.github/workflows/composite/setup/action.yml b/.github/workflows/composite/setup/action.yml
index 57f8ca581fa..9f9da86c923 100644
--- a/.github/workflows/composite/setup/action.yml
+++ b/.github/workflows/composite/setup/action.yml
@@ -39,11 +39,13 @@ runs:
sudo wget -O /usr/local/bin/bosh https://s3.amazonaws.com/bosh-cli-artifacts/bosh-cli-${{ inputs.BOSH_CLI_VERSION }}-linux-amd64 && sudo chmod +x /usr/local/bin/bosh
shell: bash
working-directory: ${{ inputs.WORKING_DIRECTORY }}
+ - name: Setup Bundler
+ run: |
+ mkdir .bundle
+ echo -e 'BUNDLE_WITHOUT: "development"' > .bundle/config
+ shell: bash
+ working-directory: ${{ inputs.WORKING_DIRECTORY }}
- uses: ruby/setup-ruby@v1
with:
bundler-cache: true
working-directory: ${{ inputs.WORKING_DIRECTORY }}
- - name: Install Ruby dependencies
- run: bundle install
- shell: bash
- working-directory: ${{ inputs.WORKING_DIRECTORY }}
diff --git a/.gitignore b/.gitignore
index 4ad0499548b..280285e1fd8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
*~
.idea
+*.iml
.vscode
.yardoc
.byebug_history
@@ -20,9 +21,11 @@ doc
.DS_Store
log
tmp
+out
tags
test.err
test.out
+!/.devcontainer/**/*
#DOCS
diff --git a/Gemfile b/Gemfile
index a3bc043a199..64a1c5fe457 100644
--- a/Gemfile
+++ b/Gemfile
@@ -102,4 +102,5 @@ group :development do
gem 'spork', git: 'https://github.com/sporkrb/spork', ref: '224df49' # '~> 1.0rc'
gem 'spring'
gem 'spring-commands-rspec'
+ gem 'debug', '~> 1.8'
end
diff --git a/Gemfile.lock b/Gemfile.lock
index e251a5ee43a..1ecfd21b0e9 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -126,6 +126,9 @@ GEM
rexml
crass (1.0.6)
daemons (1.4.1)
+ debug (1.8.0)
+ irb (>= 1.5.0)
+ reline (>= 0.3.1)
declarative (0.0.20)
delayed_job (4.1.9)
activesupport (>= 3.0, < 6.2)
@@ -265,7 +268,10 @@ GEM
httpclient (2.8.3)
i18n (1.14.1)
concurrent-ruby (~> 1.0)
+ io-console (0.6.0)
ipaddress (0.8.3)
+ irb (1.7.4)
+ reline (>= 0.3.6)
jaro_winkler (1.5.4)
json (2.6.3)
json-diff (0.4.1)
@@ -385,6 +391,8 @@ GEM
redis-client (0.15.0)
connection_pool
regexp_parser (2.8.1)
+ reline (0.3.8)
+ io-console (~> 0.5)
representable (3.2.0)
declarative (< 0.1.0)
trailblazer-option (>= 0.1.1, < 0.2.0)
@@ -557,6 +565,7 @@ DEPENDENCIES
clockwork
cloudfront-signer
codeclimate-test-reporter (>= 1.0.8)
+ debug (~> 1.8)
em-http-request (~> 1.1)
eventmachine (~> 1.2.7)
fluent-logger
diff --git a/README.md b/README.md
index 1dac0350b28..12f55c7769c 100644
--- a/README.md
+++ b/README.md
@@ -52,6 +52,42 @@ See [Diego Design Notes](https://github.com/cloudfoundry/diego-design-notes) for
## Contributing
Please read the [contributors' guide](https://github.com/cloudfoundry/cloud_controller_ng/blob/main/CONTRIBUTING.md) and the [Cloud Foundry Code of Conduct](https://cloudfoundry.org/code-of-conduct/)
+### Predefined Development Environment
+
+To commence your work in a fully equipped development environment, you have two main options:
+
+1. **GitHub Codespaces**: GitHub Codespaces provisions a virtual machine with essential core services, such as S3 Blobstore, Database, and NGINX. It also establishes a connection that your IDE can use (VSCode is recommended). To initiate a codespace, click on the green button within the GitHub UI(upper right corner) and select the 'Codespaces' tab.
+
+2. **Local Environment**: This option allows you to establish an environment on your local machine with the same core services as GitHub Codespaces, using Docker.
+
+A script in the project's root directory provides convenient shortcuts to set up an environment locally:
+
+```
+Usage: ./devenv.sh COMMAND
+
+Commands:
+ create - Setting up the development environment(containers)
+ start - Starting the development environment(containers), a existing fully set up set of containers must exist.
+ stop - Stopping but not removing the development environment(containers)
+ destroy - Stopping and removing the development environment(containers)
+ runconfigs - Copies matching run configurations for intellij and vscode into the respective folders
+ help - Print this help text
+```
+
+To run this script, ensure the following are installed on your local system:
+
+- Ruby (Refer to the .ruby-version file for the correct version)
+- [Bundler](https://bundler.io/)
+- [Docker](https://www.docker.com/)
+- [Docker Compose](https://github.com/docker/compose)
+- [PSQL CLI](https://www.postgresql.org/docs/current/app-psql.html)
+- [MYSQL CLI](https://dev.mysql.com/doc/refman/8.0/en/mysql.html)
+- [UAAC](https://github.com/cloudfoundry/cf-uaac)
+- [yq](https://github.com/mikefarah/yq)
+
+Upon executing `./devenv.sh create`, the necessary containers will be set up and the databases will be initialized and migrated.
+
+As an optional step, execute `./devenv.sh runconfigs` to copy predefined settings and run configurations for this project into `.vscode` and `.idea` directories for VSCode and IntelliJ/RubyMine/JetBrains IDEs. These configurations are opinionated and, hence, not provided by default, but they do offer common configurations to debug `rspecs`, `cloud_controller`, `local_worker`, and `generic_worker`.
### Unit Tests
**TLDR:** Always run `bundle exec rake` before committing
diff --git a/devenv.sh b/devenv.sh
new file mode 100755
index 00000000000..07fdfb40eda
--- /dev/null
+++ b/devenv.sh
@@ -0,0 +1,111 @@
+#/bin/bash
+set -eu
+trap "pkill -P $$" EXIT
+
+# Prerequisits
+# PSQL
+# MYSQL
+# RUBY(RBENV)
+# RUBY BUNDLER
+# UAAC (gem install cf-uaac)
+# Docker
+# Docker-Compose
+
+# Help text
+help_command() {
+ echo "Usage: $0 COMMAND"
+ echo ""
+ echo "Commands:"
+ echo " create - Setting up the development environment(containers)"
+ echo " start - Starting the development environment(containers), a existing fully set up set of containers must exist."
+ echo " stop - Stopping but not removing the development environment(containers)"
+ echo " destroy - Stopping and removing the development environment(containers)"
+ echo " runconfigs - Copies matching run configurations for intellij and vscode into the respective folders"
+ echo " help - Print this help text"
+}
+
+
+# Create a clean development environment
+create_command(){
+ docker-compose -p "" down
+ docker buildx bake -f docker-compose.yml &
+ docker-compose -p "" pull &
+ wait $(jobs -p)
+ docker-compose -p "" up -d
+ ./.devcontainer/scripts/setupDevelopmentEnvironment.sh
+}
+
+# Start containers
+start_command(){
+ docker-compose -p "" start
+}
+
+# Stop containers
+stop_command(){
+ docker-compose -p "" stop
+}
+
+# Remove containers
+destroy_command(){
+ docker-compose -p "" down
+}
+
+# Call Setup IDEs Script
+runconfigs_command(){
+ ./.devcontainer/scripts/setupIDEs.sh
+ echo """
+ # In case you want the recommended extentions for VSCode(needed for debug, follow code symbols etc.), execute:
+ code --install-extension ms-azuretools.vscode-docker
+ code --install-extension oderwat.indent-rainbow
+ code --install-extension 2gua.rainbow-brackets
+ code --install-extension KoichiSasada.vscode-rdbg
+ code --install-extension Fooo.ruby-spec-runner
+ code --install-extension castwide.solargraph
+ code --install-extension eamodio.gitlens
+ code --install-extension github.vscode-github-actions
+ """
+}
+
+# Error handler
+handle_error() {
+ echo "Error: Invalid command"
+ help_command
+ exit 1
+}
+
+# Handle no command specified
+if [ $# -eq 0 ]; then
+ handle_error
+fi
+
+# Parse commands
+case "$1" in
+ create)
+ echo "Setting up the development environment(containers)"
+ create_command
+ ;;
+ start)
+ echo "Starting the development environment(containers), a existing fully set up set of containers must exist."
+ start_command
+ ;;
+ stop)
+ echo "Stopping but not removing the development environment(containers)"
+ stop_command
+ ;;
+ destroy)
+ echo "Stopping and removing the development environment(containers)"
+ destroy_command
+ ;;
+ runconfigs)
+ echo "Copying matching run configurations for intellij and vscode into the respective folders"
+ runconfigs_command
+ ;;
+ help)
+ help_command
+ ;;
+ *)
+ handle_error
+ ;;
+esac
+
+trap "" EXIT
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000000..71e0b3a8dcf
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,124 @@
+version: "3.3"
+services:
+
+ # Postgres
+ postgres:
+ container_name: postgres
+ image: postgres:14
+ environment:
+ POSTGRES_PASSWORD: supersecret
+ ports:
+ - "127.0.0.1:5432:5432"
+ networks:
+ - cc-net
+ healthcheck:
+ test: [ "CMD-SHELL", "pg_isready" ]
+ interval: 10s
+ timeout: 5s
+ retries: 5
+ restart: unless-stopped
+
+ # MySQL
+ mysql:
+ container_name: mysql
+ image: mysql:8
+ environment:
+ MYSQL_ROOT_PASSWORD: supersecret
+ ports:
+ - "127.0.0.1:3306:3306"
+ healthcheck:
+ test: [ "CMD", "mysqladmin", "ping", "-h", "localhost" ]
+ interval: 10s
+ timeout: 20s
+ retries: 3
+ networks:
+ - cc-net
+ restart: unless-stopped
+
+ # UAA
+ uaa:
+ container_name: uaa
+ build:
+ context: .devcontainer/images/uaa
+ dockerfile: Dockerfile
+ ports:
+ - "127.0.0.1:8080:8080"
+ healthcheck:
+ test: [ "CMD", "curl", "-f", "http://localhost:8080/info" ]
+ interval: 30s
+ timeout: 20s
+ retries: 3
+ networks:
+ - cc-net
+ restart: unless-stopped
+
+ # Minio S3 Blobstore
+ minio:
+ container_name: minio
+ image: minio/minio:latest
+ command: minio server --address ":9001" "/data"
+ ports:
+ - "127.0.0.1:9001:9001"
+ - "127.0.0.1:9000:9000"
+ healthcheck:
+ test:
+ [
+ "CMD",
+ "curl",
+ "-f",
+ "http://localhost:9001/minio/health/live"
+ ]
+ interval: 30s
+ timeout: 20s
+ retries: 3
+ networks:
+ - cc-net
+ restart: unless-stopped
+
+ # CATS Configurable Service Broker
+ catsbroker:
+ container_name: catsbroker
+ build:
+ context: .devcontainer/images/catsbroker
+ dockerfile: Dockerfile
+ ports:
+ - "127.0.0.1:9292:9292"
+ - "127.0.0.1:9393:80"
+ healthcheck:
+ test:
+ [
+ "CMD",
+ "curl",
+ "-f",
+ "http://localhost:9292/v2/catalog"
+ ]
+ interval: 30s
+ timeout: 20s
+ retries: 3
+ networks:
+ - cc-net
+ restart: unless-stopped
+
+ # Nginx Reverse Proxy (For uploads e.g. Packages)
+ nginx:
+ container_name: nginx
+ build:
+ context: .devcontainer/images/nginx
+ dockerfile: Dockerfile
+ args:
+ ENABLED_MODULES: nginx_upload_module
+ ports:
+ - "127.0.0.1:80:80"
+ networks:
+ - cc-net
+ volumes:
+ - .devcontainer/images/nginx/conf:/usr/local/nginx/conf:ro # TODO BAKE CONFIG INTO CONTAINER IMAGE ?
+ - ./tmp:/tmp
+ cap_add:
+ - NET_BIND_SERVICE
+ extra_hosts:
+ - "host.docker.internal:host-gateway"
+ restart: unless-stopped
+
+networks:
+ cc-net: