We have the Conjur tile installed in our NP and PR Cloud Foundry environments. We have tested in the NP environment, but are unable to bind to the service in PR.
# cf login -a api.run-eb..com
API endpoint: api.run-eb..com
Email>
Password>
Authenticating…
OK
Targeted org security-pam
Targeted space cyberark-dap
API endpoint: https://api.run-eb..com (API version: 2.120.0)
User:
Org: security-pam
Space: cyberark-dap
# cf create-service cyberark-conjur community conjur
Creating service instance conjur in org security-pam / space cyberark-dap as …
The service broker returned an invalid response for the request to https://conjur-service-broker.apps-eb..com/v2/service_instances/97cf0bbf-1620-4320-b21f-d33ce0157901?accepts_incomplete=true. Status Code: 500 Internal Server Error, Body: {“status”:500,“error”:“Internal Server Error”}
FAILED
Does anyone have any experience with the PCF integration with Conjur?
It looks like you are having an issue creating a service instance in that org/space. Have you been able to create service instances in other spaces in this foundation? Can you have someone with access to the service broker check that the application is up and running and/or share the service broker application logs?
Please also verify the version of the Conjur tile that you are working with.
The PCF tile is v1.1.0 and DAP is 10.11. I see a more recent version of the tile was released recently.
Also, I am able to bind other services to this space.
[clb10@C02QX3NQFVH5MBP ~]# cf create-service app-autoscaler standard autoscaler
Creating service instance autoscaler in org security-pam / space cyberark-dap as clb10…
OK
I think the more recent release was just to update a dependency in response to a CVE, so that shouldn’t cause the issue you’re seeing. I think the next step is to get more information about the state of the service broker application and its recent logs, and we should open a SalesForce case to discuss this further. Can you please work with your account executive to open a SF ticket about this issue?
As a follow-up for anyone who may find this useful in the future, we tracked it down to an incorrect value for ‘PCF Conjur Policy Branch ID’ in the tile configuration. We had entered pcf-eb, which it should have been pcf\pcf-eb
Thanks Chris! We’re going to work on adding this to the health check for the service broker too to make sure we catch this earlier in the future - please see the github issue to track this change.
