anynines
diff --git a/‎acceptance-tests/.gitignore
+1 b/‎acceptance-tests/.gitignore
+1
diff --git a/‎acceptance-tests/Gemfile
+4 b/‎acceptance-tests/Gemfile
+4
diff --git a/‎acceptance-tests/Gemfile.lock
+30 b/‎acceptance-tests/Gemfile.lock
+30
diff --git a/‎acceptance-tests/README.md
+105 b/‎acceptance-tests/README.md
+105
diff --git a/‎acceptance-tests/manifests/reachability.yml
+157 b/‎acceptance-tests/manifests/reachability.yml
+157
@@ -0,0 +1 @@
+./manifests/*.yml
@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gem 'rspec'
+gem 'httparty'
@@ -0,0 +1,30 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.3)
+    httparty (0.15.6)
+      multi_xml (>= 0.5.2)
+    multi_xml (0.6.0)
+    rspec (3.7.0)
+      rspec-core (~> 3.7.0)
+      rspec-expectations (~> 3.7.0)
+      rspec-mocks (~> 3.7.0)
+    rspec-core (3.7.0)
+      rspec-support (~> 3.7.0)
+    rspec-expectations (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-mocks (3.7.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.7.0)
+    rspec-support (3.7.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  httparty
+  rspec
+
+BUNDLED WITH
+   1.15.4
@@ -0,0 +1,105 @@
+# SSL-Gateway integration tests
+
+This testsuite tests the integration of the SSL-Gateway into a CloudFoundry environment.
+
+## Getting Started
+
+### Prerequisites
+
+- bosh CLI v2
+- Ruby
+- CloudFoundry installation
+- a9s ConsulDNS
+- a9s-pg
+
+### Installing
+
+To install the ruby dependencies:
+
+```
+cd integration-tests
+
+bundle install
+```
+
+## Running the tests
+
+Before the testsuite can be run, the appropriate ENV variables must be set
+
+env variables:
+- LOCALHOST_IP *required*  - ip of the localhost that runs the testsuite
+- IAAS_CONFIG *required* 
+- EXTERNAL_SECRETS *required* 
+- OPS_FILE *optional* - if an ops file is required to deploy the SSL-Gateway
+- CF_USERNAME *required* - you need to provide a user for cf
+- CF_PASSWORD *required*
+- CF_ORG *required* - you need to provide a org and space for cf
+- CF_SPACE *required*
+
+the app requires some domains that are registered in you `/etc/hosts` to resolve to
+one of the ssl-gateway nodes.
+
+These domain names need to be set to the following block of env vars.
+- REACHABLE_SSL_BLACKLIST_DOMAIN
+- UNREACHABLE_SSL_BLACKLIST_DOMAIN
+- REACHABLE_BLACKLIST_DOMAIN
+- UNREACHABLE_BLACKLIST_DOMAIN
+- DEFAULT_APP_DOMAIN
+- RANDOM_DOMAIN
+
+E.g. :
+```
+cat <<EOF
+172.27.2.12 checker.ssltest.com
+172.27.2.12 checker.ssltest2.com
+172.27.2.12 checker.ssltest3.com
+172.27.2.12 checker.ssltest4.com
+172.27.2.12 checker.misterX.com
+172.27.2.12 de.a9sapp.eu
+EOF > /etc/hosts
+
+export DEFAULT_APP_DOMAIN=de.a9sapp.eu
+export RANDOM_DOMAIN=checker.misterX.com
+export UNREACHABLE_BLACKLIST_DOMAIN=checker.ssltest3.com
+export REACHABLE_BLACKLIST_DOMAIN=checker.ssltest4.com
+export UNREACHABLE_SSL_BLACKLIST_DOMAIN=checker.ssltest2.com
+export REACHABLE_SSL_BLACKLIST_DOMAIN=checker.ssltest.com
+```
+
+(It doesnt matter which domain is assigned to which env var)
+
+Then you need to make the domains accessable to the CloudFoundry org you specified in
+CF_ORG.
+
+```
+cf login
+
+cf target -o $CF_ORG -s $CF_SPACE
+
+cf create-domain $CF_ORG $DEFAULT_APP_DOMAIN
+cf create-domain $CF_ORG $RANDOM_DOMAIN
+cf create-domain $CF_ORG $UNREACHABLE_BLACKLIST_DOMAIN
+cf create-domain $CF_ORG $REACHABLE_BLACKLIST_DOMAIN
+cf create-domain $CF_ORG $UNREACHABLE_SSL_BLACKLIST_DOMAIN
+cf create-domain $CF_ORG $REACHABLE_SSL_BLACKLIST_DOMAIN
+```
+
+To run the testsuite
+
+```
+cd integration-tests
+
+rspec
+```
+
+## Built With
+
+* [RSpec](http://rspec.info)
+
+## Authors
+
+* **Dennis Groß** - *Initial work* - [gdenn](https://github.com/gdenn)
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details
@@ -0,0 +1,157 @@
+---
+name: ssl-gateway
+
+releases:
+- name: ssl-gateway
+  version: 12+dev.6
+
+- name: rabbitmq36
+  version: 5
+  url: https://s3-eu-west-1.amazonaws.com/anynines-bosh-releases/rabbitmq36-5.tgz
+- name: a9s-consul
+  version: latest
+
+stemcells:
+- os: ubuntu-trusty
+  alias: ubuntu-trusty
+  version: ((iaas.stemcells.ubuntu-trusty.version))
+
+update:
+  canaries: 1
+  canary_watch_time: 1000-180000
+  max_in_flight: 50
+  serial: true
+  update_watch_time: 1000-180000
+
+instance_groups:
+
+- name: rabbitmq
+  azs: [z1, z2, z3]
+  vm_type: small
+  persistent_disk_type: small
+  instances: 1
+  stemcell: ubuntu-trusty
+  networks:
+  - name: dynamic
+  jobs:
+  - name: rabbitmq
+    release: rabbitmq36
+  - name: consul
+    release: a9s-consul
+  properties:
+    consul:
+      service_name: rabbitmq
+
+- name: ssl-gateway
+  azs: [z1, z2, z3]
+  vm_type: small
+  persistent_disk_type: small
+  instances: ((iaas.ssl_gateway.gateway_instances))
+  stemcell: ubuntu-trusty
+  jobs:
+  - name: consul
+    release: a9s-consul
+  - name: nginx
+    release: ssl-gateway
+  - name: virtual_host_service_worker
+    release: ssl-gateway
+  networks:
+  - name: public
+
+  properties:
+    network: public
+
+- name: gateway-api
+  templates:
+  - name: consul
+    release: a9s-consul
+  - name: virtual_host_service_api
+    release: ssl-gateway
+  azs: [z1, z2, z3]
+  vm_type: small
+  persistent_disk_type: small
+  instances: 1
+  stemcell: ubuntu-trusty
+  networks:
+  - name: dynamic
+  properties:
+    consul:
+      service_name: vhost-api
+
+properties:
+  network: dynamic
+
+  vhost_api:
+    postgresql_host: a9s-pg-psql-master-alias.node.dc1.((iaas.consul.domain))
+    postgresql_db: sslgateway
+    postgresql_username: sslgateway
+    postgresql_password: ((/a9s_pg_sslgateway_db_password))
+    customer_panel_secret: ((ssl_gw_customerpanel_secret))
+    port: 3000
+
+  rabbitmq:
+    admin_username: admin
+    admin_password: ((ssl_gw_rabbitmq_password))
+    host: ssl-gateway-rabbitmq-0.node.dc1.((iaas.consul.domain))
+
+  a9s_ssl_gateway:
+    default_apps_domain: ((iaas.cf.system_domain))
+    cf_routers: ((iaas.cf.router_ips))
+    default_apps_domain_cert: ((default_app.certificate))
+    default_apps_domain_ca_cert: ((default_app.ca))
+    default_apps_domain_cert_key: ((default_app.private_key))
+    ssh_routers: ((iaas.cf.router_ips))
+    
+    domain_blacklist:
+    - domain: checker.ssltest.com
+      ca: ((ssltest.ca))
+      certificate: ((ssltest.certificate))
+      private_key: ((ssltest.private_key))
+      allow: 
+      - 172.27.1.5
+    - domain: ssltest2.com
+      ca: ((ssltest2.ca))
+      certificate: ((ssltest2.certificate))
+      private_key: ((ssltest2.private_key))
+    - domain: ssltest3.com
+    - domain: ssltest4.com
+      allow: 
+      - 172.27.1.5
+
+  consul:
+    domain: ((iaas.consul.domain))
+    dc: dc1
+    agent_address: 127.0.0.1:8500
+    server: false
+    encrypt: ((/cdns_encrypt))
+    cluster:
+      join_hosts: ((iaas.consul.consul_ips))
+    ssl_ca: ((/cdns_ssl.ca))
+    ssl_cert: ((/cdns_ssl.certificate))
+    ssl_key: ((/cdns_ssl.private_key))
+
+variables:
+- name: ssl_gw_customerpanel_secret
+  type: password
+- name: ssl_gw_rabbitmq_password
+  type: password
+- name: default_ca
+  type: certificate
+  options:
+    is_ca: true
+    common_name: ssl_gateway_default
+- name: default_app
+  type: certificate
+  options:
+    ca: default_ca
+    common_name: ((iaas.cf.system_domain))
+- name: ssltest
+  type: certificate
+  options:
+    ca: default_ca
+    common_name: ssltest
+- name: ssltest2
+  type: certificate
+  options:
+    ca: default_ca
+    common_name: ssltest2