---
name: loggr-syslog-binding-cache

templates:
  bpm.yml.erb: config/bpm.yml
  api_ca.crt.erb: config/certs/api_ca.crt
  api_client.crt.erb: config/certs/api_client.crt
  api_client.key.erb: config/certs/api_client.key
  loggregator_ca.crt.erb: config/certs/loggregator_ca.crt
  binding_cache.crt.erb: config/certs/binding_cache.crt
  binding_cache.key.erb: config/certs/binding_cache.key
  metrics_ca.crt.erb: config/certs/metrics_ca.crt
  metrics.crt.erb: config/certs/metrics.crt
  metrics.key.erb: config/certs/metrics.key
  prom_scraper_config.yml.erb: config/prom_scraper_config.yml

packages:
- binding-cache

consumes:
- name: cloud_controller
  type: cloud_controller

provides:
- name: binding_cache
  type: binding_cache
  properties:
    - external_port

properties:
  enabled:
    description: "Syslog binding cache is enabled on VM"
    default: true

  external_port:
    description: |
      The port where the cache serves bindings
  tls.ca_cert:
    description: |
      TLS loggregator root CA certificate. It is required for key/cert
      verification.
  tls.cert:
    description: "TLS certificate for binding-cache signed by the loggregator CA"
  tls.key:
    description: "TLS private key for binfing-cache signed by the loggregator CA"
  tls.cn:
    description: "The common name the cache will use to validate certs"
  tls.cipher_suites:
    description: |
      An ordered list of supported SSL cipher suites. Allowed cipher suites are
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.
    default: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"

  api.tls.ca_cert:
    description: |
      When the syslog communicates with the Cloud Controller it must
      validate the Cloud Controller's certificate was signed by a trusted CA.
      This is the CA trusted by the syslog for that communication.
  api.tls.cert:
    description: |
      This certificate is sent to the Cloud Controller when initiating a
      connection. It must be signed by a CA that is trusted by the Cloud
      Controller.
  api.tls.key:
    description: |
      This is the private key for the certificate sent to the Cloud Controller
      when initiating a connection.
  api.tls.cn:
    description: |
      When the syslog communicates with the Cloud Controller it must
      validate the Cloud Controller's common name (CN) or subject alternative
      names (SANs) against the hostname or IP address used to initiate the
      connection. Most of the time this should be the hostname defined in
      api.url.
  api.polling_interval:
    description: |
      The interval at which the syslog will poll the Cloud Controller for
      bindings.
    default: 1m
  api.batch_size:
    description: |
      The batch size the syslog will request the Cloud Controller for
      bindings.
    default: 1000

  metrics.port:
    description: "Port the agent uses to serve metrics and debug information"
    default: 14828
  metrics.ca_cert:
    description: "TLS CA cert to verify requests to metrics endpoint."
  metrics.cert:
    description: "TLS certificate for metrics server signed by the metrics CA"
  metrics.key:
    description: "TLS private key for metrics server signed by the metrics CA"
  metrics.server_name:
    description: "The server name used in the scrape configuration for the metrics endpoint"
