Configure the Node.js agent for Pivotal Cloud Foundry (now VMware Tanzu)

You can access a variety of Pivotal Cloud Foundry (now VMware Tanzu) integrations for your applications using the default Node.js buildpack.

To use the buildpack on its own as a low-level integration, you can create a user-provided service and bind it to your application. With the service broker, you can define multiple service plans and generate service instances you can bind to your applications.

For Pivotal Cloud Foundry (PCF) customers, Contrast offers a Pivotal tile. This tile automates the BOSH deployment and configuration of the Contrast service broker.

Important

The VMware Tanzu Network integration doesn't download the Node.js agent and modify your application startup. You must still download the Node.js agent and instrument your application. This integration does provide a tile that acts as a central location to configure the agent. You can also use automatic configuration through user-provided services.

To instrument an application in a VMware Tanzu Network environment, your application must use one of these buildpacks:

  • For tile support:Cloud Foundry NodeJS Buildpack version 1.6.52 and later

  • For user-provided service support:Cloud Foundry NodeJS Buildpack version 1.6.56 and later

    Note

    If you are using a buildpack that does not include Contrast Security framework support, you can add it. To do this, you must make changes to your forked buildpack.

    If you're using the offline version of the buildpack, you cannot override the version of the agent currently in use by an application. The buildpack bundles the dependencies.

The Contrast Security agent framework downloads the latest Contrast agent and creates a configuration file. The buildpack detect script prints tags to standard output.

Note

The detect script confirms the existence of a single, bound Contrast Service. A Contrast Service exists if the VCAP_SERVICES payload contains a service name, label or tag with contrast-security as a substring.

To bind Contrast with a user-provided service, you must have a name or tag with contrast-security in it. The credential payload must also contain the standard YAML properties.

This example creates a user-provided service and binds it to an application:

cf create-user-provided-service contrast-security-service -p "teamserver_url, username, api_key, service_key"
cf bind-service spring-music contrast-security-service
cf restage spring-music

Note

The teamserver_url should be only protocol and hostname. Do not include /Contrast/ or /Contrast/api.