1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
|
#compdef concourse
# ------------------------------------------------------------------------------
# Description
# -----------
#
# Completion script for concourse 5.2.0 (https://concourse-ci.org).
#
# ------------------------------------------------------------------------------
# Authors
# -------
#
# * Julien Nicoulaud <https://github.com/nicoulaj>
#
# ------------------------------------------------------------------------------
(( $+functions[_concourse_server] )) ||
_concourse_server() {
local context state state_descr line ret=1
typeset -A opt_args
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'(- : *)'{-v,--version}'[print the version of Concourse and exit]' \
'(-): :->command' \
'(-)*:: :->arguments' \
&& ret=0
case $state in
(command)
_concourse_commands && ret=0
;;
(arguments)
curcontext=${curcontext%:*:*}:concourse-$words[1]:
if (( $+functions[_concourse_${words[1]}_args] )); then
_concourse_${words[1]}_args && ret=0
else
_message "unknown command ${words[1]}" && ret=1
fi
;;
esac
return ret
}
(( $+functions[_concourse_commands] )) ||
_concourse_commands() {
local commands=(
"generate-key:generate RSA key for use with Concourse components"
"land-worker:safely drain a worker's assignments for temporary downtime"
"migrate:run database migrations"
"quickstart:run both 'web' and 'worker' together, auto-wired"
"retire-worker:safely remove a worker from the cluster permanently"
"web:run the web UI and build scheduler"
"worker:run and register a worker"
)
_describe -t commands commands commands
}
(( $+functions[_concourse_generate-key_args] )) ||
_concourse_generate-key_args() {
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'(-t --type)'{-t,--type=}'[the type of key to generate]:key type:(rsa ssh)' \
'(-f --filename)'{-f,--filename=}'[file path where the key shall be created. When generating ssh keys, the public key will be stored in a file with the same name but with .pub appended]: :_files' \
'(-b --bits)'{-b,--bits=}'[the number of bits in the key to create]:integer'
}
(( $+functions[_concourse_land-worker_args] )) ||
_concourse_land-worker_args() {
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'--name=[the name of the worker you wish to land]:worker name' \
'*--tsa-host=[TSA host to forward the worker through]: :_concourse_host_colon_ports' \
'--tsa-public-key=[file containing a public key to expect from the TSA]: :_files' \
'--tsa-worker-private-key=[file containing a public key to expect from the TSA]: :_files'
}
(( $+functions[_concourse_migrate_args] )) ||
_concourse_migrate_args() {
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'(- : *)--current-db-version[print the current database version and exit]' \
'(- : *)--supported-db-version[print the max supported database version and exit]' \
'(- : *)--migrate-db-to-version=[migrate to the specified database version and exit]:database version' \
'--encryption-key=[a 16 or 32 length key used to encrypt sensitive information before storing it in the database]:encryption key' \
'--postgres-host=[the host to connect to]: :_hosts' \
'--postgres-port=[the port to connect to]: :_concourse_ports' \
'--postgres-socket=[path to a UNIX domain socket to connect to]: :_files' \
'--postgres-user=[the user to sign in as]: :_users' \
'--postgres-password=[the user'\''s password]:password' \
'--postgres-sslmode=[whether or not to use SSL]:SSL mode:((disable require verify-ca verify-full))' \
'--postgres-ca-cert=[CA cert file location, to verify when connecting with SSL]: :_files' \
'--postgres-client-cert=[client cert file location]: :_files' \
'--postgres-client-key=[client key file location]: :_files' \
'--postgres-connect-timeout=[dialing timeout]:duration' \
'--postgres-database=[the name of the database to use]:database name'
}
(( $+functions[_concourse_retire-worker_args] )) ||
_concourse_retire-worker_args() {
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'--name=[the name of the worker you wish to retire]:worker name' \
'*--tsa-host=[TSA host to forward the worker through]: :_concourse_host_colon_ports' \
'--tsa-public-key=[file containing a public key to expect from the TSA]: :_files' \
'--tsa-worker-private-key=[file containing a public key to expect from the TSA]: :_files'
}
(( $+functions[_concourse_web_args] )) ||
_concourse_web_args() {
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'--peer-address=[network address of this web node, reachable by other web nodes]: :_concourse_host_colon_ports' \
'--log-level=[minimum level of logs to see]: :_concourse_log_levels' \
'--bind-ip=[IP address on which to listen for web traffic]: :_concourse_ip_addresses' \
'--bind-port=[port on which to listen for HTTP traffic]: :_concourse_ports' \
'--tls-bind-port=[port on which to listen for HTTPS traffic]: :_concourse_ports' \
'--tls-cert=[file containing an SSL certificate]: :_files' \
'--tls-key=[file containing an RSA private key, used to encrypt HTTPS traffic]: :_files' \
'--external-url=[URL used to reach any ATC from the outside world]: :_urls' \
'--encryption-key=[a 16 or 32 length key used to encrypt sensitive information before storing it in the database]:encryption key' \
'--old-encryption-key=[encryption key previously used for encrypting sensitive information]:encryption key' \
'--debug-bind-ip=[IP address on which to listen for the pprof debugger endpoints]: :_concourse_ip_addresses' \
'--debug-bind-port=[port on which to listen for the pprof debugger endpoints]: :_concourse_ports' \
'--intercept-idle-timeout=[length of time for a intercepted session to be idle before terminating]: :_concourse_durations' \
'--enable-global-resources[enable equivalent resources across pipelines and teams to share a single version history]' \
'--global-resource-check-timeout=[time limit on checking for new versions of resources]: :_concourse_durations' \
'--resource-checking-interval=[interval on which to check for new versions of resources]: :_concourse_durations' \
'--resource-type-checking-interval=[interval on which to check for new versions of resource types]: :_concourse_durations' \
'--container-placement-strategy=[method by which a worker is selected during container placement]:strategy:((volume-locality random fewest-build-containers))' \
'--baggageclaim-response-header-timeout=[how long to wait for Baggageclaim to send the response header]: :_concourse_durations' \
'--cli-artifacts-dir=[directory containing downloadable CLI binaries]: :_files -/' \
'--log-db-queries[log database queries]' \
'--build-tracker-interval=[interval on which to run build tracking]: :_concourse_durations' \
'--default-build-logs-to-retain=[default build logs to retain, 0 means all]:number' \
'--max-build-logs-to-retain=[maximum build logs to retain, 0 means not specified]:number' \
'--default-days-to-retain-build-logs=[default days to retain build logs. 0 means unlimited]:number' \
'--max-days-to-retain-build-logs=[maximum days to retain build logs, 0 means not specified]:number' \
'--default-task-cpu-limit=[default max number of cpu shares per task, 0 means unlimited]:number' \
'--default-task-memory-limit=[default maximum memory per task, 0 means unlimited]:number' \
'--enable-build-auditing[enable auditing for all api requests connected to builds]' \
'--enable-container-auditing[enable auditing for all api requests connected to containers]' \
'--enable-job-auditing[enable auditing for all api requests connected to jobs]' \
'--enable-pipeline-auditing[enable auditing for all api requests connected to pipelines]' \
'--enable-resource-auditing[enable auditing for all api requests connected to resources]' \
'--enable-system-auditing[enable auditing for all api requests connected to system transactions]' \
'--enable-team-auditing[enable auditing for all api requests connected to teams]' \
'--enable-worker-auditing[enable auditing for all api requests connected to workers]' \
'--enable-volume-auditing[enable auditing for all api requests connected to volumes]' \
'--postgres-host=[the host to connect to]: :_hosts' \
'--postgres-port=[the port to connect to]: :_concourse_ports' \
'--postgres-socket=[path to a UNIX domain socket to connect to]: :_files' \
'--postgres-user=[the user to sign in as]: :_users' \
'--postgres-password=[the user'\''s password]:password' \
'--postgres-sslmode=[whether or not to use SSL]:SSL mode:((disable require verify-ca verify-full))' \
'--postgres-ca-cert=[CA cert file location, to verify when connecting with SSL]: :_files' \
'--postgres-client-cert=[client cert file location]: :_files' \
'--postgres-client-key=[client key file location]: :_files' \
'--postgres-connect-timeout=[dialing timeout]: :_concourse_durations' \
'--postgres-database=[the name of the database to use]:database name' \
'--secret-retry-attempts=[the number of attempts secret will be retried to be fetched, in case a retriable error happens]:number' \
'--secret-retry-interval=[the interval between secret retry retrieval attempts]: :_concourse_durations' \
'--secret-cache-enabled[enable in-memory cache for secrets]' \
'--secret-cache-duration=[if the cache is enabled, secret values will be cached for not longer than this duration]: :_concourse_durations' \
'--secret-cache-purge-interval=[if the cache is enabled, expired items will be removed on this internal]: :_concourse_durations' \
'--credhub-url=[CredHub server address used to access secrets]: :_urls' \
'--credhub-path-prefix=[path under which to namespace credential lookup]:path' \
'--credhub-ca-cert=[path to PEM-encoded CA cert files to use to verify the CredHub server SSL cert]: :_files' \
'--credhub-client-cert=[path to the client certificate for mutual TLS authorization]: :_files' \
'--credhub-client-key=[path to the client private key for mutual TLS authorization]: :_files' \
'--credhub-insecure-skip-verify[enable insecure SSL verification]' \
'--credhub-client-id=[client ID for CredHub authorization]:client ID' \
'--credhub-client-secret=[client secret for CredHub authorization]:client secret' \
'--kubernetes-in-cluster[enables the in-cluster client]' \
'--kubernetes-config-path=[path to Kubernetes config when running ATC outside Kubernetes]: :_files' \
'--kubernetes-namespace-prefix=[prefix to use for Kubernetes namespaces under which secrets will be looked up]:prefix' \
'--aws-secretsmanager-access-key=[AWS Access key ID]:access key' \
'--aws-secretsmanager-secret-key=[AWS Secret Access Key]:secret key' \
'--aws-secretsmanager-session-token=[AWS Session Token]:session token' \
'--aws-secretsmanager-region=[AWS region to send requests to]:region' \
'--aws-secretsmanager-pipeline-secret-template=[AWS Secrets Manager secret identifier template used for pipeline specific parameter]:template' \
'--aws-secretsmanager-team-secret-template=[AWS Secrets Manager secret identifier template used for team specific parameter]:template' \
'--aws-ssm-access-key=[AWS Access key ID]:access key' \
'--aws-ssm-secret-key=[AWS Secret Access Key]:secret key' \
'--aws-ssm-session-token=[AWS Session Token]:session token' \
'--aws-ssm-region=[AWS region to send requests to]:region' \
'--aws-ssm-pipeline-secret-template=[AWS SSM parameter name template used for pipeline specific parameter]:template' \
'--aws-ssm-team-secret-template=[AWS SSM parameter name template used for team specific parameter]:template' \
'--vault-url=[vault server address used to access secrets]: :_urls' \
'--vault-path-prefix=[path under which to namespace credential lookup]:prefix' \
'--vault-shared-path=[path under which to lookup shared credentials]:path' \
'--vault-ca-cert=[path to a PEM-encoded CA cert file to use to verify the vault server SSL cert]: :_files' \
'--vault-ca-path=[path to a directory of PEM-encoded CA cert files to verify the vault server SSL cert]: :_files -/' \
'--vault-client-cert=[path to the client certificate for Vault authorization]: :_files' \
'--vault-client-key=[path to the client private key for Vault authorization]: :_files' \
'--vault-server-name=[if set, is used to set the SNI host when connecting via TLS]:server name' \
'--vault-insecure-skip-verify[enable insecure SSL verification]' \
'--vault-client-token=[client token for accessing secrets within the Vault server]:client token' \
'--vault-auth-backend=[auth backend to use for logging in to Vault]:auth backend' \
'--vault-auth-backend-max-ttl=[time after which to force a re-login]: :_concourse_durations' \
'--vault-retry-max=[the maximum time between retries when logging in or re-authing a secret]: :_concourse_durations' \
'--vault-retry-initial=[the initial time between retries when logging in or re-authing a secret]: :_concourse_durations' \
'*--vault-auth-param=[parameter to pass when logging in via the backend]: :_concourse_name_colon_values' \
{-n,--noop}'[don'\''t actually do any automatic scheduling or checking]' \
'--worker-garden-url=[a Garden API endpoint to register as a worker]: :_urls' \
'--worker-baggageclaim-url=[a Baggageclaim API endpoint to register with the worker]: :_urls' \
'*--worker-resource=[a resource type to advertise for the worker]: :_concourse_type_colon_images' \
'--metrics-host-name=[host string to attach to emitted metrics]: :_hosts' \
'*--metrics-attribute=[a key-value attribute to attach to emitted metrics]: :_concourse_name_colon_values' \
'--capture-error-metrics[enable capturing of error log metrics]' \
'--datadog-agent-host=[datadog agent host to expose dogstatsd metrics]: :_hosts' \
'--datadog-agent-port=[datadog agent port to expose dogstatsd metrics]: :_concourse_ports' \
'--datadog-prefix=[prefix for all metrics to easily find them in Datadog]:prefix' \
'--influxdb-url=[influxDB server address to emit points to]: :_urls' \
'--influxdb-database=[influxDB database to write points to]:database name' \
'--influxdb-username=[influxDB server username]: :_users' \
'--influxdb-password=[influxDB server password]:password' \
'--influxdb-insecure-skip-verify[skip SSL verification when emitting to InfluxDB]' \
'--emit-to-logs[emit metrics to logs]' \
'--newrelic-account-id=[new Relic Account ID]:account ID' \
'--newrelic-api-key=[new Relic Insights API Key]:API key' \
'--newrelic-service-prefix=[an optional prefix for emitted New Relic events]:prefix' \
'--prometheus-bind-ip=[IP to listen on to expose Prometheus metrics]: :_concourse_ip_addresses' \
'--prometheus-bind-port=[port to listen on to expose Prometheus metrics]: :_concourse_ports' \
'--riemann-host=[riemann server address to emit metrics to]: :_hosts' \
'--riemann-port=[port of the Riemann server to emit metrics to]: :_concourse_ports' \
'--riemann-service-prefix=[an optional prefix for emitted Riemann services]:prefix' \
'*--riemann-tag=[tag to attach to emitted metrics]:tag' \
'--x-frame-options=[the value to set for X-Frame-Options]:options' \
'--cluster-name=[a name for this Concourse cluster, to be displayed on the dashboard page]:name' \
'--gc-interval=[interval on which to perform garbage collection]: :_concourse_durations' \
'--gc-one-off-grace-period=[period after which one-off build containers will be garbage-collected]: :_concourse_durations' \
'--gc-missing-grace-period=[period after which to reap containers and volumes that were created but went missing from the worker]: :_concourse_durations' \
'--syslog-hostname=[client hostname with which the build logs will be sent to the syslog server]: :_hosts' \
'--syslog-address=[remote syslog server address with port]: :_concourse_host_colon_ports' \
'--syslog-transport=[transport protocol for syslog messages]:protocol:((tcp udp tls))' \
'--syslog-drain-interval=[interval over which checking is done for new build logs to send to syslog server]: :_concourse_durations' \
'--syslog-ca-cert=[paths to PEM-encoded CA cert files to use to verify the Syslog server SSL cert]: :_files' \
'--cookie-secure[force sending secure flag on http cookies]' \
'--auth-duration=[length of time for which tokens are valid]: :_concourse_durations' \
'--session-signing-key=[file containing an RSA private key, used to sign auth tokens]: :_files' \
'*--add-local-user=[list of username:password combinations for all your local users]: :_concourse_username_colon_passwords' \
'*--main-team-local-user=[list of whitelisted local concourse users]: :_users' \
{-c,--main-team-config=}'[configuration file for specifying team params]: :_concourse_config_files' \
'*--main-team-bitbucket-cloud-user=[list of whitelisted Bitbucket Cloud users]: :_users' \
'*--main-team-bitbucket-cloud-team=[list of whitelisted Bitbucket Cloud teams]:team' \
'*--main-team-cf-user=[list of whitelisted CloudFoundry users]: :_users' \
'*--main-team-cf-org=[list of whitelisted CloudFoundry orgs]:org name' \
'*--main-team-cf-space=[list of whitelisted CloudFoundry spaces]:space name' \
'*--main-team-github-user=[list of whitelisted GitHub users]: :_users' \
'*--main-team-github-org=[list of whitelisted GitHub orgs]:org name' \
'*--main-team-github-team=[list of whitelisted GitHub teams]:team name' \
'*--main-team-gitlab-user=[list of whitelisted GitLab users]: :_users' \
'*--main-team-gitlab-group=[list of whitelisted GitLab groups]:group name' \
'*--main-team-ldap-user=[list of whitelisted LDAP users]: :_users' \
'*--main-team-ldap-group=[list of whitelisted LDAP groups]:group name' \
'*--main-team-oauth-user=[list of whitelisted OAuth2 users]: :_users' \
'*--main-team-oauth-group=[list of whitelisted OAuth2 groups]:group name' \
'*--main-team-oidc-user=[list of whitelisted OIDC users]: :_users' \
'*--main-team-oidc-group=[list of whitelisted OIDC groups]:group name' \
'--bitbucket-cloud-client-id=[client id]:client ID' \
'--bitbucket-cloud-client-secret=[client secret]:client secret' \
'--cf-client-id=[client id]:client ID' \
'--cf-client-secret=[client secret]:client secret' \
'--cf-api-url=[the base API URL of your CF deployment]: :_urls' \
'--cf-ca-cert=[CA Certificate]: :_files' \
'--cf-skip-ssl-validation[skip SSL validation]' \
'--github-client-id=[client id]:client ID' \
'--github-client-secret=[client secret]:client secret' \
'--github-host=[hostname of GitHub Enterprise deployment]: :_hosts' \
'--github-ca-cert=[CA certificate of GitHub Enterprise deployment]: :_files' \
'--gitlab-client-id=[client id]:client ID' \
'--gitlab-client-secret=[client secret]:client secret' \
'--gitlab-host=[hostname of Gitlab Enterprise deployment]: :_hosts' \
'--ldap-display-name=[the auth provider name displayed to users on the login page]:display name' \
'--ldap-host=[the host and optional port of the LDAP server]: :_hosts' \
'--ldap-bind-dn=[bind DN for searching LDAP users and groups]:bind DN' \
'--ldap-bind-pw=[bind Password for the user specified by bind-dn]:bind password' \
'--ldap-insecure-no-ssl[required if LDAP host does not use TLS]' \
'--ldap-insecure-skip-verify[skip certificate verification]' \
'--ldap-start-tls[start on insecure port, then negotiate TLS]' \
'--ldap-ca-cert=[CA certificate]: :_files' \
'--ldap-user-search-base-dn= [baseDN to start the search from]:baseDN' \
'--ldap-user-search-filter=[optional filter to apply when searching the directory]:filter' \
'--ldap-user-search-username=[attribute to match against the inputted username]:attribute' \
'--ldap-user-search-scope=[can either be: '\''sub'\'' - search the whole sub tree or '\''one'\'' - only search one level]:scope:((sub one))' \
'--ldap-user-search-id-attr=[a mapping of attributes on the user entry to claims]:attribute mapping' \
'--ldap-user-search-email-attr=[a mapping of attributes on the user entry to claims]:attribute mapping' \
'--ldap-user-search-name-attr=[a mapping of attributes on the user entry to claims]:attribute mapping' \
'--ldap-group-search-base-dn=[baseDN to start the search from]:baseDN' \
'--ldap-group-search-filter=[optional filter to apply when searching the directory]:filter' \
'--ldap-group-search-scope=[can either be: '\''sub'\'' - search the whole sub tree or '\''one'\'' - only search one level]:scope:((sub one))' \
'--ldap-group-search-user-attr=[adds an additional requirement to the filter that an attribute in the group match the user'\''s attribute value]:attribute' \
'--ldap-group-search-group-attr=[adds an additional requirement to the filter that an attribute in the group match the user'\''s attribute value]:attribute' \
'--ldap-group-search-name-attr=[the attribute of the group that represents its name]:attribute' \
'--oauth-display-name=[the auth provider name displayed to users on the login page]:display name' \
'--oauth-client-id=[client id]:client ID' \
'--oauth-client-secret=[client secret]:client secret' \
'--oauth-auth-url=[Authorization URL]: :_urls' \
'--oauth-token-url=[Token URL]: :_urls' \
'--oauth-userinfo-url=[UserInfo URL]: :_urls' \
'*--oauth-scope=[any additional scopes that need to be requested during authorization]:scope' \
'--oauth-groups-key=[the groups key indicates which claim to use to map external groups to Concourse teams]:group key' \
'--oauth-user-id-key=[the user id key indicates which claim to use to map an external user id to a Concourse user id]:id key' \
'--oauth-user-name-key=[the user name key indicates which claim to use to map an external user name to a Concourse user name]:name key' \
'--oauth-ca-cert=[CA Certificate]: :_files' \
'--oauth-skip-ssl-validation[skip SSL validation]' \
'--oidc-display-name=[the auth provider name displayed to users on the login page]:display name' \
'--oidc-issuer=[An OIDC issuer URL that will be used to discover provider configuration]: :_urls' \
'--oidc-client-id=[client id]:client ID' \
'--oidc-client-secret=[client secret]:client secret' \
'*--oidc-scope=[any additional scopes that need to be requested during authorization]:scope' \
'--oidc-groups-key=[the groups key indicates which claim to use to map external groups to Concourse teams]:group key' \
'--oidc-user-name-key=[the user name key indicates which claim to use to map an external user name to a Concourse user name]:user name key' \
'*--oidc-hosted-domains=[list of whitelisted domains when using Google, only users from a listed domain will be allowed to log in]:domain' \
'--oidc-ca-cert=[CA Certificate]: :_files' \
'--oidc-skip-ssl-validation[skip SSL validation]' \
'--tsa-log-level=[minimum level of logs to see]: :_concourse_log_levels' \
'--tsa-bind-ip=[IP address on which to listen for SSH]: :_concourse_ip_addresses' \
'--tsa-peer-address=[network address of this web node, reachable by other web nodes]: :_urls' \
'--tsa-bind-port=[port on which to listen for SSH]: :_concourse_ports' \
'--tsa-debug-bind-ip=[IP address on which to listen for the pprof debugger endpoints]: :_concourse_ip_addresses' \
'--tsa-debug-bind-port=[port on which to listen for the pprof debugger endpoints]: :_concourse_ports' \
'--tsa-host-key=[path to private key to use for the SSH server]: :_files' \
'--tsa-authorized-keys=[path to file containing keys to authorize, in SSH authorized_keys format]: :_files' \
'--tsa-team-authorized-keys=[path to file containing keys to authorize, in SSH authorized_keys format]: :_concourse_name_colon_paths' \
'--tsa-atc-url=[ATC API endpoints to which workers will be registered]: :_urls' \
'--tsa-session-signing-key=[path to private key to use when signing tokens in requests to the ATC during registration]: :_files' \
'--tsa-heartbeat-interval=[interval on which to heartbeat workers to the ATC]: :_concourse_durations' \
}
(( $+functions[_concourse_worker_args] )) ||
_concourse_worker_args() {
_arguments -C \
'(- : *)'{-h,--help}'[display help information]' \
'--name=[the name to set for the worker during registration]:name' \
'*--tag=[a tag to set during registration]:tag' \
'--team=[the name of the team that this worker will be assigned to]:team name' \
'--http-proxy=[HTTP proxy endpoint to use for containers]: :_urls' \
'--https-proxy=[HTTPS proxy endpoint to use for containers]: :_urls' \
'*--no-proxy=[blacklist of addresses to skip the proxy when reaching]: :_urls' \
'--ephemeral[if set, the worker will be immediately removed upon stalling]' \
'--certs-dir=[directory to use when creating the resource certificates volume]: :_files -/' \
'--work-dir=[directory in which to place container data]: :_files -/' \
'--bind-ip=[IP address on which to listen for the Garden server]: :_concourse_ip_addresses' \
'--bind-port=[port on which to listen for the Garden server]: :_concourse_ports' \
'--debug-bind-ip=[IP address on which to listen for the pprof debugger endpoints]: :_concourse_ip_addresses' \
'--debug-bind-port=[port on which to listen for the pprof debugger endpoints]: :_concourse_ports' \
'--healthcheck-bind-ip=[IP address on which to listen for health checking requests]: :_concourse_ip_addresses' \
'--healthcheck-bind-port=[port on which to listen for health checking requests]: :_concourse_ports' \
'--healthcheck-timeout=[HTTP timeout for the full duration of health checking]: :_concourse_durations' \
'--sweep-interval=[interval on which containers and volumes will be garbage collected from the worker]: :_concourse_durations' \
'--volume-sweeper-max-in-flight=[maximum number of volumes which can be swept in parallel]:number' \
'--container-sweeper-max-in-flight=[maximum number of containers which can be swept in parallel]:number' \
'--rebalance-interval=[duration after which the registration should be swapped to another random SSH gateway]: :_concourse_durations' \
'--connection-drain-timeout=[duration after which a worker should give up draining forwarded connections on shutdown]: :_concourse_durations' \
'--external-garden-url=[API endpoint of an externally managed Garden server to use instead of running the embedded Garden server]: :_urls' \
'--resource-types=[path to directory containing resource types the worker should advertise]: :_files -/' \
'--log-level=[minimum level of logs to see]: :_concourse_log_levels' \
'*--tsa-host=[TSA host to forward the worker through]: :_hosts' \
'--tsa-public-key=[file containing a public key to expect from the TSA]: :_files' \
'--tsa-worker-private-key=[file containing the private key to use when authenticating to the TSA]: :_files' \
'--garden-use-houdini[use the insecure Houdini Garden backend]' \
'--garden-bin=[path to gdn executable (or leave as gdn to find it in $PATH)]: :_files' \
'--garden-config=[path to a config file to use for Garden]: :_files' \
'--garden-dns-proxy-enable[enable proxy DNS server]' \
'--baggageclaim-log-level=[minimum level of logs to see]: :_concourse_log_levels' \
'--baggageclaim-bind-ip=[IP address on which to listen for API traffic]: :_concourse_ip_addresses' \
'--baggageclaim-bind-port=[port on which to listen for API traffic]: :_concourse_ports' \
'--baggageclaim-debug-bind-ip=[IP address on which to listen for the pprof debugger endpoints]: :_concourse_ip_addresses' \
'--baggageclaim-debug-bind-port=[port on which to listen for the pprof debugger endpoints]: :_concourse_ports' \
'--baggageclaim-volumes=[directory in which to place volume data]: :_files -/' \
'--baggageclaim-driver=[driver to use for managing volumes]:driver:((detect naive btrfs overlay))' \
'--baggageclaim-btrfs-bin=[path to btrfs binary]: :_files' \
'--baggageclaim-mkfs-bin=[path to mkfs.btrfs binary]: :_files' \
'--baggageclaim-overlays-dir=[path to directory in which to store overlay data]: :_files -/' \
'--baggageclaim-disable-user-namespaces[disable remapping of user/group IDs in unprivileged volumes]'
}
(( $+functions[_concourse_config_files] )) ||
_concourse_config_files() {
_files -g "*.(yml|yaml)"
}
(( $+functions[_concourse_ip_addresses] )) ||
_concourse_ip_addresses() {
_message 'IP address'
}
(( $+functions[_concourse_ports] )) ||
_concourse_ports() {
_message 'port number'
}
(( $+functions[_concourse_host_colon_ports] )) ||
_concourse_host_colon_ports() {
local ret=1
if compset -P '*:'; then
_concourse_ports && ret=0
else
_alternative \
'hosts: :_hosts -qS:' \
'ip-addresses: :_guard "[[:digit:]]*" "IP address"' \
&& ret=0
fi
return ret
}
(( $+functions[_concourse_type_colon_images] )) ||
_concourse_type_colon_images() {
local ret=1
if compset -P '*:'; then
_message 'type' && ret=0
else
_message 'image' && ret=0
fi
return ret
}
(( $+functions[_concourse_name_colon_values] )) ||
_concourse_name_colon_values() {
local ret=1
if compset -P '*:'; then
_message 'name' && ret=0
else
_message 'value' && ret=0
fi
return ret
}
(( $+functions[_concourse_username_colon_passwords] )) ||
_concourse_username_colon_passwords() {
local ret=1
if compset -P '*:'; then
_message 'username' && ret=0
else
_message 'password' && ret=0
fi
return ret
}
(( $+functions[_concourse_name_colon_paths] )) ||
_concourse_name_colon_paths() {
local ret=1
if compset -P '*:'; then
_message 'name' && ret=0
else
_files && ret=0
fi
return ret
}
(( $+functions[_concourse_durations] )) ||
_concourse_durations() {
_message 'duration, eg: "5s", "5m", "5h", "5d"'
}
(( $+functions[_concourse_log_levels] )) ||
_concourse_log_levels() {
local levels=(
'debug:debug traces'
'info:normal log level'
'error:log only errors'
'fatal:log only fatal errors'
)
_describe -t log-levels 'log level' levels
}
case $service in
concourse) _concourse_server "$@" ;;
*) _message "unknown command ${service}" && ret=1 ;;
esac
# Local Variables:
# mode: Shell-Script
# sh-indentation: 2
# indent-tabs-mode: nil
# sh-basic-offset: 2
# End:
# vim: ft=zsh sw=2 ts=2 et
|
