Add support for unique master and follower certificates

[izgeri]

Is your feature request related to a problem? Please describe.

Migrated from pivotal-cf/docs-cyberark-conjur-service-broker#21 as reported by @whip113

Currently, the tile config only has one field for importing the SSL certificate. The recommendations for certificates is to use one certificate for the master VIP and a different certificate for the follower VIP. The tile config allows us to configure both the master URL and the follower URL, but when using different certs for each the lack of a field to store the follower certificate means you can't actually use the follower URL.

The configuration for the tile relates to this service broker. At current, the service broker supports specifying the DAP master URL and a (read-only) follower URL - but it only allows specifying one certificate, when (as noted above):

The recommendations for certificates is to use one certificate for the master VIP and a different certificate for the follower VIP.

Describe the solution you would like

At current the service broker supports supplying the following relevant configuration environment variables:

• CONJUR_SSL_CERTIFICATE
• CONJUR_APPLIANCE_URL
• CONJUR_FOLLOWER_URL

We could add another parameter

• CONJUR_FOLLOWER_SSL_CERTIFICATE

And if set, we could use this alternate certificate when we instantiate the read-only API:

conjur-service-broker/lib/conjur_client.rb

Line 17 in c5ee095

ConjurClient.new.api(ConjurClient.application_conjur_url)

Additional context

Once this change is made, we will also need to update the VMWare Tanzu tile definition to accept this parameter and properly configure the service broker with the CONJUR_FOLLOWER_SSL_CERTIFICATE env var.

[tarnowsc]

fixed in the new version