Date   

Re: CF CLI v6.25.0 Released Today

Michael Maximilien
 

+1 for tab completion. Yeah!!

On Mon, Feb 27, 2017 at 7:50 PM Amit Gupta <agupta(a)pivotal.io> wrote:

Tab completion! Nice!

On Mon, Feb 27, 2017 at 7:47 PM Koper, Dies <diesk(a)fast.au.fujitsu.com>
wrote:

The CF CLI team just cut 6.24.0.

Deb, yum and Homebrew repos have been updated; binaries, installers and
link to release notes are available at:



https://github.com/cloudfoundry/cli#downloads
Tab completion

The cf CLI now supports tab completion on systems where that is enabled.

Completion is provided of cf native subcommands and option names as well
as arguments & option values that are available locally to the CLI, i.e.
filepaths and e.g. true/false and process/port/http enumerations.
Examples

$ cf <tab><tab>

Display all 156 possibilities? (y or n)



$ cf i<tab>

->

$ cf install-plugin



$ cf set-org-role user myorg o<tab>m<tab>

->

$ cf set-org-role user myorg OrgManager



The Debian, RPM and Homebrew installers of the cf CLI bundle a bash tab
completion file
<https://github.com/cloudfoundry/cli/blob/master/ci/installers/completion/cf>
that is copied to the operating system's standard location (e.g.
/usr/share/bash-completion/completions/ or /etc/bash_completion.d/),
where it should be picked up automatically on Bash completion enabled
environments the next time you open a Bash shell. Refer to your shell &
operating system's documentation for details.
For downloaders of the binary releases or the Mac OS X package, download
the above file and ensure it is executed when you open a shell (e.g. by
sourcing it from your shell profile (~/.bash_profile)).

Zsh users may try loading this file from ~/.zshrc as suggested here
<http://stackoverflow.com/a/27853970/1227328>.

Windows users may try this completion file
<https://github.com/dkoper/clink-completions/blob/87086ba8322c24fb8498d7a9a39ff9183e975f05/cf.lua>
with clink <https://github.com/mridgers/clink>.
CLI binary 30% smaller

The file size of the cf CLI binaries has been reduced by about 30%.

Previously, the binaries included additional data useful in debugging and
profiling the CLI. The CLI team never used these tools, so it made sense to
remove them.

This change should not affect the execution of the actual program. They
only affect whether you can debug or analyze the binary with other tools,
which you still can if you rebuild the binary to include this data.
Plugin Framework Changes

- The GetApp route summary API now includes fields to retrieve a
route's path or port. (#1066
<https://github.com/cloudfoundry/cli/issues/1066>)

Updated commands

- run-task now accepts parameters to configure the memory and disk
space limits for a task.
- push options -f and -p and other commands accepting a path to a file
or folder now display a friendlier parsing error when the filepath is not
found. (#1030 <https://github.com/cloudfoundry/cli/issues/1030>)
- help now displays the alias of plugin commands, and accepts them to
display its command help text. (#1048
<https://github.com/cloudfoundry/cli/issues/1048>)
- login now accepts the SSO passcode on the command line. (#1052
<https://github.com/cloudfoundry/cli/pull/1052>)
- ssh now accept base64 encoded SHA256 SSH fingerprints exposed by
/v2/info. (#1072 <https://github.com/cloudfoundry/cli/pull/1072>)



Enjoy!



Regards,

Dies Koper
Cloud Foundry Product Manager - CLI





--
dr.max Sent from my iPhone http://maximilien.org


Re: CF CLI v6.25.0 Released Today

Amit Kumar Gupta
 

Tab completion! Nice!

On Mon, Feb 27, 2017 at 7:47 PM Koper, Dies <diesk(a)fast.au.fujitsu.com>
wrote:

The CF CLI team just cut 6.24.0.

Deb, yum and Homebrew repos have been updated; binaries, installers and
link to release notes are available at:



https://github.com/cloudfoundry/cli#downloads
Tab completion

The cf CLI now supports tab completion on systems where that is enabled.

Completion is provided of cf native subcommands and option names as well
as arguments & option values that are available locally to the CLI, i.e.
filepaths and e.g. true/false and process/port/http enumerations.
Examples

$ cf <tab><tab>

Display all 156 possibilities? (y or n)



$ cf i<tab>

->

$ cf install-plugin



$ cf set-org-role user myorg o<tab>m<tab>

->

$ cf set-org-role user myorg OrgManager



The Debian, RPM and Homebrew installers of the cf CLI bundle a bash tab
completion file
<https://github.com/cloudfoundry/cli/blob/master/ci/installers/completion/cf>
that is copied to the operating system's standard location (e.g.
/usr/share/bash-completion/completions/ or /etc/bash_completion.d/),
where it should be picked up automatically on Bash completion enabled
environments the next time you open a Bash shell. Refer to your shell &
operating system's documentation for details.
For downloaders of the binary releases or the Mac OS X package, download
the above file and ensure it is executed when you open a shell (e.g. by
sourcing it from your shell profile (~/.bash_profile)).

Zsh users may try loading this file from ~/.zshrc as suggested here
<http://stackoverflow.com/a/27853970/1227328>.

Windows users may try this completion file
<https://github.com/dkoper/clink-completions/blob/87086ba8322c24fb8498d7a9a39ff9183e975f05/cf.lua>
with clink <https://github.com/mridgers/clink>.
CLI binary 30% smaller

The file size of the cf CLI binaries has been reduced by about 30%.

Previously, the binaries included additional data useful in debugging and
profiling the CLI. The CLI team never used these tools, so it made sense to
remove them.

This change should not affect the execution of the actual program. They
only affect whether you can debug or analyze the binary with other tools,
which you still can if you rebuild the binary to include this data.
Plugin Framework Changes

- The GetApp route summary API now includes fields to retrieve a
route's path or port. (#1066
<https://github.com/cloudfoundry/cli/issues/1066>)

Updated commands

- run-task now accepts parameters to configure the memory and disk
space limits for a task.
- push options -f and -p and other commands accepting a path to a file
or folder now display a friendlier parsing error when the filepath is not
found. (#1030 <https://github.com/cloudfoundry/cli/issues/1030>)
- help now displays the alias of plugin commands, and accepts them to
display its command help text. (#1048
<https://github.com/cloudfoundry/cli/issues/1048>)
- login now accepts the SSO passcode on the command line. (#1052
<https://github.com/cloudfoundry/cli/pull/1052>)
- ssh now accept base64 encoded SHA256 SSH fingerprints exposed by
/v2/info. (#1072 <https://github.com/cloudfoundry/cli/pull/1072>)



Enjoy!



Regards,

Dies Koper
Cloud Foundry Product Manager - CLI





CF CLI v6.25.0 Released Today

Koper, Dies <diesk@...>
 

The CF CLI team just cut 6.24.0.
Deb, yum and Homebrew repos have been updated; binaries, installers and link to release notes are available at:

https://github.com/cloudfoundry/cli#downloads
Tab completion

The cf CLI now supports tab completion on systems where that is enabled.

Completion is provided of cf native subcommands and option names as well as arguments & option values that are available locally to the CLI, i.e. filepaths and e.g. true/false and process/port/http enumerations.

Examples

$ cf <tab><tab>

Display all 156 possibilities? (y or n)



$ cf i<tab>

->

$ cf install-plugin



$ cf set-org-role user myorg o<tab>m<tab>

->

$ cf set-org-role user myorg OrgManager



The Debian, RPM and Homebrew installers of the cf CLI bundle a bash tab completion file<https://github.com/cloudfoundry/cli/blob/master/ci/installers/completion/cf> that is copied to the operating system's standard location (e.g. /usr/share/bash-completion/completions/ or /etc/bash_completion.d/), where it should be picked up automatically on Bash completion enabled environments the next time you open a Bash shell. Refer to your shell & operating system's documentation for details.
For downloaders of the binary releases or the Mac OS X package, download the above file and ensure it is executed when you open a shell (e.g. by sourcing it from your shell profile (~/.bash_profile)).

Zsh users may try loading this file from ~/.zshrc as suggested here<http://stackoverflow.com/a/27853970/1227328>.

Windows users may try this completion file<https://github.com/dkoper/clink-completions/blob/87086ba8322c24fb8498d7a9a39ff9183e975f05/cf.lua> with clink<https://github.com/mridgers/clink>.

CLI binary 30% smaller

The file size of the cf CLI binaries has been reduced by about 30%.

Previously, the binaries included additional data useful in debugging and profiling the CLI. The CLI team never used these tools, so it made sense to remove them.

This change should not affect the execution of the actual program. They only affect whether you can debug or analyze the binary with other tools, which you still can if you rebuild the binary to include this data.

Plugin Framework Changes

* The GetApp route summary API now includes fields to retrieve a route's path or port. (#1066<https://github.com/cloudfoundry/cli/issues/1066>)

Updated commands

* run-task now accepts parameters to configure the memory and disk space limits for a task.
* push options -f and -p and other commands accepting a path to a file or folder now display a friendlier parsing error when the filepath is not found. (#1030<https://github.com/cloudfoundry/cli/issues/1030>)
* help now displays the alias of plugin commands, and accepts them to display its command help text. (#1048<https://github.com/cloudfoundry/cli/issues/1048>)
* login now accepts the SSO passcode on the command line. (#1052<https://github.com/cloudfoundry/cli/pull/1052>)
* ssh now accept base64 encoded SHA256 SSH fingerprints exposed by /v2/info. (#1072<https://github.com/cloudfoundry/cli/pull/1072>)

Enjoy!

Regards,
Dies Koper
Cloud Foundry Product Manager - CLI


Re: External login server and SAML IdPs

jshingler
 

Dan, I want to do the same, ... I am not finding much info on creating and
external login server, ....

What did you end up doing?

Any Chance I can get a copy of you external login server code?

Jim



--
View this message in context: http://cf-dev.70369.x6.nabble.com/cf-dev-External-login-server-and-SAML-IdPs-tp5321p6515.html
Sent from the CF Dev mailing list archive at Nabble.com.


Help for loggregator issue

Leo Tang <ltang@...>
 

Dear,

I got a problem when trying to deploy an app.
The error is dialing loggregator server: x509.
My question is how to change the loggregator endpoint from wss://
loggregator.10.244.0.34.xip.io:443 to the right one

I am using cf -170 which is very old in micro mode.

Thanks so much.


Re: Routing release and upper case web contexts

Shannon Coen
 

Hello Iain,

If you upload the 0.145.0 final release of routing-release to your director, and update your cf-release manifest to point the template for the router job at the routing release instead of using cf, you can pull in the source for the latest gorouter.

In cf-release manifest you'd add these lines:

releases:
- name: routing
version: 0.145.0

And change these lines from:

jobs:
- name: router_z1
templates:
- name: gorouter
release: cf

to

release: routing

Or something like that. Then redeploy cf-release.

Best,
Shannon

On Feb 24, 2017, at 2:23 AM, Iain Jackson <iain.jackson(a)sas.com> wrote:

Hi,

I am currently deploying a web application application into CF which has upper case characters in the web context. This means it is affected by the issue where the path in the VCAP_ID cookie was lowercased. This issue has been resolved in routing release 0.145.

The latest CF v252 includes routing release 0.144. Is it possible to patch in the 0.145 routing release during deployment (or even upgrade it) or would it be recommended to wait till v253 or later which includes the release?

Thanks,

Iain Jackson


Routing release and upper case web contexts

Iain Jackson
 

Hi,

I am currently deploying a web application application into CF which has upper case characters in the web context. This means it is affected by the issue where the path in the VCAP_ID cookie was lowercased. This issue has been resolved in routing release 0.145.

The latest CF v252 includes routing release 0.144. Is it possible to patch in the 0.145 routing release during deployment (or even upgrade it) or would it be recommended to wait till v253 or later which includes the release?

Thanks,

Iain Jackson


Re: 3363.x warden stemcell ssh problem

Dmitriy Kalinin <dkalinin@...>
 

3363.9 warden stemcell fixes the problem.

On Fri, Feb 17, 2017 at 4:49 PM, Dmitriy Kalinin <dkalinin(a)pivotal.io>
wrote:

hey all,

3363 and 3363.1 warden stemcells that were published recently have an
agent that did not account for newer stemcell security settings (locks down
ssh access only to bosh_sshers group users). upcoming 3363.5 stemcell will
resolve this problem.

sorry for inconvenience,
dmitriy


Re: A proposal to offer mongodb 3.2.6 bosh release to cloudfoundry

Lin, Lynn <Lynn.X.Lin@...>
 

Max,
Cloudfoundry-community is also good ☺

From: Michael Maximilien [mailto:maxim(a)us.ibm.com]
Sent: Friday, February 24, 2017 4:40 AM
To: Lin, Lynn <lynn.lin(a)emc.com>
Cc: cf-dev(a)lists.cloudfoundry.org; Huang, Peter <Peter.Y.Huang(a)emc.com>; Coen, Shannon (Pivotal) <scoen(a)pivotal.io>
Subject: Re: A proposal to offer mongodb 3.2.6 bosh release to cloudfoundry

Alternatively the simplest thing to do is to add to CloudFoundry-community? That requires no process and easy for you to move with changes etc.
dr.max

ibm cloud labs
sillicon valley, ca
usa
maximilien.org<http://maximilien.org>


Sent from my iPhone

On Feb 23, 2017, at 12:31 PM, Michael Maximilien <maxim(a)us.ibm.com<mailto:maxim(a)us.ibm.com>> wrote:
Hi,

Consider drafting a proposal to CF-extension. Please follow process [1] and use template [2].

Let me know if you have any questions. Best,

dr.max

ibm cloud labs
sillicon valley, ca
usa
maximilien.org<http://maximilien.org>


[1] https://docs.google.com/document/d/1KaYuqNbPrr23d3OsAhi0NTwBNy-LRZK-FbN3LfBgqjw
[2] https://docs.google.com/document/d/1cpyBmds7WYNLKO1qkjhCdS8bNSJjWH5MqTE-h1UCQkQ


Sent from my iPhone

On Feb 22, 2017, at 11:49 PM, Lin, Lynn <Lynn.X.Lin(a)dell.com<mailto:Lynn.X.Lin(a)dell.com>> wrote:
Hi CF community
We (Peter,Huang and Lynn Lin) from DELL company would like to offer an MongoDB 3.2.6 BOSH release to cloudfoundry community . It is

- BOSH deployed

- single multi-tenant backend cluster

- service instances represent logical databases on the shared server
This service is running in our production since middle of last year and We will actively maintain this service and develop features, answer question etc.…

Current code is in our personal repository https://github.com/linlynn/mongodb-bosh-release .

Welcome any comment and advise next step


Thanks
Lynn Lin


Re: A proposal to offer mongodb 3.2.6 bosh release to cloudfoundry

Michael Maximilien
 

Alternatively the simplest thing to do is to add to CloudFoundry-community? That requires no process and easy for you to move with changes etc.

dr.max

ibm cloud labs
sillicon valley, ca
usa
maximilien.org

Sent from my iPhone

On Feb 23, 2017, at 12:31 PM, Michael Maximilien <maxim(a)us.ibm.com> wrote:

Hi,

Consider drafting a proposal to CF-extension. Please follow process [1] and use template [2].

Let me know if you have any questions. Best,

dr.max

ibm cloud labs
sillicon valley, ca
usa
maximilien.org

[1] https://docs.google.com/document/d/1KaYuqNbPrr23d3OsAhi0NTwBNy-LRZK-FbN3LfBgqjw
[2] https://docs.google.com/document/d/1cpyBmds7WYNLKO1qkjhCdS8bNSJjWH5MqTE-h1UCQkQ

Sent from my iPhone

On Feb 22, 2017, at 11:49 PM, Lin, Lynn <Lynn.X.Lin(a)dell.com> wrote:

Hi CF community
We (Peter,Huang and Lynn Lin) from DELL company would like to offer an MongoDB 3.2.6 BOSH release to cloudfoundry community . It is
- BOSH deployed

- single multi-tenant backend cluster

- service instances represent logical databases on the shared server

This service is running in our production since middle of last year and We will actively maintain this service and develop features, answer question etc.…

Current code is in our personal repository https://github.com/linlynn/mongodb-bosh-release .

Welcome any comment and advise next step


Thanks
Lynn Lin


Re: A proposal to offer mongodb 3.2.6 bosh release to cloudfoundry

Michael Maximilien
 

Hi,

Consider drafting a proposal to CF-extension. Please follow process [1] and use template [2].

Let me know if you have any questions. Best,

dr.max

ibm cloud labs
sillicon valley, ca
usa
maximilien.org

[1] https://docs.google.com/document/d/1KaYuqNbPrr23d3OsAhi0NTwBNy-LRZK-FbN3LfBgqjw
[2] https://docs.google.com/document/d/1cpyBmds7WYNLKO1qkjhCdS8bNSJjWH5MqTE-h1UCQkQ

Sent from my iPhone

On Feb 22, 2017, at 11:49 PM, Lin, Lynn <Lynn.X.Lin(a)dell.com> wrote:

Hi CF community
We (Peter,Huang and Lynn Lin) from DELL company would like to offer an MongoDB 3.2.6 BOSH release to cloudfoundry community . It is
- BOSH deployed

- single multi-tenant backend cluster

- service instances represent logical databases on the shared server

This service is running in our production since middle of last year and We will actively maintain this service and develop features, answer question etc.…

Current code is in our personal repository https://github.com/linlynn/mongodb-bosh-release .

Welcome any comment and advise next step


Thanks
Lynn Lin


Re: Updating default pprof_port for loggregator components

David Sabeti
 

Hey, you may want to include this in the release notes of cf-release. Could
you add it to the CF 253 draft?

On Wed, Feb 22, 2017 at 12:53 PM Warren Fernandes <wfernandes(a)pivotal.io>
wrote:

Hey cf-dev,

This is just a notice to let everyone know that loggregator components now
default the *pprof_port* to *0* from the defaults of 6060 and 6061.

We are doing this in order to avoid port collisions as some of loggregator
components are collocated with other jobs.

The pprof port is emitted in the respective component's logs in case
troubleshooting is required.

Thanks,
CF Loggregator



Documentation Update AWS

Leandro David Cacciagioni
 

Guys,

I have had a few issues over the last weeks deploying Cloud Foundry to AWS
and I think that maybe it will be nice to:

- Update the docs to be able to deploy without using the bosh aws gem
(It's broken at least with ruby 2.3.3/rbenv & Fedora Linux 25).
- Also is not nice that this GEM deletes everything when you try to
tear down all that was created, it not only delete what was create by it,
but everything else in the account if possible.
- Update the docs specifying the minimum AWS quotas required for minimal
HA deployment.
- Update the stub sample to use m4 instances, since this has been in AWS
for quite some time and they are already in most of the AWS regions.
- Beyond AWS it would be nice a detailed step by step guide to deploy CF
with Diego enabled, since for those who have never touched CF is a little
difficult to understand all the moving parts of CF.
- In my case I was giving more than a week of training, at least one
hour per day until they catch up the concepts and understand the
basics of
how CF works (Forget about make them modify a bosh deployment to match a
Diego deployment if that's not in the docs)

Hope this help us all.

Cheers, Leandro.-


A proposal to offer mongodb 3.2.6 bosh release to cloudfoundry

Lin, Lynn <Lynn.X.Lin@...>
 

Hi CF community
We (Peter,Huang and Lynn Lin) from DELL company would like to offer an MongoDB 3.2.6 BOSH release to cloudfoundry community . It is

- BOSH deployed

- single multi-tenant backend cluster

- service instances represent logical databases on the shared server
This service is running in our production since middle of last year and We will actively maintain this service and develop features, answer question etc....

Current code is in our personal repository https://github.com/linlynn/mongodb-bosh-release .

Welcome any comment and advise next step


Thanks
Lynn Lin


Updating default pprof_port for loggregator components

Warren Fernandes
 

Hey cf-dev,

This is just a notice to let everyone know that loggregator components now
default the *pprof_port* to *0* from the defaults of 6060 and 6061.

We are doing this in order to avoid port collisions as some of loggregator
components are collocated with other jobs.

The pprof port is emitted in the respective component's logs in case
troubleshooting is required.

Thanks,
CF Loggregator


[IMPORTANT] 3363.x azure stemcell may cause data loss on persistent disks

Dmitriy Kalinin <dkalinin@...>
 

hey all,

DO NOT USE 3363.x *azure* stemcells for upgrades until we ship a new 3363.x
stemcell.

it contains agent that will try to revert your partitioned disk back to
older version of a partitioner which unfortunately will corrupt the data on
disk.

sorry for inconvenience,
dmitriy


Re: New service broker for etcd-as-a-service

Gwenn Etourneau
 

Nice! Thanks for the broker !

On Wed, Feb 22, 2017 at 8:36 AM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

We like etcd for our backend systems; and wanted it as a service for CF
apps.

New service broker to manage roles/user creation via CF Service Broker
API: https://github.com/cloudfoundry-community/etcd-cf-service-broker

Blog post for discussion: https://www.starkandwayne.com/blog/cloud-
foundry-service-broker-for-coreos-etcd/

v0.1.0 release notes on potential changes in future to credentials schema
https://github.com/cloudfoundry-community/etcd-cf-service-broker/releases/
tag/v0.1.0

Hopefully this is useful to others!
Dr Nic

--
Dr Nic Williams
Stark & Wayne LLC
http://starkandwayne.com
+61 437 276 076 <+61%20437%20276%20076>
twitter @drnic


New service broker for etcd-as-a-service

Dr Nic Williams <drnicwilliams@...>
 

We like etcd for our backend systems; and wanted it as a service for CF
apps.

New service broker to manage roles/user creation via CF Service Broker API:
https://github.com/cloudfoundry-community/etcd-cf-service-broker

Blog post for discussion:
https://www.starkandwayne.com/blog/cloud-foundry-service-broker-for-coreos-etcd/

v0.1.0 release notes on potential changes in future to credentials schema
https://github.com/cloudfoundry-community/etcd-cf-service-broker/releases/tag/v0.1.0

Hopefully this is useful to others!
Dr Nic

--
Dr Nic Williams
Stark & Wayne LLC
http://starkandwayne.com
+61 437 276 076
twitter @drnic


Re: CF-Extensions: Welcome CredHub as newest incubator

Michael Maximilien
 

All,

As per discussion today with Dan we now have the following incubating
projects that Dan and his team will use to populate with the initial
CredHub code:

1. CredHub: https://github.com/cloudfoundry-incubator/credhub
2. CredHub CLI: https://github.com/cloudfoundry-incubator/credhub-cli
3. CredHub Acceptance Tests:
https://github.com/cloudfoundry-incubator/credhub-acceptance-tests

I encourage those interested to monitor these repos to monitor and
contribute to the evolution of CredHub.

Appropriate Tracker projects will also be transferred for project
management.

Best,

max

On Mon, Feb 20, 2017 at 5:42 PM, Dr Nic Williams <drnicwilliams(a)gmail.com>
wrote:

Congrats!





On Tue, Feb 21, 2017 at 6:33 AM +1000, "Michael Maximilien" <
maxim(a)us.ibm.com> wrote:

Hi, all,

Quick email to tell community that the CredHub project [1] proposed a
while back by Pivotal and led by Dan Jahner has been voted to be an
incubator into Cf-Extensions PMC according to our process [2]. All
proposals to CF-Extensions can be found here [3].

This week, I will work with Dan to setup appropriate GitHub repos and any
necessary Tracker projects so that the code and work can be made visible to
all. Please watch this space for more information from Dan or from myself.

Congrats again to CredHub team. In my view this is an important addition
to CF that touches many aspects and components of the platform with the
goal of making it more secure. I look forward to the next steps with Dan
and team.

In the mean time, please let us know if you have any questions or
comments.

Best,

------
dr.max
ibm cloud labs
silicon valley, ca
maximilien.org

[1] https://docs.google.com/document/d/1iG28J2Lm8RY3BXCZqqNWO7v-
G1ppcdK8cizlhbN_o4g/edit?usp=sharing
[2] https://docs.google.com/document/d/1KaYuqNbPrr23d3OsAhi0NTwBNy-
LRZK-FbN3LfBgqjw/edit?usp=sharing
[3] https://docs.google.com/document/d/1aKmxFdGC4GnXBIZMx0qdIawHrEIRS
jBOzB-spoPlbM8/edit?usp=sharing


--
max
http://maximilien.org
http://blog.maximilien.com


Re: Mapping ORGs and Space permissions via LDAP

Dieu Cao <dcao@...>
 

This has been a long requested feature.
We've recently started to have more active conversations about this between
CAPI and UAA teams and we hope to be able to share a proposal addressing
this once an approach has been agreed on in the next month or two.

-Dieu
CF Runtime PMC Lead

On Sun, Feb 19, 2017 at 4:33 AM, Alexander Lomov <
alexander.lomov(a)altoros.com> wrote:

Hey, Mark.

At the moment there is no way to control access to org or spaces using UAA
scopes.

You can find list of currently available UAA scopes here [1]. To control
org or spaces access you need something like zone id for org or space, but
I don’t know the way to create such binding right now. I suppose the
feature development is in progress.

Since you added UAA-LDAP integration, you can log in with LDAP user. After
that you can control user access by CF roles [2] and this process does not
involve UAA.

We also use cf-mgmt tool [3] to automate LDAP user binding with org/spaces
on some of our projects. You may find it useful.

Best wishes,
Alex L.

[1] https://docs.cloudfoundry.org/concepts/architecture/uaa.html#scopes
[2] https://docs.cloudfoundry.org/concepts/roles.html
[3] https://github.com/pivotalservices/cf-mgmt

On Feb 18, 2017, at 6:19 PM, Mark Coumounduros <mcoumounduros(a)gmail.com>
wrote:

Hey All,

I recently updated a Cloud Foundation to map CC admin permission to LDAP
via this UAAC command:

uaac group map --name cloud_controller.admin "GROUP-DISTINGUISHED-NAME"

I now just want to fine tune LDAP permission to specific ORGs and/or
Spaces. Is this possible, if so, how?


2961 - 2980 of 9422