Date   

Re: TLS for everything

David McClure
 

Hi everyone,

Glad to see this conversation happening. I've been involved in several conversations about this over the years but I'm not sure what public artifacts exist about these efforts. Historically, it has been a challenge to organize so-called "cross-cutting efforts" that require the involvement of many different teams and it may be especially challenging now that much of the community has shifted its focus to developing cf-for-k8s.

That said, here's a thought: perhaps we can approach this feature request and other "cross-cutting" features for cf-for-vms with the following strategy going forward:

  1. Create an issue to track this feature of cf-for-vms in the cf-deployment github repo
    https://github.com/cloudfoundry/cf-deployment/issues
  2. While it's good to continue discussing this anywhere and everywhere (Slack, email, etc), let's make that that Github issue the canonical home for discussion about this going forward and try to "close the loop" back there if discussions are had elsewhere.
  3. If separate issues can be carved out for specific components, create issues on their repositories and link them back to the Github issue on cf-deployment.
    Github's auto-linking between issues should help us make these more discoverable, regardless of which direction the link is going.
Jon, would you like to do the honors as the thread starter here?


From: cf-dev@... <cf-dev@...> on behalf of Miki Mokrysz via lists.cloudfoundry.org <miki.mokrysz=digital.cabinet-office.gov.uk@...>
Sent: Tuesday, September 15, 2020 11:41 AM
To: cf-dev@... <cf-dev@...>
Subject: Re: [cf-dev] TLS for everything
 
+1 on desiring everything to be encrypted on the network.

We’re under the impression that Silk (apps.internal) traffic between cells is also unencrypted.

On Tuesday, 15 September 2020, Peter Burkholder via lists.cloudfoundry.org <peter.burkholder=gsa.gov@...> wrote:
We may run into similar requirements for cloud.gov, so TLS everywhere would be A+.

On Tue, Sep 15, 2020 at 1:45 PM Jon Price <jon.price@...> wrote:
Hi everyone,
There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. 
Is there a timeline or any plans for these last few things?  

1) routing-api - still using both TLS and non-TLS in the cf-deployment.  The http endpoint is what is registered in the router.  Is there a reason for still enabling both?
2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222
3) route_registrar - not using nats-tls
4) gorouter - not using nats-tls

We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :)

Jon Price
Intel Corp.



--
Peter Burkholder |  cloud.gov compliance & security


Re: UAA api /introspect does not seem to be workign as expected #uaa

Jeremy Morony
 

Hi Viraj,

I couldn't replicate the issue you've described.  While logs are always helpful, more helpful would be a small set up replicating the issue. For example, this is what I did to replicate your issue using the UAA in development:

./gradlew clean run
uaac target http://localhost:8080/uaa
uaac token client get admin
uaac client add introspect-test --scope uaa.none --authorized_grant_types client_credentials --authorities uaa.resource
uaac token owner get cf marissa -p koala --scope uaa.user
uaac contexts #extract marissa's access token
uaac token client get introspect-test
uaac curl --trace /introspect -X POST -d "token=marissas-access-token"

200
RESPONSE HEADERS:
<snip>
RESPONSE BODY:
{
  "active": true // other claims omitted
}


From: cf-dev@... <cf-dev@...> on behalf of Shetty, Viraj S [CTR] via lists.cloudfoundry.org <vshetty=fdic.gov@...>
Sent: Friday, September 11, 2020 12:44 PM
To: cf-dev@... <cf-dev@...>
Subject: Re: [cf-dev] UAA api /introspect does not seem to be workign as expected #uaa
 
Jeremy, 

I upgraded to the latest UAA version 74.24.0 and I still see the same issue. Is there something I can provide from logs that might help ? 

Thanks,
Viraj 


Re: TLS for everything

Miki Mokrysz <miki.mokrysz@...>
 

+1 on desiring everything to be encrypted on the network.

We’re under the impression that Silk (apps.internal) traffic between cells is also unencrypted.


On Tuesday, 15 September 2020, Peter Burkholder via lists.cloudfoundry.org <peter.burkholder=gsa.gov@...> wrote:
We may run into similar requirements for cloud.gov, so TLS everywhere would be A+.

On Tue, Sep 15, 2020 at 1:45 PM Jon Price <jon.price@...> wrote:
Hi everyone,
There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. 
Is there a timeline or any plans for these last few things?  

1) routing-api - still using both TLS and non-TLS in the cf-deployment.  The http endpoint is what is registered in the router.  Is there a reason for still enabling both?
2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222
3) route_registrar - not using nats-tls
4) gorouter - not using nats-tls

We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :)

Jon Price
Intel Corp.



--
Peter Burkholder |  cloud.gov compliance & security
please use cloud-gov-compliance@... for cloud.gov matters


Re: TLS for everything

Peter Burkholder
 

We may run into similar requirements for cloud.gov, so TLS everywhere would be A+.

On Tue, Sep 15, 2020 at 1:45 PM Jon Price <jon.price@...> wrote:
Hi everyone,
There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. 
Is there a timeline or any plans for these last few things?  

1) routing-api - still using both TLS and non-TLS in the cf-deployment.  The http endpoint is what is registered in the router.  Is there a reason for still enabling both?
2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222
3) route_registrar - not using nats-tls
4) gorouter - not using nats-tls

We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :)

Jon Price
Intel Corp.



--
Peter Burkholder |  cloud.gov compliance & security
please use cloud-gov-compliance@... for cloud.gov matters


TLS for everything

Jon Price
 

Hi everyone,
There has been a lot of excellent progress in securing all CF traffic with TLS and as far as I can tell there are only a few things that are still unencrypted. 
Is there a timeline or any plans for these last few things?  

1) routing-api - still using both TLS and non-TLS in the cf-deployment.  The http endpoint is what is registered in the router.  Is there a reason for still enabling both?
2) metrics-discovery-registrar-windows - not using nats-tls hostname, falling back to 4222
3) route_registrar - not using nats-tls
4) gorouter - not using nats-tls

We have a requirement that all traffic on the network is encrypted and I would really love to stop running IPsec. :)

Jon Price
Intel Corp.


Topics or presentations? CAB call: Wednesday, Sept. 16th @ 8AM PT / 11AM ET / 4PM CET

Troy Topnik
 

As of right now, we don't have any topics for discussion or presentations scheduled for the next CAB call.

I'll keep polling project people informally on Slack, but if you have a topic you would like to discuss or a presentation of interest to the Cloud Foundry community, please respond on this thread or reach out to me directly.

Thanks,

TT

Chat room: go to slack.cloudfoundry.org and then join the #cab channel

Here are the meeting details for Wednesday:

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/757994996

Or iPhone one-tap :
    US: +16468769923,,757994996# or +16699006833,,757994996#
Or Telephone:
    Dial(for higher quality, dial a number based on your current location):
        US: +1 646 876 9923 or +1 669 900 6833 or +1 408 638 0968
    Meeting ID: 757 994 996
    International numbers available: https://zoom.us/zoomconference?m=BbM_MZowkH08pdKycQk10at13V5cLneM

Agenda doc: https://docs.google.com/document/d/1SCOlAquyUmNM-AQnekCOXiwhLs6gveTxAcduvDcW_xI


--
Troy Topnik
Senior Product Manager, 
SUSE Cloud Application Platform 
troy.topnik@...
 


CF K8s Networking office hours this week on Wednesday

Shannon Coen
 

Hello CF friends,

Members of the CF K8s Networking team will be on zoom this Wednesday from 10-10:30am PDT hosting office hours for the project. We welcome questions related to routing, load balancing, and security of traffic for applications and platform APIs in all data paths; ingress, east-west, and egress. We'll also be happy to share what we're working on and where we're headed.

The zoom link can be found on the CFF community calendar at https://www.cloudfoundry.org/community-calendar/


Hoping you all are healthy and staying safe,

Shannon Coen (He/Him)
Manager, Product Management
scoen@...
875 Howard Street 5th Floor, San Francisco CA 94103
Mobile: +1.415.640.0272



Re: CF Application Runtime PMC: Diego Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

VMware is nominating Amin Jamali for the Diego project lead in the Application Runtime PMC.

Amin has worked at Pivotal and VMware as a core contributor to Cloud Foundry since 2015. Since December 2018, he has been an engineer on the Diego team, and prior to that has worked on many other components of the CF App Runtime, including BOSH-Windows, Garden-Windows, and Buildpacks. Amin has an engineering background and previously has helped various startups build and deliver software solutions.

Please send any other nominations directly to me or in reply to this message no later than 11:59 PM PDT on Friday, September 25, 2020.

Thanks,
Eric Malm


From: cf-dev@... <cf-dev@...> on behalf of Eric Malm via lists.cloudfoundry.org <emalm=vmware.com@...>
Sent: Friday, September 11, 2020 3:24 PM
To: cf-dev@... <cf-dev@...>
Subject: [cf-dev] CF Application Runtime PMC: Diego Project Lead Call for Nominations
 
Hi, everyone,

Josh Collins is stepping down from his role as the Diego project lead, as he is currently focused primarily on activities with the CF CLI team.

The Diego team now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Friday, September 25, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


Re: CF Application Runtime PMC: UAA Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

VMware is nominating Jeremy Morony for the UAA Project Lead in the Application Runtime PMC.

Jeremy is a software engineer and manager at VMware who has been working with the UAA team since February 2019. He has 20 years of programming, facilitation, coaching, and mentoring experience at both startups and larger companies.

Please send any other nominations directly to me or in reply to this message no later than 11:59 PM PDT on Friday, September 25, 2020.

Thanks,
Eric Malm


From: cf-dev@... <cf-dev@...> on behalf of Eric Malm via lists.cloudfoundry.org <emalm=vmware.com@...>
Sent: Friday, September 11, 2020 3:22 PM
To: cf-dev@... <cf-dev@...>
Subject: [cf-dev] CF Application Runtime PMC: UAA Project Lead Call for Nominations
 
Hi, everyone,

Pablo Schuhmacher, the Project Lead for the UAA team within the Application Runtime PMC, is stepping down from the project, as he is now focusing on product management responsibilities inside of VMware. We thank him for his service.

The UAA team, based in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Friday, September 25, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


CF Application Runtime PMC: Diego Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

Josh Collins is stepping down from his role as the Diego project lead, as he is currently focused primarily on activities with the CF CLI team.

The Diego team now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Friday, September 25, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


CF Application Runtime PMC: UAA Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

Pablo Schuhmacher, the Project Lead for the UAA team within the Application Runtime PMC, is stepping down from the project, as he is now focusing on product management responsibilities inside of VMware. We thank him for his service.

The UAA team, based in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Friday, September 25, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


Re: UAA api /introspect does not seem to be workign as expected #uaa

Shetty, Viraj S [CTR]
 

Jeremy, 

I upgraded to the latest UAA version 74.24.0 and I still see the same issue. Is there something I can provide from logs that might help ? 

Thanks,
Viraj 


Re: UAA api /introspect does not seem to be workign as expected #uaa

Shetty, Viraj S [CTR]
 

Hi Jeremy, 

Thanks for taklng the time to respond. Really appreciate it. 

I have double checked this many times. From Postman, I saw the request that is being sent and checked the bearer token to see the token scopes. The token contains the following (i added uaa.admin just as a test later)  

  "scope": [
    "uaa.resource",
    "uaa.admin"
],
  "grant_type": "client_credentials",

The request looks all fine.

Is there any configuration needed at the endpoints? I see the following configuration for /introspect from resource-endpoints.xml

    <http name="introspectSecurity" pattern="/introspect" create-session="stateless"
          entry-point-ref="basicAuthenticationEntryPoint"
          authentication-manager-ref="clientAuthenticationManager" use-expressions="true"
          xmlns="http://www.springframework.org/schema/security">
        <intercept-url pattern="/**" access="hasAuthority('uaa.resource')"/>
        <anonymous enabled="false"/>
        <custom-filter ref="oauthWithoutResourceAuthenticationFilter" position="PRE_AUTH_FILTER"/>
        <custom-filter ref="clientAuthenticationFilter" position="BASIC_AUTH_FILTER"/>
        <expression-handler ref="oauthWebExpressionHandler"/>
        <access-denied-handler ref="oauthAccessDeniedHandler"/>
        <csrf disabled="true"/>
    </http>
Should there be one for Bearer token ? Not sure. 

As per the API docs for 74.14.0, 

Authorization One of the following authentication/authorization mechanisms:
  • Bearer token for a registered client with authority uaa.resource   [Recommended]
  • Basic authentication using client_id / client_secret for a registered client with authority uaa.resource   [Deprecated]
If both bearer token and basic auth credentials are provided, only the bearer token will be used.

Thanks,
Viraj 


Re: UAA api /introspect does not seem to be workign as expected #uaa

Jeremy Morony
 

Hi Viraj,

From the details provided it looks like the call to /introspect might be using the user's token in the authorize header instead of a client token.

A successful curl request looks like:

curl -X POST http://uaa.example.com/instropect - H "Authorization: bearer client-token" -d "token=user-token"

Hope this helps.

  Jeremy.



From: cf-dev@... <cf-dev@...> on behalf of Shetty, Viraj S [CTR] via lists.cloudfoundry.org <vshetty=fdic.gov@...>
Sent: Thursday, September 10, 2020 2:58 PM
To: cf-dev@... <cf-dev@...>
Subject: Re: [cf-dev] UAA api /introspect does not seem to be workign as expected #uaa
 
I increased the logging for the UAA and found this exception. The error message is "User is not anonymous". Any idea what this could mean? 

09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.742] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /introspect; Attributes: [#oauth2.throwOnError(hasAuthority('uaa.resource'))]
   2020-09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.743] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- FilterSecurityInterceptor: Previously Authenticated: org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication@2e8b9cef: Principal: 7dafcb10-ca4b-4470-ae97-f632553a180d; Credentials: [PROTECTED]; Authenticated: true; Details: remoteAddress=167.176.6.240, tokenType=BearertokenValue=<TOKEN>; Granted Authorities: password.write, scim.userids, scim.me, openid, oauth.approvals, uaa.offline_token, profile, roles, user_attributes, uaa.user
   2020-09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.744] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3ac662ba, returned: -1
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.746] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- ExceptionTranslationFilter: Access is denied (user is not anonymous); delegating to AccessDeniedHandler
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT org.springframework.security.access.AccessDeniedException: Access is denied
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) [spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.servletapi.SecurityCo


Re: UAA api /introspect does not seem to be workign as expected #uaa

Shetty, Viraj S [CTR]
 
Edited

I increased the logging for the UAA and found this exception. The error message is "User is not anonymous". Any idea what this could mean? 

09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.742] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- FilterSecurityInterceptor: Secure object: FilterInvocation: URL: /introspect; Attributes: [#oauth2.throwOnError(hasAuthority('uaa.resource'))]
   2020-09-10T17:34:55.74-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.744] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- AffirmativeBased: Voter: org.springframework.security.web.access.expression.WebExpressionVoter@3ac662ba, returned: -1
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT [2020-09-10 21:34:55.746] uaa - 25 [http-nio-8080-exec-9] .... DEBUG --- ExceptionTranslationFilter: Access is denied (user is not anonymous); delegating to AccessDeniedHandler
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT org.springframework.security.access.AccessDeniedException: Access is denied
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) ~[spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:118) [spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.2.1.RELEASE.jar:5.2.1.RELEASE]
   2020-09-10T17:34:55.75-0400 [APP/PROC/WEB/0] OUT     at org.springframework.security.web.servletapi.SecurityCo


UAA api /introspect does not seem to be workign as expected #uaa

Shetty, Viraj S [CTR]
 

Hi All, 

We are using UAA version 74.14.0 

We have a UAA installation for our internal applications in cloudfoundry environment. We have been having a problem in verifying the oauth token (JWT token) using the /introspect token, but cannot seem to see the reason. I tried a test using postman. 

1. created a client with authority uaa.resource. See properties below. It has the uaa.resource authority. 

    scope: uaa.none
    resource_ids: none
    authorized_grant_types: client_credentials
    autoapprove:
    access_token_validity: 300
    authorities: uaa.resource

2. Generate a token for a user to test verification. 
3. Using postman, I tried to call /introspect api with the "Authorization: Basic ..." (this is deprecated). But this call worked fine and I was able to see the token in returned json. 
4. Using postman, I tried to call /introspect api with the "Authorization: Bearer {token}". This call failed with an error  

{
    "error""access_denied",
    "error_description""Access is denied"
}

I checked the bearer token and made sure that the scope has uaa.resource in there

"scope": [ "uaa.resource" ],

It looks like the /introspect call succeeds with "Authorization: basic .." but not "Authorization: bearer ..". 

Let me know what I am missing. I followed the API docs and I dont think I am missing any other authorithy for the client. 

Any help is appreciated. 

Thanks,
Viraj 



Re: CF Application Runtime PMC: Release Integration Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

VMware is nominating Paul Warren for the Release Integration project lead in the Application Runtime PMC.

Paul has worked on Cloud Foundry since 2015, serving as an engineer on UAA, the anchor on Volume Services and, most recently, as an engineer on Release Integration.

Prior to joining VMware, Paul has spent 20 years serving in various roles from Engineer to Architect to Product Manager across DellEMC, EMC, Documentum, and SSA, primarily focused on developers and developer tooling.

Please send any other nominations directly to me or in reply to this message no later than 11:59 PM PDT on Tuesday, September 22, 2020.

Thanks,
Eric Malm


From: cf-dev@... <cf-dev@...> on behalf of Eric Malm via lists.cloudfoundry.org <emalm=vmware.com@...>
Sent: Tuesday, September 8, 2020 3:47 PM
To: cf-dev@... <cf-dev@...>
Subject: [cf-dev] CF Application Runtime PMC: Release Integration Project Lead Call for Nominations
 
Hi, everyone,

Saikiran Yerram, the lead for the Release Integration project within the Application Runtime PMC, is stepping down. We thank him for his tremendous service in leading the cf-for-k8s and cf-deployment projects over the past year and a half.

The Release Integration team, based in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Tuesday, September 22, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


CF Application Runtime PMC: Release Integration Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

Saikiran Yerram, the lead for the Release Integration project within the Application Runtime PMC, is stepping down. We thank him for his tremendous service in leading the cf-for-k8s and cf-deployment projects over the past year and a half.

The Release Integration team, based in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Tuesday, September 22, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


IMPORTANT NOTICE: [go-buildpack] End of Support for golang versions 1.13.x after 2020-10-02

Kashyap Vedurmudi <kvedurmudi@...>
 

The first release of the Go buildpack after October 2, 2020 will no longer include Go versions 1.13.x. These Go versions will no longer be supported upstream.[1] Please migrate your Go apps to supported versions of Go before that time.


Note: As 1.13.x is the current default version of Go in the buildpack, the default Go version will be updated to 1.15.x as a part of this removal. If you’d like to use a different Go version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel.


[1] - https://golang.org/doc/devel/release.html#policy

[2] - https://docs.cloudfoundry.org/buildpacks/go/index.html


Thanks,

Kashyap Vedurmudi, Buildpacks PM




Cloud Foundry Summit Europe 2020 CFP Co-Chair Voting Form

Paige O'Connor <poconnor@...>
 

Google Forms
I've invited you to fill out a form:
Cloud Foundry Summit Europe 2020 CFP Co-Chair Voting Form
Cloud Foundry is looking to the community to vote for Co-Chairs to help curate content for Cloud Foundry Summit Europe 2020. Please vote on the nominated co-chairs next to each category to select the final co-chairs. Final co-chairs will be announced on Thursday, September 10.

Voting ends September 8, 2020 at 11:59pm PST.
Fill out form
Create your own Google Form

221 - 240 of 9377