Date   

UAA api /introspect does not seem to be workign as expected #uaa

Shetty, Viraj S [CTR]
 

Hi All, 

We are using UAA version 74.14.0 

We have a UAA installation for our internal applications in cloudfoundry environment. We have been having a problem in verifying the oauth token (JWT token) using the /introspect token, but cannot seem to see the reason. I tried a test using postman. 

1. created a client with authority uaa.resource. See properties below. It has the uaa.resource authority. 

    scope: uaa.none
    resource_ids: none
    authorized_grant_types: client_credentials
    autoapprove:
    access_token_validity: 300
    authorities: uaa.resource

2. Generate a token for a user to test verification. 
3. Using postman, I tried to call /introspect api with the "Authorization: Basic ..." (this is deprecated). But this call worked fine and I was able to see the token in returned json. 
4. Using postman, I tried to call /introspect api with the "Authorization: Bearer {token}". This call failed with an error  

{
    "error""access_denied",
    "error_description""Access is denied"
}

I checked the bearer token and made sure that the scope has uaa.resource in there

"scope": [ "uaa.resource" ],

It looks like the /introspect call succeeds with "Authorization: basic .." but not "Authorization: bearer ..". 

Let me know what I am missing. I followed the API docs and I dont think I am missing any other authorithy for the client. 

Any help is appreciated. 

Thanks,
Viraj 



Re: CF Application Runtime PMC: Release Integration Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

VMware is nominating Paul Warren for the Release Integration project lead in the Application Runtime PMC.

Paul has worked on Cloud Foundry since 2015, serving as an engineer on UAA, the anchor on Volume Services and, most recently, as an engineer on Release Integration.

Prior to joining VMware, Paul has spent 20 years serving in various roles from Engineer to Architect to Product Manager across DellEMC, EMC, Documentum, and SSA, primarily focused on developers and developer tooling.

Please send any other nominations directly to me or in reply to this message no later than 11:59 PM PDT on Tuesday, September 22, 2020.

Thanks,
Eric Malm


From: cf-dev@... <cf-dev@...> on behalf of Eric Malm via lists.cloudfoundry.org <emalm=vmware.com@...>
Sent: Tuesday, September 8, 2020 3:47 PM
To: cf-dev@... <cf-dev@...>
Subject: [cf-dev] CF Application Runtime PMC: Release Integration Project Lead Call for Nominations
 
Hi, everyone,

Saikiran Yerram, the lead for the Release Integration project within the Application Runtime PMC, is stepping down. We thank him for his tremendous service in leading the cf-for-k8s and cf-deployment projects over the past year and a half.

The Release Integration team, based in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Tuesday, September 22, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


CF Application Runtime PMC: Release Integration Project Lead Call for Nominations

Eric Malm
 

Hi, everyone,

Saikiran Yerram, the lead for the Release Integration project within the Application Runtime PMC, is stepping down. We thank him for his tremendous service in leading the cf-for-k8s and cf-deployment projects over the past year and a half.

The Release Integration team, based in San Francisco, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PDT on Tuesday, September 22, 2020.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


IMPORTANT NOTICE: [go-buildpack] End of Support for golang versions 1.13.x after 2020-10-02

Kashyap Vedurmudi <kvedurmudi@...>
 

The first release of the Go buildpack after October 2, 2020 will no longer include Go versions 1.13.x. These Go versions will no longer be supported upstream.[1] Please migrate your Go apps to supported versions of Go before that time.


Note: As 1.13.x is the current default version of Go in the buildpack, the default Go version will be updated to 1.15.x as a part of this removal. If you’d like to use a different Go version, please configure your application to select that version[2].


As always, the buildpacks team is happy to answer questions you may have about this deprecation in the #buildpacks Slack channel.


[1] - https://golang.org/doc/devel/release.html#policy

[2] - https://docs.cloudfoundry.org/buildpacks/go/index.html


Thanks,

Kashyap Vedurmudi, Buildpacks PM




Cloud Foundry Summit Europe 2020 CFP Co-Chair Voting Form

Paige O'Connor <poconnor@...>
 

Google Forms
I've invited you to fill out a form:
Cloud Foundry Summit Europe 2020 CFP Co-Chair Voting Form
Cloud Foundry is looking to the community to vote for Co-Chairs to help curate content for Cloud Foundry Summit Europe 2020. Please vote on the nominated co-chairs next to each category to select the final co-chairs. Final co-chairs will be announced on Thursday, September 10.

Voting ends September 8, 2020 at 11:59pm PST.
Fill out form
Create your own Google Form


Re: Routing release 0.207.0

Dieu Cao
 

That's so cool!

Thanks Toby Lorne for the Pull Request to add this capability!

-Dieu


From: cf-dev@... <cf-dev@...> on behalf of Josh Russett via lists.cloudfoundry.org <jrussett=vmware.com@...>
Sent: Tuesday, September 1, 2020 4:19 PM
To: cf-dev@... <cf-dev@...>
Subject: [cf-dev] Routing release 0.207.0
 

Hey cf-dev!

 

Routing release 0.207.0 is now available.

 

Release Highlights

 

 

Manifest Property Changes

Job

Property

0.206.0

0.207.0

gorouter

html_error_template

Did not exist

configurable and defaults to "" (nothing/empty)

 

 

 

Regards,

CloudFoundry Networking Program


Routing release 0.207.0

Josh Russett
 

Hey cf-dev!

 

Routing release 0.207.0 is now available.

 

Release Highlights

 

 

Manifest Property Changes

Job

Property

0.206.0

0.207.0

gorouter

html_error_template

Did not exist

configurable and defaults to "" (nothing/empty)

 

 

 

Regards,

CloudFoundry Networking Program


Re: Seeking track co-chair nominations for Cloud Foundry EU Summit

Dieu Cao
 

The past selection processes have not been blind, although it is possible to ignore the columns that include the names of submitters.  Not sure what the process will be this time around.

I'll note that I don't think a completely blind review and selection process is the answer.  I think we'd want to encourage new speakers, who might not have as polished an abstract/title, as well as experienced speakers, for example. In addition, I think we'd want to ensure that if there are groups or perspectives that is under-represented among the submissions, that co-chairs are able to see that and can solicit/source additional talks from those groups for consideration alongside other submissions.

My 2 cents on that.

-Dieu



From: cf-dev@... <cf-dev@...> on behalf of Daniel Jones via lists.cloudfoundry.org <daniel.jones=engineerbetter.com@...>
Sent: Tuesday, September 1, 2020 9:17 AM
To: Discussions about Cloud Foundry projects and the system overall. <cf-dev@...>
Cc: cf-users@... <cf-users@...>; Foundation Staff <foundation-staff@...>
Subject: Re: [cf-dev] Seeking track co-chair nominations for Cloud Foundry EU Summit
 
Hi folks,

Is the talk-selection process blind? As in, can we appraise talks without knowing the identity of the speaker?

Regards,
Daniel 'Deejay' Jones - CEO
+44 (0)79 8000 9153
EngineerBetter Ltd - More than cloud platform specialists


On Thu, 27 Aug 2020 at 17:30, Paige O'Connor <poconnor@...> wrote:
Cloud Foundry Community,

The co-chair nomination form for Cloud Foundry Summit Europe is now available!

Cloud Foundry Summits are successful, educational, and valuable to our community, because our track co-chair volunteers strive to bring as many high quality talks to Summit as they possibly can. We thank all those folks who have helped in making Summit tracks valuable to our community.

It is now time for you to step up and nominate yourself or your peer to be a co-chair. The deadline for nominations is September 1, 2020 at 11:59 PST.  Chris wrote a post to help answer any questions you may have about being a co-chair, but please feel free to reach out if there is any additional question.

Get nominating today!

Thanks,
Paige 

Paige O'Connor | Executive Administrator
Cloud Foundry Foundation


Re: Seeking track co-chair nominations for Cloud Foundry EU Summit

Daniel Jones
 

Hi folks,

Is the talk-selection process blind? As in, can we appraise talks without knowing the identity of the speaker?

Regards,
Daniel 'Deejay' Jones - CEO
+44 (0)79 8000 9153
EngineerBetter Ltd - More than cloud platform specialists


On Thu, 27 Aug 2020 at 17:30, Paige O'Connor <poconnor@...> wrote:
Cloud Foundry Community,

The co-chair nomination form for Cloud Foundry Summit Europe is now available!

Cloud Foundry Summits are successful, educational, and valuable to our community, because our track co-chair volunteers strive to bring as many high quality talks to Summit as they possibly can. We thank all those folks who have helped in making Summit tracks valuable to our community.

It is now time for you to step up and nominate yourself or your peer to be a co-chair. The deadline for nominations is September 1, 2020 at 11:59 PST.  Chris wrote a post to help answer any questions you may have about being a co-chair, but please feel free to reach out if there is any additional question.

Get nominating today!

Thanks,
Paige 

Paige O'Connor | Executive Administrator
Cloud Foundry Foundation


Sunset of SAP's https://github.com/SAP/ipsec-release

Lay, Stefan
 

Hello community,

 

We would like to sunset the bosh-release for ipsec [1] which we contributed around 4 years ago.


These are the reasons:

  • The project is not used anymore by us and there are no plans to use it.
  • There is no external activity on the project.
  • The project relies on an open source library which is abandoned [1] and has security issues.

Please contact us if you have any objections.

 

Kind regards,
Stefan

 

[1] https://github.com/SAP/ipsec-release

[2] http://ipsec-tools.sourceforge.net/

 


Announcing the cf CLI v6.52.0 Release

Josh Collins
 

Good Morning, Good Afternoon, and Good Evening,

The cf CLI team has released  v6.52.0 of the cf CLI yesterday afternoon.

This v6 release includes the final feature functionality updates that we will be making to the v6 line outside of the most severe blocking bugs and/or CVE patches.

Highlights: 

Legacy plugins use Log Cache - [story]
**NOTE:** We bumped the config as part of the implementation. CLI users that had targeted and logged into their foundations prior to updating to this CLI version may be required to to re-login & target to initialize the updated config.
- Add logic to revoke tokens on CLI logout when revocable flag for UAA is present
- Improved redaction in UAA verbose logging
- If UAA provides standard prompts (Email, Password) then the CLI can translate
them into the user's locale; else will display the prompt provided by UAA platform
operator.
  - Thanks @frodenas for PR'ing the sample translation for Spanish
- Provide localized prompt if sso is misconfigured - [story]

Shameless Plug: 
Please join the cf CLI App-Dev Collective! - what's that? Read about it in our blog post.

Bug Fixes:

- Lowercase hostname in `map-route` - [story]
- Correct an issue with the update-service command where command was removing the tags on service when no tags were provided.

Contributors:
James Palmer, Nick Webb, Jenna Goldstrich, Alexander Berezovsky, Steve Taylor, Josh Collins, Andrew Crump, Olivier Lechevalier, Xinhu Liu, Lisa Burns, Sebastian Vidrio


Note: The minimum version of the CC API this CF CLI release is compatible with is CC API v2.100.0 (3.35). - See our minimum supported version policy for more information.

Please see the release notes for more details and links to binaries and packages.

And as always, we really would love to hear from you so please feel free to respond to this email or find us in the Cloud Foundry Slack #cli channel any time.


Thank you very much,

The cf CLI Team


Seeking track co-chair nominations for Cloud Foundry EU Summit

Paige O'Connor <poconnor@...>
 

Cloud Foundry Community,

The co-chair nomination form for Cloud Foundry Summit Europe is now available!

Cloud Foundry Summits are successful, educational, and valuable to our community, because our track co-chair volunteers strive to bring as many high quality talks to Summit as they possibly can. We thank all those folks who have helped in making Summit tracks valuable to our community.

It is now time for you to step up and nominate yourself or your peer to be a co-chair. The deadline for nominations is September 1, 2020 at 11:59 PST.  Chris wrote a post to help answer any questions you may have about being a co-chair, but please feel free to reach out if there is any additional question.

Get nominating today!

Thanks,
Paige 

Paige O'Connor | Executive Administrator
Cloud Foundry Foundation


Cloud Foundry Summit Europe 2020 CFP Co-Chair Nomination Form

Paige O'Connor <poconnor@...>
 

Google Forms
Cloud Foundry Community, Nominate yourself or your peers to be a track co-chair for Cloud Foundry Summit EU. I've invited you to fill out a form:
Cloud Foundry Summit Europe 2020 CFP Co-Chair Nomination Form
Cloud Foundry is looking to the community to nominate Co-Chairs to help curate content for Cloud Foundry Summit Europe 2020. Please nominate people that you feel would represent the greater Cloud Foundry community's interest and are leaders in the community. The community will vote on the nominated co-chairs to select the final co-chairs September 2 - September 8, 2020. Final co-chairs will be announced on Thursday, September 10.

Please add your nominee’s name next to the category they are best suited to Co-Chair along with their company and contact information (email, slack/twitter username) if available. You may submit nominations for multiple categories. If you would like to submit multiple people for the same category, you will need to submit a secondary form.

Nominations close on Tuesday, September 1 at 11:59pm PST.
Fill out form
Create your own Google Form


Cloud Foundry for Kubernetes (cf-for-k8s) v0.6.0 release is out

Saikiran Yerram
 

Hello CF community,

We shipped a new alpha release v0.6.0 of cf-for-k8s. Some key highlights are below. 

We love contributions, so please reach out to us in the #cf-for-k8s channel, you can also create bugs and feature requests. Also, take a look at our project roadmap in cf-for-k8s project and upcoming releases.

Key highlights

  • Platform engineers and App developers will notice auto-patching of app workloads when the foundation is upgraded to a new stack version. App developers no longer have to re-push the app source to patch their app workload with the CVE fixes in the base image!!
  • Platform engineers can now expect all traffic to/from components that are denied by default and components will require explicit policies to allow ingress/egress traffic #262.
  • Platform engineers can expect all sensitive information such as passwords, cert keys are stored in Kubernetes native secrets #225, #226, #227, #228, #229, #230, #330.
  • Platform engineers and App developers can see available buildpacks via cf buildpacks #101.
  • App developers can select a buildpack with cf push APP_NAME -b [buildpack-name] #340.
    • Note, you can currently only select known buildpacks that are available in cf-for-k8s and not custom builpacks
  • Platform engineers can expect every component gets their own unique UAA client password #233.
  • Platform engineers can expect simplification of the cf-for-k8s configuration interface. You can see a list of allowable properties in config/values/00-values.yml
    • All overlays in config-optional are now managed by properties defined in config/values/00-values.yml.
    • Long term, cf-for-k8s will use YTT schema to define a more strict schema with semver versioning scheme.
    • Note: Platform engineers are still expected to provide properties in config/values/20-secrets-config-values.yml until cf-for-k8s replaces it with server-side secret generation using Quarks.
  • Platform engineers can expect by default all external HTTP traffic to CF API and application workloads to redirect to HTTPS unless they set gateway.https_only to false. Note, internal traffic between system components is encrypted by default by Istio.
  • Platform engineers can now control the creation of load balancer in Kubernetes using the new flag enable_load_balancer. This is helpful when you want to install locally or if want to wire your foundation to a pre-existing load-balancer.
  • Platform engineers can expect upgrades to wait until Postgres (stateful sets) are upgraded #206.
  • Platform engineers can observe application ingress latency contributed by the platform and network (more here)


cf-k8s-networking v0.4.0

Keshav Sharma
 

Hi cf-dev,

cf-k8s-networking v0.4.0 has been cut!

Release Highlights

  • Platform Engineers can confirm that cf-k8s by default only accepts encrypted requests and can be configured to receive requests on port-80 details
  • Platform Engineers can discover docs that describe how to use gateway access logs to observe application ingress latency contributed by platform and network details
  • Platform Engineers can discover docs that describe ingress load balancing topology in cf-for-k8s details
  • Platform Engineers can follow docs to discover that Istio is not a supported API in cf-for-k8s details

CF-K8s-Networking


Cloud Foundry Summit Europe 2020 is live!

Chip Childers <cchilders@...>
 

Hi All, 
Cloud Foundry Summit Europe 2020 is officially live! 

The Summit will be held online over two half-days on Wednesday, October 21st and Thursday, October 22nd on Central European Summer Time, with each date devoted to a key Cloud Foundry audience: developers (users) and contributors, respectively. Summit will include a networking space to facilitate a virtual version of face-to-face networking and digital booths sponsored by vendors for attendees to explore. 

Read the full press release here: 


You can register here for free using this code: CFEU20CONT

If you are interested in sponsoring Summit, please download the Sponsorship Prospectus. Sponsorship deadline is Friday, October 2.

We look forward to "seeing" you all at Summit!


Chip Childers
Executive Director
Cloud Foundry Foundation


Invitation to join the cf CLI feedback group

Josh Collins
 

Good Morning, Good Afternoon and Good Evening Everyone,

I hope this note finds you safe and sane and feeling good.
I've got a question and a call to action below...

Do you or someone you know have experience with (and opinions about) the cf CLI?
If so, I'd like to offer you or your colleagues an opportunity to directly access and provide feedback to the engineers and product managers responsible for the cf CLI.

The cf CLI team has been heads down on the v7 GA for a long time.
Now that we've launched the v7 cf CLI, the team is going to refocus direction and priority based on the experience and perspective of our users.

To that end, we’re building an influential, collaborative, yet casual and open, user feedback group called The CF CLI App-Dev Collective.
People who want to join the group can register their interest here (https://forms.gle/8Z12s3WAnzUyiSEb8).

Here's what the cf CLI team hopes to get out of this:
- gather direct feedback from cf CLI users
- validate proposed solutions

What you could get out of this:
- influence the direction of the cf CLI
- learn from experienced cf CLI users and developers

CF CLI App-Dev Collective participants may:
- communicate directly with cf CLI product and engineering staff
- help identify pain points and discuss priorities
- brainstorm solutions 
- discuss proofs of concept prior to implementation
- gain early access to a sandbox environment running the edge version of CAPI where beta CLI features can be exercised

Please know this group is casual and members can choose their level of engagement.

If you're interested, please register here.

And of course, if you’ve got questions, please reach out to Josh Collins (Product Manager for the cf CLI) via email, in the #cli channel in CloudFoundry Slack, or by direct message (@jcollins).

Thanks,

Josh Collins and the cf CLI Team


Routing release 0.206.0

Josh Russett
 

Hi cf-dev!

 

Routing release 0.206.0 is now available.

 

Release Highlights

  • Gorouter does not automatically send a `VCAP_ID` cookie, even when the app does not set the JSESSION id explicitly on the response. (See Issue #178)
  • Gorouter aliases `/healthz` → `/health` (See Issue #175)

 

Breaking Change

  • Application developers can no longer successfully deploy a reverse-proxy with support for sticky sessions (See re-opened Issue #170)

 

Regards,

CloudFoundry Networking Program


CF-Networking and Silk Release 2.33.0 now available

Josh Russett
 

Hi cf-dev,

 

CF-Networking release 2.33.0 and Silk release 2.33.0 are now both available.

 

CF-Networking Release Highlights:

  • cf-networking-release acceptance tests programmatically determine version of CF cli present and then use cf cli v6 or v7 function signatures as necessary.
  • Tested with silk-release v2.33.0

 

Silk Release Highlights:

  • Tested with cf-networking-release v2.33.0

 

 

Regards,

CF for VMs Networking Team


Re: Client secret rotation in UAA #uaa #cf

Shetty, Viraj S [CTR]
 

What I have found is that when I set the secret, add a secret or delete the secret later for a UAA client- the lastmodified field of the client does not get updated. Ideally, there should be a timestamp for the secret modification, so that it can be found out if a secret needs to be rotated. This would be helpful in agencies where there are policies on credentials rotation. At the very least, I think the last modifiied field should be updated on secret modification. I am at 74.14.0 UAA version. 

Thanks,
Viraj 

281 - 300 of 9422