|
Usage retrieval authorization was: Re: [abacus] Usage submission authorization
Piotr Przybylski <piotrp@...>
Does the user who would like to see their usage (e.g. services in the organization they own) need to have 'abacus.usage.read' scope as discussed below? Piotr -----Saravanakumar A Srinivasan/Burlingame/IBM@IBMUS wrote: ----- To: "Discussions about Cloud Foundry projects and the system overall." <cf-dev@...> From: Saravanakumar A Srinivasan/Burlingame/IBM@IBMUS Date: 10/15/2015 10:20PM Subject: [cf-dev] Re: Re: Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization > what will be the scope for securing internal Abacus pipeline that Assk describes as system token ? It is 'abacus.usage.write'. Updated my previous statements to make it more specific: We have enabled scope based authorization for REST endpoints at usage collector and usage reporting service. While we are working on using system OAuth bearer access token at internal Abacus pipeline, Submitting usage to a secured Abacus needs a OAuth bearer access token with 'abacus.usage.write' system scope in addition to the resource provider specific scope(s) - 'abacus.usage.<resource_id>.write'. Thanks, Saravanakumar Srinivasan (Assk), -----Piotr Przybylski/Burlingame/IBM@IBMUS wrote: ----- To: cf-dev@... From: Piotr Przybylski/Burlingame/IBM@IBMUS Date: 10/15/2015 09:50PM Subject: [cf-dev] Re: Re: Re: Re: Re: Re: [cf-dev][abacus] Usage submission authorization Makes sense, and just to complete - what will be the scope for securing internal Abacus pipeline that Assk describes as system token ? Piotr ----- Original message ----- |
|
|
|
Re: REST API endpoint for accessing application logs
Ponraj E
Hi Warren,
Thanks. Reg #3:Even "wss://doppler.xx.xxx.xxxxxxxx.xxx:443" gives the same "invalid URI for request". -- Ponraj |
|
|
|
Re: Acceptance tests assume a multi level wildcard ssl cert
Christopher Piraino <cpiraino@...>
Hi Felix,
toggle quoted message
Show quoted text
You are right, we have found this issue in one of our own environments as well, we have a story here <https://www.pivotaltracker.com/story/show/105340048> to address it by skipping verification explicitly for this test only. Previously, I believe that test only used an http URL when curling, recent updates to allow configuration of the protocol exposed this issue. We do not assume multi-level wildcard certs. The curl helper was also changed recently to set SSL verification internally for all curl commands <https://github.com/cloudfoundry/cf-acceptance-tests/commit/06c83fa5641785ebca1c6dedb36c2370415e3005>, so the skip_ssl_validation configuration should still be working correctly. If you want to see the tests pass, you could either set "skip_ssl_validation" to false or "use_http" to true and the test should work as intended. In any case, we are sorry for the failures and hopefully we can get a fix out soon. - Chris On Mon, Oct 19, 2015 at 7:32 AM, Felix Friedrich <felix(a)fri.edri.ch> wrote:
Hello, |
|
|
|
Re: REST API endpoint for accessing application logs
Warren Fernandes
Hi Ponraj,
I've replicated the behavior you are seeing. I'll get back to you for question #1 and #2 after some investigation. As for #3 set your DOPPLER_ADDR to wss://doppler.xx.xxx.xxxxxxxx.xxx:443. That is, use wss instead of https. Thanks. |
|
|
|
Re: Cloud Foundry being used for an EU social learning games platform
Juan Antonio Breña Moral <bren at juanantonio.info...>
Hi Chris,
Many thanks for the Introduction. The Node Application: https://github.com/prosociallearnEU/cf-nodejs-dashboard is a WebApp to deploy in an easy way applications and bind later User provided Services. We are testing the solution with a Local CF instance (https://github.com/yudai/cf_nise_installer/) and Pivotal API. Currently, the WebApp is running in Pivotal for testing purposes. Maybe, the project could be used for this purpose: https://lists.cloudfoundry.org/archives/list/cf-dev(a)lists.cloudfoundry.org/message/6RSTWQISQVSIPJL7HURVMVBUT7Q6BRT2/ Cheers Juan Antonio |
|
|
|
Doubt: Filter 2 Service Bindings with 2 parameters
Juan Antonio Breña Moral <bren at juanantonio.info...>
Hi,
I would like to filter using 2 criterias for this REST method: http://apidocs.cloudfoundry.org/221/service_bindings/list_all_service_bindings.html var filter2 = { 'q': 'app_guid:' + "65be2a2d-a643-4e01-b33d-8755d5934ae6", 'q': 'service_instance_guid:' + "9e541381-b34d-4a0c-b7da-1ff00a0ffef5" }; Currently, using this way, the REST method only filter for the latest parameter. Does exist a possibility for both criteria? Juan Antonio |
|
|
|
Acceptance tests assume a multi level wildcard ssl cert
Felix Friedrich
Hello,
we've just upgraded our CF deployment from v215 to v220. Unfortunately the acceptance tests fail: http://pastebin.com/rWrXX1HA They reasonably fail. The test expects a valid ssl cert, but our cert is only valid for *.test.cf.springer-sbm.com not for *.*.test.cf.springer-sbm.com. The test seem to expect a multilevel SSL cert, I am not sure if that's reasonable or not. However, I wondered why this exact test did not fail in v215. I suspected that the way curl gets executed in the v220 tests changed and it apparently seems that I am right [1]. Thus I assume (!) that before curl's return codes did not get propagated, while they are now. (Return code 51 is "The peer's SSL certificate or SSH MD5 fingerprint was not OK." according to the man page.) Also the new way of executing ("curlCmd := runner.Curl(uri)") does not look like it gets the skipSslValidation value. As a fact running the acceptances tests with the skip_ssl_validation option still leads to this test failing. However the used library looks like it is able to skip SSL validation: https://github.com/cloudfoundry-incubator/cf-test-helpers/blob/master/runner/run.go Even if skip_ssl_validation would work, I am not very keen on activating that option since that also applies to all other tests, which are not using multi level wildcard certs. Besides of the fact that curl seems to validate SSL certs no matter if skip_ssl_validation is true or false, did you intentionally assume that CF uses a multilevel wildcard cert? Felix [1] https://github.com/cloudfoundry/cf-acceptance-tests/compare/353e06565a6a1a0d6b4c417f57b00eeecec604fa...72496c6fabd1c8ec51ae932d13a597a62ccf30dd |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Parthiban Annadurai <senjiparthi@...>
Hello All,
toggle quoted message
Show quoted text
Thanks All for the helpful suggestions. Actually, now we r facing the following issue while kicking bosh deploy, Done compiling packages > nats/d3a1f853f4980682ed8b48e4706b7280e2b7ce0e (00:01:07) Failed compiling packages > buildpack_php/9c72be716ab8629d7e6feed43012d1d671720157: Action Failed get_task: Task aba21e6a-2031-4a69-5b72-f238ecd07051 result: Compiling package buildpack_php: Compressing compiled package: Shelling out to tar: Running command: 'tar czf /var/vcap/data/tmp/bosh-platform-disk-TarballCompressor-CompressFilesInDir762165297 -C /var/vcap/data/packages/buildpack_php/9c72be716ab8629d7e6feed43012d1d671720157.1- .', stdout: '', stderr: ' gzip: stdout: No space left on device ': signal: broken pipe (00:02:41) Failed compiling packages (00:02:41) Error 450001: Action Failed get_task: Task aba21e6a-2031-4a69-5b72-f238ecd07051 result: Compiling package buildpack_php: Compressing compiled package: Shelling out to tar: Running command: 'tar czf /var/vcap/data/tmp/bosh-platform-disk-TarballCompressor-CompressFilesInDir762165297 -C /var/vcap/data/packages/buildpack_php/9c72be716ab8629d7e6feed43012d1d671720157.1- .', stdout: '', stderr: ' gzip: stdout: No space left on device ': signal: broken pipe Could Anyone on this issue? Regards Parthiban A On 19 October 2015 at 14:30, Bharath Posa <bharathp(a)vedams.com> wrote:
Hi partiban |
|
|
|
Re: Cloud Foundry Java Client V2
Ben Hale <bhale@...>
Will v1 receive support for individually addressable IPs, or will that be unique to v2?I believe that this falls under new APIs for V1 and won’t be completed. Basically, unless it’s a bug fix, I wouldn’t assume that it’ll come to V1. -Ben |
|
|
|
Re: Defining a singular plan for all services
Paul Bakare
A custom built service.
toggle quoted message
Show quoted text
We're building a custom API Gateway for our apps. On Fri, Oct 16, 2015 at 11:29 PM, CF Runtime <cfruntime(a)gmail.com> wrote:
What services do you want to define this default plan for? |
|
|
|
Re: How to explicitly specify the password for the account admin?
Simon Johansson <simon@...>
We have this in our stub.
toggle quoted message
Show quoted text
properties.uaa.scim.users: - "admin|DESIRED_PASSWORD|scim.write,scim.read....... Works well. On Mon, Oct 19, 2015 at 9:52 AM, Jim Lin <jimlintw922(a)gmail.com> wrote:
Hi all |
|
|
|
Cloud Foundry being used for an EU social learning games platform
Christopher Frost
I stumbled across this and though other people might be interested.
ProSocialLearn is an EU funded project to help children learn positive social skills through social gaming. Here is a quote from there "System Requirements and Architecture" document available on there website. "Continuing up the technology architecture stack, PSL is still exploring a number of open alternatives for building up a robust PaaS layer. However, during the editing of this deliverable, the ProSocialLearn consortium is already beginning to investigate the Cloud Foundry community (almost a de facto standard for Platform as a Service environments). PSL is planning to integrate the Cloud Foundry technology into the added value services of PSL. Cloud Foundry provides a platform that allows game providers and game operators to deploy, manage and scale cloud-based games quickly, and easily. " They have a Git repo where they are working on a NodeJS based client for the CF API and a Node based CF web console. This work seems to be being done by one developer from one of the consortium members based in Spain, Madrid. They have also released a proof of concept game as well but it doesn't look like they have formally launched yet. Links. http://prosociallearn.eu/ https://github.com/prosociallearnEU Chris. Christopher Frost - Pivotal UK Java Buildpack Team |
|
|
|
Re: REST API endpoint for accessing application logs
Ponraj E
Hi ,
I executed the command with manually putting the outh token -pasting the o/p here: C:\WINDOWS\system32>curl -k -H "Authorization: bearer xxxx" "https://doppler.xx.xxx.xxxxxxxx:443/apps/e0dc9133-f800-416d-9e1f-ffeb8d02e4dd/recentlogs" --1f51e48e4a9bf243ed1e2ab55c090c4d2deb23a7ae255c5c1d8ad178acb9 ◄dea_logging_agent►♣0│┌üªπ╩áç¶j2z☺1é☺♀10.78.150.44B╜☺ Ç☺Mon, 19 Oct 2015 06:23:56 GMT express deprecated res.send(status, body): Use res.status(status).se nd(body) instead at app.js:7:7►☻↑╜╜üªπ╩áç¶"$e0dc9133-f800-416d-9e1f-ffeb8d02e4dd*♥App2☺1 --1f51e48e4a9bf243ed1e2ab55c090c4d2deb23a7ae255c5c1d8ad178acb9 router__0►♣0₧π╪á½╩áç¶j 10.78.149.103B╔♥router_z1z☺0é☺ app_url - [19/10/2015:06:23:41 +0000] "GET / HTTP/1.1" 2 00 0 40 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0. 2454.101 Safari/537.36" 10.78.148.7:59978 x_forwarded_for:"ip_addr" vcap_request_id:1cbd4f2d- 84c6-4ef9-6f44-e0c84a4d5e49 response_time:0.624678694 app_id:e0dc9133-f800-416d-9e1f-ffeb8d02e4dd ►☺↑└╥╪á½╩áç¶"$e0dc9133-f800-416d-9e1f-ffeb8d02e4dd*♥RTR2☺0 --1f51e48e4a9bf243ed1e2ab55c090c4d2deb23a7ae255c5c1d8ad178acb9 router__0►♣0Ç╩ΩεΓ╩áç¶j 10.78.149.103B╔♥router_z1z☺0é☺ app_url - [19/10/2015:06:23:56 +0000] "GET / HTTP/1.1" 2 00 0 40 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0. 2454.101 Safari/537.36" 10.78.148.7:59978 x_forwarded_for:"ip_addr" vcap_request_id:758c85b6- dfef-41dc-5def-dc76ccf01498 response_time:0.999714512 app_id:e0dc9133-f800-416d-9e1f-ffeb8d02e4dd ►☺↑█╜ΩεΓ╩áç¶"$e0dc9133-f800-416d-9e1f-ffeb8d02e4dd*♥RTR2☺0 --1f51e48e4a9bf243ed1e2ab55c090c4d2deb23a7ae255c5c1d8ad178acb9-- Questions: 1. What is this guid that the command prints multiple times? --1f51e48e4a9bf243ed1e2ab55c090c4d2deb23a7ae255c5c1d8ad178acb9-- 2. Some of the output is garbled and some are not. 3. As rohit said in the previous comment, I tried installing the noaa client library and executed the sample app to get the application logs : https://github.com/cloudfoundry/noaa go build -o bin/sample sample/main.go My DOPPLER_ADDR env is "https://doppler.xx.xxx.xxxxxxxx.xxx:443" So when i run the sample.exe, I get the o/p as ===== Error getting recent messages: parse "https://doppler.xx.xxx.xxxxxxxx.xxx:443": invalid URI for request Am not sure, how is this URI invalid? --- Ponraj |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Bharath
Hi partiban
toggle quoted message
Show quoted text
can u do a checksum of the tar file . it should come like this *sha1: b6f596eaff4c7af21cc18a52ef97e19debb00403* example: *sha1sum {file}* regards Bharath On Mon, Oct 19, 2015 at 1:12 PM, Eric Poelke <epoelke(a)gmail.com> wrote:
You actually do not need to download it. if you just run -- |
|
|
|
How to explicitly specify the password for the account admin?
Jim Lin <jimlintw922@...>
Hi all
Every time I re-deploy cloud foundry after updating cf-deployment-manifest.yml, the password of the account admin will be reset to the default value, i.e., "admin". Can I explicitly specify the password for the account admin in the manifest file? What is the property key? Thanks all. Sincerely, Jim |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Eric Poelke
You actually do not need to download it. if you just run --
`bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=202` The director will pull in the release directly from bosh.io. |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Parthiban Annadurai <senjiparthi@...>
Thanks for your Clarifications Amit. I have just followed this link
toggle quoted message
Show quoted text
http://bosh.io/releases/github.com/cloudfoundry/cf-release?version=202 to download the TAR File and am using it for deployments. Regards Parthiban A On 19 October 2015 at 08:49, Amit Gupta <agupta(a)pivotal.io> wrote:
Yes it's stable. |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Amit Kumar Gupta
Yes it's stable.
You should try what Eric Poelke suggested, bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=202, that way it won't even try to untar locally. If you still want to be able to upload a local tarball, can I ask how exactly did you get or create your tarball for v202? Best, Amit On Sun, Oct 18, 2015 at 8:09 PM, Parthiban Annadurai <senjiparthi(a)gmail.com> wrote: Yaa thanks for your suggestions. But, I already checked about the Storage |
|
|
|
Re: CF-RELEASE v202 UPLOAD ERROR
Parthiban Annadurai <senjiparthi@...>
Yaa thanks for your suggestions. But, I already checked about the Storage
toggle quoted message
Show quoted text
and all it not even touches 2 GB (Out of 15 GB). When i manually try to Untar the file also throws error. I think problem with the CF v202. Could anyone tell me is this version stable or not? Regards Parthiban A On 18 October 2015 at 21:24, Eric Poelke <epoelke(a)gmail.com> wrote:
You can avoid the local disk issues by using bosh.io like so -- |
|
|
|
Re: Diego and Maven support
Daniel Mikusa
Can you explain what you mean by "stopped working"? Are you getting an error? Can you include output?
toggle quoted message
Show quoted text
The push process hasn't changed, so that should continue to work. I'm not sure you can use the maven client to switch between DEAs and Diego, but you only need to do that once. So you could manually do that and then push with Maven. Dan On Oct 18, 2015, at 4:51 PM, Krzysztof Wilk <chris.m.wilk(a)gmail.com> wrote: |
|
|