Date   

Support for custom/multiple ports is no longer experimental

Shannon Coen
 

For several years CF has supported app developers using the CF API to map routes to specific ports on their application. This eliminates the limitations that apps must listen on 8080, and that they can only listen on one port. However, we weren't happy with the API design and it has been in a perpetual experimental state since we haven't been able to prioritize a redesign.

We've decided to declare stable support for the existing implementation in the v2 API, and do a redesign in v3. We've removed the experimental disclaimers for the 'ports' field on /v2/apps and the /v2/route_mapping resources. These changes will appear in the docs when the next capi-release is cut.

We'll get some documentation in place, but the workflow is:
1. Specify the ports your app will listen on with the 'ports' field of /v2/apps
2. Restart your app to recreate containers with the port opened
3. Use the 'app_port' field of /v2/route_mappings to associate a route with one of the ports the app listens on; it must be one of those configured in step 1.

My apologies this decision took as long as it did. 

Best,

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.


REQUEST for REVIEW - Proposed Scope for CF-Deployment 7.0

Josh Collins
 

Good Day Fellow Foundryans,

I'd like to share and gather feedback on proposed scope of the next major release of cf-deployment.

This Google doc describes the high-level changes.


Anyone with the link above can review and comment.
Please take some time to peruse it and comment directly within the doc when you have a moment.

Scope will be locked Wednesday January 2nd.
Target date for the v7.0.0 release is Monday January 14th.

For those interested in reviewing/following stories here's the v7.0 epic.
 
Lastly, if you've got upcoming breaking changes for cf-deployment that Release Integration should be aware of, please bring them to my and the team's attention:

Best regards,
 
Josh Collins
PM - CF R&D Release Integration


Re: UAA "remember last X passwords" feature

Sree Tummidi
 

Hi Dario,

I completely understand the sentiment. I did not mean to talk about deprecation in this fashion. Our intention is to do a survey with the CF community and understand the usage of UAA features first. We are planning to hold some office hours over zoom in the coming weeks as well. 

I would love to see UAA being an alternative to Enterprise Identity Providers but we have decided to not go down that path because that involves adding and maintaining features which are going beyond the CF UAA team's capacity and scope. We have decided to align UAA to the needs of OSS CF and continue to grow the capabilities in the federation and application identity space. These areas are extremely relevant for our community of developers and operators in CF. The reality we are facing is that we have limited resources and we want to work on things which yield the best results for the CF community holistically .

In conclusion, we are not looking to prioritize this feature work (more enhancements around Internal User Store) as its not aligned to the direction we want to take the product in.

Thanks,
Sree Tummidi
Sr. Manager, Product Management
Pivotal Cloud Foundry

On Tue, Dec 11, 2018 at 8:28 AM Chip Childers <cchilders@...> wrote:
On Fri, Dec 7, 2018 at 12:50 PM Dario Amiri via Lists.Cloudfoundry.Org <damiri=zuora.com@...> wrote:
Hi Sree,

This is disappointing news. There are members of the community that have come to rely on UAA as an alternative to deploying burdensome enterprise solutions. Would it be possible for you to please share more details on the justification for this course of action? Is there a higher power we can appeal this decision to?

I agree that it would be worthwhile for the community to hear more of the thought process from Sree or others in the project team. Would the project be open to PR's from interested parties (like Dario) to add smaller features that support the use case Dario is sharing? Any other folks out there want to chime in on the use case? Do you think it's valid? Do you think it's more logical to limit the scope of UAA to bridging to other ID providers?
 
If we have to fork, would the CF foundation allow us to fork under another foundation (e.g. Apache) that can help continue UAA development in a way that serves the whole community of UAA users?

The code is licensed to the world via the ASLv2, which allows forking and modifying the code as long as the license's requirements are met. Remember that keeping up with the upstream would likely be important (example would be where a vulnerability is resolved and publicly disclosed). Also remember that a license to the code is not a license to any CFF trademarks or word marks. I'm not judging the idea either way, just noting some considerations.


Re: Eirini in 2019 CFAR certification requirements

Chip Childers
 

Seems that discussion has died down on this.... At this point, it appears that consensus is around not adding Erini yet and reassessing when the project is further along.

We can certainly make changes later in the year. The PMC Council has final say around any changes to the technical requirements, but any CFF member can propose the change. I'll look for interested parties to re-propose Erini inclusion when folks feel it's appropriate.


On Wed, Dec 5, 2018 at 8:27 AM Simon D Moser <smoser@...> wrote:
+1. Our main intent certainly was to avoid certification FUD in case we accomplish a "mature" Eirini in the first half or 2019. To me ammeding the requirements with a mid-term update does address this, so I'm fine with that.

Mit freundlichen Grüßen / Kind regards

Simon Moser

Senior Technical Staff Member / IBM Master Inventor
Bluemix Application Platform Lead Architect
Dept. C727, IBM Research & Development Boeblingen

-------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland
Schoenaicher Str. 220
71032 Boeblingen
Phone: +49-7031-16-4304
Fax: +49-7031-16-4890
E-Mail: smoser@...
-------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland Research & Development GmbH / Vorsitzender des
Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht
Stuttgart, HRB 243294

*******

ITIL has led people to think in siloes ("go fix change management").
Project Management has led people to think in finite units of work instead of streams of product.
Both are fundamental dysfunctions of the framework model, not failures of execution.
       ⁃        Rob England




From:        "Troy Topnik" <troy.topnik@...>
To:        cf-dev@...
Date:        04/12/2018 21:12
Subject:        Re: [cf-dev] Eirini in 2019 CFAR certification requirements
Sent by:        cf-dev@...




That sounds reasonable. I was going to add some "pending feature parity and passing CATs" language in the proposed change, but ammeding the requirements with a mid-term update would probably satisfy our needs without introducing conditional clauses.

Thanks for the feedback.

TT




Re: UAA "remember last X passwords" feature

Chip Childers
 

On Fri, Dec 7, 2018 at 12:50 PM Dario Amiri via Lists.Cloudfoundry.Org <damiri=zuora.com@...> wrote:
Hi Sree,

This is disappointing news. There are members of the community that have come to rely on UAA as an alternative to deploying burdensome enterprise solutions. Would it be possible for you to please share more details on the justification for this course of action? Is there a higher power we can appeal this decision to?

I agree that it would be worthwhile for the community to hear more of the thought process from Sree or others in the project team. Would the project be open to PR's from interested parties (like Dario) to add smaller features that support the use case Dario is sharing? Any other folks out there want to chime in on the use case? Do you think it's valid? Do you think it's more logical to limit the scope of UAA to bridging to other ID providers?
 
If we have to fork, would the CF foundation allow us to fork under another foundation (e.g. Apache) that can help continue UAA development in a way that serves the whole community of UAA users?

The code is licensed to the world via the ASLv2, which allows forking and modifying the code as long as the license's requirements are met. Remember that keeping up with the upstream would likely be important (example would be where a vulnerability is resolved and publicly disclosed). Also remember that a license to the code is not a license to any CFF trademarks or word marks. I'm not judging the idea either way, just noting some considerations.


Re: CF Application Runtime PMC: CF Networking Project Lead Call for Nominations

Eric Malm <emalm@...>
 

Hi, everyone,

Pivotal is nominating Jonathan Sirlin for the CF Networking Project Lead in the Application Runtime PMC.

Jonathan has been working as a product manager on the CF Networking team for the past two months. Previously, Jonathan worked as a product manager with Pivotal Labs for two years. With teams in both NYC and Santa Monica, Jonathan worked on a wide variety of problem spaces and clients, such as internal and customer-facing apps for large banks, food preparation and large-scale kitchen staff maintenance, and inventory management for aerospace and defense systems. Prior to that, he worked on a number of consumer-facing apps for a trend-setting cycling company, and managed delivery systems for the world's largest independent movie and music distributor. Jonathan has led many teams of varying experience levels, driving successful outcomes for teams that have worked together for ten days, ten weeks, and ten years. 

Prior to working in technology, Jonathan was involved in the music and non-profit community in New York City, working as a composer and operations manager. He holds a Bachelor of Arts in Music from Wesleyan University.

Please send any other nominations directly to me or in reply to this message no later than 11:59 PM PST on Friday, December 21, 2018.

Thanks,
Eric Malm


On Mon, Dec 10, 2018 at 4:16 PM Eric Malm <emalm@...> wrote:
Hi, everyone,

Preethi Varambally, the Project Lead for the CF Networking team within the Application Runtime PMC, is stepping down from the project to join the CF Infrastructure team. We thank her for her service as the CF Networking Project Lead.

The CF Networking team, split between San Francisco and Santa Monica, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PST on Friday, December 21, 2018.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


CF Application Runtime PMC: CF Networking Project Lead Call for Nominations

Eric Malm <emalm@...>
 

Hi, everyone,

Preethi Varambally, the Project Lead for the CF Networking team within the Application Runtime PMC, is stepping down from the project to join the CF Infrastructure team. We thank her for her service as the CF Networking Project Lead.

The CF Networking team, split between San Francisco and Santa Monica, now has an opening for its project lead. Project leads must be nominated by a Cloud Foundry Foundation member. Please send nominations directly to me or in reply to this message no later than 11:59 PM PST on Friday, December 21, 2018.

Also, if you have any questions about the role or the nomination process, as described in the CFF governance documents (https://www.cloudfoundry.org/governance/cff_development_operations_policy/), please let me know.

Thanks,
Eric Malm, CF Application Runtime PMC Lead


Re: encrypt pwd in CUPS

Ronak Banka
 

Hi Deepak,

You can use something like service broker for credhub for CUPS 

Thanks
Ronak

On Sat, 8 Dec 2018 at 10:31 AM, via Lists.Cloudfoundry.Org <Deepak.Lokhande=Schwab.com@...> wrote:

Hi

Do we have any solution for issue https://github.com/cloudfoundry/docs-services/issues/156

 

Thanks

Deepak Lokhande

+91 955 269 7122

 


encrypt pwd in CUPS

Lokhande, Deepak <Deepak.Lokhande@...>
 

Hi

Do we have any solution for issue https://github.com/cloudfoundry/docs-services/issues/156

 

Thanks

Deepak Lokhande

+91 955 269 7122

 


Re: UAA "remember last X passwords" feature

Dario Amiri <damiri@...>
 

Hi Sree,

This is disappointing news. There are members of the community that have come to rely on UAA as an alternative to deploying burdensome enterprise solutions. Would it be possible for you to please share more details on the justification for this course of action? Is there a higher power we can appeal this decision to?

If we have to fork, would the CF foundation allow us to fork under another foundation (e.g. Apache) that can help continue UAA development in a way that serves the whole community of UAA users?

Regards,

Dario


Re: UAA "remember last X passwords" feature

Sree Tummidi
 

Hi Ryan,
Best would be to fork and add the needed features for password policy. UAA will continue to support all the federation use cases and act as an OAuth2 server

Thanks,
Sree


On Dec 7, 2018, at 8:59 AM, ryancutter@... wrote:

Thanks for the explanation, Sree.  Do you have additional information about these plans?  My organization likes using open source software for user/password, OAuth client, SSO, etc data so we'd like to see if we can make UAA continue to work for us.  We're wondering if we should consider alternatives (if so, can you recommend?).  If we want to continue to utilize UAA for these features, do we need to consider forking and building out from there?

Thanks for all your help, Ryan


Re: UAA "remember last X passwords" feature

ryancutter@...
 

Thanks for the explanation, Sree.  Do you have additional information about these plans?  My organization likes using open source software for user/password, OAuth client, SSO, etc data so we'd like to see if we can make UAA continue to work for us.  We're wondering if we should consider alternatives (if so, can you recommend?).  If we want to continue to utilize UAA for these features, do we need to consider forking and building out from there?

Thanks for all your help, Ryan


Re: UAA "remember last X passwords" feature

Sree Tummidi
 

We are planning to deprecate the use of internal use store and any other features around password policy.  Internal User Store will be for dev only use.  

 Because of this, we are not working on enhancing these features. The recommendation is to use an enterprise identity provider which is much more full featured for Auth mechanisms and password policies

Thanks,
Sree


On Dec 6, 2018, at 5:37 PM, ryancutter@... wrote:

Hi, thanks I understand that.  But we'd like to prevent the last 3 (or 8 or 0) passwords being used.  Is this a feature others would be interested in?


Re: UAA "remember last X passwords" feature

ryancutter@...
 

Hi, thanks I understand that.  But we'd like to prevent the last 3 (or 8 or 0) passwords being used.  Is this a feature others would be interested in?


Re: UAA "remember last X passwords" feature

Sree Tummidi
 

Hi Ryan, 
This is intended behavior to prevent reuse of password essentially a password history check 

Thanks,
Sree


On Dec 6, 2018, at 5:04 PM, ryancutter@... wrote:

Currently during a change password operation, UAA has a hard coded check preventing the use of the most recent password.  Has there been any work on customizing this behavior to preventing the last X passwords from being used?  If not, is there interest in me building this feature and offering it as a pull request because we have a use case for this functionality?  I suppose this would be a password validation policy that people could apply.

But if it's already available and I'm just missing it, I'm all ears! :-)

Thanks, Ryan


UAA "remember last X passwords" feature

ryancutter@...
 

Currently during a change password operation, UAA has a hard coded check preventing the use of the most recent password.  Has there been any work on customizing this behavior to preventing the last X passwords from being used?  If not, is there interest in me building this feature and offering it as a pull request because we have a use case for this functionality?  I suppose this would be a password validation policy that people could apply.

But if it's already available and I'm just missing it, I'm all ears! :-)

Thanks, Ryan


CF Summit NA 2019 contributor reg code

Swarna Podila
 

Hey all,
 
It is that time of the year -- register for Summit North America 2019! For those that don't know, we are headed to Philadelphia in April (2-4), 2019!
 
Contributors (those that have contributed docs, code, bug reports) are welcome to use the following code to register: CFNA19CONT
 
More info on the event page here: https://www.cloudfoundry.org/event/nasummit2019/ 
 
See you all there!

--swarna.

-- 
Swarna Podila
Sr. Director, Community, Cloud Foundry Foundation


Re: Eirini in 2019 CFAR certification requirements

Simon D Moser
 

+1. Our main intent certainly was to avoid certification FUD in case we accomplish a "mature" Eirini in the first half or 2019. To me ammeding the requirements with a mid-term update does address this, so I'm fine with that.

Mit freundlichen Grüßen / Kind regards

Simon Moser

Senior Technical Staff Member / IBM Master Inventor
Bluemix Application Platform Lead Architect
Dept. C727, IBM Research & Development Boeblingen

-------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland
Schoenaicher Str. 220
71032 Boeblingen
Phone: +49-7031-16-4304
Fax: +49-7031-16-4890
E-Mail: smoser@...
-------------------------------------------------------------------------------------------------------------------------------------------
IBM Deutschland Research & Development GmbH / Vorsitzender des
Aufsichtsrats: Martina Koederitz
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen / Registergericht: Amtsgericht
Stuttgart, HRB 243294

*******

ITIL has led people to think in siloes ("go fix change management").
Project Management has led people to think in finite units of work instead of streams of product.
Both are fundamental dysfunctions of the framework model, not failures of execution.
       ⁃        Rob England




From:        "Troy Topnik" <troy.topnik@...>
To:        cf-dev@...
Date:        04/12/2018 21:12
Subject:        Re: [cf-dev] Eirini in 2019 CFAR certification requirements
Sent by:        cf-dev@...




That sounds reasonable. I was going to add some "pending feature parity and passing CATs" language in the proposed change, but ammeding the requirements with a mid-term update would probably satisfy our needs without introducing conditional clauses.

Thanks for the feedback.

TT




Re: #cf seccomp #cf

hjinkim@...
 

I think that there is AllowSyscall list inside seccomp.go of guardian as a default. I just wanted to provide this AllowSyscall list as an option each time when I push an app. That's too bad to hear that you have currently no plan to change the configurable option on it.

Thank you for your kind answer.


Re: Eirini in 2019 CFAR certification requirements

Troy Topnik
 

That sounds reasonable. I was going to add some "pending feature parity and passing CATs" language in the proposed change, but ammeding the requirements with a mid-term update would probably satisfy our needs without introducing conditional clauses.

Thanks for the feedback.

TT