Releases: cloudfoundry/capi-release
Releases · cloudfoundry/capi-release
CAPI 1.28.0
Highlights
- Support for docker images that require credentials to access
CC API Version: 2.82.0 and 3.17.0
Service Broker API Version: 2.11
CAPI Release
Cloud Controller
- API client sees that app health checks are resilient to contentious resources after bridge consumption details
- API client should see 422 when space does not exist or user does not have permissions when creating app details
- As an API client, I can specify docker credentials on a v2 app details
- As an app developer I can run tasks for docker apps stored in a registry that requires authentication details
- As an app developer I can stage and run docker apps stored in a registry that requires authentication details
- BBS client author should be able to obtain the isolation segment for a route when an app in a space with an isolation segment is mapped to the route details
- Bump nokogiri to at least 1.7.1 details
- CF users should need
cloud_controller.readscope rather thancloud_controller.writeto view isolation segment for org an space details - Operator can configure keep alive timeouts for nginx fronting CC details
- PM should see there is a foreign key constraint between app and space. details
Stager
- As an app developer I can run tasks for docker apps stored in a registry that requires authentication details
Nsync
- As an app developer I can run tasks for docker apps stored in a registry that requires authentication details
Pull Requests and Issues
CAPI 1.27.0
CC API Version: 2.81.0 and 3.16.0
Service Broker API Version: 2.11
Job Spec Changes
tps_watcher
- New optional properties to enable migrating distributed locks off of consul. Additional details available here.
capi.tps.watcher.locket.api_locationcapi.tps.watcher.skip_consul_lock
CAPI Release
- New version(s) of nginx: 1.11.13 details
Cloud Controller
- API client can copy a droplet to be consistent with Copy a Package details
- API client should NOT see that setting health check to process results in port health checks details
- As an API client, I can specify docker credentials on a v3 package details
- Deployments using nsync bulker should NOT be given task completion callbacks against /internal/v4/tasks/ details
- V3 Apps running on Cloud Foundry can only use port 8080 details
TPS
- PM should see that TPS Watcher does not have a dependency on Consul for locking details
Pull Requests and Issues
- cloudfoundry/cloud_controller_ng #527: Provide atomic way to delete an orphaned route details
- cloudfoundry/cloud_controller_ng #804: Task Containers incorrectly overwrite
DATABASE_URLdetails - cloudfoundry/cloud_controller_ng #809: Doc:
detected_buildpack_guidis undocumented for Get Space Summary details
CAPI 1.26.0
Highlights
- Resolved issue with /v2/events
next_urlcontaining an invalid next page
CC API Version: 2.80.0 and 3.15.0
Service Broker API Version: 2.11
Job Spec Changes
cc_uploader
-
Required properties to enable diego to use mutual_tls for uploading assets to cloud controller. This ca cert should match the ca cert configured for the rep in the diego deployment. See this doc for help generating certs.
capi.cc_uploader.mutual_tls.ca_certcapi.cc_uploader.mutual_tls.server_certcapi.cc_uploader.mutual_tls.server_key
-
Removed properties. These properties contained an IP address and port. The ip and port values have been moved into separate fields.
capi.cc_uploader.listen_addrcapi.cc_uploader.debug_listen_addr
-
New properties
internal_hostnamehttp_porthttps_portbind_addrdebug_bind_addr
CAPI Release
- Operator can enable mtls droplet upload from diego to cc-uploader details
Cloud Controller
- Operator can enable mtls droplet upload from diego to cc-uploader details
- API client can set App environment variables on a sub resource of a created app details
- Get /v2/service_plan/:guid results in a 500 UnknownError if user has a user provided service instance details
- CAPI release 1.25.0 erroneously reports the routing API as disabled when deleting shared domains details
- API client should NOT fail to stage due to missing buildpack blobs if CC thinks the buildpack exists. details
- API client should see
statefield instead ofdesired_statefield on apps details
CC Uploader
- Operator can enable mtls droplet upload from diego to cc-uploader details
Pull Requests and Issues
- cloudfoundry/cloud_controller_ng #803: Events API next_url value does not work details
CAPI 1.25.0
Known Issues
- When the Routing API is enabled --
properties.routing_api.enabled-- failures may occur when performing asynchronous operations such as deleting an app. These errors apply to apps that are associated to routes that are associated to domains that are associated to router groups. - Users that belong to any space containing a user provided service instance are unable to view any specific service plan:
/v2/service_plans/:guid. Users are still able to view the marketplace and provision service instances.
CC API Version: 2.79.0 and 3.14.0
Service Broker API Version: 2.11
CAPI Release
- New version(s) of nginx: 1.11.11 details
Cloud Controller
- API Client can filter spaces by organization guid details
- API Client should see a 422 error when updating isolation segment names is an invalid operation details
- API Client should see better error when assigning an invalid isolation segment to a space. details
- API client can copy packages at /v3/packages instead of /v3/apps/:guid/packages details
- API client can discover the build resource location to help construct urls details
- API client gets 422 when creating packages in a space they do not have permission to write to details
- API client should follow a consistent schema to specify the current_droplet-to-app relationship details
- API client should no longer see
total_desired_instancesfield for apps details - API client should see
checksumfield instead ofhashfield on droplets details - CC-Uploader: uploading buildpack cache happens over an endpoint using mtls details
- CC-Uploader: uploading droplets and polling happens over an endpoint using mtls details
- Canceling a task should NOT be impacted by the org or space quota details
- Droplet Download URL should use Mutual TLS details
- Querying apps when app is being deleted results in 500 internal server error details
- http droplet download url redirects to https url details
- operator should be able to use BBS client to verify that when an http route is mapped to an app, CC sends the router group guid with the routing payload details
Pull Requests and Issues
- cloudfoundry/capi-release #43: CAPI Failure when UAA Isn't Available on Internal Address Is Late and Obscure details
cc-uploader
- CC-Uploader: uploading droplets and polling happens over an endpoint using mtls details
CAPI 1.24.0
Highlights
- When not using the bridge, windows apps stage and run properly
- When not using the bridge, task and app syncing properly handles large numbers of tasks and apps
CC API Version: 2.78.0 and 3.13.0
Service Broker API Version: 2.11
Known Issues
- Users that belong to any space containing a user provided service instance are unable to view any specific service plan:
/v2/service_plans/:guid. Users are still able to view the marketplace and provision service instances.
CAPI Release
Cloud Controller
- API Client, should receive 422 when creating package with invalid app details
- API client can see a service plan if they have a service instance created from that plan details
- API client should NOT be able to run tasks that exceed org and space quotas details
- API client should NOT see an error on the /v2/apps/:guid/stats endpoint when there are no running instances details
- API client should follow a consistent schema to specify an app-space relationship when creating an app details
- API client should follow a consistent schema to specify an package-to-app relationship when creating a package details
- API client should see
checksumkey instead ofhashkey for bits package details - API client should see that expired droplets are eventually removed from the db details
- API client should see that expired packages are eventually removed from the db details
- API client, should receive 422 when creating app with invalid space details
- App developer should see apps stage successfully on Windows cells details
- App developer should see labels in task logs to be consistent with app logs details
- App developer, should NOT see tasks stuck in a PENDING state when BBS is unavailable details
- CC should include request ID in log messages from security_context middleware details
- Improve error message when binding app to route in another space details
- Operator should NOT receive an error when using special characters in database passwords details
- Operator should see that expired droplets and packages do NOT have hash values displayed when the blob has been deleted details
- TasksSync and ProcessSync incorrectly fetches data from the CCDB when total number of entries exceeds the internal batch size details
Pull Requests and Issues
- cloudfoundry/capi-release #43: CAPI Failure when UAA Isn't Available on Internal Address Is Late and Obscure details
- cloudfoundry/cloud_controller_ng #787: Checksum validation fails for faraday_middleware-0.11.0.gem details
- cloudfoundry/cloud_controller_ng #788: Filter problem on List all Service Plans for the Service details
CAPI 1.23.0
Highlights
- Resolved an issue causing webdav blobstores to grow unbounded due to failed ssl cert validation
CC API Version: 2.77.0 and 3.12.0
Service Broker API Version: 2.11
CAPI Release
- New version(s) of nginx: 1.11.10 details
Cloud Controller
- Investigate & resolve deadlock found on Xena details
- Space manager should not be able to assign/unassign isolation segment to a space details
- App developer should NOT see a vague message when stats are not available for stopped apps details
- cloud controller clock should NOT be configured with an incorrect cert path details
Pull Requests and Issues
CAPI 1.22.0
Highlights
- Audit events added for organization creation, update, and delete
CC API Version: 2.76.0 and 3.11.0
Service Broker API Version: 2.11
CAPI Release
Cloud Controller
- 422 errors are easier to read details
- API client can discover the isolation segment resource location to help construct urls details
- API client can discover the organization resource location to help construct urls details
- API client can discover the space resource location to help construct urls details
- API client can get the default isolation segment relationship for an org details
- API client can get the isolation segment relationship for a space details
- API client can unassign the default isolation segment for an organization in v2 details
- App Developer can scale app while staging on V2 details
- App developer should NOT see a vague message when stats are not available for stopped apps details
- As a CF Linux app operator, I expect the instance identity certificate to be associated with my CF app details
- CC Clock does not log errors during enqueuing details
- I can toggle the new local diego sync with a feature flag separate from
temporary\_local\_{apps,tasks}flags, so that users can start using bridge consumption details - I want CF + Diego to keep the desired and actual apps in sync, so that a mismatch is automatically corrected details
- Investigate deadlock during buildpack deletion details
- Modify GET /v3/isolation_segments/:guid/relationships/organizations response details
- Modify GET /v3/isolation_segments/:guid/relationships/spaces response details
- Space developers should not be able to assign an iso seg to a space details
- deleting an isolation segment with org associations returns a 422 error code details
- entitling an invalid organization returns a 422 error code details
- errors when removing entitlements are easy to understand and the logic around when i can remove an entitlement is simple details
- examples provided in tasks v3 require "Content-Type" details
- org entitlement should return a relationship response details
- remove link to space realtionship on iso seg b/c it doesn't return space resources details
Pull Requests and Issues
- cloudfoundry/cloud_controller_ng #784: specify certificate_properties on task and lrp definitions details
- cloudfoundry/cloud_controller_ng #768: API Docs (v2) should have anchor links details
- cloudfoundry/cloud_controller_ng #774: Add audit events for organizations details
- cloudfoundry/cloud_controller_ng #775: cloud controller reject valid service_broker_url details
- cloudfoundry/cloud_controller_ng #778: Add user role events at space, org creation time details
Job Spec Changes
- Cloud Controller Clock now requires SSL configuration with the following properties:
cc.mutual_tls.ca_cert: PEM-encoded CA certificate for secure, mutually authenticated TLS communicationcc.mutual_tls.public_cert: PEM-encoded certificate for secure, mutually authenticated TLS communicationcc.mutual_tls.private_key: PEM-encoded key for secure, mutually authenticated TLS communication
CAPI 1.21.0
Highlights
- The
task_creationfeature flag is now enabled by default on all new deployments - Enable zero downtime migration for apps into isolation segments
CC API Version: 2.75.0 and 3.10.0
Service Broker API Version: 2.11
CAPI Release
Cloud Controller
- /v2/apps/:guid/stats returns the compute isolation segment each instance is scheduled on details
- API client can assign a default isolation segment to an organization using v3 apis details
- API client can assign a isolation segment to a space using v3 apis details
- PUT /v3/isolation_segments/:guid should use PATCH verb details
- an isolation segment can be assigned to a space with running apps details
- an org can have a default_isolation_segment assigned with spaces containing running apps details
- task_creation is enabled by default details
Pull Requests and Issues
CAPI 1.20.0
Highlights
- This release removes the HA clock job locking, which was causing performance issues on CCDB.
- Introduce a scope to allow global auditing --
cloud_controller.global_auditor. This gives a readonly view of all resources, but exempts information that auditors do not need to see such as environment variables and credentials.
CC API Version: 2.74.0 and 3.9.0
Service Broker API Version: 2.11
CAPI Release
- As an operator, I would like the blobstore to only accept TLSv1.2 and a subset of TLS ciphers details
Cloud Controller
- /v3/processes/:guid/stats should not result in an UnknownError when BBS is gone details
- API client can GET /v3/isolation_segments/:guid/organizations details
- API client can GET /v3/spaces details
- API client can filter /v3/organizations by name details
- API client can filter /v3/spaces by name details
- As an operator, I would like to grant an API client a scope that allows it to audit droplets across the Cloud Foundry deployment details
- Follow nginx recommendations for reducing CPU load details
- Pushing an app when the prior push did not hit droplet_completed should not result in an UnknownError details
- Task delete does not use bbs client details
- Update NOTICE files details
- an isolation segment can be assigned to a space with running apps details
- an org can have a default_isolation_segment assigned with spaces containing running apps details
Pull Requests and Issues
- cloudfoundry/cloud_controller_ng #560: SSO clients should have uaa.resource authority details
- cloudfoundry/cloud_controller_ng #681: configurable actor name used in events details
- cloudfoundry/cloud_controller_ng #766: cloud_controller_clock doesn't appear to recover well from connection error when in HA mode details
CAPI 1.19.0
CC API Version: 2.73.0 and 3.8.0
Service Broker API Version: 2.11
CAPI Release
Cloud Controller
- API Client can discover HREF for V3 Packages details
- API client can GET /v3/organizations details
- API client can POST packages /v3/packages details
- As an operator, I would like to grant an API client a scope that allows it to audit droplets across the Cloud Foundry deployment details
TPS
- TPS: As an Operator, I would like communication between the TPS-Watcher and CC to always use TLS details
Pull Requests and Issues
- cloudfoundry/cloud_controller_ng #681: configurable actor name used in events details