Technical Articles
Allow connections to SAP HANA Cloud instance from selected IP addresses (part 2): under the hood of the command line
In my previous post Allow connections to SAP HANA Cloud instance from selected IP addresses — using the command line I showed how to change allowed addresses using cf command.
Some questions came to my mind when I first used it myself, like where does the payload format {"data":{"whitelistIPs":[<IP addresses>]}} come from in the command?
cf update-service vital-hc-hana \
-c '{"data":{"whitelistIPs":["128.127.12.xxx", "193.16.224.xxx/24"]}}'Let’s unveil the mysteries.
Remark: if you are using Windows OS you might need to adjust some commands from the Linux-style command line I am using here.
Step 1. Tracing a cf command
Just like any other CloudFoundry’s client, cf CLI communicates with CF resources via APIs. You can see what happens behind the curtain when running cf with the environment variable CF_TRACE set to either true (to send diagnostics to stdout) or to path/to/trace.log (to send diagnostics to a log file).
Let me execute the same service update command with the diagnostics outputted to a log file /tmp/hc_update.log.
CF_TRACE=/tmp/hc_update.log \
cf update-service vital-hc-hana \
-c '{"data":{"whitelistIPs":["128.127.12.xxx"]}}'
Step 2. Let’s have a quick look at the log file.
Here is the head of the log file.
It contains all request/response details from all API calls done to complete the cf update-service command.
Ok, let’s see what HTTP calls were there.
grep -A 1 REQUEST /tmp/hc_update.log | grep /
There is a PUT request for a resource /v2/service_instances/8e1a286a-21d7-404d-8d7a-8c77d2a77050 and we can make an educated guess it is the one that calls API to update the service definition.
Step 3. What is that GUID?
It is the one we can get by adding --guid option to e.g. cf service command.
cf service vital-hc-hana --guid
That’s the same GUID you can see used as an SAP HANA Cloud instance’s id and in the server’s URL. What a coincidence 😉
Step 4. Let’s get service details
There is an “advanced” command cf curl that allows you to call CF APIs from the command line. So, let’s try it with the /v2/service_instances/:guid API, which we’ve seen above.
cf curl /v2/service_instances/$(cf service vital-hc-hana --guid)/parameters
cf curl /v2/service_instances/$(cf service vital-hc-hana --guid)/parameters \
| jq '.data.whitelistIPs'
I hope…
…this article helped to unveil some mysteries behind the use of the command!
In the context of this article…
…I feel like it is worth mentioning that SAP is committed to actions toward social justice and equality. SAP is replacing these terms with language that helps to create a more inclusive workplace and ecosystem. It takes more time and change management through to replace terms used in the code, like API payload schemas.
Best regards,
-Vitaliy, aka @Sygyzmundovych
Is there an API to find the IP address? Similar to what you have shown here
https://apidocs.cloudfoundry.org/15.3.0/service_instances/update_a_service_instance.html
I am trying to map the GUID of a system to an IP address.
Hi Shahzad Ali
I do not think the instance's IP address is static and public. You can see SAP HANA db instance's IP address in the system SQL view `PUBLIC.M_HOST_INFORMATION`, but it is internal, not public IP.
Please check https://help.sap.com/docs/BTP/65de2977205c403bbc107264b8eccf4b/f344a57233d34199b2123b9620d0bb41.html?version=Cloud if that gives you the information you are looking for with regards to Ingress IP address pool.
Regards.
Thanks for the reply and pointers.