Skip to Content
Technical Articles
Author's profile photo Witalij Rudnicki

Allow connections to SAP HANA Cloud instance from selected IP addresses (part 2): under the hood of the command line

In my previous post Allow connections to SAP HANA Cloud instance from selected IP addresses — using the command line I showed how to change allowed addresses using cf command.

Some questions came to my mind when I first used it myself, like where does the payload format {"data":{"whitelistIPs":[<IP addresses>]}} come from in the command?

cf update-service vital-hc-hana \
 -c '{"data":{"whitelistIPs":["128.127.12.xxx", "193.16.224.xxx/24"]}}'

Let’s unveil the mysteries.

Remark: if you are using Windows OS you might need to adjust some commands from the Linux-style command line I am using here.

Step 1. Tracing a cf command

Just like any other CloudFoundry’s client, cf CLI communicates with CF resources via APIs. You can see what happens behind the curtain when running cf with the environment variable CF_TRACE set to either true (to send diagnostics to stdout) or to path/to/trace.log (to send diagnostics to a log file).

Let me execute the same service update command with the diagnostics outputted to a log file /tmp/hc_update.log.

CF_TRACE=/tmp/hc_update.log \
cf update-service vital-hc-hana \
-c '{"data":{"whitelistIPs":["128.127.12.xxx"]}}'

Step 2. Let’s have a quick look at the log file.

Here is the head of the log file.

It contains all request/response details from all API calls done to complete the cf update-service command.

Ok, let’s see what HTTP calls were there.

grep -A 1 REQUEST /tmp/hc_update.log | grep /

There is a PUT request for a resource /v2/service_instances/8e1a286a-21d7-404d-8d7a-8c77d2a77050 and we can make an educated guess it is the one that calls API to update the service definition.

Step 3. What is that GUID?

It is the one we can get by adding --guid option to e.g. cf service command.

cf service vital-hc-hana --guid

That’s the same GUID you can see used as an SAP HANA Cloud instance’s id and in the server’s URL. What a coincidence 😉

Step 4. Let’s get service details

There is an “advanced” command cf curl that allows you to call CF APIs from the command line. So, let’s try it with the /v2/service_instances/:guid API, which we’ve seen above.

cf curl /v2/service_instances/$(cf service vital-hc-hana --guid)/parameters

…or having a utility like jq installed we can return only the portion of service definition used to set allowed IP addresses.

cf curl /v2/service_instances/$(cf service vital-hc-hana --guid)/parameters \
 | jq '.data.whitelistIPs'

I hope…

…this article helped to unveil some mysteries behind the use of the command!


In the context of this article…

…I feel like it is worth mentioning that SAP is committed to actions toward social justice and equality. SAP is replacing these terms with language that helps to create a more inclusive workplace and ecosystem. It takes more time and change management through to replace terms used in the code, like API payload schemas.


Best regards,
-Vitaliy, aka @Sygyzmundovych

Assigned tags

      Be the first to leave a comment
      You must be Logged on to comment or reply to a post.