Skip to Content
Technical Articles
Author's profile photo Witalij Rudnicki

Allow connections to SAP HANA Cloud instance from selected IP addresses (part 2): under the hood of the command line

In my previous post Allow connections to SAP HANA Cloud instance from selected IP addresses — using the command line I showed how to change allowed addresses using cf command.

Some questions came to my mind when I first used it myself, like where does the payload format {"data":{"whitelistIPs":[<IP addresses>]}} come from in the command?

cf update-service vital-hc-hana \
 -c '{"data":{"whitelistIPs":["", ""]}}'

Let’s unveil the mysteries.

Remark: if you are using Windows OS you might need to adjust some commands from the Linux-style command line I am using here.

Step 1. Tracing a cf command

Just like any other CloudFoundry’s client, cf CLI communicates with CF resources via APIs. You can see what happens behind the curtain when running cf with the environment variable CF_TRACE set to either true (to send diagnostics to stdout) or to path/to/trace.log (to send diagnostics to a log file).

Let me execute the same service update command with the diagnostics outputted to a log file /tmp/hc_update.log.

CF_TRACE=/tmp/hc_update.log \
cf update-service vital-hc-hana \
-c '{"data":{"whitelistIPs":[""]}}'

Step 2. Let’s have a quick look at the log file.

Here is the head of the log file.

It contains all request/response details from all API calls done to complete the cf update-service command.

Ok, let’s see what HTTP calls were there.

grep -A 1 REQUEST /tmp/hc_update.log | grep /

There is a PUT request for a resource /v2/service_instances/8e1a286a-21d7-404d-8d7a-8c77d2a77050 and we can make an educated guess it is the one that calls API to update the service definition.

Step 3. What is that GUID?

It is the one we can get by adding --guid option to e.g. cf service command.

cf service vital-hc-hana --guid

That’s the same GUID you can see used as an SAP HANA Cloud instance’s id and in the server’s URL. What a coincidence 😉

Step 4. Let’s get service details

There is an “advanced” command cf curl that allows you to call CF APIs from the command line. So, let’s try it with the /v2/service_instances/:guid API, which we’ve seen above.

cf curl /v2/service_instances/$(cf service vital-hc-hana --guid)/parameters

…or having a utility like jq installed we can return only the portion of service definition used to set allowed IP addresses.

cf curl /v2/service_instances/$(cf service vital-hc-hana --guid)/parameters \
 | jq '.data.whitelistIPs'

I hope…

…this article helped to unveil some mysteries behind the use of the command!

In the context of this article…

…I feel like it is worth mentioning that SAP is committed to actions toward social justice and equality. SAP is replacing these terms with language that helps to create a more inclusive workplace and ecosystem. It takes more time and change management through to replace terms used in the code, like API payload schemas.

Best regards,
-Vitaliy, aka @Sygyzmundovych

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Shahzad Ali
      Shahzad Ali

      Is there an API to find the IP address? Similar to what you have shown here

      I am trying to map the GUID of a system to an IP address.


      Author's profile photo Witalij Rudnicki
      Witalij Rudnicki
      Blog Post Author

      Hi Shahzad Ali

      I do not think the instance's IP address is static and public. You can see SAP HANA db instance's IP address in the system SQL view `PUBLIC.M_HOST_INFORMATION`, but it is internal, not public IP.

      Please check if that gives you the information you are looking for with regards to Ingress IP address pool.


      Author's profile photo Shahzad Ali
      Shahzad Ali

      Thanks for the reply and pointers.