Connect SAP Platform Integration with Alert Notification Service (Cloud Foundry)

Recently I was following the following blog post while trying to set-up Alert Notification Service in our Cloud Foundry environment: https://blogs.sap.com/2019/10/14/receive-notifications-for-failed-sap-cloud-platform-integration-flows-via-any-channel-with-alert-notification/

However, due to the fact that the post was written for the Neo environment, I was missing some details regarding the set-up and configuration of the user credentials for the connection between the Cloud Integration IFlow and the ANS Service as well as from IFlow to the Cloud Integration API. Therefore I wrote this post in order to add and further explain the missing details.

Process to set-up the credentials

1. First create an instance of the ANS in your Cockpit under “Instances and Subscriptions”. Click Create and choose “Alert Notification” form the dropdown.
2. Create a service key for this instance by clicking on the instance name and then on the “Create” button next to “Service Keys”.
   • Give it an arbitrary name (e.g. “Basic”)
   • Enter the following in the JSON text area:

     {"type":"BASIC"}

     

   • Click Create and then onto the name of the key. You will see the credentials, copy them.
     
3. Now get the API service key credentials from your Process Integration Instance.
   • You can use the default instance’s key (default_it-rt_api) if available, or create a new service key of type API (not integration-flow!) and assign the Monitoring Read role. Save the details from the JSON, you will need them later.
4. Go to the Cloud Integration → Discovery → Search for Alert Notification and copy the package “Send notifications for failed Message Processing Logs” to your design space (Copy button at the top right).
5. Create a new Security Artifact of type Oauth2 Client Credentials on Cloud Integration (CI). Enter your service key details from step 3. It’s the connection to the API of CI.
6. Create another Security Artifact for the connection to the ANS. This is Basic authentication, so the type is User Credentials.
   • Enter the details of the Service Key of the ANS instance. See step 2.
7. Go to the Iflow and configure the externalized parameters as follows:
   • CI Tenant Base URL: Take it from your browser’s URL when you access CI. Update 1 April 2023: According to the comment below from Flavio Philippi you need to use the URL as shown in the Service Key dialog.
   • Authentication: In our case it must be Oauth 2. Basic won’t work for API access with a service key. It only works with an S-User (or any other user that is in a identity provider), but that is not suggested for a technical connection.
   • Credential name: The security artifact name of step 4.
8. Clock on the tab “More”
   • Enter the name of the security artifact for the connection to the ANS in the text box “Service Technical Client Name”:

1. • The resource event base URL you can copy from the service key on the ANS instance:You then have to add the following path to the URL (that you’ve copied from the service key above):

/cf/producer/v1/resource-events

1. • Enter the name of the Security Artifact (from step 6) in the field “Service Technical Client Name”.
   • Save the configuration and deploy the iflow.

Configuration of the ANS

1. Access the ANS management console by clicking on the name of the ANS instance or using the button at the top right of the instances page (in your Subaccount  > Menu “Instances and subscriptions”):
2. Click “Export or Import” and paste the following sample code into the import window. Replace the email address placeholder with your own address. It creates a basic scenario that alerts your about all failed Iflows. You can configure it further. For this, see other documentations. This example is copied from the blog mentioned at the top.

{
  "conditions": [
    {
      "name": "CPIIntegrationFlowIsFailed",
      "propertyKey": "eventType",
      "predicate": "EQUALS",
      "propertyValue": "CPIIntegrationFlowExecutionFailure",
      "labels": [],
      "description": ""
    }
  ],
  "actions": [
    {
      "name": "SendMeAnEmail",
      "state": "ENABLED",
      "labels": [],
      "description": "",
      "destination": "<Enter your email here>",
      "type": "EMAIL"
    }
  ],
  "subscriptions": [
    {
      "name": "FailedIFlow",
      "conditions": [
        "CPIIntegrationFlowIsFailed"
      ],
      "actions": [
        "SendMeAnEmail"
      ],
      "labels": [
        "CPI"
      ],
      "state": "ENABLED",
      "description": ""
    }
  ]
}

Last but not least

Use the steps explained under “Configure SAP Cloud Platform Integration” in the blog post mentioned at the top in order to set-up the IFlow on Cloud Integration, which hasn’t changed.

I hope with this post setting up the Alert Notification Service becomes a piece of cake 🙂

Let me know if anything is unclear.