From 96821f1b5d8f3aba49cfd5ad320f78d89aeed4ec Mon Sep 17 00:00:00 2001 From: nicklas dohrn Date: Tue, 21 Oct 2025 10:08:48 +0200 Subject: [PATCH 1/8] Add mtls section to ingest from cf --- ...gest-from-cloud-foundry-runtime-f5a7c99.md | 34 ++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index 400b5be..73760de 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -93,12 +93,44 @@ For more information about different contexts, tools, options, and best practice cf service-key ``` -5. Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice: +5. (a) Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice: ``` cf cups -l https-batch://:@/cfsyslog?drain-type=all ``` + (b) **Use mTLS if required:** + + Use this if you need mTLS. You still embed the basic auth username/password into the drain URL, while the certificate material is supplied separately as parameters. + + 5.1 Prerequisites + - You have obtained the binding JSON (cf service-key ). + + 5.2 Extract the following fields from the binding JSON: + - ingest-username + - ingest-password + - ingest-mtls-endpoint + - ingest-mtls-cert + - ingest-mtls-key + - server-ca + + 5.3 Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline) + ```json + creds_payload.json: + { + "ca": "", + "cert": "", + "key": "" + } + ``` + + 5.4 Create the mTLS-enabled user provided service: + ```bash + cf cups \ + -l "https-batch://:@/cfsyslog?drain-data=all" \ + -p creds_payload.json + ``` + 6. Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service. **Bind the Application to User Provided Service Using SAP BTP Cockpit** From ae1edb8e0abc2d5ac7cdb47e3bbb505eb6617fd1 Mon Sep 17 00:00:00 2001 From: nicklas dohrn Date: Thu, 6 Nov 2025 15:20:58 +0100 Subject: [PATCH 2/8] Rework mTLS instructions --- ...gest-from-cloud-foundry-runtime-f5a7c99.md | 73 ++++++++++--------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index 73760de..869599b 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -93,44 +93,49 @@ For more information about different contexts, tools, options, and best practice cf service-key ``` -5. (a) Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice: +5. Create the User Provided Service (using either simple basic auth or mTLS): - ``` - cf cups -l https-batch://:@/cfsyslog?drain-type=all - ``` + a) Simple basic auth configuration: - (b) **Use mTLS if required:** - - Use this if you need mTLS. You still embed the basic auth username/password into the drain URL, while the certificate material is supplied separately as parameters. - - 5.1 Prerequisites - - You have obtained the binding JSON (cf service-key ). - - 5.2 Extract the following fields from the binding JSON: - - ingest-username - - ingest-password - - ingest-mtls-endpoint - - ingest-mtls-cert - - ingest-mtls-key - - server-ca - - 5.3 Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline) - ```json - creds_payload.json: - { - "ca": "", - "cert": "", - "key": "" - } - ``` + Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice: - 5.4 Create the mTLS-enabled user provided service: ```bash - cf cups \ - -l "https-batch://:@/cfsyslog?drain-data=all" \ - -p creds_payload.json + cf cups -l https-batch://:@/cfsyslog?drain-type=all ``` + b) mtls-enabled configuration: + + 1. Extract the following fields from the binding JSON: + - ingest-username + - ingest-password + - ingest-mtls-endpoint + - ingest-mtls-cert + - ingest-mtls-key + - server-ca + + 2. Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline) + ```json + creds_payload.json: + { + "ca": "", + "cert": "", + "key": "" + } + ``` + You can also create the payload file using the following command: + ```bash + cf service-key \ + | jq '.credentials | {ca: ."server-ca", cert: ."ingest-mtls-cert", key: ."ingest-mtls-key"}' \ + > creds_payload.json + ``` + + 3. Create the mTLS-enabled user provided service: + ```bash + cf cups \ + -l "https-batch://:@/cfsyslog?drain-type=all" \ + -p creds_payload.json + ``` + 6. Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service. **Bind the Application to User Provided Service Using SAP BTP Cockpit** @@ -138,15 +143,11 @@ For more information about different contexts, tools, options, and best practice 1. [Log On to the Cloud Foundry Environment Using the SAP BTP Cockpit](https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-foundry-environment). 2. Create a service key according to [Creating Service Keys in Cloud Foundry](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/6fcac08409db4b0f9ad55a6acd4d31c5.html). 3. Create a User-Provided Service following [Creating User-Provided Service Instances in Cloud Foundry Environment](https://help.sap.com/docs/service-manager/sap-service-manager/creating-user-provided-service-instances-in-cloud-foundry-environment) using `Instance Name` of your choice and the information from the the service key to configure `System Logs Drain URL`: - ``` https-batch://:@/cfsyslog?drain-type=all ``` - 4. Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service. - - ## Result From d4bafc9729478929f81d57f13fcb96f2ab4613f9 Mon Sep 17 00:00:00 2001 From: Nicklas Dohrn <20398358+nicklas-dohrn@users.noreply.github.com> Date: Fri, 7 Nov 2025 09:38:48 +0100 Subject: [PATCH 3/8] Update docs/ingest-from-cloud-foundry-runtime-f5a7c99.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jürgen Walter --- docs/ingest-from-cloud-foundry-runtime-f5a7c99.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index 869599b..9bdb65b 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -129,7 +129,7 @@ For more information about different contexts, tools, options, and best practice > creds_payload.json ``` - 3. Create the mTLS-enabled user provided service: + 3. Create the mTLS-enabled user-provided service: ```bash cf cups \ -l "https-batch://:@/cfsyslog?drain-type=all" \ From 13d2b9a5e53ab33c19a6cd5c926a98c2654473f7 Mon Sep 17 00:00:00 2001 From: Nicklas Dohrn <20398358+nicklas-dohrn@users.noreply.github.com> Date: Fri, 7 Nov 2025 09:38:56 +0100 Subject: [PATCH 4/8] Update docs/ingest-from-cloud-foundry-runtime-f5a7c99.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jürgen Walter --- docs/ingest-from-cloud-foundry-runtime-f5a7c99.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index 9bdb65b..e16bddb 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -97,7 +97,7 @@ For more information about different contexts, tools, options, and best practice a) Simple basic auth configuration: - Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice: + To create a user-provided service, use the following template, filled with the values from the previous step and a of your choice: ```bash cf cups -l https-batch://:@/cfsyslog?drain-type=all From 3a32924ba7feaddd62cddb8532a665568543fe24 Mon Sep 17 00:00:00 2001 From: Maksimiliana Petrova <69342522+Maksimiliana@users.noreply.github.com> Date: Fri, 7 Nov 2025 11:33:06 +0200 Subject: [PATCH 5/8] Update ingest-from-cloud-foundry-runtime-f5a7c99.md Add missing text. --- docs/ingest-from-cloud-foundry-runtime-f5a7c99.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index e16bddb..ee75610 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -97,7 +97,7 @@ For more information about different contexts, tools, options, and best practice a) Simple basic auth configuration: - To create a user-provided service, use the following template, filled with the values from the previous step and a of your choice: + To create a user-provided service, use the following template, filled with the values from the previous step and a of your choice: ```bash cf cups -l https-batch://:@/cfsyslog?drain-type=all From 116bf924aa2a221467e4a904f09bb117af682a1a Mon Sep 17 00:00:00 2001 From: Maksimiliana Petrova <69342522+Maksimiliana@users.noreply.github.com> Date: Fri, 7 Nov 2025 12:28:58 +0200 Subject: [PATCH 6/8] Apply suggestion from @juergen-walter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jürgen Walter --- docs/ingest-from-cloud-foundry-runtime-f5a7c99.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index ee75610..1565e35 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -115,7 +115,7 @@ For more information about different contexts, tools, options, and best practice 2. Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline) ```json - creds_payload.json: + credentials.json: { "ca": "", "cert": "", From 6006090ea2e2dd14fb9cde0105263cbf75ec676c Mon Sep 17 00:00:00 2001 From: Maksimiliana Petrova <69342522+Maksimiliana@users.noreply.github.com> Date: Fri, 7 Nov 2025 12:29:07 +0200 Subject: [PATCH 7/8] Apply suggestion from @juergen-walter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jürgen Walter --- docs/ingest-from-cloud-foundry-runtime-f5a7c99.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index 1565e35..c1ad9e6 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -126,7 +126,7 @@ For more information about different contexts, tools, options, and best practice ```bash cf service-key \ | jq '.credentials | {ca: ."server-ca", cert: ."ingest-mtls-cert", key: ."ingest-mtls-key"}' \ - > creds_payload.json + > credentials.json ``` 3. Create the mTLS-enabled user-provided service: From ae0333ee818233d5b58d218dac626b72a62812b8 Mon Sep 17 00:00:00 2001 From: Maksimiliana Petrova <69342522+Maksimiliana@users.noreply.github.com> Date: Fri, 7 Nov 2025 12:29:13 +0200 Subject: [PATCH 8/8] Apply suggestion from @juergen-walter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Jürgen Walter --- docs/ingest-from-cloud-foundry-runtime-f5a7c99.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md index c1ad9e6..333ff7d 100644 --- a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md +++ b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md @@ -133,7 +133,7 @@ For more information about different contexts, tools, options, and best practice ```bash cf cups \ -l "https-batch://:@/cfsyslog?drain-type=all" \ - -p creds_payload.json + -p credentials.json ``` 6. Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service.