[BUG] Error authenticating CF instance (wrong CF API endpoint)

[rkapoz-bgp]

Is there an existing issue for this?

• I have searched the existing issues

Are you using the latest docker image for BTPSA?

• I'm using the latest docker image for BTPSA.

Which area is mainly impacted

Cloud Foundry setups

Current Behavior

I'm trying to setup one "sample" BTP env with the default settings in the image container (default.json settings). At the time of connecting to the CF endpoint and connect to the auto-created org, I receive an error indicating that the ORG (just created, and exists) does not exists ERROR : Organization 'cf-btp-setup-automator-us10-998b9f87-fa30-4934-9295-6903ab7f' not found.

After investigating the issue, I found that the code refers to the CF API endpoint as: https://api.cf.us10.hana.ondemand.com , but the real actual CF endpoint is: https://api.cf.us10**-001**.hana.ondemand.com/

It seems it added to the API URI an "landscapelabel" (001) that is referenced in the btp_cli.py file (from line 323 envLandscape = selectEnvironmentLandscape(self, environment)

Effectively running the command (from cli) btp --format json list accounts/available-environment --subaccount <my account> I see a property "landscapeLabel": "cf-us10-001" , but as far I can understand, is not used to properly format the CF API URL (I searched for but I haven't found anything about th eproperty "landscapeLabel")

Expected Behavior

No response

Steps To Reproduce

1 I'm using the latest docker image container (commit id: 0724fc0)
2 run ./btpsa with default settings (by using the default parameters.json file and default usecases/released/default.json)

Logs and configuration files available?

[2022-10-15 10:05:42] RUN COMMAND: cf login -a 'https://api.cf.us10.hana.ondemand.com' -o 'cf-btp-setup-automator-us10-998b9f87-fa30-4934-9295-6903ab7f' -u '[email protected]' -p 'xxxxxxxxxxxxxxxxx
[2022-10-15 10:05:45] ERROR : API endpoint: https://api.cf.us10.hana.ondemand.com

Authenticating...
OK

API endpoint: https://api.cf.us10.hana.ondemand.com
API version: 3.123.0
user: [email protected]
No org or space targeted, use 'cf target -o ORG -s SPACE'
FAILED

[2022-10-15 10:05:45] ERROR : Organization 'cf-btp-setup-automator-us10-998b9f87-fa30-4934-9295-6903ab7f' not found.

Anything else?

No response

[lechnerc77]

Hi @rkapoz-bgp ,
thanks for your analysis on the issue. To reproduce the setup, one more question: did you change/add any parameters in the parameter.json besides myemail, authentication and in case password?

[rkapoz-bgp]

Hi @rkapoz-bgp , thanks for your analysis on the issue. To reproduce the setup, one more question: did you change/add any parameters in the parameter.json besides myemail, authentication and in case password?

Hi, no I didn't change any setting in parameter.json (I thing the attribute you are referring have been modified the first time i run btpsa.

here an extract of the contents:

"usecasefile": "usecases/released/default.json",
"region": "us10",
"globalaccount": "bgpmanagementconsultingspa",
"myemail": "[email protected]",
"loginmethod": "basicAuthentication",
"subaccountname": null,
"cfspacename": "development",

[lechnerc77]

@rkapoz-bgp : I tried to reproduce the error you reported but did not succeed.

My setup:

• An SAP BTP Global account with no subaccounts. It is not a trial account as this is not supported by the tool
• I edited the parameter.json and the default.json and removed the role assignments and env parameters. I also added my email and global account ID (otherwise it is queried by the tool, setting it in the file is more convenient). This does not influence the log on flow to Cloud Foundry

I tried the execution with basic authentication as well as well as sso. In all runs the CF environment was created successfully including org and space.
The output is:

[2022-10-15 14:28:29] RUN COMMAND: cf login -a 'https://api.cf.us10.hana.ondemand.com' -o 'cf-btp-setup-automator-us10-<a cryptical uuid>' -u '[email protected]' -p 'xxxxxxxxxxxxxxxxx
[2022-10-15 14:28:33] RUN COMMAND: cf spaces
[2022-10-15 14:28:34] CHECK      : cfspacename >development<
[2022-10-15 14:28:34] CHECK      : org         >cf-btp-setup-automator-us10-<a cryptical uuid><
[2022-10-15 14:28:34] INFO       : Create CF space >development<
[2022-10-15 14:28:34] RUN COMMAND: cf create-space 'development' -o 'cf-btp-setup-automator-us10-<a cryptical uuid>'
[2022-10-15 14:28:36] INFO       : Check when CF space >development< is ready
[2022-10-15 14:28:36] RUN COMMAND: cf spaces
[2022-10-15 14:28:37] SUCCESS    : created CF space >development<
[2022-10-15 14:28:37] INFO       : Set CF target to space >development<
[2022-10-15 14:28:37] RUN COMMAND: cf target -s 'development'

The endpoint works correct. Using the btpcli command you referenced, I get two entries, one with the landscape label cf-us10 and one with the label cf-us10-001. The endpoint of the API for US10 is https://api.cf.us10.hana.ondemand.com/ as described in help.sap.com, which works in my case.

For comparison:
my parameters.json file (global account needs to be filled and email exchanged if you want to try it):

{
  "$schema": "https://raw.githubusercontent.com/SAP-samples/btp-setup-automator/main/libs/btpsa-parameters.json",
  "usecasefile": "usecases/released/default.json",
  "region": "us10",
  "globalaccount": null,
  "myemail": "[email protected]",
  "loginmethod": "basicAuthentication",
  "subaccountname": null,
  "cfspacename": "development"
}

default.json file:

{
    "$schema": "https://raw.githubusercontent.com/SAP-samples/btp-setup-automator/main/libs/btpsa-usecase.json",
    "aboutThisUseCase": {
        "name": "Default use case on how to show how btp-setup-automator works",
        "description": "This usecase sets up various services and app subscriptions on SAP BTP",
        "author": "[email protected]",
        "testStatus": "tested successfully",
        "usageStatus": "READY TO BE USED"
    },
    "services": [
        {
            "name": "application-logs",
            "plan": "lite",
            "category": "SERVICE"
        },
        {
            "name": "xsuaa",
            "plan": "apiaccess",
            "category": "SERVICE"
        },
        {
            "name": "sapappstudio",
            "plan": "standard-edition",
            "category": "APPLICATION"
        },
        {
            "name": "cicd-app",
            "plan": "default",
            "category": "APPLICATION"
        }
    ]
}

If you see a delta compared to yours let me know.

[rkapoz-bgp]

@rkapoz-bgp : I tried to reproduce the error you reported but did not succeed.

My setup:

• An SAP BTP Global account with no subaccounts. It is not a trial account as this is not supported by the tool
• I edited the parameter.json and the default.json and removed the role assignments and env parameters. I also added my email and global account ID (otherwise it is queried by the tool, setting it in the file is more convenient). This does not influence the log on flow to Cloud Foundry

I tried the execution with basic authentication as well as well as sso. In all runs the CF environment was created successfully including org and space. The output is:

[2022-10-15 14:28:29] RUN COMMAND: cf login -a 'https://api.cf.us10.hana.ondemand.com' -o 'cf-btp-setup-automator-us10-<a cryptical uuid>' -u '[email protected]' -p 'xxxxxxxxxxxxxxxxx
[2022-10-15 14:28:33] RUN COMMAND: cf spaces
[2022-10-15 14:28:34] CHECK      : cfspacename >development<
[2022-10-15 14:28:34] CHECK      : org         >cf-btp-setup-automator-us10-<a cryptical uuid><
[2022-10-15 14:28:34] INFO       : Create CF space >development<
[2022-10-15 14:28:34] RUN COMMAND: cf create-space 'development' -o 'cf-btp-setup-automator-us10-<a cryptical uuid>'
[2022-10-15 14:28:36] INFO       : Check when CF space >development< is ready
[2022-10-15 14:28:36] RUN COMMAND: cf spaces
[2022-10-15 14:28:37] SUCCESS    : created CF space >development<
[2022-10-15 14:28:37] INFO       : Set CF target to space >development<
[2022-10-15 14:28:37] RUN COMMAND: cf target -s 'development'

The endpoint works correct. Using the btpcli command you referenced, I get two entries, one with the landscape label cf-us10 and one with the label cf-us10-001. The endpoint of the API for US10 is https://api.cf.us10.hana.ondemand.com/ as described in help.sap.com, which works in my case.

For comparison: my parameters.json file (global account needs to be filled and email exchanged if you want to try it):

{
  "$schema": "https://raw.githubusercontent.com/SAP-samples/btp-setup-automator/main/libs/btpsa-parameters.json",
  "usecasefile": "usecases/released/default.json",
  "region": "us10",
  "globalaccount": null,
  "myemail": "[email protected]",
  "loginmethod": "basicAuthentication",
  "subaccountname": null,
  "cfspacename": "development"
}

default.json file:

{
    "$schema": "https://raw.githubusercontent.com/SAP-samples/btp-setup-automator/main/libs/btpsa-usecase.json",
    "aboutThisUseCase": {
        "name": "Default use case on how to show how btp-setup-automator works",
        "description": "This usecase sets up various services and app subscriptions on SAP BTP",
        "author": "[email protected]",
        "testStatus": "tested successfully",
        "usageStatus": "READY TO BE USED"
    },
    "services": [
        {
            "name": "application-logs",
            "plan": "lite",
            "category": "SERVICE"
        },
        {
            "name": "xsuaa",
            "plan": "apiaccess",
            "category": "SERVICE"
        },
        {
            "name": "sapappstudio",
            "plan": "standard-edition",
            "category": "APPLICATION"
        },
        {
            "name": "cicd-app",
            "plan": "default",
            "category": "APPLICATION"
        }
    ]
}

If you see a delta compared to yours let me know.

Hi @lechnerc77,
my files were little diferent (but I didn't touched them) e.g. parameters.json contain "envvariables", and "myusergroups" object. However I tried to exactly conform your files with mine, but still doesn't work; same error.

I confirm the strange thing about the CF API endpoint that I see on the BTP cockpit (https://api.cf.us10-001.hana.ondemand.com/), and if I manually logon (via CF cli) with this endpoint the connection works, and I see the org created.

I'm using an CPEA BTP account; if this hepl, it has been provisioned just some days ago (I'm thinking about a new "feature" added to new global accounts/subdomain, that modified the CF API url, may be?).

As I reported above, if I run btp --format json list accounts/available-environment --subaccount I receive a JOSN with an element called "landscapeLabel": "cf-us10-001" that seems referring the "001" missing in the CF API URL endpoint (as referenced in the automator)

[lechnerc77]

@rkapoz-bgp Thanks for your quick feedback. Maybe this is due to the CPEA BTP account, but I do not think so. As I wrote, I get back two entries from the BTP CLI command, one with landscape label *us10 and one with *us10-100.

I will check what causes this different endpoint that does not seem to be documented (at least I did not find it)

[lechnerc77]

@rkapoz-bgp as you already mentioned the wrong API endpoint was used. I have fixed the behavior via PR #259 fetching the endpoint information from the BTP CLI

The fixed code is available in the latest main branch as well as in the latest image in the GitHub packages.

[rkapoz-bgp]

Hi @lechnerc77 , I confirm it works.

Thank you
Roberto