CPILint version 1.0.2 is out

MortenWittrock · ‎03-14-2021

Yesterday, I released CPILint version 1.0.2:

CPILint is an open source, command-line tool for SAP Cloud Integration, which lets you automate the governance of your integration flows by writing executable, rule-based development guidelines.

CPILint ships with a number of built-in rules, covering adapters, mapping, scripting, security and more. Once you’ve chosen the rules that make sense in your particular situation, CPILint does the heavy lifting of checking your integration flows for compliance, and presents you with a report of the issues discovered.

If this is the first time your hear about CPILint, please read this blog post for a much more in-depth introduction.

So what’s new in version 1.0.2? First and foremost, this release updates the tool to use the public integration packages API. Version 1.0.1 still used the undocumented API, which no longer works.

1.0.2 also introduces the CPILINT_JAVA_HOME environment variable, which you can use to launch CPILint with a specific Java runtime. Also, the Bash launch script now works correctly on macOS.

You can download CPILint version 1.0.2 from GitHub. If you want to tinker, the full source code and all other files needed to build CPILint is included in the download. Everything you need is available in the CPILint GitHub repository as well, of course. For documentation and installation instructions, please see the project's wiki.

Have fun with CPILint! If you run into any issues at all, do please let me know. You can do that by either commenting below, or by creating an issue on GitHub.

michaelkuehn · ‎12-16-2021

Hi Morten,

Thanks for sharing this great tool. Do you support also custom identity providers (e.g. SAP IAS)?

Unfortunately it doesn't work for us...

Best regards,
Michael

MortenWittrock · ‎12-16-2021

Hi Michael

The credentials are used for the OData API calls, and I believe you should still use your SAP ID Service user for that, but let me check and get back to you.

Regards,

Morten

P.S. Also make sure that you are actually hitting the correct Tenant Management Node hostname.

michaelkuehn · ‎12-16-2021

Hi Morten,

Thanks a lot for the fast response. For our tenants also basic authentication is "redirected" to our custom IdP. I verified the basic authentication against one of the odata API endpoints.

Our error message looked like this:

Finally I solved it by using another client (outside company network). I guess the internet proxy was causing the issues.

Thank you again for sharing this great tool!

Best regards,
Michael

MortenWittrock · ‎12-16-2021

Happy to hear it worked out 😄

michaelkuehn · ‎12-21-2021

Just to share our experience on API authorization with custom IdP: We also faced further authorization issues in Neo environment when using a custom IdP in combination with group mapping between BTP authorization groups and LDAP groups (caused by CPI API). Finally we solved it by manually assigning the technical user ID of IAS (e.g. P000xxx) to the BTP developer group. LDAP username was not working for API authorization (even if automatically mapped to BTP group before & working in CPI environment).

MortenWittrock · ‎12-21-2021

Hi Michael

That's useful - thanks for sharing!

Regards,

Morten

dvdeijk · ‎09-30-2022

I am thinkin of extending the tool a bit to make it an information gathering tool to list what resources are being used/addressed, and i created a small pull request to improve user experience a little bit.

Please let me know what you think about this.

MortenWittrock · ‎10-03-2022

Hi David

Thank you very much for you comment and the PR.

It is actually by choice, that the technical details are not in the regular error messages, that are output to the console. Instead, they go into the debug log (along with a lot of additional information). That means, however, that you need to run the tool again with the -debug option, to generate a log file.

I should probably make that more clear. Thank you for bringing that to my attention.

Regards,

Morten

dvdeijk · ‎10-03-2022

In general I dont mind that structure, but when you are just typing the wrong password or getting a 404 on the wrong URL, it is not very userfriendly to have to open a debug log file to find out such a simple error. That is why I did not change all error reporting, just the ones I ran into during startup.

The one with the zipfile that is not an iflow is a real bug. It just crashes with a stacktrace on nullpointer exception if there is no manifest in the zipfile.

narayana5555 · ‎11-17-2022

Hi Morten,

Thanks for this great tool CPILINT. when i am connecting to cpi tenant, i am getting below error. Pls advise.

MortenWittrock · ‎11-17-2022

Hi Narayana

If you run the command again with the -debug option, a log file called "cpilint.log" will be created. It will contain more information about what the real problem is.

Regards,

Morten

narayana5555 · ‎11-22-2022

Hi Morten,

Thanks for the reply. i ran the command with debug option and i have got the log file. Here it is :

16:14:16.384 INFO dk.mwittrock.cpilint.CpiLint - Starting inspection of iflow artifacts
16:14:16.385 DEBUG d.m.c.api.CloudIntegrationOdataApi - Retrieving iflow artifact from tenant: Claims_Vistex_Demo
16:14:16.385 DEBUG d.m.c.api.CloudIntegrationOdataApi - Iflow artifact URI generated for ID Claims_Vistex_Demo: https://yy-btp-dev-txxxxxxxx8.it-cpi013-rt.cfapps.us21.hana.ondemand.com/api/v1/IntegrationDesigntimeArtifacts(Id='Claims_Vistex_Demo',Version='active')/$value
16:14:17.757 ERROR dk.mwittrock.cpilint.CliClient - Iflow artifact supplier error
dk.mwittrock.cpilint.suppliers.IflowArtifactSupplierError: API error when retrieving iflow
at dk.mwittrock.cpilint.suppliers.IteratingApiSupplierBase.supply(Unknown Source)
at dk.mwittrock.cpilint.suppliers.TenantSingleArtifactsSupplier.supply(Unknown Source)
at dk.mwittrock.cpilint.CpiLint.run(Unknown Source)
at dk.mwittrock.cpilint.CliClient.main(Unknown Source)
Caused by: dk.mwittrock.cpilint.api.CloudIntegrationApiError: Iflow artifact ID 'Claims_Vistex_Demo' could not be found
at dk.mwittrock.cpilint.api.CloudIntegrationOdataApi.getIflowArtifact(Unknown Source)
... 4 common frames omitted
16:14:17.758 INFO dk.mwittrock.cpilint.CliClient - Exiting CliClient with error status 2 and message: There was an error while retrieving iflow artifacts: API error when retrieving iflow

Please advise on this fix ?

MortenWittrock · ‎11-22-2022

Hi Narayana

This looks to me like the iflow ID is wrong. Please double-check that it matches the one in the tenant.

Regards,

Morten

narayana5555 · ‎11-24-2022

Hi Morten,

Thank you for your reply. the issue was with host name and now we are able to connect CPI tenant directly. One last question, We want to inspect externalization parameters through CPILINT tool. Is there any possible way/ workaround solution for checking every field in the adapter should be externalized as per the given scope of externalization in CPI.

Kind regards,

Narayana.

MortenWittrock · ‎11-24-2022

Hi Narayana

That's not something that's currently supported. But I like the idea a lot, actually. I'll add it to the to-do list 😄

Regards,

Morten

narayana5555 · ‎11-25-2022

Hi Morten,

Thanks for the confirmation. we are waiting for that feature to release...One more last question 🙂

how to add new values to the enumeration ? As an example, I want to add the following iflow steps to the rules so that it will be inspected through CPILINT tool.

looping-process-call.name

process-call.name

local-integration-process.name

exception-subprocess.name

splitter.name

router.name

pgp-encryptor.name

pkcs7-encryptor.name

pgp-decryptor.name

pkcs7-decryptor.name

filter.name

content-enricher.name

message-digest.name

persist.name

sequential-multicast.name

parallel-multicast.name

join.name

aggregator.name

gather.name

Kind regards,

Narayana.

MortenWittrock · ‎11-25-2022

Hi Narayana

I like your enthusiasm! Each constant in that enumeration in the rules file is backed by a piece of code, so sadly it's not enough to extend the enumeration. But the NamingConventions rule will support even more steps in the next release.

And do keep asking questions; I'm happy to answer them!

Regards,

Morten

Subhadeep · ‎04-24-2023

Hi Morten,

We recently removed default idp user authentication for our tenants. Now we are using custom idp. Earlier with the default S-user cilint was working fine but now it is throwing an error. Could this tool work with custom idp user or we must stick to a default idp user for this tool at the moment ?

MortenWittrock · ‎04-24-2023

Hi Subhadeep

IdP user should not be a problem. Please see this page. Alternative 1: Create a service key with the "api" plan and assign the required roles to it. Alternative 2: Copypaste the error message and we can have a look 🙂

Regards,

Morten

Subhadeep · ‎04-26-2023

Hello Morten,

As suggested we tried going for the first alternative. We created a service key with a WorkspacePackagesRead role. When we are using the clientid and secret we still get the same error on cilint. We could see on the audit logs the authentication type being used is OpenIdConnect in this case.

Regards,

Subhadeep.

MortenWittrock · ‎04-26-2023

Hi Subhadeep

I need to see those logs, then. I've followed you here on the SAP Community. If you follow me back, we can use the messaging system and take it from there.

Regards,

Morten

adriaanbeukema1977 · ‎10-13-2023

Hello Morten,

We are really curious when to expect a new version of this tool.

The suggestions related to the externalized parameters and further support for all other process steps mentioned sound really great.

We can't wait for it.

Adriaan.

MortenWittrock · ‎10-13-2023

Hi Adriaan

I'm curious about that too

There is some progress on the next version, but there's also quite a bit more work to do.

And just in case: 1.0.4 is the latest version; you are commenting on the version 1.0.2 announcement.

Regards,

Morten

CPILint version 1.0.2 is out

SAP PI for Beginners

ABAP 7.40 Quick Reference

Fiori: technical installation and configuration of one app from A - Z