cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Viewing CloudFoundry orgs across multiple global accounts

Go to solution
SeanKilleen
Explorer

on ‎11-17-2023 7:56 PM

0 Kudos

Summary:

  • Given I am previously an administrator on Global Account A
  • ...And Global account A contains a CF org 123
  • ...And I am newly also an administrator on Global Account B
  • ...And Global account B contains a CF org 456
  • When I log into the CF cli with my credentials via "cf login"
  • ...And I run "cf orgs"
  • How can I see both CF org 123 and CF org 456? (currently only org 123 is displayed)

-----

Hi all,

My goal is to use SAP BTP Terraform provider + CF Terraform provider to manage some CloudFoundry environments, but I think I'm hitting an issue around CF organization visibility at the CF CLI level (outside of Terraform at all).

I had Terraform code which was working previously. The CF environment is created via BTP Terraform, and then I'm using the CloudFoundry Terraform provider to get information about that CF org and do things like create spaces and instances, etc.

When I attempted to use this code, the Terraform data source told me that the CF organization couldn't be found. To troubleshoot it, I used the CF CLI to login and try to see the orgs.

But, when I login to the CF CLI, and I see the list of orgs, the orgs are only available for the original global account I was an admin for. I'm the admin of two global accounts now, including one that was created recently where I'm now creating all these resources.

So I'm trying to understand - when I login to the CF CLI with my BTP username and password, how can I ensure that it shows available organizations from all of my BTP global accounts, instead of just one account? Is there something I need to configure in order to make that new global account visible to the CF CLI when listing CF orgs?

Show replies
Show replies
gregorw
Active Contributor
‎11-17-2023 8:26 PM
0 Kudos

Are both CF Orgs in the same region and do they show the same CF API Endpoint when you access the subaccount via the BTP Cockpit?

SeanKilleen
Explorer
‎11-17-2023 9:13 PM
0 Kudos

@Gregor strangely enough, no -- despite creating the sub-accounts with the same region in Terraform (us10), and both subaccounts showing they are in AWS US East (VA), the new global subaccount's CF org is showing a CF API URL of https://api.cf.us10-001.hana.ondemand.com instead of https://api.cf.us10.hana.ondemand.com (as I expect, and as the original shows).

Any idea how this could happen or how I could force it not to happen? I wonder if this is a bug with v0.6.0-beta2 of the BTP provider. Perhaps it's creating the CF orgs with the incorrect CF API URL?

SeanKilleen
Explorer
‎11-17-2023 10:11 PM
0 Kudos

Update: sure enough, as soon as I extract that into a variable and set it for my environments, it worked correctly.

Is there a CF endpoint convention I'm unaware of across certain kinds of global accounts? Would have never expected that.

gregorw
Active Contributor
‎11-17-2023 10:43 PM
0 Kudos

It seems that CF environments can't scale endlessly. So SAP had to split them. This new CF environments have different API URLs and are separated from the old one. I don't think that there is any way to influence what API endpoint is used when creating the CF environment.

SeanKilleen
Explorer
‎11-18-2023 12:10 PM
0 Kudos

This makes sense. I couldn't understand how I could possibly programmatically work with that if I couldn't retrieve the endpoint, but it turns out I can -- I'll add an answer summarizing it all. Thanks for the insight!

Answer
View Entire Topic
SeanKilleen
Explorer
‎11-18-2023 12:17 PM

In this case, while I thought the issue was visibility, it turned out to be an issue with not understanding that CF API endpoints weren't guaranteed to match regions. This assumption worked for a while but then was invalidated.

Gregor's comments here and Christian's explanations at https://github.com/SAP/terraform-provider-btp/issues/538 helped me untangle this.

I'll copy Christian's explanation here:

---

The CF orgs are depending on their regional assignment created in the so called extension landscapes (see https://help.sap.com/docs/custom-domain/custom-domain-manager/extension-landscapes). This impacts the CF API endpoint.

After creation of the CF environment via the Terraform provider you can fetch the right API endpoint URL from the labels that are created for the environment. We have an example for this here: https://github.com/SAP-samples/btp-terraform-samples/tree/main/released/modules/environment/cloudfou...

---

So, my next steps will be to use that output as the reference for my CF API endpoint rather than hard-coding it.

Show replies
Show replies
Ask a Question