Merge pull request #39 from nicklas-dohrn/mtls-cups-update

Maksimiliana · web-flow · commit 5aca4692925c · 2025-11-07T15:47:16.000+02:00
Add mtls section to ingest from cf
diff --git a/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md b/docs/ingest-from-cloud-foundry-runtime-f5a7c99.md
@@ -93,28 +93,61 @@ For more information about different contexts, tools, options, and best practice
     cf service-key <service-instance> <service-key>
     ```
 
-5.  Create a user provided service using the following the template filled with the values of the previous step and a user-provided-service-name of your choice:
+5.  Create the User Provided Service (using either simple basic auth or mTLS):
 
-    ```
+    a) Simple basic auth configuration:
+
+    To create a user-provided service, use the following template, filled with the values from the previous step and a <user-provided-service-name> of your choice:
+
+    ```bash
     cf cups <user-provided-service-name> -l https-batch://<ingest-username>:<ingest-password>@<ingest-endpoint>/cfsyslog?drain-type=all
     ```
 
+    b) mtls-enabled configuration:
+
+    1. Extract the following fields from the binding JSON:
+        - ingest-username
+        - ingest-password
+        - ingest-mtls-endpoint
+        - ingest-mtls-cert
+        - ingest-mtls-key
+        - server-ca
+
+    2. Prepare the JSON payload for cf cups. (Newlines must be escaped if passed inline)
+        ```json
+        credentials.json:
+        {
+        "ca": "<server-ca>",
+        "cert": "<ingest-mtls-cert>",
+        "key": "<ingest-mtls-key>"
+        }
+        ```
+        You can also create the payload file using the following command:
+        ```bash
+        cf service-key <service-instance> <service-key> \
+        | jq '.credentials | {ca: ."server-ca", cert: ."ingest-mtls-cert", key: ."ingest-mtls-key"}' \
+        > credentials.json
+        ```
+
+    3. Create the mTLS-enabled user-provided service:
+        ```bash
+        cf cups <user-provided-service-name> \
+        -l "https-batch://<ingest-username>:<ingest-password>@<ingest-mtls-endpoint>/cfsyslog?drain-type=all" \
+        -p credentials.json
+        ```
+
 6.  Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service.
 
 **Bind the Application to User Provided Service Using SAP BTP Cockpit**
 
 1.  [Log On to the Cloud Foundry Environment Using the SAP BTP Cockpit](https://help.sap.com/docs/btp/sap-business-technology-platform/cloud-foundry-environment).
 2.  Create a service key according to [Creating Service Keys in Cloud Foundry](https://help.sap.com/viewer/09cc82baadc542a688176dce601398de/Cloud/en-US/6fcac08409db4b0f9ad55a6acd4d31c5.html).
 3.  Create a User-Provided Service following [Creating User-Provided Service Instances in Cloud Foundry Environment](https://help.sap.com/docs/service-manager/sap-service-manager/creating-user-provided-service-instances-in-cloud-foundry-environment) using `Instance Name` of your choice and the information from the the service key to configure `System Logs Drain URL`:
-
     ```
     https-batch://<ingest-username>:<ingest-password>@<ingest-endpoint>/cfsyslog?drain-type=all
     ```
-
 4.  Proceed with [Bind the Application to the Service Instance](ingest-from-cloud-foundry-runtime-f5a7c99.md#loiof5a7c993743c4ee79722479371b90b37__bind_the_application) and bind to the user provided service.
 
-
-
 <a name="loiof5a7c993743c4ee79722479371b90b37__section_gvg_4k4_xyb"/>
 
 ## Result
