Outline of this blog series: Automate the KeyStore Certificates/Keypair Renewal through Cloud Integration API
1. SAP CPI Introduction
2. SAP BTP tools and features overview (BTP, Global Account, Sub-Account, Entitlements, Connectivity, Security)
3. SAP CPI Web IDE overview
4. Registering a trial account and enrolling to SAP CPI service
5. Deep dive into Cloud Integration features with real world scenario example
6. Use cases of palette functions
7. Adapter configurations
8. Using Cloud connector for connecting to backend SAP systems
9. Overview on API Management & Open Connectors
10. Integration using Open Connectors with real world example
In short, below is the content we will elaborate in this tutorial:
1. Requirement
2. IFlow development
1. Requirement
Recently, I received an email from my client indicating that the external certificate uploaded in the CI tenant is about to expire and needs to be renewed. As an integration specialist, it’s essential to monitor these certificates and inform the client. Relying on manual daily, weekly, or yearly checks is not an efficient approach that clients would prefer. Therefore, we decided to automate the KeyStore certificates/keypair renewal through Cloud Integration API. We planned to implement a monitoring IFlow that runs daily to check the available certificates/key pairs in the keystore, verify their validity, and trigger an alert email to the business with details of the certificate and its expiration timeline.
Presently we have concocted a methodology. Next is to have an OData Programming interface or administration which ought to give the conveyed declaration sections. Furthermore, strangely, SAP has given a Cloud Coordination OData V2 Programming interface for this prerequisite.
The Programming interface which we will utilize is – Security Content OData Programming interface V2
Thus, we persuaded the OData to be utilized for our case. How about we continue.
Approach – Get all the keystore sections. Part into each keystore passage. Work out the expiry days in planning. Through Switch, course it to separate branch. Set up the mail body. For each declaration, one mail body is logged, as we have utilized splitter.
NOTE: Because of an issue in our SMTP server, I will not have the option to show you the mail design.
2. IFlow development
How about we start with the turn of events.
a. We can begin with a clock, generally every time we need to utilize mailman to set off the IFlow and furthermore, we need to pass no payload from source.
-> To get this tenant management URL, simply copy the URL from the browser address bar while you are in Cloud integration.
Proxy type – Internet
Authentication – Basic
Accreditation Name – (your BTP cockpit certification can be conveyed in CI – Oversee Relic)
In the Handling tab, Pick GET activity. In the OData model proofreader, pick KeystoreEntries element and select the necessary fields.
There is one limit in this, we can’t add any channel in the OData question. While executing IFlow, getting a mistake “Channel not upheld”. On the off chance that we need to sift through certain outcomes, we need to attempt in message planning or in another ways.
c. Presently have a go at executing the IFlow and see the reaction of the OData connector. There were 10 passages in keystore.
Fields accessible inside each keystore passage.
d. We got the keystore passages. Next is to parted it independently through Broad Splitter.
e.
- In the next message mapping,
Source message:
We can get the XSD from OData model manager by empowering Produce XML Construction Definition choice.
Target Message:
We will change the date parts and, we needn’t bother with all fields for that, rather map just the expected fields, for our situation its 3. Pseudonym (Name of the keystore section), ValidNotAfter (last date of the testament/keypair) and daysToExpire (ValidNotAfter – CurrentDate).
Prior to continuing on the distinction calculation, change those dates into beneficial arrangement.
In – yyyy-MM-dd’T’HH:mm:ss.SSS
Out – yyyy/MM/dd
Script used:
import com.sap.it.api.mapping.*;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.io.*
import java.lang.*;
import java.util.*;
def String customFunc1(String P1,String P2) {
String inpStartDate =P1.toString();
String inpEndDate = P2.toString();
SimpleDateFormat sdf = new SimpleDateFormat("yyyy/MM/dd");
Date EmpStartDate = sdf.parse(inpStartDate);
Date EmpEndDate = sdf.parse(inpEndDate);
//Use dateDiffInDays to get difference in days
def dateDiffInDays=EmpStartDate - EmpEndDate
return dateDiffInDays.toString();
}
We should trial the planning with an example record.
Its correctly calculating.
f. Next is to store those 3 values in the content modifier.
g. Next is to add a switch. For no issues in endorsement, it will be in default branch. The other branch is set to the underneath condition:
${property.daysToExpire} < '1580' and ${property.daysToExpire} > '0'Pick me authentications whose legitimacy will terminate in 1580 days and not currently lapsed.
h. In the substance modifier, set the mail body as beneath, according to the need.
Hi Team,
The below certificate is expiring. Kindly renew it.
KeyPair/Certificate Name - ${property.EntryName}
ExpiryDate - ${property.ExpiryDate}
Expires in - ${property.daysToExpire} days.
Thanks.
Output:
Here we can see that there are 3 tabs, and that implies 3 endorsements are going to lapse and 3 sends will be shipped off business.
That’s all there is to it. After this, you can connect the mail connector to send emails to the business. If you’re looking to streamline your security processes, consider exploring how to automate the KeyStore certificates/keypair renewal through Cloud Integration API. Thank you for reading this blog. Happy learning!
YOU MAY LIKE THIS
Steampunk Chronicles: Navigating the Cloud with SAP BTP ABAP Environment
SAP ABAP on HANA Interview Questions: Mastering the Essentials
WhatsApp us