midnight Comments - Answer Overflow

Ah ok, I call the getZeroTrustAccessServiceToken and then assign the clientId to a variable for HyperDrive config. Let me see if I can pull the secret from when I create the Service Token or if its a property avaliable. unrelated, really nice font in that screenshot!

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Hey @AJR, hopefully the last question. From the api docs the cloudflare.HyperdriveConfig api docs state the accessClientId and accessClientSecret are required if a port is not specified. Where does the accessClientId come from, is it the ZeroTrustServiceToken.id or ZeroTrustServiceToken.clientId? Same for the accessClientSecret the docs state this is write only, can I just set any string as part of the config? https://developers.cloudflare.com/api/resources/hyperdrive/models/hyperdrive/#(schema) -> Create Hyperdrive -> AccessProtectedDatabaseBehindCloudflareTunnel

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

All good! Sounds like a good blog post once its all worked out and maybe a PR back to your docs walking through the process!

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Thanks for your help AJR! Ill work through the list above first 🙂

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

I also have tcpdump running on the cloudflared docker container to log any postgres connections

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Are the logs under the ZeroTrust portal? I can grab from there. I already have the tunnel in debug but when I run a deploy I get an error (I will rerun again to get the exact one) and do not see the connection attempt, so I am working backwards through the api via curl from the working hyperdrive config

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

I dont see zone listed in the api docs

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Yep, I set X-Auth-Key as the global api key and X-Auth-Email as the account email to https://api.cloudflare.com/client/v4/accounts/<redacted>/access/logs/access_requests

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Yep but I receive back

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 12082,
      "message": "access.api.error.zone_not_specified_and_apps_not_found"
    }
  ],
  "messages": []
}

{
  "result": null,
  "success": false,
  "errors": [
    {
      "code": 12082,
      "message": "access.api.error.zone_not_specified_and_apps_not_found"
    }
  ],
  "messages": []
}

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Yep magic is nice and works well. Ill work on verifying each of the above. Is there an endpoint that lists the logs for zerotrust? I checked the api docs but when calling the endpoint it requires additional fields not listed in the apidocs.

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Ok, so I also need an cloudflare.ZeroTrustAccessApplication on top of the Token and Policy resource? and last would be cloudflare.HyperdriveConig resource?

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

So far I have been reverse engineering the access application and policies from the list API call via curl but I assume there is a better way

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Still running into issues but hopefully a quick question. I was able to create a successful hyperdrive connection in the browser but it seems it auto creates an application in ZeroTrust. There seems to be a lot of magic happening in the background from the UI. Can I just create a access application via IAC and would that also create the tokens and policies?

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Ahhh ok. That helps a ton to understand better

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

looks like the cloudflare.ZeroTrustAccessServiceToken and then cloudflare.ZeroTrustAccessPolicy both need to be created first then used with the cloudflare.HyperdriveConfig?

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

I deleted the existing access policy that shows up and recreated it in the console via clickops in the hyperdrive screen and immediately saw a connection attempt logged in the cloudflared container. progress!

49 replies

CDCloudflare Developers

•Created by midnight on 4/21/2025 in #hyperdrive

I am working on standing up a CF tunnel

Ha! just checked the policies attaches to the application and it looks like there are 12 already attached. I bet there is a conflict there.

49 replies

Gaming

Programming