From 590e9cf70fd8fec6b4f40eec81c7d89d1d14ed14 Mon Sep 17 00:00:00 2001
From: karthick udayakumar <karthick.udayakumar@broadcom.com>
Date: Mon, 5 Jan 2026 11:37:42 -0500
Subject: [PATCH] Set https_server_enabled to true in cf-deployment

---
 cf-deployment.yml                        | 14 ++++++++++++++
 ci/pipelines/cf-deployment.yml           |  1 -
 operations/README.md                     |  1 -
 operations/enable-tls-on-file-server.yml | 22 ----------------------
 units/tests/standard_test/operations.yml |  1 -
 5 files changed, 14 insertions(+), 25 deletions(-)
 delete mode 100644 operations/enable-tls-on-file-server.yml

diff --git a/cf-deployment.yml b/cf-deployment.yml
index 23b4096b9..e7f50961d 100644
--- a/cf-deployment.yml
+++ b/cf-deployment.yml
@@ -1054,6 +1054,10 @@ instance_groups:
       bpm:
         enabled: true
       enable_consul_service_registration: false
+      https_server_enabled: true
+      tls:
+        cert: "((file_server_cert.certificate))"
+        key: "((file_server_cert.private_key))"
       loggregator: *diego_loggregator_client_properties
   - name: routing-api
     release: routing
@@ -2425,6 +2429,16 @@ variables:
     - cc-uploader.service.cf.internal
     extended_key_usage:
     - server_auth
+- name: file_server_cert
+  type: certificate
+  update_mode: converge
+  options:
+    ca: service_cf_internal_ca
+    common_name: file-server.service.cf.internal
+    alternative_names:
+    - file-server.service.cf.internal
+    extended_key_usage:
+    - server_auth
 - name: diego_locket_server
   type: certificate
   options:
diff --git a/ci/pipelines/cf-deployment.yml b/ci/pipelines/cf-deployment.yml
index 9b0806880..a800fbd40 100644
--- a/ci/pipelines/cf-deployment.yml
+++ b/ci/pipelines/cf-deployment.yml
@@ -599,7 +599,6 @@ jobs:
         operations/experimental/enable-tls-cloud-controller-postgres.yml
         operations/change-postgres-max-connections.yml
         operations/use-internal-lookup-for-route-services.yml
-        operations/enable-tls-on-file-server.yml
         operations/test/speed-up-dynamic-asgs.yml
         operations/use-cflinuxfs4-compat.yml
         operations/smoke-tests-timeout-scale.yml
diff --git a/operations/README.md b/operations/README.md
index af363ec7c..a73ba3bc2 100644
--- a/operations/README.md
+++ b/operations/README.md
@@ -52,7 +52,6 @@ This is the README for Ops-files. To learn more about `cf-deployment`, go to the
 | [`enable-privileged-container-support.yml`](enable-privileged-container-support.yml) | Enables Diego privileged container support. | | **NO** |
 | [`enable-service-discovery.yml`](enable-service-discovery.yml) | Enables application service discovery | | **YES** |
 | [`enable-smb-volume-service.yml`](enable-smb-volume-service.yml) | Enables volume support and deploys an SMB broker and volume driver | As of cf-deployment v2, you must use the `smbbrokerpush` errand to cf push the smb broker after `bosh deploy` completes. | **NO** |
-| [`enable-tls-on-file-server.yml`](enable-tls-on-file-server.yml) | Enables TLS on file-server for assets | Enables downloading lifecycle assets over HTTPS | **NO** |
 | [`enable-v2-api.yml`](enable-v2-api.yml) | Enable Cloud Controller API v2 endpoints | | **NO** |
 | [`override-app-domains.yml`](override-app-domains.yml) | Switches from using the system domain as a shared app domain; allows the configuration of one or more shared app domains instead. | Adds [new variables](example-vars-files/vars-override-app-domains.yml).<br/> **CAUTION:** Seeding domains with a router group name (including TCP domains) may cause problems deploying. Please use the `cf` CLI to add shared domains with router group names. | **NO** |
 | [`rename-network-and-deployment.yml`](rename-network-and-deployment.yml) | Allows a deployer to rename the network and deployment by passing a variables `network_name` and `deployment_name` | **CAUTION:** If you are using this ops file along  with another ops file that increases the number of instance groups (e.g. `perm-services.yml`), this ops file will not rename the network for those instance groups. | **YES** |
diff --git a/operations/enable-tls-on-file-server.yml b/operations/enable-tls-on-file-server.yml
deleted file mode 100644
index 4eb463e5b..000000000
--- a/operations/enable-tls-on-file-server.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-- type: replace
-  path: /instance_groups/name=api/jobs/name=file_server/properties/https_server_enabled?
-  value: true
-- type: replace
-  path: /instance_groups/name=api/jobs/name=file_server/properties/tls?
-  value:
-    cert: ((file_server_cert.certificate))
-    key: ((file_server_cert.private_key))
-- type: replace
-  path: /variables/-
-  value:
-    name: file_server_cert
-    type: certificate
-    update_mode: converge
-    options:
-      ca: service_cf_internal_ca
-      common_name: file-server.service.cf.internal
-      alternative_names:
-      - file-server.service.cf.internal
-      extended_key_usage:
-        - server_auth
diff --git a/units/tests/standard_test/operations.yml b/units/tests/standard_test/operations.yml
index 7adcbd724..7db01827d 100644
--- a/units/tests/standard_test/operations.yml
+++ b/units/tests/standard_test/operations.yml
@@ -31,7 +31,6 @@ enable-nfs-volume-service.yml: {}
 enable-privileged-container-support.yml: {}
 enable-service-discovery.yml: {}
 enable-smb-volume-service.yml: {}
-enable-tls-on-file-server.yml: {}
 enable-v2-api.yml: {}
 openstack.yml: {}
 override-app-domains.yml: