Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configuration needed to use IAS and SMS #382

Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions app/xs-app.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,66 +7,66 @@
"cacheControl": "no-cache, no-store, must-revalidate",
"target": "$1",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/appconfig/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/browse/webapp/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/admin/webapp/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/orders/webapp/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/reviews/webapp/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/notes/webapp/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/addresses/webapp/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/vue/(.*)$",
"localDir": "./",
"authenticationType": "xsuaa"
"authenticationType": "ias"
},
{
"source": "^/api/admin/(.*)",
"authenticationType": "xsuaa",
"authenticationType": "ias",
"destination": "backend"
},
{
"source": "^/api/browse/(.*)",
"authenticationType": "xsuaa",
"authenticationType": "ias",
"destination": "backend"
},
{
"source": "^/api/review/(.*)",
"authenticationType": "xsuaa",
"authenticationType": "ias",
"destination": "backend"
},
{
"source": "^/api/notes/(.*)",
"authenticationType": "xsuaa",
"authenticationType": "ias",
"destination": "backend"
},
{
Expand Down
173 changes: 173 additions & 0 deletions mta-multi-tenant-ias-ams.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
_schema-version: '2.1'
ID: bookshop-mt-ias
version: 1.0.0
description: "Multitenant Bookshop CAP Java Project with UI"
parameters:
enable-parallel-deployments: true
modules:
# --------------------- SERVER MODULE ------------------------
- name: bookshop-mt-ias-srv
# ------------------------------------------------------------
type: java
path: srv
parameters:
memory: 1024M
disk-quota: 512M
buildpacks:
- https://github.com/SAP/cloud-authorization-buildpack/releases/latest/download/opa_buildpack.zip
- sap_java_buildpack_jakarta
routes:
- route: '${default-url}'
- route: '${default-host}.cert.${default-domain}'
properties:
SPRING_PROFILES_ACTIVE: cloud,sandbox
CDS_MULTITENANCY_APPUI_TENANTSEPARATOR: "-"
JBP_CONFIG_COMPONENTS: "jres: ['com.sap.xs.java.buildpack.jre.SAPMachineJRE']"
JBP_CONFIG_SAP_MACHINE_JRE: '{ version: 21.+ }'
AMS_DCL_ROOT: "/BOOT-INF/classes/ams/"
build-parameters:
builder: custom
commands:
- mvn clean package -DskipTests=true
build-result: target/*-exec.jar
requires:
- name: bookshop-mt-ias-service-manager
- name: bookshop-mt-ias-sms
- name: bookshop-mt-ias-identity
parameters:
config:
credential-type: "X509_GENERATED"
key-length: 2048
validity: 30
validity-type: "DAYS"
app-identifier: "microservice1"
- name: mtx-api
properties:
CDS_MULTITENANCY_SIDECAR_URL: ~{mtx-url}
- name: app-api
properties:
CDS_MULTITENANCY_APPUI_URL: ~{app-url}
- name: cf-logging
provides:
- name: srv-api
properties:
srv-url: '${default-url}'
srv-cert-url: '${protocol}://${default-host}.cert.${default-domain}'
# --------------------- SIDECAR MODULE -----------------------
- name: bookshop-mt-ias-sidecar
# ------------------------------------------------------------
type: nodejs
path: mtx/sidecar
parameters:
memory: 256M
disk-quota: 1024M
build-parameters:
builder: custom
build-result: gen
commands:
- npm run build
requires:
- name: bookshop-mt-ias-srv
requires:
- name: bookshop-mt-ias-service-manager
- name: bookshop-mt-ias-identity
parameters:
config:
credential-type: "X509_GENERATED"
key-length: 2048
validity: 30
validity-type: "DAYS"
app-identifier: "microservice1"
- name: cf-logging
provides:
- name: mtx-api
properties:
mtx-url: ${default-url}
# --------------------- APPROUTER MODULE ---------------------
- name: bookshop-mt-ias-app
# ------------------------------------------------------------
type: approuter.nodejs
path: app
parameters:
memory: 256M
disk-quota: 512M
keep-existing-routes: true
properties:
TENANT_HOST_PATTERN: ^(.*)-${default-host}.${default-domain} # testing only, use custom domain with wildcard for production
requires:
- name: srv-api
group: destinations
properties:
name: backend
url: ~{srv-cert-url}
forwardAuthCertificates: true
forwardAuthToken: true
strictSSL: true
- name: bookshop-mt-ias-identity
parameters:
config:
credential-type: "X509_GENERATED"
key-length: 2048
validity: 30
validity-type: "DAYS"
app-identifier: "microservice1"
- name: bookshop-mt-ias-sms
provides:
- name: app-api
properties:
app-url: '${default-url}'
app-domain: '${default-domain}'
# --------------------- RESOURCES ---------------------
resources:
# -----------------------------------------------------
- name: bookshop-mt-ias-service-manager
type: org.cloudfoundry.managed-service
parameters:
service: service-manager
service-plan: container
- name: bookshop-mt-ias-identity
type: org.cloudfoundry.managed-service
parameters:
service: identity
service-plan: application
config:
authorization:
enabled: true
value_help_url: "https://vhp-srv-develop.cert.cfapps.sap.hana.ondemand.com/odata/v4/ExampleValueHelpService/"
oauth2-configuration:
redirect-uris: [
"https://*.cfapps.sap.hana.ondemand.com/**",
"https://*.internal.cfapps.sap.hana.ondemand.com/node/signin-oidc/*",
"http://localhost:5000/login/callback?authType=ias"
]
xsuaa-cross-consumption: true
display-name: bookshop-mt-ias-identity
multi-tenant: true
- name: bookshop-mt-ias-sms
type: org.cloudfoundry.managed-service
parameters:
service: subscription-manager
service-plan: provider
config:
iasServiceInstanceName: bookshop-mt-ias-identity
applicationType: application
appName: bookshop-mt-ias
appCallbacks:
dependenciesCallbacks:
url: ~{srv-api/srv-cert-url}/mt/sms/subscriptions/tenants/{app_tid}/dependencies
subscriptionCallbacks:
url: ~{srv-api/srv-cert-url}/mt/sms/subscriptions/tenants/{app_tid}
subscribeEnable: true
unSubscribeEnable: true
timeoutInMillis: 60000
displayName: bookshop-mt-ias
description: "MT Bookshop using IAS & AMS"
category: "Application Development and Automation"
requires:
- name: srv-api
processed-after: [ bookshop-mt-ias-identity ]
- name: cf-logging
type: org.cloudfoundry.managed-service
parameters:
service: application-logs
service-plan: lite
3 changes: 3 additions & 0 deletions mtx/sidecar/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,9 @@
"profiles": ["mtx-sidecar", "java"],
"[development]": {
"requires": { "auth": "dummy" }
},
"requires": {
"auth": "ias"
}
},
"scripts": {
Expand Down
14 changes: 14 additions & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
<xsuaa.version>3.5.3</xsuaa.version>
<cf-java-logging-support.version>3.8.4</cf-java-logging-support.version>
<cds.cdsdk-version>8.3.0</cds.cdsdk-version>
<ams.client.version>1.7.0</ams.client.version>
</properties>

<modules>
Expand Down Expand Up @@ -71,6 +72,19 @@
<version>4.0.0</version>
</dependency>

<!-- AUTHORIZATION MANAGEMENT SERVICE (AMS) -->
<dependency>
<groupId>com.sap.cloud.security.ams.client</groupId>
<artifactId>jakarta-ams</artifactId>
<version>1.7.0</version>
</dependency>
<!-- INTEGRATE CAP WITH AMS -->
<dependency>
<groupId>com.sap.cloud.security.ams.client</groupId>
<artifactId>cap-support</artifactId>
<version>1.7.0</version>
</dependency>

</dependencies>
</dependencyManagement>

Expand Down
11 changes: 11 additions & 0 deletions srv/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,17 @@
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>

<!-- ADD THE AUTHORIZATION MANAGEMENT SERVICE (AMS) -->
<dependency>
<groupId>com.sap.cloud.security.ams.client</groupId>
<artifactId>jakarta-ams</artifactId>
</dependency>
<!-- INTEGRATE CAP WITH AMS -->
<dependency>
<groupId>com.sap.cloud.security.ams.client</groupId>
<artifactId>cap-support</artifactId>
</dependency>
</dependencies>

<build>
Expand Down
7 changes: 7 additions & 0 deletions srv/src/main/resources/ams/bookshop/bookshop.dcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
POLICY Admin {
GRANT admin ON $SCOPES;
}

POLICY Expert {
GRANT expert ON $SCOPES;
}
2 changes: 2 additions & 0 deletions srv/src/main/resources/ams/schema.dcl
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
SCHEMA {
}
1 change: 1 addition & 0 deletions srv/src/main/resources/application.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ cds:
kind: enterprise-messaging
format: cloudevents
subscribe-prefix: sap/S4HANAOD/java/ce/
security.authorization.deep.enabled: true

---
spring:
Expand Down
Loading