on 2023 Jul 05 4:07 PM
Hello Community,
We have a CAP-based application in CF, that already uses XSUAA's "application" service plan. We have a use case to manage user roles from the application itself.
After updating the MTA file, by creating a new XSUAA instance with the service plan as "apiaccess" and binding it with "app-srv", we observed that the key binding succeeds, but the "app-srv" crashes while deployment.
Error in app-srv.log:
[ERROR] VError: Found 2 matching services (STDERR, APP/PROC/WEB)
Module:
- name: app-srv
type: nodejs
path: gen/srv
requires:
- name: app-auth
- name: app-auth-api
- name: app-db
provides:
- name: srv_api
properties:
srv-url: ${default-url}
Resources:
- name: app-auth
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
path: ./xs-security.json
service-plan: application
config:
xsappname: app-auth-${space}
tenant-mode: dedicated
- name: app-auth-api
type: org.cloudfoundry.managed-service
parameters:
service: xsuaa
service-plan: apiaccess
config:
tenant-mode: dedicated
- name: app-db
type: com.sap.xs.hdi-container
parameters:
service: hana
service-plan: hdi-shared
properties:
hdi-service-name: ${service-name}
PS:
1. We are looking to create the XSUAA service instances via MTA, instead of creating the same from BTP manually.
2. We have been successful in making the UserManagement API calls, by manually creating the XSUAA service instance with "apiaccess" service-plan (without any bindings to app-srv)
Request clarification before answering.
Hi sriharsha_cr,
maybe the following approach works, specifying further details on the service binding to be used for authentication as part of your package.json / .cdsrc.json? Worked for other services like service-manager in our scenario!
"auth": {
"[production]": {
"kind": "xsuaa",
"vcap": {
"label": "xsuaa",
"plan": "application"
}
}
},
All the best,
Martin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello martinfrick,
I did try this approach, but I was not able to get the expected result. There is a note (2760424), that states the service instance of "apiaccess" plan cannot be subscribed. I have created an internal incident on this note, to see if there are any further updates made.
Best Regards,
Harsha
Apparently, note #2760424 says that subscribing to the instance of `apiaccess` service instance is not possible.
Refer:
SAP BTP Security: How to use REST API of XSUAA to ... - SAP Community
User | Count |
---|---|
81 | |
30 | |
10 | |
8 | |
7 | |
7 | |
6 | |
6 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.