Question

Roles arent transferred to the SAP Cloud - XSUAA service doesnt update

0

Hi everyone, I've deployed my app to the SAP Cloud Foundry in 2 ways: 1st method: When deploying my app to the Cloud via the Mendix Platform, everything is fine as services are automatically created and bound to my app. 2nd method: When deploying it via the "Run in Cloud Foundry"- command within the Modeler, I need to setup everything manually as stated in the documentation: https://docs.mendix.com/deployment/cloud-foundry/ which I do accordingly. As I'd like to make use of the XSUAA module, I've thus also created the xsuaa Authorization service and bound it to my app. The problem now consists in the role transfer: While deployment on the Mendix Platform (1st method), roles are automatically created and transferred to my SAP Cloud Account. When deploying in the Modeler with help of the "Run in the Cloud Foundry" command (2nd method), nothing is transferred. I can see that the xsuaa service does automatically update by deployment with the 1st method. You can also see this on my screenshots; the xsuaa-service which succeeds with role transfer has "updated" as last operation, the manually created service remains on "Created". Do you know how to overcome this, or at which step I do fail? Best regards and many thanks in advance, Laura The one with which role transfer works: The one with which it fails:

asked 2018-10-08

Laura Liardo

1 answers

Lilith Firoozbakhtan · Accepted Answer · 2018-10-16

Yes of course when you use the generic deploy to cf we don't do any SAP specific actions.
What we do is that on every deploy that you make from SCP, we update the xsuaa module since the roles could have been changed in your latest deployment package ( like adding a new role to the app)
This is the format that we use to update the xsuaa module:

{
"xsappname": <YOUR_APP_NAME>,
"scopes": [
    {
      "name": "$XSAPPNAME.user",
      "description": "user"
    },
    {
      "name": "$XSAPPNAME.administrator",
      "description": "Admin"
    }
],
"attributes": [],
"role-templates": [
    {
      "name": "User",
      "description": "User",
      "scope-references": [
        "$XSAPPNAME.user",
        "uaa.user"
      ]
    },
    {
      "name": "Administrator",
      "description": "Administrator",
      "scope-references": [
        "$XSAPPNAME.administrator",
        "uaa.user"
      ]
    }
]
}

and the xsappname should be changed to their actual app name

and like the example, you also need to manually write all the roles both in the scopes and in the role-templates, (it's case sensitive)