- Kyma ❌
- Cloud Foundry ✅
Important - This part of the tutorial is required for Cloud Foundry deployments only!
Before the deployment of the sample application to your Cloud Foundry environment, you need to build the project and do some basic steps which are required for security purposes. After deployment, please make sure that the required credential values are stored in the SAP Credential Store created during deployment.
Let's get started with the preparation of the codebase in which a few customizations need to be undertaken before you can start the build and deployment to your provider subaccount.
1.1. (Fork and) Clone this repository, switch to the deploy directory where you can find a folder called cf containing all objects required for the Cloud Foundry deployment.
git clone https://github.com/SAP-samples/btp-cap-multitenant-saas
cd deploy/cf1.2. Provide a receiver mail address in the Alert Notification service configuration file alert-notif.json which you can find in the config directory.
Hint - You can also create an alert-notif-private.json file or rename the existing file, so your details are not being committed to GitHub. In this case, please make sure to adjust the mta.yaml file accordingly or add the respective reference to your mtaext file (see upcoming steps).
1.3. From the deploy/cf directory please run the following npm scripts to create unique catalog IDs and credentials for your service broker instance.
npx --yes -p @sap/sbf hash-broker-password -b
npx --yes -p @sap/sbf gen-catalog-ids ../../code/broker/catalog.json1.4. After completing the previous step please note that your unique IDs are added to your /code/broker/catalog.json and you should see an output similar to the screenshot below. Store the plaintext password for later usage and please copy the hashed credentials which are highlighted below.
Important - Please make sure to store the hashed credentials and the plaintext password in a secure place especially in a productive scenario. You and also other SAP BTP platform administrators should have access at any time! The corresponding user in this scenario is broker-user.
1.5. To prevent your hashed credentials being committed to GitHub, please first copy the free-basic.mtaext or trial-basic.mtaext file (depending on your target environment) and add -private to the filename (e.g., free-basic-private.mtaext).
Important - Files named *-private.mtaext will be ignored by Git.
1.6. Paste the hashed credential value to the private deployment descriptor MTA Extensions file you just created. As explained, we highly recommend using private MTA Extension Descriptors for this purpose which are not being pushed to Git by mistake.
Hint - If you created a private config file for Alert Notification (alert-notif-private.json), please also include it in your mtaext file accordingly as you can see below!
resources: - name: susaas-alert-notification parameters: service-plan: standard path: ./config/alert-notif-private.json
1.7. Build your project from the deploy/cf directory. Make sure to reference your MTA Extension Descriptor file, either now, when building or later, when deploying your application!
Hint - Make sure to use the mtaext file for trial scenarios if you are deploying the solution to a trial environment.
Sample
$ mbt build -e ./mtaext/free-basic-private.mtaext
$ cf deploy mta_archives/susaas_0.0.1.mtar1.8. Please run the command below to deploy the SaaS application to your provider subaccount. Make sure to reference your MTA Extension Descriptor file, if not done during the build process yet! In that case, you can just skip the additional parameter.
$ cf deploy mta_archives/<your_mtar_file> -e <path of your MTA Extension Descriptor file>Sample
$ cf deploy mta_archives/susaas_0.0.1.mtar -e ./mtaext/free-basic-private.mtaext1.9. After the deployment of the Alert Notification service instance, you should have an e-mail in your inbox, requiring a confirmation that you're willing to receive messages from Alert Notification. Please confirm this request accordingly.
Hint - If you don't receive an e-mail, please make sure you successfully completed step 1.2. of the current chapter. If not, please repeat the previous steps or change the recipient in the existing Alert Notification service instance. Also check your Spam folder.
1.10. Once the deployment has finished, you're almost ready to go. To support some automation steps like the creation of routes or deployment of the API Service Broker in the consumer subaccounts, make sure not to miss the next step before settings up your first consumer subaccount.
Before you learn how to subscribe new tenants in the next part of the mission, you need to provide two credentials in the Credential Store. These credentials are essential for some parts of the automated subscription process.
2.1. In your provider subaccount, please go to the Instances and Subscriptions menu and click on your <SpaceName>-susaas-credstore instance or use the Manage Instance button.
2.2. In the instance management, please switch to the Credential Store menu and click on Create Namespace.
2.3. A namespace needs to be created together with the first credential value. Therefore, please select the Credential Type Password and click on Next.
2.4. In the following screen, define the namespace called susaas and provide the following credential value details.
Name: btp-admin-user
Value & Username:
Provide the e-mail address (Username) and password (Value) of an SAP BTP user which is used for automation purposes. Make sure this user has the Subaccount Administrator role-collection in your Provider subaccount and the Space Developer role in the respective Cloud Foundry Space. For testing purposes, your current user should be sufficient.
Hint - If you don't want to use a personal/named user for this purpose, we recommend using a custom IdP and defining a technical user there. The usage of P or S-User for technical tasks is possible but especially for productive scenarios not recommended by SAP.
2.5. Please create a second Password credential value as described below.
Name: susaas-broker-credentials
Value & Username:
As Value please provide the Plaintext Password of your API broker user. This password is required when registering the API broker in any of your consumer subaccounts during automation.
Hint - You created this password in step 1.4 of "Prepare the SaaS Application for deployment".
As a Username please use the value broker-user.
For troubleshooting please check the separate Troubleshooting section (click here).
Please use the following links to find further information on the topics above:
- SAP Help - SAP Alert Notification service for SAP BTP
- SAP Help - SAP Alert Notification service for SAP BTP Client
- npmjs - @sap/sbf Service Broker Framework
- SAP Help - Multitarget Applications in the Cloud Foundry Environment
- SAP Help - Multitarget Application Commands for the Cloud Foundry Environment
- SAP Help - Defining MTA Extension Descriptors
- Cloud MTA Build Tool (MBT)
- CAP documentation - Providing Initial Data
- CAP documentation - Configuration Profiles
- SAP Help - SAP Credential Store