Skip to content
This repository has been archived by the owner on Nov 7, 2024. It is now read-only.

Latest commit

 

History

History
52 lines (34 loc) · 4.24 KB

72-Multi-Tenancy-Provisioning-Service-Broker.md

File metadata and controls

52 lines (34 loc) · 4.24 KB

Configure and Consume the APIs of the BTP Application

In earlier steps Enhance the BTP Application by a Service Broker the service broker is available as part of application deployed in the provider BTP subaccount.

The service broker is used to enable access to application OData services using tenant-specific credentials and authorizations taking into account the tenant isolation in an multi-tenant application.

In this tutorial we describe the steps to configure and consume the APIs of the BTP application in the consumer BTP subaccount.

Service Broker configuration in an subscriber BTP subaccount involves following steps:

In general there are two approaches to create a service broker instance in the consumer subaccount: You can use the Cloud Foundry CLI or the BTP CLI. In our example here we use the CF CLI because using the BTP CLI would require additional steps to install BTP CLI and run the BTP commands.

BTP Cockpit - consumer subaccount:

  1. Activate Cloud Foundry (without quota)
    • Open the consumer subaccount.
    • Create an instance of Cloud Foundry without quota.

      Note: Cloud Foundry instance is required to run the cloud foundry commands for the creation of service broker instance (as shown in next steps) and user should have administrative permissions with access to Cloud Foundry space to run service broker related commands.

    • Provide a user with administrative permissions, with access to Cloud Foundry org member and Cloud Foundry space member.

Business Application Studio:

  1. Create a service broker instance
    • Login to the Cloud Foundry space of the consumer subaccount (command cf login).

    • Create a service broker instance using the following command cf create-service-broker <broker-name-per-tenant> <broker-user> <plain-broker-password> <Broker-URL> --space-scoped (example: cf create-service-broker author-readings-armt-s2 brokeruser e5jS3jVzchJK3b8cRR88R3CW0qMaFK7V https://armt-runtime-author-readings-servicebroker.cfapps.eu10.hana.ondemand.com --space-scoped

      Note: The broker-name-per-tenant needs to be unique in the global account; we suggest using the tenant number as suffix, for example: If the tenant name is "armt-s2" then set the broker name "service-broker-armt-s2".

      Note: broker-user and plain-broker-password is generated in the earlier chapter Enhance the BTP Application by a Service Broker; replace plain-broker-password with the plaintext password generated by hash-broker-password script.

      Note: you delete the service broker instance using the command cf delete-service-broker <BrokerName>.

      Note: Space scoped brokers are registered to a specific space, and all users within that space can access the broker’s service plans. With space-scoped brokers, service visibility is not managed separately.

      Note: BrokerName is an arbitrary name used to distinguish the service broker from the rest. It is independent from the broker application name.

BTP Cockpit - consumer subaccount:

  1. Open the CF space and navigate to the CF space Service Marketspace: Create an instance of the Author Readings API-service and choose an instance name, for example "author-readings-api".

  2. Open the BTP cockpit menu item Instances and Subscriptions and create a Service Key for the newly created service broker instance

    • Click on Create button in the Service Keys section
    • Enter arbitary Service Key Name (e.g. "api-key")
    • Click on Create button
    • Click on the above created Service Key, check the service key json and take note of the following elements:
      • endpoints.authorreadings (in the first line of the json) as Service Key API-Endpoint
      • uaa.clientid as Service Key UAA Client-ID
      • uaa.clientsecret as Service Key UAA Client-Secret
      • uaa.url as Service Key UAA-URL

With these steps you are ready to explore and test the OData services using Postman. In folder api-samples you find a Postman collection and a Postman environment with some examples. Check the documentation of the Postman collection for further details about how to run the examples.