cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issues while implementing Cross container access in BAS (Cloud Application Programming Model)

vishali3
Explorer

on ‎02-25-2021 11:53 AM

0 Kudos

Hi All,

I am trying to replicate the tables present in one CAP project(bookshop) into another CAP project(LPRShiftAssignment) using cross container access/cross HDI access.

For this, we added the cross container service in modules section in mta.yaml (cross-container-service). We were able to bind the containers (screenshot is shown below)

- name: cross-container-service-1
  type: org.cloudfoundry.existing-service
  parameters:
    service-name: test-1-vish
  properties:
    the-service-name: ${service-name}



The grants file(in LPRShiftAssignment project) is as shown : 
{
    "ServiceName_1": {
        "object_owner": {
            "container_roles": ["bookshop.db.roles::user"]
        },
        "application_user": {
            "roles": ["bookshop.db.roles::user1"]
        }
    }
}

Also tried this in grants:

The user role (in bookshop project):

Tried this to for user role as well

{
"role":{
    "name " :"user",
    "object_privileges": [{
        "name":"bookshop.db::bookshop.Books",
        "type": "TABLE",
        "privileges": ["SELECT","INSERT","UPDATE", "DELETE"      ]
    }]
}
}

and user# role(in bookshop project)

Also tried this :

{
"role":{
    "name " :"user#",
    "object_privileges": [{
        "name":"bookshop.db::bookshop.Books",
        "type": "TABLE",
        "privileges_with_grant_option": ["SELECT","INSERT","UPDATE", "DELETE"    ]
    }]
}


}

While deploying the bookshop app, the deployment was successful, but got this message in the logs:

Deploying to the container "48700CBFF5334C1B8A03420AD69B434E"... ok (0s 272ms)
No default-access-role handling needed; global role "48700CBFF5334C1B8A03420AD69B434E::access_role" will not be adapted
Unlocking the container "48700CBFF5334C1B8A03420AD69B434E"...
Unlocking the container "48700CBFF5334C1B8A03420AD69B434E"... ok (0s 1ms)
Deployment to container 48700CBFF5334C1B8A03420AD69B434E done [Deployment ID: none].
Deployment ended at 2021-02-25 10:10:47
(3s 884ms)

While deploying the LPRShiftAssignment project(target project) after creating the Grants, roles and synonyms files, we are getting an error message (pasted below) because of which deployment fails

Session variable APPLICATION is set to "SAP_HDI//".
Previous build with request ID 13809 finished at 2021-02-23 14:05:09.290983000 with status Committed and message: Starting make in the container "5B717A6C06F7445AB6A204172FF1D51F" with 0 files to deploy, 0 files to undeploy... ok.
Processing revoke files...
Processing revoke files... ok (0s 0ms)
Processing grants files...
 Processing "src/cfg/user.hdbgrants"...
  Using grantor service "ServiceName_1" of type "hdi"
 Granting schema roles in the container "48700CBFF5334C1B8A03420AD69B434E" and the parameters "[]"... 
  Granting the schema role "user" to the principal "5B717A6C06F7445AB6A204172FF1D51F#OO" in the schema "" with grant option = "false" 
  Error: Database error 389: : invalid role name: user: line 1 col 7 (at pos 6) [8201003]
 Error: Granting schema roles in the container "48700CBFF5334C1B8A03420AD69B434E" and the parameters "[]"... failed [8214221]
Error: Error executing: CALL "48700CBFF5334C1B8A03420AD69B434E#DI".GRANT_CONTAINER_SCHEMA_ROLES(#CONTAINER_ROLES, #CONTAINER_ROLES_PARAMETERS, ?, ?, ?);
 (nested message: HDI call failed)
grantor service: "ServiceName_1", type: "hdi", user: "48700CBFF5334C1B8A03420AD69B434E_COB0TIRQ68OCRZLHFSV1MIJ2H_DT" (hdi_user)
file name: src/cfg/user.hdbgrants
(2s 390ms)


npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! deploy@ start: `node node_modules/@sap/hdi-deploy/deploy.js "--exit"`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the deploy@ start script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.


npm ERR! A complete log of this run can be found in:
npm ERR!     /home/user/.npm/_logs/2021-02-25T11_49_20_404Z-debug.log

Need some help here to successfully establish cross container access.

I have not worked much on grantors and roles. So I am not sure if I am successfully able to establish the grants.

I was also following the video tutorials by thomas.jung on cross container access for reference. ( video link :

https://www.youtube.com/watch?v=s224ZA2fegk )


It would be helpful if i can get any code snippets / github links for implementing this.


Thanks and regards,
Vishali

Show replies
Show replies
thomas_jung
Developer Advocate
Developer Advocate
‎02-25-2021 1:35 PM
0 Kudos

Its unclear to me as to which roles are in which container and which ones you want to grant cross container. But the error log says that user role doesn't exists. This is in the grantor so it means in the context of the foreign container there is no local role named user. Did you in fact create this role user in the foreign container?

vishali3
Explorer
‎02-25-2021 3:46 PM
0 Kudos

Hi Thomas,

So, bookshop is my foreign container which has the books entity which i want to use in my other project. So I have created the user.hdbrole in the bookshop project. But after deployment , in CF I am not able to see the roles being created in the role collections tab of the cockpit. (Am I checking it in the right place? or is there somewhere in db explorer to check if my container has the roles defined)

Also , the user# role with privileges_with_grants was also created (I have pasted the screenshot in the question)




EDIT : I was able to overcome the original error message. The fix I tried and was successful was to put the roles inside "db/src/roles" folder and added a .hdiconfig file in the src folder.

This is my user.hdbgrants:


{
    "ServiceName_1": {
        "object_owner": {
            "container_roles": ["user#"]
        },
        "application_user": {
            "container_roles": ["user"]
        }
   }
}

This is my user.hdbsynonym:
{
    "LPRSHIFTASSIGNMENT_EXT_BOOKS": {
        "target": {
            "object": "BOOKSHOP_BOOKS",
           "grantor": "ServiceName_1" 
    
        }
    }
}
When i used the grantor in my .hdbsynonym, I am getting the following error:


Migrating libraries... ok  (0s 8ms)
  Making... 
   Preparing... 
   Adding "src/synonyms/user.hdbsynonym" for deploy... 
   Preparing the make transaction... 
   Adding "src/synonyms/user.hdbsynonym" for deploy... ok  (0s 24ms)
   Preparing... ok  (0s 43ms)
   Preparing the make transaction... ok  (0s 111ms)
   Calculating dependencies... 
    Expanding... 
     Expanding "src/synonyms/user.hdbsynonym"... 
     Error: com.sap.hana.di.synonym: "/LPRSHIFTASSIGNMENT_EXT_BOOKS/target/grantor": invalid xpath [8258506]
       at "src/synonyms/user.hdbsynonym" (5:12,/LPRSHIFTASSIGNMENT_EXT_BOOKS/target/grantor)
     Error: com.sap.hana.di.synonym: Expanding "src/synonyms/user.hdbsynonym"... failed [8212149]
       at "src/synonyms/user.hdbsynonym" (0:0)
    Error: Expanding... failed [8212136]
   Error: Calculating dependencies... failed [8212108]
   Make failed (6 errors, 0 warnings): tried to deploy 1 files, undeploy 0 files, redeploy 0 dependent files 
  Error: Making... failed [8211605]
 Error: Starting make in the container "5B717A6C06F7445AB6A204172FF1D51F" with 1 files to deploy, 0 files to undeploy... failed [8214168]
Deployment to container 5B717A6C06F7445AB6A204172FF1D51F failed - error: HDI make failed [Deployment ID: none].
Error: HDI make failed
(5s 392ms)
Answer

Accepted Solutions (0)

Answers (0)

Ask a Question