The project codes for this article can be downloaded from Github.
What is YaaS
YaaS (Hybris as a Service) is a microservices ecosystem helping businesses to rapidly augment and build new, highly flexible solutions. Two role in YaaS, one is provider, another is consumer. As a provider, add new microservice-based features to your products or create your own services and apps from scratch. As a business, subscribe to YaaS services and add new capabilities to your applications.
As a Provider
As a provider, you can create a service in YaaS, before that you need to create a service in the HANA Cloud Platform, other programming languages or Java technologies are supported. Once you have a REST web service that is deployable on the web, continue to create a service in YaaS.
These two series articles introduced two approach about how to create a service on HCP:
- How to create a service in HCP Cloud Foundry
- How to develop an XS application on the SAP HANA Cloud Platform
Application on Cloud Foundry
In this article, use the application on HCP cloud foundry service to provide the microservices to YaaS.
Change the application code from the first series articles to process requests from YaaS.
Application Code
For testing getting the information from YaaS, you can add an Express routing to return the information in the body of response in the messages module.
// for testing getting information from YaaS
oApp.get('/api/yaas', function (req, res) {
res.json({
reqMethod: req.method,
reqUrl: req.url,
reqHeaders: req.headers
});
});
The other Express routings:
- get /api/message
- post /api/message
- get /api/message/:id
- delete /api/message/:id
- put /api/message/:id
The rest of the application don’t need to be changed.
Push Application
Push the application to HCP Cloud Foundry, you will get to access the urls: Base url https://digital-account.cfapps.us10.hana.ondemand.com/api and the sub-paths:
- get /yaas
- get /message
- post /message
- get /message/:id
- delete /message/:id
- put /message/:id
Publish Service in YaaS
Register a Service in the Builder
Register Service in Builder
Follow the tutorial Register a Service in the Builder, register the app on HCP cloud foundry service in the YaaS builder.
The base path for the application will be the source url, and the generated proxy url follows the pattern
https://{yaas-api-host}/{org-path}/{project-id}/{project-version}
This app will get the generated proxy url
https://api.yaas.io/tiven-labs/digital-account/v1
Authorization Rules
Authorization rules enable you to secure your service by assigning scopes for different operations without having to write any code. We will skip the service scopes that will be introduced in the next topics.
Create a new rule, add the sub-path of the cf application as it’s path, and select methods, check the Skip Authorization or not.
All of the rules for the service:
Test Authorization Rules
Now you can test authorization rules of the service, the path /yaas will be protected by the security of YaaS:
get https://digital-account.cfapps.us10.hana.ondemand.com/api/yaas Response:
{
"reqMethod": "GET",
"reqUrl": "/api/yaas",
"reqHeaders": {
"host": "digital-account.cfapps.us10.hana.ondemand.com",
"user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36",
"accept": "*/*",
"accept-encoding": "gzip, deflate, sdch, br",
"accept-language": "en,en-US;q=0.8,zh-CN;q=0.6,zh;q=0.4,ja;q=0.2,zh-TW;q=0.2",
"cache-control": "no-cache",
"postman-token": "0f454f39-4fc5-125d-5992-4c7d57124055",
"x-cf-applicationid": "e37b63cd-7abf-491e-9b39-265510dad5fa",
"x-cf-instanceid": "6251ce475f5d4c9b8518d530726dd67ec3b3c3230b7b42e9a890ec23c02dea85",
"x-forwarded-for": "10.0.1.54, 10.0.129.67",
"x-forwarded-proto": "https",
"x-request-start": "1479694510611",
"x-vcap-request-id": "a58d387e-d7b3-41fd-6080-c96d7c4f9ed2",
"connection": "close"
}
}
get https://api.yaas.io/tiven-labs/digital-account/v1/yaas Response:
{
"status": 401,
"message": "Unauthorized: Bearer TOKEN is missing",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
post https://api.yaas.io/tiven-labs/digital-account/v1/message body:
{
"result": [
{
"content":{
"text":"Hello world!"
},
"createdTime":1475033537220,
"eventType":"138311609000106303",
"id":"WB1519-3872640834"
}
]
}
Response:
{
"id": "WB1519-3872640834"
}
Add to Package
YaaS centers around packages because they are the main commodity. You can use existing packages by subscribing to them in the YaaS Market, or you can create your own packages using the Builder. A package is a bundle that contains at least one service or Builder module.
- Create a package in YaaS builder.
- Include the service in the package.
As a consumer
As a business user, you can consume a service.
Subscribe a Service
-
Create a Project
Create another Project in YaaS, the project consumes the service from provider.
-
Add Allowed Projects in Access Control
Add the Allowed Projects who want to access the package in access control of the package using project identifier.
-
Add Private Subscriptions in Consumer Project
Add the package as a private package subscription by Version ID
Create a Client in Consumer Project
The projects use clients to access the services. The client is an OAuth2 client application created within a project. After the tenant subscribes to a package that includes the client, it can access data from other tenants.
Test by Consumer
Now it is time to test accessing the YaaS service by the client credentials.
Authorization using Client Credentials
OAuth2 is the authorization service for YaaS. It implements the OAuth 2.0 framework and provides account authentication and authorization with the use of access tokens.
Use this endpoint /token to obtain an access token for a client
Access Service using Access Token
Now you can use the token to access the service apis, then you will get the response with hybris attributes
You can also get the authorization using grant_type as ‘password’.
Comments