Skip to content

fix(cf-deploy-config-writer): align xs-security.json with CDS convention#4532

Open
longieirl wants to merge 7 commits intomainfrom
fix/cf-deploy-config-xs-security-cds-align
Open

fix(cf-deploy-config-writer): align xs-security.json with CDS convention#4532
longieirl wants to merge 7 commits intomainfrom
fix/cf-deploy-config-xs-security-cds-align

Conversation

@longieirl
Copy link
Copy Markdown
Contributor

@longieirl longieirl commented Apr 8, 2026
edited
Loading

Summary

  • Removes `xsappname` and `tenant-mode` from `xs-security.json` — these fields now live exclusively in the XSUAA resource `config:` block in `mta.yaml`, matching the output of `cds add mta`
  • Standalone router `addUaa()` updated to use `${org}-${space}` variable pattern (consistent with managed/appfront router)
  • `addTenant` parameter removed from `addXSSecurityConfig()` and `generateSupportingConfig()` as dead code
  • Fixed broken imports in new `mta-deployment.ts` and `resource-manager.ts` files (stale `dirname`, misplaced `CloudFoundryServiceType`)
  • Removed unused imports and refactored nested ternary in `mta-deployment.ts` and `router-configurator.ts` to resolve lint errors
  • Updated `cf-deploy-config-sub-generator` fixtures to reflect new XSUAA config shape (`xsappname` uses `${org}-${space}`, adds `path` and `service-name`)

Closes #3080

Test plan

  • All unit tests pass (`pnpm --filter @sap-ux/cf-deploy-config-writer test`)
  • All `cf-deploy-config-sub-generator` tests pass (26/26)
  • Snapshots and fixtures updated — `xs-security.json` no longer contains `xsappname`/`tenant-mode`; `mta.yaml` XSUAA config uses `${org}-${space}`
  • Lint passes with 0 errors (`pnpm --filter @sap-ux/cf-deploy-config-writer lint`)
  • Build passes (`pnpm --filter @sap-ux/cf-deploy-config-writer build`)
  • Changeset included: `patch` bump for `@sap-ux/cf-deploy-config-writer`

@longieirl
fix(cf-deploy-config-writer): align xs-security.json and XSUAA mta.ya…
db65d58 
…ml config with CDS convention

Remove xsappname and tenant-mode from xs-security.json; these now live
exclusively in the XSUAA resource config block in mta.yaml, matching
the output of `cds add mta`. The standalone router addUaa() now includes
the config block using the \${org}-\${space} variable pattern.

Closes #3080
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Apr 8, 2026
edited
Loading

🦋 Changeset detected

Latest commit: f4e4f48

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@sap-ux/cf-deploy-config-writer Patch
@sap-ux/cf-deploy-config-sub-generator Patch
@sap-ux/deploy-config-sub-generator Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@longieirl longieirl self-assigned this Apr 8, 2026
@longieirl
Copy link
Copy Markdown
Contributor Author

longieirl commented Apr 8, 2026

Code review

Found 2 issues:

  1. Missing snapshot updates in dependent packagescf-deploy-config-sub-generator and deploy-config-sub-generator both depend on @sap-ux/cf-deploy-config-writer via workspace:* and have integration tests that read the generated xs-security.json and assert it via snapshots. Those snapshots still expect xsappname and tenant-mode fields that this PR removes from the template. Neither snapshot file was updated, so both test suites will fail in CI. A previous PR that made a smaller xs-security.json change (#3171) explicitly shipped snapshot updates and changesets for all three packages.

    Affected files:

  2. addManagedUAAWithSecurity conditional leaves no fallback for xsappname/tenant-mode — The method only emits a config: block (with xsappname and tenant-mode) when both nodejs and com.sap.application.content:appfront modules are present. For other managed approuter scenarios, no config: block is added. Before this PR, xs-security.json served as a silent fallback since it contained those fields. After this PR removes them from the template, managed approuter scenarios that do not satisfy the condition end up with a XSUAA service that has neither xsappname nor tenant-mode configured anywhere.

    open-ux-tools/packages/cf-deploy-config-writer/src/mta-config/mta.ts

    Lines 401 to 414 in db65d58

    path: './xs-security.json',
    service: 'xsuaa',
    'service-name': `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-xsuaa-service`,
    'service-plan': 'application',
    ...(this.modules.has('nodejs') && this.modules.has('com.sap.application.content:appfront')
    ? {
    config: {
    xsappname: `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-\${org}-\${space}`,
    'tenant-mode': 'dedicated'
    }
    }
    : {})
    }
    };

🤖 Generated with Claude Code

- If this code review was useful, please react with 👍. Otherwise, react with 👎.

longieirl added 5 commits April 8, 2026 15:41
@longieirl
fix(cf-deploy-config-writer): address code review issues from PR #4532
63a8a2b 
- Remove conditional from addManagedUAAWithSecurity so xsappname/tenant-mode
  config block is always emitted, matching addUaa() behavior and removing
  reliance on xs-security.json as a fallback
- Update stale xs-security.json snapshots in cf-deploy-config-sub-generator
  and deploy-config-sub-generator to reflect template changes
- Add both sub-generator packages to changeset
@longieirl
fix(cf-deploy-config-sub-generator): update stale mta fixtures and in…
ea8d267 
…line snapshot

Remove path and service-name from app-router test fixture YAML files and
update inline xs-security.json snapshot to reflect current writer output
@longieirl
fix(cf-deploy-config-writer): fix broken imports in mta-deployment an…
d3bf023 
…d resource-manager

- Remove stale 'dirname' import from @sap-ux/project-access in mta-deployment.ts
- Move CloudFoundryServiceType import from constants to types in resource-manager.ts
- Update cf-deploy-config-sub-generator fixtures and snapshots to reflect new XSUAA config (xsappname uses org/space, adds path and service-name)
@longieirl
fix(cf-deploy-config-writer): remove unused imports and fix nested te…
b426d87 
…rnary lint errors
@longieirl
fix(cf-deploy-config-writer): add missing mta-context.ts and fix impl…
c3cc19c 
…icit any errors in mta-config files
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 8, 2026
View reviewed changes
Comment thread packages/cf-deploy-config-writer/src/mta-config/mta-deployment.ts Outdated
mtaVersion: '1.0.0'
};
const mtaExtTemplate = readFileSync(join(__dirname, `../../templates/app/${FileName.MtaExtYaml}`), 'utf-8');
writeFileSync(mtaExtFilePath, render(mtaExtTemplate, mtaExt));
@longieirl
chore(cf-deploy-config-writer): remove WIP mta-config refactor files …
f4e4f48 
…from PR

These files (mta-deployment.ts, destination-manager.ts, resource-manager.ts,
router-configurator.ts, mta-context.ts) belong to a separate refactor branch
and were accidentally included in this PR.
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Apr 8, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-advanced-security github-advanced-security[bot] github-advanced-security[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

@longieirl longieirl

Labels

cf-deploy-config-writer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TBI - Align xs-security.json with latest CDS version when generating CAP mta configuration

2 participants

@longieirl @github-advanced-security