fix(cf-deploy-config-writer): align xs-security.json with CDS convention

.changeset/cf-deploy-config-xs-security-cds-align.md

@@ -0,0 +1,9 @@
+---
+"@sap-ux/cf-deploy-config-writer": patch
+"@sap-ux/cf-deploy-config-sub-generator": patch
+"@sap-ux/deploy-config-sub-generator": patch
+---
+
+fix(cf-deploy-config-writer): align xs-security.json and XSUAA mta.yaml config with CDS convention
+
+The xs-security.json no longer includes xsappname and tenant-mode fields; these now live exclusively in the XSUAA resource config block in mta.yaml, matching the output of `cds add mta`. The standalone router XSUAA resource (addUaa) now includes the config block with xsappname and tenant-mode using the ${org}-${space} variable pattern.

packages/cf-deploy-config-sub-generator/test/__snapshots__/app.test.ts.snap

@@ -298,6 +298,10 @@ exports[`Cloud foundry generator tests Validate new managed approuter is added w
   {
     "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-uaa",
     "parameters": {
+      "config": {
+        "tenant-mode": "dedicated",
+        "xsappname": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-\${org}-\${space}",
+      },
       "path": "./xs-security.json",
       "service": "xsuaa",
       "service-name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa-xsuaa-service",
@@ -319,11 +323,10 @@ exports[`Cloud foundry generator tests Validate new managed approuter is added w
 
 exports[`Cloud foundry generator tests Validate new managed approuter is added when there is no existing mta.yaml 6`] = `
 {
+  "attributes": [],
   "description": "Security profile of called application",
   "role-templates": [],
   "scopes": [],
-  "tenant-mode": "dedicated",
-  "xsappname": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 }
 `;
 

packages/cf-deploy-config-sub-generator/test/app-router.test.ts

@@ -302,10 +302,9 @@ describe('App router generator tests', () => {
         expect(mtaConfig).toEqual(expectMtaConfig);
         expect(fs.readFileSync(`${appRouterDir}/xs-security.json`, 'utf-8')).toMatchInlineSnapshot(`
             "{
-              "xsappname": "sap-ux-test",
-              "tenant-mode": "dedicated",
               "description": "Security profile of called application",
               "scopes": [],
+              "attributes": [],
               "role-templates": []
             }
             "

packages/cf-deploy-config-sub-generator/test/fixtures/sap-ux-test/mta.abapservice.yaml

@@ -25,7 +25,7 @@ resources:
       parameters:
           config:
               tenant-mode: dedicated
-              xsappname: sap-ux-test-${space-guid}
+              xsappname: 'sap-ux-test-${org}-${space}'
           path: ./xs-security.json
           service: xsuaa
           service-name: sap-ux-test-xsuaa-service

packages/cf-deploy-config-sub-generator/test/fixtures/sap-ux-test/mta.appfront.yaml

@@ -27,6 +27,9 @@ resources:
       service: xsuaa
       service-name: sap-ux-test-xsuaa-service
       service-plan: application
+      config:
+        tenant-mode: dedicated
+        xsappname: 'sap-ux-test-${org}-${space}'
   - name: sap-ux-test-app-front
     type: org.cloudfoundry.managed-service
     parameters:

packages/cf-deploy-config-sub-generator/test/fixtures/sap-ux-test/mta.connectivity.yaml

@@ -25,7 +25,7 @@ resources:
       parameters:
           config:
               tenant-mode: dedicated
-              xsappname: sap-ux-test-${space-guid}
+              xsappname: 'sap-ux-test-${org}-${space}'
           path: ./xs-security.json
           service: xsuaa
           service-name: sap-ux-test-xsuaa-service

packages/cf-deploy-config-sub-generator/test/fixtures/sap-ux-test/mta.managed.yaml

@@ -58,6 +58,9 @@ resources:
     - name: sap-ux-test-uaa
       type: org.cloudfoundry.managed-service
       parameters:
+          config:
+              tenant-mode: dedicated
+              xsappname: 'sap-ux-test-${org}-${space}'
           path: ./xs-security.json
           service: xsuaa
           service-name: sap-ux-test-xsuaa-service

packages/cf-deploy-config-sub-generator/test/fixtures/sap-ux-test/mta.maximum.yaml

@@ -26,7 +26,7 @@ resources:
       parameters:
           config:
               tenant-mode: dedicated
-              xsappname: sap-ux-test-${space-guid}
+              xsappname: 'sap-ux-test-${org}-${space}'
           path: ./xs-security.json
           service: xsuaa
           service-name: sap-ux-test-xsuaa-service

packages/cf-deploy-config-sub-generator/test/fixtures/sap-ux-test/mta.minimum.yaml

@@ -24,7 +24,7 @@ resources:
       parameters:
           config:
               tenant-mode: dedicated
-              xsappname: sap-ux-test-${space-guid}
+              xsappname: 'sap-ux-test-${org}-${space}'
           path: ./xs-security.json
           service: xsuaa
           service-name: sap-ux-test-xsuaa-service

packages/cf-deploy-config-writer/src/mta-config/index.ts

@@ -171,7 +171,7 @@ async function createCAPMTAAppFrontend(config: CAPConfig, fs: Editor): Promise<v
     // Written to disk immediately! Subsequent calls are dependent on it being on the file system i.e mta-lib.
     writeFileSync(join(config.mtaPath, FileName.MtaYaml), mtaContents);
     // Add missing configurations
-    addXSSecurityConfig(config, fs, false);
+    addXSSecurityConfig(config, fs);
     LoggerHelper.logger?.debug(t('debug.mtaCreated', { mtaPath: config.mtaPath }));
 }
 

packages/cf-deploy-config-writer/src/mta-config/mta.ts

@@ -207,7 +207,7 @@ export class MtaConfig {
                 path: './xs-security.json',
                 'service-name': `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-xsuaa-service`,
                 config: {
-                    xsappname: `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}` + '-${space-guid}',
+                    xsappname: `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-\${org}-\${space}`,
                     'tenant-mode': 'dedicated'
                 }
             }
@@ -402,14 +402,10 @@ export class MtaConfig {
                 service: 'xsuaa',
                 'service-name': `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-xsuaa-service`,
                 'service-plan': 'application',
-                ...(this.modules.has('nodejs') && this.modules.has('com.sap.application.content:appfront')
-                    ? {
-                          config: {
-                              xsappname: `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-\${org}-\${space}`,
-                              'tenant-mode': 'dedicated'
-                          }
-                      }
-                    : {})
+                config: {
+                    xsappname: `${this.prefix?.slice(0, MAX_MTA_PREFIX_LENGTH)}-\${org}-\${space}`,
+                    'tenant-mode': 'dedicated'
+                }
             }
         };
         await this.mta?.addResource(resource);

packages/cf-deploy-config-writer/src/utils.ts

@@ -30,8 +30,7 @@ import {
     MbtPackage,
     MTABuildScript,
     CDSDKPackage,
-    CDSPackage,
-    MAX_MTA_PREFIX_LENGTH
+    CDSPackage
 } from './constants';
 import { type MTABaseConfig, type CFBaseConfig, type CFAppConfig } from './types';
 
@@ -142,15 +141,10 @@ export function validateVersion(mtaVersion?: string): boolean {
  *
  * @param config MTA base configuration
  * @param config.mtaPath Path to the MTA project
- * @param config.mtaId MTA ID used for security configuration
  * @param fs Reference to a mem-fs editor
- * @param addTenant If true, append tenant configuration to the xs-security.json file (default: true)
  */
-export function addXSSecurityConfig({ mtaPath, mtaId }: MTABaseConfig, fs: Editor, addTenant: boolean = true): void {
-    fs.copyTpl(getTemplatePath(`common/${FileName.XSSecurityJson}`), join(mtaPath, FileName.XSSecurityJson), {
-        id: mtaId.slice(0, MAX_MTA_PREFIX_LENGTH),
-        addTenant
-    });
+export function addXSSecurityConfig({ mtaPath }: MTABaseConfig, fs: Editor): void {
+    fs.copyTpl(getTemplatePath(`common/${FileName.XSSecurityJson}`), join(mtaPath, FileName.XSSecurityJson), {});
 }
 
 /**
@@ -193,18 +187,13 @@ export async function addCommonPackageDependencies(targetPath: string, fs: Edito
  *
  * @param config Writer configuration
  * @param fs Reference to a mem-fs editor
- * @param addTenant If true, append tenant configuration to the xs-security.json file (default: true)
  */
-export async function generateSupportingConfig(
-    config: MTABaseConfig,
-    fs: Editor,
-    addTenant: boolean = true
-): Promise<void> {
+export async function generateSupportingConfig(config: MTABaseConfig, fs: Editor): Promise<void> {
     if (config.mtaId && !fs.exists(join(config.mtaPath, 'package.json'))) {
         addRootPackage(config, fs);
     }
     if (config.mtaId && !fs.exists(join(config.mtaPath, FileName.XSSecurityJson))) {
-        addXSSecurityConfig(config, fs, addTenant);
+        addXSSecurityConfig(config, fs);
     }
     // Be a good citizen and add a .gitignore if missing from the existing project root
     if (!fs.exists(join(config.mtaPath, '.gitignore'))) {

packages/cf-deploy-config-writer/templates/common/xs-security.json

@@ -1,7 +1,6 @@
-{<% if (addTenant) { %>
-  "xsappname": "<%- id %>",
-  "tenant-mode": "dedicated",<% } %>
+{
   "description": "Security profile of called application",
   "scopes": [],
+  "attributes": [],
   "role-templates": []
 }

packages/cf-deploy-config-writer/test/unit/__snapshots__/cap-appfrontend.test.ts.snap

@@ -47,10 +47,9 @@ exports[`CF Writer with CAP App Frontend Generate deployment config Add HTML5 ap
 
 exports[`CF Writer with CAP App Frontend Generate deployment config Add HTML5 app to CAP App Frontend Project 2`] = `
 "{
-  \\"xsappname\\": \\"cappapp\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 "
@@ -269,6 +268,7 @@ exports[`CF Writer with CAP App Frontend Generate deployment config Generate CAP
 "{
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 "

packages/cf-deploy-config-writer/test/unit/__snapshots__/cap.test.ts.snap

@@ -293,10 +293,9 @@ builder:
   },
   "xs-security.json": Object {
     "contents": "{
-  \\"xsappname\\": \\"cappapp\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 ",
@@ -436,6 +435,9 @@ resources:
       service: xsuaa
       service-name: cappapp-xsuaa-service
       service-plan: application
+      config:
+        xsappname: cappapp-\${org}-\${space}
+        tenant-mode: dedicated
   - name: cappapp-repo-host
     type: org.cloudfoundry.managed-service
     parameters:

packages/cf-deploy-config-writer/test/unit/__snapshots__/index-app.test.ts.snap

@@ -230,10 +230,9 @@ builder:
   },
   "xs-security.json": Object {
     "contents": "{
-  \\"xsappname\\": \\"basicapp\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 ",
@@ -331,6 +330,9 @@ resources:
       service: xsuaa
       service-name: basicapp-xsuaa-service
       service-plan: application
+      config:
+        xsappname: basicapp-\${org}-\${space}
+        tenant-mode: dedicated
   - name: basicapp-repo-host
     type: org.cloudfoundry.managed-service
     parameters:
@@ -622,10 +624,9 @@ builder:
   },
   "xs-security.json": Object {
     "contents": "{
-  \\"xsappname\\": \\"multiproject\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 ",
@@ -720,6 +721,9 @@ resources:
       service: xsuaa
       service-name: multiproject-xsuaa-service
       service-plan: application
+      config:
+        xsappname: multiproject-\${org}-\${space}
+        tenant-mode: dedicated
   - name: multiproject-repo-host
     type: org.cloudfoundry.managed-service
     parameters:
@@ -1014,10 +1018,9 @@ builder:
   },
   "xs-security.json": Object {
     "contents": "{
-  \\"xsappname\\": \\"comfioritoolslrop\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 ",
@@ -1115,6 +1118,9 @@ resources:
       service: xsuaa
       service-name: comfioritoolslrop-xsuaa-service
       service-plan: application
+      config:
+        xsappname: comfioritoolslrop-\${org}-\${space}
+        tenant-mode: dedicated
   - name: comfioritoolslrop-repo-host
     type: org.cloudfoundry.managed-service
     parameters:
@@ -1354,10 +1360,9 @@ builder:
   },
   "xs-security.json": Object {
     "contents": "{
-  \\"xsappname\\": \\"basicappnodatasource\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 ",
@@ -1596,10 +1601,9 @@ builder:
   },
   "xs-security.json": Object {
     "contents": "{
-  \\"xsappname\\": \\"basicapp\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 ",
@@ -1642,10 +1646,9 @@ archive.zip
 
 exports[`CF Writer App Generate deployment configs - generateSupportingConfig read mtaId read from file 3`] = `
 "{
-  \\"xsappname\\": \\"captestproject\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 "

packages/cf-deploy-config-writer/test/unit/__snapshots__/index-appfront.test.ts.snap

@@ -47,10 +47,9 @@ exports[`CF Writer App - Application Frontend Generate deployment configs - Add
 
 exports[`CF Writer App - Application Frontend Generate deployment configs - Add 2nd HTML5 app to app frontend router 2`] = `
 "{
-  \\"xsappname\\": \\"rootmta\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 "
@@ -329,6 +328,9 @@ resources:
       service: xsuaa
       service-name: comfioritoolslrop-xsuaa-service
       service-plan: application
+      config:
+        xsappname: comfioritoolslrop-\${org}-\${space}
+        tenant-mode: dedicated
   - name: comfioritoolslrop-app-front
     type: org.cloudfoundry.managed-service
     parameters:
@@ -378,10 +380,9 @@ exports[`CF Writer App - Application Frontend Generate deployment configs - HTML
 
 exports[`CF Writer App - Application Frontend Generate deployment configs - HTML5 App with app frontend service attached with no destination available 3`] = `
 "{
-  \\"xsappname\\": \\"comfioritoolslrop\\",
-  \\"tenant-mode\\": \\"dedicated\\",
   \\"description\\": \\"Security profile of called application\\",
   \\"scopes\\": [],
+  \\"attributes\\": [],
   \\"role-templates\\": []
 }
 "