search

SAP / cloud-sdk

The SAP Cloud SDK documentation and support repository.
https://sap.github.io/cloud-sdk/
Apache License 2.0
44 stars 41 forks source link

How to use DestinationAccessor.getDestination() - configuration problem #1508

Closed I551317 closed 1 year ago

I551317 commented 1 year ago

I would like to consume in my Java application Destination Service using SAP Cloud SDK DestinationAccessor.getDestination() however configuring that according to the following documentation I'm getting following exception

.
.
.
2023-09-06T14:25:57.704033512Z 14:25:57.702 [http-nio-8080-exec-6] INFO  c.s.c.s.c.c.DestinationAccessor - Creating a new DestinationLoaderChain with EnvVarDestinationLoader as the primary DestinationLoader implementation.
2023-09-06T14:25:57.725322221Z 14:25:57.725 [http-nio-8080-exec-6] INFO  c.s.c.s.c.c.DestinationAccessor - Using an instance of ScpCfDestinationLoader as the secondary DestinationLoader implementation.
2023-09-06T14:25:57.727487942Z 14:25:57.727 [http-nio-8080-exec-6] DEBUG c.s.c.s.c.c.DestinationLoaderChain - Delegating destination lookup for destination Hello to the destination loader EnvVarDestinationLoader.
2023-09-06T14:25:57.728130348Z 14:25:57.727 [http-nio-8080-exec-6] DEBUG c.s.c.s.c.c.EnvVarDestinationLoader - Trying to extract destinations from environment variables.
2023-09-06T14:25:57.730444471Z 14:25:57.730 [http-nio-8080-exec-6] DEBUG c.s.c.s.c.c.DestinationLoaderChain - No destination with name 'Hello' was found in destination loader EnvVarDestinationLoader.
2023-09-06T14:25:57.730613973Z 14:25:57.730 [http-nio-8080-exec-6] DEBUG c.s.c.s.c.c.DestinationLoaderChain - Delegating destination lookup for destination Hello to the destination loader ScpCfDestinationLoader.
2023-09-06T14:25:57.755265014Z 14:25:57.755 [http-nio-8080-exec-6] DEBUG c.s.c.s.c.c.DestinationRetrievalStrategyResolver - Loading destination from reuse-destination-service with retrieval strategy CurrentTenant and token exchange strategy ForwardUserToken.
.
.
.
2023-09-06T14:25:57.851171955Z 14:25:57.850 [cloudsdk-executor-0] DEBUG c.s.c.s.f.r.Resilience4jDecorationStrategy - Invoking decorated callable com.sap.cloud.sdk.frameworks.resilience4j.Resilience4jDecorationStrategy$$Lambda$2365/0x0000000801984d08@6fdd5e46 with applied decorators [com.sap.cloud.sdk.frameworks.resilience4j.DefaultBulkheadProvider@2adfddd9, com.sap.cloud.sdk.frameworks.resilience4j.DefaultTimeLimiterProvider@669fd131, com.sap.cloud.sdk.frameworks.resilience4j.DefaultRateLimiterProvider@1bbf57c7, com.sap.cloud.sdk.frameworks.resilience4j.DefaultCircuitBreakerProvider@1e150598, com.sap.cloud.sdk.frameworks.resilience4j.DefaultCachingDecorator@4af02296, com.sap.cloud.sdk.frameworks.resilience4j.DefaultRetryProvider@52fe74a0] and configuration com.sap.cloud.sdk.cloudplatform.resilience.ResilienceConfiguration@7e14ad2e.
2023-09-06T14:25:57.853128974Z 14:25:57.853 [cloudsdk-executor-0] DEBUG c.s.c.e.s.a.SimpleServiceBindingCache - Serving service bindings from cache.
2023-09-06T14:25:57.874845987Z 14:25:57.874 [cloudsdk-executor-0] DEBUG c.s.c.s.x.c.AbstractOAuth2TokenService - Configured token service with TokenCacheConfiguration{cacheDuration=PT10M, cacheSize=1000, tokenExpirationDelta=PT30S}
2023-09-06T14:25:57.889245528Z 14:25:57.889 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.DefaultDestination - Instantiated com.sap.cloud.sdk.cloudplatform.connectivity.DefaultDestination based on the following property keys: Name,oauth-resilience-config,Type,URL
2023-09-06T14:25:57.891189247Z 14:25:57.891 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.ComplexDestinationPropertyFactory - No proxy URI or host and port specified. Continuing without proxy configuration.
2023-09-06T14:25:57.894187677Z 14:25:57.894 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.ComplexDestinationPropertyFactory - No valid JSON primitives 'User' and 'Password' defined. Continuing without basic credentials.
2023-09-06T14:25:57.895113986Z 14:25:57.894 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.DefaultServiceBindingDestinationLoaderChain - Transformation of service binding (name: 'customer-destination-instance-rcc-882-launchpad-acc', serviceName: 'destination', servicePlan: 'lite', tags: 'destination, conn, connsvc') to an interface com.sap.cloud.sdk.cloudplatform.connectivity.HttpDestination using an instance of class com.sap.cloud.sdk.cloudplatform.connectivity.OAuth2ServiceBindingDestinationLoader succeeded.
2023-09-06T14:25:57.895584990Z 14:25:57.895 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.ScpCfDestinationServiceAdapter - Querying BTP destination service on service path /destinations/Hello to fetch all destinations at service instance level and using destination: com.sap.cloud.sdk.cloudplatform.connectivity.DefaultHttpDestination@7e5244a1
2023-09-06T14:25:57.895610091Z 14:25:57.895 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.ScpCfDestinationServiceAdapter - Querying Destination Service via URI destination-configuration/v1/destinations/Hello.
2023-09-06T14:25:57.910497337Z 14:25:57.910 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.AbstractHttpClientCache - HttpClient with given cache key is not yet in the cache.
2023-09-06T14:25:57.910779339Z 14:25:57.910 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.AbstractHttpClientFactory - Building a new custom HttpClient.
2023-09-06T14:25:57.911264144Z 14:25:57.911 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.AbstractHttpClientFactory - Skip setting credentials provider.
2023-09-06T14:25:57.912852460Z 14:25:57.912 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.SSLSocketFactoryUtil - The destination uses HTTPS for target "https://destination-configuration.cfapps.eu20.hana.ondemand.com".
2023-09-06T14:25:57.920005330Z 14:25:57.919 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.SSLContextFactory - Using JDK default trust store.
2023-09-06T14:25:57.936986096Z 14:25:57.936 [cloudsdk-executor-0] DEBUG c.s.c.s.c.connectivity.UriPathMerger - Merging request path destination-configuration/v1/destinations/Hello into destination path : /destination-configuration/v1/destinations/Hello
2023-09-06T14:25:57.938468511Z 14:25:57.938 [cloudsdk-executor-0] DEBUG c.s.c.s.c.connectivity.UriPathMerger - Merged https://destination-configuration.cfapps.eu20.hana.ondemand.com and destination-configuration/v1/destinations/Hello into /destination-configuration/v1/destinations/Hello
2023-09-06T14:25:57.943273158Z 14:25:57.943 [cloudsdk-executor-0] DEBUG c.s.c.s.c.connectivity.UriPathMerger - Merging request path / into destination path /destination-configuration/v1/destinations/Hello: /destination-configuration/v1/destinations/Hello
2023-09-06T14:25:57.943304858Z 14:25:57.943 [cloudsdk-executor-0] DEBUG c.s.c.s.c.connectivity.UriPathMerger - Merged https://destination-configuration.cfapps.eu20.hana.ondemand.com/destination-configuration/v1/destinations/Hello and /? into /destination-configuration/v1/destinations/Hello
2023-09-06T14:25:57.947529100Z 14:25:57.947 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.DefaultHttpDestination - Found these 1 destination header providers for a DefaultHttpDestination: com.sap.cloud.sdk.cloudplatform.connectivity.OAuthHeaderProvider@692ebd5b
2023-09-06T14:25:57.952079044Z 14:25:57.951 [cloudsdk-executor-0] DEBUG c.s.c.s.c.c.OAuth2ServiceImpl - Retrieving Access Token from XSUAA on behalf of TECHNICAL_USER_CURRENT_TENANT.
.
.
.
2023-09-05T11:41:48.380433546Z 11:41:48.380 [cloudsdk-executor-2] DEBUG o.a.h.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
2023-09-05T11:41:48.380675548Z 11:41:48.380 [cloudsdk-executor-2] DEBUG c.s.c.s.c.c.ScpCfDestinationServiceAdapter - Destination service returned HTTP status 200 (OK)
2023-09-05T11:41:48.380889050Z 11:41:48.380 [cloudsdk-executor-2] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection [id: 9][route: {s}->https://destination-configuration.cfapps.eu20.hana.ondemand.com:443] can be kept alive indefinitely
2023-09-05T11:41:48.380906250Z 11:41:48.380 [cloudsdk-executor-2] DEBUG o.a.h.i.c.DefaultManagedHttpClientConnection - http-outgoing-9: set socket timeout to 0
2023-09-05T11:41:48.380922351Z 11:41:48.380 [cloudsdk-executor-2] DEBUG o.a.h.i.c.PoolingHttpClientConnectionManager - Connection released: [id: 9][route: {s}->https://destination-configuration.cfapps.eu20.hana.ondemand.com:443][total available: 1; route allocated: 1 of 100; total allocated: 1 of 200]
2023-09-05T11:41:48.381229554Z 11:41:48.381 [cloudsdk-executor-2] DEBUG c.s.c.s.c.t.ThreadContextExecutor - Removing current thread context.
2023-09-05T11:41:48.381399655Z 11:41:48.381 [http-nio-8080-exec-3] DEBUG i.g.r.c.i.CircuitBreakerStateMachine - CircuitBreaker 'class com.sap.cloud.sdk.cloudplatform.connectivity.ScpCfDestinationLoadersingleDestResilience' succeeded:
2023-09-05T11:41:48.381547957Z 11:41:48.381 [http-nio-8080-exec-3] DEBUG c.s.c.s.c.c.DefaultDestination - Instantiated com.sap.cloud.sdk.cloudplatform.connectivity.DefaultDestination based on the following property keys: Authentication,CloudConnectorLocationId,Name,ProxyType,Type,URL
2023-09-05T11:41:48.381827960Z 11:41:48.381 [http-nio-8080-exec-3] DEBUG c.s.c.s.c.c.DestinationLoaderChain - Destination loader ScpCfDestinationLoader successfully loaded destination Hello.
2023-09-05T11:41:48.381980761Z 11:41:48.381 [http-nio-8080-exec-3] DEBUG c.s.c.e.s.a.SimpleServiceBindingCache - Serving service bindings from cache.
2023-09-05T11:41:48.383050972Z 11:41:48.382 [http-nio-8080-exec-3] DEBUG o.s.web.servlet.DispatcherServlet - Failed to complete request: com.sap.cloud.sdk.cloudplatform.connectivity.exceptio
n.DestinationAccessException: Failed to configure on-premise proxy for destination 'Hello'. Please make sure to correctly bind your application to a service instance.
2023-09-05T11:41:48.383121773Z 11:41:48.383 [http-nio-8080-exec-3] DEBUG c.s.c.s.c.t.ThreadContextExecutor - Removing current thread context.
2023-09-05T11:41:48.384551087Z 11:41:48.383 [http-nio-8080-exec-3] WARN  c.s.c.s.c.s.RequestAccessorFilter - Unexpected servlet filter exception: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to configure on-premise proxy for destination 'Hello'. Please make sure to correctly bind your application to a service instance.
2023-09-05T11:41:48.384588587Z com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to configure on-premise proxy for destination 'Hello'. Please make sure to correctly bind your application to a service instance.
2023-09-05T11:41:48.384597987Z  at com.sap.cloud.sdk.cloudplatform.thread.ThreadContextExecutor.execute(ThreadContextExecutor.java:278)
2023-09-05T11:41:48.384604087Z  at com.sap.cloud.sdk.cloudplatform.servlet.RequestAccessorFilter.doFilter(RequestAccessorFilter.java:78)

Destination service with name "Hello" is correctly added to my BTP account (check status is OK) and I'm additionally adding and binding both: destination service and connectivity proxy using helm script in following way:

---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceBinding
metadata:
  name: crcm-destination-instance-rcc-882-launchpad-acc
  namespace: rcc-882-launchpad-acc
spec:
  serviceInstanceName: crcm-destination-instance-rcc-882-launchpad-acc
  externalName: crcm-destination-instance-rcc-882-launchpad-acc-binding
  secretName: crcm-destination-instance-rcc-882-launchpad-acc-secret
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceBinding
metadata:
  name: crcm-connectivity-instance-rcc-882-launchpad-acc
  namespace: rcc-882-launchpad-acc
spec:
  serviceInstanceName: crcm-connectivity-instance-rcc-882-launchpad-acc
  externalName: crcm-connectivity-instance-rcc-882-launchpad-acc-binding
  secretName: crcm-connectivity-instance-rcc-882-launchpad-acc-secret
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
  name: crcm-destination-instance-rcc-882-launchpad-acc
  namespace: rcc-882-launchpad-acc
spec:
  serviceOfferingName: destination
  servicePlanName: lite
  externalName: destination-instance-rcc-882-launchpad-acc
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
  name: crcm-connectivity-instance-rcc-882-launchpad-acc
  namespace: rcc-882-launchpad-acc
spec:
  serviceOfferingName: connectivity
  servicePlanName: connectivity_proxy
  externalName: connectivity-instance-rcc-882-launchpad-acc

deployment:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: crcm-backend-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: crcm-backend-app
  template:
    metadata:
      labels:
        app: crcm-backend-app
    spec:
      imagePullSecrets:
        - name: backend-docker-registry-secret
      containers:
        - name: crcm-backend-app
          image: rcf.common.repositories.cloud.sap/rcp-container/customer-connectivity-data/feature:1.0-SNAPSHOT-20230904133713_bf0aaf42741aaa301f1031e23fe466a27b88d268
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
              protocol: TCP
          env:
            - name: dev-mode
              value: "true"
            - name: SERVICE_BINDING_ROOT
              value: /etc/secrets/sapbtp
          volumeMounts:
            - name: crcm-xsuaa-instance-rcc-882-launchpad-acc
              mountPath: /etc/secrets/sapbtp/crcm-xsuaa-instance-rcc-882-launchpad-acc
              readOnly: true
            - name: crcm-destination-instance-rcc-882-launchpad-acc
              mountPath: /etc/secrets/sapbtp/crcm-destination-instance-rcc-882-launchpad-acc
              readOnly: true
            - name: crcm-connectivity-instance-rcc-882-launchpad-acc
              mountPath: /etc/secrets/sapbtp/crcm-connectivity-instance-rcc-882-launchpad-acc
              readOnly: true
      volumes:
        - name: crcm-xsuaa-instance-rcc-882-launchpad-acc
          secret:
            secretName: crcm-xsuaa-instance-rcc-882-launchpad-acc
            defaultMode: 420
        - name: crcm-destination-instance-rcc-882-launchpad-acc
          secret:
            secretName: crcm-destination-instance-rcc-882-launchpad-acc-secret
            defaultMode: 420
        - name: crcm-connectivity-instance-rcc-882-launchpad-acc
          secret:
            secretName: crcm-connectivity-instance-rcc-882-launchpad-acc-secret
            defaultMode: 420

Versions:

Could you guide me how to solve following problem and check above "Failed to configure on-premise proxy for destination 'Hello'. Please make sure to correctly bind your application to a service instance.".

I551317 commented 1 year ago

Attaching BTP Destination configuration as well: image

CharlesDuboisSAP commented 1 year ago

Go to you application in the BTP cockpit -> Service Bindings -> Bind Service, then select your destination service. Alternatively define your destination service in the manifest.yml that is used to deploy to Cloud Foundry:

  services:
  - <my-destination-instance>
I551317 commented 1 year ago

Hi @CharlesDuboisSAP , thanks for your response. Unfortunately in BTP Cockpit there is no Service Binding option (at least I don't see that). Keep also in mind that I'm using Kyma Runtime Environment and I create both: Service Instance and Binding from Kyma/K8s side using above components. So I'm not sure if Cloud Foundry approach is a solution for me.

(In the attachment BTP console screen shoot) image

CharlesDuboisSAP commented 1 year ago

Here is our Kyma guide to follow from start to end (I suggest updating the deployment.yml). It also contains a section on how to bind the destination service.

I551317 commented 1 year ago

@CharlesDuboisSAP I followed exactly that documentation (frankly speaking two pages of that documentation, indicated by you and the one with Destination description that I directly pointed in the ticket description). As you may see in the issue description my configuration is done in the deployment.yml exactly as described and I get an error. That's why I'm rising the ticket as due to unknown problems it's still not working.

I've also tested that and in case described in the documentation configuration is missing or done in a wrong way there are different exceptions thrown by application than the one I get right now: "Please make sure you have the Destination Service bound to your application." and "Could not resolve destination to Destination Service on behalf of TECHNICAL_USER_CURRENT_TENANT". I'm struggling with different problem

I551317 commented 1 year ago

To increase readability of my *.yml script I edited ticket description resolving all parametrized values

CharlesDuboisSAP commented 1 year ago

Suggestion from Teams chat:

      volumes:
-       - name: crcm-destination-instance-rcc-882-launchpad-acc
+      - name: crcm-destination-instance-rcc-882-launchpad-acc-binding
          secret:
-           secretName: crcm-destination-instance-rcc-882-launchpad-acc-secret
+          secretName: crcm-destination-instance-rcc-882-launchpad-acc-binding-secret
            defaultMode: 420
          volumeMounts:
-           - name: crcm-destination-instance-rcc-882-launchpad-acc
+          - name: crcm-destination-instance-rcc-882-launchpad-acc-binding
-             mountPath: /etc/secrets/sapbtp/crcm-destination-instance-rcc-882-launchpad-acc
+            mountPath: /etc/secrets/sapbtp/crcm-destination-instance-rcc-882-launchpad-acc-binding
              readOnly: true
I551317 commented 1 year ago

Tested introducing above changes and still get the same error:

2023-09-08T14:11:35.892688313Z 14:11:35.892 [http-nio-8080-exec-2] WARN  c.s.c.s.c.s.RequestAccessorFilter - Unexpected servlet filter exception: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to configure on-premise proxy for destination 'Hello'. Please make sure to correctly bind your application to a service instance.
2023-09-08T14:11:35.892779214Z com.sap.cloud.sdk.cloudplatform.thread.exception.ThreadContextExecutionException: org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException: Failed to configure on-premise proxy for destination 'Hello'. Please make sure to correctly bind your application to a service instance.
I551317 commented 1 year ago

Deployment script with above changes:

# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: crcm-backend-app
spec:
  replicas: 1
  selector:
    matchLabels:
      app: crcm-backend-app
  template:
    metadata:
      labels:
        app: crcm-backend-app
    spec:
      imagePullSecrets:
        - name: backend-docker-registry-secret
      containers:
        - name: crcm-backend-app
          image: rcf.common.repositories.cloud.sap/rcp-container/customer-connectivity-data/feature:1.0-SNAPSHOT-20230904133713_bf0aaf42741aaa301f1031e23fe466a27b88d268
          imagePullPolicy: Always
          ports:
            - containerPort: 8080
              protocol: TCP
          env:
            - name: dev-mode
              value: "true"
            - name: SERVICE_BINDING_ROOT
              value: /etc/secrets/sapbtp
          volumeMounts:
            - name: crcm-xsuaa-instance-rcc-882-launchpad-acc
              mountPath: /etc/secrets/sapbtp/crcm-xsuaa-instance-rcc-882-launchpad-acc
              readOnly: true
            - name: crcm-destination-instance-rcc-882-launchpad-acc-binding
              mountPath: /etc/secrets/sapbtp/crcm-destination-instance-rcc-882-launchpad-acc-binding
              readOnly: true
            - name: crcm-connectivity-instance-rcc-882-launchpad-acc-binding
              mountPath: /etc/secrets/sapbtp/crcm-connectivity-instance-rcc-882-launchpad-acc-binding
              readOnly: true
      volumes:
        - name: crcm-xsuaa-instance-rcc-882-launchpad-acc
          secret:
            secretName: crcm-xsuaa-instance-rcc-882-launchpad-acc
            defaultMode: 420
        - name: crcm-destination-instance-rcc-882-launchpad-acc-binding
          secret:
            secretName: crcm-destination-instance-rcc-882-launchpad-acc-secret
            defaultMode: 420
        - name: crcm-connectivity-instance-rcc-882-launchpad-acc-binding
          secret:
            secretName: crcm-connectivity-instance-rcc-882-launchpad-acc-secret
            defaultMode: 420
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceBinding
metadata:
  name: crcm-destination-instance-rcc-882-launchpad-acc-binding
  namespace: rcc-882-launchpad-acc
spec:
  serviceInstanceName: crcm-destination-instance-rcc-882-launchpad-acc
  externalName: crcm-destination-instance-rcc-882-launchpad-acc-binding
  secretName: crcm-destination-instance-rcc-882-launchpad-acc-secret
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceBinding
metadata:
  name: crcm-connectivity-instance-rcc-882-launchpad-acc-binding
  namespace: rcc-882-launchpad-acc
spec:
  serviceInstanceName: crcm-connectivity-instance-rcc-882-launchpad-acc
  externalName: crcm-connectivity-instance-rcc-882-launchpad-acc-binding
  secretName: crcm-connectivity-instance-rcc-882-launchpad-acc-secret
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
  name: crcm-destination-instance-rcc-882-launchpad-acc
  namespace: rcc-882-launchpad-acc
spec:
  serviceOfferingName: destination
  servicePlanName: lite
  externalName: destination-instance-rcc-882-launchpad-acc
---
# Source: service-chart/templates/customer-connectivity-data.yaml
apiVersion: services.cloud.sap.com/v1
kind: ServiceInstance
metadata:
  name: crcm-connectivity-instance-rcc-882-launchpad-acc
  namespace: rcc-882-launchpad-acc
spec:
  serviceOfferingName: connectivity
  servicePlanName: connectivity_proxy
  externalName: connectivity-instance-rcc-882-launchpad-acc

I've also logged to the pod and to confirm that secret is mounted correctly: image

Any suggestions what else is expected by the DestinationAccessor?

newtork commented 1 year ago

Hi @I551317,

Can you check whether there are hidden files present, is there a .metadata?

- ls
+ ls -lA

Also can you confirm, the type file contains the string connectivity?

Kind regards Alex

I551317 commented 1 year ago

The .metadata file is there, however type file doesn't contain connectivity string

/etc/secrets/sapbtp $ ls -alt
total 8
drwxr-xr-x    5 root     root          4096 Sep 11 21:39 .
drwxr-xr-x    3 root     root          4096 Sep 11 21:39 ..
drwxrwxrwt    3 root     root           460 Sep 11 21:39 customer-connectivity-instance-rcc-882-launchpad-acc-binding
drwxrwxrwt    3 root     root           480 Sep 11 21:39 customer-destination-instance-rcc-882-launchpad-acc-binding
drwxrwxrwt    3 root     root           560 Sep 11 21:39 customer-xsuaa-instance-rcc-882-launchpad-acc
/etc/secrets/sapbtp $ cd customer-destination-instance-rcc-882-launchpad-acc-binding/
/etc/secrets/sapbtp/customer-destination-instance-rcc-882-launchpad-acc-binding $ ls -alt
total 4
drwxr-xr-x    5 root     root          4096 Sep 11 21:39 ..
drwxrwxrwt    3 root     root           480 Sep 11 21:39 .
drwxr-xr-x    2 root     root           440 Sep 11 21:39 ..2023_09_11_21_39_04.3874069286
lrwxrwxrwx    1 root     root            32 Sep 11 21:39 ..data -> ..2023_09_11_21_39_04.3874069286
lrwxrwxrwx    1 root     root            16 Sep 11 21:39 .metadata -> ..data/.metadata
lrwxrwxrwx    1 root     root            15 Sep 11 21:39 clientid -> ..data/clientid
lrwxrwxrwx    1 root     root            19 Sep 11 21:39 clientsecret -> ..data/clientsecret
lrwxrwxrwx    1 root     root            22 Sep 11 21:39 credential-type -> ..data/credential-type
lrwxrwxrwx    1 root     root            19 Sep 11 21:39 identityzone -> ..data/identityzone
lrwxrwxrwx    1 root     root            29 Sep 11 21:39 instance_external_name -> ..data/instance_external_name
lrwxrwxrwx    1 root     root            20 Sep 11 21:39 instance_guid -> ..data/instance_guid
lrwxrwxrwx    1 root     root            20 Sep 11 21:39 instance_name -> ..data/instance_name
lrwxrwxrwx    1 root     root            17 Sep 11 21:39 instanceid -> ..data/instanceid
lrwxrwxrwx    1 root     root            12 Sep 11 21:39 label -> ..data/label
lrwxrwxrwx    1 root     root            11 Sep 11 21:39 plan -> ..data/plan
lrwxrwxrwx    1 root     root            11 Sep 11 21:39 tags -> ..data/tags
lrwxrwxrwx    1 root     root            15 Sep 11 21:39 tenantid -> ..data/tenantid
lrwxrwxrwx    1 root     root            17 Sep 11 21:39 tenantmode -> ..data/tenantmode
lrwxrwxrwx    1 root     root            11 Sep 11 21:39 type -> ..data/type
lrwxrwxrwx    1 root     root            16 Sep 11 21:39 uaadomain -> ..data/uaadomain
lrwxrwxrwx    1 root     root            10 Sep 11 21:39 uri -> ..data/uri
lrwxrwxrwx    1 root     root            10 Sep 11 21:39 url -> ..data/url
lrwxrwxrwx    1 root     root            22 Sep 11 21:39 verificationkey -> ..data/verificationkey
lrwxrwxrwx    1 root     root            16 Sep 11 21:39 xsappname -> ..data/xsappname
/etc/secrets/sapbtp/customer-destination-instance-rcc-882-launchpad-acc-binding $ cat type | grep connectivity
/etc/secrets/sapbtp/customer-destination-instance-rcc-882-launchpad-acc-binding $ cat type
destination/etc/secrets/sapbtp/customer-destination-instance-rcc-882-launchpad-acc-binding $
newtork commented 1 year ago

Hi @I551317,

Please ignore my earlier questions.

Unfortunately, handling OnPremise connectivity on Kyma is still a bit challenging. We outlined two possible approaches that we found working in our documentation:

Have you seen the document already? Can you try out one of the two approaches (trusted / untrusted)?

Kind regards Alex

I551317 commented 1 year ago

Yes, I saw the documentation and before raising the issue I've tried to find the answer there (the page that you point to and the one focused on the destination). I've tried the approach without Transparent Proxy as that fulfils our current needs and suppose to be simpler in configuring.

What I've also just noticed is that trying to call Destination Service via AppRouter (not using SAP Cloud SDK) with following routing configuration:

      {
        "source": "/dest/(.*)",
        "destination": "Hello",
        "authenticationType": "none"
      },

app router returns an error that looks similar to the one that comes from SAP Cloud SDK image

Of course it may be coincidence, though I'm not sure if sth is missing in the configuration.

newtork commented 1 year ago

Unfortunately we (Java developers) can't comment on approuter behavior. And after speaking with the team, we can't draw a conclusion from the observed error.

However if you are using the "without transparent proxy" approach then to our knowledge you would need to go with the

It would require you to create a custom Kubernetes secret as explained in the linked page.

Kind regards Alexander

I551317 commented 1 year ago

Sure, I posted approuter findings as it might suggested some common problem.

Going back to the topic: thanks for pointing to this documentation. At the moment as I managed to achieve required behavior using approuter we are temporary proceeding with that approach. However as I noticed a few details working on that approach that may be common for SAP Cloud SDK configuration as well, later on I will try to check if they solve this issue here for mentioned library too and post it for others/to have some conclusion here

I551317 commented 1 year ago

When it comes to the other approach defaultMode was one of the problems and proper secret paths that were binded another one. With those fixes Destinations started to be visible for AppRouter scenario, however testing that for SAP Cloud SDK library it still ends with the same problem. As at the moment seems that we have sufficient alternative solution we decided to park further investigation of this approach and this ticket can be closed