feat(cap): append changes

cap/README.md

@@ -12,7 +12,7 @@ This repository provides sample CAP projects using different router configuratio
 
 2. [Standalone Approuter](../cap/cap-fiori-mta-standalone/README.md) with an in-memory database
 
-3. [Managed Approuter with Hybrid Profile](../cap/cap-fiori-hybrid/README.md) with SAP Hana Cloud service and XSUAA service
+3. [Managed Approuter with CDS Hybrid Profile](../cap/cap-fiori-hybrid/README.md) supporting HANA and XSUAA services hosted on SAP BTP
 
 All CAP projects were generated using the steps outlined in this [blog post](https://blogs.sap.com/2022/02/10/build-and-deploy-a-cap-project-node.js-api-with-a-sap-fiori-elements-ui-and-a-managed-approuter-configuration/) selecting the appropiate approuter configuration as the HTML5 application runtime.
 

cap/cap-fiori-hybrid/README.md

@@ -1,7 +1,7 @@
 # Getting Started
 Build and deploy a CAP Project API with a Fiori Elements UI to Cloud Foundry (CF) using a managed approuter configuration hosted on SAP Business Technology Platform (BTP) using [SAP CAP hybrid profile](https://cap.cloud.sap/docs/advanced/hybrid-testing) for testing and development.
 
-The CAP project was generated using the steps outlined in this [blog post](https://blogs.sap.com/2022/02/10/build-and-deploy-a-cap-project-node.js-api-with-a-sap-fiori-elements-ui-and-a-managed-approuter-configuration/) using the `Managed Approuter` configuration as the HTML5 application runtime. 
+The CAP project was generated using the steps outlined in this [blog post](https://blogs.sap.com/2022/02/10/build-and-deploy-a-cap-project-node.js-api-with-a-sap-fiori-elements-ui-and-a-managed-approuter-configuration/) using the `Managed Approuter` configuration as the HTML5 application runtime.
 
 One of the main reasons for this repository is to showcase how a CAP project with a Fiori UI can be developed and tested using a `production-near` environment. The SAP CAP hybrid approach will allow the developer to;
 
@@ -10,6 +10,8 @@ One of the main reasons for this repository is to showcase how a CAP project wit
 
 The benefit? You can switch between local mock configuration and cloud service configuration by simply setting or omitting the hybrid profile parameter.
 
+[Review the local changes](changes.md) made to support a CDS hybrid testing and development environment.
+
 ## Prerequisites
 - You have created a [SAP Cloud Platform trial account](https://account.hana.ondemand.com/)
 - You are subscribed to the [Launchpad Service](https://developers.sap.com/tutorials/cp-portal-cloud-foundry-getting-started.html)

cap/cap-fiori-hybrid/changes.md

@@ -0,0 +1,123 @@
+## Enabling CDS Hybrid Mode in a CAP project with a Fiori UI frontend
+
+The CAP project and Fiori UI application were generated using the steps outlined in this [blog post](https://blogs.sap.com/2022/02/10/build-and-deploy-a-cap-project-node.js-api-with-a-sap-fiori-elements-ui-and-a-managed-approuter-configuration/) using the `Managed Approuter` configuration as the HTML5 application runtime.
+The [managed approuter](../cap-fiori-mta/README.md) project is the base project used in this approach.
+
+## Prerequisites
+- HANA Cloud database is setup and running in your cloud space, refer to this [tutorial](https://developers.sap.com/tutorials/hana-cloud-create-db-project.html)
+- The CAP project and Fiori UI application are deployed to Cloud Foundry
+
+## Step 1 - Changes to `mta.yaml`
+
+These changes required to reduce the amount of manual tasks and will hopefully be incorporated into a future edition of the SAP Fiori tools deployment generator.
+
+Append the `properties` node to `managedAppCAPProject-db-deployer` so the local and deployed CAP projects both share the same HDI instance;
+
+```yaml
+  - name: managedAppCAPProject-db-deployer
+    type: hdb
+    path: db
+    requires:
+      - name: managedAppCAPProject-db
+        properties:
+          TARGET_CONTAINER: ~{hdi-service-name}
+```
+
+Update `uaa_managedAppCAPProject` -> `service-key` parameter to `managedAppCAPProject-xsuaa-service-key`, when binding to the HANA service, the key and service name are aligned;
+
+```YAML
+  - name: managedAppCAPProject-destination-content
+    type: com.sap.application.content
+    requires:
+      - name: managedAppCAPProject-destination-service
+        parameters:
+          content-target: true
+      - name: managedAppCAPProject_html_repo_host
+        parameters:
+          service-key:
+            name: managedAppCAPProject_html_repo_host-key
+      - name: uaa_managedAppCAPProject
+        parameters:
+          service-key:
+            name: managedAppCAPProject-xsuaa-service-key
+```
+
+Update `managedAppCAPProject-db` to append the `service-key` parameter, when binding to the HANA service, the key and service name are aligned;
+
+```yaml
+  - name: managedAppCAPProject-db
+    type: com.sap.xs.hdi-container
+    parameters:
+      service: hana
+      service-keys:
+        - name: managedAppCAPProject-db-key
+      service-plan: hdi-shared
+    properties:
+      hdi-service-name: ${service-name}
+```
+
+## Step 2 - Append Approuter
+
+Understanding approuter more, follow these links;
+
+- [@sap/approuter](https://www.npmjs.com/package/@sap/approuter#overview)
+- [Application-router on SAP BTP](https://help.sap.com/docs/btp/sap-business-technology-platform/application-router)
+
+Append a local router to handle the XSUAA security locally;
+```bash
+cds add approuter
+```
+The command will drop a number of files into the `app` folder but we want to control these so we are going to move them!
+```bash
+mkdir -p localrouter
+mv app/default-env.json app/package.json app/xs-app.json localrouter/
+```
+
+Modify `default-env.json` so that is spins up on port `5001`;
+```JSON
+{
+  "destinations": [
+    {
+      "name": "srv-api",
+      "url": "http://localhost:4004",
+      "forwardAuthToken": true
+    }
+  ],
+  "PORT": 5001
+}
+```
+
+## Step 3 - Update xs-security.json
+
+Append support for the different OAuth endpoints, for local development with VSCode, Business Application Studio and SAP BTP Cloud Foundry;
+```JSON
+  "oauth2-configuration": {
+    "redirect-uris": [
+        "https://**.hana.ondemand.com/**",
+        "https://**.applicationstudio.cloud.sap/**",
+        "http://localhost:*/**"
+    ]
+  },
+```
+
+Apply new `scopes` and `role-templates` to lock down your Catalog service;
+```JSON
+  "scopes": [
+    {
+      "name": "$XSAPPNAME.capuser",
+      "description": "CAP Project Generated role scope"
+    }
+  ],
+  "role-templates": [
+    {
+      "name": "capuser",
+      "description": "CAP Project Generated role template",
+      "scope-references": ["$XSAPPNAME.capuser"],
+      "attribute-references": []
+    }
+  ],
+```
+
+## Step 4 - Apply security to Catalog Service
+
+Edit `srv` -> `cat-service.cds` and replace `@requires: 'authenticated-user'` with `@(requires: 'capuser')`. 

cap/cap-fiori-hybrid/localrouter/xs-app.json

@@ -1,10 +1,22 @@
 {
+  "welcomeFile": "app/index.html",
   "routes": [
+    {
+      "source": "^/app/(.*)$",
+      "target": "$1",
+      "localDir": ".",
+      "cacheControl": "no-cache, no-store, must-revalidate"
+    },
+    {
+      "source": "^/appconfig/",
+      "localDir": ".",
+      "cacheControl": "no-cache, no-store, must-revalidate"
+    },
     {
       "source": "^/(.*)$",
       "target": "$1",
-      "destination": "srv_api",
+      "destination": "srv-api",
       "csrfProtection": true
     }
   ]
-}
+}

cap/cap-fiori-hybrid/mta.yaml

@@ -40,7 +40,7 @@ modules:
             name: managedAppCAPProject_html_repo_host-key
       - name: uaa_managedAppCAPProject
         parameters:
-          service-key:
+          service-key: # creates xsuaa service key for Managed approuter
             name: managedAppCAPProject-xsuaa-service-key
     parameters:
       content:
@@ -133,7 +133,7 @@ resources:
       service-name: managedAppCAPProject-xsuaa-service
       service-plan: application
 parameters:
-  appname: mycapproject-jl-unique
+  appname: mycapproject-unique
   deploy_mode: html5-repo
   enable-parallel-deployments: true
 build-parameters:

cap/cap-fiori-hybrid/xs-security.json

@@ -24,6 +24,5 @@
         "http://localhost:*/**"
     ]
   },
-  "attributes": [],
   "authorities-inheritance": false
 }