Configure ABAP SDK authentication using tokens for SAP hosted on Compute Engine VM and execute Address validation API

1. Introduction

In this codelab, you'll go through the steps to set up authentication to access Google Cloud APIs using tokens when your SAP system is hosted on a Compute Engine VM instance.

The list of services used are:

• Compute Engine
• Network Services
• Cloud Shell

What you'll build

You'll perform the following:

• Configure the ABAP SDK installed on the SAP system to connect to Google APIs.
• Create an example report program to call the Address Validation API.

2. Requirements

• A browser, such as Chrome or Firefox.
• A Google Cloud project with billing enabled or Create a 90-Day Free Trial account for Google Cloud Platform.
• SAP GUI (Windows or Java) installed in your system. If SAP GUI is already installed on your system, connect to SAP using the VM external IP address as the Application Server IP. If you are on Mac then you can also install the SAP GUI for Java available in this link.

3. Before you begin

• In the Google Cloud Console, on the project selector page, select or create a Google Cloud project (For example, abap-sdk-poc).
• Make sure that billing is enabled for your Cloud project. Learn how to check if billing is enabled on a project. Skip this step if you are using the 90-Day Free Trial Account.
• You will use Cloud Shell, a command-line environment running in Google Cloud. From the Cloud Console, click Activate Cloud Shell on the top right corner:

• Make sure all the necessary APIs (IAM Service Account Credentials API and Address Validation API) are enabled.
• Run the following commands to authenticate for your account and set the default project to abap-sdk-poc. Zone us-west4-b is used as an example. If needed, please change the project and zone in the below commands based on your preference.

gcloud auth login
gcloud config set project abap-sdk-poc
gcloud config set compute/zone us-west4-b
PROJECT_NAME=abap-sdk-poc
REGION=us-west4
ZONE=us-west4-b

• Ensure that you have access to an SAP system with ABAP SDK for Google Cloud installed.
• You can refer to codelab " Install ABAP Platform Trial 2022 on Google Cloud Platform and Install ABAP SDK" to set up a new system.

4. Create a service account and set the Service Account Token Creator role

To create a service account with the required role, perform the following steps:

1. Run the following command to create a service account: (Please skip this step if service account already exists)

gcloud iam service-accounts create abap-sdk-dev \
    --description="ABAP SDK Dev Account" \
    --display-name="ABAP SDK Dev Account"

2. Run the following command to set the Service Account Token Creator role:

gcloud projects add-iam-policy-binding $PROJECT_NAME \
    --member=serviceAccount:abap-sdk-dev@$PROJECT_NAME.iam.gserviceaccount.com \
    --role=roles/iam.serviceAccountTokenCreator

5. Configure client key

Log in to the SAP system with the user name DEVELOPER and password Htods70334 and follow these steps to configure the client key:

1. In the SAP GUI, enter transaction code SPRO.
2. Click SAP Reference IMG.
3. Click ABAP SDK for Google Cloud > Basic Settings > Configure Client Key.
4. Click New Entries.
5. Enter values for the following fields:

Leave the other fields blank

6. Create RFC Destination

Create RFC destination for IAM credential and Address Validation API.

• Under the Technical Settings tab, enter the following details for the ZGOOG_IAMCREDENTIALS destination.

• Under the Technical Settings tab, enter the following details for the ZGOOG_ADDRESSVALIDATION_V1 destination.

• For the SSL Certificate field, make sure that the option DEFAULT SSL Client (Standard) is selected for both the RFC destinations.

7. Configure service mapping

To configure the service mapping table for IAM API and Address Validation API, perform the following steps:

1. In the SAP GUI, enter transaction code SPRO.
2. Click SAP Reference IMG.
3. Click ABAP SDK for Google Cloud > Basic Settings > Configure Service Mapping.
4. Click New Entries for IAM Credential and Address validation API linked to the RFC destinations.

8. Validate configuration

To validate the authentication configuration, perform the following steps:

1. In the SAP GUI, enter transaction code SPRO.
2. Click SAP Reference IMG.
3. Click ABAP SDK for Google Cloud > Utilities > Validate Authentication Configuration.
4. Enter the client key name as ABAP_SDK_DEMO.
5. Click Execute to check if the overall flow is configured successfully.
6. A green check in the Result column indicates that all configuration steps are completed successfully.

9. Create a report program to call the Address Validation service

1. Log in to your SAP System.
2. Go to transaction code SE38 and create a report program with the name ZDEMO_ADDRESS_VALIDATION.
3. In the pop-up that opens up, provide details as shown below, and click Save.

4. In the next pop-up, either select Local Object or provide a package name as appropriate.
5. In the ABAP Editor, add the following code:

" data declarations
DATA lv_ret_code          TYPE i.
DATA lv_err_text          TYPE string.
DATA ls_input             TYPE /goog/cl_addrvaldn_v1=>ty_012.
DATA ls_output            TYPE /goog/cl_addrvaldn_v1=>ty_013.
DATA ls_err_resp          TYPE /goog/err_resp.
DATA lo_exception         TYPE REF TO /goog/cx_sdk.
DATA lo_address_validator TYPE REF TO /goog/cl_addrvaldn_v1.

" instantiate api client stub
TRY.
    lo_address_validator = NEW #( iv_key_name = 'ABAP_SDK_DEV' ).

    " Pass the address to be validated and corrected.
    " Mountain misspelled as  Moutain
    " Amphitheatre misspelled as Amphithetre
    ls_input-address-region_code = 'US'.
    ls_input-address-locality    = 'Moutain View'.
    APPEND '1600, Amphithetre, Parkway' TO ls_input-address-address_lines.

    " call the api method to validate address
    lo_address_validator->validate_address( EXPORTING is_input    = ls_input
                                            IMPORTING es_output   = ls_output
                                                      ev_ret_code = lv_ret_code
                                                      ev_err_text = lv_err_text
                                                      es_err_resp = ls_err_resp ).
    IF     lo_address_validator->is_success( lv_ret_code ) = abap_true
       AND ls_output-result-verdict-address_complete       = abap_true.
      cl_demo_output=>new(
        )->begin_section( `Original Address`
        )->write_data( ls_input-address-region_code
        )->write_data( ls_input-address-locality
        )->write_data( ls_input-address-address_lines
        )->next_section( `Validated & Corrected Address`
        )->begin_section( `Elementary Object`
        )->write_data( ls_output-result-address-formatted_address
        )->display( ).
    ENDIF.

  CATCH /goog/cx_sdk INTO lo_exception.
    " write code here to handle exceptions
    cl_demo_output=>display( lo_exception->get_text( ) ).
ENDTRY.

6. Save and activate the report.
7. Execute the report (F8).

On successful execution you should see the report output as shown below:

10. Congratulations

Congratulations! You have successfully Configured ABAP SDK to call the Address Validation service.

You can now proceed with the other ABAP SDK codelabs to continue with your learning journey of using ABAP SDK for Google Cloud to access various Google Cloud Services.

11. Clean up

If you do not wish to continue with the additional codelabs related to ABAP SDK for Google Cloud, then please proceed with the cleanup.

Delete the project

• Delete the Google Cloud project:

gcloud projects delete abap-sdk-poc

Delete individual resources

1. Delete the client key configuration entries by going into IMG > Google Cloud > Basic Settings > Configure Client Key.
2. Delete the Service Mapping configuration entries by going into IMG > Google Cloud > Basic Settings > Configure Client Key.
3. Delete the RFC destinations ZGOOG_IAMCREDENTIALS and ZGOOG_ADDRESSVALIDATION_V1.
4. Delete the service account:

gcloud iam service-accounts delete \
    abap-sdk-dev@abap-sdk-poc.iam.gserviceaccount.com