feat: enhancements of subaccount setup

lechnerc77 · lechnerc77 · commit f2fd128b653d · 2025-04-16T11:57:55.000+02:00
diff --git a/sample-setup/README.md b/sample-setup/README.md
@@ -2,28 +2,17 @@
 
 ## Paradigms
 
-We follow the paradigms of a simpel and clear Terraform configuration as laid out in the [Simple, Clear, Maintainable](https://rosesecurity.dev/blog/2024/11/24/terraform-proverbs) blog post of the [Development Log](https://rosesecurity.dev/) namely:
+We follow the paradigms of a simpel and clear Terraform configuration as laid out in the [Simple, Clear, Maintainable](https://rosesecurity.dev/blog/2024/11/24/terraform-proverbs) blog post of the [Development Log](https://rosesecurity.dev/) especially:
 
 - Clear is better than clever.
-- Version everything.
 - Modules should be reusable, not rigid.
-- State is a liability; manage it wisely.
-- Every apply should be predictable.
 - Outputs are for sharing.
-- Tags are free; use them liberally.
-- Understanding count versus for_each is essential.
+- Labels are free; use them liberally.
 - Descriptions are for users.
 - Use positive variable names to avoid double negatives.
-- Null is not the same as nothing.
-- Prefer a single object over many related variables.
-- Terraform is declarative; trust it to converge.
-- Never output secrets.
-- Upgrade deliberately, not impulsively.
 - Name with underscores, not dashes.
 - Using locals makes code descriptive and maintainable.
 
-These paradigms will be reflected in the code samples provided in this repository and we encourage you to follow them in your own Terraform code.
-
 ## Naming Conventions and Tagging
 
 Ensuring naming conventions is one import aspect when provisioing and managing your SAP BTP account. We will align our samples in accordance to the [Naming Conventions for SAP BTP Accounts](https://help.sap.com/docs/btp/btp-admin-guide/naming-conventions-for-sap-btp-accounts).
diff --git a/sample-setup/basic-setup/subaccount-setup/.terraform.lock.hcl b/sample-setup/basic-setup/subaccount-setup/.terraform.lock.hcl
diff --git a/sample-setup/basic-setup/subaccount-setup/README.md b/sample-setup/basic-setup/subaccount-setup/README.md
@@ -5,3 +5,4 @@
 - Validation of Geo Region and Subaccount region
 - Default Setup of custom IdP
 - Provision CF env (optional)
+- Execute default plus à la carte entitlements
diff --git a/sample-setup/basic-setup/subaccount-setup/main.tf b/sample-setup/basic-setup/subaccount-setup/main.tf
@@ -47,6 +47,28 @@ resource "btp_subaccount_trust_configuration" "custom_idp" {
   available_for_user_logon = true
 }
 
+module "subaccount_default_entitlements" {
+  source = "../../modules/sap-btp-subaccount-default-entitlements"
+
+  stage = var.stage
+}
+
+locals {
+  finalized_entitlements = var.additional_entitlements == {} ? module.subaccount_default_entitlements.default_entitlements_for_stage : merge(
+    module.subaccount_default_entitlements.default_entitlements_for_stage,
+    var.additional_entitlements
+  )
+}
+
+module "sap_btp_entitlements" {
+
+  source  = "aydin-ozcan/sap-btp-entitlements/btp"
+  version = "~> 1.0.1"
+
+  subaccount   = btp_subaccount.self.id
+  entitlements = local.finalized_entitlements
+}
+
 module "cf_environment" {
   source = "../../modules/sap-btp-environment/CloudFoundry"
 
diff --git a/sample-setup/basic-setup/subaccount-setup/outputs.tf b/sample-setup/basic-setup/subaccount-setup/outputs.tf
@@ -1,14 +1,14 @@
 output "subaccount_url" {
-  value       = "https://emea.cockpit.btp.cloud.sap/cockpit/#globalaccount/${data.btp_globalaccount.this.id}/subaccount/${btp_subaccount.project_subaccount.id}"
+  value       = "https://emea.cockpit.btp.cloud.sap/cockpit/#globalaccount/${data.btp_globalaccount.this.id}/subaccount/${btp_subaccount.self.id}/overview"
   description = "The URL to the provisioned subaccount on SAP BTP"
 }
 
 output "cf_api_url" {
-  value       = module.cf_environment.cf_api_url
+  value       = var.provision_cf_environment ? module.cf_environment[0].cf_api_url : "No Cloud Foundry environment was requested to be provisioned"
   description = "The Cloud Foundry API URL"
 }
 
 output "cf_org_id" {
-  value       = module.cf_environment.cf_org_id
+  value       = var.provision_cf_environment ? module.cf_environment[0].cf_org_id : "No Cloud Foundry environment was requested to be provisioned"
   description = "The Cloud Foundry org ID"
 }
diff --git a/sample-setup/basic-setup/subaccount-setup/variables.tf b/sample-setup/basic-setup/subaccount-setup/variables.tf
@@ -65,6 +65,12 @@ variable "custom_indentity_provider" {
   description = "Custom IdP to be used for subaccount"
 }
 
+variable "additional_entitlements" {
+  type        = map(list(string))
+  description = "Entitlements to be provided in addition to the standard entitlements"
+  default     = {}
+}
+
 variable "provision_cf_environment" {
   type        = bool
   description = "Provision Cloud Foundry environment in subaccount"
diff --git a/sample-setup/modules/sap-btp-naming-conventions-directory/main.tf b/sample-setup/modules/sap-btp-naming-conventions-directory/main.tf
@@ -1,7 +1,7 @@
 locals {
-  costcenter_label_name         = "Costcenter"
-  directory_contact_label_name  = "Directory responsibles"
-  managedby_label_name          = "Managed by"
+  costcenter_label_name        = "Costcenter"
+  directory_contact_label_name = "Directory responsibles"
+  managedby_label_name         = "Managed by"
 
   directory_name = var.region == null ? var.business_unit : format(
     "%s%s%s",
@@ -19,9 +19,9 @@ locals {
     var.region
   )
 
-  costcenter_label_name_formatted         = var.label_name_case == "lower" ? lower(local.costcenter_label_name) : var.label_name_case == "title" ? title(local.costcenter_label_name) : upper(local.costcenter_label_name)
-  directory_contact_label_name_formatted  = var.label_name_case == "lower" ? lower(local.directory_contact_label_name) : var.label_name_case == "title" ? title(local.directory_contact_label_name) : upper(local.directory_contact_label_name)
-  managedby_label_name_formatted          = var.label_name_case == "lower" ? lower(local.managedby_label_name) : var.label_name_case == "title" ? title(local.managedby_label_name) : upper(local.managedby_label_name)
+  costcenter_label_name_formatted        = var.label_name_case == "lower" ? lower(local.costcenter_label_name) : var.label_name_case == "title" ? title(local.costcenter_label_name) : upper(local.costcenter_label_name)
+  directory_contact_label_name_formatted = var.label_name_case == "lower" ? lower(local.directory_contact_label_name) : var.label_name_case == "title" ? title(local.directory_contact_label_name) : upper(local.directory_contact_label_name)
+  managedby_label_name_formatted         = var.label_name_case == "lower" ? lower(local.managedby_label_name) : var.label_name_case == "title" ? title(local.managedby_label_name) : upper(local.managedby_label_name)
 
   costcenter_label_value_formatted = var.label_value_case == "lower" ? lower(var.costcenter) : var.label_value_case == "title" ? title(var.costcenter) : var.label_value_case == "upper" ? upper(var.costcenter) : var.costcenter
   management_label_value_formatted = var.label_value_case == "lower" ? lower(var.management_tool) : var.label_value_case == "title" ? title(var.management_tool) : var.label_value_case == "upper" ? upper(var.management_tool) : var.management_tool
diff --git a/sample-setup/modules/sap-btp-naming-conventions-subaccount/main.tf b/sample-setup/modules/sap-btp-naming-conventions-subaccount/main.tf
@@ -80,5 +80,5 @@ locals {
 
   subaccount_usage = var.stage == "Prod" ? "USED_FOR_PRODUCTION" : "NOT_USED_FOR_PRODUCTION"
 
-  cloudfoundry_org_name = local.subaccount_subdomain
+  cloudfoundry_org_name = substr(local.subaccount_subdomain, 0, 32)
 }
diff --git a/sample-setup/modules/sap-btp-naming-conventions-subaccount/variables.tf b/sample-setup/modules/sap-btp-naming-conventions-subaccount/variables.tf
@@ -22,7 +22,7 @@ variable "company_name" {
     Company name to be used for subaccount subdomains. The parameter is optional
     Default value: `null`.
   EOT
-  default = null
+  default     = null
 }
 
 variable "costcenter" {
diff --git a/sample-setup/modules/sap-btp-subaccount-default-entitlements/main.tf b/sample-setup/modules/sap-btp-subaccount-default-entitlements/main.tf
@@ -0,0 +1,25 @@
+locals {
+  default_entitlements = {
+    "Dev" = {
+      "alert-notification" = ["standard"],
+      "auditlog"           = ["standard=1"],
+      "sapappstudio"       = ["build-code"],
+      "xsuaa"              = ["application"]
+    },
+    "Test" = {
+      "alert-notification" = ["standard"],
+      "auditlog"           = ["standard=1"],
+      "xsuaa"              = ["application"]
+    },
+    "Prod" = {
+      "alert-notification" = ["standard"],
+      "auditlog"           = ["standard=1"],
+      "xsuaa"              = ["application"]
+    },
+    "Shared" = {
+      "credstore"  = ["standard"],
+      "hana-cloud" = ["hana"],
+      "hana"       = ["hdi-shared"]
+    }
+  }
+}
diff --git a/sample-setup/modules/sap-btp-subaccount-default-entitlements/outputs.tf b/sample-setup/modules/sap-btp-subaccount-default-entitlements/outputs.tf
@@ -0,0 +1,4 @@
+output "default_entitlements_for_stage" {
+  value       = local.default_entitlements[var.stage]
+  description = "Default entitlements for stage specified by the stage variable"
+}
diff --git a/sample-setup/modules/sap-btp-subaccount-default-entitlements/variables.tf b/sample-setup/modules/sap-btp-subaccount-default-entitlements/variables.tf
@@ -0,0 +1,12 @@
+variable "stage" {
+  type        = string
+  description = <<-EOT
+    Stage of the environment to be setup up.
+    Possible values: `Dev`, `Test`, `Prod`, `Shared`.
+  EOT
+
+  validation {
+    condition     = contains(["Dev", "Test", "Prod", "Shared"], var.stage)
+    error_message = "Stage must be one of the following: `Dev`, `Test`, `Prod`, `Shared`."
+  }
+}
diff --git a/sample-setup/modules/sap-btp-subaccount-default-entitlements/versions.tf b/sample-setup/modules/sap-btp-subaccount-default-entitlements/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+  required_version = ">= 1.11"
+}

Original file line number	Diff line number	Diff line change
`@@ -1,14 +1,14 @@`
`1`	`1`	`output "subaccount_url" {`
`2`		`- value = "https://emea.cockpit.btp.cloud.sap/cockpit/#globalaccount/${data.btp_globalaccount.this.id}/subaccount/${btp_subaccount.project_subaccount.id}"`
	`2`	`+ value = "https://emea.cockpit.btp.cloud.sap/cockpit/#globalaccount/${data.btp_globalaccount.this.id}/subaccount/${btp_subaccount.self.id}/overview"`
`3`	`3`	`description = "The URL to the provisioned subaccount on SAP BTP"`
`4`	`4`	`}`
`5`	`5`
`6`	`6`	`output "cf_api_url" {`
`7`		`- value = module.cf_environment.cf_api_url`
	`7`	`+ value = var.provision_cf_environment ? module.cf_environment[0].cf_api_url : "No Cloud Foundry environment was requested to be provisioned"`
`8`	`8`	`description = "The Cloud Foundry API URL"`
`9`	`9`	`}`
`10`	`10`
`11`	`11`	`output "cf_org_id" {`
`12`		`- value = module.cf_environment.cf_org_id`
	`12`	`+ value = var.provision_cf_environment ? module.cf_environment[0].cf_org_id : "No Cloud Foundry environment was requested to be provisioned"`
`13`	`13`	`description = "The Cloud Foundry org ID"`
`14`	`14`	`}`
Original file line number	Diff line number	Diff line change
`@@ -80,5 +80,5 @@ locals {`
`80`	`80`
`81`	`81`	`subaccount_usage = var.stage == "Prod" ? "USED_FOR_PRODUCTION" : "NOT_USED_FOR_PRODUCTION"`
`82`	`82`
`83`		`- cloudfoundry_org_name = local.subaccount_subdomain`
	`83`	`+ cloudfoundry_org_name = substr(local.subaccount_subdomain, 0, 32)`
`84`	`84`	`}`
Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,7 @@ variable "company_name" {`
`22`	`22`	`Company name to be used for subaccount subdomains. The parameter is optional`
`23`	`23`	Default value: `null`.
`24`	`24`	`EOT`
`25`		`- default = null`
	`25`	`+ default = null`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`variable "costcenter" {`