chore: update SIT scripts

Author: prajin-op

released/SAP-Inside-Tracks/SITBLR_DEC_2024/README.md

@@ -10,12 +10,10 @@ In this HandsOn we want to make you familiar with the Terraform Provider for SAP
 
 1. [Exercise 1 - Configure the Terraform Provider for SAP BTP](exercises/EXERCISE1/README.md)
 1. [Exercise 2 - Setup of a subaccount](exercises/EXERCISE2/README.md)
-1. [Exercise 3 - Assignment of subaccount emergency administrators](exercises/EXERCISE3/README.md)
-1. [Exercise 4 - Assign entitlements to a subaccount](exercises/EXERCISE4/README.md)
-1. [Exercise 5 - Create a service instance](exercises/EXERCISE5/README.md)
-1. [Exercise 6 - Handle configuration drift](exercises/EXERCISE6/README.md)
-1. [Exercise 7 - Setup a Cloud Foundry environment and a space (optional)](exercises/EXERCISE7/README.md)
-1. [Exercise 8 - Cleanup](exercises/EXERCISE8/README.md)
+1. [Exercise 3 - Assign entitlement,Subscription and its role assignments to a subaccount](exercises/EXERCISE3/README.md)
+1. [Exercise 4 - Setup a Cloud Foundry environment and a space (optional)](exercises/EXERCISE4/README.md)
+1. [Exercise 5 - Exercise 5 - Assignment of subaccount emergency administrators](exercises/EXERCISE5/README.md)
+1. [Exercise 6 - Cleanup](exercises/EXERCISE6/README.md)
 
 The level of the exercises is beginner. You don't need any prior knowledge about Terraform or the Terraform Provider for SAP BTP. We will guide you through the exercises step by step.
 

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE3/README.md

@@ -120,4 +120,4 @@ You can also check that everything is in place via the SAP BTP cockpit. You shou
 
 You've now successfully entitled services and applications to the subaccount.
 
-Continue to - [Exercise 4 - Create service instances and app subscriptions](../EXERCISE5/README.md).
+Continue to - [Exercise 4 - Setup a Cloud Foundry environment](../EXERCISE4/README.md).

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE4/README.md

@@ -286,4 +286,4 @@ You can also check that everything is in place via the SAP BTP cockpit. You shou
 
 You've now successfully created a Cloud Foundry environment instance as well as a Cloud Foundry space in SAP BTP.
 
-Continue to - [Exercise 5 - Cleanup](../EXERCISE8/README.md).
+Continue to - [Exercise 5 - Adding Emergency Administrators](../EXERCISE5/README.md).

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE5/README.md

@@ -1,47 +1,81 @@
-# Exercise 5 - Cleanup
+# Exercise 5 - Assignment of subaccount emergency administrators
 
 ## Goal of this Exercise 🎯
 
-The goal of this exercise is to delete the resources that were created in the previous exercises. This is important to avoid unnecessary costs and to keep the environment clean.
+In this exercise you will learn how to assign users to role collections in the subaccount. We assume that for each subaccount we want to add emergency administrators to the role collection `Subacount Administrator`.
 
-## Step 1: Trigger the deletion of the resources
+## Assign role collection to users
 
-You can delete the resources by running the following command:
+### Step 1: Enhance the variables
 
-```bash
-terraform destroy
+First we need to enhance the `variables.tf` file to add the new variable `emergency_admins`. This variable will be used to define the list of users that will be assigned to the role collection `Subaccount Administrator`. Open the `variables.tf` file and add the following code:
+
+```terraform
+variable "emergency_admins" {
+  type        = list(string)
+  description = "Defines the colleagues who are added to each subaccount as emergency administrators."
+  default     = ["[email protected]", "[email protected]"]
+}
+```
+
+As you can see, the variable type can be a complex one. In this case, it is a list of strings. We define a default value for the variable, which is a list of dummy two email addresses.
+
+This variable will be used in the next step to assign the users to the role collection. Save the changes.
+
+### Step 2: Add the role collection configuration
+
+Now we need to add the configuration to assign the users to the role collection. We use the resource [btp_subaccount_role_collection_assignment](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_role_collection_assignment) to achieve this.
+In addition we must iterate through the list of names and assign each user to the role collection. Open the `main.tf` file and add the following code:
+
+```terraform
+resource "btp_subaccount_role_collection_assignment" "subaccount_users" {
+  for_each             = toset(var.emergency_admins)
+  subaccount_id        = btp_subaccount.project.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
 ```
 
-The output of the command will look similar to this:
+To create a resource for our user we make use of the [`for_each`](https://developer.hashicorp.com/terraform/language/meta-arguments/for_each) meta-argument provided by Terraform. This allows us to create a resource for each element in the list of users. The `for_each` argument works on a map or a set, so we must transform our list of strings into a set via the [`toset`](https://www.terraform.io/docs/language/functions/toset.html) function. We access the value of the current iteration via `each.value`. The `subaccount_id` is set to the id of the subaccount we created in the previous exercise.
+
+> [!NOTE]
+> How does Terraform know that it first needs to create the subaccount and then assign the users to the role collection? Terraform automatically detects this dependency as we are using the output of the subaccount creation namely the `btp_subaccount.project.id` as parameter for the role collection assignment. Due to this Terraform knows that the role collection assignment can only be created after the subaccount has been created and creates a corresponding execution plan. Sometimes you must explicitly model this dependency and we will see how to that in [exercise 5](../EXERCISE5/README.md).
+
+That is already all we need to do. Save the changes.
+
+### Step 3: Apply the changes
 
-<img width="600px" src="assets/ex8_1.png" alt="executing terraform destroy">
+Now we can apply the changes to our subaccount. Run the following commands:
 
-Take also a look at the summary. This will show how the number of resources to be deleted:
+> [!NOTE]
+> As we did not change the configuration of the provider or add any Terraform [modules](https://developer.hashicorp.com/terraform/language/modules), we do not need to run `terraform init` again.
 
-<img width="600px" src="assets/ex8_2.png" alt="overview of deleted resources">
+1. Plan the Terraform configuration to see what will be created:
 
-Terraform will calculate the changes it will execute, namely the deletion of the resources. You will be prompted to confirm the deletion. Check the output of the plan. Type `yes` and hit `Enter` to confirm the deletion.
+    ```bash
+    terraform plan
+    ```
 
-This will now recursively delete all resources that were created by Terraform. This might take a bit of time. At the end you should see a message like this:
+    You should see the following output:
 
-<img width="600px" src="assets/ex8_3.png" alt="result of terraform destroy">
+    <img width="600px" src="assets/ex3_1.png" alt="terraform plan output for role collection assignment">
 
-## Step 2: Verify the deletion of the resources
+2. Apply the Terraform configuration to create the assignment of the role collections:
 
-After the deletion was executed successfully, verify that the resources were deleted. You can check the status of the resources in the SAP BTP cockpit.
+    ```bash
+    terraform apply
+    ```
 
-## Step 3: Check the Terraform state
+    You will be prompted to confirm the creation the assignment of the role collections. Type `yes` and press `Enter` to continue. You should see the following output:
 
-After the deletion of the resources, check the Terraform state. Walk through the following questions:
+    <img width="600px" src="assets/ex3_2.png" alt="terraform apply output for role collection assignment">
 
-- Did the state file disappear or is it still there?
-- If it is still there what is the content of the state file?
+You can also check that everything is in place via the SAP BTP cockpit. You should see the assigned users in the role collection `Subaccount Administrator`:
 
-> [!TIP]
-> You can also use the `terraform state list` command to inspect the state of the resources. You find more information about that command in the [Terraform documentation](https://developer.hashicorp.com/terraform/cli/state/inspect).
+<img width="600px" src="assets/ex3_3.png" alt="role collection assignment in SAP BTP">
 
 ## Summary
 
-Congrats - you've successfully completed the HandsOn. You've now learned how to use Terraform to manage resources in SAP BTP, how to deal with drift and also how to delete the resources again.
+You've now successfully assigned emergency administrators to the subaccount.
 
-Happy Terraforming!
+Continue to - [# Exercise 6 - clean up](../EXERCISE6/README.md).

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE5/SOLUTION_EX3/main.tf

@@ -0,0 +1,32 @@
+###
+# Setup of names in accordance to the company's naming conventions
+###
+locals {
+  project_subaccount_name   = "${var.org_name} | ${var.project_name}: CF - ${var.stage}"
+  project_subaccount_domain = lower(replace("${var.org_name}-${var.project_name}-${var.stage}", " ", "-"))
+  project_subaccount_cf_org = replace("${var.org_name}_${lower(var.project_name)}-${lower(var.stage)}", " ", "_")
+}
+
+###
+# Creation of subaccount
+###
+resource "btp_subaccount" "project" {
+  name      = local.project_subaccount_name
+  subdomain = local.project_subaccount_domain
+  region    = lower(var.region)
+  labels = {
+    "stage"      = ["${var.stage}"],
+    "costcenter" = ["${var.costcenter}"]
+  }
+  usage = "NOT_USED_FOR_PRODUCTION"
+}
+
+###
+# Assignment of emergency admins to subaccount
+###
+resource "btp_subaccount_role_collection_assignment" "subaccount_users" {
+  for_each             = toset(var.emergency_admins)
+  subaccount_id        = btp_subaccount.project.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE5/SOLUTION_EX3/outputs.tf

@@ -0,0 +1,9 @@
+output "subaccount_id" {
+  value       = btp_subaccount.project.id
+  description = "The ID of the project subaccount."
+}
+
+output "subaccount_name" {
+  value       = btp_subaccount.project.name
+  description = "The name of the project subaccount."
+}

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE5/SOLUTION_EX3/provider.tf

@@ -0,0 +1,16 @@
+
+terraform {
+  required_providers {
+    btp = {
+      source  = "sap/btp"
+      version = "~> 1.8.0"
+    }
+  }
+
+}
+
+# Please checkout documentation on how best to authenticate against SAP BTP
+# via the Terraform provider for SAP BTP
+provider "btp" {
+  globalaccount = var.globalaccount
+}

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE5/SOLUTION_EX3/terraform.tfvars-sample

@@ -0,0 +1 @@
+globalaccount = "<YOUR GLOBAL ACCOUT SUBDOMAIN>"

released/SAP-Inside-Tracks/SITBLR_DEC_2024/exercises/EXERCISE5/SOLUTION_EX3/variables.tf

@@ -0,0 +1,76 @@
+###
+# Provider configuration
+###
+variable "globalaccount" {
+  type        = string
+  description = "The subdomain of the SAP BTP global account."
+}
+
+variable "region" {
+  type        = string
+  description = "The region where the project account shall be created in."
+  default     = "us10"
+}
+
+###
+# Subaccount setup
+###
+variable "project_name" {
+  type        = string
+  description = "The subaccount name."
+  default     = "proj-1234"
+
+  validation {
+    condition     = can(regex("^[a-zA-Z0-9_\\-]{1,200}", var.project_name))
+    error_message = "Provide a valid project name."
+  }
+}
+
+variable "stage" {
+  type        = string
+  description = "The stage/tier the account will be used for."
+  default     = "DEV"
+
+  validation {
+    condition     = contains(["DEV", "TST", "PRD"], var.stage)
+    error_message = "Select a valid stage for the project account."
+  }
+}
+
+variable "costcenter" {
+  type        = string
+  description = "The cost center the account will be billed to."
+  default     = "1234567890"
+
+  validation {
+    condition     = can(regex("^[0-9]{10}", var.costcenter))
+    error_message = "Provide a valid cost center."
+  }
+}
+
+variable "org_name" {
+  type        = string
+  description = "Defines to which organisation the project account shall belong to."
+  default     = "B2C"
+
+  validation {
+    condition = contains(concat(
+      // Cross Development
+      ["B2B", "B2C", "ECOMMERCE"],
+      // Internal IT
+      ["PLATFORMDEV", "INTIT"],
+      // Financial Services
+      ["FSIT"],
+    ), var.org_name)
+    error_message = "Please select a valid org name for the project account."
+  }
+}
+
+###
+# Emergency admin setup
+###
+variable "emergency_admins" {
+  type        = list(string)
+  description = "Defines the colleagues who are added to each subaccount as emergency administrators."
+  default     = ["[email protected]", "[email protected]"]
+}