Exercise for Learning Journey BTP200 (#262)

Author: wope4455

released/discovery_center/mission_3239/README.md

@@ -27,14 +27,14 @@ To deploy the resources you must:
 1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP provider
 
    ```hcl
-   user_email = "<Email address of your BTP user>"
-   password = "<Password of your BTP user>"
+   btp_username = "<Email address of your BTP user>"
+   btp_password = "<Password of your BTP user>"
    ```
    as an alternative you can set this credentials also as environment variables
 
    ```bash
-   export user_email ='<Email address of your BTP user>'
-   export password ='<Password of your BTP user>'
+   export btp_username ='<Email address of your BTP user>'
+   export btp_password ='<Password of your BTP user>'
    ```
 
 3. Change the variables in the `sample.tfvars` file to meet your requirements

released/learning_journey/btp200/README.md

@@ -0,0 +1,64 @@
+# Learning Journey BTP200
+## Overview
+
+This folder contains the files for the Terraform exercise of the SAP Learing Journey BTP200
+
+## Content of setup
+
+The setup comprises the following resources:
+
+- Creation of an SAP BTP subaccount or using an existing subaccount
+- Entitlements of services
+   * SAP Business Application Studio
+   * SAP Build Work Zone, standard edition
+   * Continous Integration & Delivery - optional
+  
+- Subscriptions of the services
+- Role collection assignments to users
+
+## Deploying the resources
+
+Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html)
+
+To deploy the resources you must:
+
+1. Create a file `secret.auto.tfvars` and maintain the credentials for the BTP provider
+
+   ```hcl
+   btp_username = "<Email address of your BTP user>"
+   btp_password = "<Password of your BTP user>"
+   ```
+   As an alternative you can set this credentials also as environment variables. Then you have to set the default values to "" for these variables in variables.tf.git 
+   
+   ```bash
+   export btp_username ='<Email address of your BTP user>'
+   export btp_password ='<Password of your BTP user>'
+   ```
+
+3. Change the variables in the `terraform.tfvars` file to meet your requirements
+   > The minimal set of parameters you should specify (beside btp_user and btp_password) is globalaccount (i.e. its subdomain - you find it in the SAP BTP cockpit in the Account Explorer). If you don't have the global account administrator privileg, you need to have access to a subaccount with the subaccount administrator privileg. In that case you need to set the subaccount_id (You can find it in the SAP BTP cockpit on the subaccount overview page).
+
+ 
+
+4. Initialize your workspace:
+
+   ```bash
+   terraform init
+   ```
+
+5. You can check what Terraform plans to apply based on your configuration:
+
+   ```bash
+   terraform plan 
+   ```
+
+6. Apply your configuration to provision the resources:
+
+   ```bash
+   terraform apply 
+   ```
+7. Remove the changes you have done with this script
+   
+   ```bash
+   terraform destroy 
+   ```

released/learning_journey/btp200/main.tf

@@ -0,0 +1,158 @@
+
+
+###############################################################################################
+# This is the Terraform script for the BTP_200 Learning Journey. In this script you will create
+# the infrastructure for the development of an SAP extension project  
+# The script will do the following
+#   - create a new subaccount (if the subaccount id is not set)
+#   - add users as subaccount administrators and viewers
+#   - create entitlements for the following services:
+#        * SAP Business Application Studio
+#        * SAP Continous & Integration Application
+#        * SAP Build Workzone - standard edition
+#   - create subscriptions
+#   - add user to service role collections
+###############################################################################################
+
+###############################################################################################
+# Creation of subaccount - if subaccount_id = ""
+###############################################################################################
+# Setup subaccount domain (to ensure uniqueness in BTP global account)
+resource "random_uuid" "uuid" {}
+
+resource "btp_subaccount" "create_subaccount" {
+  count     = var.subaccount_id == "" ? 1 : 0
+  name      = var.subaccount_name
+  subdomain = join("-", [var.subaccount_name, random_uuid.uuid.result])
+  region    = lower(var.region)
+}
+
+# For the next resources we need the subaccount ID – either use the new one or one from the subaccount_id variable
+data "btp_subaccount" "project" {
+  id = var.subaccount_id != "" ? var.subaccount_id : btp_subaccount.create_subaccount[0].id
+}
+
+##############################################################################################
+# Assign users to the subaccount role collections
+##############################################################################################
+# Assignment of admins to the sub account as sub account administrators
+resource "btp_subaccount_role_collection_assignment" "subaccount_admins" {
+  for_each             = toset("${var.subaccount_admins}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
+
+# Assignment of developers to the sub account as sub account viewer
+resource "btp_subaccount_role_collection_assignment" "subaccount_viewer" {
+  for_each             = toset("${var.developers}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "Subaccount Viewer"
+  user_name            = each.value
+}
+# Assignment of the subaccount service administrators 
+resource "btp_subaccount_role_collection_assignment" "subaccount_service_admin" {
+  for_each             = toset("${var.service_admins}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "Subaccount Service Administrator"
+  user_name            = each.value
+}
+
+##############################################################################################
+# Creating entitlements
+##############################################################################################
+# Entitle subaccount for usage of app  destination SAP Build Workzone, standard edition
+resource "btp_subaccount_entitlement" "build_workzone" {
+  subaccount_id = data.btp_subaccount.project.id
+  service_name  = "SAPLaunchpad"
+  plan_name     = var.build_workzone_service_plan
+}
+
+# Entitle subaccount for usage of app  destination SAP Business Application Studio
+resource "btp_subaccount_entitlement" "bas" {
+  subaccount_id = data.btp_subaccount.project.id
+  service_name  = "sapappstudio"
+  plan_name     = var.bas_service_plan
+}
+# Entitle subaccount for usage of app  destination Continous Integration & Delivery
+resource "btp_subaccount_entitlement" "cicd" {
+  subaccount_id = data.btp_subaccount.project.id
+  service_name  = "cicd-app"
+  plan_name     = var.cicd_service_plan
+}
+
+##############################################################################################
+# Creating subscriptions
+##############################################################################################
+# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement)
+resource "btp_subaccount_subscription" "build_workzone" {
+  subaccount_id = data.btp_subaccount.project.id
+  app_name      = "SAPLaunchpad"
+  plan_name     = var.build_workzone_service_plan
+  depends_on    = [btp_subaccount_entitlement.build_workzone]
+}
+
+# Create app subscription to SAP Business Application Studio (depends on entitlement)
+resource "btp_subaccount_subscription" "bas" {
+  subaccount_id = data.btp_subaccount.project.id
+  app_name      = "sapappstudio"
+  plan_name     = var.bas_service_plan
+  depends_on    = [btp_subaccount_entitlement.bas]
+}
+# Create app subscription to SAP Business Application Studio (depends on entitlement)
+resource "btp_subaccount_subscription" "cicd" {
+  subaccount_id = data.btp_subaccount.project.id
+  app_name      = "cicd-app"
+  plan_name     = var.cicd_service_plan
+  depends_on    = [btp_subaccount_entitlement.cicd]
+}
+
+###############################################################################################
+# Assign User to role collections
+###############################################################################################
+
+
+# Assign users to Role Collection: Launchpad_Admin
+resource "btp_subaccount_role_collection_assignment" "launchpad_admin" {
+  for_each             = toset("${var.service_admins}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "Launchpad_Admin"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.build_workzone]
+}
+
+# Assign users to Role Collection: Business_Application_Studio_Administrator
+resource "btp_subaccount_role_collection_assignment" "bas_admin" {
+  for_each             = toset("${var.service_admins}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "Business_Application_Studio_Administrator"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.bas]
+}
+
+# Assign users to Role Collection: Business_Application_Studio_Developer
+resource "btp_subaccount_role_collection_assignment" "bas_dev" {
+  for_each             = toset("${var.developers}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "Business_Application_Studio_Developer"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.bas]
+}
+
+# Assign users to Role Collection: CICD Service Administrator
+resource "btp_subaccount_role_collection_assignment" "cicd_admin" {
+  for_each             = toset("${var.service_admins}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "CICD Service Administrator"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.cicd]
+}
+
+# Assign users to Role Collection: CICD Service Developer
+resource "btp_subaccount_role_collection_assignment" "cicd_dev" {
+  for_each             = toset("${var.developers}")
+  subaccount_id        = data.btp_subaccount.project.id
+  role_collection_name = "CICD Service Developer"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.cicd]
+}

released/learning_journey/btp200/provider.tf

@@ -0,0 +1,16 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "sap/btp"
+      version = "~> 1.4.0"
+    }
+  }
+}
+
+# Please checkout documentation on how best to authenticate against SAP BTP
+# via the Terraform provider for SAP BTP
+provider "btp" {
+  globalaccount = var.globalaccount
+  username      = var.btp_username
+  password      = var.btp_password
+}

released/learning_journey/btp200/terraform.tfvars

@@ -0,0 +1,30 @@
+########################################################################
+# Account settings
+########################################################################
+globalaccount   = "<your global account id>"
+region          = "us10"
+subaccount_name = "learningjourney"
+
+# Set the subaccount_id ro run the script in an existing subaccount, 
+# keep it empty to create a new one, for that you need the global account administration role
+subaccount_id = ""
+
+#####################################################################################
+# Subaccount administrators - don't add your own user here, your ID is added automatically
+#####################################################################################
+subaccount_admins = ["[email protected]", "[email protected]"]
+
+
+#####################################################################################
+# Service administrators and developers - add your ID here
+#####################################################################################
+service_admins = ["[email protected]", "[email protected]"]
+developers     = ["[email protected]"]
+
+#####################################################################################
+# Service plans - for testing the services you can set "free" as value, the free service plan 
+# is only supported for SAP BTP accounts  with the CPEA, BTPEA or Pay-as-you-go commercial model
+#####################################################################################
+build_workzone_service_plan = "standard"
+bas_service_plan            = "standard-edition"
+cicd_service_plan           = "default"

released/learning_journey/btp200/variables.tf

@@ -0,0 +1,80 @@
+variable "globalaccount" {
+  type        = string
+  description = "The globalaccount subdomain where the sub account shall be created."
+}
+
+variable "subaccount_name" {
+  type        = string
+  description = "The subaccount name."
+  default     = "My SAP subaccount"
+}
+
+variable "subaccount_id" {
+  type        = string
+  description = "The subaccount ID."
+  default     = ""
+}
+variable "region" {
+  type        = string
+  description = "The region where the subaccount shall be created in."
+  default     = "us10"
+}
+
+variable "build_workzone_service_plan" {
+  type        = string
+  description = "The plan for the SAP Build Workzone subscription"
+  default     = "free"
+  validation {
+    condition     = contains(["free", "standard"], var.build_workzone_service_plan)
+    error_message = "Invalid value for build_workzone_service_plan. Only 'free' and 'standard' are allowed."
+  }
+}
+
+variable "bas_service_plan" {
+  type        = string
+  description = "The plan for SAP Business Application Studio subscription"
+  default     = "free"
+  validation {
+    condition     = contains(["free", "standard-edition"], var.bas_service_plan)
+    error_message = "Invalid value for SAP Business Application Studion. Only 'free' and 'standard-edition' are allowed."
+  }
+}
+
+variable "cicd_service_plan" {
+  type        = string
+  description = "The plan for Continous Integraion & Delivery subscription"
+  default     = "free"
+  validation {
+    condition     = contains(["free", "default"], var.cicd_service_plan)
+    error_message = "Invalid value for Continous Integraion & Delivery. Only 'free' and 'default' are allowed."
+  }
+}
+
+variable "subaccount_admins" {
+  type        = list(string)
+  description = "Defines the colleagues who are added to each subaccount as emergency administrators."
+}
+variable "service_admins" {
+  type        = list(string)
+  description = "Defines the users who are added to each subaccount as service administrators."
+}
+variable "developers" {
+  type        = list(string)
+  description = "Defines the colleagues who are added to services as developers."
+}
+
+variable "btp_username" {
+  type        = string
+  description = "SAP BTP user name"
+  ## set default value to "" when using environment values for user and password
+  # default     = ""
+}
+
+
+variable "btp_password" {
+  type        = string
+  description = "Password for SAP BTP user"
+  sensitive   = true
+  ## set default value to "" when using environment values for user and password
+  # default     = ""
+}