From c0d14b6df2d312ee5375a7b3cf09556e0478e662 Mon Sep 17 00:00:00 2001 From: prajin-op Date: Fri, 25 Oct 2024 12:49:36 +0530 Subject: [PATCH] chore: Added new sample for role collection assignments --- released/usecases/role_assignments/main.tf | 18 +++++++++ .../usecases/role_assignments/provider.tf | 15 +++++++ released/usecases/role_assignments/readme.md | 40 +++++++++++++++++++ .../usecases/role_assignments/variables.tf | 23 +++++++++++ 4 files changed, 96 insertions(+) create mode 100644 released/usecases/role_assignments/main.tf create mode 100644 released/usecases/role_assignments/provider.tf create mode 100644 released/usecases/role_assignments/readme.md create mode 100644 released/usecases/role_assignments/variables.tf diff --git a/released/usecases/role_assignments/main.tf b/released/usecases/role_assignments/main.tf new file mode 100644 index 00000000..b6981842 --- /dev/null +++ b/released/usecases/role_assignments/main.tf @@ -0,0 +1,18 @@ +locals { + user_assignments = [ + for role in var.role_collection_assignments : [ + for user in role.users : { + role_collection_name = role.role_collection_name + user_name = user + } + ] + ] +} + +resource "btp_subaccount_role_collection_assignment" "role_collection_assignment" { + for_each = { for idx, assignment in flatten(local.user_assignments) : "${assignment.role_collection_name}-${assignment.user_name}" => assignment } + + subaccount_id = var.subaccount_id + role_collection_name = each.value.role_collection_name + user_name = each.value.user_name +} \ No newline at end of file diff --git a/released/usecases/role_assignments/provider.tf b/released/usecases/role_assignments/provider.tf new file mode 100644 index 00000000..c1de5022 --- /dev/null +++ b/released/usecases/role_assignments/provider.tf @@ -0,0 +1,15 @@ + +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "~> 1.7.0" + } + } +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + globalaccount = var.globalaccount +} diff --git a/released/usecases/role_assignments/readme.md b/released/usecases/role_assignments/readme.md new file mode 100644 index 00000000..6dbe8531 --- /dev/null +++ b/released/usecases/role_assignments/readme.md @@ -0,0 +1,40 @@ +# BTP Role Collection Assignment + +This Terraform configuration assigns role collections to users within an existing SAP BTP subaccount. The configuration does not create a new subaccount; it requires an existing subaccount ID to apply the assignments. + +## Prerequisites + +- Ensure you have the Subaccount Administrator role in the subaccount where you plan to assign role collections. + +## Usage + +### 1. Define Variables + +Update the values of the following variables in your `terraform.tfvars` to match your setup: + +- **`subaccount_id`**: The ID of the existing subaccount. +- **`role_collection_assignments`**: A map of role collections and the users assigned to each. Each entry includes: + - `role_collection_name`: Name of the role collection. + - `users`: A list of users to assign to this role collection. + +### 2. Example Variable Values + +Here's an example of `terraform.tfvars` with sample input values: + +```hcl +subaccount_id = "your-existing-subaccount-id" + +role_collection_assignments = [ + { + role_collection_name = "Subaccount Service Administrator" + users = ["user1@example.com", "user2@example.com"] + }, + { + role_collection_name = "Subaccount Viewer" + users = ["user1@example.com", "user2@example.com"] + }, + { + role_collection_name = "Destination Administrator" + users = [ "user1@example.com", "user2@example.com"] + } +] diff --git a/released/usecases/role_assignments/variables.tf b/released/usecases/role_assignments/variables.tf new file mode 100644 index 00000000..2bfd6620 --- /dev/null +++ b/released/usecases/role_assignments/variables.tf @@ -0,0 +1,23 @@ +variable "globalaccount" { + description = "Subdomain of your Globalaccount" + type = string +} + +variable "subaccount_id" { + description = "The ID of the existing subaccount." + type = string +} + +variable "role_collection_assignments" { + description = "A map of role collections and their assigned users." + type = map(object({ + role_collection_name = string + users = list(string) + })) +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cpcli.cf.eu10.hana.ondemand.com" +}