feat: app identifier for role collections (#455)

Co-authored-by: Christian Lechner <[email protected]>

Author: lechnerc77

released/usecases/app_identifer_for_roles/README.md

@@ -0,0 +1,5 @@
+# Creation of role collections
+
+In some scenarios the creation of a service instance or an app subscription only creates the roles but leaves the creation of the role collections to the user. The biggest pain point when automating this setup is to fetch the correct app identifier.
+
+In this setup we want to show how you can fetch this identifier and use it to create the role collections.

released/usecases/app_identifer_for_roles/main.tf

@@ -0,0 +1,54 @@
+resource "btp_subaccount" "self" {
+  name      = "My Dev Project"
+  subdomain = "my-dev-project"
+  region    = var.region
+}
+
+resource "btp_subaccount_entitlement" "auditlog-management_default" {
+  subaccount_id = btp_subaccount.self.id
+  service_name  = "auditlog-management"
+  plan_name     = "default"
+}
+
+data "btp_subaccount_service_plan" "auditlog_default" {
+  name          = "default"
+  offering_name = "auditlog-management"
+  subaccount_id = btp_subaccount.self.id
+
+  depends_on = [btp_subaccount_entitlement.auditlog-management_default]
+}
+
+resource "btp_subaccount_service_instance" "auditlog_default" {
+  name           = "auditlog-default-dev"
+  serviceplan_id = data.btp_subaccount_service_plan.auditlog_default.id
+  subaccount_id  = btp_subaccount.self.id
+}
+
+data "btp_subaccount_apps" "all" {
+  subaccount_id = btp_subaccount.self.id
+
+  depends_on = [btp_subaccount_service_instance.auditlog_default]
+}
+
+locals {
+  app_id = try(
+    { for app in data.btp_subaccount_apps.all.values : app.xsappname => app.id
+    if app.xsappname == "auditlog-management" }
+  )
+}
+
+resource "btp_subaccount_role_collection" "auditlog-viewer" {
+
+  description = "Audit Log Viewer Role Collection"
+  name        = "Audit Log Viewer"
+  roles = [
+    {
+      name                 = "Auditlog_Auditor"
+      role_template_app_id = local.app_id.auditlog-management
+      role_template_name   = "Auditlog_Auditor"
+    },
+  ]
+  subaccount_id = btp_subaccount.self.id
+
+  depends_on = [data.btp_subaccount_apps.all]
+}

released/usecases/app_identifer_for_roles/provider.tf

@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "sap/btp"
+      version = "~>1.12.0"
+    }
+  }
+}
+
+# Please checkout documentation on how best to authenticate against SAP BTP
+# via the Terraform provider for SAP BTP
+provider "btp" {
+  globalaccount = var.globalaccount
+}

released/usecases/app_identifer_for_roles/variables.tf

@@ -0,0 +1,10 @@
+variable "globalaccount" {
+  description = "The subdomainof the global account to use for the SAP BTP provider"
+  type        = string
+}
+
+variable "region" {
+  description = "The region of the subaccount"
+  type        = string
+  default     = "us10"
+}