feature(sample): new usecase for multiple providers and adjustements of documentation (#4)

Author: lechnerc77

assets/README_TEMPLATE.md

@@ -0,0 +1,42 @@
+# <Sample Title>
+
+## Overview
+
+<!-- Give a short description what the sample -->
+
+## Content of setup
+
+<!-- Describe the content of the sample i.e. which resources will be managed by the configuration -->
+The setup comprises the following resources:
+
+## Deploying the resources
+<!-- Basic setup, adjust if needed -->
+
+To deploy the resources you must:
+
+1. Configure the provider in the `provider.tf` file
+2. Initialize your workspace:
+   
+   ```bash
+   terraform init
+   ```
+
+3. You can check what Terraform plans to apply based on your configuration:
+
+   ```bash
+   terraform plan -var-file="terraform.tfvars 
+   ```
+
+4. Apply your configuration to provision the resources:
+
+   ```bash
+   terraform apply -var-file="terraform.tfvars
+   ```
+
+## When finished
+
+You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command:
+
+```bash
+terraform destroy -var-file="terraform.tfvars
+```

released/multi_provider_setup/README.md

@@ -0,0 +1,54 @@
+# Sample setup with multiple providers
+
+## Overview
+
+This sample showcases the usage of multiple Terraform providers in one setup. This scenario is needed in case of management of a SAP BTP subaccount including the Cloud Foundry space within it.
+
+## Content of the setup
+
+### Environments, services and applications
+
+The setup comprises the following resources:
+
+- Creation of an SAP BTP subaccount
+- Creation of a Cloud Foundry environment within the subaccount
+- Creation of a Cloud Foundry space
+- Creation of entitlements for "XSUAA" (plan "apiaccess"), "Taskcenter" (plan "standard") and "Destination" (plan "light") in the subaccount
+- Assignment of the following role colections to the users defined in the `users.tfvars` file:
+   
+  - Subaccount Administrator
+  - Subaccount Service Administrator
+  - SpaceManager
+  - SpaceDeveloper
+  - SpaceAuditor
+
+## Deploying the resources
+
+To deploy the resources you must:
+
+1. Configure the providers in the `provider.tf` file
+2. Initialize your workspace:
+   
+   ```bash
+   terraform init
+   ```
+
+3. You can check what Terraform plans to apply based on your configuration:
+
+   ```bash
+   terraform plan -var-file="users.tfvars 
+   ```
+
+4. Apply your configuration to provision the resources:
+
+   ```bash
+   terraform apply -var-file="users.tfvars
+   ```
+
+## When finished
+
+You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command:
+
+```bash
+terraform destroy -var-file="users.tfvars
+```

released/multi_provider_setup/main.tf

@@ -0,0 +1,64 @@
+###
+# Create SAP BTP subaccount for default use caee
+###
+resource "btp_subaccount" "subaccount" {
+  name      = var.subacount_name
+  subdomain = var.subacount_subdomain
+  region    = var.region
+}
+
+###
+# Add the entitlements to the subaccount
+###
+resource "btp_subaccount_entitlement" "entitlement-taskcenter" {
+  subaccount_id = btp_subaccount.subaccount.id
+  for_each = var.entitlements
+  service_name  = each.value.service_name
+  plan_name     = each.value.plan_name
+}
+
+###
+# Create Cloud Foundry environment
+###
+module "cloudfoundry_environment" {
+  source                = "./modules/envinstance-cloudfoundry/"
+  subaccount_id         = btp_subaccount.subaccount.id
+  instance_name         = var.cloudfoundry_org_name
+  cloudfoundry_org_name = var.cloudfoundry_org_name
+}
+
+###
+# Create Cloud Foundry space and assign users
+###
+module "cloudfoundry_space" {
+  source              = "./modules/cloudfoundry-space/"
+  cf_org_id           = module.cloudfoundry_environment.org_id
+  name                = var.cloudfoundry_space_name
+  cf_space_managers   = var.cloudfoundry_space_managers
+  cf_space_developers = var.cloudfoundry_space_developers
+  cf_space_auditors   = var.cloudfoundry_space_auditors
+}
+
+###
+# Assign the subaccount roles to the users
+###
+resource "btp_subaccount_role_collection_assignment" "subaccount-administrators" {
+  subaccount_id        = btp_subaccount.subaccount.id
+  role_collection_name = "Subaccount Administrator"
+  for_each             = var.subaccount_admins
+  user_name            = each.value
+  depends_on = [
+    btp_subaccount.subaccount
+  ]
+}
+
+
+resource "btp_subaccount_role_collection_assignment" "subaccount-service-administrators" {
+  subaccount_id        = btp_subaccount.subaccount.id
+  role_collection_name = "Subaccount Service Administrator"
+  for_each             = var.subaccount_service_admins
+  user_name            = each.value
+  depends_on = [
+    btp_subaccount.subaccount
+  ]
+}

released/multi_provider_setup/modules/cloudfoundry-space/main.tf

@@ -0,0 +1,17 @@
+###
+# Create the Cloud Foundry space
+###
+resource "cloudfoundry_space" "space" {
+  name = var.name
+  org = var.cf_org_id
+}
+
+###
+# Create the CF users
+###
+resource "cloudfoundry_space_users" "space-users" {
+  space      = cloudfoundry_space.space.id
+  managers   = var.cf_space_managers
+  developers = var.cf_space_developers
+  auditors   = var.cf_space_auditors
+}

released/multi_provider_setup/modules/cloudfoundry-space/outputs.tf

@@ -0,0 +1,4 @@
+output "id" {
+  value       = cloudfoundry_space.space.id
+  description = "The GUID of the Space."
+}

released/multi_provider_setup/modules/cloudfoundry-space/provider.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "~> 0.50"
+    }
+  }
+}

released/multi_provider_setup/modules/cloudfoundry-space/variables.tf

@@ -0,0 +1,28 @@
+variable "cf_org_id" {
+  type        = string
+  description = "The ID of the Cloud Foundry org."
+}
+
+variable "name" {
+  type        = string
+  description = "The name of the Cloud Foundry space."
+  default     = "dev"
+}
+
+variable "cf_space_managers"{
+  type = list(string)
+  description = "The list of Cloud Foundry space managers."
+  default = []
+}
+
+variable "cf_space_developers"{
+  type = list(string)
+  description = "The list of Cloud Foundry space developers."
+  default = []
+}
+
+variable "cf_space_auditors"{
+  type = list(string)
+  description = "The list of Cloud Foundry space auditors."
+  default = []
+}

released/multi_provider_setup/modules/envinstance-cloudfoundry/main.tf

@@ -0,0 +1,51 @@
+##
+# The orchestration user needs administration access to the cloud foundry environment.
+##
+data "btp_whoami" "orchestrator" {}
+
+resource "null_resource" "cache_orchestrator" {
+  triggers = {
+    id    = data.btp_whoami.orchestrator.id
+    email = data.btp_whoami.orchestrator.email
+  }
+
+  lifecycle {
+    ignore_changes = all
+  }
+}
+
+##
+# If the user doesn't provide an environment label, we have to look it up. We take the first matching entry.
+##
+data "btp_subaccount_environments" "all" {
+  subaccount_id = var.subaccount_id
+}
+
+resource "null_resource" "cache_target_environment" {
+  triggers = {
+    label = length(var.environment_label) > 0 ? var.environment_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
+  }
+
+  lifecycle {
+    ignore_changes = all
+  }
+}
+
+resource "btp_subaccount_environment_instance" "cloudfoundry" {
+  subaccount_id    = var.subaccount_id
+  name             = var.instance_name
+  environment_type = "cloudfoundry"
+  service_name     = "cloudfoundry"
+  plan_name        = var.plan_name
+  landscape_label  = null_resource.cache_target_environment.triggers.label
+
+  parameters = jsonencode({
+    instance_name = var.cloudfoundry_org_name
+    users = [
+      {
+        id    = null_resource.cache_orchestrator.triggers.id
+        email = null_resource.cache_orchestrator.triggers.email
+      }
+    ]
+  })
+}

released/multi_provider_setup/modules/envinstance-cloudfoundry/outputs.tf

@@ -0,0 +1,29 @@
+output "id" {
+  value       = btp_subaccount_environment_instance.cloudfoundry.id
+  description = "The technical ID of the Cloud Foundry environment instance."
+}
+
+output "org_id" {
+  value       = btp_subaccount_environment_instance.cloudfoundry.platform_id 
+  description = "The technical ID of the Cloud Foundry environment instance."
+}
+
+output "api_endpoint" {
+  value       = lookup(jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels), "API Endpoint", "not found")
+  description = "The API endpoint of the Cloud Foundry environment."
+}
+
+output "state" {
+  value       = btp_subaccount_environment_instance.cloudfoundry.state
+  description = "State of the Cloud Foundry environment."
+}
+
+output "created_date" {
+  value       = btp_subaccount_environment_instance.cloudfoundry.created_date
+  description = "The time the resource was created (ISO 8601 format)."
+}
+
+output "last_modified" {
+  value       = btp_subaccount_environment_instance.cloudfoundry.last_modified
+  description = "The last time the resource was updated (ISO 8601 format)."
+}

released/multi_provider_setup/modules/envinstance-cloudfoundry/provider.tf

@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    btp = {
+      source  = "sap/btp"
+      version = "~> 0.1"
+    }
+  }
+}

released/multi_provider_setup/modules/envinstance-cloudfoundry/variables.tf

@@ -0,0 +1,36 @@
+variable "subaccount_id" {
+  type        = string
+  description = "The ID of the subaccount where cloudfoundry shall be enabled."
+}
+
+variable "plan_name" {
+  type        = string
+  description = "The desired service plan for the cloudfoundry environment instance."
+  default     = "standard"
+}
+
+variable "environment_label" {
+  type        = string
+  description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available."
+  default     = ""
+}
+
+variable "instance_name" {
+  type        = string
+  description = "The name of the cloudfoundry environment instance."
+
+  validation {
+    condition     = can(regex("^[a-zA-Z0-9_\\-\\.]{1,32}$", var.instance_name))
+    error_message = "Please provide a valid instance name."
+  }
+}
+
+variable "cloudfoundry_org_name" {
+  type        = string
+  description = "The name of the cloudfoundry organization."
+
+  validation {
+    condition     = can(regex("^.{1,255}$", var.cloudfoundry_org_name))
+    error_message = "The cloudfoundry org name must not be emtpy and not exceed 255 characters"
+  }
+}

released/multi_provider_setup/provider.tf

@@ -0,0 +1,22 @@
+
+terraform {
+  required_providers {
+    btp = {
+      source  = "sap/btp"
+      version = "0.1.0-beta.1"
+    }
+    cloudfoundry = {
+      source  = "cloudfoundry-community/cloudfoundry"
+      version = "~> 0.50"
+    }
+  }
+}
+
+provider "btp" {
+  globalaccount = "ourglobalaccount_subdomain_id"
+}
+
+// Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs
+provider "cloudfoundry" {
+  api_url  = "https://api.cf.us10.hana.ondemand.com"
+}

released/multi_provider_setup/users.tfvars

@@ -0,0 +1,7 @@
+# see documentation at https://developer.hashicorp.com/terraform/language/values/variables#assigning-values-to-root-module-variables
+
+cloudfoundry_space_managers   = ["[email protected]"]
+cloudfoundry_space_developers = ["[email protected]"]
+cloudfoundry_space_auditors   = ["[email protected]"]
+subaccount_admins             = ["[email protected]"]
+subaccount_service_admins     = ["[email protected]"]