Technology Blogs by Members
Explore a vibrant mix of technical expertise, industry insights, and tech buzz in member blogs covering SAP products, technology, and events. Get in the mix!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Easy way to automate and configure the setup of a BTP account and Cloud Foundry using Terraform.

kallolathome
Active Participant
3 weeks ago

In last month’s SAP Developers News featuring Code Connect, SAPInsider Challenge, Reuse Access Controls, BTP Terraform | SAP Developer News - YouT... I encountered the new Terraform provider designed for SAP BTP.

Consequently, I considered experimenting with it and documenting the process using my trial account.

Before jumping into the steps, please go through the following links for the details.

I am going to set up the account in two steps:

  1. Setting up the BTP sub-account.
  2. Setting up the Cloud Foundry environment.

N.B: Please use two separate folders for the step 1 & 2.

Step 1:  Setting up the BTP sub-account.

Here, I will use three files: provider.tf (which contains the provider details), main.tf (the config file), and trial-account.tfvars (which contains the variables) for setting up the BTP sub-account using Terraform.

Please check the below section for the details.

  1. provider.tf - Here, I am providing the provider details of the SAP BTP.

 

 

 

terraform {
  required_providers {
    btp = {
      source  = "SAP/btp"
      version = "1.2.0"
    }
  }
}

provider "btp" {
  globalaccount = "{global account id}-ga"
  username      = "your BTP email ID"
  password      = "your BTP password"
}

​​

 

  • main.tf - Here, I am writing the configurations for the account set-up.

 

# variable declarations
variable "parent-dir-name" {
  type        = string
  description = "This is a parent directory"
}

variable "child-dir-name" {
  type        = string
  description = "This is a child directory"
}

variable "sub-account-name" {
  type        = string
  description = "This is a sub-account"
}

variable "sub-account-cf-env-name" {
  type        = string
  description = "This is cloud foundry environment"
}

variable "sub-account-role-collection-admin" {
  type        = string
  description = "This is the sub-account admin role collection"
}

# setting up the btp parent directory
resource "btp_directory" "parent-dir-name" {
  name = var.parent-dir-name
  description = "This is a parent directory"
}

# setting up the btp sub directory with ENTITLEMENT and AUTHORIZATIONS features enabled
resource "btp_directory" "child-dir-name" {
  parent_id = btp_directory.parent-dir-name.id
  name      = var.child-dir-name
  description = "This is a child directory"
  features = ["DEFAULT", "ENTITLEMENTS", "AUTHORIZATIONS"]

}

# setting up thr btp sub-account
resource "btp_subaccount" "sub-account-name" {
  name      = var.sub-account-name
  subdomain = btp_directory.child-dir-name.id
  region    = "us10" #"ap21"
  parent_id = btp_directory.child-dir-name.id
}

# creates a cloud foundry environment in a given account
resource "btp_subaccount_environment_instance" "cloudfoundry" {
  subaccount_id    = btp_subaccount.sub-account-name.id
  name             = var.sub-account-cf-env-name
  environment_type = "cloudfoundry"
  service_name     = "cloudfoundry"
  plan_name        = "trial"
  # some regions offer multiple environments of a kind and you must explicitly select the target environment in which
  # the instance shall be created. 
  # available environments can be looked up using the btp_subaccount_environments datasource
  parameters = jsonencode({
    instance_name = var.sub-account-cf-env-name
  })
}

# setting up the role collection
resource "btp_subaccount_role_collection" "sub-account-role-collection-admin" {
  subaccount_id = btp_subaccount.sub-account-name.id
  name          = var.sub-account-role-collection-admin
  description   = "custom sub-account Administrator"

  roles = [
    {
      name                 = "Subaccount Admin" # role name
      role_template_app_id = "cis-local!b4"     # application identifier
      role_template_name   = "Subaccount_Admin" # role template
    },
    {
      name                 = "Subaccount Service Administrator" # role name
      role_template_app_id = "service-manager!b1476"            # application identifier
      role_template_name   = "Subaccount_Service_Administrator" # role template
    },
    {
      name                 = "Destination Administrator" # role name
      role_template_app_id = "destination-xsappname!b62" # application identifier
      role_template_name   = "Destination_Administrator" # role template
    }
  ]
}

# assign a single ser to a role collection on subaccount level
resource "btp_subaccount_role_collection_assignment" "custom-sub-account-admin-role-col" {
  subaccount_id        = btp_subaccount.sub-account-name.id
  role_collection_name = var.sub-account-role-collection-admin
  user_name            = "email id of the user"
}​

 

  • trial-account.tfvars - Here, I am setting up the values of the variables used in the main.tf file. There is a particular way of using this file as this having a custom name (not terraform.tfvars). After all the files are created, please use the command: terraform init from the directory itself for the initialization.
  • Please use the below command for the using it and also for setting up the account.

 

# trial-account.tfvars contents
parent-dir-name = "test-parent-dir"
child-dir-name = "test-child-dir"
sub-account-name = "test-sub-account"
sub-account-cf-env-name = "test-cf-instance"
sub-account-role-collection-admin = "Custom Admin Role Collection"​
# command
terraform apply -var-file="trial-account.tfvars"​

 

The above codes will create the BTP sub-account shown in the screenshot below.

kallolathome_0-1713753924722.png

Step 2: Setting up the Cloud Foundry environment.

Here, I will use three files: provider.tf (which contains the provider details), main.tf (the config file), and terraform.tfvars (which contains the variables) for setting up the BTP sub-account using Terraform.

  1. provider.tf - Here, I am providing the provider details of the SAP Cloud Foundry.

 

terraform {
  required_providers {
    cloudfoundry = {
      source  = "cloudfoundry-community/cloudfoundry"
      version = "0.50.4"
    }
  }
}

provider "cloudfoundry" {
  api_url  = "https://api.cf.us10-xxx.hana.ondemand.com" # BTP CF API Endpoint 
  user          = "your BTP email ID"
  password      = "your BTP password"
}
​​

 

  • main.tf: Here, I am writing the configurations for the account cloud foundry set-up.

 

# variable declarations
variable "managers" {
  type = list(any)
}
variable "developers" {
  type = list(any)
}
variable "auditors" {
  type = list(any)
}

# setting up the quota
# resource "cloudfoundry_org_quota" "large" {
#   name                     = "large"
#   allow_paid_service_plans = false
#   instance_memory          = 2048
#   total_memory             = 51200
#   total_app_instances      = 100
#   total_routes             = 50
#   total_services           = 200
#   total_route_ports        = 5
# }

# resource "cloudfoundry_org" "test-cf-instance" {
#   name  = "test-cf-instance"
#   quota = cloudfoundry_org_quota.large.id
# }

# creating space
resource "cloudfoundry_space" "cf-devspace" {
  name = "devspace"
  org  = "org id" 
}

# creating space users
resource "cloudfoundry_space_users" "cf-devspace-users" {
  space      = cloudfoundry_space.cf-devspace.id
  managers   = var.managers
  developers = var.developers
  auditors   = var.auditors
}

# creating services
data "cloudfoundry_service" "application-logs" {
  name = "application-logs"
}

resource "cloudfoundry_service_instance" "application-logs-srv" {
  name         = "app-logs-srv"
  space        = cloudfoundry_space.cf-devspace.id
  service_plan = data.cloudfoundry_service.application-logs.service_plans["lite"]
  depends_on   = [cloudfoundry_space_users.cf-devspace-users]
}

data "cloudfoundry_service" "destination" {
  name = "destination"
}

resource "cloudfoundry_service_instance" "destination-service" {
  name         = "destination-service"
  space        = cloudfoundry_space.cf-devspace.id
  service_plan = data.cloudfoundry_service.destination.service_plans["lite"]
  depends_on   = [cloudfoundry_space_users.cf-devspace-users]
}

data "cloudfoundry_service" "connectivity" {
  name = "connectivity"
}

resource "cloudfoundry_service_instance" "connectivity-service" {
  name         = "connectivity-service"
  space        = cloudfoundry_space.cf-devspace.id
  service_plan = data.cloudfoundry_service.destination.service_plans["lite"]
  depends_on   = [cloudfoundry_space_users.cf-devspace-users]
}​

 

  • terraform.tf: Here, I am using the default naming convention not like the above. I am trying to show the possible ways known to me. 😀  After all the files are created, please use the command: terraform init from the directory itself for the initialization. Please use the below command for the applying the config.

 

# contents
managers = ["xxx@gmail.com"]
auditors = ["xxx@gmail.com", "xxx@live.com"]
developers = ["xxx@gmail.com", "xxx@live.com"]​
# command
terraform apply

 

The above codes will make changes to the BTP CF shown in the screenshot below.

kallolathome_0-1713757295201.png

kallolathome_1-1713757338396.png

kallolathome_2-1713757412407.png

kallolathome_0-1713757664685.png

That's it. 😀 I hope that you have found this simple blogpost helpful.

If I miss anything, please feel free to add in the comments.

Happy coding! 😀

Labels in this area
Popular Blog Posts