On the lookout with SAP BTP Core services. SAP Cloud Management Service (cis).
SAP BTP provides both REST APIs and btp CLI that help automate administrative tasks on the global account, directory, and sub-account level, such as creating or updating sub-accounts, monitoring usage information, managing access, and managing service resources.
Let's see how Account Administration Using btp CLI and Account Administration Using APIs access methods can be combined to work together by example of SAP Cloud Management service.
PS. The destination service is your best (BTP) friend.
The below destination definitions offer an elegant way of using both environment provisioning and saas management services either via automation and/or programmatically:
{
"init_data": {
"subaccount": {
"destinations": [
{
"Description": "cis-httpbin",
"Type": "HTTP",
"clientId": "***",
"HTML5.DynamicDestination": "true",
"HTML5.Timeout": "60000",
"Authentication": "OAuth2ClientCredentials",
"Name": "cis-httpbin",
"tokenServiceURL": "https://<subdomain>.authentication.<region>.hana.ondemand.com/oauth/token",
"ProxyType": "Internet",
"URL": "https://httpbin.org",
"tokenServiceURLType": "Dedicated",
"clientSecret": "***"
},
{
"Description": "SAP Cloud Management Service APIs",
"Type": "HTTP",
"clientId": "***",
"HTML5.DynamicDestination": "true",
"HTML5.Timeout": "60000",
"Authentication": "OAuth2ClientCredentials",
"Name": "saas-manager",
"tokenServiceURL": "https://<subdomain>.authentication.<region>.hana.ondemand.com/oauth/token",
"ProxyType": "Internet",
"URL": "https://saas-manager.cfapps.<region>.hana.ondemand.com",
"tokenServiceURLType": "Dedicated",
"clientSecret": "***"
{
"Description": "SAP Cloud Management Service APIs",
"Type": "HTTP",
"clientId": "***",
"HTML5.DynamicDestination": "true",
"HTML5.Timeout": "60000",
"Authentication": "OAuth2ClientCredentials",
"Name": "provisioning-service",
"tokenServiceURL": "https://<subdomain>.authentication.<region>.hana.ondemand.com/oauth/token",
"ProxyType": "Internet",
"URL": "https://provisioning-service.cfapps.<region>.hana.ondemand.com",
"tokenServiceURLType": "Dedicated",
"clientSecret": "***"
},
}
],
"certificates": [
],
"existing_certificates_policy": "update",
"existing_destinations_policy": "update"
}
}
}
For instance, that's how one could provision a kyma runtime environment if kymaruntime service entitlement were available with a subaccount:
- check kymaruntime availability:
https://<subdomain>.launchpad.cfapps.<region>.hana.ondemand.com/dynamic_dest/provisioning-service/provisioning/v1/availableEnvironments
- create kymaruntime-trial-plan.json file with the following content:
{
"description": "Trial",
"environmentType": "kyma",
"name": "quovadis",
"parameters": {
"name": "quovadis",
"modules": {
"list": [
{
"name": "api-gateway",
"channel": "regular"
},
{
"name": "istio",
"channel": "regular"
},
{
"name": "btp-operator",
"channel": "regular"
},
{
"name": "serverless",
"channel": "regular"
},
{
"name": "connectivity-proxy",
"channel": "regular"
}
]
},
"administrators": [
"admi1@acme.com",
"admi2@acme.com",
"admiN@acme.com"
],
"oidc": {
"clientID": "<OIDC clientID>",
"groupsClaim": "groups",
"issuerURL": "<OIDC issuerURL>",
"signingAlgs": [
"RS256"
],
"usernameClaim": "sub",
"usernamePrefix": "-"
}
},
"planName": "trial",
"serviceName": "kymaruntime",
"user": "<btp-account-admin-email-address>"
}
- provision kymaruntime service with a trial plan:
curl -i -X POST https://<subdomain>.launchpad.cfapps.<region>.hana.ondemand.com/dynamic_dest/provisioning-service/provisioning/v1/environments \
-H "Content-Type: application/json" \
-d @kymaruntime-trial-plan.json
