feat: helm chart crossplane-provider-btp-security - SubaccountApiCredential & RoleCollectionAssignment subaccountApiCredentialRef added (#48)

sk31337 · web-flow · commit 3d8f2003d809 · 2025-10-22T15:40:54.000+02:00
diff --git a/helm/charts/crossplane-provider-btp-security/Chart.yaml b/helm/charts/crossplane-provider-btp-security/Chart.yaml
@@ -17,7 +17,7 @@ icon: "https://avatars.githubusercontent.com/u/45158470?s=48&v=4"
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.14
+version: 0.0.15
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
diff --git a/helm/charts/crossplane-provider-btp-security/README.md b/helm/charts/crossplane-provider-btp-security/README.md
@@ -2,7 +2,7 @@
 
 # crossplane-provider-btp-security
 
-![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.2](https://img.shields.io/badge/AppVersion-1.1.2-informational?style=flat-square)
+![Version: 0.0.15](https://img.shields.io/badge/Version-0.0.15-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.2](https://img.shields.io/badge/AppVersion-1.1.2-informational?style=flat-square)
 
 A Helm Chart to template crossplane manifests to manage BTP resources such as Directory, TrustConfiguration and RoleCollection Assignment on BTP.
 
@@ -23,11 +23,17 @@ A Helm Chart to template crossplane manifests to manage BTP resources such as Di
 | globalaccountTrustConfigurations[0].name | string | - | Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/GlobalaccountTrustConfiguration/v1alpha1@v1.1.2?path=metadata). |
 | globalaccountTrustConfigurations[0].writeConnectionSecretToRef | list | `[]` | optional |
 | roleCollectionAssignments | list | object | `roleCollectionAssignments[].` orchestrate [`kind: RoleCollectionAssignment`](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) of [BTP Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model). |
-| roleCollectionAssignments[0] | object | `{"apiCredentials":[],"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! |
-| roleCollectionAssignments[0].apiCredentials | list | `[]` | [apiCredentials](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD |
+| roleCollectionAssignments[0] | object | `{"apiCredentials":[],"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","subaccountApiCredentialRef":[],"writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! |
+| roleCollectionAssignments[0].apiCredentials | list | `[]` | optional [apiCredentials](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD |
 | roleCollectionAssignments[0].forProvider | list | `[]` | [forProvider](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD |
 | roleCollectionAssignments[0].name | string | - | Name of the RoleCollectionAssignment resource - [CRD Browser](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2?path=metadata). |
+| roleCollectionAssignments[0].subaccountApiCredentialRef | list | `[]` | optional [subaccountApiCredentialRef](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD |
 | roleCollectionAssignments[0].writeConnectionSecretToRef | list | `[]` | optional |
+| subaccountApiCredentials | list | object | `subaccountApiCredentials[].` orchestrate [`kind: SubaccountApiCredential`](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountApiCredential/v1alpha1@v1.3.0) of [BTP Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model). |
+| subaccountApiCredentials[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! |
+| subaccountApiCredentials[0].forProvider | list | `[]` | [forProvider](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountApiCredential/v1alpha1@v1.3.0) CRD |
+| subaccountApiCredentials[0].name | string | - | Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountApiCredential/v1alpha1@v1.3.0). |
+| subaccountApiCredentials[0].writeConnectionSecretToRef | list | `[]` | optional |
 | subaccountTrustConfigurations | list | object | `subaccountTrustConfigurations[].` orchestrate [`kind: SubaccountTrustConfiguration`](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountTrustConfiguration/v1alpha1@v1.1.2) of [BTP Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model). |
 | subaccountTrustConfigurations[0] | object | `{"btpSapCrossplaneProviderConfigRefName":"","forProvider":[],"name":"","writeConnectionSecretToRef":[]}` | btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)! |
 | subaccountTrustConfigurations[0].forProvider | list | `[]` | [forProvider](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountTrustConfiguration/v1alpha1@v1.1.2) CRD |
diff --git a/helm/charts/crossplane-provider-btp-security/templates/role-collection-assignment.yaml b/helm/charts/crossplane-provider-btp-security/templates/role-collection-assignment.yaml
@@ -17,9 +17,13 @@ spec:
   apiCredentials:
     {{- $item.apiCredentials | toYaml | nindent 4 }}
     {{- end }}
+    {{- if $item.subaccountApiCredentialRef}}
+  subaccountApiCredentialRef:
+    {{- $item.subaccountApiCredentialRef | toYaml | nindent 4 }}
+    {{- end }}  
     {{- if $item.writeConnectionSecretToRef}}
   writeConnectionSecretToRef:
     {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }}
     {{- end }}
   {{- end }}
-{{- end }}
+{{- end }}
diff --git a/helm/charts/crossplane-provider-btp-security/templates/subaccount-api-credential.yaml b/helm/charts/crossplane-provider-btp-security/templates/subaccount-api-credential.yaml
@@ -0,0 +1,21 @@
+{{- range $item := .Values.subaccountApiCredentials }}
+  {{- if and ($item) (ne $item.name "") }}
+---
+apiVersion: security.btp.sap.crossplane.io/v1alpha1
+kind: SubaccountApiCredential
+metadata:
+  name: {{required "A valid value is required! (.Values.subaccountApiCredentials[].name)" $item.name | lower }}
+  labels:
+    openmcp.cloud/blueprint-building-block: "{{ $.Chart.Name }}"
+    openmcp.cloud/blueprint-building-block-version: "{{ $.Chart.Version }}"
+spec:
+  providerConfigRef:
+    name: {{ required "A valid value is required! (.Values.subaccountApiCredentials[].btpSapCrossplaneProviderConfigRefName)" $item.btpSapCrossplaneProviderConfigRefName | lower }}
+  forProvider:
+    {{- required "A valid value is required! (.Values.subaccountApiCredentials[].forProvider)" $item.forProvider | toYaml | nindent 4 }}
+    {{- if $item.writeConnectionSecretToRef}}
+  writeConnectionSecretToRef:
+    {{- $item.writeConnectionSecretToRef | toYaml | nindent 4 }}
+    {{- end }}  
+  {{- end }}
+{{- end }}
diff --git a/helm/charts/crossplane-provider-btp-security/values.ci.yaml b/helm/charts/crossplane-provider-btp-security/values.ci.yaml
@@ -37,6 +37,8 @@ roleCollectionAssignments:
       origin: "origin"
       roleCollectionName: "roleCollectionName"
       userName: "userName"
+    subaccountApiCredentialRef:
+      name: "name"
     apiCredentials:
       env:
         name: "name"
@@ -62,4 +64,14 @@ globalaccountTrustConfigurations:
     writeConnectionSecretToRef:
       name: "name"
       namespace: "namespace"
-########################################################################################################################
+########################################################################################################################
+subaccountApiCredentials:
+  - name: "poc-mcp-btp-kyma"
+    btpSapCrossplaneProviderConfigRefName: "btpSapCrossplaneProviderConfigRefName"
+    forProvider:
+      subaccountRef:
+        name: poc-mcp-btp-kyma
+    writeConnectionSecretToRef:
+      name: xsuaa-creds-my-subaccount
+      namespace: default
+########################################################################################################################
diff --git a/helm/charts/crossplane-provider-btp-security/values.yaml b/helm/charts/crossplane-provider-btp-security/values.yaml
@@ -23,8 +23,10 @@ roleCollectionAssignments:
     name: ""
     # -- [forProvider](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD
     forProvider: []
-    # -- [apiCredentials](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD
+    # -- optional [apiCredentials](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD
     apiCredentials: []
+    # -- optional [subaccountApiCredentialRef](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/RoleCollectionAssignment/v1alpha1@v1.1.2) CRD
+    subaccountApiCredentialRef: []
     # -- optional
     writeConnectionSecretToRef: []
 ########################################################################################################################
@@ -41,3 +43,16 @@ globalaccountTrustConfigurations:
     # -- optional
     writeConnectionSecretToRef: []
 ########################################################################################################################
+# -- `subaccountApiCredentials[].` orchestrate [`kind: SubaccountApiCredential`](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountApiCredential/v1alpha1@v1.3.0) of [BTP Accounts](https://help.sap.com/docs/btp/sap-business-technology-platform/account-model).
+# @default -- object
+subaccountApiCredentials:
+  # -- btpSapCrossplaneProviderConfigRefName defines crossplane provider configuration reference name (identifier) of a [BTP Global Account](https://help.sap.com/docs/btp/sap-business-technology-platform/getting-global-account)!
+  - btpSapCrossplaneProviderConfigRefName: ""
+    # subaccountApiCredentials[0].name -- Name of the GlobalaccountTrustConfiguration resource - [CRD Browser](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountApiCredential/v1alpha1@v1.3.0).
+    # @default -- -
+    name: ""
+    # -- [forProvider](https://doc.crds.dev/github.com/SAP/crossplane-provider-btp/security.btp.sap.crossplane.io/SubaccountApiCredential/v1alpha1@v1.3.0) CRD
+    forProvider: []
+    # -- optional
+    writeConnectionSecretToRef: []
+########################################################################################################################
