meshcloud
diff --git a/‎modules/sapbtp/subaccounts/buildingblock/APP_TEAM_README.md‎
Lines changed: 22 additions & 4 deletions b/‎modules/sapbtp/subaccounts/buildingblock/APP_TEAM_README.md‎
Lines changed: 22 additions & 4 deletions
diff --git a/‎modules/sapbtp/subaccounts/buildingblock/README.md‎
Lines changed: 132 additions & 34 deletions b/‎modules/sapbtp/subaccounts/buildingblock/README.md‎
Lines changed: 132 additions & 34 deletions
@@ -6,20 +6,36 @@ This building block is designed for application teams that need to develop and d
 
 **Usage Examples**
 
-*   A developer wants to create a new subaccount for a proof-of-concept project with SAP Build Code and Process Automation enabled. They use this building block to quickly provision a subaccount with the required subscriptions.
-*   An application team wants to create a dedicated subaccount for their production application with Cloud Foundry enabled for deployment and SAP IAS configured for single sign-on.
-*   A development team needs a sandbox environment with multiple SAP applications subscribed and proper entitlements allocated for testing purposes.
+*   Create a proof-of-concept project with SAP Build Code and Process Automation
+*   Create a production subaccount with Cloud Foundry, PostgreSQL, Redis, and SAP IAS SSO
+*   Set up a sandbox with multiple SAP applications and Cloud Foundry services for testing
+*   Quickly configure an Integration Suite environment with connectivity services
+*   Provision a development environment with Build Work Zone, Build Code, and supporting services
 
 **Features**
 
-**Application Subscriptions**: Subscribe to SAP BTP applications like SAP Build Code, SAP Process Automation, or Cloud Transport within the subaccount.
+**Application Subscriptions**: Subscribe to SAP BTP applications like SAP Build Code, SAP Process Automation, SAP Build Work Zone, Integration Suite, or Cloud Transport within the subaccount.
 
 **Entitlements Management**: Automatically configure service entitlements required for application subscriptions and service usage.
 
 **Cloud Foundry Environment**: Optionally provision a Cloud Foundry space for application deployment and development.
 
+**Cloud Foundry Services**: Provision commonly used Cloud Foundry service instances such as PostgreSQL, Redis, Destination service, XSUAA, Application Logging, HTML5 Repository, Job Scheduler, Credential Store, and more.
+
 **Trust Configuration**: Configure external identity providers like SAP IAS for single sign-on authentication.
 
+**Most Popular SAP BTP Services Available**:
+- SAP Build Work Zone (central launchpad)
+- SAP Build Code (low-code development)
+- SAP Build Apps (no-code app builder)
+- SAP Build Process Automation
+- SAP Integration Suite
+- SAP HANA Cloud
+- SAP Business Application Studio
+- PostgreSQL and Redis databases
+- Destination and Connectivity services
+- XSUAA (Authentication & Authorization)
+
 **Shared Responsibility**
 
 | Responsibility                    | Platform Team ✅/❌ | Application Team ✅/❌ |
@@ -28,9 +44,11 @@ This building block is designed for application teams that need to develop and d
 | Entitlements Configuration        | ✅                  | ❌                     |
 | Application Subscriptions         | ✅                  | ❌                     |
 | Cloud Foundry Environment Setup   | ✅                  | ❌                     |
+| Cloud Foundry Service Provisioning| ✅                  | ❌                     |
 | Trust Configuration (IDP)         | ✅                  | ❌                     |
 | Using the subaccount              | ❌                  | ✅                     |
 | Application Development           | ❌                  | ✅                     |
 | Cost Management                   | ❌                  | ✅                     |
 | Security & Compliance             | ❌                  | ✅                     |
+| Service Bindings & Keys           | ❌                  | ✅                     |
 | Updates                           | ❌                  | ✅                     |
@@ -19,50 +19,142 @@ This building block provides the following optional capabilities:
 - **Entitlements**: Service quota and plan assignments required for subscriptions
 - **Subscriptions**: Application subscriptions (SAP Build Code, Process Automation, etc.)
 - **Cloud Foundry**: Optional Cloud Foundry environment instance for application deployment
+- **Cloud Foundry Services**: Provision service instances (PostgreSQL, Redis, Destination, XSUAA, etc.)
 - **Trust Configuration**: External Identity Provider integration (SAP IAS, custom IdP)
 
-## Usage Example
+## Usage Examples
+
+### Basic Subaccount with Applications
 
 ```hcl
-module "sap_btp_subaccount" {
-  source = "./modules/sapbtp/subaccounts/buildingblock"
+entitlements = [
+  {
+    service_name = "build-code"
+    plan_name    = "standard"
+  }
+]
 
-  globalaccount      = "my-global-account"
-  project_identifier = "my-project"
-  subfolder          = "development"
-  region             = "eu30"
+subscriptions = [
+  {
+    app_name   = "build-code"
+    plan_name  = "standard"
+    parameters = {}
+  }
+]
+```
 
-  entitlements = [
+### Development Environment with Cloud Foundry Services
+
+```hcl
+entitlements = [
+  {
+    service_name = "hana-cloud"
+    plan_name    = "hana"
+    amount       = 1
+  },
+  {
+    service_name = "PostgreSQL"
+    plan_name    = "small"
+    amount       = 1
+  },
+  {
+    service_name = "destination"
+    plan_name    = "lite"
+  },
+  {
+    service_name = "xsuaa"
+    plan_name    = "application"
+  }
+]
+
+cloudfoundry_instance = {
+  name      = "dev-cf"
+  plan_name = "standard"
+}
+
+cloudfoundry_services = {
+  postgresql_instances = [
     {
-      service_name = "build-code"
-      plan_name    = "free"
-    },
+      name       = "my-postgres-db"
+      plan_name  = "small"
+      parameters = {}
+    }
+  ]
+  xsuaa_instances = [
     {
-      service_name = "storage"
-      plan_name    = "standard"
-      amount       = 5
+      name       = "my-xsuaa"
+      plan_name  = "application"
+      parameters = {
+        xsappname = "my-app"
+      }
     }
   ]
+}
+```
+
+## Common SAP BTP Services
+
+### Popular Application Subscriptions
+
+| Application Name | Service Name | Common Plans | Description |
+|-----------------|--------------|--------------|-------------|
+| SAP Build Work Zone | `SAPLaunchpad` | `standard` | Central entry point for applications |
+| SAP Build Code | `build-code` | `standard`, `free` | Low-code development platform |
+| SAP Build Apps | `sap-build-apps` | `standard`, `free` | No-code app builder |
+| SAP Build Process Automation | `process-automation` | `standard` | Process automation and RPA |
+| SAP Integration Suite | `integrationsuite` | `enterprise_agreement` | Integration and API management |
+| SAP Business Application Studio | `sapappstudio` | `standard-edition` | Web-based IDE |
+| SAP HANA Cloud | `hana-cloud` | `hana`, `hana-cloud-connection` | In-memory database |
+| SAP Cloud Transport Management | `cloud-transport-management` | `standard` | Transport management |
+| SAP Continuous Integration & Delivery | `cicd-app` | `default` | CI/CD pipeline service |
+| SAP Mobile Services | `mobile-services` | `standard` | Mobile app development |
+| SAP Document Management Service | `sdm` | `standard` | Document storage and management |
+
+### Cloud Foundry Services (Entitlements)
+
+**Services requiring `amount` parameter (quota-based):**
+- `PostgreSQL` - PostgreSQL database (plans: small, medium, large)
+- `Redis` - Redis cache (plans: small, medium, large)
+- `hana-cloud` - HANA Cloud database (plans: hana)
+- `auditlog-viewer` - Audit log service (plans: default)
+
+**Services without `amount` parameter (enable-only):**
+- `destination` - Destination configuration (plans: lite)
+- `connectivity` - Cloud Connector integration (plans: lite)
+- `xsuaa` - Authentication & Authorization (plans: application, broker)
+- `application-logs` - Application logging (plans: lite)
+- `html5-apps-repo` - HTML5 application hosting (plans: app-host, app-runtime)
+- `job-scheduler` - Job scheduling service (plans: lite, standard)
+- `credstore` - Credential storage (plans: free, standard)
+- `objectstore` - Object storage S3-compatible (plans: s3-standard)
+
+## Cloud Foundry Service Instances
+
+When `cloudfoundry_instance` is configured, you can provision service instances:
 
-  subscriptions = [
+```hcl
+cloudfoundry_services = {
+  postgresql_instances = [
     {
-      app_name   = "build-code"
-      plan_name  = "free"
+      name       = "my-postgres"
+      plan_name  = "small"
       parameters = {}
     }
   ]
-
-  cloudfoundry_instance = {
-    name      = "dev-cf"
-    plan_name = "standard"
-  }
-
-  trust_configuration = {
-    identity_provider = "mytenant.accounts.ondemand.com"
-  }
+  xsuaa_instances = [
+    {
+      name       = "my-xsuaa"
+      plan_name  = "application"
+      parameters = {
+        xsappname = "my-app"
+      }
+    }
+  ]
 }
 ```
 
+Supported: postgresql_instances, redis_instances, destination_instances, connectivity_instances, xsuaa_instances, application_logs_instances, html5_repo_instances, job_scheduler_instances, credstore_instances, objectstore_instances
+
 ## Providers
 
 ```hcl
@@ -92,29 +184,34 @@ No modules.
 | Name | Type |
 |------|------|
 | [btp_subaccount.subaccount](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount) | resource |
-| [btp_subaccount_entitlement.entitlement](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_entitlement) | resource |
+| [btp_subaccount_entitlement.entitlement_with_quota](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_entitlement) | resource |
+| [btp_subaccount_entitlement.entitlement_without_quota](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_entitlement) | resource |
 | [btp_subaccount_environment_instance.cloudfoundry](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_environment_instance) | resource |
 | [btp_subaccount_role_collection_assignment.subaccount_admin](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_role_collection_assignment) | resource |
 | [btp_subaccount_role_collection_assignment.subaccount_service_admininstrator](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_role_collection_assignment) | resource |
 | [btp_subaccount_role_collection_assignment.subaccount_viewer](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_role_collection_assignment) | resource |
+| [btp_subaccount_service_instance.cf_service](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_service_instance) | resource |
 | [btp_subaccount_subscription.subscription](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_subscription) | resource |
 | [btp_subaccount_trust_configuration.custom_idp](https://registry.terraform.io/providers/SAP/btp/latest/docs/resources/subaccount_trust_configuration) | resource |
 | [btp_directories.all](https://registry.terraform.io/providers/SAP/btp/latest/docs/data-sources/directories) | data source |
+| [btp_subaccount_service_plan.cf_service_plan](https://registry.terraform.io/providers/SAP/btp/latest/docs/data-sources/subaccount_service_plan) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| <a name="input_cloudfoundry_instance"></a> [cloudfoundry\_instance](#input\_cloudfoundry\_instance) | Configuration for Cloud Foundry environment instance. Set to null to skip creation. | <pre>object({<br>    name        = optional(string, "cf-instance")<br>    environment = optional(string, "cloudfoundry")<br>    plan_name   = string<br>    parameters  = optional(map(string), {})<br>  })</pre> | `null` | no |
-| <a name="input_entitlements"></a> [entitlements](#input\_entitlements) | List of entitlements to assign to the subaccount. For quota-based services, specify 'amount'. For multitenant applications (category APPLICATION), omit 'amount' or set to null. Entitlements must be configured before subscriptions can be created. | <pre>list(object({<br>    service_name = string<br>    plan_name    = string<br>    amount       = optional(number)<br>  }))</pre> | `[]` | no |
+| <a name="input_cf_services"></a> [cf\_services](#input\_cf\_services) | Comma-separated list of Cloud Foundry service instances in format: service.plan (e.g., 'postgresql.small,destination.lite,redis.medium') | `string` | `""` | no |
+| <a name="input_cloudfoundry_plan"></a> [cloudfoundry\_plan](#input\_cloudfoundry\_plan) | Cloud Foundry environment plan (standard or trial) | `string` | `"standard"` | no |
+| <a name="input_cloudfoundry_space_name"></a> [cloudfoundry\_space\_name](#input\_cloudfoundry\_space\_name) | Name for the Cloud Foundry space | `string` | `"dev"` | no |
+| <a name="input_enable_cloudfoundry"></a> [enable\_cloudfoundry](#input\_enable\_cloudfoundry) | Enable Cloud Foundry environment in the subaccount | `bool` | `false` | no |
+| <a name="input_entitlements"></a> [entitlements](#input\_entitlements) | Comma-separated list of service entitlements in format: service.plan (e.g., 'postgresql-db.trial,destination.lite,xsuaa.application') | `string` | `""` | no |
 | <a name="input_globalaccount"></a> [globalaccount](#input\_globalaccount) | The subdomain of the global account in which you want to manage resources. | `string` | n/a | yes |
+| <a name="input_identity_provider"></a> [identity\_provider](#input\_identity\_provider) | Custom identity provider origin (e.g., mytenant.accounts.ondemand.com). Leave empty to skip trust configuration. | `string` | `""` | no |
 | <a name="input_project_identifier"></a> [project\_identifier](#input\_project\_identifier) | The meshStack project identifier. | `string` | n/a | yes |
-| <a name="input_region"></a> [region](#input\_region) | The region of the subaccount. | `string` | `"eu30"` | no |
-| <a name="input_subfolder"></a> [subfolder](#input\_subfolder) | The subfolder to use for the SAP BTP resources. This is used to create a folder structure in the SAP BTP cockpit. | `string` | n/a | yes |
-| <a name="input_subscriptions"></a> [subscriptions](#input\_subscriptions) | List of application subscriptions to create in the subaccount (e.g., SAP Build Code, Process Automation). | <pre>list(object({<br>    app_name   = string<br>    plan_name  = string<br>    parameters = optional(map(string), {})<br>  }))</pre> | `[]` | no |
-| <a name="input_trust_configuration"></a> [trust\_configuration](#input\_trust\_configuration) | Trust configuration for external Identity Provider (e.g., SAP IAS). Set to null to skip configuration. Only identity\_provider is required; origin and other attributes are computed. | <pre>object({<br>    identity_provider = string<br>  })</pre> | `null` | no |
+| <a name="input_region"></a> [region](#input\_region) | The region of the subaccount. | `string` | `"eu10"` | no |
+| <a name="input_subfolder"></a> [subfolder](#input\_subfolder) | The subfolder to use for the SAP BTP resources. This is used to create a folder structure in the SAP BTP cockpit. | `string` | `""` | no |
+| <a name="input_subscriptions"></a> [subscriptions](#input\_subscriptions) | Comma-separated list of application subscriptions in format: app.plan (e.g., 'build-workzone.standard,integrationsuite.enterprise\_agreement') | `string` | `""` | no |
 | <a name="input_users"></a> [users](#input\_users) | Users and their roles provided by meshStack | <pre>list(object(<br>    {<br>      meshIdentifier = string<br>      username       = string<br>      firstName      = string<br>      lastName       = string<br>      email          = string<br>      euid           = string<br>      roles          = list(string)<br>    }<br>  ))</pre> | `[]` | no |
-| <a name="input_workspace_identifier"></a> [workspace\_identifier](#input\_workspace\_identifier) | The meshStack workspace identifier. | `string` | n/a | yes |
 
 ## Outputs
 
@@ -126,6 +223,7 @@ No modules.
 | <a name="output_btp_subaccount_region"></a> [btp\_subaccount\_region](#output\_btp\_subaccount\_region) | n/a |
 | <a name="output_cloudfoundry_instance_id"></a> [cloudfoundry\_instance\_id](#output\_cloudfoundry\_instance\_id) | ID of the Cloud Foundry environment instance (if created) |
 | <a name="output_cloudfoundry_instance_state"></a> [cloudfoundry\_instance\_state](#output\_cloudfoundry\_instance\_state) | State of the Cloud Foundry environment instance (if created) |
+| <a name="output_cloudfoundry_services"></a> [cloudfoundry\_services](#output\_cloudfoundry\_services) | Map of Cloud Foundry service instances created in this subaccount |
 | <a name="output_entitlements"></a> [entitlements](#output\_entitlements) | Map of entitlements created for this subaccount |
 | <a name="output_subscriptions"></a> [subscriptions](#output\_subscriptions) | Map of application subscriptions created in this subaccount |
 | <a name="output_trust_configuration_origin"></a> [trust\_configuration\_origin](#output\_trust\_configuration\_origin) | Origin key of the configured trust configuration (if configured) |