diff --git a/in-development/mission_3774_sap_task_center/README.md b/in-development/mission_3774_sap_task_center/README.md index f55a9256..76e612ae 100644 --- a/in-development/mission_3774_sap_task_center/README.md +++ b/in-development/mission_3774_sap_task_center/README.md @@ -2,7 +2,8 @@ ## Overview -This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Keep the Core Clean Using SAP Build Apps with SAP S/4HANA](https://discovery-center.cloud.sap/index.html#/missiondetail/3774/) +This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Establish a Central Inbox with SAP Task Center](https://discovery-center.cloud.sap/index.html#/missiondetail/3774/) + ## Content of setup @@ -11,7 +12,7 @@ The setup comprises the following resources: - Creation of the SAP BTP subaccount - Entitlements of services - Subscriptions to applications -- Creation of service instances +- Creation of service instance - Role collection assignments to users ## Deploying the resources @@ -27,11 +28,17 @@ To deploy the resources you must: export BTP_PASSWORD= ``` -2. Change the variables in the `common_sample.tfvars` file to meet your requirements +2. Set the environment variables CF_USERNAME and CF_PASSWORD to pass credentials to the CF provider to authenticate and interact with your CF environment. + + ```bash + export CF_USER= + export CF_PASSWORD= + ``` + +3. Change the variables in the `common_sample.tfvars` file to meet your requirements > The minimal set of parameters you should specify (beside user_email and password) is globalaccount (i.e. its subdomain) and the used custom_idp. -3. Switch to the `1_main_config` folder 4. Change the variables in `sample.tfvars` file to meet your requirements diff --git a/in-development/mission_3774_sap_task_center/step_1/README.md b/in-development/mission_3774_sap_task_center/step_1/README.md new file mode 100644 index 00000000..1b327508 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/README.md @@ -0,0 +1,48 @@ +# Sample Setup of an SAP Task Center on SAP BTP - Step 1 + +## Overview + +This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. + +This directory contains the configuration the first step of the setup namely: + +- a new subaccount +- the entitlements for SAP Task Center +- the subscription for SAP Build Workzone, standard edition +- the Cloud Foundry environment +- The trust setup to the custom IdP +- Assignment of users to the role collections + +## Deploying the resources + +To deploy the resources of step 1 execute the following commands: + +1. Initialize your workspace: + + ```bash + terraform init + ``` + +1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain + +1. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file=".tfvars" + ``` + +1. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file=".tfvars" + ``` + +> **Note** - Some variables of the output of the first step are needed as input for the second step. + +## When finished + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file=".tfvars" +``` \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/locals.tf b/in-development/mission_3774_sap_task_center/step_1/locals.tf new file mode 100644 index 00000000..23462039 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/locals.tf @@ -0,0 +1,4 @@ +locals { + service_name__sap_task_center = "one-inbox-service" + service_name__build_workzone = "SAPLaunchpad" +} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/main.tf b/in-development/mission_3774_sap_task_center/step_1/main.tf new file mode 100644 index 00000000..daa5afb7 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/main.tf @@ -0,0 +1,86 @@ +############################################################################################### +# Setup of names in accordance to naming convention +############################################################################################### +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + project_subaccount_domain = lower(replace("mission-3774-${local.random_uuid}", "_", "-")) + project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) +} +############################################################################################### +# Creation of subaccount +############################################################################################### +resource "btp_subaccount" "project" { + name = var.subaccount_name + subdomain = local.project_subaccount_domain + region = lower(var.region) +} +# ------------------------------------------------------------------------------------------------------ +# Assignment of users as sub account administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} +# ------------------------------------------------------------------------------------------------------ +# Assignment of users as sub account service administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset("${var.subaccount_service_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} +###################################################################### +# Creation of Cloud Foundry environment +###################################################################### +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = btp_subaccount.project.id + name = local.project_subaccount_cf_org + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label = var.cf_environment_label + parameters = jsonencode({ + instance_name = local.project_subaccount_cf_org + }) +} +############################################################################################### +# Prepare and setup app: SAP Build Workzone, standard edition +############################################################################################### +# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition +resource "btp_subaccount_entitlement" "build_workzone" { + subaccount_id = btp_subaccount.project.id + service_name = local.service_name__build_workzone + plan_name = var.service_plan__build_workzone + amount = var.service_plan__build_workzone == "free" ? 1 : null +} +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_workzone" { + subaccount_id = btp_subaccount.project.id + app_name = local.service_name__build_workzone + plan_name = var.service_plan__build_workzone + depends_on = [btp_subaccount_entitlement.build_workzone] +} +############################################################################################### +# Prepare and setup app: SAP Task Center +############################################################################################### +# Entitle subaccount for usage of app destination SAP Task Center +resource "btp_subaccount_entitlement" "taskcenter" { + subaccount_id = btp_subaccount.project.id + service_name = local.service_name__sap_task_center + plan_name = "standard" +} +# ------------------------------------------------------------------------------------------------------ +# Assignment of users as launchpad administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "launchpad-admins" { + for_each = toset("${var.launchpad_admins}") + subaccount_id = btp_subaccount.project.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.build_workzone] +} diff --git a/in-development/mission_3774_sap_task_center/step_1/outputs.tf b/in-development/mission_3774_sap_task_center/step_1/outputs.tf new file mode 100644 index 00000000..c4a40ade --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/outputs.tf @@ -0,0 +1,24 @@ +output "subaccount_id" { + value = btp_subaccount.project.id + description = "The ID of the project subaccount." +} + +output "cf_org_name" { + value = local.project_subaccount_cf_org + description = "The name of the project subaccount." +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cloudfoundry.landscape_label + description = "The ID of the Cloud Foundry environment." +} + +output "cf_api_endpoint" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + description = "API endpoint of the Cloud Foundry environment." +} + +output "cf_landscape_label" { + value = btp_subaccount_environment_instance.cloudfoundry.platform_id + description = "The landscape label of the Cloud Foundry environment." +} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/provider.tf b/in-development/mission_3774_sap_task_center/step_1/provider.tf new file mode 100644 index 00000000..1c7b0ab1 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/provider.tf @@ -0,0 +1,14 @@ +### +# Define the required providers for this module +### +terraform { + required_providers { + btp = { + source = "sap/btp" + } + } +} +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} diff --git a/in-development/mission_3774_sap_task_center/step_1/sample.tfvars b/in-development/mission_3774_sap_task_center/step_1/sample.tfvars new file mode 100644 index 00000000..990c5897 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/sample.tfvars @@ -0,0 +1,17 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "yourglobalaccount" +region = "datacenter" +subaccount_name = "subaccount_name" +cf_environment_label = "cf_environment_label" + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ + +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] +custom_idp = "your custom idp" +launchpad_admins = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/variables.tf b/in-development/mission_3774_sap_task_center/step_1/variables.tf new file mode 100644 index 00000000..7572ae87 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_1/variables.tf @@ -0,0 +1,89 @@ +###################################################################### +# Customer account setup +###################################################################### +variable "globalaccount" { + type = string + description = "Defines the global account" + default = "yourglobalaccount" +} + +variable "cli_server_url" { + type = string + description = "Defines the CLI server URL" + default = "https://cli.btp.cloud.sap" +} + +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Establish a Central Inbox with SAP Task Center" +} +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "launchpad_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "custom_idp" { + type = string + description = "Defines the custom IdP" + default = "" +} + +variable "environment_label" { + type = string + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "cf-us10" +} + +variable "cf_org_name" { + type = string + description = "Name of the Cloud Foundry org." + default = "mission-3774-sap-task-center" + + validation { + condition = can(regex("^.{1,255}$", var.cf_org_name)) + error_message = "The Cloud Foundry org name must not be emtpy and not exceed 255 characters." + } +} + +variable "service_plan__build_workzone" { + type = string + description = "The plan for build_workzone subscription" + default = "free" + validation { + condition = contains(["free", "standard"], var.service_plan__build_workzone) + error_message = "Invalid value for service_plan__build_workzone. Only 'free' and 'standard' are allowed." + } +} diff --git a/in-development/mission_3774_sap_task_center/step_2/README.md b/in-development/mission_3774_sap_task_center/step_2/README.md new file mode 100644 index 00000000..6c36090a --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_2/README.md @@ -0,0 +1,44 @@ +# Sample Setup of an SAP Task Center on SAP BTP - Step 2 + +## Overview + +This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. + +This directory contains the configuration the first step of the setup namely: + +- Creation of service instance for SAP Task Center +- Creation of the service key for the service instance + +## Deploying the resources + +To deploy the resources of step 1 execute the following commands: + +1. Initialize your workspace: + + ```bash + terraform init + ``` + +1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain + +1. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file=".tfvars" + ``` + +1. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file=".tfvars" + ``` + +> **Note** - Some variables of the output of the first step are needed as input for the second step. + +## When finished + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file=".tfvars" +``` \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_2/main.tf b/in-development/mission_3774_sap_task_center/step_2/main.tf new file mode 100644 index 00000000..cf357cf3 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_2/main.tf @@ -0,0 +1,108 @@ +############################################################################################### +# Create the Cloud Foundry space +############################################################################################### +resource "cloudfoundry_space" "space" { + name = var.cf_space_name + org = var.cf_org_id # +} + +############################################################################################### +# assign user as space manager +############################################################################################### +resource "cloudfoundry_space_role" "cf_space_manager" { + username = var.cf_space_manager + type = "space_manager" + space = cloudfoundry_space.space.id + origin = "sap.ids" +} + + +############################################################################################### +# assign user as space developer +############################################################################################### +resource "cloudfoundry_space_role" "cf_space_developer" { + username = var.cf_space_developer + type = "space_developer" + space = cloudfoundry_space.space.id +} + +############################################################################################### +# Create service instance for taskcenter (one-inbox-service) +############################################################################################### +data "cloudfoundry_service" "srvc_taskcenter" { + name = "one-inbox-service" + # depends_on = [time_sleep.wait_a_few_seconds] +} + +resource "cloudfoundry_service_instance" "si_taskcenter" { + name = "sap-taskcenter" + type = "managed" + space = cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.srvc_taskcenter.service_plans["standard"] + depends_on = [cloudfoundry_space_role.cf_space_manager, cloudfoundry_space_role.cf_space_developer] + parameters = jsonencode({ + "authorities" : [], + "defaultCollectionQueryFilter" : "own" + + }) +} + +############################################################################################### +# Create service key +############################################################################################### +resource "random_id" "service_key_stc" { + byte_length = 12 +} +resource "cloudfoundry_service_credential_binding" "sap-taskcenter" { + type = "key" + name = join("_", ["defaultKey", random_id.service_key_stc.hex]) + service_instance = cloudfoundry_service_instance.si_taskcenter.id +} + +############################################################################################### +# Prepare and setup service: destination +############################################################################################### +# Entitle subaccount for usage of service destination +resource "btp_subaccount_entitlement" "destination" { + subaccount_id = var.subaccount_id + service_name = "destination" + plan_name = "lite" +} + +# Get serviceplan_id for stc-service with plan_name "default" +data "btp_subaccount_service_plan" "destination" { + subaccount_id = var.subaccount_id + offering_name = "destination" + name = "lite" + depends_on = [btp_subaccount_entitlement.destination] +} +# Create service instance +resource "btp_subaccount_service_instance" "destination" { + subaccount_id = var.subaccount_id + serviceplan_id = data.btp_subaccount_service_plan.destination.id + name = "destination" + depends_on = [data.btp_subaccount_service_plan.destination] + parameters = jsonencode({ + HTML5Runtime_enabled = true + init_data = { + subaccount = { + existing_destinations_policy = "update" + destinations = [ + { + Description = "[Do not delete] SAP Task Center - Dummy destination" + Type = "HTTP" + # clientId = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["clientid"]}" + # clientSecret = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["clientsecret"]}" + "HTML5.DynamicDestination" = true + Authentication = "OAuth2JWTBearer" + Name = "stc-destination" + # tokenServiceURL = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["url"]}" + ProxyType = "Internet" + # URL = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter.credentials)["url"]}" + tokenServiceURLType = "Dedicated" + } + ] + } + } + }) +} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_2/provider.tf b/in-development/mission_3774_sap_task_center/step_2/provider.tf new file mode 100644 index 00000000..d97e6e97 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_2/provider.tf @@ -0,0 +1,21 @@ +### +# Define the required providers for this module +### +terraform { + required_providers { + btp = { + source = "sap/btp" + } + cloudfoundry = { + source = "SAP/cloudfoundry" + version = "0.2.1-beta" + } + } +} +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} +provider "cloudfoundry" { + api_url = var.cf_api_url +} diff --git a/in-development/mission_3774_sap_task_center/step_2/sample.tfvars b/in-development/mission_3774_sap_task_center/step_2/sample.tfvars new file mode 100644 index 00000000..08947faa --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_2/sample.tfvars @@ -0,0 +1,20 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "yourglobalaccount" +region = "datacenter" +subaccount_name = "subaccount_name" +cf_environment_label = "cf_environment_label" +cf_api_url = "cf api url" + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ + +cfsr_space_manager = "john.doe@test.com" +subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] +subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] +cfsr_space_developer = "john.doe@test.com" +custom_idp = "caias.accounts.ondemand.com" +launchpad_admins = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_2/variables.tf b/in-development/mission_3774_sap_task_center/step_2/variables.tf new file mode 100644 index 00000000..3a04cb92 --- /dev/null +++ b/in-development/mission_3774_sap_task_center/step_2/variables.tf @@ -0,0 +1,119 @@ +###################################################################### +# Customer account setup +###################################################################### +variable "globalaccount" { + type = string + description = "Defines the global account" + default = "yourglobalaccount" +} + +variable "cli_server_url" { + type = string + description = "Defines the CLI server URL" + default = "https://cli.btp.cloud.sap" +} + +variable "cf_api_url" { + type = string + description = "Defines the CLI server URL" + default = "https://api.cf.us10.hana.ondemand.com/" +} + + +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "UC - Establish a Central Inbox with SAP Task Center" +} +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} +# Cloudfoundry environment label +variable "cf_environment_label" { + type = string + description = "The Cloudfoundry environment label" + default = "cf-us10" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "launchpad_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] +} + +variable "custom_idp" { + type = string + description = "Defines the custom IdP" + default = "" +} + +variable "environment_label" { + type = string + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "cf-us10" +} + +variable "cf_org_id" { + type = string + description = "The Cloud Foundry Org ID from the Cloud Foundry environment instance." +} + +variable "cf_org_name" { + type = string + description = "Name of the Cloud Foundry org." + default = "mission-3774-sap-task-center" + + validation { + condition = can(regex("^.{1,255}$", var.cf_org_name)) + error_message = "The Cloud Foundry org name must not be emtpy and not exceed 255 characters." + } +} + +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" +} + +variable "cf_space_manager" { + type = string + description = "Defines the user who are added as space manager." + default = "john.doe@test.com" +} + +variable "cf_space_developer" { + type = string + description = "Defines the user who are added as space developer." + default = "john.doe@test.com" +} + +variable "service_plan__build_workzone" { + type = string + description = "The plan for build_workzone subscription" + default = "free" + validation { + condition = contains(["free", "standard"], var.service_plan__build_workzone) + error_message = "Invalid value for service_plan__build_workzone. Only 'free' and 'standard' are allowed." + } +}