diff --git a/released/modules/btp-cf/btp-cf-env-instance/btp_env_cf.tf b/released/modules/btp-cf/btp-cf-env-instance/btp_env_cf.tf index 723bc04e..56950218 100644 --- a/released/modules/btp-cf/btp-cf-env-instance/btp_env_cf.tf +++ b/released/modules/btp-cf/btp-cf-env-instance/btp_env_cf.tf @@ -84,3 +84,5 @@ resource "cloudfoundry_org_role" "billing_role" { type = "organization_auditor" org = btp_subaccount_environment_instance.cf.platform_id } + + diff --git a/released/modules/btp-cf/btp-cf-org-space/README.md b/released/modules/btp-cf/btp-cf-org-space/README.md new file mode 100644 index 00000000..4c13853d --- /dev/null +++ b/released/modules/btp-cf/btp-cf-org-space/README.md @@ -0,0 +1,14 @@ +# Module: modules - btp cloudfoundry org and space setup + +## Overview + +This module performs the following tasks: +- Creates a Cloud Foundry environment instance in a subaccount. +- Assigns users to the newly created Cloud Foundry environment (CF org). +- Creates a space in the newly created Cloud Foundry org. +- Assigns users to the newly created space. + +## Prerequisites + +The following requirements must be met before using this module: +- The subaccount must be entitled to the `cloudfoundry` service with the desired plan. The default plan is `standard`. diff --git a/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space.tf b/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space.tf new file mode 100644 index 00000000..b274e9bb --- /dev/null +++ b/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space.tf @@ -0,0 +1,134 @@ +# ------------------------------------------------------------------------------------------------------ +# Define the required providers for this module +# ------------------------------------------------------------------------------------------------------ +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "~> 1.4.0" + } + cloudfoundry = { + source = "SAP/cloudfoundry" + version = "0.2.1-beta" + } + } +} + +# ------------------------------------------------------------------------------------------------------ +# Fetch all available environments for the subaccount +# ------------------------------------------------------------------------------------------------------ +data "btp_subaccount_environments" "all" { + subaccount_id = var.subaccount_id +} + +# ------------------------------------------------------------------------------------------------------ +# Take the landscape label from the first CF environment if no environment label is provided +# ------------------------------------------------------------------------------------------------------ +resource "null_resource" "cache_target_environment" { + triggers = { + label = length(var.environment_label) > 0 ? var.environment_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label + } + + lifecycle { + ignore_changes = all + } +} + +# ------------------------------------------------------------------------------------------------------ +# Create the Cloud Foundry environment instance +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_environment_instance" "cf" { + subaccount_id = var.subaccount_id + name = var.instance_name + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = var.plan_name + landscape_label = null_resource.cache_target_environment.triggers.label + parameters = jsonencode({ + instance_name = var.cf_org_name + }) + timeouts = { + create = "1h" + update = "35m" + delete = "30m" + } +} + +# ------------------------------------------------------------------------------------------------------ +# Create the Cloud Foundry org users +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_org_role" "org_role" { + for_each = var.cf_org_admins + username = each.value + type = "organization_user" + org = btp_subaccount_environment_instance.cf.platform_id + origin = var.origin + depends_on = [btp_subaccount_environment_instance.cf] +} + +resource "cloudfoundry_org_role" "manager_role" { + for_each = var.cf_org_admins + username = each.value + type = "organization_manager" + org = btp_subaccount_environment_instance.cf.platform_id + origin = var.origin + depends_on = [cloudfoundry_org_role.org_role] +} + +resource "cloudfoundry_org_role" "auditor_role" { + for_each = var.cf_org_auditors + username = each.value + type = "organization_auditor" + org = btp_subaccount_environment_instance.cf.platform_id +} + +resource "cloudfoundry_org_role" "billing_role" { + for_each = var.cf_org_billing_managers + username = each.value + type = "organization_auditor" + org = btp_subaccount_environment_instance.cf.platform_id +} + +# ------------------------------------------------------------------------------------------------------ +# Create the Cloud Foundry space +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_space" "space" { + depends_on = [btp_subaccount_environment_instance.cf] + name = var.space_name + org = btp_subaccount_environment_instance.cf.platform_id +} + +# ------------------------------------------------------------------------------------------------------ +# Create the CF users +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_space_role" "manager" { + for_each = var.cf_space_managers + username = each.value + type = "space_manager" + space = cloudfoundry_space.space.id + origin = var.origin + depends_on = [cloudfoundry_org_role.manager_role] +} + + +resource "cloudfoundry_space_role" "developer" { + for_each = var.cf_space_developers + username = each.value + type = "space_developer" + space = cloudfoundry_space.space.id + origin = var.origin + depends_on = [cloudfoundry_org_role.manager_role] +} + +resource "cloudfoundry_space_role" "auditor" { + for_each = var.cf_space_auditors + username = each.value + type = "space_auditor" + space = cloudfoundry_space.space.id + origin = var.origin + depends_on = [cloudfoundry_org_role.manager_role] +} + + + + diff --git a/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space_outputs.tf b/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space_outputs.tf new file mode 100644 index 00000000..826afb9c --- /dev/null +++ b/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space_outputs.tf @@ -0,0 +1,14 @@ +output "cf_env_instance_id" { + value = btp_subaccount_environment_instance.cf.id + description = "ID of the Cloud Foundry environment instance." +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cf.platform_id + description = "ID of the Cloud Foundry org." +} + +output "cf_api_endpoint" { + value = lookup(jsondecode(btp_subaccount_environment_instance.cf.labels), "API Endpoint", "not found") + description = "API endpoint of the Cloud Foundry environment." +} \ No newline at end of file diff --git a/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space_variables.tf b/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space_variables.tf new file mode 100644 index 00000000..143fd53e --- /dev/null +++ b/released/modules/btp-cf/btp-cf-org-space/btp_cf_org_space_variables.tf @@ -0,0 +1,88 @@ +variable "instance_name" { + type = string + description = "Name of the Cloud Foundry environment instance." + validation { + condition = can(regex("^[a-zA-Z0-9_\\-\\.]{1,32}$", var.instance_name)) + error_message = "Please provide a valid instance name (^[a-zA-Z0-9_\\-\\.]{1,32})." + } +} + +variable "subaccount_id" { + type = string + description = "ID of the subaccount where the Cloud Foundry environment shall be enabled." +} + +variable "plan_name" { + type = string + description = "Desired service plan for the Cloud Foundry environment instance." + default = "standard" +} + +variable "environment_label" { + type = string + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "" +} + +variable "cf_org_name" { + type = string + description = "Name of the Cloud Foundry org." + + validation { + condition = can(regex("^.{1,255}$", var.cf_org_name)) + error_message = "The Cloud Foundry org name must not be emtpy and not exceed 255 characters." + } +} + +variable "cf_org_admins" { + type = set(string) + description = "Defines the colleagues who are added to the Cloud Foundry organization as users." +} + +variable "cf_org_managers" { + type = set(string) + description = "List of Cloud Foundry org managers." +} + +variable "cf_org_billing_managers" { + type = set(string) + description = "List of Cloud Foundry org billing managers." +} + +variable "cf_org_auditors" { + type = set(string) + description = "List of Cloud Foundry org auditors." +} + +variable "cf_org_id" { + type = string + description = "The ID of the Cloud Foundry org." +} + +variable "origin" { + type = string + description = "The identity provider for the UAA user" +} +variable "space_name" { + type = string + description = "The name of the Cloud Foundry space." + default = "dev" +} + +variable "cf_space_managers" { + type = set(string) + description = "The list of Cloud Foundry space managers." + default = [] +} + +variable "cf_space_developers" { + type = set(string) + description = "The list of Cloud Foundry space developers." + default = [] +} + +variable "cf_space_auditors" { + type = set(string) + description = "The list of Cloud Foundry space auditors." + default = [] +} diff --git a/released/usecases/multi_provider_setup/main.tf b/released/usecases/multi_provider_setup/main.tf index de2760e2..11af3bef 100644 --- a/released/usecases/multi_provider_setup/main.tf +++ b/released/usecases/multi_provider_setup/main.tf @@ -21,31 +21,23 @@ resource "btp_subaccount_entitlement" "entitlement-taskcenter" { # Create Cloud Foundry environment ### module "cloudfoundry_environment" { - source = "../../modules/environment/cloudfoundry/envinstance_cf" - + source = "../../modules/btp-cf/btp-cf-org-space" subaccount_id = btp_subaccount.subaccount.id instance_name = var.cloudfoundry_org_name cf_org_name = var.cloudfoundry_org_name - cf_org_managers = [] + cf_org_admins = var.cf_org_admins + cf_org_managers = var.cf_org_admins cf_org_billing_managers = [] cf_org_auditors = [] -} - -### -# Create Cloud Foundry space and assign users -### -module "cloudfoundry_space" { - source = "../../modules/environment/cloudfoundry/space_cf" - cf_org_id = module.cloudfoundry_environment.cf_org_id - name = var.cloudfoundry_space_name - cf_space_managers = var.cloudfoundry_space_managers - cf_space_developers = var.cloudfoundry_space_developers - cf_space_auditors = var.cloudfoundry_space_auditors + space_name = var.space_name + cf_org_id = module.cloudfoundry_environment.cf_org_id + cf_space_managers = var.cf_space_managers + cf_space_developers = var.cf_space_developers + origin = var.origin } ### # Assign the subaccount roles to the users -### resource "btp_subaccount_role_collection_assignment" "subaccount-administrators" { subaccount_id = btp_subaccount.subaccount.id role_collection_name = "Subaccount Administrator" @@ -58,4 +50,4 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-service-adminis role_collection_name = "Subaccount Service Administrator" for_each = var.subaccount_service_admins user_name = each.value -} +} \ No newline at end of file diff --git a/released/usecases/multi_provider_setup/provider.tf b/released/usecases/multi_provider_setup/provider.tf index 6a2ef3f3..6437914a 100644 --- a/released/usecases/multi_provider_setup/provider.tf +++ b/released/usecases/multi_provider_setup/provider.tf @@ -6,8 +6,8 @@ terraform { version = "~> 1.4.0" } cloudfoundry = { - source = "cloudfoundry-community/cloudfoundry" - version = "0.53.1" + source = "SAP/cloudfoundry" + version = "0.2.1-beta" } } } @@ -19,4 +19,4 @@ provider "btp" { // Configuration is described in https://registry.terraform.io/providers/cloudfoundry-community/cloudfoundry/latest/docs provider "cloudfoundry" { api_url = "https://api.cf.${var.region}.hana.ondemand.com" -} +} \ No newline at end of file diff --git a/released/usecases/multi_provider_setup/users.tfvars b/released/usecases/multi_provider_setup/users.tfvars index 106e42a4..c0a776c2 100644 --- a/released/usecases/multi_provider_setup/users.tfvars +++ b/released/usecases/multi_provider_setup/users.tfvars @@ -1,7 +1,8 @@ # see documentation at https://developer.hashicorp.com/terraform/language/values/variables#assigning-values-to-root-module-variables - -cloudfoundry_space_managers = ["john.doe@test.com"] -cloudfoundry_space_developers = ["john.doe@test.com"] -cloudfoundry_space_auditors = ["john.doe@test.com"] -subaccount_admins = ["john.doe@test.com"] -subaccount_service_admins = ["john.doe@test.com"] +origin = "Name of the Identity provider" +cf_org_admins = ["john.doe@test.com"] +cf_space_managers = ["john.doe@test.com"] +cf_space_developers = ["john.doe@test.com"] +cf_space_auditors = ["john.doe@test.com"] +subaccount_admins = ["john.doe@test.com"] +subaccount_service_admins = ["john.doe@test.com"] \ No newline at end of file diff --git a/released/usecases/multi_provider_setup/variables.tf b/released/usecases/multi_provider_setup/variables.tf index c863db78..6c260422 100644 --- a/released/usecases/multi_provider_setup/variables.tf +++ b/released/usecases/multi_provider_setup/variables.tf @@ -62,17 +62,28 @@ variable "cloudfoundry_space_name" { ### # User and Roles for subaccount and Cloud Foundry ### -variable "cloudfoundry_space_managers" { - type = list(string) +variable "cf_org_admins" { + type = set(string) + description = "The List of usres that shall be CF Org users" +} + +variable "space_name" { + type = string + description = "The name of the cloud foundry org." + default = "tf-cforg" +} + +variable "cf_space_managers" { + type = set(string) description = "The list of users that shall be CF space managers." } -variable "cloudfoundry_space_developers" { +variable "cf_space_developers" { type = list(string) description = "The list of users that shall be CF space developers." } -variable "cloudfoundry_space_auditors" { +variable "cf_space_auditors" { type = list(string) description = "The list of users that shall be CF space auditors." } @@ -86,3 +97,8 @@ variable "subaccount_service_admins" { type = set(string) description = "The list of users that shall be subaccount admins." } + +variable "origin" { + type = string + description = "The identity provider for the UAA user" +} \ No newline at end of file