diff --git a/in-development/mission_3774_sap_task_center/README.md b/in-development/mission_3774_sap_task_center/README.md deleted file mode 100644 index 76e612ae..00000000 --- a/in-development/mission_3774_sap_task_center/README.md +++ /dev/null @@ -1,89 +0,0 @@ -# Discovery Center mission - Establish a Central Inbox with SAP Task Center - -## Overview - -This sample shows how to setup your SAP BTP account for the Discovery Center Mission - [Establish a Central Inbox with SAP Task Center](https://discovery-center.cloud.sap/index.html#/missiondetail/3774/) - - -## Content of setup - -The setup comprises the following resources: - -- Creation of the SAP BTP subaccount -- Entitlements of services -- Subscriptions to applications -- Creation of service instance -- Role collection assignments to users - -## Deploying the resources - -Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) - -To deploy the resources you must: - -1. Set the environment variables BTP_USERNAME and BTP_PASSWORD to pass credentials to the BTP provider to authenticate and interact with your BTP environments. - - ```bash - export BTP_USERNAME= - export BTP_PASSWORD= - ``` - -2. Set the environment variables CF_USERNAME and CF_PASSWORD to pass credentials to the CF provider to authenticate and interact with your CF environment. - - ```bash - export CF_USER= - export CF_PASSWORD= - ``` - -3. Change the variables in the `common_sample.tfvars` file to meet your requirements - - > The minimal set of parameters you should specify (beside user_email and password) is globalaccount (i.e. its subdomain) and the used custom_idp. - - -4. Change the variables in `sample.tfvars` file to meet your requirements - - > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise you might get error messages like e.g. `Error: The user could not be found: jane.doe@test.com`. - - -5. Initialize the workspace for step 1: - - ```bash - terraform init - ``` - -6. You can check what Terraform plans to apply for step 1 based on your configuration: - - ```bash - terraform plan -var-file="../common_sample.tfvars" -var-file="sample.tfvars" - ``` - -7. Apply your configuration for step 1 to provision the resources: - - ```bash - terraform apply -var-file="../common_sample.tfvars" -var-file="sample.tfvars" - ``` - -8. Switch to the `2_disable_default_login` folder. The configuration in this folder disables the default IdP of the subaccount created in step 1 for user logon. - -9. Change the variables in `sample.tfvars` file to meet your requirements - - > ⚠ NOTE: You must copy the `subaccount_id` from the output of step 1 and use it for step 2. - - -5. Initialize the workspace for step 2: - - ```bash - terraform init - ``` - -6. You can check what Terraform plans to apply for step 2 based on your configuration: - - ```bash - terraform plan -var-file="../common_sample.tfvars" -var-file="sample.tfvars" - ``` - -7. Apply your configuration for step 2 to provision the resources: - - ```bash - terraform apply -var-file="../common_sample.tfvars" -var-file="sample.tfvars" - ``` diff --git a/in-development/mission_3774_sap_task_center/step_1/locals.tf b/in-development/mission_3774_sap_task_center/step_1/locals.tf deleted file mode 100644 index 23462039..00000000 --- a/in-development/mission_3774_sap_task_center/step_1/locals.tf +++ /dev/null @@ -1,4 +0,0 @@ -locals { - service_name__sap_task_center = "one-inbox-service" - service_name__build_workzone = "SAPLaunchpad" -} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/main.tf b/in-development/mission_3774_sap_task_center/step_1/main.tf deleted file mode 100644 index daa5afb7..00000000 --- a/in-development/mission_3774_sap_task_center/step_1/main.tf +++ /dev/null @@ -1,86 +0,0 @@ -############################################################################################### -# Setup of names in accordance to naming convention -############################################################################################### -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - project_subaccount_domain = lower(replace("mission-3774-${local.random_uuid}", "_", "-")) - project_subaccount_cf_org = substr(replace("${local.project_subaccount_domain}", "-", ""), 0, 32) -} -############################################################################################### -# Creation of subaccount -############################################################################################### -resource "btp_subaccount" "project" { - name = var.subaccount_name - subdomain = local.project_subaccount_domain - region = lower(var.region) -} -# ------------------------------------------------------------------------------------------------------ -# Assignment of users as sub account administrators -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { - for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.project.id - role_collection_name = "Subaccount Administrator" - user_name = each.value -} -# ------------------------------------------------------------------------------------------------------ -# Assignment of users as sub account service administrators -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { - for_each = toset("${var.subaccount_service_admins}") - subaccount_id = btp_subaccount.project.id - role_collection_name = "Subaccount Service Administrator" - user_name = each.value -} -###################################################################### -# Creation of Cloud Foundry environment -###################################################################### -resource "btp_subaccount_environment_instance" "cloudfoundry" { - subaccount_id = btp_subaccount.project.id - name = local.project_subaccount_cf_org - environment_type = "cloudfoundry" - service_name = "cloudfoundry" - plan_name = "standard" - landscape_label = var.cf_environment_label - parameters = jsonencode({ - instance_name = local.project_subaccount_cf_org - }) -} -############################################################################################### -# Prepare and setup app: SAP Build Workzone, standard edition -############################################################################################### -# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition -resource "btp_subaccount_entitlement" "build_workzone" { - subaccount_id = btp_subaccount.project.id - service_name = local.service_name__build_workzone - plan_name = var.service_plan__build_workzone - amount = var.service_plan__build_workzone == "free" ? 1 : null -} -# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) -resource "btp_subaccount_subscription" "build_workzone" { - subaccount_id = btp_subaccount.project.id - app_name = local.service_name__build_workzone - plan_name = var.service_plan__build_workzone - depends_on = [btp_subaccount_entitlement.build_workzone] -} -############################################################################################### -# Prepare and setup app: SAP Task Center -############################################################################################### -# Entitle subaccount for usage of app destination SAP Task Center -resource "btp_subaccount_entitlement" "taskcenter" { - subaccount_id = btp_subaccount.project.id - service_name = local.service_name__sap_task_center - plan_name = "standard" -} -# ------------------------------------------------------------------------------------------------------ -# Assignment of users as launchpad administrators -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "launchpad-admins" { - for_each = toset("${var.launchpad_admins}") - subaccount_id = btp_subaccount.project.id - role_collection_name = "Launchpad_Admin" - user_name = each.value - depends_on = [btp_subaccount_subscription.build_workzone] -} diff --git a/in-development/mission_3774_sap_task_center/step_1/outputs.tf b/in-development/mission_3774_sap_task_center/step_1/outputs.tf deleted file mode 100644 index c4a40ade..00000000 --- a/in-development/mission_3774_sap_task_center/step_1/outputs.tf +++ /dev/null @@ -1,24 +0,0 @@ -output "subaccount_id" { - value = btp_subaccount.project.id - description = "The ID of the project subaccount." -} - -output "cf_org_name" { - value = local.project_subaccount_cf_org - description = "The name of the project subaccount." -} - -output "cf_org_id" { - value = btp_subaccount_environment_instance.cloudfoundry.landscape_label - description = "The ID of the Cloud Foundry environment." -} - -output "cf_api_endpoint" { - value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] - description = "API endpoint of the Cloud Foundry environment." -} - -output "cf_landscape_label" { - value = btp_subaccount_environment_instance.cloudfoundry.platform_id - description = "The landscape label of the Cloud Foundry environment." -} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/variables.tf b/in-development/mission_3774_sap_task_center/step_1/variables.tf deleted file mode 100644 index 7572ae87..00000000 --- a/in-development/mission_3774_sap_task_center/step_1/variables.tf +++ /dev/null @@ -1,89 +0,0 @@ -###################################################################### -# Customer account setup -###################################################################### -variable "globalaccount" { - type = string - description = "Defines the global account" - default = "yourglobalaccount" -} - -variable "cli_server_url" { - type = string - description = "Defines the CLI server URL" - default = "https://cli.btp.cloud.sap" -} - -# subaccount -variable "subaccount_name" { - type = string - description = "The subaccount name." - default = "UC - Establish a Central Inbox with SAP Task Center" -} -variable "subaccount_id" { - type = string - description = "The subaccount ID." - default = "" -} -# Region -variable "region" { - type = string - description = "The region where the project account shall be created in." - default = "us10" -} -# Cloudfoundry environment label -variable "cf_environment_label" { - type = string - description = "The Cloudfoundry environment label" - default = "cf-us10" -} - -variable "subaccount_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "subaccount_service_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "launchpad_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." - default = ["jane.doe@test.com", "john.doe@test.com"] -} - -variable "custom_idp" { - type = string - description = "Defines the custom IdP" - default = "" -} - -variable "environment_label" { - type = string - description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." - default = "cf-us10" -} - -variable "cf_org_name" { - type = string - description = "Name of the Cloud Foundry org." - default = "mission-3774-sap-task-center" - - validation { - condition = can(regex("^.{1,255}$", var.cf_org_name)) - error_message = "The Cloud Foundry org name must not be emtpy and not exceed 255 characters." - } -} - -variable "service_plan__build_workzone" { - type = string - description = "The plan for build_workzone subscription" - default = "free" - validation { - condition = contains(["free", "standard"], var.service_plan__build_workzone) - error_message = "Invalid value for service_plan__build_workzone. Only 'free' and 'standard' are allowed." - } -} diff --git a/in-development/mission_3774_sap_task_center/step_2/main.tf b/in-development/mission_3774_sap_task_center/step_2/main.tf deleted file mode 100644 index cf357cf3..00000000 --- a/in-development/mission_3774_sap_task_center/step_2/main.tf +++ /dev/null @@ -1,108 +0,0 @@ -############################################################################################### -# Create the Cloud Foundry space -############################################################################################### -resource "cloudfoundry_space" "space" { - name = var.cf_space_name - org = var.cf_org_id # -} - -############################################################################################### -# assign user as space manager -############################################################################################### -resource "cloudfoundry_space_role" "cf_space_manager" { - username = var.cf_space_manager - type = "space_manager" - space = cloudfoundry_space.space.id - origin = "sap.ids" -} - - -############################################################################################### -# assign user as space developer -############################################################################################### -resource "cloudfoundry_space_role" "cf_space_developer" { - username = var.cf_space_developer - type = "space_developer" - space = cloudfoundry_space.space.id -} - -############################################################################################### -# Create service instance for taskcenter (one-inbox-service) -############################################################################################### -data "cloudfoundry_service" "srvc_taskcenter" { - name = "one-inbox-service" - # depends_on = [time_sleep.wait_a_few_seconds] -} - -resource "cloudfoundry_service_instance" "si_taskcenter" { - name = "sap-taskcenter" - type = "managed" - space = cloudfoundry_space.space.id - service_plan = data.cloudfoundry_service.srvc_taskcenter.service_plans["standard"] - depends_on = [cloudfoundry_space_role.cf_space_manager, cloudfoundry_space_role.cf_space_developer] - parameters = jsonencode({ - "authorities" : [], - "defaultCollectionQueryFilter" : "own" - - }) -} - -############################################################################################### -# Create service key -############################################################################################### -resource "random_id" "service_key_stc" { - byte_length = 12 -} -resource "cloudfoundry_service_credential_binding" "sap-taskcenter" { - type = "key" - name = join("_", ["defaultKey", random_id.service_key_stc.hex]) - service_instance = cloudfoundry_service_instance.si_taskcenter.id -} - -############################################################################################### -# Prepare and setup service: destination -############################################################################################### -# Entitle subaccount for usage of service destination -resource "btp_subaccount_entitlement" "destination" { - subaccount_id = var.subaccount_id - service_name = "destination" - plan_name = "lite" -} - -# Get serviceplan_id for stc-service with plan_name "default" -data "btp_subaccount_service_plan" "destination" { - subaccount_id = var.subaccount_id - offering_name = "destination" - name = "lite" - depends_on = [btp_subaccount_entitlement.destination] -} -# Create service instance -resource "btp_subaccount_service_instance" "destination" { - subaccount_id = var.subaccount_id - serviceplan_id = data.btp_subaccount_service_plan.destination.id - name = "destination" - depends_on = [data.btp_subaccount_service_plan.destination] - parameters = jsonencode({ - HTML5Runtime_enabled = true - init_data = { - subaccount = { - existing_destinations_policy = "update" - destinations = [ - { - Description = "[Do not delete] SAP Task Center - Dummy destination" - Type = "HTTP" - # clientId = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["clientid"]}" - # clientSecret = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["clientsecret"]}" - "HTML5.DynamicDestination" = true - Authentication = "OAuth2JWTBearer" - Name = "stc-destination" - # tokenServiceURL = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["url"]}" - ProxyType = "Internet" - # URL = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter.credentials)["url"]}" - tokenServiceURLType = "Dedicated" - } - ] - } - } - }) -} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_2/sample.tfvars b/in-development/mission_3774_sap_task_center/step_2/sample.tfvars deleted file mode 100644 index 08947faa..00000000 --- a/in-development/mission_3774_sap_task_center/step_2/sample.tfvars +++ /dev/null @@ -1,20 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "yourglobalaccount" -region = "datacenter" -subaccount_name = "subaccount_name" -cf_environment_label = "cf_environment_label" -cf_api_url = "cf api url" - -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ - -cfsr_space_manager = "john.doe@test.com" -subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -cfsr_space_developer = "john.doe@test.com" -custom_idp = "caias.accounts.ondemand.com" -launchpad_admins = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_1/README.md b/released/discovery_center/mission_3774/step1/README.md similarity index 100% rename from in-development/mission_3774_sap_task_center/step_1/README.md rename to released/discovery_center/mission_3774/step1/README.md diff --git a/released/discovery_center/mission_3774/step1/main.tf b/released/discovery_center/mission_3774/step1/main.tf new file mode 100644 index 00000000..e4bdb0bf --- /dev/null +++ b/released/discovery_center/mission_3774/step1/main.tf @@ -0,0 +1,145 @@ +# ------------------------------------------------------------------------------------------------------ +# Setup of names in accordance to naming convention +# ------------------------------------------------------------------------------------------------------ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = lower(replace("mission-3774-${local.random_uuid}", "_", "-")) + subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + name = var.subaccount_name + subdomain = local.subaccount_domain + region = lower(var.region) +} + +# ------------------------------------------------------------------------------------------------------ +# Assign custom IDP to sub account (if custom_idp is set) +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_trust_configuration" "fully_customized" { + # Only create trust configuration if custom_idp has been set + count = var.custom_idp == "" ? 0 : 1 + subaccount_id = btp_subaccount.dc_mission.id + identity_provider = var.custom_idp +} + +# ------------------------------------------------------------------------------------------------------ +# Assignment of users as sub account administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount-admins" { + for_each = toset(var.subaccount_admins) + subaccount_id = btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value +} +# ------------------------------------------------------------------------------------------------------ +# Assignment of users as sub account service administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" { + for_each = toset(var.subaccount_service_admins) + subaccount_id = btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Service Administrator" + user_name = each.value +} + + +# ------------------------------------------------------------------------------------------------------ +# CLOUDFOUNDRY PREPARATION +# ------------------------------------------------------------------------------------------------------ +# +# Fetch all available environments for the subaccount +data "btp_subaccount_environments" "all" { + subaccount_id = btp_subaccount.dc_mission.id +} +# ------------------------------------------------------------------------------------------------------ +# Take the landscape label from the first CF environment if no environment label is provided +# (this replaces the previous null_resource) +# ------------------------------------------------------------------------------------------------------ +resource "terraform_data" "replacement" { + input = length(var.cf_environment_label) > 0 ? var.cf_environment_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label +} +# ------------------------------------------------------------------------------------------------------ +# Creation of Cloud Foundry environment +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_environment_instance" "cloudfoundry" { + subaccount_id = btp_subaccount.dc_mission.id + name = local.subaccount_cf_org + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = "standard" + landscape_label = terraform_data.replacement.output + parameters = jsonencode({ + instance_name = local.subaccount_cf_org + }) + depends_on = [btp_subaccount_subscription.build_workzone] +} + +############################################################################################### +# Prepare and setup app: SAP Build Workzone, standard edition +############################################################################################### +# Entitle subaccount for usage of app destination SAP Build Workzone, standard edition +resource "btp_subaccount_entitlement" "build_workzone" { + subaccount_id = btp_subaccount.dc_mission.id + service_name = "SAPLaunchpad" + plan_name = var.qas_service_plan__build_workzone + amount = var.qas_service_plan__build_workzone == "free" ? 1 : null +} +# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement) +resource "btp_subaccount_subscription" "build_workzone" { + subaccount_id = btp_subaccount.dc_mission.id + app_name = "SAPLaunchpad" + plan_name = var.qas_service_plan__build_workzone + depends_on = [btp_subaccount_entitlement.build_workzone] +} +############################################################################################### +# Prepare and setup app: SAP Task Center +############################################################################################### +# Entitle subaccount for usage of app destination SAP Task Center +resource "btp_subaccount_entitlement" "taskcenter" { + subaccount_id = btp_subaccount.dc_mission.id + service_name = "one-inbox-service" + plan_name = "standard" +} +# ------------------------------------------------------------------------------------------------------ +# Assignment of users as launchpad administrators +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "launchpad-admins" { + for_each = toset(var.launchpad_admins) + subaccount_id = btp_subaccount.dc_mission.id + role_collection_name = "Launchpad_Admin" + user_name = each.value + depends_on = [btp_subaccount_subscription.build_workzone] +} + +# ------------------------------------------------------------------------------------------------------ +# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true) +# ------------------------------------------------------------------------------------------------------ +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_step2 ? 1 : 0 + content = <<-EOT + globalaccount = "${var.globalaccount}" + cli_server_url = ${jsonencode(var.cli_server_url)} + + subaccount_id = "${btp_subaccount.dc_mission.id}" + + cf_api_endpoint = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}" + + cf_org_id = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}" + cf_org_name = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]}" + + origin_key = "${var.origin_key}" + + cf_space_name = "${var.cf_space_name}" + + cf_org_admins = ${jsonencode(var.cf_org_admins)} + cf_space_developers = ${jsonencode(var.cf_space_developers)} + cf_space_managers = ${jsonencode(var.cf_space_managers)} + + EOT + filename = "../step2/terraform.tfvars" +} diff --git a/released/discovery_center/mission_3774/step1/outputs.tf b/released/discovery_center/mission_3774/step1/outputs.tf new file mode 100644 index 00000000..28ef29a2 --- /dev/null +++ b/released/discovery_center/mission_3774/step1/outputs.tf @@ -0,0 +1,19 @@ +output "subaccount_id" { + value = btp_subaccount.dc_mission.id + description = "The ID of the subaccount." +} + +output "cf_api_endpoint" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"] + description = "The Cloudfoundry API endpoint." +} + +output "cf_org_id" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"] + description = "The Cloudfoundry org id." +} + +output "cf_org_name" { + value = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"] + description = "The Cloudfoundry org name." +} diff --git a/in-development/mission_3774_sap_task_center/step_1/provider.tf b/released/discovery_center/mission_3774/step1/provider.tf similarity index 79% rename from in-development/mission_3774_sap_task_center/step_1/provider.tf rename to released/discovery_center/mission_3774/step1/provider.tf index 1c7b0ab1..56bc6cfb 100644 --- a/in-development/mission_3774_sap_task_center/step_1/provider.tf +++ b/released/discovery_center/mission_3774/step1/provider.tf @@ -4,7 +4,8 @@ terraform { required_providers { btp = { - source = "sap/btp" + source = "sap/btp" + version = "~> 1.4.0" } } } diff --git a/in-development/mission_3774_sap_task_center/step_1/sample.tfvars b/released/discovery_center/mission_3774/step1/sample.tfvars similarity index 50% rename from in-development/mission_3774_sap_task_center/step_1/sample.tfvars rename to released/discovery_center/mission_3774/step1/sample.tfvars index 990c5897..071476cd 100644 --- a/in-development/mission_3774_sap_task_center/step_1/sample.tfvars +++ b/released/discovery_center/mission_3774/step1/sample.tfvars @@ -2,16 +2,22 @@ # Provider configuration # ------------------------------------------------------------------------------------------------------ # Your global account subdomain -globalaccount = "yourglobalaccount" -region = "datacenter" -subaccount_name = "subaccount_name" -cf_environment_label = "cf_environment_label" +globalaccount = "yourglobalaccount" +region = "datacenter" +subaccount_name = "subaccount_name" + +qas_service_plan__build_workzone = "free" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["jane.doe@test.com", "john.doe@test.com"] -subaccount_service_admins = ["jane.doe@test.com", "john.doe@test.com"] -custom_idp = "your custom idp" -launchpad_admins = ["jane.doe@test.com", "john.doe@test.com"] \ No newline at end of file +subaccount_admins = ["another.user@test.com"] +subaccount_service_admins = ["another.user@test.com"] + +cf_org_admins = ["another.user@test.com"] +cf_space_managers = ["another.user@test.com", "you@test.com"] +cf_space_developers = ["another.user@test.com", "you@test.com"] + +custom_idp = "sap.ids" +launchpad_admins = ["another.user@test.com", "you@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_3774/step1/variables.tf b/released/discovery_center/mission_3774/step1/variables.tf new file mode 100644 index 00000000..41f92a17 --- /dev/null +++ b/released/discovery_center/mission_3774/step1/variables.tf @@ -0,0 +1,160 @@ +###################################################################### +# Customer account setup +###################################################################### +variable "globalaccount" { + type = string + description = "Defines the global account" + default = "yourglobalaccount" +} + +variable "cli_server_url" { + type = string + description = "Defines the CLI server URL" + default = "https://cli.btp.cloud.sap" +} + +# subaccount +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "SAP Discovery Center Mission 3774 - Central Inbox with SAP Task Center" +} +variable "subaccount_id" { + type = string + description = "The subaccount ID." + default = "" +} +# Region +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "us10" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address for the CF space managers." + } +} + +variable "subaccount_service_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_service_admins) + error_message = "Please enter a valid email address for the CF space managers." + } +} + +variable "launchpad_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." + default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.launchpad_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.launchpad_admins) + error_message = "Please enter a valid email address for the CF space managers." + } +} + +variable "custom_idp" { + type = string + description = "Defines the custom IdP" + default = "" +} + +variable "origin_key" { + type = string + description = "Defines the origin key of the identity provider" + default = "sap.ids" + # The value for the origin_key can be defined + # but are normally set to "sap.ids", "sap.default" or "sap.custom" +} + +variable "cf_environment_label" { + type = string + description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available." + default = "" +} + +variable "cf_org_name" { + type = string + description = "Name of the Cloud Foundry org." + default = "mission-3774-sap-task-center" + + validation { + condition = can(regex("^.{1,255}$", var.cf_org_name)) + error_message = "The Cloud Foundry org name must not be emtpy and not exceed 255 characters." + } +} + +variable "cf_org_admins" { + type = list(string) + description = "List of users to set as Cloudfoundry org administrators." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org admins." + } +} + +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" + + validation { + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." + } + +} + +variable "cf_space_managers" { + type = list(string) + description = "Defines the colleagues who are added to a CF space as space manager." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the CF space managers." + } +} + +variable "cf_space_developers" { + type = list(string) + description = "Defines the colleagues who are added to a CF space as space developer." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the CF space developers." + } +} + +variable "qas_service_plan__build_workzone" { + type = string + description = "The plan for build_workzone subscription" + default = "free" + validation { + condition = contains(["free", "standard"], var.qas_service_plan__build_workzone) + error_message = "Invalid value for qas_service_plan__build_workzone. Only 'free' and 'standard' are allowed." + } +} + +variable "create_tfvars_file_for_step2" { + type = bool + description = "Switch to enable the creation of the tfvars file for step 2." + default = false +} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_2/README.md b/released/discovery_center/mission_3774/step2/README.md similarity index 100% rename from in-development/mission_3774_sap_task_center/step_2/README.md rename to released/discovery_center/mission_3774/step2/README.md diff --git a/released/discovery_center/mission_3774/step2/main.tf b/released/discovery_center/mission_3774/step2/main.tf new file mode 100644 index 00000000..08c2fa4b --- /dev/null +++ b/released/discovery_center/mission_3774/step2/main.tf @@ -0,0 +1,131 @@ +# ------------------------------------------------------------------------------------------------------ +# Create the Cloud Foundry space +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_space" "space" { + name = var.cf_space_name + org = var.cf_org_id +} + +# ------------------------------------------------------------------------------------------------------ +# USERS AND ROLES +# ------------------------------------------------------------------------------------------------------ +# +# ------------------------------------------------------------------------------------------------------ +# Assign CF Org roles to the admin users +# ------------------------------------------------------------------------------------------------------ +# Define Org User role +resource "cloudfoundry_org_role" "organization_user" { + for_each = toset("${var.cf_org_admins}") + username = each.value + type = "organization_user" + org = var.cf_org_id + origin = var.origin_key +} +# Define Org Manager role +resource "cloudfoundry_org_role" "organization_manager" { + for_each = toset("${var.cf_org_admins}") + username = each.value + type = "organization_manager" + org = var.cf_org_id + origin = var.origin_key + depends_on = [cloudfoundry_org_role.organization_user] +} + +# ------------------------------------------------------------------------------------------------------ +# Assign CF space roles to the users +# ------------------------------------------------------------------------------------------------------ +# Define Space Manager role +resource "cloudfoundry_space_role" "space_managers" { + for_each = toset(var.cf_space_managers) + username = each.value + type = "space_manager" + space = cloudfoundry_space.space.id + origin = var.origin_key + depends_on = [cloudfoundry_org_role.organization_manager] +} +# Define Space Developer role +resource "cloudfoundry_space_role" "space_developers" { + for_each = toset(var.cf_space_developers) + username = each.value + type = "space_developer" + space = cloudfoundry_space.space.id + origin = var.origin_key + depends_on = [cloudfoundry_org_role.organization_manager] +} + +# ------------------------------------------------------------------------------------------------------ +# Create service instance for taskcenter (one-inbox-service) +# ------------------------------------------------------------------------------------------------------ +data "cloudfoundry_service" "srvc_taskcenter" { + name = "one-inbox-service" +} + +resource "cloudfoundry_service_instance" "si_taskcenter" { + name = "sap-taskcenter" + type = "managed" + space = cloudfoundry_space.space.id + service_plan = data.cloudfoundry_service.srvc_taskcenter.service_plans["standard"] + parameters = jsonencode({ + "authorities" : [], + "defaultCollectionQueryFilter" : "own" + }) + depends_on = [cloudfoundry_space_role.space_managers, cloudfoundry_space_role.space_developers] +} + +# ------------------------------------------------------------------------------------------------------ +# Create service key +# ------------------------------------------------------------------------------------------------------ +resource "random_uuid" "service_key_stc" {} + +resource "cloudfoundry_service_credential_binding" "sap-taskcenter" { + type = "key" + name = join("_", ["defaultKey", random_uuid.service_key_stc.result]) + service_instance = cloudfoundry_service_instance.si_taskcenter.id +} + +# ------------------------------------------------------------------------------------------------------ +# Prepare and setup service: destination +# ------------------------------------------------------------------------------------------------------ +# Entitle subaccount for usage of service destination +resource "btp_subaccount_entitlement" "destination" { + subaccount_id = var.subaccount_id + service_name = "destination" + plan_name = "lite" +} +# Get serviceplan_id for stc-service with plan_name "default" +data "btp_subaccount_service_plan" "destination" { + subaccount_id = var.subaccount_id + offering_name = "destination" + name = "lite" + depends_on = [btp_subaccount_entitlement.destination] +} +# Create service instance +resource "btp_subaccount_service_instance" "destination" { + subaccount_id = var.subaccount_id + serviceplan_id = data.btp_subaccount_service_plan.destination.id + name = "destination" + depends_on = [data.btp_subaccount_service_plan.destination] + parameters = jsonencode({ + HTML5Runtime_enabled = true + init_data = { + subaccount = { + existing_destinations_policy = "update" + destinations = [ + { + Description = "[Do not delete] SAP Task Center - Dummy destination" + Type = "HTTP" + # clientId = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["clientid"]}" + # clientSecret = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["clientsecret"]}" + "HTML5.DynamicDestination" = true + Authentication = "OAuth2JWTBearer" + Name = "stc-destination" + # tokenServiceURL = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter)["uaa"]["url"]}" + ProxyType = "Internet" + # URL = "${jsondecode(cloudfoundry_service_credential_binding.sap-taskcenter.credentials)["url"]}" + tokenServiceURLType = "Dedicated" + } + ] + } + } + }) +} \ No newline at end of file diff --git a/in-development/mission_3774_sap_task_center/step_2/provider.tf b/released/discovery_center/mission_3774/step2/provider.tf similarity index 91% rename from in-development/mission_3774_sap_task_center/step_2/provider.tf rename to released/discovery_center/mission_3774/step2/provider.tf index d97e6e97..d43ba5fa 100644 --- a/in-development/mission_3774_sap_task_center/step_2/provider.tf +++ b/released/discovery_center/mission_3774/step2/provider.tf @@ -17,5 +17,5 @@ provider "btp" { cli_server_url = var.cli_server_url } provider "cloudfoundry" { - api_url = var.cf_api_url + api_url = var.cf_api_endpoint } diff --git a/released/discovery_center/mission_3774/step2/sample.tfvars b/released/discovery_center/mission_3774/step2/sample.tfvars new file mode 100644 index 00000000..cdbd2494 --- /dev/null +++ b/released/discovery_center/mission_3774/step2/sample.tfvars @@ -0,0 +1,16 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration (this file will be either created automatically in step 1 or manually in step 2) +# ------------------------------------------------------------------------------------------------------ +globalaccount = "yourglobalaccount" +cli_server_url = "https://cli.btp.cloud.sap" +subaccount_id = "yoursubacountid" +origin_key = "sap.ids" + +cf_api_endpoint = "https://api.cf.us10.hana.ondemand.com" +cf_org_id = "your_cf_org_id" +cf_org_name = "your_cf_org_name" +cf_space_name = "dev" + +cf_org_admins = ["another.user@test.com"] +cf_space_developers = ["another.user@test.com", "you@test.com"] +cf_space_managers = ["another.user@test.com", "you@test.com"] diff --git a/in-development/mission_3774_sap_task_center/step_2/variables.tf b/released/discovery_center/mission_3774/step2/variables.tf similarity index 50% rename from in-development/mission_3774_sap_task_center/step_2/variables.tf rename to released/discovery_center/mission_3774/step2/variables.tf index 3a04cb92..57d6c3e0 100644 --- a/in-development/mission_3774_sap_task_center/step_2/variables.tf +++ b/released/discovery_center/mission_3774/step2/variables.tf @@ -13,12 +13,21 @@ variable "cli_server_url" { default = "https://cli.btp.cloud.sap" } -variable "cf_api_url" { +variable "cf_api_endpoint" { type = string - description = "Defines the CLI server URL" - default = "https://api.cf.us10.hana.ondemand.com/" + description = "The Cloud Foundry API endpoint from the Cloud Foundry environment instance." } +variable "cf_space_name" { + type = string + description = "Name of the Cloud Foundry space." + default = "dev" + + validation { + condition = can(regex("^.{1,255}$", var.cf_space_name)) + error_message = "The Cloud Foundry space name must not be emtpy and not exceed 255 characters." + } +} # subaccount variable "subaccount_name" { @@ -48,24 +57,44 @@ variable "subaccount_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as subaccount administrators." default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address." + } } variable "subaccount_service_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_service_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_service_admins) + error_message = "Please enter a valid email address." + } } variable "launchpad_admins" { type = list(string) description = "Defines the colleagues who are added to each subaccount as subaccount service administrators." default = ["jane.doe@test.com", "john.doe@test.com"] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.launchpad_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.launchpad_admins) + error_message = "Please enter a valid email address." + } } -variable "custom_idp" { +variable "origin_key" { type = string - description = "Defines the custom IdP" - default = "" + description = "Defines the origin key of the identity provider" + default = "sap.ids" + # The value for the origin_key can be defined + # but are normally set to "sap.ids", "sap.default" or "sap.custom" } variable "environment_label" { @@ -90,22 +119,37 @@ variable "cf_org_name" { } } -variable "cf_space_name" { - type = string - description = "Name of the Cloud Foundry space." - default = "dev" +variable "cf_org_admins" { + type = list(string) + description = "List of users to set as Cloudfoundry org administrators." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org admins." + } } -variable "cf_space_manager" { - type = string - description = "Defines the user who are added as space manager." - default = "john.doe@test.com" +variable "cf_space_managers" { + type = list(string) + description = "Defines the colleagues who are added to a CF space as space manager." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the CF space managers." + } } -variable "cf_space_developer" { - type = string - description = "Defines the user who are added as space developer." - default = "john.doe@test.com" +variable "cf_space_developers" { + type = list(string) + description = "Defines the colleagues who are added to a CF space as space developer." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the CF space developers." + } } variable "service_plan__build_workzone" {