SAP-samples · lechnerc77 · Jun 28, 2024 · Jun 27, 2024 · Jun 27, 2024 · Jun 27, 2024
diff --git a/in-development/mission_3774_sap_task_center/step_1/main.tf b/in-development/mission_3774_sap_task_center/step_1/main.tf
@@ -11,7 +11,7 @@ locals {
 ###############################################################################################
 # Creation of subaccount
 ###############################################################################################
-resource "btp_subaccount" "project" {
+resource "btp_subaccount" "dc_mission" {
   name      = var.subaccount_name
   subdomain = local.project_subaccount_domain
   region    = lower(var.region)
@@ -21,7 +21,7 @@ resource "btp_subaccount" "project" {
 # ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
   for_each             = toset("${var.subaccount_admins}")
-  subaccount_id        = btp_subaccount.project.id
+  subaccount_id        = btp_subaccount.dc_mission.id
   role_collection_name = "Subaccount Administrator"
   user_name            = each.value
 }
@@ -30,20 +30,36 @@ resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
 # ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" {
   for_each             = toset("${var.subaccount_service_admins}")
-  subaccount_id        = btp_subaccount.project.id
+  subaccount_id        = btp_subaccount.dc_mission.id
   role_collection_name = "Subaccount Service Administrator"
   user_name            = each.value
 }
-######################################################################
+
+# ------------------------------------------------------------------------------------------------------
+# CLOUDFOUNDRY PREPARATION
+# ------------------------------------------------------------------------------------------------------
+#
+# Fetch all available environments for the subaccount
+data "btp_subaccount_environments" "all" {
+  subaccount_id = btp_subaccount.dc_mission.id
+}
+# ------------------------------------------------------------------------------------------------------
+# Take the landscape label from the first CF environment if no environment label is provided
+# (this replaces the previous null_resource)
+# ------------------------------------------------------------------------------------------------------
+resource "terraform_data" "replacement" {
+  input = length(var.cf_environment_label) > 0 ? var.cf_environment_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
+}
+# ------------------------------------------------------------------------------------------------------
 # Creation of Cloud Foundry environment
-######################################################################
+# ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_environment_instance" "cloudfoundry" {
-  subaccount_id    = btp_subaccount.project.id
+  subaccount_id    = btp_subaccount.dc_mission.id
   name             = local.project_subaccount_cf_org
   environment_type = "cloudfoundry"
   service_name     = "cloudfoundry"
   plan_name        = "standard"
-  landscape_label  = var.cf_environment_label
+  landscape_label  = terraform_data.replacement.output
   parameters = jsonencode({
     instance_name = local.project_subaccount_cf_org
   })
@@ -53,14 +69,14 @@ resource "btp_subaccount_environment_instance" "cloudfoundry" {
 ###############################################################################################
 # Entitle subaccount for usage of app  destination SAP Build Workzone, standard edition
 resource "btp_subaccount_entitlement" "build_workzone" {
-  subaccount_id = btp_subaccount.project.id
+  subaccount_id = btp_subaccount.dc_mission.id
   service_name  = local.service_name__build_workzone
   plan_name     = var.service_plan__build_workzone
   amount        = var.service_plan__build_workzone == "free" ? 1 : null
 }
 # Create app subscription to SAP Build Workzone, standard edition (depends on entitlement)
 resource "btp_subaccount_subscription" "build_workzone" {
-  subaccount_id = btp_subaccount.project.id
+  subaccount_id = btp_subaccount.dc_mission.id
   app_name      = local.service_name__build_workzone
   plan_name     = var.service_plan__build_workzone
   depends_on    = [btp_subaccount_entitlement.build_workzone]
@@ -70,7 +86,7 @@ resource "btp_subaccount_subscription" "build_workzone" {
 ###############################################################################################
 # Entitle subaccount for usage of app  destination SAP Task Center
 resource "btp_subaccount_entitlement" "taskcenter" {
-  subaccount_id = btp_subaccount.project.id
+  subaccount_id = btp_subaccount.dc_mission.id
   service_name  = local.service_name__sap_task_center
   plan_name     = "standard"
 }
@@ -79,7 +95,7 @@ resource "btp_subaccount_entitlement" "taskcenter" {
 # ------------------------------------------------------------------------------------------------------
 resource "btp_subaccount_role_collection_assignment" "launchpad-admins" {
   for_each             = toset("${var.launchpad_admins}")
-  subaccount_id        = btp_subaccount.project.id
+  subaccount_id        = btp_subaccount.dc_mission.id
   role_collection_name = "Launchpad_Admin"
   user_name            = each.value
   depends_on           = [btp_subaccount_subscription.build_workzone]

diff --git a/in-development/mission_3774_sap_task_center/step_1/outputs.tf b/in-development/mission_3774_sap_task_center/step_1/outputs.tf
@@ -1,6 +1,6 @@
 output "subaccount_id" {
-  value       = btp_subaccount.project.id
-  description = "The ID of the project subaccount."
+  value       = btp_subaccount.dc_mission.id
+  description = "The ID of the subaccount."
 }
 
 output "cf_org_name" {

diff --git a/in-development/mission_3774_sap_task_center/step_1/sample.tfvars b/in-development/mission_3774_sap_task_center/step_1/sample.tfvars
@@ -2,10 +2,9 @@
 # Provider configuration
 # ------------------------------------------------------------------------------------------------------
 # Your global account subdomain
-globalaccount        = "yourglobalaccount"
-region               = "datacenter"
-subaccount_name      = "subaccount_name"
-cf_environment_label = "cf_environment_label"
+globalaccount   = "yourglobalaccount"
+region          = "datacenter"
+subaccount_name = "subaccount_name"
 
 # ------------------------------------------------------------------------------------------------------
 # Project specific configuration (please adapt!)

diff --git a/in-development/mission_3774_sap_task_center/step_1/variables.tf b/in-development/mission_3774_sap_task_center/step_1/variables.tf
@@ -30,12 +30,6 @@ variable "region" {
   description = "The region where the project account shall be created in."
   default     = "us10"
 }
-# Cloudfoundry environment label
-variable "cf_environment_label" {
-  type        = string
-  description = "The Cloudfoundry environment label"
-  default     = "cf-us10"
-}
 
 variable "subaccount_admins" {
   type        = list(string)
@@ -61,10 +55,9 @@ variable "custom_idp" {
   default     = ""
 }
 
-variable "environment_label" {
+variable "cf_environment_label" {
   type        = string
   description = "In case there are multiple environments available for a subaccount, you can use this label to choose with which one you want to go. If nothing is given, we take by default the first available."
-  default     = "cf-us10"
 }
 
 variable "cf_org_name" {

diff --git a/released/discovery_center/mission_3774/step1/README.md b/released/discovery_center/mission_3774/step1/README.md
@@ -0,0 +1,48 @@
+# Sample Setup of an SAP Task Center on SAP BTP - Step 1
+
+## Overview
+
+This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. 
+
+This directory contains the configuration the first step of the setup namely:
+
+- a new subaccount
+- the entitlements for SAP Task Center
+- the subscription for SAP Build Workzone, standard edition
+- the Cloud Foundry environment
+- The trust setup to the custom IdP
+- Assignment of users to the role collections
+
+## Deploying the resources
+
+To deploy the resources of step 1 execute the following commands:
+
+1. Initialize your workspace:
+
+   ```bash
+   terraform init
+   ```
+
+1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain
+
+1. You can check what Terraform plans to apply based on your configuration:
+
+   ```bash
+   terraform plan -var-file="<name of your tfvars file>.tfvars" 
+   ```
+
+1. Apply your configuration to provision the resources:
+
+   ```bash
+   terraform apply -var-file="<name of your tfvars file>.tfvars"
+   ```
+
+> **Note** - Some variables of the output of the first step are needed as input for the second step.
+
+## When finished
+
+You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command:
+
+```bash
+terraform destroy -var-file="<name of your tfvars file>.tfvars"
+```
diff --git a/released/discovery_center/mission_3774/step1/main.tf b/released/discovery_center/mission_3774/step1/main.tf
@@ -0,0 +1,145 @@
+# ------------------------------------------------------------------------------------------------------
+# Setup of names in accordance to naming convention
+# ------------------------------------------------------------------------------------------------------
+resource "random_uuid" "uuid" {}
+
+locals {
+  random_uuid       = random_uuid.uuid.result
+  subaccount_domain = lower(replace("mission-3774-${local.random_uuid}", "_", "-"))
+  subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32)
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Creation of subaccount
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount" "dc_mission" {
+  name      = var.subaccount_name
+  subdomain = local.subaccount_domain
+  region    = lower(var.region)
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assign custom IDP to sub account (if custom_idp is set)
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_trust_configuration" "fully_customized" {
+  # Only create trust configuration if custom_idp has been set 
+  count             = var.custom_idp == "" ? 0 : 1
+  subaccount_id     = btp_subaccount.dc_mission.id
+  identity_provider = var.custom_idp
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Assignment of users as sub account administrators
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount-admins" {
+  for_each             = toset(var.subaccount_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Administrator"
+  user_name            = each.value
+}
+# ------------------------------------------------------------------------------------------------------
+# Assignment of users as sub account service administrators
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "subaccount-service-admins" {
+  for_each             = toset(var.subaccount_service_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Subaccount Service Administrator"
+  user_name            = each.value
+}
+
+
+# ------------------------------------------------------------------------------------------------------
+# CLOUDFOUNDRY PREPARATION
+# ------------------------------------------------------------------------------------------------------
+#
+# Fetch all available environments for the subaccount
+data "btp_subaccount_environments" "all" {
+  subaccount_id = btp_subaccount.dc_mission.id
+}
+# ------------------------------------------------------------------------------------------------------
+# Take the landscape label from the first CF environment if no environment label is provided
+# (this replaces the previous null_resource)
+# ------------------------------------------------------------------------------------------------------
+resource "terraform_data" "replacement" {
+  input = length(var.cf_environment_label) > 0 ? var.cf_environment_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label
+}
+# ------------------------------------------------------------------------------------------------------
+# Creation of Cloud Foundry environment
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_environment_instance" "cloudfoundry" {
+  subaccount_id    = btp_subaccount.dc_mission.id
+  name             = local.subaccount_cf_org
+  environment_type = "cloudfoundry"
+  service_name     = "cloudfoundry"
+  plan_name        = "standard"
+  landscape_label  = terraform_data.replacement.output
+  parameters = jsonencode({
+    instance_name = local.subaccount_cf_org
+  })
+  depends_on = [btp_subaccount_subscription.build_workzone]
+}
+
+###############################################################################################
+# Prepare and setup app: SAP Build Workzone, standard edition
+###############################################################################################
+# Entitle subaccount for usage of app  destination SAP Build Workzone, standard edition
+resource "btp_subaccount_entitlement" "build_workzone" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "SAPLaunchpad"
+  plan_name     = var.qas_service_plan__build_workzone
+  amount        = var.qas_service_plan__build_workzone == "free" ? 1 : null
+}
+# Create app subscription to SAP Build Workzone, standard edition (depends on entitlement)
+resource "btp_subaccount_subscription" "build_workzone" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  app_name      = "SAPLaunchpad"
+  plan_name     = var.qas_service_plan__build_workzone
+  depends_on    = [btp_subaccount_entitlement.build_workzone]
+}
+###############################################################################################
+# Prepare and setup app: SAP Task Center
+###############################################################################################
+# Entitle subaccount for usage of app  destination SAP Task Center
+resource "btp_subaccount_entitlement" "taskcenter" {
+  subaccount_id = btp_subaccount.dc_mission.id
+  service_name  = "one-inbox-service"
+  plan_name     = "standard"
+}
+# ------------------------------------------------------------------------------------------------------
+# Assignment of users as launchpad administrators
+# ------------------------------------------------------------------------------------------------------
+resource "btp_subaccount_role_collection_assignment" "launchpad-admins" {
+  for_each             = toset(var.launchpad_admins)
+  subaccount_id        = btp_subaccount.dc_mission.id
+  role_collection_name = "Launchpad_Admin"
+  user_name            = each.value
+  depends_on           = [btp_subaccount_subscription.build_workzone]
+}
+
+# ------------------------------------------------------------------------------------------------------
+# Create tfvars file for step 2 (if variable `create_tfvars_file_for_step2` is set to true)
+# ------------------------------------------------------------------------------------------------------
+resource "local_file" "output_vars_step1" {
+  count    = var.create_tfvars_file_for_step2 ? 1 : 0
+  content  = <<-EOT
+      globalaccount        = "${var.globalaccount}"
+      cli_server_url       = ${jsonencode(var.cli_server_url)}
+
+      subaccount_id        = "${btp_subaccount.dc_mission.id}"
+
+      cf_api_endpoint      = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]}"
+
+      cf_org_id            = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]}"
+      cf_org_name          = "${jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]}"
+
+      origin_key           = "${var.origin_key}"
+
+      cf_space_name        = "${var.cf_space_name}"
+
+      cf_org_admins        = ${jsonencode(var.cf_org_admins)}
+      cf_space_developers  = ${jsonencode(var.cf_space_developers)}
+      cf_space_managers    = ${jsonencode(var.cf_space_managers)}
+
+      EOT
+  filename = "../step2/terraform.tfvars"
+}
diff --git a/released/discovery_center/mission_3774/step1/outputs.tf b/released/discovery_center/mission_3774/step1/outputs.tf
@@ -0,0 +1,19 @@
+output "subaccount_id" {
+  value       = btp_subaccount.dc_mission.id
+  description = "The ID of the subaccount."
+}
+
+output "cf_api_endpoint" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["API Endpoint"]
+  description = "The Cloudfoundry API endpoint."
+}
+
+output "cf_org_id" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org ID"]
+  description = "The Cloudfoundry org id."
+}
+
+output "cf_org_name" {
+  value       = jsondecode(btp_subaccount_environment_instance.cloudfoundry.labels)["Org Name"]
+  description = "The Cloudfoundry org name."
+}
diff --git a/released/discovery_center/mission_3774/step1/provider.tf b/released/discovery_center/mission_3774/step1/provider.tf
@@ -0,0 +1,15 @@
+###
+# Define the required providers for this module
+###
+terraform {
+  required_providers {
+    btp = {
+      source  = "sap/btp"
+      version = "~> 1.4.0"
+    }
+  }
+}
+provider "btp" {
+  globalaccount  = var.globalaccount
+  cli_server_url = var.cli_server_url
+}
diff --git a/released/discovery_center/mission_3774/step1/sample.tfvars b/released/discovery_center/mission_3774/step1/sample.tfvars
@@ -0,0 +1,23 @@
+# ------------------------------------------------------------------------------------------------------
+# Provider configuration
+# ------------------------------------------------------------------------------------------------------
+# Your global account subdomain
+globalaccount   = "yourglobalaccount"
+region          = "datacenter"
+subaccount_name = "subaccount_name"
+
+qas_service_plan__build_workzone = "free"
+
+# ------------------------------------------------------------------------------------------------------
+# Project specific configuration (please adapt!)
+# ------------------------------------------------------------------------------------------------------
+
+subaccount_admins         = ["another.user@test.com"]
+subaccount_service_admins = ["another.user@test.com"]
+
+cf_org_admins       = ["another.user@test.com"]
+cf_space_managers   = ["another.user@test.com", "you@test.com"]
+cf_space_developers = ["another.user@test.com", "you@test.com"]
+
+custom_idp       = "sap.ids"
+launchpad_admins = ["another.user@test.com", "you@test.com"]