From bab8874e0a94c91bc3d8f66b6e01c1f6a538776b Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Thu, 27 Jun 2024 07:15:57 +0000 Subject: [PATCH 01/22] initial commit --- released/discovery_center/mission_3488/step1/deleteme.txt | 0 released/discovery_center/mission_3488/step2/deleteme.txt | 0 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 released/discovery_center/mission_3488/step1/deleteme.txt create mode 100644 released/discovery_center/mission_3488/step2/deleteme.txt diff --git a/released/discovery_center/mission_3488/step1/deleteme.txt b/released/discovery_center/mission_3488/step1/deleteme.txt new file mode 100644 index 00000000..e69de29b diff --git a/released/discovery_center/mission_3488/step2/deleteme.txt b/released/discovery_center/mission_3488/step2/deleteme.txt new file mode 100644 index 00000000..e69de29b From e57ec9fac87ad9dfaf8718aba5cff4f9d0404757 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 28 Jun 2024 08:52:43 +0000 Subject: [PATCH 02/22] add initial set of code --- .../discovery_center/mission_3488/main.tf | 83 +++++++++++++++++++ .../discovery_center/mission_3488/provider.tf | 13 +++ .../mission_3488/sample.tfvars | 21 +++++ .../mission_3488/step1/deleteme.txt | 0 .../mission_3488/step2/deleteme.txt | 0 .../mission_3488/variables.tf | 58 +++++++++++++ 6 files changed, 175 insertions(+) create mode 100644 released/discovery_center/mission_3488/main.tf create mode 100644 released/discovery_center/mission_3488/provider.tf create mode 100644 released/discovery_center/mission_3488/sample.tfvars delete mode 100644 released/discovery_center/mission_3488/step1/deleteme.txt delete mode 100644 released/discovery_center/mission_3488/step2/deleteme.txt create mode 100644 released/discovery_center/mission_3488/variables.tf diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf new file mode 100644 index 00000000..c0f65a6e --- /dev/null +++ b/released/discovery_center/mission_3488/main.tf @@ -0,0 +1,83 @@ +# ------------------------------------------------------------------------------------------------------ +# Subaccount setup for DC mission 3488 +# ------------------------------------------------------------------------------------------------------ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = lower(replace("mission-3488-${local.random_uuid}", "_", "-")) +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + name = var.subaccount_name + subdomain = local.subaccount_domain + region = lower(var.region) +} + +# ------------------------------------------------------------------------------------------------------ +# Assign custom IDP to sub account (if custom_idp is set) +# ------------------------------------------------------------------------------------------------------ +# resource "btp_subaccount_trust_configuration" "fully_customized" { +# # Only create trust configuration if custom_idp has been set +# count = var.custom_idp == null ? 1 : 0 +# subaccount_id = btp_subaccount.dc_mission.id +# identity_provider = var.custom_idp +# } + +# ------------------------------------------------------------------------------------------------------ +# SERVICES +# ------------------------------------------------------------------------------------------------------ +# ------------------------------------------------------------------------------------------------------ +# Setup sap-analytics-cloud-osb (not running in CF environment) +# ------------------------------------------------------------------------------------------------------ +# Entitle +resource "btp_subaccount_entitlement" "sac" { + subaccount_id = btp_subaccount.dc_mission.id + service_name = "sap-analytics-cloud-osb" + plan_name = "production" +} +# Get serviceplan_id for sap-analytics-cloud-osb with plan_name "default" +data "btp_subaccount_service_plan" "sac" { + subaccount_id = btp_subaccount.dc_mission.id + offering_name = "analytics-cloud-osb" + name = "default" + depends_on = [btp_subaccount_entitlement.sac] +} + +# Create service instance +resource "btp_subaccount_service_instance" "sac" { + subaccount_id = btp_subaccount.dc_mission.id + serviceplan_id = data.btp_subaccount_service_plan.sac.id + name = "default_sac" + parameters = jsonencode( + { + "first_name" : "${var.qas_sac_first_name}", + "last_name" : "${var.qas_sac_last_name}", + "email" : "${var.qas_sac_email}", + "host_name" : "${var.qas_sac_host_name}", + } + ) + timeouts = { + create = "90m" + update = "90m" + delete = "90m" + } +} + +# ------------------------------------------------------------------------------------------------------ +# USERS AND ROLES +# ------------------------------------------------------------------------------------------------------ +# +# ------------------------------------------------------------------------------------------------------ +# Assign role collection "Subaccount Administrator" +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { + for_each = toset("${var.subaccount_admins}") + subaccount_id = btp_subaccount.dc_mission.id + role_collection_name = "Subaccount Administrator" + user_name = each.value + depends_on = [btp_subaccount.dc_mission] +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/provider.tf b/released/discovery_center/mission_3488/provider.tf new file mode 100644 index 00000000..c7a536dd --- /dev/null +++ b/released/discovery_center/mission_3488/provider.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + btp = { + source = "SAP/btp" + version = "~> 1.4.0" + } + } +} + +provider "btp" { + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/sample.tfvars b/released/discovery_center/mission_3488/sample.tfvars new file mode 100644 index 00000000..f0833e90 --- /dev/null +++ b/released/discovery_center/mission_3488/sample.tfvars @@ -0,0 +1,21 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx" + +# The CLI server URL (needs to be set to null if you are using the default CLI server) +cli_server_url = null + +# Region for your subaccount +region = "eu10" + +# Name of your sub account +subaccount_name = "SAP Discovery Center Mission 3488" + +custom_idp = null + +# ------------------------------------------------------------------------------------------------------ +# USER ROLES +# ------------------------------------------------------------------------------------------------------ +subaccount_admins = ["another.user@test.com"] \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/deleteme.txt b/released/discovery_center/mission_3488/step1/deleteme.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/released/discovery_center/mission_3488/step2/deleteme.txt b/released/discovery_center/mission_3488/step2/deleteme.txt deleted file mode 100644 index e69de29b..00000000 diff --git a/released/discovery_center/mission_3488/variables.tf b/released/discovery_center/mission_3488/variables.tf new file mode 100644 index 00000000..f0726bef --- /dev/null +++ b/released/discovery_center/mission_3488/variables.tf @@ -0,0 +1,58 @@ +variable "globalaccount" { + type = string + description = "The globalaccount subdomain where the sub account shall be created." +} + +variable "subaccount_name" { + type = string + description = "The subaccount name." + default = "My SAP Discovery Center mission subaccount." +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "region" { + type = string + description = "The region where the subaccount shall be created in." + default = "eu10" +} + +variable "subaccount_admins" { + type = list(string) + description = "Defines the colleagues who are added to each subaccount as emergency administrators." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "custom_idp" { + type = string + description = "The custom identity provider for the subaccount." +} + +variable "qas_sac_first_name" { + type = string + description = "The first name of the QAS SAP Analytics Cloud user." +} + +variable "qas_sac_last_name" { + type = string + description = "The last name of the QAS SAP Analytics Cloud user." +} + +variable "qas_sac_email" { + type = string + description = "The email of the QAS SAP Analytics Cloud user." +} + +variable "qas_sac_host_name" { + type = string + description = "The host name for the SAP Analytics Cloud service instance." +} \ No newline at end of file From 4b8c95d6919fe75a7e76db86ee13781b2ba6a997 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 28 Jun 2024 09:25:08 +0000 Subject: [PATCH 03/22] update service --- released/discovery_center/mission_3488/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index c0f65a6e..a6d3a8b1 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -36,13 +36,13 @@ resource "btp_subaccount" "dc_mission" { # Entitle resource "btp_subaccount_entitlement" "sac" { subaccount_id = btp_subaccount.dc_mission.id - service_name = "sap-analytics-cloud-osb" - plan_name = "production" + service_name = "sap-analytics-cloud" + plan_name = "default" } -# Get serviceplan_id for sap-analytics-cloud-osb with plan_name "default" +# Get serviceplan_id for sap-analytics-cloud with plan_name "default" data "btp_subaccount_service_plan" "sac" { subaccount_id = btp_subaccount.dc_mission.id - offering_name = "analytics-cloud-osb" + offering_name = "sap-analytics-cloud" name = "default" depends_on = [btp_subaccount_entitlement.sac] } From 16275b21c8e76be26865b569bfd672b4194696d7 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 28 Jun 2024 09:33:39 +0000 Subject: [PATCH 04/22] updates --- .../discovery_center/mission_3488/main.tf | 22 +++++-------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index a6d3a8b1..8d5a9ebb 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -31,7 +31,7 @@ resource "btp_subaccount" "dc_mission" { # SERVICES # ------------------------------------------------------------------------------------------------------ # ------------------------------------------------------------------------------------------------------ -# Setup sap-analytics-cloud-osb (not running in CF environment) +# Setup sap-analytics-cloud # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "sac" { @@ -39,19 +39,13 @@ resource "btp_subaccount_entitlement" "sac" { service_name = "sap-analytics-cloud" plan_name = "default" } -# Get serviceplan_id for sap-analytics-cloud with plan_name "default" -data "btp_subaccount_service_plan" "sac" { + +resource "btp_subaccount_subscription" "sac" { subaccount_id = btp_subaccount.dc_mission.id - offering_name = "sap-analytics-cloud" - name = "default" + app_name = "sap-analytics-cloud" + plan_name = "default" depends_on = [btp_subaccount_entitlement.sac] -} -# Create service instance -resource "btp_subaccount_service_instance" "sac" { - subaccount_id = btp_subaccount.dc_mission.id - serviceplan_id = data.btp_subaccount_service_plan.sac.id - name = "default_sac" parameters = jsonencode( { "first_name" : "${var.qas_sac_first_name}", @@ -60,13 +54,9 @@ resource "btp_subaccount_service_instance" "sac" { "host_name" : "${var.qas_sac_host_name}", } ) - timeouts = { - create = "90m" - update = "90m" - delete = "90m" - } } + # ------------------------------------------------------------------------------------------------------ # USERS AND ROLES # ------------------------------------------------------------------------------------------------------ From 448e0eb16e3273b782c28c71af57c14690779439 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 28 Jun 2024 12:31:01 +0000 Subject: [PATCH 05/22] fixing custom_idp issue --- .../discovery_center/mission_3488/main.tf | 28 +++++++++---------- .../mission_3488/variables.tf | 1 + 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index 8d5a9ebb..4fc26a88 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -20,12 +20,12 @@ resource "btp_subaccount" "dc_mission" { # ------------------------------------------------------------------------------------------------------ # Assign custom IDP to sub account (if custom_idp is set) # ------------------------------------------------------------------------------------------------------ -# resource "btp_subaccount_trust_configuration" "fully_customized" { -# # Only create trust configuration if custom_idp has been set -# count = var.custom_idp == null ? 1 : 0 -# subaccount_id = btp_subaccount.dc_mission.id -# identity_provider = var.custom_idp -# } +resource "btp_subaccount_trust_configuration" "fully_customized" { + # Only create trust configuration if custom_idp has been set + count = var.custom_idp == "" ? 0 : 1 + subaccount_id = btp_subaccount.dc_mission.id + identity_provider = var.custom_idp +} # ------------------------------------------------------------------------------------------------------ # SERVICES @@ -46,14 +46,14 @@ resource "btp_subaccount_subscription" "sac" { plan_name = "default" depends_on = [btp_subaccount_entitlement.sac] - parameters = jsonencode( - { - "first_name" : "${var.qas_sac_first_name}", - "last_name" : "${var.qas_sac_last_name}", - "email" : "${var.qas_sac_email}", - "host_name" : "${var.qas_sac_host_name}", - } - ) + # parameters = jsonencode( + # { + # "first_name" : "${var.qas_sac_first_name}", + # "last_name" : "${var.qas_sac_last_name}", + # "email" : "${var.qas_sac_email}", + # "host_name" : "${var.qas_sac_host_name}", + # } + # ) } diff --git a/released/discovery_center/mission_3488/variables.tf b/released/discovery_center/mission_3488/variables.tf index f0726bef..29ece6bc 100644 --- a/released/discovery_center/mission_3488/variables.tf +++ b/released/discovery_center/mission_3488/variables.tf @@ -35,6 +35,7 @@ variable "subaccount_admins" { variable "custom_idp" { type = string description = "The custom identity provider for the subaccount." + default = "" } variable "qas_sac_first_name" { From 26c5b7a31aa9f3b70fd0cc93b708ed3b5c8803e2 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 28 Jun 2024 12:31:46 +0000 Subject: [PATCH 06/22] re-add parameters --- released/discovery_center/mission_3488/main.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index 4fc26a88..9437884b 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -46,14 +46,14 @@ resource "btp_subaccount_subscription" "sac" { plan_name = "default" depends_on = [btp_subaccount_entitlement.sac] - # parameters = jsonencode( - # { - # "first_name" : "${var.qas_sac_first_name}", - # "last_name" : "${var.qas_sac_last_name}", - # "email" : "${var.qas_sac_email}", - # "host_name" : "${var.qas_sac_host_name}", - # } - # ) + parameters = jsonencode( + { + "first_name" : "${var.qas_sac_first_name}", + "last_name" : "${var.qas_sac_last_name}", + "email" : "${var.qas_sac_email}", + "host_name" : "${var.qas_sac_host_name}", + } + ) } From 3af6932258d5475c082c14be9d5a988e0effdfa7 Mon Sep 17 00:00:00 2001 From: gdsap Date: Sat, 29 Jun 2024 02:15:02 +0530 Subject: [PATCH 07/22] Update main.tf (#226) with updated service name and plan --- released/discovery_center/mission_3488/main.tf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index 9437884b..e21b05a4 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -36,14 +36,14 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { # Entitle resource "btp_subaccount_entitlement" "sac" { subaccount_id = btp_subaccount.dc_mission.id - service_name = "sap-analytics-cloud" - plan_name = "default" + service_name = "analytics-planning-osb" + plan_name = "free" } resource "btp_subaccount_subscription" "sac" { subaccount_id = btp_subaccount.dc_mission.id - app_name = "sap-analytics-cloud" - plan_name = "default" + app_name = "analytics-planning-osb" + plan_name = "free" depends_on = [btp_subaccount_entitlement.sac] parameters = jsonencode( @@ -70,4 +70,4 @@ resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { role_collection_name = "Subaccount Administrator" user_name = each.value depends_on = [btp_subaccount.dc_mission] -} \ No newline at end of file +} From f38826b8de72d20e14e0eedcd46a65986b182d9c Mon Sep 17 00:00:00 2001 From: gdsap Date: Sat, 29 Jun 2024 02:15:26 +0530 Subject: [PATCH 08/22] Update sample.tfvars (#227) updating the region --- released/discovery_center/mission_3488/sample.tfvars | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/released/discovery_center/mission_3488/sample.tfvars b/released/discovery_center/mission_3488/sample.tfvars index f0833e90..b0195a6a 100644 --- a/released/discovery_center/mission_3488/sample.tfvars +++ b/released/discovery_center/mission_3488/sample.tfvars @@ -8,7 +8,7 @@ globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx" cli_server_url = null # Region for your subaccount -region = "eu10" +region = "eu11" # Name of your sub account subaccount_name = "SAP Discovery Center Mission 3488" @@ -18,4 +18,4 @@ custom_idp = null # ------------------------------------------------------------------------------------------------------ # USER ROLES # ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["another.user@test.com"] \ No newline at end of file +subaccount_admins = ["another.user@test.com"] From 7398f85b33ec3fb065cecaed6c84315dffdb7816 Mon Sep 17 00:00:00 2001 From: gdsap Date: Sat, 29 Jun 2024 02:15:49 +0530 Subject: [PATCH 09/22] Update variables.tf (#228) updating the region --- released/discovery_center/mission_3488/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/released/discovery_center/mission_3488/variables.tf b/released/discovery_center/mission_3488/variables.tf index 29ece6bc..407c9b13 100644 --- a/released/discovery_center/mission_3488/variables.tf +++ b/released/discovery_center/mission_3488/variables.tf @@ -18,7 +18,7 @@ variable "cli_server_url" { variable "region" { type = string description = "The region where the subaccount shall be created in." - default = "eu10" + default = "eu11" } variable "subaccount_admins" { @@ -56,4 +56,4 @@ variable "qas_sac_email" { variable "qas_sac_host_name" { type = string description = "The host name for the SAP Analytics Cloud service instance." -} \ No newline at end of file +} From 721cecd7d916442454eba4d92b45c68806f69215 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 28 Jun 2024 20:51:31 +0000 Subject: [PATCH 10/22] update comment for subscription --- released/discovery_center/mission_3488/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index e21b05a4..c3c15816 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -28,10 +28,10 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { } # ------------------------------------------------------------------------------------------------------ -# SERVICES +# APP SUBSCRIPTIONS # ------------------------------------------------------------------------------------------------------ # ------------------------------------------------------------------------------------------------------ -# Setup sap-analytics-cloud +# Setup analytics-planning-osb # ------------------------------------------------------------------------------------------------------ # Entitle resource "btp_subaccount_entitlement" "sac" { From 788488d98f19637b815fd4bf1bfc061df21d7fcf Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Mon, 1 Jul 2024 09:42:50 +0000 Subject: [PATCH 11/22] update sac from subscription to service --- .../discovery_center/mission_3488/main.tf | 23 ++++++++++++------- .../mission_3488/variables.tf | 8 +++---- 2 files changed, 19 insertions(+), 12 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index c3c15816..8db67e2f 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -37,23 +37,30 @@ resource "btp_subaccount_trust_configuration" "fully_customized" { resource "btp_subaccount_entitlement" "sac" { subaccount_id = btp_subaccount.dc_mission.id service_name = "analytics-planning-osb" - plan_name = "free" + plan_name = "production" } -resource "btp_subaccount_subscription" "sac" { +data "btp_subaccount_service_plan" "sac" { subaccount_id = btp_subaccount.dc_mission.id - app_name = "analytics-planning-osb" - plan_name = "free" + offering_name = "analytics-planning-osb" + name = "production" depends_on = [btp_subaccount_entitlement.sac] +} + +resource "btp_subaccount_service_instance" "sac" { + subaccount_id = btp_subaccount.dc_mission.id + name = "service_analytics-planning-osb" + serviceplan_id = data.btp_subaccount_service_plan.sac.id parameters = jsonencode( { - "first_name" : "${var.qas_sac_first_name}", - "last_name" : "${var.qas_sac_last_name}", - "email" : "${var.qas_sac_email}", - "host_name" : "${var.qas_sac_host_name}", + "first_name" : "${var.sac_first_name}", + "last_name" : "${var.sac_last_name}", + "email" : "${var.sac_email}", + "host_name" : "${var.sac_host_name}", } ) + depends_on = [ btp_subaccount_entitlement.sac ] } diff --git a/released/discovery_center/mission_3488/variables.tf b/released/discovery_center/mission_3488/variables.tf index 407c9b13..979cd24b 100644 --- a/released/discovery_center/mission_3488/variables.tf +++ b/released/discovery_center/mission_3488/variables.tf @@ -38,22 +38,22 @@ variable "custom_idp" { default = "" } -variable "qas_sac_first_name" { +variable "sac_first_name" { type = string description = "The first name of the QAS SAP Analytics Cloud user." } -variable "qas_sac_last_name" { +variable "sac_last_name" { type = string description = "The last name of the QAS SAP Analytics Cloud user." } -variable "qas_sac_email" { +variable "sac_email" { type = string description = "The email of the QAS SAP Analytics Cloud user." } -variable "qas_sac_host_name" { +variable "sac_host_name" { type = string description = "The host name for the SAP Analytics Cloud service instance." } From 26a9777f80b88f315ddafd2d4a2bc2042166c631 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Mon, 1 Jul 2024 14:06:21 +0000 Subject: [PATCH 12/22] fix format --- released/discovery_center/mission_3488/main.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf index 8db67e2f..d1605c7d 100644 --- a/released/discovery_center/mission_3488/main.tf +++ b/released/discovery_center/mission_3488/main.tf @@ -43,14 +43,14 @@ resource "btp_subaccount_entitlement" "sac" { data "btp_subaccount_service_plan" "sac" { subaccount_id = btp_subaccount.dc_mission.id offering_name = "analytics-planning-osb" - name = "production" + name = "production" depends_on = [btp_subaccount_entitlement.sac] } resource "btp_subaccount_service_instance" "sac" { - subaccount_id = btp_subaccount.dc_mission.id - name = "service_analytics-planning-osb" + subaccount_id = btp_subaccount.dc_mission.id + name = "service_analytics-planning-osb" serviceplan_id = data.btp_subaccount_service_plan.sac.id parameters = jsonencode( { @@ -60,7 +60,7 @@ resource "btp_subaccount_service_instance" "sac" { "host_name" : "${var.sac_host_name}", } ) - depends_on = [ btp_subaccount_entitlement.sac ] + depends_on = [btp_subaccount_entitlement.sac] } From a3f49c28186e842399d52bfb5bf16eed2332f6ee Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Thu, 4 Jul 2024 16:13:16 +0200 Subject: [PATCH 13/22] updates with cf setup --- .../discovery_center/mission_3488/main.tf | 80 -------- .../discovery_center/mission_3488/provider.tf | 13 -- .../mission_3488/sample.tfvars | 21 --- .../mission_3488/step1/README.md | 48 +++++ .../mission_3488/step1/locals.tf | 3 + .../mission_3488/step1/main.tf | 90 +++++++++ .../mission_3488/step1/outputs.tf | 110 +++++++++++ .../mission_3488/step1/provider.tf | 20 ++ .../mission_3488/step1/variables.tf | 176 ++++++++++++++++++ .../mission_3488/step2/locals.tf | 3 + .../mission_3488/step2/main.tf | 91 +++++++++ .../mission_3488/step2/provider.tf | 16 ++ .../mission_3488/step2/variables.tf | 144 ++++++++++++++ .../mission_3488/variables.tf | 59 ------ 14 files changed, 701 insertions(+), 173 deletions(-) delete mode 100644 released/discovery_center/mission_3488/main.tf delete mode 100644 released/discovery_center/mission_3488/provider.tf delete mode 100644 released/discovery_center/mission_3488/sample.tfvars create mode 100644 released/discovery_center/mission_3488/step1/README.md create mode 100644 released/discovery_center/mission_3488/step1/locals.tf create mode 100644 released/discovery_center/mission_3488/step1/main.tf create mode 100644 released/discovery_center/mission_3488/step1/outputs.tf create mode 100644 released/discovery_center/mission_3488/step1/provider.tf create mode 100644 released/discovery_center/mission_3488/step1/variables.tf create mode 100644 released/discovery_center/mission_3488/step2/locals.tf create mode 100644 released/discovery_center/mission_3488/step2/main.tf create mode 100644 released/discovery_center/mission_3488/step2/provider.tf create mode 100644 released/discovery_center/mission_3488/step2/variables.tf delete mode 100644 released/discovery_center/mission_3488/variables.tf diff --git a/released/discovery_center/mission_3488/main.tf b/released/discovery_center/mission_3488/main.tf deleted file mode 100644 index d1605c7d..00000000 --- a/released/discovery_center/mission_3488/main.tf +++ /dev/null @@ -1,80 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Subaccount setup for DC mission 3488 -# ------------------------------------------------------------------------------------------------------ -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - subaccount_domain = lower(replace("mission-3488-${local.random_uuid}", "_", "-")) -} - -# ------------------------------------------------------------------------------------------------------ -# Creation of subaccount -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount" "dc_mission" { - name = var.subaccount_name - subdomain = local.subaccount_domain - region = lower(var.region) -} - -# ------------------------------------------------------------------------------------------------------ -# Assign custom IDP to sub account (if custom_idp is set) -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_trust_configuration" "fully_customized" { - # Only create trust configuration if custom_idp has been set - count = var.custom_idp == "" ? 0 : 1 - subaccount_id = btp_subaccount.dc_mission.id - identity_provider = var.custom_idp -} - -# ------------------------------------------------------------------------------------------------------ -# APP SUBSCRIPTIONS -# ------------------------------------------------------------------------------------------------------ -# ------------------------------------------------------------------------------------------------------ -# Setup analytics-planning-osb -# ------------------------------------------------------------------------------------------------------ -# Entitle -resource "btp_subaccount_entitlement" "sac" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = "analytics-planning-osb" - plan_name = "production" -} - -data "btp_subaccount_service_plan" "sac" { - subaccount_id = btp_subaccount.dc_mission.id - offering_name = "analytics-planning-osb" - name = "production" - depends_on = [btp_subaccount_entitlement.sac] -} - - -resource "btp_subaccount_service_instance" "sac" { - subaccount_id = btp_subaccount.dc_mission.id - name = "service_analytics-planning-osb" - serviceplan_id = data.btp_subaccount_service_plan.sac.id - parameters = jsonencode( - { - "first_name" : "${var.sac_first_name}", - "last_name" : "${var.sac_last_name}", - "email" : "${var.sac_email}", - "host_name" : "${var.sac_host_name}", - } - ) - depends_on = [btp_subaccount_entitlement.sac] -} - - -# ------------------------------------------------------------------------------------------------------ -# USERS AND ROLES -# ------------------------------------------------------------------------------------------------------ -# -# ------------------------------------------------------------------------------------------------------ -# Assign role collection "Subaccount Administrator" -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_role_collection_assignment" "subaccount_admin" { - for_each = toset("${var.subaccount_admins}") - subaccount_id = btp_subaccount.dc_mission.id - role_collection_name = "Subaccount Administrator" - user_name = each.value - depends_on = [btp_subaccount.dc_mission] -} diff --git a/released/discovery_center/mission_3488/provider.tf b/released/discovery_center/mission_3488/provider.tf deleted file mode 100644 index c7a536dd..00000000 --- a/released/discovery_center/mission_3488/provider.tf +++ /dev/null @@ -1,13 +0,0 @@ -terraform { - required_providers { - btp = { - source = "SAP/btp" - version = "~> 1.4.0" - } - } -} - -provider "btp" { - globalaccount = var.globalaccount - cli_server_url = var.cli_server_url -} \ No newline at end of file diff --git a/released/discovery_center/mission_3488/sample.tfvars b/released/discovery_center/mission_3488/sample.tfvars deleted file mode 100644 index b0195a6a..00000000 --- a/released/discovery_center/mission_3488/sample.tfvars +++ /dev/null @@ -1,21 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "xxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxxx-xxxxxx" - -# The CLI server URL (needs to be set to null if you are using the default CLI server) -cli_server_url = null - -# Region for your subaccount -region = "eu11" - -# Name of your sub account -subaccount_name = "SAP Discovery Center Mission 3488" - -custom_idp = null - -# ------------------------------------------------------------------------------------------------------ -# USER ROLES -# ------------------------------------------------------------------------------------------------------ -subaccount_admins = ["another.user@test.com"] diff --git a/released/discovery_center/mission_3488/step1/README.md b/released/discovery_center/mission_3488/step1/README.md new file mode 100644 index 00000000..1b327508 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/README.md @@ -0,0 +1,48 @@ +# Sample Setup of an SAP Task Center on SAP BTP - Step 1 + +## Overview + +This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. + +This directory contains the configuration the first step of the setup namely: + +- a new subaccount +- the entitlements for SAP Task Center +- the subscription for SAP Build Workzone, standard edition +- the Cloud Foundry environment +- The trust setup to the custom IdP +- Assignment of users to the role collections + +## Deploying the resources + +To deploy the resources of step 1 execute the following commands: + +1. Initialize your workspace: + + ```bash + terraform init + ``` + +1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain + +1. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file=".tfvars" + ``` + +1. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file=".tfvars" + ``` + +> **Note** - Some variables of the output of the first step are needed as input for the second step. + +## When finished + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file=".tfvars" +``` \ No newline at end of file diff --git a/released/discovery_center/mission_3488/step1/locals.tf b/released/discovery_center/mission_3488/step1/locals.tf new file mode 100644 index 00000000..09136428 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/locals.tf @@ -0,0 +1,3 @@ +locals { + service_name__sac = "analytics-planning-osb" +} diff --git a/released/discovery_center/mission_3488/step1/main.tf b/released/discovery_center/mission_3488/step1/main.tf new file mode 100644 index 00000000..4afbe398 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/main.tf @@ -0,0 +1,90 @@ +# ------------------------------------------------------------------------------------------------------ +# Setup of names based on variables +# ------------------------------------------------------------------------------------------------------ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = lower("${var.subaccount_name}-${local.random_uuid}") + subaccount_name = var.subaccount_name + subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "sac_subaccount" { + name = local.subaccount_name + subdomain = local.subaccount_domain + region = lower(var.region) +} + + +# ------------------------------------------------------------------------------------------------------ +# Assignment of basic entitlements for an SAC setup +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "sac__service_instance_plan" { + subaccount_id = btp_subaccount.sac_subaccount.id + service_name = local.service_name__sac + plan_name = var.service_plan__sac +} + + +# ------------------------------------------------------------------------------------------------------ +# Creation of Cloud Foundry environment +# ------------------------------------------------------------------------------------------------------ + +# Fetch all available environments for the subaccount +data "btp_subaccount_environments" "all" { + subaccount_id = btp_subaccount.sac_subaccount.id +} + +# Take the landscape label from the first CF environment if no environment label is provided +resource "terraform_data" "replacement" { + input = length(var.cf_landscape_label) > 0 ? var.cf_landscape_label : [for env in data.btp_subaccount_environments.all.values : env if env.service_name == "cloudfoundry" && env.environment_type == "cloudfoundry"][0].landscape_label +} + +# Create the Cloud Foundry environment instance +resource "btp_subaccount_environment_instance" "cf_sac" { + subaccount_id = btp_subaccount.sac_subaccount.id + name = local.subaccount_cf_org + environment_type = "cloudfoundry" + service_name = "cloudfoundry" + plan_name = var.cf_plan_name + landscape_label = terraform_data.replacement.output + + parameters = jsonencode({ + instance_name = local.subaccount_cf_org + }) +} + + +resource "local_file" "output_vars_step1" { + count = var.create_tfvars_file_for_next_stage ? 1 : 0 + content = <<-EOT + origin = "${var.origin}" + + cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cf_sac.labels)["API Endpoint"]}" + cf_org_id = "${btp_subaccount_environment_instance.cf_sac.platform_id}" + + cf_org_auditors = ${jsonencode(var.cf_org_auditors)} + cf_org_billing_managers = ${jsonencode(var.cf_org_billing_managers)} + cf_org_managers = ${jsonencode(var.cf_org_managers)} + cf_space_auditors = ${jsonencode(var.cf_space_auditors)} + cf_space_developers = ${jsonencode(var.cf_space_developers)} + cf_space_managers = ${jsonencode(var.cf_space_managers)} + + service_plan__sac = "${var.service_plan__sac}" + + sac_param_first_name = ${var.sac_param_first_name} + sac_param_last_name = ${var.sac_param_last_name} + sac_param_email = ${var.sac_param_email} + sac_param_host_name = ${var.sac_param_host_name} + + sac_param_number_of_business_intelligence_licenses = ${var.sac_param_number_of_business_intelligence_licenses} + sac_param_number_of_professional_licenses = ${var.sac_param_number_of_professional_licenses} + sac_param_number_of_business_standard_licenses = ${var.sac_param_number_of_business_standard_licenses} + + EOT + filename = "../step2/terraform.tfvars" +} diff --git a/released/discovery_center/mission_3488/step1/outputs.tf b/released/discovery_center/mission_3488/step1/outputs.tf new file mode 100644 index 00000000..d67d9a68 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/outputs.tf @@ -0,0 +1,110 @@ +output "subaccount_id" { + value = btp_subaccount.sac_subaccount.id + description = "The ID of the subaccount." +} + +output "subaccount_name" { + value = btp_subaccount.sac_subaccount.id + description = "The name of the subaccount." +} + +output "cf_org_name" { + value = local.subaccount_cf_org + description = "The name of the Cloud Foundry org connected to the subaccount." +} + +output "cf_org_id" { + value = btp_subaccount_environment_instance.cf_sac.platform_id + description = "The ID of the Cloud Foundry org connected to the subaccount." +} + +output "cf_api_url" { + value = lookup(jsondecode(btp_subaccount_environment_instance.cf_sac.labels), "API Endpoint", "not found") + description = "API endpoint of the Cloud Foundry environment." +} + +output "cf_landscape_label" { + value = btp_subaccount_environment_instance.cf_sac.landscape_label + description = "Landscape label of the Cloud Foundry environment." +} + +output "cf_space_name" { + value = var.cf_space_name + description = "The name of the Cloud Foundry space." +} + +output "origin" { + value = var.origin + description = "The identity provider for the UAA user." +} + +output "cf_org_managers" { + value = var.cf_org_managers + description = "List of Cloud Foundry org managers." +} + +output "cf_org_billing_managers" { + value = var.cf_org_billing_managers + description = "List of Cloud Foundry org billing managers." +} + +output "cf_org_auditors" { + value = var.cf_org_auditors + description = "List of Cloud Foundry org auditors." +} + +output "cf_space_managers" { + value = var.cf_space_managers + description = "List of managers for the Cloud Foundry space." +} + +output "cf_space_developers" { + value = var.cf_space_developers + description = "List of developers for the Cloud Foundry space." +} + +output "cf_space_auditors" { + value = var.cf_space_auditors + description = "The list of Cloud Foundry space auditors." +} + +output "service_plan__sac" { + value = var.service_plan__sac + description = "Plan for the service instance of SAC." +} + +output "sac_param_first_name" { + value = var.sac_param_first_name + description = "First name of the SAC responsible" +} + +output "sac_param_last_name" { + value = var.sac_param_last_name + description = "Last name of the SAC responsible" +} + +output "sac_param_email" { + value = var.sac_param_email + description = "Email of the SAC responsible" +} + +output "sac_param_host_name" { + value = var.sac_param_host_name + description = "Host name of the SAC" +} + +output "sac_param_number_of_business_intelligence_licenses" { + value = var.sac_param_number_of_business_intelligence_licenses + description = "Number of business intelligence licenses" +} + + +output "sac_param_number_of_professional_licenses" { + value = var.sac_param_number_of_professional_licenses + description = "Number of business professional licenses" +} + +output "sac_param_number_of_business_standard_licenses" { + value = var.sac_param_number_of_business_standard_licenses + description = "Number of business standard licenses" +} diff --git a/released/discovery_center/mission_3488/step1/provider.tf b/released/discovery_center/mission_3488/step1/provider.tf new file mode 100644 index 00000000..1f3304c4 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/provider.tf @@ -0,0 +1,20 @@ + +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "~> 1.4.0" + } + } + +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + # Comment out the idp in case you need it to connect to your global account + # ------------------------------------------------------------------------- + # idp = var.custom_idp + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} diff --git a/released/discovery_center/mission_3488/step1/variables.tf b/released/discovery_center/mission_3488/step1/variables.tf new file mode 100644 index 00000000..b32b9291 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/variables.tf @@ -0,0 +1,176 @@ +variable "globalaccount" { + type = string + description = "The global account subdomain." +} + +variable "subaccount_name" { + type = string + description = "The name for the subaccount." + default = "" +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "eu11" +} + +variable "cf_plan_name" { + type = string + description = "Desired service plan for the Cloud Foundry environment instance." + default = "standard" +} + +variable "cf_landscape_label" { + type = string + description = "The Cloud Foundry landscape (format example eu10-004)." + default = "" +} + +variable "cf_space_name" { + type = string + description = "The name of the Cloud Foundry space." + default = "dev" +} + +variable "cf_org_managers" { + type = list(string) + description = "List of Cloud Foundry org managers." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_org_billing_managers" { + type = list(string) + description = "List of Cloud Foundry org billing managers." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_billing_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_billing_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_org_auditors" { + type = list(string) + description = "List of Cloud Foundry org auditors." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_auditors) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry space." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_developers" { + type = list(string) + description = "List of developers for the Cloud Foundry space." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_auditors" { + type = list(string) + description = "The list of Cloud Foundry space auditors." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_auditors) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + + +variable "service_plan__sac" { + type = string + description = "Plan for the service instance of ABAP." + default = "free" +} + + +variable "origin" { + type = string + description = "The identity provider for the UAA user." + default = "sap.ids" +} + +variable "create_tfvars_file_for_next_stage" { + type = bool + description = "Switch to enable the creation of the tfvars file for the next step." + default = false +} + +variable "sac_param_first_name" { + type = string + description = "First name of the SAC responsible" +} + +variable "sac_param_last_name" { + type = string + description = "Last name of the SAC responsible" +} + +variable "sac_param_email" { + type = string + description = "Email of the SAC responsible" + + validation { + condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.sac_param_email)) + error_message = "Please enter a valid email address for the SAC responsible." + } +} + +variable "sac_param_host_name" { + type = string + description = "Host name of the SAC" +} + +variable "sac_param_number_of_business_intelligence_licenses" { + type = number + description = "Number of business intelligence licenses" + default = 6 +} + + +variable "sac_param_number_of_professional_licenses" { + type = number + description = "Number of business professional licenses" + default = 1 +} + +variable "sac_param_number_of_business_standard_licenses" { + type = number + description = "Number of business standard licenses" + default = 2 +} diff --git a/released/discovery_center/mission_3488/step2/locals.tf b/released/discovery_center/mission_3488/step2/locals.tf new file mode 100644 index 00000000..09136428 --- /dev/null +++ b/released/discovery_center/mission_3488/step2/locals.tf @@ -0,0 +1,3 @@ +locals { + service_name__sac = "analytics-planning-osb" +} diff --git a/released/discovery_center/mission_3488/step2/main.tf b/released/discovery_center/mission_3488/step2/main.tf new file mode 100644 index 00000000..0499d9c9 --- /dev/null +++ b/released/discovery_center/mission_3488/step2/main.tf @@ -0,0 +1,91 @@ +# ------------------------------------------------------------------------------------------------------ +# Assignment of Cloud Foundry org roles +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_org_role" "org_managers" { + for_each = toset("${var.cf_org_managers}") + username = each.value + type = "organization_manager" + org = var.cf_org_id + origin = var.origin +} + +resource "cloudfoundry_org_role" "billing_managers" { + for_each = toset("${var.cf_org_billing_managers}") + username = each.value + type = "organization_billing_manager" + org = var.cf_org_id + origin = var.origin +} + +resource "cloudfoundry_org_role" "org_auditors" { + for_each = toset("${var.cf_org_auditors}") + username = each.value + type = "organization_auditor" + org = var.cf_org_id + origin = var.origin +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of Cloud Foundry space +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_space" "sac_space" { + name = var.cf_space_name + org = var.cf_org_id +} + +# ------------------------------------------------------------------------------------------------------ +# Assignment of Cloud Foundry org roles +# ------------------------------------------------------------------------------------------------------ +resource "cloudfoundry_space_role" "space_managers" { + for_each = toset("${var.cf_space_managers}") + username = each.value + type = "space_manager" + space = cloudfoundry_space.sac_space.id + origin = var.origin +} + +resource "cloudfoundry_space_role" "space_developers" { + for_each = toset("${var.cf_space_developers}") + username = each.value + type = "space_developer" + space = cloudfoundry_space.sac_space.id + origin = var.origin +} + +resource "cloudfoundry_space_role" "space_auditors" { + for_each = toset("${var.cf_space_auditors}") + username = each.value + type = "space_auditor" + space = cloudfoundry_space.sac_space.id + origin = var.origin +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of service instance for SAP Analytics Bloud +# ------------------------------------------------------------------------------------------------------ +data "cloudfoundry_service" "sac_service_plans" { + name = local.service_name__sac +} + +resource "cloudfoundry_service_instance" "sac_si" { + depends_on = [cloudfoundry_space_role.space_managers, cloudfoundry_space_role.space_developers] + name = "service-analytics-planning-osb" + space = cloudfoundry_space.sac_space.id + service_plan = data.cloudfoundry_service.sac_service_plans.service_plans[var.service_plan__sac] + type = "managed" + parameters = jsonencode({ + "first_name" : "${var.sac_param_first_name}", + "last_name" : "${var.sac_param_last_name}", + "email" : "${var.sac_param_email}", + "confirm_email" : "${var.sac_param_email}", + "host_name" : "${var.sac_param_host_name}", + "number_of_business_intelligence_licenses" : var.sac_param_number_of_business_intelligence_licenses, + "number_of_planning_professional_licenses" : var.sac_param_number_of_professional_licenses, + "number_of_planning_standard_licenses" : var.sac_param_number_of_business_standard_licenses + }) + timeouts = { + create = "2h" + delete = "2h" + update = "2h" + } +} diff --git a/released/discovery_center/mission_3488/step2/provider.tf b/released/discovery_center/mission_3488/step2/provider.tf new file mode 100644 index 00000000..7a11e78f --- /dev/null +++ b/released/discovery_center/mission_3488/step2/provider.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + cloudfoundry = { + source = "sap/cloudfoundry" + version = "0.2.1-beta" + } + } +} + +# This will only work if we know the region in advance +provider "cloudfoundry" { + # Comment out the origin in case you need it to connect to your CF environment + # ---------------------------------------------------------------------------- + # origin = var.origin + api_url = var.cf_api_url +} diff --git a/released/discovery_center/mission_3488/step2/variables.tf b/released/discovery_center/mission_3488/step2/variables.tf new file mode 100644 index 00000000..a437e919 --- /dev/null +++ b/released/discovery_center/mission_3488/step2/variables.tf @@ -0,0 +1,144 @@ +variable "cf_api_url" { + type = string + description = "The API endpoint of the Cloud Foundry environment." +} + +variable "cf_org_id" { + type = string + description = "The Cloud Foundry landscape (format example eu10-004)." +} + +variable "origin" { + type = string + description = "The identity provider for the UAA user." + default = "sap.ids" +} + +variable "cf_org_managers" { + type = list(string) + description = "List of Cloud Foundry org managers." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_managers) + error_message = "Please enter a valid email address for the Cloud Foundry org managers." + } +} + +variable "cf_org_billing_managers" { + type = list(string) + description = "List of Cloud Foundry org billing managers." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_billing_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_billing_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_org_auditors" { + type = list(string) + description = "List of Cloud Foundry org auditors." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_auditors) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry space." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_developers" { + type = list(string) + description = "List of developers for the Cloud Foundry space." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_auditors" { + type = list(string) + description = "The list of Cloud Foundry space auditors." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_auditors) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_name" { + type = string + description = "The name of the Cloud Foundry space." + default = "dev" +} + + +variable "service_plan__sac" { + type = string + description = "Plan for the service instance of ABAP." + default = "free" +} + +variable "sac_param_first_name" { + type = string + description = "First name of the SAC responsible" +} + +variable "sac_param_last_name" { + type = string + description = "Last name of the SAC responsible" +} + +variable "sac_param_email" { + type = string + description = "Email of the SAC responsible" + + validation { + condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.sac_param_email)) + error_message = "Please enter a valid email address for the SAC responsible." + } +} + +variable "sac_param_host_name" { + type = string + description = "Host name of the SAC" +} + +variable "sac_param_number_of_business_intelligence_licenses" { + type = number + description = "Number of business intelligence licenses" + default = 6 +} + + +variable "sac_param_number_of_professional_licenses" { + type = number + description = "Number of business professional licenses" + default = 1 +} + +variable "sac_param_number_of_business_standard_licenses" { + type = number + description = "Number of business standard licenses" + default = 2 +} diff --git a/released/discovery_center/mission_3488/variables.tf b/released/discovery_center/mission_3488/variables.tf deleted file mode 100644 index 979cd24b..00000000 --- a/released/discovery_center/mission_3488/variables.tf +++ /dev/null @@ -1,59 +0,0 @@ -variable "globalaccount" { - type = string - description = "The globalaccount subdomain where the sub account shall be created." -} - -variable "subaccount_name" { - type = string - description = "The subaccount name." - default = "My SAP Discovery Center mission subaccount." -} - -variable "cli_server_url" { - type = string - description = "The BTP CLI server URL." - default = "https://cli.btp.cloud.sap" -} - -variable "region" { - type = string - description = "The region where the subaccount shall be created in." - default = "eu11" -} - -variable "subaccount_admins" { - type = list(string) - description = "Defines the colleagues who are added to each subaccount as emergency administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.subaccount_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.subaccount_admins) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "custom_idp" { - type = string - description = "The custom identity provider for the subaccount." - default = "" -} - -variable "sac_first_name" { - type = string - description = "The first name of the QAS SAP Analytics Cloud user." -} - -variable "sac_last_name" { - type = string - description = "The last name of the QAS SAP Analytics Cloud user." -} - -variable "sac_email" { - type = string - description = "The email of the QAS SAP Analytics Cloud user." -} - -variable "sac_host_name" { - type = string - description = "The host name for the SAP Analytics Cloud service instance." -} From 1c35fc8d1c8f4b0c1d95722b7f917e229e455f37 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Thu, 4 Jul 2024 16:16:05 +0200 Subject: [PATCH 14/22] update text --- .../mission_3774/step1/README.md | 50 ++++++++++++------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/released/discovery_center/mission_3774/step1/README.md b/released/discovery_center/mission_3774/step1/README.md index 1b327508..0ecb21b1 100644 --- a/released/discovery_center/mission_3774/step1/README.md +++ b/released/discovery_center/mission_3774/step1/README.md @@ -1,43 +1,57 @@ -# Sample Setup of an SAP Task Center on SAP BTP - Step 1 +# SAP Discovery Center mission - Get started with Extended Planning and Analysis ## Overview -This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. +This terraform script demonstrates how to set up your SAP Datasphere tenant for the SAP Discovery Center Mission - [Get started with Extended Planning and Analysis](https://discovery-center.cloud.sap/missiondetail/4104/3488/) -This directory contains the configuration the first step of the setup namely: +## Content of setup -- a new subaccount -- the entitlements for SAP Task Center -- the subscription for SAP Build Workzone, standard edition -- the Cloud Foundry environment -- The trust setup to the custom IdP -- Assignment of users to the role collections +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Enablement of Cloudfoundry Environment - [see available regions and endpoints](https://help.sap.com/docs/btp/sap-business-technology-platform/regions-and-api-endpoints-available-for-cloud-foundry-environment) +- Entitlements of services + * SAP Analytics Cloud +- Subscription to the service +- Role collection assignments to users ## Deploying the resources -To deploy the resources of step 1 execute the following commands: +Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) -1. Initialize your workspace: +To deploy the resources you must: +1. Set your credentials as environment variables + ```bash - terraform init + export BTP_USERNAME ='' + export BTP_PASSWORD ='' ``` -1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain +2. Change the variables in the `sample.tfvars` file to meet your requirements + + > The minimal set of parameters you should specify (besides user_email and password) is global account (i.e. its subdomain) and the used custom_idp and all user assignments + + > ⚠ NOTE: You should pay attention **specifically** to the users defined in the samples.tfvars whether they already exist in your SAP BTP accounts. Otherwise, you might get error messages like, e.g., `Error: The user could not be found: jane.doe@test.com`. + -1. You can check what Terraform plans to apply based on your configuration: +3. Initialize your workspace: ```bash - terraform plan -var-file=".tfvars" + terraform init ``` -1. Apply your configuration to provision the resources: +4. You can check what Terraform plans to apply based on your configuration: ```bash - terraform apply -var-file=".tfvars" + terraform plan -var-file="sample.tfvars" ``` -> **Note** - Some variables of the output of the first step are needed as input for the second step. +5. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file="sample.tfvars" + ``` ## When finished From 52619f2ce597cdc562c4dca043a0d4ed915d12c2 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Thu, 4 Jul 2024 16:17:13 +0200 Subject: [PATCH 15/22] add sample.tfvars --- .../mission_3488/step1/sample.tfvars | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 released/discovery_center/mission_3488/step1/sample.tfvars diff --git a/released/discovery_center/mission_3488/step1/sample.tfvars b/released/discovery_center/mission_3488/step1/sample.tfvars new file mode 100644 index 00000000..1ecad9f2 --- /dev/null +++ b/released/discovery_center/mission_3488/step1/sample.tfvars @@ -0,0 +1,23 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "yourglobalaccount" +region = "datacenter" +subaccount_name = "subaccount_name" + +service_plan__build_workzone = "free" + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ + +subaccount_admins = ["another.user@test.com"] +subaccount_service_admins = ["another.user@test.com"] + +cf_org_admins = ["another.user@test.com"] +cf_space_managers = ["another.user@test.com", "you@test.com"] +cf_space_developers = ["another.user@test.com", "you@test.com"] + +custom_idp = "sap.ids" +launchpad_admins = ["another.user@test.com", "you@test.com"] \ No newline at end of file From c14684305338e4a3581fc147ab8d1aa5f3349b0d Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Thu, 4 Jul 2024 14:34:08 +0000 Subject: [PATCH 16/22] minor updates on step2 handover --- .../mission_3488/step1/main.tf | 20 +++++++++---------- .../mission_3488/step1/outputs.tf | 7 +------ .../mission_3488/step1/sample.tfvars | 17 +++++++++++----- 3 files changed, 23 insertions(+), 21 deletions(-) diff --git a/released/discovery_center/mission_3488/step1/main.tf b/released/discovery_center/mission_3488/step1/main.tf index 4afbe398..559b7ead 100644 --- a/released/discovery_center/mission_3488/step1/main.tf +++ b/released/discovery_center/mission_3488/step1/main.tf @@ -13,9 +13,9 @@ locals { # ------------------------------------------------------------------------------------------------------ # Creation of subaccount # ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount" "sac_subaccount" { - name = local.subaccount_name - subdomain = local.subaccount_domain +resource "btp_subaccount" "dc_mission" { + name = var.subaccount_name + subdomain = join("-", ["dc-mission-3488", random_uuid.uuid.result]) region = lower(var.region) } @@ -24,7 +24,7 @@ resource "btp_subaccount" "sac_subaccount" { # Assignment of basic entitlements for an SAC setup # ------------------------------------------------------------------------------------------------------ resource "btp_subaccount_entitlement" "sac__service_instance_plan" { - subaccount_id = btp_subaccount.sac_subaccount.id + subaccount_id = btp_subaccount.dc_mission.id service_name = local.service_name__sac plan_name = var.service_plan__sac } @@ -36,7 +36,7 @@ resource "btp_subaccount_entitlement" "sac__service_instance_plan" { # Fetch all available environments for the subaccount data "btp_subaccount_environments" "all" { - subaccount_id = btp_subaccount.sac_subaccount.id + subaccount_id = btp_subaccount.dc_mission.id } # Take the landscape label from the first CF environment if no environment label is provided @@ -46,7 +46,7 @@ resource "terraform_data" "replacement" { # Create the Cloud Foundry environment instance resource "btp_subaccount_environment_instance" "cf_sac" { - subaccount_id = btp_subaccount.sac_subaccount.id + subaccount_id = btp_subaccount.dc_mission.id name = local.subaccount_cf_org environment_type = "cloudfoundry" service_name = "cloudfoundry" @@ -76,10 +76,10 @@ resource "local_file" "output_vars_step1" { service_plan__sac = "${var.service_plan__sac}" - sac_param_first_name = ${var.sac_param_first_name} - sac_param_last_name = ${var.sac_param_last_name} - sac_param_email = ${var.sac_param_email} - sac_param_host_name = ${var.sac_param_host_name} + sac_param_first_name = "${var.sac_param_first_name}" + sac_param_last_name = "${var.sac_param_last_name}" + sac_param_email = "${var.sac_param_email}" + sac_param_host_name = "${var.sac_param_host_name}" sac_param_number_of_business_intelligence_licenses = ${var.sac_param_number_of_business_intelligence_licenses} sac_param_number_of_professional_licenses = ${var.sac_param_number_of_professional_licenses} diff --git a/released/discovery_center/mission_3488/step1/outputs.tf b/released/discovery_center/mission_3488/step1/outputs.tf index d67d9a68..582781cc 100644 --- a/released/discovery_center/mission_3488/step1/outputs.tf +++ b/released/discovery_center/mission_3488/step1/outputs.tf @@ -1,13 +1,8 @@ output "subaccount_id" { - value = btp_subaccount.sac_subaccount.id + value = btp_subaccount.dc_mission.id description = "The ID of the subaccount." } -output "subaccount_name" { - value = btp_subaccount.sac_subaccount.id - description = "The name of the subaccount." -} - output "cf_org_name" { value = local.subaccount_cf_org description = "The name of the Cloud Foundry org connected to the subaccount." diff --git a/released/discovery_center/mission_3488/step1/sample.tfvars b/released/discovery_center/mission_3488/step1/sample.tfvars index 1ecad9f2..0367e0cb 100644 --- a/released/discovery_center/mission_3488/step1/sample.tfvars +++ b/released/discovery_center/mission_3488/step1/sample.tfvars @@ -4,9 +4,7 @@ # Your global account subdomain globalaccount = "yourglobalaccount" region = "datacenter" -subaccount_name = "subaccount_name" - -service_plan__build_workzone = "free" +subaccount_name = "SAP Discovery Center Mission 3488" # ------------------------------------------------------------------------------------------------------ # Project specific configuration (please adapt!) @@ -19,5 +17,14 @@ cf_org_admins = ["another.user@test.com"] cf_space_managers = ["another.user@test.com", "you@test.com"] cf_space_developers = ["another.user@test.com", "you@test.com"] -custom_idp = "sap.ids" -launchpad_admins = ["another.user@test.com", "you@test.com"] \ No newline at end of file +custom_idp = "sap.ids" + +create_tfvars_file_for_next_stage = true + +sac_param_first_name = "John" +sac_param_last_name = "Doe" +sac_param_email = "john.doe@test.com" +sac_param_host_name = "johndoetestsac" + + + From 8c7ee04d87d53901e35922e48837e3f43aedf586 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 5 Jul 2024 07:32:01 +0000 Subject: [PATCH 17/22] fix wrongly set variables --- .../mission_3488/step1/main.tf | 20 +++++++++---------- .../mission_3488/step1/outputs.tf | 6 +++--- .../mission_3488/step1/sample.tfvars | 2 +- .../mission_3488/step1/variables.tf | 9 ++++----- .../mission_3488/step2/main.tf | 19 +++++++++++++++--- .../mission_3488/step2/variables.tf | 10 +++++----- 6 files changed, 39 insertions(+), 27 deletions(-) diff --git a/released/discovery_center/mission_3488/step1/main.tf b/released/discovery_center/mission_3488/step1/main.tf index 559b7ead..4c8fd870 100644 --- a/released/discovery_center/mission_3488/step1/main.tf +++ b/released/discovery_center/mission_3488/step1/main.tf @@ -62,19 +62,19 @@ resource "btp_subaccount_environment_instance" "cf_sac" { resource "local_file" "output_vars_step1" { count = var.create_tfvars_file_for_next_stage ? 1 : 0 content = <<-EOT - origin = "${var.origin}" + origin = "${var.origin}" - cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cf_sac.labels)["API Endpoint"]}" - cf_org_id = "${btp_subaccount_environment_instance.cf_sac.platform_id}" + cf_api_url = "${jsondecode(btp_subaccount_environment_instance.cf_sac.labels)["API Endpoint"]}" + cf_org_id = "${btp_subaccount_environment_instance.cf_sac.platform_id}" - cf_org_auditors = ${jsonencode(var.cf_org_auditors)} - cf_org_billing_managers = ${jsonencode(var.cf_org_billing_managers)} - cf_org_managers = ${jsonencode(var.cf_org_managers)} - cf_space_auditors = ${jsonencode(var.cf_space_auditors)} - cf_space_developers = ${jsonencode(var.cf_space_developers)} - cf_space_managers = ${jsonencode(var.cf_space_managers)} + cf_org_auditors = ${jsonencode(var.cf_org_auditors)} + cf_org_billing_managers = ${jsonencode(var.cf_org_billing_managers)} + cf_org_admins = ${jsonencode(var.cf_org_admins)} + cf_space_auditors = ${jsonencode(var.cf_space_auditors)} + cf_space_developers = ${jsonencode(var.cf_space_developers)} + cf_space_managers = ${jsonencode(var.cf_space_managers)} - service_plan__sac = "${var.service_plan__sac}" + service_plan__sac = "${var.service_plan__sac}" sac_param_first_name = "${var.sac_param_first_name}" sac_param_last_name = "${var.sac_param_last_name}" diff --git a/released/discovery_center/mission_3488/step1/outputs.tf b/released/discovery_center/mission_3488/step1/outputs.tf index 582781cc..2ca0c372 100644 --- a/released/discovery_center/mission_3488/step1/outputs.tf +++ b/released/discovery_center/mission_3488/step1/outputs.tf @@ -33,9 +33,9 @@ output "origin" { description = "The identity provider for the UAA user." } -output "cf_org_managers" { - value = var.cf_org_managers - description = "List of Cloud Foundry org managers." +output "cf_org_admins" { + value = var.cf_org_admins + description = "List of Cloud Foundry org admins." } output "cf_org_billing_managers" { diff --git a/released/discovery_center/mission_3488/step1/sample.tfvars b/released/discovery_center/mission_3488/step1/sample.tfvars index 0367e0cb..74cbb709 100644 --- a/released/discovery_center/mission_3488/step1/sample.tfvars +++ b/released/discovery_center/mission_3488/step1/sample.tfvars @@ -17,7 +17,7 @@ cf_org_admins = ["another.user@test.com"] cf_space_managers = ["another.user@test.com", "you@test.com"] cf_space_developers = ["another.user@test.com", "you@test.com"] -custom_idp = "sap.ids" +custom_idp = "" create_tfvars_file_for_next_stage = true diff --git a/released/discovery_center/mission_3488/step1/variables.tf b/released/discovery_center/mission_3488/step1/variables.tf index b32b9291..e90dabb6 100644 --- a/released/discovery_center/mission_3488/step1/variables.tf +++ b/released/discovery_center/mission_3488/step1/variables.tf @@ -39,15 +39,14 @@ variable "cf_space_name" { default = "dev" } -variable "cf_org_managers" { +variable "cf_org_admins" { type = list(string) - description = "List of Cloud Foundry org managers." - default = [] + description = "List of users to set as Cloudfoundry org administrators." # add validation to check if admins contains a list of valid email addresses validation { - condition = length([for email in var.cf_org_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_managers) - error_message = "Please enter a valid email address for the subaccount admins." + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org admins." } } diff --git a/released/discovery_center/mission_3488/step2/main.tf b/released/discovery_center/mission_3488/step2/main.tf index 0499d9c9..6bafe73e 100644 --- a/released/discovery_center/mission_3488/step2/main.tf +++ b/released/discovery_center/mission_3488/step2/main.tf @@ -1,12 +1,23 @@ + # ------------------------------------------------------------------------------------------------------ -# Assignment of Cloud Foundry org roles +# Assign CF Org roles to the admin users # ------------------------------------------------------------------------------------------------------ -resource "cloudfoundry_org_role" "org_managers" { - for_each = toset("${var.cf_org_managers}") +# Define Org User role +resource "cloudfoundry_org_role" "organization_user" { + for_each = toset("${var.cf_org_admins}") + username = each.value + type = "organization_user" + org = var.cf_org_id + origin = var.origin +} + +resource "cloudfoundry_org_role" "organization_manager" { + for_each = toset("${var.cf_org_admins}") username = each.value type = "organization_manager" org = var.cf_org_id origin = var.origin + depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_org_role" "billing_managers" { @@ -15,6 +26,7 @@ resource "cloudfoundry_org_role" "billing_managers" { type = "organization_billing_manager" org = var.cf_org_id origin = var.origin + depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_org_role" "org_auditors" { @@ -23,6 +35,7 @@ resource "cloudfoundry_org_role" "org_auditors" { type = "organization_auditor" org = var.cf_org_id origin = var.origin + depends_on = [cloudfoundry_org_role.organization_user] } # ------------------------------------------------------------------------------------------------------ diff --git a/released/discovery_center/mission_3488/step2/variables.tf b/released/discovery_center/mission_3488/step2/variables.tf index a437e919..30495625 100644 --- a/released/discovery_center/mission_3488/step2/variables.tf +++ b/released/discovery_center/mission_3488/step2/variables.tf @@ -14,18 +14,18 @@ variable "origin" { default = "sap.ids" } -variable "cf_org_managers" { +variable "cf_org_admins" { type = list(string) - description = "List of Cloud Foundry org managers." - default = [] + description = "List of users to set as Cloudfoundry org administrators." # add validation to check if admins contains a list of valid email addresses validation { - condition = length([for email in var.cf_org_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_managers) - error_message = "Please enter a valid email address for the Cloud Foundry org managers." + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org admins." } } + variable "cf_org_billing_managers" { type = list(string) description = "List of Cloud Foundry org billing managers." From d170d86ca451d42d4b082509bd04800a83228701 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 5 Jul 2024 07:45:03 +0000 Subject: [PATCH 18/22] add validation for sap_param_host_name to only contain numbers and letters --- released/discovery_center/mission_3488/step1/variables.tf | 4 ++++ released/discovery_center/mission_3488/step2/variables.tf | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/released/discovery_center/mission_3488/step1/variables.tf b/released/discovery_center/mission_3488/step1/variables.tf index e90dabb6..d973d782 100644 --- a/released/discovery_center/mission_3488/step1/variables.tf +++ b/released/discovery_center/mission_3488/step1/variables.tf @@ -153,6 +153,10 @@ variable "sac_param_email" { variable "sac_param_host_name" { type = string description = "Host name of the SAC" + validation { + condition = can(regex("^[a-zA-Z0-9]", var.sac_param_host_name)) + error_message = "Please enter a valid host name. Should only contain letters and numbers." + } } variable "sac_param_number_of_business_intelligence_licenses" { diff --git a/released/discovery_center/mission_3488/step2/variables.tf b/released/discovery_center/mission_3488/step2/variables.tf index 30495625..62fe9da5 100644 --- a/released/discovery_center/mission_3488/step2/variables.tf +++ b/released/discovery_center/mission_3488/step2/variables.tf @@ -122,8 +122,13 @@ variable "sac_param_email" { variable "sac_param_host_name" { type = string description = "Host name of the SAC" + validation { + condition = can(regex("^[a-zA-Z0-9]", var.sac_param_host_name)) + error_message = "Please enter a valid host name. Should only contain letters and numbers." + } } + variable "sac_param_number_of_business_intelligence_licenses" { type = number description = "Number of business intelligence licenses" From 02187779f8cc98aba44902859fceb4c893dcaad9 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 5 Jul 2024 07:59:30 +0000 Subject: [PATCH 19/22] add dependency for all cf users --- released/discovery_center/mission_3488/step2/main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/released/discovery_center/mission_3488/step2/main.tf b/released/discovery_center/mission_3488/step2/main.tf index 6bafe73e..d99027b1 100644 --- a/released/discovery_center/mission_3488/step2/main.tf +++ b/released/discovery_center/mission_3488/step2/main.tf @@ -55,6 +55,7 @@ resource "cloudfoundry_space_role" "space_managers" { type = "space_manager" space = cloudfoundry_space.sac_space.id origin = var.origin + depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_space_role" "space_developers" { @@ -63,6 +64,7 @@ resource "cloudfoundry_space_role" "space_developers" { type = "space_developer" space = cloudfoundry_space.sac_space.id origin = var.origin + depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_space_role" "space_auditors" { @@ -71,6 +73,7 @@ resource "cloudfoundry_space_role" "space_auditors" { type = "space_auditor" space = cloudfoundry_space.sac_space.id origin = var.origin + depends_on = [cloudfoundry_org_role.organization_user] } # ------------------------------------------------------------------------------------------------------ From 1fca13c4c689ab7ba0c4f9c92692325e62fb4683 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Fri, 5 Jul 2024 09:06:14 +0000 Subject: [PATCH 20/22] adding config without cf --- .../mission_3488/nocf/README.md | 48 +++++ .../mission_3488/nocf/locals.tf | 3 + .../mission_3488/nocf/main.tf | 62 ++++++ .../mission_3488/nocf/outputs.tf | 46 +++++ .../mission_3488/nocf/provider.tf | 20 ++ .../mission_3488/nocf/sample.tfvars | 30 +++ .../mission_3488/nocf/variables.tf | 179 ++++++++++++++++++ 7 files changed, 388 insertions(+) create mode 100644 released/discovery_center/mission_3488/nocf/README.md create mode 100644 released/discovery_center/mission_3488/nocf/locals.tf create mode 100644 released/discovery_center/mission_3488/nocf/main.tf create mode 100644 released/discovery_center/mission_3488/nocf/outputs.tf create mode 100644 released/discovery_center/mission_3488/nocf/provider.tf create mode 100644 released/discovery_center/mission_3488/nocf/sample.tfvars create mode 100644 released/discovery_center/mission_3488/nocf/variables.tf diff --git a/released/discovery_center/mission_3488/nocf/README.md b/released/discovery_center/mission_3488/nocf/README.md new file mode 100644 index 00000000..1b327508 --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/README.md @@ -0,0 +1,48 @@ +# Sample Setup of an SAP Task Center on SAP BTP - Step 1 + +## Overview + +This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. + +This directory contains the configuration the first step of the setup namely: + +- a new subaccount +- the entitlements for SAP Task Center +- the subscription for SAP Build Workzone, standard edition +- the Cloud Foundry environment +- The trust setup to the custom IdP +- Assignment of users to the role collections + +## Deploying the resources + +To deploy the resources of step 1 execute the following commands: + +1. Initialize your workspace: + + ```bash + terraform init + ``` + +1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain + +1. You can check what Terraform plans to apply based on your configuration: + + ```bash + terraform plan -var-file=".tfvars" + ``` + +1. Apply your configuration to provision the resources: + + ```bash + terraform apply -var-file=".tfvars" + ``` + +> **Note** - Some variables of the output of the first step are needed as input for the second step. + +## When finished + +You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: + +```bash +terraform destroy -var-file=".tfvars" +``` \ No newline at end of file diff --git a/released/discovery_center/mission_3488/nocf/locals.tf b/released/discovery_center/mission_3488/nocf/locals.tf new file mode 100644 index 00000000..09136428 --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/locals.tf @@ -0,0 +1,3 @@ +locals { + service_name__sac = "analytics-planning-osb" +} diff --git a/released/discovery_center/mission_3488/nocf/main.tf b/released/discovery_center/mission_3488/nocf/main.tf new file mode 100644 index 00000000..cf666130 --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/main.tf @@ -0,0 +1,62 @@ +# ------------------------------------------------------------------------------------------------------ +# Setup of names based on variables +# ------------------------------------------------------------------------------------------------------ +resource "random_uuid" "uuid" {} + +locals { + random_uuid = random_uuid.uuid.result + subaccount_domain = lower("${var.subaccount_name}-${local.random_uuid}") + subaccount_name = var.subaccount_name + subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of subaccount +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount" "dc_mission" { + name = var.subaccount_name + subdomain = join("-", ["dc-mission-3488", random_uuid.uuid.result]) + region = lower(var.region) +} + + +# ------------------------------------------------------------------------------------------------------ +# Assignment of basic entitlements for an SAC setup +# ------------------------------------------------------------------------------------------------------ +resource "btp_subaccount_entitlement" "sac__service_instance_plan" { + subaccount_id = btp_subaccount.dc_mission.id + service_name = local.service_name__sac + plan_name = var.service_plan__sac +} + +# ------------------------------------------------------------------------------------------------------ +# Creation of service instance for SAP Analytics Bloud +# ------------------------------------------------------------------------------------------------------ +# Fetch service plan id +data "btp_subaccount_service_plan" "sac_si" { + subaccount_id = btp_subaccount.dc_mission.id + offering_name = local.service_name__sac + name = var.service_plan__sac + depends_on = [btp_subaccount_entitlement.sac__service_instance_plan] +} +# create service instance +resource "btp_subaccount_service_instance" "sac_si" { + name = "sac_instance" + serviceplan_id = data.btp_subaccount_service_plan.sac_si.id + subaccount_id = btp_subaccount.dc_mission.id + parameters = jsonencode({ + "first_name" : "${var.sac_param_first_name}", + "last_name" : "${var.sac_param_last_name}", + "email" : "${var.sac_param_email}", + "confirm_email" : "${var.sac_param_email}", + "host_name" : "${var.sac_param_host_name}", + "number_of_business_intelligence_licenses" : var.sac_param_number_of_business_intelligence_licenses, + "number_of_planning_professional_licenses" : var.sac_param_number_of_professional_licenses, + "number_of_planning_standard_licenses" : var.sac_param_number_of_business_standard_licenses + }) + timeouts = { + create = "2h" + delete = "2h" + update = "2h" + } +} diff --git a/released/discovery_center/mission_3488/nocf/outputs.tf b/released/discovery_center/mission_3488/nocf/outputs.tf new file mode 100644 index 00000000..484da5dc --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/outputs.tf @@ -0,0 +1,46 @@ +output "subaccount_id" { + value = btp_subaccount.dc_mission.id + description = "The ID of the subaccount." +} + + +output "service_plan__sac" { + value = var.service_plan__sac + description = "Plan for the service instance of SAC." +} + +output "sac_param_first_name" { + value = var.sac_param_first_name + description = "First name of the SAC responsible" +} + +output "sac_param_last_name" { + value = var.sac_param_last_name + description = "Last name of the SAC responsible" +} + +output "sac_param_email" { + value = var.sac_param_email + description = "Email of the SAC responsible" +} + +output "sac_param_host_name" { + value = var.sac_param_host_name + description = "Host name of the SAC" +} + +output "sac_param_number_of_business_intelligence_licenses" { + value = var.sac_param_number_of_business_intelligence_licenses + description = "Number of business intelligence licenses" +} + + +output "sac_param_number_of_professional_licenses" { + value = var.sac_param_number_of_professional_licenses + description = "Number of business professional licenses" +} + +output "sac_param_number_of_business_standard_licenses" { + value = var.sac_param_number_of_business_standard_licenses + description = "Number of business standard licenses" +} diff --git a/released/discovery_center/mission_3488/nocf/provider.tf b/released/discovery_center/mission_3488/nocf/provider.tf new file mode 100644 index 00000000..1f3304c4 --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/provider.tf @@ -0,0 +1,20 @@ + +terraform { + required_providers { + btp = { + source = "sap/btp" + version = "~> 1.4.0" + } + } + +} + +# Please checkout documentation on how best to authenticate against SAP BTP +# via the Terraform provider for SAP BTP +provider "btp" { + # Comment out the idp in case you need it to connect to your global account + # ------------------------------------------------------------------------- + # idp = var.custom_idp + globalaccount = var.globalaccount + cli_server_url = var.cli_server_url +} diff --git a/released/discovery_center/mission_3488/nocf/sample.tfvars b/released/discovery_center/mission_3488/nocf/sample.tfvars new file mode 100644 index 00000000..74cbb709 --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/sample.tfvars @@ -0,0 +1,30 @@ +# ------------------------------------------------------------------------------------------------------ +# Provider configuration +# ------------------------------------------------------------------------------------------------------ +# Your global account subdomain +globalaccount = "yourglobalaccount" +region = "datacenter" +subaccount_name = "SAP Discovery Center Mission 3488" + +# ------------------------------------------------------------------------------------------------------ +# Project specific configuration (please adapt!) +# ------------------------------------------------------------------------------------------------------ + +subaccount_admins = ["another.user@test.com"] +subaccount_service_admins = ["another.user@test.com"] + +cf_org_admins = ["another.user@test.com"] +cf_space_managers = ["another.user@test.com", "you@test.com"] +cf_space_developers = ["another.user@test.com", "you@test.com"] + +custom_idp = "" + +create_tfvars_file_for_next_stage = true + +sac_param_first_name = "John" +sac_param_last_name = "Doe" +sac_param_email = "john.doe@test.com" +sac_param_host_name = "johndoetestsac" + + + diff --git a/released/discovery_center/mission_3488/nocf/variables.tf b/released/discovery_center/mission_3488/nocf/variables.tf new file mode 100644 index 00000000..d973d782 --- /dev/null +++ b/released/discovery_center/mission_3488/nocf/variables.tf @@ -0,0 +1,179 @@ +variable "globalaccount" { + type = string + description = "The global account subdomain." +} + +variable "subaccount_name" { + type = string + description = "The name for the subaccount." + default = "" +} + +variable "cli_server_url" { + type = string + description = "The BTP CLI server URL." + default = "https://cli.btp.cloud.sap" +} + +variable "region" { + type = string + description = "The region where the project account shall be created in." + default = "eu11" +} + +variable "cf_plan_name" { + type = string + description = "Desired service plan for the Cloud Foundry environment instance." + default = "standard" +} + +variable "cf_landscape_label" { + type = string + description = "The Cloud Foundry landscape (format example eu10-004)." + default = "" +} + +variable "cf_space_name" { + type = string + description = "The name of the Cloud Foundry space." + default = "dev" +} + +variable "cf_org_admins" { + type = list(string) + description = "List of users to set as Cloudfoundry org administrators." + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) + error_message = "Please enter a valid email address for the CF Org admins." + } +} + +variable "cf_org_billing_managers" { + type = list(string) + description = "List of Cloud Foundry org billing managers." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_billing_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_billing_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_org_auditors" { + type = list(string) + description = "List of Cloud Foundry org auditors." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_org_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_auditors) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_managers" { + type = list(string) + description = "List of managers for the Cloud Foundry space." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_developers" { + type = list(string) + description = "List of developers for the Cloud Foundry space." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + +variable "cf_space_auditors" { + type = list(string) + description = "The list of Cloud Foundry space auditors." + default = [] + + # add validation to check if admins contains a list of valid email addresses + validation { + condition = length([for email in var.cf_space_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_auditors) + error_message = "Please enter a valid email address for the subaccount admins." + } +} + + +variable "service_plan__sac" { + type = string + description = "Plan for the service instance of ABAP." + default = "free" +} + + +variable "origin" { + type = string + description = "The identity provider for the UAA user." + default = "sap.ids" +} + +variable "create_tfvars_file_for_next_stage" { + type = bool + description = "Switch to enable the creation of the tfvars file for the next step." + default = false +} + +variable "sac_param_first_name" { + type = string + description = "First name of the SAC responsible" +} + +variable "sac_param_last_name" { + type = string + description = "Last name of the SAC responsible" +} + +variable "sac_param_email" { + type = string + description = "Email of the SAC responsible" + + validation { + condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.sac_param_email)) + error_message = "Please enter a valid email address for the SAC responsible." + } +} + +variable "sac_param_host_name" { + type = string + description = "Host name of the SAC" + validation { + condition = can(regex("^[a-zA-Z0-9]", var.sac_param_host_name)) + error_message = "Please enter a valid host name. Should only contain letters and numbers." + } +} + +variable "sac_param_number_of_business_intelligence_licenses" { + type = number + description = "Number of business intelligence licenses" + default = 6 +} + + +variable "sac_param_number_of_professional_licenses" { + type = number + description = "Number of business professional licenses" + default = 1 +} + +variable "sac_param_number_of_business_standard_licenses" { + type = number + description = "Number of business standard licenses" + default = 2 +} From bed92c980588f4de909f7207f84632a4e2805127 Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Tue, 9 Jul 2024 08:25:47 +0000 Subject: [PATCH 21/22] update docs and format --- .../mission_3488/nocf/README.md | 23 +++---- .../mission_3488/step1/README.md | 23 +++---- .../mission_3488/step2/main.tf | 60 +++++++++---------- 3 files changed, 56 insertions(+), 50 deletions(-) diff --git a/released/discovery_center/mission_3488/nocf/README.md b/released/discovery_center/mission_3488/nocf/README.md index 1b327508..3c364e4a 100644 --- a/released/discovery_center/mission_3488/nocf/README.md +++ b/released/discovery_center/mission_3488/nocf/README.md @@ -1,21 +1,24 @@ -# Sample Setup of an SAP Task Center on SAP BTP - Step 1 +# Discovery Center mission - Get started with Extended Planning and Analysis (xP&A) ## Overview -This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. +This sample shows how to set up your SAP BTP account for the Discovery Center Mission - [Get started with Extended Planning and Analysis (xP&A)](https://discovery-center.cloud.sap/missiondetail/3488/) -This directory contains the configuration the first step of the setup namely: +## Content of setup -- a new subaccount -- the entitlements for SAP Task Center -- the subscription for SAP Build Workzone, standard edition -- the Cloud Foundry environment -- The trust setup to the custom IdP -- Assignment of users to the role collections +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Enablement of Cloudfoundry Environment - [see available regions and endpoints](https://help.sap.com/docs/btp/sap-business-technology-platform/regions-and-api-endpoints-available-for-cloud-foundry-environment) +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users ## Deploying the resources -To deploy the resources of step 1 execute the following commands: +Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) + +To deploy the resources execute the following commands: 1. Initialize your workspace: diff --git a/released/discovery_center/mission_3488/step1/README.md b/released/discovery_center/mission_3488/step1/README.md index 1b327508..3c364e4a 100644 --- a/released/discovery_center/mission_3488/step1/README.md +++ b/released/discovery_center/mission_3488/step1/README.md @@ -1,21 +1,24 @@ -# Sample Setup of an SAP Task Center on SAP BTP - Step 1 +# Discovery Center mission - Get started with Extended Planning and Analysis (xP&A) ## Overview -This directory contains the setup of SAP Task Center from scratch namely a new subaccount including the relevant entitlements, a Cloud Foundry environment and a Cloud Foundry space. +This sample shows how to set up your SAP BTP account for the Discovery Center Mission - [Get started with Extended Planning and Analysis (xP&A)](https://discovery-center.cloud.sap/missiondetail/3488/) -This directory contains the configuration the first step of the setup namely: +## Content of setup -- a new subaccount -- the entitlements for SAP Task Center -- the subscription for SAP Build Workzone, standard edition -- the Cloud Foundry environment -- The trust setup to the custom IdP -- Assignment of users to the role collections +The setup comprises the following resources: + +- Creation of the SAP BTP subaccount +- Enablement of Cloudfoundry Environment - [see available regions and endpoints](https://help.sap.com/docs/btp/sap-business-technology-platform/regions-and-api-endpoints-available-for-cloud-foundry-environment) +- Entitlements of services +- Subscriptions to applications +- Role collection assignments to users ## Deploying the resources -To deploy the resources of step 1 execute the following commands: +Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) + +To deploy the resources execute the following commands: 1. Initialize your workspace: diff --git a/released/discovery_center/mission_3488/step2/main.tf b/released/discovery_center/mission_3488/step2/main.tf index d99027b1..0665c887 100644 --- a/released/discovery_center/mission_3488/step2/main.tf +++ b/released/discovery_center/mission_3488/step2/main.tf @@ -12,29 +12,29 @@ resource "cloudfoundry_org_role" "organization_user" { } resource "cloudfoundry_org_role" "organization_manager" { - for_each = toset("${var.cf_org_admins}") - username = each.value - type = "organization_manager" - org = var.cf_org_id - origin = var.origin + for_each = toset("${var.cf_org_admins}") + username = each.value + type = "organization_manager" + org = var.cf_org_id + origin = var.origin depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_org_role" "billing_managers" { - for_each = toset("${var.cf_org_billing_managers}") - username = each.value - type = "organization_billing_manager" - org = var.cf_org_id - origin = var.origin + for_each = toset("${var.cf_org_billing_managers}") + username = each.value + type = "organization_billing_manager" + org = var.cf_org_id + origin = var.origin depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_org_role" "org_auditors" { - for_each = toset("${var.cf_org_auditors}") - username = each.value - type = "organization_auditor" - org = var.cf_org_id - origin = var.origin + for_each = toset("${var.cf_org_auditors}") + username = each.value + type = "organization_auditor" + org = var.cf_org_id + origin = var.origin depends_on = [cloudfoundry_org_role.organization_user] } @@ -50,29 +50,29 @@ resource "cloudfoundry_space" "sac_space" { # Assignment of Cloud Foundry org roles # ------------------------------------------------------------------------------------------------------ resource "cloudfoundry_space_role" "space_managers" { - for_each = toset("${var.cf_space_managers}") - username = each.value - type = "space_manager" - space = cloudfoundry_space.sac_space.id - origin = var.origin + for_each = toset("${var.cf_space_managers}") + username = each.value + type = "space_manager" + space = cloudfoundry_space.sac_space.id + origin = var.origin depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_space_role" "space_developers" { - for_each = toset("${var.cf_space_developers}") - username = each.value - type = "space_developer" - space = cloudfoundry_space.sac_space.id - origin = var.origin + for_each = toset("${var.cf_space_developers}") + username = each.value + type = "space_developer" + space = cloudfoundry_space.sac_space.id + origin = var.origin depends_on = [cloudfoundry_org_role.organization_user] } resource "cloudfoundry_space_role" "space_auditors" { - for_each = toset("${var.cf_space_auditors}") - username = each.value - type = "space_auditor" - space = cloudfoundry_space.sac_space.id - origin = var.origin + for_each = toset("${var.cf_space_auditors}") + username = each.value + type = "space_auditor" + space = cloudfoundry_space.sac_space.id + origin = var.origin depends_on = [cloudfoundry_org_role.organization_user] } From c64186a59386b4af19eb943000e07e9d404a23eb Mon Sep 17 00:00:00 2001 From: Rui Nogueira Date: Wed, 10 Jul 2024 12:26:19 +0000 Subject: [PATCH 22/22] remo option without using CF (CF is pre-requisite) --- .../mission_3488/nocf/README.md | 51 ----- .../mission_3488/nocf/locals.tf | 3 - .../mission_3488/nocf/main.tf | 62 ------ .../mission_3488/nocf/outputs.tf | 46 ----- .../mission_3488/nocf/provider.tf | 20 -- .../mission_3488/nocf/sample.tfvars | 30 --- .../mission_3488/nocf/variables.tf | 179 ------------------ 7 files changed, 391 deletions(-) delete mode 100644 released/discovery_center/mission_3488/nocf/README.md delete mode 100644 released/discovery_center/mission_3488/nocf/locals.tf delete mode 100644 released/discovery_center/mission_3488/nocf/main.tf delete mode 100644 released/discovery_center/mission_3488/nocf/outputs.tf delete mode 100644 released/discovery_center/mission_3488/nocf/provider.tf delete mode 100644 released/discovery_center/mission_3488/nocf/sample.tfvars delete mode 100644 released/discovery_center/mission_3488/nocf/variables.tf diff --git a/released/discovery_center/mission_3488/nocf/README.md b/released/discovery_center/mission_3488/nocf/README.md deleted file mode 100644 index 3c364e4a..00000000 --- a/released/discovery_center/mission_3488/nocf/README.md +++ /dev/null @@ -1,51 +0,0 @@ -# Discovery Center mission - Get started with Extended Planning and Analysis (xP&A) - -## Overview - -This sample shows how to set up your SAP BTP account for the Discovery Center Mission - [Get started with Extended Planning and Analysis (xP&A)](https://discovery-center.cloud.sap/missiondetail/3488/) - -## Content of setup - -The setup comprises the following resources: - -- Creation of the SAP BTP subaccount -- Enablement of Cloudfoundry Environment - [see available regions and endpoints](https://help.sap.com/docs/btp/sap-business-technology-platform/regions-and-api-endpoints-available-for-cloud-foundry-environment) -- Entitlements of services -- Subscriptions to applications -- Role collection assignments to users - -## Deploying the resources - -Make sure that you are familiar with SAP BTP and know both the [Get Started with btp-terraform-samples](https://github.com/SAP-samples/btp-terraform-samples/blob/main/GET_STARTED.md) and the [Get Started with the Terraform Provider for BTP](https://developers.sap.com/tutorials/btp-terraform-get-started.html) - -To deploy the resources execute the following commands: - -1. Initialize your workspace: - - ```bash - terraform init - ``` - -1. Assign the variable values in a `*.tfvars` file e.g., the global account subdomain - -1. You can check what Terraform plans to apply based on your configuration: - - ```bash - terraform plan -var-file=".tfvars" - ``` - -1. Apply your configuration to provision the resources: - - ```bash - terraform apply -var-file=".tfvars" - ``` - -> **Note** - Some variables of the output of the first step are needed as input for the second step. - -## When finished - -You probably want to remove the assets after trying them out to avoid unnecessary costs. To do so execute the following command: - -```bash -terraform destroy -var-file=".tfvars" -``` \ No newline at end of file diff --git a/released/discovery_center/mission_3488/nocf/locals.tf b/released/discovery_center/mission_3488/nocf/locals.tf deleted file mode 100644 index 09136428..00000000 --- a/released/discovery_center/mission_3488/nocf/locals.tf +++ /dev/null @@ -1,3 +0,0 @@ -locals { - service_name__sac = "analytics-planning-osb" -} diff --git a/released/discovery_center/mission_3488/nocf/main.tf b/released/discovery_center/mission_3488/nocf/main.tf deleted file mode 100644 index cf666130..00000000 --- a/released/discovery_center/mission_3488/nocf/main.tf +++ /dev/null @@ -1,62 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Setup of names based on variables -# ------------------------------------------------------------------------------------------------------ -resource "random_uuid" "uuid" {} - -locals { - random_uuid = random_uuid.uuid.result - subaccount_domain = lower("${var.subaccount_name}-${local.random_uuid}") - subaccount_name = var.subaccount_name - subaccount_cf_org = substr(replace("${local.subaccount_domain}", "-", ""), 0, 32) -} - -# ------------------------------------------------------------------------------------------------------ -# Creation of subaccount -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount" "dc_mission" { - name = var.subaccount_name - subdomain = join("-", ["dc-mission-3488", random_uuid.uuid.result]) - region = lower(var.region) -} - - -# ------------------------------------------------------------------------------------------------------ -# Assignment of basic entitlements for an SAC setup -# ------------------------------------------------------------------------------------------------------ -resource "btp_subaccount_entitlement" "sac__service_instance_plan" { - subaccount_id = btp_subaccount.dc_mission.id - service_name = local.service_name__sac - plan_name = var.service_plan__sac -} - -# ------------------------------------------------------------------------------------------------------ -# Creation of service instance for SAP Analytics Bloud -# ------------------------------------------------------------------------------------------------------ -# Fetch service plan id -data "btp_subaccount_service_plan" "sac_si" { - subaccount_id = btp_subaccount.dc_mission.id - offering_name = local.service_name__sac - name = var.service_plan__sac - depends_on = [btp_subaccount_entitlement.sac__service_instance_plan] -} -# create service instance -resource "btp_subaccount_service_instance" "sac_si" { - name = "sac_instance" - serviceplan_id = data.btp_subaccount_service_plan.sac_si.id - subaccount_id = btp_subaccount.dc_mission.id - parameters = jsonencode({ - "first_name" : "${var.sac_param_first_name}", - "last_name" : "${var.sac_param_last_name}", - "email" : "${var.sac_param_email}", - "confirm_email" : "${var.sac_param_email}", - "host_name" : "${var.sac_param_host_name}", - "number_of_business_intelligence_licenses" : var.sac_param_number_of_business_intelligence_licenses, - "number_of_planning_professional_licenses" : var.sac_param_number_of_professional_licenses, - "number_of_planning_standard_licenses" : var.sac_param_number_of_business_standard_licenses - }) - timeouts = { - create = "2h" - delete = "2h" - update = "2h" - } -} diff --git a/released/discovery_center/mission_3488/nocf/outputs.tf b/released/discovery_center/mission_3488/nocf/outputs.tf deleted file mode 100644 index 484da5dc..00000000 --- a/released/discovery_center/mission_3488/nocf/outputs.tf +++ /dev/null @@ -1,46 +0,0 @@ -output "subaccount_id" { - value = btp_subaccount.dc_mission.id - description = "The ID of the subaccount." -} - - -output "service_plan__sac" { - value = var.service_plan__sac - description = "Plan for the service instance of SAC." -} - -output "sac_param_first_name" { - value = var.sac_param_first_name - description = "First name of the SAC responsible" -} - -output "sac_param_last_name" { - value = var.sac_param_last_name - description = "Last name of the SAC responsible" -} - -output "sac_param_email" { - value = var.sac_param_email - description = "Email of the SAC responsible" -} - -output "sac_param_host_name" { - value = var.sac_param_host_name - description = "Host name of the SAC" -} - -output "sac_param_number_of_business_intelligence_licenses" { - value = var.sac_param_number_of_business_intelligence_licenses - description = "Number of business intelligence licenses" -} - - -output "sac_param_number_of_professional_licenses" { - value = var.sac_param_number_of_professional_licenses - description = "Number of business professional licenses" -} - -output "sac_param_number_of_business_standard_licenses" { - value = var.sac_param_number_of_business_standard_licenses - description = "Number of business standard licenses" -} diff --git a/released/discovery_center/mission_3488/nocf/provider.tf b/released/discovery_center/mission_3488/nocf/provider.tf deleted file mode 100644 index 1f3304c4..00000000 --- a/released/discovery_center/mission_3488/nocf/provider.tf +++ /dev/null @@ -1,20 +0,0 @@ - -terraform { - required_providers { - btp = { - source = "sap/btp" - version = "~> 1.4.0" - } - } - -} - -# Please checkout documentation on how best to authenticate against SAP BTP -# via the Terraform provider for SAP BTP -provider "btp" { - # Comment out the idp in case you need it to connect to your global account - # ------------------------------------------------------------------------- - # idp = var.custom_idp - globalaccount = var.globalaccount - cli_server_url = var.cli_server_url -} diff --git a/released/discovery_center/mission_3488/nocf/sample.tfvars b/released/discovery_center/mission_3488/nocf/sample.tfvars deleted file mode 100644 index 74cbb709..00000000 --- a/released/discovery_center/mission_3488/nocf/sample.tfvars +++ /dev/null @@ -1,30 +0,0 @@ -# ------------------------------------------------------------------------------------------------------ -# Provider configuration -# ------------------------------------------------------------------------------------------------------ -# Your global account subdomain -globalaccount = "yourglobalaccount" -region = "datacenter" -subaccount_name = "SAP Discovery Center Mission 3488" - -# ------------------------------------------------------------------------------------------------------ -# Project specific configuration (please adapt!) -# ------------------------------------------------------------------------------------------------------ - -subaccount_admins = ["another.user@test.com"] -subaccount_service_admins = ["another.user@test.com"] - -cf_org_admins = ["another.user@test.com"] -cf_space_managers = ["another.user@test.com", "you@test.com"] -cf_space_developers = ["another.user@test.com", "you@test.com"] - -custom_idp = "" - -create_tfvars_file_for_next_stage = true - -sac_param_first_name = "John" -sac_param_last_name = "Doe" -sac_param_email = "john.doe@test.com" -sac_param_host_name = "johndoetestsac" - - - diff --git a/released/discovery_center/mission_3488/nocf/variables.tf b/released/discovery_center/mission_3488/nocf/variables.tf deleted file mode 100644 index d973d782..00000000 --- a/released/discovery_center/mission_3488/nocf/variables.tf +++ /dev/null @@ -1,179 +0,0 @@ -variable "globalaccount" { - type = string - description = "The global account subdomain." -} - -variable "subaccount_name" { - type = string - description = "The name for the subaccount." - default = "" -} - -variable "cli_server_url" { - type = string - description = "The BTP CLI server URL." - default = "https://cli.btp.cloud.sap" -} - -variable "region" { - type = string - description = "The region where the project account shall be created in." - default = "eu11" -} - -variable "cf_plan_name" { - type = string - description = "Desired service plan for the Cloud Foundry environment instance." - default = "standard" -} - -variable "cf_landscape_label" { - type = string - description = "The Cloud Foundry landscape (format example eu10-004)." - default = "" -} - -variable "cf_space_name" { - type = string - description = "The name of the Cloud Foundry space." - default = "dev" -} - -variable "cf_org_admins" { - type = list(string) - description = "List of users to set as Cloudfoundry org administrators." - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_admins : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_admins) - error_message = "Please enter a valid email address for the CF Org admins." - } -} - -variable "cf_org_billing_managers" { - type = list(string) - description = "List of Cloud Foundry org billing managers." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_billing_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_billing_managers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_org_auditors" { - type = list(string) - description = "List of Cloud Foundry org auditors." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_org_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_org_auditors) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_managers" { - type = list(string) - description = "List of managers for the Cloud Foundry space." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_managers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_managers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_developers" { - type = list(string) - description = "List of developers for the Cloud Foundry space." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_developers : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_developers) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - -variable "cf_space_auditors" { - type = list(string) - description = "The list of Cloud Foundry space auditors." - default = [] - - # add validation to check if admins contains a list of valid email addresses - validation { - condition = length([for email in var.cf_space_auditors : can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", email))]) == length(var.cf_space_auditors) - error_message = "Please enter a valid email address for the subaccount admins." - } -} - - -variable "service_plan__sac" { - type = string - description = "Plan for the service instance of ABAP." - default = "free" -} - - -variable "origin" { - type = string - description = "The identity provider for the UAA user." - default = "sap.ids" -} - -variable "create_tfvars_file_for_next_stage" { - type = bool - description = "Switch to enable the creation of the tfvars file for the next step." - default = false -} - -variable "sac_param_first_name" { - type = string - description = "First name of the SAC responsible" -} - -variable "sac_param_last_name" { - type = string - description = "Last name of the SAC responsible" -} - -variable "sac_param_email" { - type = string - description = "Email of the SAC responsible" - - validation { - condition = can(regex("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}$", var.sac_param_email)) - error_message = "Please enter a valid email address for the SAC responsible." - } -} - -variable "sac_param_host_name" { - type = string - description = "Host name of the SAC" - validation { - condition = can(regex("^[a-zA-Z0-9]", var.sac_param_host_name)) - error_message = "Please enter a valid host name. Should only contain letters and numbers." - } -} - -variable "sac_param_number_of_business_intelligence_licenses" { - type = number - description = "Number of business intelligence licenses" - default = 6 -} - - -variable "sac_param_number_of_professional_licenses" { - type = number - description = "Number of business professional licenses" - default = 1 -} - -variable "sac_param_number_of_business_standard_licenses" { - type = number - description = "Number of business standard licenses" - default = 2 -}